| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some refactoring of checks and the action plugin to enable writing files
locally about the check operation and results, if the user wants them.
This is aimed at enabling persistent and machine-readable results from
recurring runs of health checks.
Now, rather than trying to build a result hash to return from running
each check, checks can just register what they need to as they're going
along, and the action plugin processes state when the check is done.
Checks can register failures, notes about what they saw, and arbitrary
files to be saved into a directory structure where the user specifies.
If no directory is specified, no files are written.
At this time checks can still return a result hash, but that will likely
be refactored away in the next iteration.
Multiple failures can be registered without halting check execution.
Throwing an exception or returning a hash with "failed" is registered as
a failure.
execute_module now does a little more with the results. Results are
automatically included in notes and written individually as files.
"changed" results are propagated. Some json results are decoded.
A few of the checks were enhanced to use these features; all get some of
the features for free.
|
|\
| |
| |
| |
| |
| |
| | |
Automatic merge from submit-queue
Always required new variables
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1451023
|
| |
| |
| |
| | |
Signed-off-by: Steve Milner <smilner@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Moved the checks for osm_cluster_network_cidr, osm_host_subnet_length,
openshift_portal_net from upgrade to openshift_sanitize_inventory
as we now consider it a required variable for install, updrade, or
scale up.
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Automatic merge from submit-queue
Port origin-gce roles for cluster setup to copy AWS provisioning
This is a rough cut of the existing origin-gce structure (itself a
refined version of the ref arch). I've removed everything except core
cluster provisioning, image building, and inventory setup. Node groups
are part of the "all at once" provisioning but can be changed.
@kwoodson we should talk on monday, this is me adapting the origin-gce dynamic provisioning to be roughly parallel to openshift_aws. Still some topics we should discuss.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This is a rough cut of the existing origin-gce structure (itself a
refined version of the ref arch). I've removed everything except core
cluster provisioning, image building, and inventory setup. Node groups
are part of the "all at once" provisioning but can be changed.
|
|\ \ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
ingvagabund/pull-openshift_master-deps-out-into-a-play
Automatic merge from submit-queue
Pull openshift_master deps out into a play
The `openshift_master` role is called only in a single play. Thus, we can pull out all its dependencies without duplicating all dependency role invocations. Both `lib_openshift` and `lib_os_firewall` are required deps as they defined ansible modules used inside the `openshift_master` role.
I have also rearranged definition of variables so variable used only inside a single role are part of the `include_role` statement.
Atm, we can't use `include_role` due to https://github.com/ansible/ansible/issues/21890
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Automatic merge from submit-queue
Move sysctl.conf customizations to a separate file
Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
This is a good idea becuase:
1- /etc/sysctl.conf is evaluated later, so it can easily be overwritten by previous customizations
2- It's likely that there is an agent like puppet monitoring this file
3- It's easier to know what's being changed by OpenShift
|
| | | | |
| | | | |
| | | | |
| | | | | |
Move them from /etc/sysctl.conf to /etc/sysctl.d/99-openshift.conf
|
|\ \ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue
Add `openshift_node_open_ports` to allow arbitrary firewall exposure
It should be possible for an admin to define an arbitrary set of ports
to be exposed on each node that will relate to the cluster function.
This adds a new global variable for the node that supports
Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>})
which is the same format accepted by the firewall role.
@sdodson as discussed, open to alternatives. I used this from origin-gce with
openshift_node_open_ports:
- service: Router stats
port: 1936/tcp
- service: Open node ports
port: 9000-10000/tcp
- service: Open node ports
port: 9000-10000/udp
Which then allows me to set firewall rules appropriately.
Alternatives considered:
* Simpler external format (have to parse inputs)
* Additional parameter to role - felt ugly
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
It should be possible for an admin to define an arbitrary set of ports
to be exposed on each node that will relate to the cluster function.
This adds a new global variable for the node that supports
Array(Object{'service':<name>,'port':<port_spec>,'cond':<boolean>})
which is the same format accepted by the firewall role.
|
|\ \ \ \ \ \
| |_|_|_|_|/
|/| | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Automatic merge from submit-queue
Only attempt to start iptables on hosts in the current batch
If os_firewall role is called from within a play that uses serial then
it was attempting to start iptables on hosts that may not have had
iptables installed on them yet. So limit the hosts to the current batch.
According to the ansible docs on plays where serial is unused this is
the same as ansible_play_hosts.
See http://docs.ansible.com/ansible/latest/playbooks_variables.html
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
|
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
If os_firewall role is called from within a play that uses serial then
it was attempting to start iptables on hosts that may not have had
iptables installed on them yet. So limit the hosts to the current batch.
According to the ansible docs on plays where serial is unused this is
the same as ansible_play_hosts.
See http://docs.ansible.com/ansible/latest/playbooks_variables.html
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1490739
|
| | | | | | |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
add retries on repoquery
|
| | | | | | | |
|
| | | | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Setup tuned after the node has been restarted.
|
| | | | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Bug 1490304: Etcd scale-up playbook should add new member to etcdClientInfo of master-config.yaml
|
| | |_|_|/ / / /
| |/| | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Merged by openshift-bot
|
| | |_|_|_|_|_|/
| |/| | | | | | |
|
|\ \ \ \ \ \ \ \
| |_|_|/ / / / /
|/| | | | | | | |
Scaffold out the entire build defaults hash
|
| | |_|/ / / /
| |/| | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Some functions called later may expect sub-keys to exist which will
not with the current default empty-dict.
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
Add IMAGE_VERSION to the image stream tag source
|
| | |_|/ / / /
| |/| | | | | |
|
|\ \ \ \ \ \ \
| | | | | | | |
| | | | | | | | |
GlusterFS: Correct firewall port names
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
GlusterFS: Various fixes
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
| | | | | | | | |
| | | | | | | | |
| | | | | | | | |
| | | | | | | | | |
Signed-off-by: Jose A. Rivera <jarrpa@redhat.com>
|
|\ \ \ \ \ \ \ \ \
| |_|_|_|_|_|/ / /
|/| | | | | | | | |
Merged by openshift-bot
|
| | |_|_|_|/ / /
| |/| | | | | | |
|
|\ \ \ \ \ \ \ \
| | | | | | | | |
| | | | | | | | | |
Removing setting of pod presets
|
| | | | | | | | | |
|
|\ \ \ \ \ \ \ \ \
| |/ / / / / / / /
|/| | | | | | | | |
Merged by openshift-bot
|
| | |_|_|/ / / /
| |/| | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Currently, openshift-anisble supports authentication to
container registries to pull down openshift container images.
The openshift_verison role uses the docker cli to gather
image information from container registries before authentication
credentials are provided by openshift-ansible.
This commit creates the necessary token to authenticate to
private registries during openshift_version. The token
is generated by the role 'docker' on all hosts where
docker is installed/configured when oreg_auth_users
is defined.
This commit also adds a read-only mount into the
openshift master and node container services. This
mount is '/var/lib/origin/.docker:/root/.docker:ro'.
This is because the container images do not currently
read the values in '/var/lib/origin/.docker' as this
may be a bug upstream.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1316341
|
| |_|_|_|/ / /
|/| | | | | |
| | | | | | |
| | | | | | | |
Signed-off-by: Steve Milner <smilner@redhat.com>
|
|\ \ \ \ \ \ \
| |_|_|_|_|_|/
|/| | | | | | |
Merged by openshift-bot
|
| | | | | | | |
|
| | |/ / / /
| |/| | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
This workaround prevents the warnings on using Jinja2 templating
delimiters in `when:` conditions in cases where a variable is used as
the conditional. This has been fixed in Ansible 2.4.
https://github.com/ansible/ansible/pull/25092
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Merged by openshift-bot
|
| |/ / / / / |
|
|\ \ \ \ \ \
| | | | | | |
| | | | | | | |
Merged by openshift-bot
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Can now set openshift_disable_check=* to disable all checks without
needing to know their names.
fixes bug 1462106
https://bugzilla.redhat.com/show_bug.cgi?id=1462106
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
An image in the docker index may be tagged by name or by registry plus
name. In order to find the image correctly locally and prevent looking
for it externally, make sure all possible variations are searched.
|
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
Probe whether the host has connectivity to the registry before trying to
inspect it for images, and remember the result. Also if later inspection
fails due to timeout, mark registry as unreachable. Note in failure
output if any registries were unreachable.
Registry order should match what is configured into docker now as well.
Fixes bug 1480195
https://bugzilla.redhat.com/show_bug.cgi?id=1480195
|