Commit graph

1684 commits

Author SHA1 Message Date
Matthew Mosesohn
b9869b7708 Merge pull request #901 from galthaus/dns-tweak
DHCP Hook protections
2017-02-02 16:47:16 +03:00
Sergii Golovatiuk
b610c1627e Remove nsenter workaround
- Docker 1.12 and further don't need nsenter hack. This patch removes
  it.  Also, it bumps the minimal version to 1.12.

Closes #776

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-02 14:38:11 +01:00
Matthew Mosesohn
8731306889 Merge pull request #958 from holser/fix_weave_cpu
Fix CPU out of scope for Weave-net
2017-02-02 16:05:47 +03:00
Sergii Golovatiuk
83a90861ba Fix weave-net after upgrade to 1.82
- Set recommended CPU settings
- Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
- Limit DS creation to master
- Combined 2 tasks into one with better condition
2017-02-02 10:31:58 +01:00
Matthew Mosesohn
776e48e898 Merge pull request #957 from mattymo/weave-net-naming
Rename weave-kube to weave-net
2017-02-02 10:18:02 +03:00
Greg Althaus
0037d0e6b2 This continues the DHCP hook checks. Also protect the create side
if the system doesn't have any config files at all.
2017-01-31 09:56:27 -06:00
Matthew Mosesohn
82619b99ba Merge pull request #951 from mattymo/k8s-certs-scale
Fix cert distribution at scale
2017-01-31 18:49:26 +03:00
Matthew Mosesohn
a0e50a12a6 Merge pull request #954 from artem-panchenko/improve_dnsmasq
Explicitly set config path for DNSMasq
2017-01-31 18:48:46 +03:00
Matthew Mosesohn
f85dbfffe9 Rename weave-kube to weave-net
Cleans up upgrade to weave 1.82. The original WeaveWorks
daemonset definition uses weave-net name.
2017-01-31 18:47:27 +03:00
Bogdan Dobrelya
595aa828b9 Merge pull request #955 from mattymo/disable-idempotency-check
Disable idempotency for ubuntu-weave-sep
2017-01-31 14:55:27 +01:00
Matthew Mosesohn
1011e416a7 Fix cert distribution at scale
Use stdin instead of bash args to pass node filenames and base64 data.
Use tempfile for master cert data
2017-01-31 16:27:45 +03:00
Matthew Mosesohn
14331d938c Merge pull request #880 from bradbeam/weave-kube
Weave kube
2017-01-31 13:31:09 +03:00
Matthew Mosesohn
ba18b57438 Disable idempotency for ubuntu-weave-sep
CI is failing 40% of the time due to errors in reset.
Let's disable idempotency check per-patch until we fix it.

Fixes #953
2017-01-31 13:23:27 +03:00
Artem Panchenko
5ed8f686b3 Explicitly set config path for DNSMasq
When DNSMasq is configured to read its settings
from a folder ('-7' or '--conf-dir' option) it only
checks that the directory exists and doesn't fail if
it's empty. It could lead to a situation when DNSMasq
is running and handles requests, but not properly
configured, so some of queries can't be resolved.
2017-01-31 12:14:57 +02:00
Matthew Mosesohn
688cd1ffcc Merge pull request #944 from tureus/skip-cloud-config-on-etcd
Bugfix: skip cloud_config on etcd
2017-01-30 20:12:36 +03:00
Bogdan Dobrelya
366a586d2a Merge pull request #943 from bradbeam/cilint
Fixing lint check for ci
2017-01-30 09:19:44 +01:00
Antoine Legrand
d6d02c63df Merge pull request #947 from bradbeam/libs
Consolidating kube.py module
2017-01-29 00:02:32 +01:00
Brad Beam
5562432999 Upgrading weave to weave-kube 2017-01-27 17:05:25 -06:00
Brad Beam
789a08ad47 Consolidating kube.py module 2017-01-27 11:28:11 -06:00
Bogdan Dobrelya
654122e579 Merge pull request #948 from mattymo/update_coreos
Update coreos-stable image
2017-01-27 17:53:17 +01:00
Tyler Britten
6b29c6c702 Fixed for non-null output 2017-01-27 10:47:59 -05:00
Tyler Britten
ec1c47bc5a Updated OpenStack vars to check for tenant_id (v2) and project_id (v3) 2017-01-27 10:26:20 -05:00
Matthew Mosesohn
80b8d647af Update coreos-stable image
Our old coreos-stable image has docker 1.10
2017-01-27 16:20:40 +04:00
neith00
fb5d1a2ab8 Using the command module instead of raw
Using the command module instead of raw.
Also fixed the syntax.
2017-01-26 16:28:48 +01:00
Matthew Mosesohn
4b1d461ac8 Merge pull request #941 from adidenko/use_ansible_hostname_in_calico
Switch to ansible_hostname in calico
2017-01-26 13:06:35 +03:00
Xavier Lange
eb07363ddb Bugfix: skip cloud_config on etcd 2017-01-25 14:09:21 -08:00
Brad Beam
e5604d36e4 Fixing lint check for ci 2017-01-25 09:54:32 -06:00
Aleksandr Didenko
d30c52d53d Switch to ansible_hostname in calico
For consistancy with kubernetes services we should use the same
hostname for nodes, which is 'ansible_hostname'.

Also fixing missed 'kube-node' in templates, Calico is installed
on 'k8s-cluster' roles, not only 'kube-node'.
2017-01-25 11:49:58 +01:00
Bogdan Dobrelya
289de2fa68 Merge pull request #933 from frozenice/hide-skipped-hosts
add skippy stdout callback
2017-01-25 10:33:20 +01:00
Bogdan Dobrelya
3fa816517f Merge pull request #938 from bradbeam/ci
Splitting out moderator check from syntax check
2017-01-25 10:12:11 +01:00
Brad Beam
4b25083c03 Splitting out moderator check from syntax check
- Attempt to clarify CI runs from contributors
2017-01-24 23:05:12 -06:00
Bogdan Dobrelya
38797e9792 Merge pull request #935 from sc68cal/terraform_groupvars_update
Update the group_vars for Terraform
2017-01-24 11:33:17 +01:00
Bogdan Dobrelya
851a3ff937 Merge pull request #934 from frozenice/use-api-pwd-for-root
also use kube_api_pwd for root account
2017-01-24 11:24:02 +01:00
Matthew Mosesohn
2967aa2c96 Merge pull request #926 from adidenko/fix-calico-rr-for-masters
Fix calico-rr peering with k8s masters
2017-01-24 12:38:52 +03:00
Matthew Mosesohn
be3603491e Merge pull request #932 from vwfs/centos_pin_docker_version
Pin docker version on RedHat and CentOS to the desired version
2017-01-24 12:21:50 +03:00
Matthew Mosesohn
52c1a682de Merge pull request #928 from sc68cal/terraform_identity_version
Specify the version of the credentials to download from Horizon
2017-01-24 12:21:27 +03:00
Sean M. Collins
53d40bc9ca Update terraform's group_vars to be a symlink
That way, it will not become stale.

Related bug #929
2017-01-23 16:08:37 -05:00
Sean M. Collins
03161c9322 Specify the version of the credentials to download from Horizon
More recent versions of OpenStack Horizon provide Identity v2 and
Identity v3 versions of the RC file.
2017-01-23 14:52:51 -05:00
David Kirstein
9f47869448 also use kube_api_pwd for root account
This makes it a bit more secure. Also the password can now be changed with a (inventory) variable (no need to edit all.yml).
2017-01-23 19:09:30 +01:00
David Kirstein
2c4ff935d3 add skippy stdout callback
It removes the teal lines when a host is skipped for a task. This makes the output less spammy and much easier to read. Empty TASK blocks are still included in the output, but that's ok.
2017-01-23 18:53:14 +01:00
Alexander Block
0b27d015d1 Pin docker version on RedHat and CentOS to the desired version 2017-01-23 12:39:54 +01:00
Aleksandr Didenko
13ae324569 Fix calico-rr peering with k8s masters
Calico-rr is broken for deployments with separate k8s-master and
k8s-node roles. In order to fix it we should peer k8s-cluster
nodes with calico-rr, not just k8s-node. The same for peering
with routers.

Closes #925
2017-01-23 10:19:09 +01:00
Bogdan Dobrelya
8678d107a0 Merge pull request #915 from bradbeam/ci
Sorting ansible args, fixed ci cluster_mode
2017-01-20 09:43:10 +01:00
Bogdan Dobrelya
f9708334c4 Merge pull request #884 from mattymo/inventory_builder_scale
Add scale thresholds to split etcd and k8s-masters
2017-01-20 09:34:45 +01:00
Bogdan Dobrelya
8099ed8cc4 Merge pull request #873 from crodetsky/fix_test_cases
Genericize test cases and namespace create pod
2017-01-20 09:30:35 +01:00
Bogdan Dobrelya
48e77cd8bb Drop linux capabilities and rework users/groups
* Drop linux capabilities for unprivileged containerized
  worlkoads Kargo configures for deployments.
* Configure required securityContext/user/group/groups for kube
  components' static manifests, etcd, calico-rr and k8s apps,
  like dnsmasq daemonset.
* Rework cloud-init (etcd) users creation for CoreOS.
* Fix nologin paths, adjust defaults for addusers role and ensure
  supplementary groups membership added for users.
* Add netplug user for network plugins (yet unused by privileged
  networking containers though).
* Grant the kube and netplug users read access for etcd certs via
  the etcd certs group.
* Grant group read access to kube certs via the kube cert group.
* Remove priveleged mode for calico-rr and run it under its uid/gid
  and supplementary etcd_cert group.
* Adjust docs.
* Align cpu/memory limits and dropped caps with added rkt support
  for control plane.

Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-01-20 08:50:42 +01:00
Matthew Mosesohn
979b01a145 Merge pull request #905 from galthaus/async-runs
Add tasks to ensure that the first nodes have their directories for cert gen
2017-01-19 18:32:27 +03:00
Matthew Mosesohn
77eeacb315 Merge pull request #904 from galthaus/nginx-port-config
Add nginx local balancer port configuration variable
2017-01-19 18:31:57 +03:00
Matthew Mosesohn
b47e76afdb Merge pull request #913 from galthaus/apps-master-only
Ansible apps should only check for api-server running on the master.
2017-01-19 18:30:58 +03:00
Matthew Mosesohn
9d2d08404d Merge pull request #917 from mattymo/rkt_resolvconf
Fix setting resolvconf when using rkt deploy mode
2017-01-19 18:30:21 +03:00