summaryrefslogtreecommitdiffstats
path: root/roles
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #5112 from kwoodson/oc_adm_csrScott Dodson2017-08-236-0/+2001
|\ | | | | Adding oc_adm_csr to lib_openshift for node approvals
| * First attempt at creating the cert signer.Kenny Woodson2017-08-216-0/+2001
| |
* | Merge pull request #5101 from maxamillion/add-dnf-supportScott Dodson2017-08-2330-162/+165
|\ \ | | | | | | Add dnf support
| * | remove out of scope variable from exception messageAdam Miller2017-08-181-1/+0
| | | | | | | | | | | | Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
| * | raise AosVersionException if no expected packages found by dnf queryAdam Miller2017-08-181-0/+8
| | | | | | | | | | | | Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
| * | add dnf support to roles/openshift_health_checker/library/aos_version.pyAdam Miller2017-08-1630-162/+158
| | | | | | | | | | | | Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* | | Merge pull request #4980 from sdodson/migrate-v2Scott Dodson2017-08-236-38/+66
|\ \ \ | | | | | | | | Switch to migrating one host and scaling etcd members back up
| * | | Switch to migrating one host and forming a new clusterScott Dodson2017-08-226-38/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With large datasets where there are many keys with TTLs the expiry was creating a data inconsistency problem. The hope is that by performing the migration once and then forming a new cluster this is avoided. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1475351
* | | | Merge pull request #4761 from wozniakjan/logging_kibana_oomScott Dodson2017-08-231-1/+1
|\ \ \ \ | | | | | | | | | | bug 1468987: kibana_proxy OOM
| * | | | bug 1468987: kibana_proxy OOMJan Wozniak2017-07-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We currently set the memory allocated to the kibana-proxy container to be the same as `max_old_space_size` for nodejs. But in V8, the heap consists of multiple spaces. The old space has only memory ready to be GC and measuring the used heap by kibana-proxy code, there is at least additional 32MB needed in the code space when `max_old_space_size` peaks. Setting the default memory limit to 256MB here and also changing the default calculation of `max_old_space_size` in the image repository to be only half of what the container receives to allow some heap for other `spaces`.
* | | | | Merge pull request #5120 from smarterclayton/allow_gcs_registryScott Dodson2017-08-234-12/+15
|\ \ \ \ \ | |_|/ / / |/| | | | Allow GCS object storage to be configured
| * | | | Allow GCS object storage to be configuredClayton Coleman2017-08-174-12/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, setting the GCS registry object storage settings resulted in an invalid configuration. This generates a registry-config secret that has the correct file if the GCS config is set.
* | | | | Merge pull request #5126 from ozdanborne/fix-calico-spacingScott Dodson2017-08-212-2/+2
|\ \ \ \ \ | | | | | | | | | | | | Fix missing space in calico ansible roles
| * | | | | Fix missing space in calico ansible rolesDan Osborne2017-08-172-2/+2
| | | | | |
* | | | | | Merge pull request #4254 from dmsimard/registry_certsScott Dodson2017-08-214-49/+138
|\ \ \ \ \ \ | | | | | | | | | | | | | | Refactor openshift_hosted's docker-registry route setup
| * | | | | | Refactor openshift_hosted's docker-registry route setupDavid Moreau-Simard2017-07-234-49/+138
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have identified an issue where a docker-registry service set up as 'reencrypt' with a provided certificate and a self-signed certificate on the pod does not authorize users to push images. If the docker-registry service is set up as 'passthrough' with the same provided certificate, everything works. In light of this, this commit essentially adds support for configuring provided certificates with a passthrough route while maintaining backwards compatibility with the other use cases. The default remains 'passthrough' with self-generated certificates. Other miscellaneous changes include: - Move fact setup that were only used in secure.yml there - Omit the hostname for the route if there are none to configure, oc_route takes care of handling the default - Replace hardcoded /etc/origin/master by openshift_master_config_dir
* | | | | | | Merge pull request #5142 from sdodson/fix-dnsScott Dodson2017-08-201-0/+1
|\ \ \ \ \ \ \ | |_|/ / / / / |/| | | | | | Ensure that openshift_node_facts has been called for dns_ip
| * | | | | | Ensure that openshift_node_facts has been called for dns_ipScott Dodson2017-08-181-0/+1
| | | | | | |
* | | | | | | Merge pull request #4773 from jcantrill/fix_console_loggingOpenShift Bot2017-08-173-3/+31
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Merged by openshift-bot
| * | | | | | fix missing console appending in loggingJeff Cantrill2017-08-173-3/+31
| |/ / / / /
* | | | | | Merge pull request #5111 from ozdanborne/calico-default-poolScott Dodson2017-08-175-4/+3
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Use sdn_cluster_network_cidr as default calico pool
| * | | | | Use sdn_cluster_network_cidr as default calico poolDan Osborne2017-08-175-4/+3
| | |_|_|/ | |/| | |
* | | | | Merge pull request #5113 from bacek/masterScott Dodson2017-08-171-2/+2
|\ \ \ \ \ | | | | | | | | | | | | Enable version 3.6 for OSE
| * | | | | Enable version 3.6 for OSEVasily Chekalkin2017-08-171-2/+2
| | | | | |
* | | | | | Merge pull request #4547 from mtnbikenc/etcd-pre_upgrade-fixOpenShift Bot2017-08-171-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | Don't include noopRussell Teague2017-08-161-1/+1
| | | | | | |
* | | | | | | Merge pull request #5107 from mtnbikenc/refactor-openshift_repos-depsOpenShift Bot2017-08-171-15/+0
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | | Remove openshift_repos dependenciesRussell Teague2017-08-161-15/+0
| | |_|_|_|_|/ | |/| | | | |
* | | | | | | Merge pull request #5026 from sosiouxme/20170808-fix-checksOpenShift Bot2017-08-172-6/+4
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | Merged by openshift-bot
| * | | | | | etc_traffic check: factor away short_versionLuke Meyer2017-08-152-6/+4
| |/ / / / /
* | | | | | Merge pull request #4947 from ingvagabund/polish-openshift-master-roleOpenShift Bot2017-08-177-112/+208
|\ \ \ \ \ \ | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | polish openshift-master roleJan Chaloupka2017-08-167-112/+208
| | | | | | |
* | | | | | | Merge pull request #5098 from ashcrow/bin-sync-link-checkOpenShift Bot2017-08-161-0/+5
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Merged by openshift-bot
| * | | | | | | bug: container_binary_sync no longer moves upon symlinksSteve Milner2017-08-151-0/+5
| | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With origin 1.5, /usr/local/bin/oc was a symlink to /usr/local/bin/openshift. During the container_binary_sync updated versions of both binaries are copied to the host. First openshift is copied to /usr/local/bin/openshift followed by copying oc to /usr/local/bin/oc. Since oc is a symlink back to /usr/local/bin/openshift the end result was everything linked to oc. This change adds a check before copying a binary. If the destination is a symlink then said symlink is removed before copying the new binary over. Fixed #4965 Reference: https://github.com/openshift/openshift-ansible/issues/4965
* | | | | | | Merge pull request #5087 from sdodson/bz1481366OpenShift Bot2017-08-161-1/+1
|\ \ \ \ \ \ \ | |/ / / / / / |/| | | | | | Merged by openshift-bot
| * | | | | | Use openshift.node.dns_ip as listening addressScott Dodson2017-08-141-1/+1
| | | | | | |
* | | | | | | Merge pull request #5048 from jcantrill/kibana_index_modeOpenShift Bot2017-08-154-0/+14
|\ \ \ \ \ \ \ | |_|_|_|/ / / |/| | | | | | Merged by openshift-bot
| * | | | | | configure kibana index modeJeff Cantrill2017-08-104-0/+14
| | | | | | |
* | | | | | | Merge pull request #5084 from mtnbikenc/refactor-os_firewallScott Dodson2017-08-154-29/+29
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | Additional os_firewall role refactoring
| * | | | | | | Additional os_firewall role refactoringRussell Teague2017-08-154-29/+29
| | |_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Remove openshift_facts dependency * Move firewall initialization from std_include.yml to openshift_cluster/config.yml Installing firewall packages is only necessary during OpenShift installation.
* | | | | | | Merge pull request #5036 from ↵Scott Dodson2017-08-154-11/+17
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Miciah/openshift_checks-support-ovs-2.7-on-ocp-3.5-and-3.6 openshift_checks: allow OVS 2.7 on OCP 3.5 and 3.6
| * | | | | | | openshift_checks: allow OVS 2.7 on OCP 3.5 and 3.6Miciah Masters2017-08-114-11/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rpm_version: Allow package_list items to specify a list value for version. If a list value is provided for a package, pass the check if any version in that list is found. ovs_version: Specify both 2.6 and 2.7 as allowed versions of OVS for OpenShift versions 3.5 and 3.6.
* | | | | | | | Merge pull request #5006 from ivanhorvath/ocobjdumperScott Dodson2017-08-152-2/+20
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | adding check to a yaml dump to work properly with new ruamel lib
| * | | | | | | | adding check to a yaml dump to work properly with new ruamel libIvan Horvath2017-08-092-2/+20
| | | | | | | | |
* | | | | | | | | Merge pull request #5053 from tbielawa/change_default_cfme_namespaceScott Dodson2017-08-151-2/+3
|\ \ \ \ \ \ \ \ \ | |_|_|/ / / / / / |/| | | | | | | | Change default CFME namespace to use reserved openshift- prefix
| * | | | | | | | Change default CFME namespace to use reserved openshift- prefixTim Bielawa2017-08-101-2/+3
| | |_|/ / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of OCP 3.6 we are advised to prefix reserved namespaces with an 'openshift-' prefix. Fixes #5049
* | | | | | | | Merge pull request #5072 from kwoodson/glusterfs_fwScott Dodson2017-08-153-0/+53
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Glusterfs firewall updates.
| * | | | | | | | Moving firewall rules under the role to work with refactor.Kenny Woodson2017-08-113-0/+53
| | | | | | | | |
* | | | | | | | | Merge pull request #5051 from DenverJ/fix-iptables-reloadScott Dodson2017-08-151-0/+3
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Start iptables on each master in serial
| * | | | | | | | | Start iptables on each master in serialDenver Janke2017-08-101-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix task hanging when running from a master