Commit Graph

1453 Commits (ad58e08a41664d4b25bc9e60b8d80ad55a17b12c)
 

Author SHA1 Message Date
Antoine Legrand ad58e08a41 Merge pull request #1049 from alop/selinux
Safe disable SELinux
2017-02-19 10:26:01 +01:00
Abel Lopez 0bfc2d0f2f
Safe disable SELinux
Sometimes, a sysadmin might outright delete the SELinux rpms and
delete the configuration. This causes the selinux module to fail
with
```
IOError: [Errno 2] No such file or directory: '/etc/selinux/config'\n",
"module_stdout": "", "msg": "MODULE FAILURE"}
```

This simply checks that /etc/selinux/config exists before we try
to set it Permissive.

Update from feedback
2017-02-18 11:54:25 -08:00
Antoine Legrand b84cc14694 Merge pull request #1029 from mattymo/graceful
Add graceful upgrade process
2017-02-17 21:24:32 +01:00
Matthew Mosesohn a510e7b8f3 Use gce hostname as inventory name
Calico does not allow renaming hosts
2017-02-17 20:21:58 +03:00
Antoine Legrand e16ebcad6e Merge pull request #1042 from holser/fix_facts
Fix fact tags
2017-02-17 17:56:29 +01:00
Sergii Golovatiuk e91e58aec9 Fix fact tags
Ansible playbook fails when tags are limited to "facts,etcd" or to
"facts". This patch allows to run ansible-playbook to gather facts only
that don't require calico/flannel/weave components to be verified. This
allows to run ansible with 'facts,bootstrap-os' or just 'facts' to
gether facts that don't require specific components.

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-17 12:32:33 +01:00
Antoine Legrand 3629b9051d Merge pull request #1038 from rutsky/kubelet-mount-var-log
Mount host's /var/log into kubelet container
2017-02-17 10:26:12 +01:00
Antoine Legrand ef919d963b Merge pull request #1040 from retr0h/vagrant-config
Better control instance sizing
2017-02-17 10:25:09 +01:00
Antoine Legrand 4545114408 Merge pull request #1037 from mattymo/coreos_fix
Fix references to CoreOS and Container Linux by CoreOS
2017-02-17 10:21:14 +01:00
Smaine Kahlouch 9ed32b9dd0 Merge pull request #1036 from rutsky/fix-kibana-default-base-url
fix typo in "kibana_base_url" variable name
2017-02-17 07:03:59 +01:00
John Dewey 45dbe6d542
Better control instance sizing
* Git ignore the user controlled config.rb.
* Ability to better control the number of instances running.
2017-02-16 13:09:34 -08:00
Vladimir Rutsky bff955ff7e Mount host's /var/log into kubelet container
Kubelet is responsible for creating symlinks from /var/lib/docker to /var/log
to make fluentd logging collector work.
However without using host's /var/log those links are invisible to fluentd.

This is done on rkt configuration too.
2017-02-16 22:31:05 +03:00
Matthew Mosesohn 80c0e747a7 Fix references to CoreOS and Container Linux by CoreOS
Fixes #967
2017-02-16 19:25:17 +03:00
Matthew Mosesohn 617edda9ba Adjust weave daemonset for serial deployment 2017-02-16 18:24:30 +03:00
Vladimir Rutsky 7ab04b2e73 fix typo in "kibana_base_url" variable name
This typo lead to kibana_base_url being undefined and Kibana used
default base URL ("/") which is incorrect with default proxy-based
access.
2017-02-16 18:17:06 +03:00
Antoine Legrand e89056a614 Merge pull request #1033 from rutsky/reset-confirmation
ask confirmation before running reset.yml playbook
2017-02-16 16:10:58 +01:00
Matthew Mosesohn 97ebbb9672 Add graceful upgrade process
Based on #718 introduced by rsmitty.

Includes all roles and all options to support deployment of
new hosts in case they were added to inventory.

Main difference here is that master role is evaluated first
so that master components get upgraded first.

Fixes #694
2017-02-16 17:18:38 +03:00
Vladimir Rutsky c02213e4af force reset confirmation in CI 2017-02-16 16:35:01 +03:00
Smaine Kahlouch 73e0aeb4ca Merge pull request #1031 from mattymo/defaultcalico
Change default network plugin to Calico
2017-02-16 14:04:12 +01:00
Vladimir Rutsky 5337d37a1c ask confirmation before running reset.yml playbook 2017-02-15 21:05:46 +03:00
Matthew Mosesohn d92d955aeb Merge pull request #985 from rutsky/check-mode-for-shell-commands
set "check_mode: on" for read-only "shell" steps that registers result
2017-02-15 17:53:41 +03:00
Matthew Mosesohn 7ac84d386c Merge pull request #1030 from rutsky/remove-swp
remove temporary file
2017-02-15 17:44:41 +03:00
Vladimir Rutsky 8397baa700 remove temporary file 2017-02-15 17:40:05 +03:00
Matthew Mosesohn 2d65554cb9 Change default network plugin to Calico 2017-02-15 16:15:22 +03:00
Matthew Mosesohn 64e40d471c Merge pull request #1028 from holser/ansible.cfg
Add timings to RECAP output.
2017-02-15 12:41:49 +03:00
Sergii Golovatiuk c5ea29649b Add timings to RECAP output.
- Starting from version 2.0 ansible has 'callback_whitelist =
  profile_tasks'. It allows to analyze CI to find some time regressions.
- Add skippy to CI's ansible.cfg

Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-14 18:47:02 +01:00
Antoine Legrand 410438a0e3 Merge pull request #1008 from bradbeam/rkt-proxy
Adding support for proxy w/ rkt kubelet
2017-02-14 17:52:21 +01:00
Spencer Smith fbaef7e60f specify grace period for draining 2017-02-14 18:51:13 +03:00
Spencer Smith 017a813621 first cut of an upgrade process 2017-02-14 18:51:13 +03:00
Brad Beam 4c891b8bb0 Adding support for proxy w/ rkt kubelet 2017-02-14 08:09:49 -06:00
Matthew Mosesohn 948d9bdadb Merge pull request #1019 from mattymo/issue1011
Update calico to v1.0.2
2017-02-14 14:01:25 +03:00
Matthew Mosesohn b7258ec3bb Merge pull request #1013 from mattymo/remove_masqerade_all
Disable kube_proxy_masquerade_all
2017-02-14 14:00:29 +03:00
Antoine Legrand 93cb5a5bd6 Merge pull request #1027 from hvnsweeting/master
Multiples doc fixes
2017-02-14 11:39:22 +01:00
Hung Nguyen Viet d8f46c4410 Highlight important action 2017-02-14 17:18:25 +07:00
Hung Nguyen Viet d0757ccc5e Fix typo 2017-02-14 17:18:22 +07:00
Antoine Legrand f4f730bd8a Merge pull request #1025 from holser/bug/961
Install pip on Ubuntu
2017-02-14 10:31:42 +01:00
Matthew Mosesohn f5e27f1a21 Merge pull request #1021 from holser/remove_deprecated
Replace always_run with check_mode
2017-02-14 11:25:58 +03:00
Matthew Mosesohn bb6415ddc4 Merge pull request #1015 from holser/rkt_ssl_ca_dirs
Set ssl_ca_dirs for rkt based on fact
2017-02-14 11:25:17 +03:00
Sergii Golovatiuk 2b6179841b Install pip on Ubuntu
- Refactor 'Check if bootstrap is needed' as ansible loop. This allows
  to add new elements easily without refactoring. Add pip to the list.
- Refactor 'Install python 2.x' task to run once if any of rc
  codes != 0. Actually, need_bootstrap is array of hashes, so map will
  allow to get single array of rc statuses. So if status is not zero it
  will be sorted and the last element will be get, converted to bool.

Closes: #961
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 19:35:13 +01:00
Antoine Legrand e877cd2874 Merge pull request #1024 from holser/bug/961
Install pip on Ubuntu
2017-02-13 17:53:57 +01:00
Matthew Mosesohn 203ddfcd43 Merge pull request #1023 from mattymo/fix_dnsmasq_cleanup
Clean up dnsmasq purge task
2017-02-13 19:50:01 +03:00
Vladimir Rutsky 09847567ae set "check_mode: no" for read-only "shell" steps that registers result
"shell" step doesn't support check mode, which currently leads to failures,
when Ansible is being run in check mode (because Ansible doesn't run command,
assuming that command might have effect, and no "rc" or "output" is registered).

Setting "check_mode: no" allows to run those "shell" commands in check mode
(which is safe, because those shell commands doesn't have side effects).
2017-02-13 18:53:41 +03:00
Sergii Golovatiuk 732ae69d22 Install pip on Ubuntu
Closes: #961
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 16:27:09 +01:00
Antoine Legrand 9667ac3baf Merge pull request #1022 from kubernetes-incubator/ant31-patch-1
Document gitlab-runner.sh
2017-02-13 15:40:34 +01:00
Matthew Mosesohn b5be335db3 Clean up dnsmasq purge task 2017-02-13 17:30:15 +03:00
Antoine Legrand d33945780d Document gitlab-runner.sh 2017-02-13 15:04:35 +01:00
Sergii Golovatiuk 5f4cc3e1de Replace always_run with check_mode
always_run was deprecated in Ansible 2.2 and will be removed in 2.4
ansible logs contain "[DEPRECATION WARNING]: always_run is deprecated.
Use check_mode = no instead". This patch fix deprecation.
2017-02-13 15:00:56 +01:00
Matthew Mosesohn ec567bd53c Update calico to v1.0.2
Also calico-cni to v1.5.6, calico-policy to v0.5.2

Fixes: #1011
2017-02-13 15:39:25 +03:00
Sergii Golovatiuk aeadaa1184 Set ssl_ca_dirs for rkt based on fact
Since systemd kubelet.service has {{ ssl_ca_dirs }}, fact should be
gathered before writing kubelet.service.

Closes: #1007
Signed-off-by: Sergii Golovatiuk <sgolovatiuk@mirantis.com>
2017-02-13 13:28:29 +01:00
Matthew Mosesohn 2f0f0006e3 Merge pull request #988 from mattymo/feat/rolling3
Add CI cases for testing upgrade from v2.0.1 release
2017-02-10 18:09:43 +03:00