From e7d6fb19930939671ec6905cdc54fa04f80ddfb3 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 30 Sep 2020 15:23:09 +0100 Subject: [PATCH 01/18] ome.prometheus 0.4.0, ome.prometheus_node 0.3.0 --- ansible/idr-ftp-monitoring.yml | 4 ++-- ansible/requirements.yml | 14 ++------------ 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/ansible/idr-ftp-monitoring.yml b/ansible/idr-ftp-monitoring.yml index 1a617e19..d6a43919 100644 --- a/ansible/idr-ftp-monitoring.yml +++ b/ansible/idr-ftp-monitoring.yml @@ -4,9 +4,9 @@ - hosts: "{{ idr_environment | default('idr') }}-ftp-hosts" roles: - - role: ome.prometheus_node_0_3_0 + - role: ome.prometheus_node - - role: ome.prometheus_0_4_0 + - role: ome.prometheus prometheus_docker_network: monitoring prometheus_alertmanager_slack_webhook: "{{ idr_secret_management_slack_webhook }}" diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 0727e48d..6cadafe2 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -183,23 +183,13 @@ version: 0.3.0 - src: ome.prometheus - version: 0.3.1 + version: 0.4.0 - name: ome.prometheus_jmx version: 0.2.2 - src: ome.prometheus_node - version: 0.2.2 + version: 0.3.0 - src: ome.prometheus_postgres version: 0.4.0 - -- name: ome.prometheus_0_4_0 - src: - https://github.com/ome/ansible-role-prometheus/archive/0.4.0.tar.gz - version: 0.4.0 - -- name: ome.prometheus_node_0_3_0 - src: - https://github.com/ome/ansible-role-prometheus-node/archive/0.3.0.tar.gz - version: 0.3.0 From e989ebaaa608df49abc2fe69f861b5da480d2e5c Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 30 Sep 2020 15:38:43 +0100 Subject: [PATCH 02/18] update dashboards to use changed metric names --- .../grafana-dashboards/idr-per-server.json | 2 +- ansible/grafana-dashboards/idr-sessions.json | 2 +- ansible/grafana-dashboards/idr-vertical.json | 23 +++++++------------ 3 files changed, 10 insertions(+), 17 deletions(-) diff --git a/ansible/grafana-dashboards/idr-per-server.json b/ansible/grafana-dashboards/idr-per-server.json index 71bcec43..32e45f56 100644 --- a/ansible/grafana-dashboards/idr-per-server.json +++ b/ansible/grafana-dashboards/idr-per-server.json @@ -78,7 +78,7 @@ "steppedLine": false, "targets": [ { - "expr": "(1 - node_filesystem_free{fstype!~\"(nfs|nfs4|overlay|rootfs|rpc_pipefs|tmpfs)\", instance=\"$hostname\"} / node_filesystem_size{fstype!~\"(nfs|nfs4|overlay|rootfs|rpc_pipefs|tmpfs)\", instance=\"$hostname\"}) * 100", + "expr": "(1 - node_filesystem_free_bytes{fstype!~\"(nfs|nfs4|overlay|rootfs|rpc_pipefs|tmpfs)\", instance=\"$hostname\"} / node_filesystem_size_bytes{fstype!~\"(nfs|nfs4|overlay|rootfs|rpc_pipefs|tmpfs)\", instance=\"$hostname\"}) * 100", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{mountpoint}} ({{device}})", diff --git a/ansible/grafana-dashboards/idr-sessions.json b/ansible/grafana-dashboards/idr-sessions.json index bfeae032..8d35e4fb 100644 --- a/ansible/grafana-dashboards/idr-sessions.json +++ b/ansible/grafana-dashboards/idr-sessions.json @@ -309,7 +309,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(rate(django_http_responses_total_by_status[$quantileint])) without (instance)", + "expr": "sum(rate(django_http_responses_total_by_status_total[$quantileint])) without (instance)", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{status}}", diff --git a/ansible/grafana-dashboards/idr-vertical.json b/ansible/grafana-dashboards/idr-vertical.json index ceac8dd8..bb3214aa 100644 --- a/ansible/grafana-dashboards/idr-vertical.json +++ b/ansible/grafana-dashboards/idr-vertical.json @@ -80,7 +80,7 @@ "steppedLine": false, "targets": [ { - "expr": "(100 - (avg by (instance) (irate(node_cpu{mode=\"idle\", instance=~\".*$servergroup.*\"}[5m])) * 100)) * on(instance) (count(node_cpu{mode=\"idle\", instance=~\".*$servergroup.*\"}) without (cpu, mode))", + "expr": "(100 - (avg by (instance) (irate(node_cpu_seconds_total{mode=\"idle\", instance=~\".*$servergroup.*\"}[5m])) * 100)) * on(instance) (count(node_cpu_seconds_total{mode=\"idle\", instance=~\".*$servergroup.*\"}) without (cpu, mode))", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{instance}}", @@ -173,7 +173,7 @@ "steppedLine": false, "targets": [ { - "expr": "node_memory_Active{instance=~\".*$servergroup.*\"} / 1024 / 1024 / 2014", + "expr": "node_memory_Active_bytes{instance=~\".*$servergroup.*\"} / 1024 / 1024 / 2014", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -182,7 +182,7 @@ "step": 600 }, { - "expr": "node_memory_Active{instance=~\".*$servergroup.*\"} / node_memory_MemTotal{instance=~\".*$servergroup.*\"} * 100", + "expr": "node_memory_Active_bytes{instance=~\".*$servergroup.*\"} / node_memory_MemTotal_bytes{instance=~\".*$servergroup.*\"} * 100", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -355,7 +355,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum (irate(node_network_receive_bytes{instance=~\".*$servergroup.*\"}[1m])) by (instance) / 1024 / 1024", + "expr": "sum (irate(node_network_receive_bytes_total{instance=~\".*$servergroup.*\"}[1m])) by (instance) / 1024 / 1024", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -365,7 +365,7 @@ "step": 600 }, { - "expr": "- sum (irate(node_network_transmit_bytes{instance=~\".*$servergroup.*\"}[1m])) by (instance) / 1024 / 1024", + "expr": "- sum (irate(node_network_transmit_bytes_total{instance=~\".*$servergroup.*\"}[1m])) by (instance) / 1024 / 1024", "format": "time_series", "hide": false, "intervalFactor": 2, @@ -428,12 +428,10 @@ { "allValue": null, "current": { - "tags": [], - "text": "omero + database + docker", + "text": "omero + database", "value": [ "omero", - "database", - "docker" + "database" ] }, "hide": 0, @@ -451,14 +449,9 @@ "selected": true, "text": "database", "value": "database" - }, - { - "selected": true, - "text": "docker", - "value": "docker" } ], - "query": "omero, database, docker", + "query": "omero, database", "type": "custom" } ] From e23d7d7e1f4ac7f7365eaada9c8eee80997b2c8d Mon Sep 17 00:00:00 2001 From: Simon Li Date: Wed, 30 Sep 2020 15:39:45 +0100 Subject: [PATCH 03/18] grafana:7.2.0 Also fix Ansible deprecated syntax --- ansible/management-grafana.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/management-grafana.yml b/ansible/management-grafana.yml index 7b26ba3a..215833bb 100644 --- a/ansible/management-grafana.yml +++ b/ansible/management-grafana.yml @@ -9,7 +9,7 @@ - name: Run docker grafana become: yes docker_container: - image: grafana/grafana:5.1.3 + image: grafana/grafana:7.2.0 env: # Enable anonymous login GF_AUTH_ANONYMOUS_ENABLED: "true" @@ -39,7 +39,7 @@ status_code: [200, 404] register: grafana_get_user check_mode: no - until: grafana_get_user | succeeded + until: grafana_get_user is succeeded retries: 5 delay: 5 From 96b458f757d4097db02c1a13321f640a87747b63 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 5 Oct 2020 08:46:07 +0100 Subject: [PATCH 04/18] ome.omero_web_django_prometheus 0.4.0 --- ansible/requirements.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 6cadafe2..1f2ed3f7 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -180,7 +180,7 @@ version: 0.3.0 - src: ome.omero_web_django_prometheus - version: 0.3.0 + version: 0.4.0 - src: ome.prometheus version: 0.4.0 From df1e94a65d42960be71d1dfee90fb8e5b443e2fc Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 5 Oct 2020 19:44:23 +0100 Subject: [PATCH 05/18] omero-client.json: use wss (websockets) --- ansible/templates/omero-client.json.j2 | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ansible/templates/omero-client.json.j2 b/ansible/templates/omero-client.json.j2 index e94dc548..023636d8 100644 --- a/ansible/templates/omero-client.json.j2 +++ b/ansible/templates/omero-client.json.j2 @@ -1,9 +1,5 @@ [ -"--Ice.Default.Router=OMERO.Glacier2/router -{%- for backend in omero_omeroreadonly_hosts_external -%} -:ssl -p {{ idr_haproxy_frontend_omero_offset + loop.index0 | int }} -h @omero.host@ -{%- endfor -%}", -"--Ice.Default.Router.EndpointSelection=Random", +"--Ice.Default.Router=OMERO.Glacier2/router:wss -p 443 -h @omero.host@ -r /omero-ws", "--omero.user=public", "--omero.pass=public" ] From 41c50b7964cffb5a412383c71a70d3a6c6575da2 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 16 Nov 2020 16:08:15 +0000 Subject: [PATCH 06/18] Add Docker to prod omeroservers --- ansible/openstack-create-publicidr.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ansible/openstack-create-publicidr.yml b/ansible/openstack-create-publicidr.yml index 8a3cde72..b54b88a7 100644 --- a/ansible/openstack-create-publicidr.yml +++ b/ansible/openstack-create-publicidr.yml @@ -50,6 +50,7 @@ idr_vm_image: "{{ vm_image }}" idr_vm_flavour: "{{ vm_flavour_large }}" idr_vm_omeroreadwrite: True + idr_vm_dockermanager: True idr_vm_extra_groups: - "{{ idr_environment_idr }}-{{ idr_vm_storage_group }}" - "{{ idr_vm_storage_group }}" @@ -66,6 +67,7 @@ idr_vm_image: "{{ vm_image }}" idr_vm_flavour: "{{ vm_flavour }}" idr_vm_omeroreadonly: True + idr_vm_dockermanager: True # TODO: Could we use the fileserver as an NFS proxy instead and # get rid of the need for the additional network? idr_vm_extra_groups: From a0a08fd5f66b594bc8e501398280798c1ce24f86 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 16 Nov 2020 16:10:39 +0000 Subject: [PATCH 07/18] Remove mineotaur --- ansible/idr-02-services.yml | 2 -- ansible/idr-docker.yml | 21 ------------------- ansible/idr-downloads.yml | 3 --- ansible/idr-mineotaur.yml | 41 ------------------------------------- 4 files changed, 67 deletions(-) delete mode 100644 ansible/idr-mineotaur.yml diff --git a/ansible/idr-02-services.yml b/ansible/idr-02-services.yml index 647b08bf..33c62ebf 100644 --- a/ansible/idr-02-services.yml +++ b/ansible/idr-02-services.yml @@ -3,8 +3,6 @@ ### TODO: Remove these in the next version - include: idr-downloads.yml -- include: idr-mineotaur.yml - - include: idr-kubernetes.yml # TODO: Not idempotent - include: idr-kubernetes-apply.yml diff --git a/ansible/idr-docker.yml b/ansible/idr-docker.yml index 2e53e37f..bb084902 100644 --- a/ansible/idr-docker.yml +++ b/ansible/idr-docker.yml @@ -16,24 +16,3 @@ yum: name: docker-python state: present - - -- hosts: "{{ idr_environment | default('idr') }}-dockermanager-hosts" - - pre_tasks: - - name: create NFS export directories - become: yes - file: - path: /data/{{ item }} - state: directory - with_items: - - mineotaur - - volumes - - roles: - - role: ome.versioncontrol_utils - - role: ome.nfs_share - nfs_shares: - /data/mineotaur: - - host: "*" - options: 'rw' diff --git a/ansible/idr-downloads.yml b/ansible/idr-downloads.yml index e6345853..9ced676f 100644 --- a/ansible/idr-downloads.yml +++ b/ansible/idr-downloads.yml @@ -19,9 +19,6 @@ - name: sql path: /srv/omero-sql comment: PostgreSQL 9.4 database dump of the IDR - - name: mineotaur - path: /data/mineotaur - comment: Neo4j databases for various IDR studies tasks: diff --git a/ansible/idr-mineotaur.yml b/ansible/idr-mineotaur.yml deleted file mode 100644 index b3ddbaed..00000000 --- a/ansible/idr-mineotaur.yml +++ /dev/null @@ -1,41 +0,0 @@ -# IDR Mineotaur data - -- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" - -- hosts: "{{ idr_environment | default('idr') }}-dockermanager-hosts" - - tasks: - - - name: create mineotaur directory - become: yes - file: - path: "/data/mineotaur/idr0001gramlsysgroscreenA" - owner: centos - state: directory - - - name: set default rsync mineotaur_url - set_fact: - default_rsync_mineotaur_url: >- - rsync://{{ - hostvars[groups[idr_environment | - default('idr') + '-omeroreadwrite-hosts'][0]] - ['ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address'] - }}/mineotaur/idr0001gramlsysgroscreenA/ - - # When running externally pull down the IDR data by defining: - # idr_rsync_mineotaur_url: "rsync://idr.openmicroscopy.org/mineotaur/" - - name: download mineotaur data - become: yes - # centos user has UID 1000 as required by the mineotaur Docker container - # https://hub.docker.com/r/imagedata/mineotaur/ - become_user: centos - synchronize: - src: >- - {{ - idr_rsync_mineotaur_url | default(default_rsync_mineotaur_url) - }} - dest: /data/mineotaur/idr0001gramlsysgroscreenA/ - mode: "pull" - owner: no - group: no - delegate_to: "{{ inventory_hostname }}" From 2b9db306bc7916b695393ff585d53b25d6c573b8 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 16 Nov 2020 20:49:58 +0000 Subject: [PATCH 08/18] Redis needs to listen on all interface for microservices --- ansible/group_vars/omero-hosts.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/group_vars/omero-hosts.yml b/ansible/group_vars/omero-hosts.yml index e52ad578..9d5bcde0 100644 --- a/ansible/group_vars/omero-hosts.yml +++ b/ansible/group_vars/omero-hosts.yml @@ -37,6 +37,11 @@ ice_install_python: false postgresql_version: "11" +###################################################################### +# redis (for OMERO.web and microservices) +redis_listen: 0.0.0.0 + + ###################################################################### # openmicroscopy.fluentd vars fluentd_source_configs: From 2f6d327b5fc058e44b168691c0c594247efca159 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Mon, 16 Nov 2020 20:50:28 +0000 Subject: [PATCH 09/18] Add omero-ms-thumbnail docker --- ansible/idr-02-services.yml | 2 + ansible/idr-microservices.yml | 65 +++++++++++++++++++ .../omero-ms-thumbnail-config.yml.j2 | 31 +++++++++ 3 files changed, 98 insertions(+) create mode 100644 ansible/idr-microservices.yml create mode 100644 ansible/templates/omero-ms-thumbnail-config.yml.j2 diff --git a/ansible/idr-02-services.yml b/ansible/idr-02-services.yml index 33c62ebf..1ee030c3 100644 --- a/ansible/idr-02-services.yml +++ b/ansible/idr-02-services.yml @@ -3,6 +3,8 @@ ### TODO: Remove these in the next version - include: idr-downloads.yml +- include: idr-microservices.yml + - include: idr-kubernetes.yml # TODO: Not idempotent - include: idr-kubernetes-apply.yml diff --git a/ansible/idr-microservices.yml b/ansible/idr-microservices.yml new file mode 100644 index 00000000..88ec7984 --- /dev/null +++ b/ansible/idr-microservices.yml @@ -0,0 +1,65 @@ +# IDR initial test of microservices + + +- hosts: "{{ idr_environment | default('idr') }}-database-hosts" +# Load hostvars for subsequent playbooks + + +- hosts: "{{ idr_environment | default('idr') }}-omero-hosts" + + # pre_tasks: + # - debug: var=inventory_hostname + # - debug: msg="{{ hostvars[inventory_hostname] | to_yaml }}" + # - fail: msg=stopping + + roles: + + - role: ome.docker + docker_use_ipv4_nic_mtu: True + + tasks: + + - name: Install docker-python + become: true + yum: + name: docker-python + state: present + + - name: Get IPs of hosts + set_fact: + omero_host_ip: >- + {{ hostvars[inventory_hostname]['ansible_' + (idr_net_iface | + default('eth0'))]['ipv4']['address'] + }} + omero_db_host_ansible: >- + {{ hostvars[groups[idr_environment | + default('idr') + '-database-hosts'][0]][ + 'ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address'] + }} + + - name: omero-ms-thumbnail config directory + become: true + file: + path: /etc/omero-ms-thumbnail + state: directory + + - name: omero-ms-thumbnail config file + become: true + template: + src: templates/omero-ms-thumbnail-config.yml.j2 + dest: /etc/omero-ms-thumbnail/config.yml + + - name: Run docker omero-ms-thumbnail + become: true + docker_container: + image: openmicroscopy/omero-ms-thumbnail:0.5.2 + name: omero-ms-thumbnail + published_ports: + - "{{ omero_ms_thumbnail_port }}:8080" + state: started + restart_policy: always + volumes: + - "/etc/omero-ms-thumbnail/config.yml:/opt/ms/conf/config.yaml:ro" + + vars: + omero_ms_thumbnail_port: "8085" diff --git a/ansible/templates/omero-ms-thumbnail-config.yml.j2 b/ansible/templates/omero-ms-thumbnail-config.yml.j2 new file mode 100644 index 00000000..7a0138b3 --- /dev/null +++ b/ansible/templates/omero-ms-thumbnail-config.yml.j2 @@ -0,0 +1,31 @@ +# The port that the microservice will listen on +port: 8080 +# OMERO server that the microservice will communicate with (as a client) +omero: + host: "{{ omero_host_ip }}" + port: 4064 +# OMERO.web configuration +omero.web: + # see group_vars/omero-hosts.yml + session_cookie_name: "sessionid_{{ idr_environment | default('idr') }}" +# Information about the session store. +session-store: + #type is either "postgres" or "redis" + type: "redis" + #synchronicity is either "sync" or "async" + synchronicity: "async" + #uri for either postgres db or redis + # * https://jdbc.postgresql.org/documentation/80/connect.html + # * https://github.com/lettuce-io/lettuce-core/wiki/Redis-URI-and-connection-details + # uri: "jdbc:postgresql://database:5432/omero?user=omero&password=omero" + # Currently each omero node runs its own OMERO.server, OMERO.web, Redis + uri: "redis://{{ omero_host_ip }}:6379/0" + +# Configuration for zipkin http tracing +# http-tracing: +# enabled: true +# zipkin-url: "http://localhost:9411/api/v2/spans" + +# Enable JMX Prometheus Metrics +jmx-metrics: + enabled: true From aec19ced43cb62d12e955405982ec1d491f4d0ad Mon Sep 17 00:00:00 2001 From: Sebastien Besson Date: Mon, 16 Nov 2020 21:42:05 +0000 Subject: [PATCH 10/18] Use 0.6.5 version of IDR Bio-Formats components --- ansible/group_vars/omero-hosts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/group_vars/omero-hosts.yml b/ansible/group_vars/omero-hosts.yml index e52ad578..3d8e6e3a 100644 --- a/ansible/group_vars/omero-hosts.yml +++ b/ansible/group_vars/omero-hosts.yml @@ -25,7 +25,7 @@ idr_bf_components: - formats-api - formats-bsd - formats-gpl -idr_bf_release: "0.6.4" +idr_bf_release: "0.6.5" idr_bf_baseurl: "https://artifacts.openmicroscopy.org/artifactory/maven/idr" ice_install_devel: false From b68597d82ada3c797d6190becdebea137590fa32 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 17 Nov 2020 11:15:31 +0000 Subject: [PATCH 11/18] Add omero-ms-thumbnail to front-end proxy --- ansible/group_vars/proxy-hosts.yml | 27 +++++++++++++++++++++++++++ ansible/idr-proxy.yml | 19 +++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/ansible/group_vars/proxy-hosts.yml b/ansible/group_vars/proxy-hosts.yml index 8d35ac7e..99f16f4e 100644 --- a/ansible/group_vars/proxy-hosts.yml +++ b/ansible/group_vars/proxy-hosts.yml @@ -30,6 +30,11 @@ nginx_proxy_log_format: main_timed_cache_upstream nginx_proxy_websockets_enable: True nginx_proxy_upstream_servers: +- name: omeromsthumbnailreadonly + balance: ip_hash + servers: "{{ omeroreadonly_omeromsthumbnail_hosts | sort }}" +- name: omeromsthumbnailreadwrite + servers: "{{ omeroreadwrite_omeromsthumbnail_hosts }}" - name: omeroreadonly balance: ip_hash servers: "{{ omero_omeroreadonly_hosts_reserved | sort }}" @@ -56,7 +61,25 @@ _nginx_proxy_omero_locations: # Gallery is hosted at / - /gallery-api/* +_nginx_proxy_omeromsthumbnail_locations: +- /webgateway/render_thumbnail/* +- /webclient/render_thumbnail/* +- /webgateway/render_birds_eye_view/* +- /webclient/render_birds_eye_view/* +- /webgateway/get_thumbnails/* +- /webclient/get_thumbnails/* + + +# Order is important since we want the longer omeromsthumbnailscached +# locations to have precedence over the shorter omerocached ones +# https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms _nginx_proxy_backends_omero: +- name: omeromsthumbnailscached + location: ~ {{ _nginx_proxy_omeromsthumbnail_locations | join('|') }} + server: http://omeromsthumbnailreadonly + cache_validity: 1d + maintenance_flag: "{{ omero_maintenance_flag }}" + maintenance_uri: "{{ omero_maintenance_uri }}" - name: omerocached location: ~ {{ _nginx_proxy_omero_locations | join('|') }} server: http://omeroreadonly @@ -310,6 +333,10 @@ _nginx_proxy_sites: nginx_proxy_ssl: False nginx_proxy_cachebuster_enabled: True nginx_proxy_backends: + - name: omeromsthumbnailscached + location: ~ {{ _nginx_proxy_omeromsthumbnail_locations | join('|') }} + server: http://omeromsthumbnailreadwrite + cache_validity: 1d - name: omerocached location: ~ {{ _nginx_proxy_omero_locations | join('|') }}|/mapr/* server: http://omeroreadwrite diff --git a/ansible/idr-proxy.yml b/ansible/idr-proxy.yml index c3ccac8f..6525b932 100644 --- a/ansible/idr-proxy.yml +++ b/ansible/idr-proxy.yml @@ -53,6 +53,25 @@ ['ansible_' + (idr_net_iface | default('eth0')), 'ipv4', 'address']) | list }} + - name: Get microservice IPs + # For now these are the same as omero_omeroreadonly_hosts_reserved + # In future we may scale to additional servers separate from OMERO + set_fact: + # If you're wondering about the use of \1 here vs \\1 in other playbooks + # see https://github.com/ansible/ansible/issues/33202 + omeroreadonly_omeromsthumbnail_hosts: >- + {{ + omero_omeroreadonly_hosts_reserved | + map('regex_replace', '^(.*)$', '\1:8085') | + list + }} + omeroreadwrite_omeromsthumbnail_hosts: >- + {{ + omero_omeroreadwrite_hosts | + map('regex_replace', '^(.*)$', '\1:8085') | + list + }} + - name: Get rsync IP # TODO: get all readonly set_fact: From cd1996104e124ba642aa9d7081a687842a6de71e Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 17 Nov 2020 11:16:07 +0000 Subject: [PATCH 12/18] Revert "Add Docker to prod omeroservers" This reverts commit 41c50b7964cffb5a412383c71a70d3a6c6575da2. --- ansible/openstack-create-publicidr.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/ansible/openstack-create-publicidr.yml b/ansible/openstack-create-publicidr.yml index b54b88a7..8a3cde72 100644 --- a/ansible/openstack-create-publicidr.yml +++ b/ansible/openstack-create-publicidr.yml @@ -50,7 +50,6 @@ idr_vm_image: "{{ vm_image }}" idr_vm_flavour: "{{ vm_flavour_large }}" idr_vm_omeroreadwrite: True - idr_vm_dockermanager: True idr_vm_extra_groups: - "{{ idr_environment_idr }}-{{ idr_vm_storage_group }}" - "{{ idr_vm_storage_group }}" @@ -67,7 +66,6 @@ idr_vm_image: "{{ vm_image }}" idr_vm_flavour: "{{ vm_flavour }}" idr_vm_omeroreadonly: True - idr_vm_dockermanager: True # TODO: Could we use the fileserver as an NFS proxy instead and # get rid of the need for the additional network? idr_vm_extra_groups: From 727406e9ef66dd551789804799ff8b21ee96d171 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 17 Nov 2020 14:56:05 +0000 Subject: [PATCH 13/18] idr-firewall: keep docker rules which are managed by docker daemon --- ansible/idr-firewall.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/idr-firewall.yml b/ansible/idr-firewall.yml index d9310ffb..40221233 100644 --- a/ansible/idr-firewall.yml +++ b/ansible/idr-firewall.yml @@ -12,7 +12,7 @@ become: yes iptables_raw_25: name: default_accept - keep_unmanaged: no + keep_unmanaged: yes rules: | -A INPUT -j ACCEPT -A FORWARD -j ACCEPT From 5a6393d6b0d14e1b5afacd450cf8ccbb5cbf3017 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 17 Nov 2020 14:55:10 +0000 Subject: [PATCH 14/18] Add omero-ms-imageregion docker --- ansible/idr-microservices.yml | 46 ++++++++++-- .../omero-ms-imageregion-config.yml.j2 | 71 +++++++++++++++++++ .../omero-ms-imageregion-entrypoint.sh.j2 | 7 ++ 3 files changed, 119 insertions(+), 5 deletions(-) create mode 100644 ansible/templates/omero-ms-imageregion-config.yml.j2 create mode 100644 ansible/templates/omero-ms-imageregion-entrypoint.sh.j2 diff --git a/ansible/idr-microservices.yml b/ansible/idr-microservices.yml index 88ec7984..c0a69fd5 100644 --- a/ansible/idr-microservices.yml +++ b/ansible/idr-microservices.yml @@ -37,17 +37,23 @@ 'ansible_' + (idr_net_iface | default('eth0'))]['ipv4']['address'] }} - - name: omero-ms-thumbnail config directory + - name: omero-ms config directories become: true file: - path: /etc/omero-ms-thumbnail + path: /etc/omero-ms-{{ item }} state: directory + with_items: + - thumbnail + - imageregion - - name: omero-ms-thumbnail config file + - name: omero-ms config files become: true template: - src: templates/omero-ms-thumbnail-config.yml.j2 - dest: /etc/omero-ms-thumbnail/config.yml + src: templates/omero-ms-{{ item }}-config.yml.j2 + dest: /etc/omero-ms-{{ item }}/config.yml + with_items: + - thumbnail + - imageregion - name: Run docker omero-ms-thumbnail become: true @@ -61,5 +67,35 @@ volumes: - "/etc/omero-ms-thumbnail/config.yml:/opt/ms/conf/config.yaml:ro" + - name: omero-ms-imageregion user group setup entrypoint + become: true + template: + src: templates/omero-ms-imageregion-entrypoint.sh.j2 + dest: /etc/omero-ms-imageregion/omero-ms-imageregion-entrypoint.sh + mode: u=rwx,g=rx,o=rx + + - name: Run docker omero-ms-imageregion + become: true + docker_container: + image: manics/docker-example-omero-microservices-imageregion:0.5.2-0 + name: omero-ms-imageregion + # Override the entrypoint to create a fixed UID and GID + entrypoint: /opt/ms/bin/omero-ms-imageregion-entrypoint.sh + published_ports: + - "{{ omero_ms_imageregion_port }}:8080" + state: started + restart_policy: always + groups: + - "{{ idrnfs_groupid | default(0) }}" + volumes: + - "/etc/omero-ms-imageregion/config.yml:/opt/ms/conf/config.yaml:ro" + - "/etc/omero-ms-imageregion/omero-ms-imageregion-entrypoint.sh:/opt/ms/bin/omero-ms-imageregion-entrypoint.sh:ro" + - "/data:/data:ro" + - "/opt/omero/server/OMERO.server/lib/scripts:/opt/omero/server/OMERO.server/lib/scripts:ro" + - "/uod/idr:/uod/idr:ro" + - "/nfs/bioimage:/nfs/bioimage:ro" + - "/nfs/biostudies:/nfs/biostudies:ro" + vars: omero_ms_thumbnail_port: "8085" + omero_ms_imageregion_port: "8086" diff --git a/ansible/templates/omero-ms-imageregion-config.yml.j2 b/ansible/templates/omero-ms-imageregion-config.yml.j2 new file mode 100644 index 00000000..378f2d04 --- /dev/null +++ b/ansible/templates/omero-ms-imageregion-config.yml.j2 @@ -0,0 +1,71 @@ +# https://github.com/glencoesoftware/omero-ms-image-region/blob/v0.5.2/src/dist/conf/config.yaml + +# The port that the microservice will listen on +port: 8080 + +# Number of threads in the worker pool +# worker_pool_size: 1 + +# Configuration for request parsing limits +# * https://vertx.io/docs/apidocs/io/vertx/core/http/HttpServerOptions.html#setMaxInitialLineLength-int- +# * https://vertx.io/docs/apidocs/io/vertx/core/http/HttpServerOptions.html#setMaxHeaderSize-int- +# * https://vertx.io/docs/apidocs/io/vertx/core/http/HttpServerOptions.html#setMaxChunkSize-int- +# * https://netty.io/4.0/api/io/netty/handler/codec/http/HttpRequestDecoder.html#HttpRequestDecoder-- +# max-initial-line-length: 4096 +# max-header-size: 8192 +# max-chunk-size: 8192 +# Max number of channels to allow per request +max-active-channels: 6 + +# OMERO server that the microservice will communicate with (as a client) +omero: + host: "{{ omero_host_ip }}" + # integer + port: 4064 + +# Copy of the OMERO server configuration which will be reused +# All values must be strings +omero.server: + omero.data.dir: /data/OMERO + omero.db.host: "{{ omero_db_host_ansible }}" + omero.db.name: "{{ omero_server_dbname }}" + omero.db.port: "5432" + omero.db.user: "{{ omero_server_dbuser }}" + omero.db.pass: "{{ omero_server_dbpassword }}" + # Needed because LUTs are stored here + omero.script_repo_root: /opt/omero/server/OMERO.server/lib/scripts/ + omero.pixeldata.max_tile_length: "2048" + +# OMERO.web configuration +omero.web: + # see group_vars/omero-hosts.yml + session_cookie_name: "sessionid_{{ idr_environment | default('idr') }}" + +# Information about the session store. +session-store: + #type is either "postgres" or "redis" + type: redis + #synchronicity is either "sync" or "async" + synchronicity: async + #uri for either postgres db or redis + # * https://jdbc.postgresql.org/documentation/80/connect.html + # * https://github.com/lettuce-io/lettuce-core/wiki/Redis-URI-and-connection-details + # uri: "jdbc:postgresql://database:5432/omero?user=omero&password=omero" + # Currently each omero node runs its own OMERO.server, OMERO.web, Redis + uri: "redis://{{ omero_host_ip }}:6379/0" + +# Configuration for zipkin http tracing +# http-tracing: +# enabled: true +# zipkin-url: "http://localhost:9411/api/v2/spans" + +# Enable JMX Prometheus Metrics +jmx-metrics: + enabled: true + +# Enable Vertx Prometheus Metrics +vertx-metrics: + enabled: true + +# The string to be used as the Cache-Control header provided in responses +# cache-control-header: "private, max-age=3600" diff --git a/ansible/templates/omero-ms-imageregion-entrypoint.sh.j2 b/ansible/templates/omero-ms-imageregion-entrypoint.sh.j2 new file mode 100644 index 00000000..67b2d673 --- /dev/null +++ b/ansible/templates/omero-ms-imageregion-entrypoint.sh.j2 @@ -0,0 +1,7 @@ +#!/bin/sh +set -eu + +grep imageregion /etc/group || addgroup -g {{ idrnfs_groupid | default(1000) }} imageregion +grep imageregion /etc/passwd || adduser -D -u 1000 -G imageregion imageregion + +exec su - imageregion -c "cd /opt/ms; PATH=$PATH /opt/ms/bin/omero-ms-image-region $@" From 3a51e1dac299e7c379d18863cb54f59f372a9b8c Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 17 Nov 2020 14:55:41 +0000 Subject: [PATCH 15/18] Add omero-ms-imageregion to front-end proxy --- ansible/group_vars/proxy-hosts.yml | 24 +++++++++++++++++++++++- ansible/idr-proxy.yml | 12 ++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/ansible/group_vars/proxy-hosts.yml b/ansible/group_vars/proxy-hosts.yml index 99f16f4e..3a3d9470 100644 --- a/ansible/group_vars/proxy-hosts.yml +++ b/ansible/group_vars/proxy-hosts.yml @@ -35,6 +35,11 @@ nginx_proxy_upstream_servers: servers: "{{ omeroreadonly_omeromsthumbnail_hosts | sort }}" - name: omeromsthumbnailreadwrite servers: "{{ omeroreadwrite_omeromsthumbnail_hosts }}" +- name: omeromsimageregionreadonly + balance: ip_hash + servers: "{{ omeroreadonly_omeromsimageregion_hosts | sort }}" +- name: omeromsimageregionreadwrite + servers: "{{ omeroreadwrite_omeromsimageregion_hosts }}" - name: omeroreadonly balance: ip_hash servers: "{{ omero_omeroreadonly_hosts_reserved | sort }}" @@ -69,8 +74,15 @@ _nginx_proxy_omeromsthumbnail_locations: - /webgateway/get_thumbnails/* - /webclient/get_thumbnails/* +_nginx_proxy_omeromsimageregion_locations: +- /webgateway/render_image_region/* +- /webgateway/render_image/* +- /webclient/render_image_region/* +- /webclient/render_image/* +- /webgateway/render_shape_mask/* + -# Order is important since we want the longer omeromsthumbnailscached +# Order is important since we want the longer omeroms*cached # locations to have precedence over the shorter omerocached ones # https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms _nginx_proxy_backends_omero: @@ -80,6 +92,12 @@ _nginx_proxy_backends_omero: cache_validity: 1d maintenance_flag: "{{ omero_maintenance_flag }}" maintenance_uri: "{{ omero_maintenance_uri }}" +- name: omeromsimagregioncached + location: ~ {{ _nginx_proxy_omeromsimageregion_locations | join('|') }} + server: http://omeromsimageregionreadonly + cache_validity: 1d + maintenance_flag: "{{ omero_maintenance_flag }}" + maintenance_uri: "{{ omero_maintenance_uri }}" - name: omerocached location: ~ {{ _nginx_proxy_omero_locations | join('|') }} server: http://omeroreadonly @@ -337,6 +355,10 @@ _nginx_proxy_sites: location: ~ {{ _nginx_proxy_omeromsthumbnail_locations | join('|') }} server: http://omeromsthumbnailreadwrite cache_validity: 1d + - name: omeromsimageregioncached + location: ~ {{ _nginx_proxy_omeromsimageregion_locations | join('|') }} + server: http://omeromsimageregionreadwrite + cache_validity: 1d - name: omerocached location: ~ {{ _nginx_proxy_omero_locations | join('|') }}|/mapr/* server: http://omeroreadwrite diff --git a/ansible/idr-proxy.yml b/ansible/idr-proxy.yml index 6525b932..88eb96b4 100644 --- a/ansible/idr-proxy.yml +++ b/ansible/idr-proxy.yml @@ -71,6 +71,18 @@ map('regex_replace', '^(.*)$', '\1:8085') | list }} + omeroreadonly_omeromsimageregion_hosts: >- + {{ + omero_omeroreadonly_hosts_reserved | + map('regex_replace', '^(.*)$', '\1:8086') | + list + }} + omeroreadwrite_omeromsimageregion_hosts: >- + {{ + omero_omeroreadwrite_hosts | + map('regex_replace', '^(.*)$', '\1:8086') | + list + }} - name: Get rsync IP # TODO: get all readonly From 09d4360768ab130028603f145b938f24f54276e3 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 17 Nov 2020 16:12:35 +0000 Subject: [PATCH 16/18] Add omero-ms-zarr docker --- ansible/idr-microservices.yml | 48 +++++++++++++++---- .../omero-ms-imageregion-entrypoint.sh.j2 | 2 +- .../templates/omero-ms-zarr-entrypoint.sh.j2 | 8 ++++ 3 files changed, 48 insertions(+), 10 deletions(-) create mode 100644 ansible/templates/omero-ms-zarr-entrypoint.sh.j2 diff --git a/ansible/idr-microservices.yml b/ansible/idr-microservices.yml index c0a69fd5..1555ba11 100644 --- a/ansible/idr-microservices.yml +++ b/ansible/idr-microservices.yml @@ -45,6 +45,7 @@ with_items: - thumbnail - imageregion + - zarr - name: omero-ms config files become: true @@ -55,6 +56,16 @@ - thumbnail - imageregion + - name: omero-ms custom entrypoints + become: true + template: + src: templates/omero-ms-{{ item }}-entrypoint.sh.j2 + dest: /etc/omero-ms-{{ item }}/omero-ms-{{ item }}-entrypoint.sh + mode: u=rwx,g=rx,o=rx + with_items: + - imageregion + - zarr + - name: Run docker omero-ms-thumbnail become: true docker_container: @@ -67,13 +78,6 @@ volumes: - "/etc/omero-ms-thumbnail/config.yml:/opt/ms/conf/config.yaml:ro" - - name: omero-ms-imageregion user group setup entrypoint - become: true - template: - src: templates/omero-ms-imageregion-entrypoint.sh.j2 - dest: /etc/omero-ms-imageregion/omero-ms-imageregion-entrypoint.sh - mode: u=rwx,g=rx,o=rx - - name: Run docker omero-ms-imageregion become: true docker_container: @@ -85,8 +89,6 @@ - "{{ omero_ms_imageregion_port }}:8080" state: started restart_policy: always - groups: - - "{{ idrnfs_groupid | default(0) }}" volumes: - "/etc/omero-ms-imageregion/config.yml:/opt/ms/conf/config.yaml:ro" - "/etc/omero-ms-imageregion/omero-ms-imageregion-entrypoint.sh:/opt/ms/bin/omero-ms-imageregion-entrypoint.sh:ro" @@ -96,6 +98,34 @@ - "/nfs/bioimage:/nfs/bioimage:ro" - "/nfs/biostudies:/nfs/biostudies:ro" + - name: Run docker omero-ms-zarr + become: true + docker_container: + image: openmicroscopy/omero-ms-zarr:0.1.6 + name: omero-ms-zarr + # Override the entrypoint to create a fixed UID and GID + entrypoint: /usr/local/bin/omero-ms-zarr-entrypoint.sh + env: + CONFIG_omero_data_dir: /data/OMERO + CONFIG_omero_db_host: "{{ omero_db_host_ansible }}" + CONFIG_omero_db_user: "{{ omero_server_dbuser }}" + CONFIG_omero_db_pass: "{{ omero_server_dbpassword }}" + CONFIG_omero_db_name: "{{ omero_server_dbname }}" + CONFIG_omero_ms_zarr_net_path_image: /idr/zarr/v0.1/{image}.zarr/ + published_ports: + - "{{ omero_ms_zarr_port }}:8080" + state: started + restart_policy: always + groups: + - "{{ idrnfs_groupid | default(0) }}" + volumes: + - "/etc/omero-ms-zarr/omero-ms-zarr-entrypoint.sh:/usr/local/bin/omero-ms-zarr-entrypoint.sh:ro" + - "/data:/data:ro" + - "/uod/idr:/uod/idr:ro" + - "/nfs/bioimage:/nfs/bioimage:ro" + - "/nfs/biostudies:/nfs/biostudies:ro" + vars: omero_ms_thumbnail_port: "8085" omero_ms_imageregion_port: "8086" + omero_ms_zarr_port: "8087" diff --git a/ansible/templates/omero-ms-imageregion-entrypoint.sh.j2 b/ansible/templates/omero-ms-imageregion-entrypoint.sh.j2 index 67b2d673..fb29de70 100644 --- a/ansible/templates/omero-ms-imageregion-entrypoint.sh.j2 +++ b/ansible/templates/omero-ms-imageregion-entrypoint.sh.j2 @@ -4,4 +4,4 @@ set -eu grep imageregion /etc/group || addgroup -g {{ idrnfs_groupid | default(1000) }} imageregion grep imageregion /etc/passwd || adduser -D -u 1000 -G imageregion imageregion -exec su - imageregion -c "cd /opt/ms; PATH=$PATH /opt/ms/bin/omero-ms-image-region $@" +exec su imageregion -c "cd /opt/ms; /opt/ms/bin/omero-ms-image-region $@" diff --git a/ansible/templates/omero-ms-zarr-entrypoint.sh.j2 b/ansible/templates/omero-ms-zarr-entrypoint.sh.j2 new file mode 100644 index 00000000..675aca09 --- /dev/null +++ b/ansible/templates/omero-ms-zarr-entrypoint.sh.j2 @@ -0,0 +1,8 @@ +#!/bin/sh +set -eu + +grep omerozarr /etc/group || addgroup -g {{ idrnfs_groupid | default(1000) }} omerozarr +grep omerozarr /etc/passwd || adduser -D -u 1000 -G omerozarr omerozarr + +# https://github.com/ome/omero-ms-zarr/blob/v0.1.6/Dockerfile#L20 +exec su omerozarr -c "java -cp /lib/omero-ms-zarr-0.1.6-all.jar org.openmicroscopy.ms.zarr.ConfigEnv $@" From a02e271f9f9939320a235b2ee9b5d8935025ac1d Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 17 Nov 2020 16:42:13 +0000 Subject: [PATCH 17/18] Add omero-ms-zarr to front-end proxy --- ansible/group_vars/proxy-hosts.yml | 27 +++++++++++++++++++++++++-- ansible/idr-proxy.yml | 12 ++++++++++++ 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/ansible/group_vars/proxy-hosts.yml b/ansible/group_vars/proxy-hosts.yml index 3a3d9470..288d7745 100644 --- a/ansible/group_vars/proxy-hosts.yml +++ b/ansible/group_vars/proxy-hosts.yml @@ -40,6 +40,12 @@ nginx_proxy_upstream_servers: servers: "{{ omeroreadonly_omeromsimageregion_hosts | sort }}" - name: omeromsimageregionreadwrite servers: "{{ omeroreadwrite_omeromsimageregion_hosts }}" +- name: omeromszarrreadonly + balance: ip_hash + servers: "{{ omeroreadonly_omeromszarr_hosts | sort }}" +- name: omeromszarrreadwrite + servers: "{{ omeroreadwrite_omeromszarr_hosts }}" + - name: omeroreadonly balance: ip_hash servers: "{{ omero_omeroreadonly_hosts_reserved | sort }}" @@ -81,6 +87,9 @@ _nginx_proxy_omeromsimageregion_locations: - /webclient/render_image/* - /webgateway/render_shape_mask/* +_nginx_proxy_omeromszarr_locations: +- /idr/zarr/* + # Order is important since we want the longer omeroms*cached # locations to have precedence over the shorter omerocached ones @@ -98,6 +107,13 @@ _nginx_proxy_backends_omero: cache_validity: 1d maintenance_flag: "{{ omero_maintenance_flag }}" maintenance_uri: "{{ omero_maintenance_uri }}" +- name: omeromszarr + location: ~ {{ _nginx_proxy_omeromszarr_locations | join('|') }} + server: http://omeromszarrreadonly + # Don't cache, files are too large + # cache_validity: 1d + maintenance_flag: "{{ omero_maintenance_flag }}" + maintenance_uri: "{{ omero_maintenance_uri }}" - name: omerocached location: ~ {{ _nginx_proxy_omero_locations | join('|') }} server: http://omeroreadonly @@ -333,9 +349,11 @@ _nginx_proxy_sites: # This enables the default site (configured using the global # nginx_proxy_* variables): - nginx_proxy_is_default: True - # Only add this CORS header to the default public site + nginx_proxy_additional_directives: - - "add_header Access-Control-Allow-Origin $allow_origin" + # Only add this CORS header to the default public site + # Always set a header including on 404 responses + - "add_header Access-Control-Allow-Origin $allow_origin always" # Study redirects - "if ($request_uri ~ /search/\\?query=Name:(?idr00)?68) { return 302 /about/download.html;}" @@ -359,6 +377,11 @@ _nginx_proxy_sites: location: ~ {{ _nginx_proxy_omeromsimageregion_locations | join('|') }} server: http://omeromsimageregionreadwrite cache_validity: 1d + - name: omeromszarr + location: ~ {{ _nginx_proxy_omeromszarr_locations | join('|') }} + server: http://omeromszarrreadwrite + # Don't cache, files are too large + # cache_validity: 1d - name: omerocached location: ~ {{ _nginx_proxy_omero_locations | join('|') }}|/mapr/* server: http://omeroreadwrite diff --git a/ansible/idr-proxy.yml b/ansible/idr-proxy.yml index 88eb96b4..5f5c106b 100644 --- a/ansible/idr-proxy.yml +++ b/ansible/idr-proxy.yml @@ -83,6 +83,18 @@ map('regex_replace', '^(.*)$', '\1:8086') | list }} + omeroreadonly_omeromszarr_hosts: >- + {{ + omero_omeroreadonly_hosts_reserved | + map('regex_replace', '^(.*)$', '\1:8087') | + list + }} + omeroreadwrite_omeromszarr_hosts: >- + {{ + omero_omeroreadwrite_hosts | + map('regex_replace', '^(.*)$', '\1:8087') | + list + }} - name: Get rsync IP # TODO: get all readonly From 8499b9180e175181f07168ef12274e78d5f04630 Mon Sep 17 00:00:00 2001 From: Simon Li Date: Tue, 17 Nov 2020 16:55:09 +0000 Subject: [PATCH 18/18] merge master -Dnone -Ipr:297 -Ipr:295 -Ipr:285 -Ipr:281 -Snone MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Repository: IDR/deployment Excluded PRs: - PR 296 sbesson 'Remove redirect for idr0095 study due for publication in prod90' (user: sbesson) - PR 294 manics 'Remove mineotaur' (user: manics) - PR 290 manics '[Not for merging] test90' (user: manics) - PR 288 manics 'Disable Indexer by setting omero.search.cron: ""' (user: manics) - PR 280 manics 'Redirect idr-s3.openmicroscopy.org → s3.embassy.ebi.ac.uk' (user: manics) Already up to date. Merged PRs: - PR 281 manics 'Main IDR monitoring upgrade' - PR 285 manics 'omero-client.json: use wss (websockets)' - PR 295 sbesson 'Use 0.6.5 version of IDR Bio-Formats components' - PR 297 manics 'Add all microservices' Repository: kubernetes-incubator/kubespray Excluded PRs: - PR 6919 anthr76 '[WIP] Improve ARM 64 support' (user: anthr76) - PR 6916 champtar 'Bump nodelocaldns to 1.16.0' (user: champtar) - PR 6915 oomichi 'WIP: Add `echo CI_PLATFORM`' (user: oomichi) - PR 6912 supabibz 'change nginx default HTTPS protocol from "SSLv2" to "TLSv1.2 TLSv1.3"' (user: supabibz) - PR 6910 hafe 'fix flake8 errors in Kubespray CI - tox-inventory-builder' (user: hafe) - PR 6908 hakoerber 'etcd: Fix permissions of /etc/ssl/etcd/ssl' (user: hakoerber) - PR 6907 hafe 'fix use of password authetication' (user: hafe) - PR 6905 pasqualet 'Add molecule for Kata Containers with Containerd' (user: pasqualet) - PR 6903 creydr 'Update hashes and set default version to 1.19.4' (user: creydr) - PR 6902 vielmetti '[WIP] Packet->Equinix Metal rename #6901' (user: vielmetti) - PR 6898 dchusovitin '[WIP] Don't bind loadbalancer healthcheck to all interfaсes on the host' (user: dchusovitin) - PR 6894 dchusovitin 'Remove executable bit from some files' (user: dchusovitin) - PR 6893 dchusovitin 'Fixed waiting for scheduler and controller manager' (user: dchusovitin) - PR 6892 hakoerber 'etcd: Fix certs always being regenerated' (user: hakoerber) - PR 6890 Rajpratik71 'fix: added boto3 as dependency required by kubespray-aws-inventory.py' (user: Rajpratik71) - PR 6878 medined 'Create ssh-to-XXX scripts to Terraform/AWS contribution.' (user: medined) - PR 6864 electrocucaracha 'Enable crun support on CRI-O' (user: electrocucaracha) - PR 6861 catblade 'WIP: Fix Calico install for BGP' (user: catblade) - PR 6859 miff2000 'Support dual stack IPv4 & IPv6 networking' (user: miff2000) - PR 6846 champtar 'Helm v3 only' (user: champtar) - PR 6787 sufuf3 'Add synchronized time checking' (user: sufuf3) - PR 6778 bergmannf '[WIP] Add NSX-T configuration to external vsphere cloud controller.' (user: bergmannf) - PR 6772 hafe 'Verify Kubernetes/kubespray upgrade path' (user: hafe) - PR 6766 dprabhua 'Utils to setup Repo for offline/Airgap installation' (user: dprabhua) - PR 6736 vigohe 'Fix ingress_nginx README.md broken links' (user: vigohe) - PR 6700 rkamudhan 'adding ovn4nfv cni updates' (user: rkamudhan) - PR 6679 dlouks 'Updated etcd cert check tasks to detect when new certificates need to…' (user: dlouks) - PR 6663 dlouks 'CSIDriver - use apiVersion v1beta1 if k8s is 1.17 or later' (user: dlouks) - PR 6622 floryut 'Add fedora-coreos-32 to tests' (user: floryut) - PR 6610 floryut 'Update kube-ovn to 1.5.0' (user: floryut) - PR 6572 bmelbourne 'Add RHEL support subscription registration' (user: bmelbourne) - PR 6510 rofra 'Bugfix regarding node_taints variable management (#6222)' (user: rofra) - PR 6489 tanrobotix 'Add setting timezone task, fixes issues - etcd cluster is unavailable or misconfigured' (user: tanrobotix) - PR 6423 a1zk 'Fix issue #6142 : Add availability_zones definition to Terraform ELB module' (user: a1zk) - PR 6415 electrocucaracha 'Increase bootstrap-os Molecule tests' (user: electrocucaracha) - PR 6406 electrocucaracha ' Increase container-engine/cri-o Molecule tests' (user: electrocucaracha) - PR 6399 electrocucaracha 'Increase container-engine/docker Molecule tests' (user: electrocucaracha) - PR 6333 bozzo '[WIP] Add Gitlab CI tests for Fedora CoreOS' (user: bozzo) - PR 6320 Miouge1 '[WIP] Move 5 CI jobs from Kubevirt to Vagrant' (user: Miouge1) - PR 6288 Miouge1 '[WIP] Add support for nodelocaldns on Ubuntu 20.04' (user: Miouge1) - PR 6280 awltux 'Use async to download containers; as large images can cause ssh timeout' (user: awltux) - PR 6260 pieterlange 'Rename antiquated 'master' to 'controlplane'' (user: pieterlange) - PR 6244 mattymo 'Tolerate failed coredns svc errors on kubeadm init/upgrade' (user: mattymo) - PR 6193 mattymo 'Enable coredns-custom optional configmap' (user: mattymo) - PR 6161 mattymo 'Scale up coredns to 1 replica before upgrade if using manual mode' (user: mattymo) - PR 6075 vladwa 'Provision a Kubernetes cluster on GCP #5854' (user: vladwa) - PR 5787 danilo404 'Flex volumes plugins readonly alternative path' (user: danilo404) - PR 5456 EppO '[WIP] Download admin.conf instead of generating it' (user: EppO) Updating d8d5474d..942c9800 Previously merged: - PR 4720 MarkusTeufelberger 'Update default CentOS version on Azure' - PR 4396 verwilst 'Upgrade to k8s 1.13.5' - PR 4027 riverzhang 'Add update server field in kube-proxy kubeconfig' - PR 3949 trogeat 'kubespray: fix missing ca-certificate path in apiserver' - PR 4025 riverzhang 'Fix kubeadm config images pull' - PR 4091 doughgle 'Introduce `calico_upgrade_url` var for Calico upgrade tool.' - PR 4088 chadswen 'Fix epel_enabled and RHEL support in bootstrap-os' - PR 4085 chadswen 'Fix docker 18.09.1 systemd service' - PR 4019 chadswen 'Fix PATH for kubeadm init' - PR 4059 chadswen 'Update helm version for security and stablity fixes' - PR 4050 chadswen 'Bump docker 18.09 to the latest patch' - PR 3984 dannyk81 '[calico/canal] mount host's xtables lock and enable calico locking for doesn't' - PR 3608 xichengliudui 'Correct the wrong word' - PR 3614 liyongxin 'typo fix about officially' - PR 3613 mirake 'Fix some typos' - PR 3604 wilmardo 'Revert "CoreDNS v1.2.5 (#3595)"' - PR 3601 xichengliudui 'Fix typo' - PR 3598 AdamDang 'Update vsphere.md' - PR 3591 AdamDang 'Fix some typos' - PR 3578 LinuxGit 'fix typo' - PR 3556 Miouge1 '[contrib/terraform/openstack] Add support for router less deployments' - PR 3577 fritchie 'Add bin_dir to kubectl version check' - PR 3557 Zefool 'Fix typo' - PR 3550 Kusanagi9999 'Fix missing s in link to kube-router docs' - PR 3543 Miouge1 '[contrib/terraform/openstack] Add list of know working OpenStack clouds' - PR 3532 jjo ' [jjo] improve contrib/dind/run-test-distros.sh via spec files' - PR 3184 jbornemann 'Add new OCI cloud controls' - PR 3515 SataQiu 'fix typo' - PR 3427 EppO 'Add note to README about offline environments' - PR 3367 mgsergio 'Add check that kube-master, kube-node and etcd groups are not empty.' - PR 3370 AnatolyRugalev 'Added download_validate_certs option' - PR 3335 AtzeDeVries 'Fix/ubuntu xenial resolv conf' - PR 3369 crandles 'remove /var/lib/cni directory in reset playbook' - PR 3368 woopstar 'Fix CI issue (Fedora task introduce new lookup plugin)' - PR 3366 riverzhang 'Remove some useless files' - PR 3172 Atoms 'Add additional no proxy parameter for more customization' - PR 3360 gabibbo97 'Support Fedora 28' - PR 3364 SataQiu 'Remove duplicate persistent_volumes_enabled element in k8s-cluster.yml' - PR 3363 woopstar 'Remove EFK from Kubespray' - PR 3362 mirake 'Fix some typos' - PR 3280 wozniakjan 'Check `openstack_cacert` for empty string' - PR 3355 kpschuck 'Uses etcdv3 for calico 3 rr_v4 resources' - PR 3351 woopstar 'Mount basic auth or token auth dirs to support it on kubeadm deployments' - PR 3304 ant31 'Add support for GPU accelerator' - PR 3342 okamototk 'Add kubelet path for kubeadm.' - PR 3143 jbcraig 'add support for openstack trust to cloud provider config' - PR 3225 niallmcandrew 'Fix test readme formatting' - PR 3325 firaxis 'Make Felix healthhost configurable' - PR 3354 mirwan 'Offline environment documentation' - PR 3149 rguichard 'fix the output of router_id with the right id' - PR 3307 kaarolch 'Calico version verification before cluster upgrade begin.' - PR 3340 kpschuck 'Fixes Calico 3.x BGPPeer resources' - PR 3350 woopstar 'Remove audit again from Kubeadm 1.10.x. Write mounts not supported un…' - PR 3348 woopstar 'Add support for kubelet_node_custom_flags' - PR 3337 LuckySB 'create separate options files for network plugins' - PR 3344 woopstar 'Sync manifests from non-kubeadm to kubeadm deploy' - PR 3347 mirake 'Fix some typos' - PR 3345 mirake 'Fix some typos' - PR 3329 riverzhang 'Keep list of k8s checksums for hyperkube and kubeadm' - PR 3320 riverzhang 'Support dynamic kubelet config' - PR 3227 mirwan 'Upgrade contiv to 1.2.1 with some enhancements' - PR 3245 mchinatang 'terraform.tfvars.example is not correct, remove.' - PR 3316 mattymo 'Fix tiller override command' - PR 3290 riverzhang 'Fix upgrade k8s' - PR 3324 hswong3i 'cert-manager: Upgrade to 0.5.0' - PR 3326 hswong3i 'weave: Upgrade to 2.4.1' - PR 3287 Kami-no 'Monitor CoreDNS over svc' - PR 2880 hfinucane 'Fix #2261 by supporting Red Hat's limited PATH' - PR 3296 rabi 'Add volume and volumeMount for crio-socket' - PR 3309 ant31 'Fix download file' - PR 3310 mirwan 'Document podsecuritypolicy_enabled and kubernetes_audit' - PR 3315 riverzhang 'Upgrade kubedns to 1.14.11' - PR 3265 torvitas '[bugfix] fix path to metallb configuration' - PR 3258 okamototk 'absolute path for kubectl.' - PR 3305 mattymo 'Fixes for upgrade mode' - PR 3284 mattymo 'Put back legacy support for calico ippools and bgp settings' - PR 1973 guenhter 'Replace the raw rsync command with the synchronize module' - PR 3262 torvitas '[bugfix] Use bin_dir to find kubectl in contrib/metallb' - PR 3243 mirwan 'Install Helm client on all masters' - PR 3291 mirwan 'Remove --insecure-bind-address when insecure-port=0' - PR 3283 mattymo 'Extra options for upgrade mode' - PR 3261 mattymo 'Ensure etcd file permissions are correct when using vault' - PR 3285 mirwan 'Fix wrong sa name in crb when psp is enabled' - PR 3286 fritchie 'Change update strategy to RollingUpdate' - PR 3288 chadswen 'Revert "Remove insecure-port and insecure-bind-address when possible"' - PR 3266 mirwan 'Precision on control machine mixed Ansible installation' - PR 3270 riverzhang 'Add insecure_registry config to docker options' - PR 3276 riverzhang 'Upgrade kubernetes to v1.11.3' - PR 3257 georgejdli '[helm-tls] add option to secure helm tiller with tls' - PR 3259 okamototk 'Fix indent error by yamllint.' - PR 3252 mirwan 'Remove insecure-port and insecure-bind-address when possible' - PR 3255 mlushpenko 'Fix calico health checks' - PR 3260 riverzhang 'Add discovery_timeout to join configuration' - PR 3256 torvitas '[bugfix] heketi storageclass privilege' - PR 3254 mattymo 'Fix backward compatibility with calico 2.6' - PR 3249 mattymo 'Add missing variable kube_proxy_nodeport_addresses' - PR 3250 mattymo 'Fix openstack cacert task' - PR 3253 mattymo 'Reduce instance sizes in gce' - PR 3248 mattymo 'put back endif in kubelet rkt template' - PR 2931 torvitas 'Heketi/GlusterFS ' - PR 3247 mattymo 'remove broken endifs in kubelet rkt mode' - PR 3246 riverzhang 'Upgrade pause image to 3.1' - PR 3122 jbcraig 'resolve issues with new cacert feature' - PR 3224 riverzhang 'Fix feature-gates' - PR 3244 ant31 'Reverts calico update to 3.2.0, fixes #3223' - PR 3234 warmchang 'Fix the tryUpdateNodeStatus link' - PR 3236 luisyonaldo 'Fix configure calico network pool for ipipMode = CrossSubnet' - PR 3233 mgsergio 'Hint on ho to join the slack channel README.md' - PR 3235 mirwan 'Emphasis on docker recommended version' - PR 3228 mirwan 'Introducing credentials_dir variable in order to be able to override it' - PR 3229 mirwan 'Docker 18.06 for ubuntu versions before bionic' - PR 3232 rabi 'Document correct var kubeadm_enabled' - PR 3178 gitphill 'Add azure-container-registry-config for Azure' - PR 3200 pablodav 'Required support to start working on windows node support' - PR 3210 ant31 'Split group-variables' - PR 3226 mattymo 'Always run helm init to allow for settings changes' - PR 3222 hswong3i 'ingress-nginx: Upgrade to 0.19.0' - PR 3221 hswong3i 'cephfs-provisioner: Upgrade to v2.1.0-k8s1.11' - PR 3220 hswong3i 'coredns: Upgrade to v1.2.2' - PR 3219 mlushpenko 'Fix ports for kubeadm client and master configs for ha setups' - PR 3217 mirwan 'Fix docker_options definition to remove newlines' - PR 3207 mirwan 'Fix target hosts generation when /etc/hosts does not contain 127.0.0.1 or ::1' - PR 3208 mirwan 'Add documentation about having HA for etcd' - PR 3209 mirwan 'etcd_events_access_address should be used for peer_url and client_url' - PR 3140 ant31 'Add support for etcd arm64' - PR 3203 riverzhang 'Update readme' - PR 3204 riverzhang 'Fix copy etcd-ssl-ca failed' - PR 3202 riverzhang 'Fix ipvs by kubeadm v1alpha1' - PR 3185 mirwan 'Mount /root/.kube to helm container' - PR 3187 mirwan 'Fix kubeadm-config for audit-log-path and feature-gates' - PR 3198 riverzhang 'Fix kubeadm v1alpha1 configure' - PR 3195 mirwan 'Fix some addons when PodSecurityPolicy is enabled' - PR 3199 ant31 'Add mirwan as Reviewer' - PR 3197 riverzhang 'Enable kubeadm test' - PR 3191 fcgravalos 'canal should mount xtables.lock to share the lock with other processe…' - PR 3193 riverzhang 'Fix kubeadm lb' - PR 3061 okamototk 'cri-o support ' - PR 3176 robinelfrink 'Add option to change the Tiller Deployment namespace.' - PR 3189 arslanbekov 'Up dashboard version to 1.10.0' - PR 3186 mirwan 'Fix localhost handling when /etc/hosts contains parenthesis' - PR 2474 mirwan 'Localhost in hosts files should be updated (if necessary), not overriden' - PR 3095 mirwan 'Dnsmasq manifests should not have j2 extension but templates should' - PR 3104 maxbrunet 'Use delegate_to: localhost instead of local_action' - PR 2958 elementyang 'change the way that getting etcd_member_name' - PR 3153 hswong3i 'Remove *_image_tag suffix from ReplicaSet/Deployment' - PR 3161 nutellinoit '--nodeport-addresses added on kube-proxy.manifest.j2 and on k8s-cluster.yml' - PR 3179 ant31 'move ubuntu18 to CI part2' - PR 3158 tiri 'Fix node hostname in glusterfs inventory.example' - PR 3173 msimonin 'Fix createhome directory for adduser role' - PR 3058 vasrem 'Add ETCD_QUOTA_BACKEND_BYTES environment variable' - PR 3174 Atoms 'Revert "gen_certs_script: refactor using stdin (Ansible 2.4+)"' - PR 3163 ant31 'Fix docker apt-repo for Ubuntu18' - PR 3115 jbornemann 'Cloud provider support for OCI (Oracle Cloud Infrastructure)' - PR 3147 ishitatsuyuki 'gen_certs_script: refactor using stdin (Ansible 2.4+)' - PR 3142 riverzhang 'Fix kubeadm LB configure' - PR 3144 riverzhang 'Fix install audit failed' - PR 3102 mirwan 'PodSecurityPolicy admission controller support' - PR 3152 johnzheng1975 'new cilium stable version: 1.2.0' - PR 3165 hadrien-toma 'Update ansible.md ' - PR 3162 ant31 'Add ubuntu18 ci job' - PR 3155 hswong3i 'Always create service account even rbac_enabled = false' - PR 3141 qeqar 'allow '.' in hostnames for verify bad hostnames' - PR 3130 riverzhang 'Add kubeadm controlplaneEndpoint' - PR 3133 mirwan 'Audit log to stdout with kubeadm' - PR 3132 mirwan 'Custom audit policy' - PR 3094 hedayat 'Add --dns-loop-detect to dnsmasq used in kube-dns' - PR 3135 ishitatsuyuki 'Add bad hostname preflight check' - PR 3139 hswong3i 'cephfs-provisioner: Upgrade to v2.0.1-k8s1.11' - PR 3017 seungkyua 'Fix kubeadm client conf' - PR 3137 riverzhang 'Fix install nss' - PR 3134 riverzhang 'Fix pull dns image error' - PR 3128 riverzhang 'Remove unused configuration' - PR 3131 3cky 'Fix k8s-dns-dnsmasq-nanny repo path' - PR 3117 mirwan 'Audit support improvement' - PR 3105 mirwan 'Move network_plugin specific reset tasks to its role directory ' - PR 3119 hoatle 'add ignore_patterns to ansible.cfg' - PR 3120 hswong3i 'cephfs-provisioner: Upgrade to v2.0.0-k8s1.11' - PR 3123 mathieuherbert 'add until option for etcd backup commands' - PR 3126 LuckySB 'add version to environment file' - PR 1942 jerrypeng 'SERIOUS Bug in download main.yml' - PR 2104 xd007 'add support for non-amd64 arch gcr.io images' - PR 2103 xd007 'Update docker package info for aarch64' - PR 2168 xd007 'fix docker opts incompatible running on aarch64 Redhat/Centos' - PR 2025 jjungnickel 'contrib/terraform/aws: Make path to generated inventory configurable' - PR 2001 b0r1sp 'Update main.yml' - PR 1295 xuhuilong 'fix curl get calico status error ( error in tls version, centos 7.3 1611) ' - PR 3089 mattymo 'Remove erroneous cloud-config task' - PR 3079 wikiselev 'fix glusterfs ppa and glusterfs server command name errors' - PR 3114 woopstar 'Update CoreDNS to 1.2.0' - PR 3043 jerryrelmore 'Update openstack.md' - PR 3019 holmsten '[contrib/terraform/openstack] Add supplementary node groups' - PR 3116 ant31 'Update OWNERS' - PR 3113 riverzhang 'Support audit' - PR 3111 hswong3i 'cert-manager: Upgrade to 0.4.1' - PR 3112 hswong3i 'ingress-nginx: Upgrade to 0.18.0' - PR 2932 desaintmartin 'fluentd daemonset: do not set old nodeSelector.' - PR 2871 fritchie 'Local volume provisioner: tolerate NoSchedule' - PR 3097 sdemura 'Define custom playbook in Vagrantfile' - PR 3080 mirwan 'Netchecker manifests should not have j2 extension' - PR 3101 pzghost 'Uninstall old versions of Docker' - PR 3108 riverzhang 'Upgrade coredns to 1.1.3' - PR 3091 mauromedda 'Add the path to kubectl binary' - PR 3066 luisyonaldo 'fix bad conditional' - PR 3028 Kami-no 'cilium v1.1.2' - PR 3022 hswong3i 'weave: Upgrade to 2.4.0' - PR 3075 okamototk 'Fix skip_downloads condition.' - PR 2904 mirwan 'Only subdirectories in /var/lib/kubelet should be unmounted at reset time' - PR 3037 okamototk 'Fixed checking skip_downloads condition.' - PR 3054 reverson 'Add support for admission controllers in 1.10 and above' - PR 3073 riverzhang 'Remove istio support' - PR 3069 magnuhho 'contrib/terraform/terraform.py: fix for Ansible 2.6.2+, issue #3067' - PR 3072 mathieuherbert 'Add tags for coredns and kubedns' - PR 3068 riverzhang 'Enable swap' - PR 3001 hswong3i 'ingress-nginx: Upgrade to 0.17.1' - PR 2997 hswong3i 'cert-manager: Upgrade to 0.4.0' - PR 2342 southquist 'allow for setting the cacert on openstack cloud provider' - PR 2875 bradbeam 'Adding cluster_name to api cert alt name for vault' - PR 2900 drekle 'Configure openstack subnet cidr' - PR 2994 DBLaci 'dashboard_token_ttl option override possibility with default' - PR 3015 podnov 'Variablize kube_proxy_healthz_bind_address' - PR 3050 woosley 'update .gitignore' - PR 3055 reverson 'Add support for docker 17.09' - PR 3059 okumin 'Fix a broken symbolic link for group_vars' - PR 3047 rguichard 'availability zones support for OpenStack' - PR 3065 freeseacher 'Service file binary place mismatch' - PR 3064 riverzhang 'Fix yaml roles error' - PR 3034 cornelius-keller 'fix missing libraries on newer coreos versions' - PR 3044 jerryrelmore 'Clarify etcd deployment script failure mechanism' - PR 3041 woosley 'set LC_ALL=C for growpart' - PR 3033 rguichard 'add openstack security group for traffic to 30000-32767/tcp on worker nodes' - PR 3031 a14n 'Fix label of registry in README' - PR 3018 seungkyua 'Remove double slash' - PR 2990 Miouge1 'Include etcd and masters in adding node doc' - PR 2995 okamototk 'Fixed kubectl path.' - PR 2984 mattymo 'add docker upgrade tag doc' - PR 2930 hswong3i 'ingress-nginx: Upgrade to 0.16.2' - PR 2972 mattymo 'Force copy cni files' - PR 2935 hswong3i 'cert-manager: Upgrade to 0.3.2' - PR 2974 hswong3i 'cephfs-provisioner: Upgrade to 1.1.0-k8s1.10' - PR 2975 daohoangson 'Remove step that disables `kube_basic_auth`.' - PR 2977 pennycoders 'Fix 2976' - PR 2971 elementyang 'change create to apply' - PR 2946 Miouge1 'CheckNodePIDPressure is not supported in v1.10' - PR 2954 aioue 'Update README.md' - PR 2951 hswong3i 'cephfs-provisioner: Upgrade to 06fddbe2' - PR 2948 qeqar 'move node selection from --limit to --extra-vars=node"' - PR 2952 NicolasT 'Fix `coreos_dual` -> `coredns_dual` typo' - PR 2924 elementyang 'fix the time of ca files are changed in make-ssl-etcd' - PR 2918 elementyang 'fix add etcd_events_access_address' - PR 2921 elementyang 'fix template index out of range for pull images' - PR 2941 amaya382 'Fix default value for dns_mode on the document' - PR 2923 bradbeam 'Adding uuidfile for rkt based vault to properly cleanup after itself' - PR 2926 neith00 'No need to install rkt on CoreOS' - PR 2795 danielm0hr 'Make Calico nodename overridable on bare metal' - PR 2763 ameukam 'Update efk stack' - PR 2338 southquist 'allow for configurable openstack storage class' - PR 2922 riverzhang 'Add run_once to remove-node' - PR 2891 earlruby 'Fix the Python and pip version flag in the README' - PR 2903 riverzhang 'Add manage swap on the worker node' - PR 2737 Miouge1 'Update kube-scheduler policy' - PR 2801 dvazar 'Fixed "network_plugin" variable' - PR 2898 ant31 'Enable by default the kubelet token auth' - PR 2899 mattymo 'Improve variable handling for disabling etcd events cluster' - PR 2844 chechiachang 'Fix inconsistent variables in task name and task message' - PR 2890 drekle 'CoreDNS uses cluster_name instead of dns_domain' - PR 2876 neith00 'parametrized iptables options for docker daemon' - PR 2750 w-leads 'Add vm_name option to vsphere cloud provider config' - PR 2860 hswong3i 'cert-manager: Upgrade to v0.3.0' - PR 2629 hswong3i 'Fixup #2545, cephfs-provisioner: Individual Namespace for Add-on' - PR 2857 hswong3i 'ingress-nginx: Upgrade to 0.15.0' - PR 2872 riverzhang 'Reconfigure kube-proxy to access kube-apiserver via the LB(kubeadm)' - PR 2853 pomverte 'docs(azure arm): update link azure cli login' - PR 2859 riverzhang 'Fix nginx-proxy HA when kubeadm enable' - PR 2856 hswong3i 'Upgrade Kubernetes to 1.10.4 and etcd to 3.2.18' - PR 2835 astromechza 'roles/kubernetes/client: kubeconfig template should use access_ip' - PR 2825 dshuvar 'Changed /etc/systemd/system/docker.service.d/docker-options.conf file for successful parsing mount aguments' - PR 2851 bradbeam 'Adding wait for vault up handler in service restart' - PR 2852 bradbeam 'Adding missing rkt template for etcd-events' - PR 2819 oleh-ozimok 'Fix enough network address space assert' - PR 2827 mattymo 'wip pr for improved cert sync' - PR 2838 ant31 'Remove the HUGE gitlab logo' - PR 2823 Zempashi 'Dashboard in cluster info' - PR 2821 MithunArunan 'Update README.md' - PR 2822 mirwan 'contiv-etcd-init image as default instead hardcoded' - PR 2793 lpaulmp 'Set widely used header to execute python scripts in different OS' - PR 2743 mrostecki 'opensuse: Fix OpenSSL package name' - PR 2806 Miouge1 'Remove KPM support' - PR 2805 mvasilenko 'Update Helm to latest version 2.9.1' - PR 2777 spinside 'Update README.md' - PR 2577 woopstar 'Etcd cluster setup makeover' - PR 2786 cruwe 'assert that number of pods on node does not exceed CIDR address range' - PR 2744 girikuncoro 'Remove unnecessary loadbalancer_apiserver binding on terraform AWS readme' - PR 2666 AnatolyRugalev 'Added MountFlags variable to docker options' - PR 2772 cruwe 'make admin.conf -> .kube/config non-executable' - PR 2782 riverzhang 'Bump kube-dns to 1.14.10' - PR 2779 lvthillo 'Update README.md' - PR 2770 Miouge1 'Restart scheduler when policy changes' - PR 2757 qbl 'Fix issue #2702: 'docker_bin_dir' is undefined when running ansible-playbook remove-node.yml' - PR 2758 girikuncoro 'Fix privilege escalation timeout for remove-node playbook' - PR 2765 alirezaDavid 'add svc to netchecker-service.default.svc.cluster.local' - PR 2762 woopstar 'Fix path for pip and python when already bootstrapped' - PR 2725 desaintmartin 'coreos: explicitely set pip executable.' - PR 2600 maximegaillard 'Add Openstack tenant name' - PR 2729 Ashon 'Use 'items()' for python compatibility' - PR 2742 woopstar 'Update CoreDNS to version 1.1.2' - PR 2644 cp3hu 'Fix apiserver manifest and kubelet for kube version < 1.9' - PR 2738 krystan 'tiny spacing change "can be"' - PR 2732 Towmeykaw 'Update aws.md' - PR 2693 romaindequidt 'sync certs tasks (fix #2596 #2667)' - PR 2728 hswong3i 'ingress-nginx: Upgrade to 0.14.0' - PR 2731 girikuncoro 'Fix broken terraform aws readme' - PR 2701 desaintmartin 'Update netchecker to v1.2.2.' - PR 2695 suzutan 'Add oidc-user-prefix and oidc-group-prefix args' - PR 2653 kidk 'Replaced 'mem' with 'memory/ in elasticsearch and kibana deployment' - PR 2687 oz123 'Document how to allow ipip traffic with calico on OpenStack' - PR 2689 lpaulmp 'run_once pre_upgrade tasks which are executing in localhost' - PR 2673 hswong3i 'cephfs-provisioner: Upgrade to a71a49d4' - PR 2604 shravanpn7 'kubectl get pods from 'test' namespace as the pods were created in test ns' - PR 2677 woopstar 'Properly check need_pip, always run pip to check if needed' - PR 2683 rsmitty 'support custom env vars for etcd' - PR 2671 hswong3i 'cert-manager: Upgrade to v0.2.4' - PR 2672 hswong3i 'ingress-nginx: Upgrade to 0.13.0' - PR 2670 hswong3i 'weave: Upgrade to 2.3.0' - PR 2662 ganeshmaharaj 'Vagrantfile: Add vagrant inventory file in any directory to .gitignore' - PR 2668 arslanbekov 'Kubernetes logo in README.md' - PR 2381 vikas027 'Replaced ansible_ssh_host with ansible_host in sample inventory file and fixed usage of bastion' - PR 2654 ganeshmaharaj 'Vagrantfile: Fix default inventory path.' - PR 2646 Atoms 'move when condition to main.yml' - PR 2380 hwoarang 'Add openSUSE support' - PR 2609 chadswen 'Use dedicated front-proxy-ca for front-proxy-client' - PR 2617 bradbeam 'Adding missing service-account certificate for vault' - PR 2633 grebois 'Enabling MutatingAdmissionWebhook for Istio Automatic sidecar injection' - PR 2647 riverzhang 'Fix missing install remove-node feature' - PR 2625 kaarolch 'Add note about ansible_become to coreos section' - PR 2639 ironhouzi 'Fix new envvar for setting openstack_tenant_id' - PR 2627 mattymo 'Remove jinja2 dependency of do' - PR 2632 Atoms 'fix kubectl download location and kubectl.sh helper owner/group remove' - PR 2613 riverzhang 'Fix check docker error for atomic' - PR 2612 riverzhang 'Fix issues #2522 Support Debian stretch' - PR 2610 danielhoherd 'Fix typos (no logic changes)' - PR 2598 pzghost 'Persist ip_vs modules' - PR 2495 holmsten 'Rotate local-volume-provisioner token' - PR 2346 Miouge1 'Use legacy policy config to apply the scheduler policy' - PR 2593 vterdunov 'Properly check vsphere_cloud_provider.rc' - PR 2590 hswong3i 'istio: container download related things should defined in the download role' - PR 2587 tossmilestone 'Bump ingress-nginx-controller to version 0.12.0' - PR 2585 georgejdli 'check if dedicated service account token signing key exists' - PR 2575 hswong3i 'local-volume-provisioner: container download related things should defined in the download role' - PR 2570 avoidik 'Move cloud config configurations to proper location' - PR 2574 hswong3i 'cephfs-provisioner: container download related things should defined in the download role' - PR 2573 hswong3i 'registry: container download related things should defined in the download role' - PR 2571 hswong3i 'ingress-nginx: container download related things should defined in the download role' - PR 2547 bobahspb 'prometheus operator, metrics for k8s cluster' - PR 2543 hswong3i 'Integrate jetstack/cert-manager 0.2.3 to Kubespray' - PR 2567 mirwan 'node_labels documentation and kube-ingress label definition as role_node_label' - PR 2569 avoidik 'Allow ansible_ssh_private_key_file for Openstack' - PR 2554 georgejdli 'Fix kubespray's ServiceAccount token signing keys' - PR 2566 woopstar 'Fix etcd from import task to include task' - PR 2562 avoidik 'Fix kubecert_node.results indexes' - PR 2512 woopstar 'Switch hyperkube from CoreOS to Google' - PR 2544 woopstar 'Update openssl.conf to count better and work with Jinja 2.9' - PR 2561 rsmitty 'only set no_proxy if other proxy vars are defined' - PR 2557 pzghost 'Maybe vault health check needs delay' - PR 2564 rsmitty 'include do extension for jinja' - PR 2525 avoidik 'Return subnet_id as defined in kubespray.tf' - PR 2062 wanix 'replace ansible.sudo by ansible.become for vagrant' - PR 2350 whereismyjetpack 'set nodeName to "{{ inventory_hostname }}" in kubeadm-config' - PR 2500 gorazio 'Add prometheus annotations to spec in ingress' - PR 2290 mirwan 'Node labels definition in kubelet params from inventory' - PR 2555 pzghost 'remove redundancy code' - PR 2540 mattymo 'Write cloud-config during kubelet configuration' - PR 2548 kmadnani 'Added a fix in openssl.conf template to check for loadbalancer IP.' - PR 2488 LuckySB 'Dedicated node for ingress nginx controller' - PR 2538 hswong3i 'Fixup #2523: Upgrade Weave to 2.2.1 ' - PR 2492 pzghost 'gather all facts' - PR 2537 hswong3i 'Fixup #2262: Update README.md for calico v2.6.8' - PR 2262 tmjd 'Update Calico and Canal' - PR 2524 avoidik 'Set exact user for Kubelet services' - PR 2526 mzehrer 'Remove kibana_base_url' - PR 2529 dvazar 'Fixed inventory file creation' - PR 2532 LuckySB 'add etc tunning options' - PR 2521 f84anton 'optional calico_ip_auto_method variable with IP_AUTODETECTION_METHOD' - PR 2523 hswong3i 'Upgrade Weave to 2.2.1' - PR 2333 hswong3i 'CephFS Provisioner Addon Fixup' - PR 2332 hswong3i 'Registry Addon Fixup' - PR 2504 brtknr 'Update kube-apiserver.manifest.j2 and kubeadm-config.yaml.j2 to incorporate `endpoint-reconciler-type: lease` ' - PR 2490 woopstar 'Only apply roles from first master node to fix regression' - PR 2489 woopstar 'Only copy tokens if tokens_list contains any' - PR 2508 melkosoft 'Cilium v.1.0.0-rc8' - PR 2498 zmsp 'Upgraded kubernetes from 1.9.3 to 1.9.5' - PR 2364 whereismyjetpack 'set local_release_dir in downloads to match others' - PR 2509 chadswen 'Update flannel version to v0.10.0' - PR 2503 woopstar 'Fix duplicate --proxy-client-cert-file and --proxy-client-key-file' - PR 2485 LuckySB 'Add --iface-regex options to flannel' - PR 2487 MQasimSarfraz 'Mark "calico-rr" as optional in fact gather' - PR 2347 hswong3i 'Support multiple artifacts under individual inventory directory' - PR 2468 LuckySB 'change expirations period for generated certificate from 10y to 100 years' - PR 2462 woopstar 'Add CoreDNS support' - PR 2457 MQasimSarfraz 'Fix vsphere cloud_provider RBAC permissions' - PR 2461 woopstar 'Add support to kubeadm too' - PR 2472 woopstar 'Make sure output from extra args is strings' - PR 2476 woopstar 'Enable encrypting the secrets' --- kubespray | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubespray b/kubespray index d8d5474d..fb6e5c40 160000 --- a/kubespray +++ b/kubespray @@ -1 +1 @@ -Subproject commit d8d5474dcc0b492946b4fd29e1c0a51ad08c8c20 +Subproject commit fb6e5c408460b2b5d4876475c78cc3db27f72f7b