| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| | |
Do not set KUBECONFIG for root user
|
| |
| |
| |
| |
| |
| |
| | |
- instead of setting KUBECONFIG, copy the admin kubeconfig to
/root/.kube/.kubeconfig in the openshift_master and openshift_node roles
- pause for 30 seconds if the openshift-master service has changed state,
since the file we are copying is generated by the master
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- openshift_node_ips now defaults to []
- Previously an empty --nodes in /etc/sysconfig/master would result in the
master creating a node for the localhost. The latest Origin and OSE builds
now only create the implicit localhost node if run as openshift, not
openshift-master. We can now safely default to setting no nodes in
/etc/sysconfig/master and having nodes register themselves with the master
when they come up via the 'Register node (if not already registered)' task
in roles/openshift_node/tasks/main.yml)
- This had an associated change for the byo scripts that had not been merged
into master yet, but this PR changes the behavior of the openshift_master
role to not fail if openshift_node_ips is not set. This also prevents having
the openshift_master service restarted when a node is added.
|
|
|
|
| |
sets environment configs for root user
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add os_firewall role
- Remove firewall settings from base_os, add wait task to os_firewall
- Added a iptables firewall module for maintaining the following (in a mostly
naive manner):
- ensure the OPENSHIFT_ALLOW chain is defined
- ensure that there is a jump rule in the INPUT chain for OPENSHIFT_ALLOW
- adds or removes entries from the OPENSHIFT_ALLOW chain
- issues '/usr/libexec/iptables/iptables.init save' when rules are changed
- Limitations of iptables firewall module
- only allows setting of ports/protocols to open
- no testing on ipv6 support
- made os_firewall a dependency of openshift_common
- Hardcoded openshift_common to use iptables (through the vars directory)
until upstream support is in place for firewalld
|
| |
|
| |
|
|\
| |
| | |
Prefer YAML style datastructures over JSON
|
| |
| |
| |
| | |
- Switch JSON style datastructures to YAML for debuggability
|
|\ \
| | |
| | | |
Add openshift_sdn_{master,node} roles
|
| |/ |
|
|\ \
| | |
| | | |
openshift_node changes for register_node module
|
| |/
| |
| |
| |
| | |
- add openshift_register_node module to openshift_node role
- verifies that node isn't already registered before attempting to register it
|
| |
| |
| |
| |
| | |
- for use anywhere the hostname is used that would be dependent on
the openshift_hostname_workaround setting.
|
|/
|
|
|
| |
- use openshift_bind_ip for hostname when openshift_hostname_workaround is true
- defaults to true to maintain current behavior.
|
| |
|
| |
|
|\
| |
| | |
Disable master,node services when externally managed
|
| | |
|
|/
|
|
|
|
|
|
| |
- Fix failed attempt to cleanup service notify on creds changes
- Fix master URL for node to use https
- Set openshift_debug_level in vars.yml for playbooks
- This puts us closer to the original debug settings, where after the
openshift-common changes the debug settings were defaulting back to 0
|
|\
| |
| | |
docker role cleanup
|
| |
| |
| |
| |
| |
| | |
- use service module for enabling/restarting docker service
- remove unused role directories/files
- use user module for adding the docker group to the root user
|
|\ \
| | |
| | | |
Cleanup empty role dirs/files
|
| |/ |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
| |
- move common openshift logic into openshift_common
- set openshift_common as a dependency for openshift_node and openshift_master
- rename role variables to openshift_* to be more descriptive
- start recording local_facts on the openshift hosts
- clean up firewalld config to be a bit more dry
- Update firewall ports for https, make sure http rules are removed
- Replace references to ansible_eth0.ipv4.address with
ansible_default_ipv4.address
|
| |
|
| |
|
| |
|
|\
| |
| |
| |
| | |
Conflicts:
lib/aws_command.rb
|
| | |
|
| |
| |
| |
| | |
multi-line so we get better errors from ansible.
|
| |
| |
| |
| |
| | |
- Add openshift_additional_repos config that allows for setting custom repos
- cleanup yum repos that were configured for other deployment types
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- roles/base_os: Without this, the root user would need to manually configure
this variable before attempting to run any osc commands
- roles/base_os: Cleanup the firewall service definition and only pause when
the service
state changes.
- roles/openshift_master: use Akram's suggestion of simplifying the firewall
config
- roles/openshift_master: explicitly disable previously exposed ports that are
no longer exposed (8080/tcp I'm looking at you).
|
| | |
|
| |\ |
|
| | | |
|
| | |
| | |
| | |
| | | |
* Use mktemp for scratch directory
|
| | | |
|
| | |
| | |
| | |
| | | |
- Update playbooks to support latest code
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix up libra candidate repo config file
Fix up rhel 7 rhui repo config file
Add rhel 7 rhui extras repo, which has docker in it
Separate rhel 7 extras into its own config file
Add rhel 7 extras so that we have docker
|
| | |
|
| | |
|
| | |
|
|/ |
|
|
|
|
| |
yaml dictionaries as demonstrated by the ansible documentation.
|
|
|
|
| |
* Bring pod definitions in line with lates k8s release
|