summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFilesLines
* Glusterfs storage templates for v1.5 addedchinacoolhacker2017-10-2510-0/+547
|
* Merge pull request #5814 from mgugino-upstream-stage/docker-auth-upgradesOpenShift Merge Robot2017-10-242-11/+13
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Enable oreg_auth credential replace during upgrades Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
| * Enable oreg_auth credential replace during upgradesMichael Gugino2017-10-192-11/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently, upgrades run a docker image pull prior to upgrading masters and nodes for containerized installs. If using a secure registry, and a user wishes to upgrade their credentials due to expiry, the image pull will fail. This commit ensures docker login credentials are updated during upgrades, if necessary. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503995
* | Merge pull request #5828 from mgugino-upstream-stage/fix-openid-challengeScott Dodson2017-10-241-1/+0
|\ \ | | | | | | Remove incorrect validation for OpenIDIdentityProvider
| * | Remove incorrect validation for OpenIDIdentityProviderMichael Gugino2017-10-201-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, OpenIDIdentityProvider does not support 'challenge=true' in openshift-ansible. This is incorrect, the auth plugin OpenIDIdentityProvider does support this. This commit removes the unnecessary validation of challenge key. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1444367 Fixes: https://github.com/openshift/openshift-ansible/issues/4417
* | | Merge pull request #5840 from staebler/service_catalog_role_patchingOpenShift Merge Robot2017-10-241-2/+2
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Fix edit and admin role patching for service catalog Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1496694. Update the jinja files used to patch the edit and admin ClusterRoles so that it uses the new resource names of ServiceInstances and ServiceBindings.
| * | | Fix edit and admin role patching for service catalogstaebler2017-10-231-2/+2
| | | |
* | | | Merge pull request #5796 from mgugino-upstream-stage/journald-masters-upgradesOpenShift Merge Robot2017-10-242-22/+25
|\ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Ensure upgrades apply latest journald settings Currently, existing clusters might not have journald configurations applied. This may result in a rate- limiting of important log messages on openshift-masters. This commit ensures that journald settings are applied during the upgrade process openshif-masters. Fixes: https://github.com/openshift/openshift-ansible/issues/5642
| * | | | Ensure upgrades apply latest journald settingsMichael Gugino2017-10-182-22/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, existing clusters might not have journald configurations applied. This may result in a rate- limiting of important log messages on openshift-masters. This commit ensures that journald settings are applied during the upgrade process openshif-masters. Fixes: https://github.com/openshift/openshift-ansible/issues/5642
* | | | | Merge pull request #5808 from zgalor/stateful_setScott Dodson2017-10-234-14/+18
|\ \ \ \ \ | | | | | | | | | | | | Switch to stateful set in prometheus
| * | | | | Switch to stateful set in prometheusZohar Galor2017-10-234-14/+18
| | |_|_|/ | |/| | | | | | | | | | | | | Also update prometheus and alert-buffer image versions, and add prometheus, and oauth-proxy arguments to align with origin template
* | | | | Merge pull request #5654 from vshn/mastersysconfigvar1OpenShift Merge Robot2017-10-231-1/+1
|\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Avoid undefined variable in master sysconfig template When "openshift_master_controllers_env_vars" is set, but "openshift_master_api_env_vars" isn't, the template for the sysconfig file of atomic-openshift-master fails: AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars' Avoid this issue by applying "default({})" to the dict and always calling ".items()".
| * | | | | Avoid undefined variable in master sysconfig templateMichael Hanselmann2017-10-191-1/+1
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When "openshift_master_controllers_env_vars" is set, but "openshift_master_api_env_vars" isn't, the template for the sysconfig file of atomic-openshift-master fails: AnsibleUndefinedVariable: 'dict object' has no attribute 'api_env_vars' Avoid this issue by applying "default({})" to the dict and always calling ".items()".
* | | | | Merge pull request #5781 from mgugino-upstream-stage/fix-reg-auth-templatingScott Dodson2017-10-233-3/+12
|\ \ \ \ \ | | | | | | | | | | | | Ensure proper variable templating for skopeo auth credentials
| * | | | | Ensure proper variable templating for skopeo auth credentialsMichael Gugino2017-10-173-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, docker_image_availability.py plugin check is using the raw strings for variables from task_vars. This results in any variables that utilized within the plugin to be un-templated. For instance, if variable "x" is set to "{{ y }}" and y is set to "2", one would expect that x == 2 inside the plugin. Currently, the plugin will use the string "{{ y }}" for the value of x instead of templating the variable. This commit ensures skopeo registry auth credentials are templated properly. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1500698
* | | | | | Merge pull request #5811 from zgalor/add_nfs_to_readmeScott Dodson2017-10-231-2/+25
|\ \ \ \ \ \ | | | | | | | | | | | | | | Add nfs variables documentation to README file
| * | | | | | Add nfs variables documentation to README fileZohar Galor2017-10-191-2/+25
| | |/ / / / | |/| | | | | | | | | | | | | | | | Add documentation of external nfs variables
* | | | | | Merge pull request #5822 from ewolinetz/bz1504191Scott Dodson2017-10-231-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Updating to use same image as origin until enterprise image is built
| * | | | | | Updating ocp es proxy image to use openshift_logging_proxy_image_prefix if ↵Eric Wolinetz2017-10-191-1/+1
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | specified
* | | | | | Merge pull request #5453 from giuseppe/use-docker-cli-image-if-already-availableOpenShift Merge Robot2017-10-231-5/+8
|\ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. cli: do not pull again the image when using Docker When CRI-O is used and the CLI image is already pulled into Docker then use it also for copying the CLI files to the host instead of pulling it once again in the ostree storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | cli: use the correct name for the master system containerGiuseppe Scrivano2017-10-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | | | cli: do not pull again the image when using DockerGiuseppe Scrivano2017-10-231-3/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When CRI-O is used and the CLI image is already pulled into Docker then use it also for copying the CLI files to the host instead of pulling it once again in the ostree storage. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | | | | Merge pull request #5241 from hansmi/masterScott Dodson2017-10-234-0/+37
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Add variable to control whether NetworkManager hook is installed
| * | | | | | | Add variable to control whether NetworkManager hook is installedMichael Hanselmann2017-10-194-0/+37
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We control /etc/resolv.conf and parts of the dnsmasq configuration via Puppet in our environment. The hook ends up overwriting the managed configuration.
* | | | | | | Merge pull request #5818 from ashcrow/1503860OpenShift Merge Robot2017-10-232-8/+9
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. docker: Move enterprise registry from pkg to main
| * | | | | | | docker: Move enterprise registry from pkg to mainSteve Milner2017-10-192-8/+9
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503860 Signed-off-by: Steve Milner <smilner@redhat.com>
* | | | | | | Merge pull request #5761 from fabianvf/asb-client-secret-not-foundScott Dodson2017-10-234-22/+24
|\ \ \ \ \ \ \ | |_|_|_|_|_|/ |/| | | | | | Bug 1496426 - Update ansible-service-broker configuration to use proper certs and permissions
| * | | | | | Update defaultsFabian von Feilitzsch2017-10-194-5/+9
| | | | | | |
| * | | | | | Use service-ca.crt instead of master ca.crtFabian von Feilitzsch2017-10-191-16/+11
| | | | | | |
| * | | | | | use master certFabian von Feilitzsch2017-10-191-2/+2
| | | | | | |
| * | | | | | Bug 1496426 - add asb-client secret to openshift-ansible-service-broker ↵Fabian von Feilitzsch2017-10-191-1/+4
| | |_|/ / / | |/| | | | | | | | | | | | | | | | namespace
* | | | | | Merge pull request #5813 from ashcrow/1503903OpenShift Merge Robot2017-10-239-62/+101
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Automatic merge from submit-queue. Always ensure atomic.conf is configured for system containers. A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903
| * | | | | systemcontainers: Verify atomic.conf proxy is always configuredSteve Milner2017-10-199-62/+101
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A new openshift_atomic role has been created for atomic specific tasks. The first task added is proxy which handles updating /etc/atomic.conf to ensure the proper proxy configuration is configured. This task file is then included (via include_role) in system container related task files. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1503903 Signed-off-by: Steve Milner <smilner@redhat.com>
* | | | | Merge pull request #5748 from portante/fix-cpu-limitsScott Dodson2017-10-2022-65/+151
|\ \ \ \ \ | | | | | | | | | | | | Use "requests" for CPU resources instead of limits
| * | | | | Use "requests" for CPU resources instead of limitsPeter Portante2017-10-1922-65/+151
| | |/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now use a CPU request to ensure logging infrastructure pods are not capped by default for CPU usage. It is still important to ensure we have a minimum amount of CPU. We keep the use of the variables *_cpu_limit so that the existing behavior is maintained. Note that we don't want to cap an infra pod's CPU usage by default, since we want to be able to use the necessary resources to complete it's tasks. Bug 1501960 (https://bugzilla.redhat.com/show_bug.cgi?id=1501960)
* | | | | Merge pull request #5792 from mgugino-upstream-stage/fix-master-undefined-varScott Dodson2017-10-201-0/+4
|\ \ \ \ \ | | | | | | | | | | | | Fix undefined variable for master upgrades
| * | | | | Fix undefined variable for master upgradesMichael Gugino2017-10-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, oreg_auth_credentials_replace is undefined during master upgrades. This commit ensures this variable is defined during upgrades.
* | | | | | Merge pull request #5752 from kwoodson/bz1491399Scott Dodson2017-10-201-0/+13
|\ \ \ \ \ \ | | | | | | | | | | | | | | [bz1491399] Adding pre check to verify clusterid is set along with cloudprovider when performing upgrade.
| * | | | | | Adding pre check to verify clusterid is set along with cloudprovider when ↵Kenny Woodson2017-10-161-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | performing upgrade.
* | | | | | | Merge pull request #5821 from abutcher/ca-trust-skip-restartScott Dodson2017-10-201-2/+14
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Check for container runtime prior to restarting when updating system CA trust.
| * | | | | | | Check for container runtime prior to restarting when updating system CA trust.Andrew Butcher2017-10-191-2/+14
| | |_|_|_|_|/ | |/| | | | |
* | | | | | | Merge pull request #5766 from jcantrill/1489498_preserve_replica_countScott Dodson2017-10-206-6/+63
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | bug 1489498. preserve replica and shard settings
| * | | | | | | bug 1489498. preserve replica and shard settingsJeff Cantrill2017-10-176-6/+63
| | | | | | | |
* | | | | | | | Merge pull request #5783 from dymurray/readinessScott Dodson2017-10-201-0/+14
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Bug 1503233 - Add liveness and readiness probe checks to ASB deployme…
| * | | | | | | | Indentation errorsDylan Murray2017-10-171-14/+14
| | | | | | | | |
| * | | | | | | | Bug 1503233 - Add liveness and readiness probe checks to ASB deploymentconfigDylan Murray2017-10-171-0/+14
| | | | | | | | |
* | | | | | | | | Merge pull request #5574 from dulek/containerized_kuryr_supportScott Dodson2017-10-2013-2/+704
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|/ / / |/| | | | | | | | Initial Kuryr support
| * | | | | | | | Initial Kuryr supportMichał Dulko2017-10-2013-2/+704
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit enables deploying Kuryr networking on top of OpenShift in containers. kuryr-controller is a Deployment and kuryr-cni is deployed as DaemonSet (container will drop all CNI configuration files). Co-Authored-By: Antoni Segura Puimedon <celebdor@gmail.com>
* | | | | | | | | Merge pull request #5746 from staebler/Bug_1496694_new_resource_namesScott Dodson2017-10-199-71/+123
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|/ / |/| | | | | | | | Update service catalog playbook for service-catalog rc1
| * | | | | | | | Change to service-signer.crt for template_service_broker CA_BUNDLEstaebler2017-10-182-3/+3
| | | | | | | | |