Commit graph

1690 commits

Author SHA1 Message Date
Matthew Mosesohn
de51d07189 Add graceful upgrade process
Based on #718 introduced by rsmitty.

Includes all roles and all options to support deployment of
new hosts in case they were added to inventory.

Main difference here is that master role is evaluated first
so that master components get upgraded first.

Fixes #694
2017-02-16 17:18:38 +03:00
Vladimir Rutsky
7614f7bc5b force reset confirmation in CI 2017-02-16 16:35:01 +03:00
Smaine Kahlouch
daa8ffac1a Merge pull request #1031 from mattymo/defaultcalico
Change default network plugin to Calico
2017-02-16 14:04:12 +01:00
Vladimir Rutsky
9af63e173d fix load balancer DNS name index evaluation in openssl.conf
Looks like OpenSSL still properly handles it, even with duplicated
"DNS.X" items.
2017-02-16 00:16:13 +03:00
Vladimir Rutsky
ffb064f650 ask confirmation before running reset.yml playbook 2017-02-15 21:05:46 +03:00
Matthew Mosesohn
f12fa9d8b5 Merge pull request #985 from rutsky/check-mode-for-shell-commands
set "check_mode: on" for read-only "shell" steps that registers result
2017-02-15 17:53:41 +03:00
Matthew Mosesohn
86358f22a1 Merge pull request #1030 from rutsky/remove-swp
remove temporary file
2017-02-15 17:44:41 +03:00
Vladimir Rutsky
6a9f1b619b remove temporary file 2017-02-15 17:40:05 +03:00
Matthew Mosesohn
fced611eb7 Change default network plugin to Calico 2017-02-15 16:15:22 +03:00
Matthew Mosesohn
26c24d11a1 Merge pull request #1028 from holser/ansible.cfg
Add timings to RECAP output.
2017-02-15 12:41:49 +03:00
Sergii Golovatiuk
768d6cabea Add timings to RECAP output.
- Starting from version 2.0 ansible has 'callback_whitelist =
  profile_tasks'. It allows to analyze CI to find some time regressions.
- Add skippy to CI's ansible.cfg

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-14 18:47:02 +01:00
Antoine Legrand
2d8683a26c Merge pull request #1008 from bradbeam/rkt-proxy
Adding support for proxy w/ rkt kubelet
2017-02-14 17:52:21 +01:00
Spencer Smith
ab11b0c16c specify grace period for draining 2017-02-14 18:51:13 +03:00
Spencer Smith
cf3f733828 first cut of an upgrade process 2017-02-14 18:51:13 +03:00
Brad Beam
2a3dee5f90 Adding support for proxy w/ rkt kubelet 2017-02-14 08:09:49 -06:00
Matthew Mosesohn
c8f5cf9a99 Merge pull request #1019 from mattymo/issue1011
Update calico to v1.0.2
2017-02-14 14:01:25 +03:00
Matthew Mosesohn
68f441fbdb Merge pull request #1013 from mattymo/remove_masqerade_all
Disable kube_proxy_masquerade_all
2017-02-14 14:00:29 +03:00
Antoine Legrand
4b5f334878 Merge pull request #1027 from hvnsweeting/master
Multiples doc fixes
2017-02-14 11:39:22 +01:00
Hung Nguyen Viet
4cb20ca509 Highlight important action 2017-02-14 17:18:25 +07:00
Hung Nguyen Viet
e960a3b567 Fix typo 2017-02-14 17:18:22 +07:00
Antoine Legrand
1cd0d85cc1 Merge pull request #1025 from holser/bug/961
Install pip on Ubuntu
2017-02-14 10:31:42 +01:00
Matthew Mosesohn
73a8613e42 Merge pull request #1021 from holser/remove_deprecated
Replace always_run with check_mode
2017-02-14 11:25:58 +03:00
Matthew Mosesohn
f671ef5ad2 Merge pull request #1015 from holser/rkt_ssl_ca_dirs
Set ssl_ca_dirs for rkt based on fact
2017-02-14 11:25:17 +03:00
Sergii Golovatiuk
07416a329e Install pip on Ubuntu
- Refactor 'Check if bootstrap is needed' as ansible loop. This allows
  to add new elements easily without refactoring. Add pip to the list.
- Refactor 'Install python 2.x' task to run once if any of rc
  codes != 0. Actually, need_bootstrap is array of hashes, so map will
  allow to get single array of rc statuses. So if status is not zero it
  will be sorted and the last element will be get, converted to bool.

Closes: #961
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 19:35:13 +01:00
Antoine Legrand
f7f6cf9948 Merge pull request #1024 from holser/bug/961
Install pip on Ubuntu
2017-02-13 17:53:57 +01:00
Matthew Mosesohn
192fc13ff2 Merge pull request #1023 from mattymo/fix_dnsmasq_cleanup
Clean up dnsmasq purge task
2017-02-13 19:50:01 +03:00
Vladimir Rutsky
fff8780a51 set "check_mode: no" for read-only "shell" steps that registers result
"shell" step doesn't support check mode, which currently leads to failures,
when Ansible is being run in check mode (because Ansible doesn't run command,
assuming that command might have effect, and no "rc" or "output" is registered).

Setting "check_mode: no" allows to run those "shell" commands in check mode
(which is safe, because those shell commands doesn't have side effects).
2017-02-13 18:53:41 +03:00
Sergii Golovatiuk
4b7398f29c Install pip on Ubuntu
Closes: #961
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 16:27:09 +01:00
Greg Althaus
932629cc38 When resolv.conf changes during host_resolvconf mode, we need to
restart the controller to get the new file configuration.
I'm not fond of this form and would like a better way, but this
seems to "work".
2017-02-13 09:20:02 -06:00
Antoine Legrand
ad67517ab1 Merge pull request #1022 from kubernetes-incubator/ant31-patch-1
Document gitlab-runner.sh
2017-02-13 15:40:34 +01:00
Matthew Mosesohn
2e12ebb9cb Clean up dnsmasq purge task 2017-02-13 17:30:15 +03:00
Antoine Legrand
426995fa36 Document gitlab-runner.sh 2017-02-13 15:04:35 +01:00
Sergii Golovatiuk
959517aa62 Replace always_run with check_mode
always_run was deprecated in Ansible 2.2 and will be removed in 2.4
ansible logs contain "[DEPRECATION WARNING]: always_run is deprecated.
Use check_mode = no instead". This patch fix deprecation.
2017-02-13 15:00:56 +01:00
Matthew Mosesohn
8afce340c4 Update calico to v1.0.2
Also calico-cni to v1.5.6, calico-policy to v0.5.2

Fixes: #1011
2017-02-13 15:39:25 +03:00
Sergii Golovatiuk
5494d608e5 Set ssl_ca_dirs for rkt based on fact
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.

Closes: #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Matthew Mosesohn
896307b692 Merge pull request #988 from mattymo/feat/rolling3
Add CI cases for testing upgrade from v2.0.1 release
2017-02-10 18:09:43 +03:00
Matthew Mosesohn
543848c41e Merge pull request #983 from vwfs/centos_kernel_upgrade
Add kernel upgrade for CentOS
2017-02-10 14:40:27 +03:00
Antoine Legrand
6bd180eadf Merge pull request #1009 from mattymo/dnsmasq_updates
Enable reset of dnsmasq if manifest or config changes
2017-02-10 11:43:09 +01:00
Matthew Mosesohn
ccd865c564 fixup upgrades for canal and weave 2017-02-10 13:27:41 +03:00
Matthew Mosesohn
21d648ad36 Disable kube_proxy_masquerade_all
Fixes #1012
2017-02-10 13:16:39 +03:00
Matthew Mosesohn
298847ffa3 Merge pull request #1010 from bogdando/fixes
Fix misleading HA docs
2017-02-10 13:01:29 +03:00
Bogdan Dobrelya
0ddcc74412 Merge pull request #1002 from code0x9/master
use ansible sysctl module for config ip forwarding
2017-02-10 10:40:18 +01:00
Bogdan Dobrelya
22cae3c361 Fix misleading HA docs
Signed-off-by: Bogdan Dobrelya <bogdando@mail.ru>
2017-02-10 10:28:27 +01:00
Alexander Block
aeb12fdc10 Add kernel upgrade for CentOS 2017-02-10 09:29:12 +01:00
Matthew Mosesohn
cfe50795e2 Enable reset of dnsmasq if manifest or config changes 2017-02-10 10:40:07 +04:00
Matthew Mosesohn
14e10988fc Merge pull request #989 from holser/kubelet_remedy
Kubernetes Reliability Improvements
2017-02-10 09:29:29 +03:00
Matthew Mosesohn
729bf56910 Merge pull request #1004 from galthaus/kubelet-load-modules
Allow kubelet to load kernel modules
2017-02-10 09:28:16 +03:00
Matthew Mosesohn
c4594022ca Add CI cases for testing upgrade from v2.0.1 release
These are manual trigger jobs, but should be run if any PR
impacts upgrades.
2017-02-10 10:20:58 +04:00
Matthew Mosesohn
9514f32135 Merge pull request #1006 from mattymo/fix_weave_upgrade
Enable weave upgrade from previous versions
2017-02-10 09:03:49 +03:00
Antoine Legrand
8898dcda22 Merge pull request #1001 from idcrook/kargo-issue-1000-efk-enable
removed explicit role for efk in cluster.yml
2017-02-10 03:03:18 +01:00