Commit graph

6271 commits

Author SHA1 Message Date
Artem Panchenko
1418fb394b Explicitly set config path for DNSMasq
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
2017-01-31 12:14:57 +02:00
Matthew Mosesohn
e4eda88ca9 Merge pull request #944 from tureus/skip-cloud-config-on-etcd
Bugfix: skip cloud_config on etcd
2017-01-30 20:12:36 +03:00
Bogdan Dobrelya
71a3c97d6f Merge pull request #943 from bradbeam/cilint
Fixing lint check for ci
2017-01-30 09:19:44 +01:00
Antoine Legrand
1c3d2924ae Merge pull request #947 from bradbeam/libs
Consolidating kube.py module
2017-01-29 00:02:32 +01:00
Brad Beam
a11b9d28bd Upgrading weave to weave-kube 2017-01-27 17:05:25 -06:00
Brad Beam
b54eb609bf Consolidating kube.py module 2017-01-27 11:28:11 -06:00
Bogdan Dobrelya
dc8ff413f9 Merge pull request #948 from mattymo/update_coreos
Update coreos-stable image
2017-01-27 17:53:17 +01:00
Tyler Britten
f8ffa1601d Fixed for non-null output 2017-01-27 10:47:59 -05:00
Tyler Britten
da01bc1fbb Updated OpenStack vars to check for tenant_id (v2) and project_id (v3) 2017-01-27 10:26:20 -05:00
Matthew Mosesohn
a2079a9ca9 Update coreos-stable image
Our old coreos-stable image has docker 1.10
2017-01-27 16:20:40 +04:00
neith00
bbc8c09753 Using the command module instead of raw
Using the command module instead of raw.
Also fixed the syntax.
2017-01-26 16:28:48 +01:00
Matthew Mosesohn
a627299468 Merge pull request #941 from adidenko/use_ansible_hostname_in_calico
Switch to ansible_hostname in calico
2017-01-26 13:06:35 +03:00
Xavier Lange
e5fdc63bdd Bugfix: skip cloud_config on etcd 2017-01-25 14:09:21 -08:00
Brad Beam
fe83e70074 Fixing lint check for ci 2017-01-25 09:54:32 -06:00
Aleksandr Didenko
46c177b982 Switch to ansible_hostname in calico
For consistancy with kubernetes services we should use the same
hostname for nodes, which is 'ansible_hostname'.

Also fixing missed 'kube-node' in templates, Calico is installed
on 'k8s-cluster' roles, not only 'kube-node'.
2017-01-25 11:49:58 +01:00
Bogdan Dobrelya
1df50adc1c Merge pull request #933 from frozenice/hide-skipped-hosts
add skippy stdout callback
2017-01-25 10:33:20 +01:00
Bogdan Dobrelya
b6cd9a4c4b Merge pull request #938 from bradbeam/ci
Splitting out moderator check from syntax check
2017-01-25 10:12:11 +01:00
Brad Beam
2333ec4d1f Splitting out moderator check from syntax check
- Attempt to clarify CI runs from contributors
2017-01-24 23:05:12 -06:00
Bogdan Dobrelya
85a8a54d3e Merge pull request #935 from sc68cal/terraform_groupvars_update
Update the group_vars for Terraform
2017-01-24 11:33:17 +01:00
Bogdan Dobrelya
7294a22901 Merge pull request #934 from frozenice/use-api-pwd-for-root
also use kube_api_pwd for root account
2017-01-24 11:24:02 +01:00
Matthew Mosesohn
f4b7474ade Merge pull request #926 from adidenko/fix-calico-rr-for-masters
Fix calico-rr peering with k8s masters
2017-01-24 12:38:52 +03:00
Matthew Mosesohn
9428321607 Merge pull request #932 from vwfs/centos_pin_docker_version
Pin docker version on RedHat and CentOS to the desired version
2017-01-24 12:21:50 +03:00
Matthew Mosesohn
882544446a Merge pull request #928 from sc68cal/terraform_identity_version
Specify the version of the credentials to download from Horizon
2017-01-24 12:21:27 +03:00
Sean M. Collins
73160c9b90 Update terraform's group_vars to be a symlink
That way, it will not become stale.

Related bug #929
2017-01-23 16:08:37 -05:00
Sean M. Collins
2184d6a3ff Specify the version of the credentials to download from Horizon
More recent versions of OpenStack Horizon provide Identity v2 and
Identity v3 versions of the RC file.
2017-01-23 14:52:51 -05:00
David Kirstein
6e35895b44 also use kube_api_pwd for root account
This makes it a bit more secure. Also the password can now be changed with a (inventory) variable (no need to edit all.yml).
2017-01-23 19:09:30 +01:00
David Kirstein
8009ff8537 add skippy stdout callback
It removes the teal lines when a host is skipped for a task. This makes the output less spammy and much easier to read. Empty TASK blocks are still included in the output, but that's ok.
2017-01-23 18:53:14 +01:00
Alexander Block
9bf792ce0b Pin docker version on RedHat and CentOS to the desired version 2017-01-23 12:39:54 +01:00
Aleksandr Didenko
f05aaeb329 Fix calico-rr peering with k8s masters
Calico-rr is broken for deployments with separate k8s-master and
k8s-node roles. In order to fix it we should peer k8s-cluster
nodes with calico-rr, not just k8s-node. The same for peering
with routers.

Closes #925
2017-01-23 10:19:09 +01:00
Bogdan Dobrelya
1bdf34e7dc Merge pull request #915 from bradbeam/ci
Sorting ansible args, fixed ci cluster_mode
2017-01-20 09:43:10 +01:00
Bogdan Dobrelya
cd25bfca91 Merge pull request #884 from mattymo/inventory_builder_scale
Add scale thresholds to split etcd and k8s-masters
2017-01-20 09:34:45 +01:00
Bogdan Dobrelya
1b621ab81c Merge pull request #873 from crodetsky/fix_test_cases
Genericize test cases and namespace create pod
2017-01-20 09:30:35 +01:00
Bogdan Dobrelya
cb2e5ac776 Drop linux capabilities and rework users/groups
* Drop linux capabilities for unprivileged containerized
  worlkoads Kargo configures for deployments.
* Configure required securityContext/user/group/groups for kube
  components' static manifests, etcd, calico-rr and k8s apps,
  like dnsmasq daemonset.
* Rework cloud-init (etcd) users creation for CoreOS.
* Fix nologin paths, adjust defaults for addusers role and ensure
  supplementary groups membership added for users.
* Add netplug user for network plugins (yet unused by privileged
  networking containers though).
* Grant the kube and netplug users read access for etcd certs via
  the etcd certs group.
* Grant group read access to kube certs via the kube cert group.
* Remove priveleged mode for calico-rr and run it under its uid/gid
  and supplementary etcd_cert group.
* Adjust docs.
* Align cpu/memory limits and dropped caps with added rkt support
  for control plane.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-20 08:50:42 +01:00
Matthew Mosesohn
8ce32eb3e1 Merge pull request #905 from galthaus/async-runs
Add tasks to ensure that the first nodes have their directories for cert gen
2017-01-19 18:32:27 +03:00
Matthew Mosesohn
aae0314bda Merge pull request #904 from galthaus/nginx-port-config
Add nginx local balancer port configuration variable
2017-01-19 18:31:57 +03:00
Matthew Mosesohn
35d5248d41 Merge pull request #913 from galthaus/apps-master-only
Ansible apps should only check for api-server running on the master.
2017-01-19 18:30:58 +03:00
Matthew Mosesohn
0ccc2555d3 Merge pull request #917 from mattymo/rkt_resolvconf
Fix setting resolvconf when using rkt deploy mode
2017-01-19 18:30:21 +03:00
Matthew Mosesohn
b26a711e96 Merge pull request #916 from mattymo/update_ansible
Update Ansible to 2.2.1
2017-01-19 18:13:45 +03:00
Matthew Mosesohn
2218a052b2 Merge pull request #921 from mattymo/docker113
Add docker 1.13, update 1.12 to 1.12.6
2017-01-19 18:13:21 +03:00
Matthew Mosesohn
40f419ca54 Merge pull request #922 from holser/dnsmasq_dns-forward-max
Allow to specify number of concurrent DNS queries
2017-01-19 18:08:04 +03:00
Matthew Mosesohn
f742fc3dd1 Add scale thresholds to split etcd and k8s-masters
Also adds calico-rr group if there are standalone etcd nodes.
Now if there are 50 or more nodes, 3 etcd nodes will be standalone.
If there are 200 or more nodes, 2 kube-masters will be standalone.
If thresholds are exceeded, kube-node group cannot add nodes that
belong to etcd or kube-master groups (according to above statements).
2017-01-19 17:30:56 +03:00
Matthew Mosesohn
33fbcc56d6 Add docker 1.13, update 1.12 to 1.12.6
Fixes #903
2017-01-19 13:58:36 +03:00
Sergii Golovatiuk
61d05dea58 Allow to specify number of concurrent DNS queries
ndots creates overhead as every pod creates 5 concurrent connections
that are forwarded to sky dns. Under some circumstances dnsmasq may
prevent forwarding traffic with "Maximum number of concurrent DNS
queries reached" in the logs.

This patch allows to configure the number of concurrent forwarded DNS
queries "dns-forward-max" as well as "cache-size" leaving the default
values as they were before.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-01-19 11:47:37 +01:00
Matthew Mosesohn
8a821060a3 Update Ansible to 2.2.1 2017-01-19 13:46:46 +03:00
Greg Althaus
0d44599a63 Add explicit name printing in task names for deletgated task during
cert creation
2017-01-18 14:06:50 -06:00
crodetsky
8e29b08070 Genericize test cases and namespace create pod
This change modifies 020_check-create-pod and 030_check-network test cases to
target `kube-master[0]` instead of `node1` as these tests can be useful in
deployments that do not use the same naming convention as the basic tests.

This change also modifies 020_check-create-pod to namespace into a `test`
namespace allowing the `get pods` command to get its expected number of
running containers.

Closes #866 and #867.
2017-01-18 14:52:35 -05:00
Matthew Mosesohn
b6c3e61603 Fix setting resolvconf when using rkt deploy mode
rkt deploy mode doesn't create {{ bin_dir }}/kubelet, so
let's rely on kubelet.env file instad.
2017-01-18 19:18:47 +03:00
Brad Beam
dc08b75c6a Sorting ansible args, fixed ci cluster_mode
- s/separated/separate/g for cluster_mode so it now generates the correct number of instances
2017-01-18 08:03:04 -06:00
Matthew Mosesohn
5420fa942e Merge pull request #897 from holser/flush_handlers_before_etcd
Flush handlers before etcd restart
2017-01-18 12:27:01 +03:00
Matthew Mosesohn
1ee33d3a8d Merge pull request #910 from mattymo/escape_curly
Fix ansible 2.2.1 handling of registered vars
2017-01-18 11:13:01 +03:00