This file is used to list changes made in each version of the Openshift 3 cookbook.
- Make sure the services (api, controller and node) restart when performing an asynchronous update
- Add more ec2 userdata defined attributes (openshift_hosted_router_certfile openshift_hosted_router_keyfile openshift_master_named_certificates)
- Enable service discovery when uninstalling node
- Add capability for defining its additional plugin configutations within admissionConfig (https://docs.openshift.com/container-platform/latest/architecture/additional_concepts/admission_controllers.html#admission-controllers-customizable-admission-plug-ins)
- Add capability to read variables from userdata at EC2 level
- Give capability to trigger uninstall of nodes via flag file. (Action is ignored if node part of Control Plane)
- Ensure ETCD tag is added when using containerised deployment
- Fix issue when performing ETCD migration v2 to v3
- Make sure docker staorage is reset before first startup (Left over previous installations)
- Capacity to define labels against EC2 instances via user-data (openshift_node_user_data and ocp_labels)
- Add openshift_buildoverrides_tolerations capability 3.9+
- Add openshift-infra-selector variable to enforce default node selector for openshift-infra project (Default to region=infra. Only if set_openshift-infra_selector is set to true)
- Give the possibilty to use a search filter when using LDAPPasswordIdentityProvider
- Make sure running actions from 1st master are done using loopback address (Avoiding dropping connectivity from LB)
- Make sure master servers use loopback address for their Api Config
- Add missing CheckVolumeBinding predicate (fix Local Persistent Volumes for OSE 3.9)
- Simplify logic around discovering first master and first etcd when using role discovery
- Add yum options for core packages
- Give the possibility to override global variables at the node level for upgrade_docker_version and docker_version
- Fix issue when upgrading cluster to 3.6
- Improve logic for migrating ETCD v2 to v3 schema
- Create backup directory against /var/lib/etcd for ETCD v2-v3 migration
- General improvement for the controlled planed upgrade mechanism
- Add more time for ETCD migration process
- Give the possibility of deleting the ETCD recovery directory on certificate server (adhoc_clean_etcd_flag)
- Give the possibility to skip the oc adm migration storage phase pre/post upgrade (skip_migration_storage)
- Give the possibility to customise the name of the resources for oc adm migration storage (customised_storage & customised_resources)
- Use IP addresses for checking ETCD health whilst recovering the cluster
- Add Time parameters for ETCD around heartbeat interval (etcd_heartbeat_interval) and election timeout (etcd_election_timeout)
- Add safeguards for ETCD recovery process
- Enforce docker restart process when changing OCP CA certificate
- Make sure adding ETCD server(s) does not skip non-registered ETCD
- Make sure ETCD file is 644 (Needed when umask is not 022)
- Fix issue when upgrading from 3.6 to 3.7 (#292)
- Filter out tuned-profiles-origin-node for OSE v3.9
- Misc fixes to ng v310 recipes
- Add possibility to configure any option supported by docker-storage-setup
- Improve installation pkgs for master and node so as to avoid unwanted automatic upgrades whilst enforcing versions
- Add possibility to opt-in opt-out when using sharding routers for customised template via "custom_router": true This key is optional and can be omitted
- Make sure the enc file for node servers are 644
- Make sure we unmount image and container layers on-disk before resetting docker storage
- Reinstall docker whilst resetting nodes
- Give capability for recovering ETCD cluster
- ETCD Snapshot tuning (etcd_snapshot_count)
- Fix logic when checking API availability
- Fix issue when disabling firewalld service for the 1st time
- Add logic for waiting up to 15 minutes when first time creating etcd server
- (FIX) Give capability for specifing personalised Admission Plug-in (openshift_master_admission_plugin_config)
- Patch any shard routers during upgrade
- Give capability for specifing personalised Admission Plug-in (openshift_master_admission_plugin_config)
- Fix MISC etcd migration
- Fix incorrect openshift_master_loopback_api_url (was not proxy safe)
- Make SWAP disabling on nodes optional (but enabled by default).
- Restrict permission for policy and scheduler (#257)
- Add version control for etcd in certificate server
- Restrict cookbook run only to control plane and node servers
- CRT and KEY files permissions were wrong (#253 //github.com//issues/254)
- Adjust the permission for OCP node main directory and ETCD
- Update metrics and logging to 3.9
- CRT and KEY files permissions were wrong (#252)
- Adjust the permission for OCP main directory
- Adjust the docker network options via openshift_docker_network_options
- Improve logic for adding or removing ETCD servers from ETCD cluster (Read README)
- MISC bugs
- Add first support for 3.9
- Refactoring codes
- Add logic for adding or removing ETCD servers from ETCD cluster (Read README)
- First draft for deploying logging components
- Fix issue when deploying router and registry v1/3.5+ on premise. (Default to iexternal redhat registry) Possibilty to specify openshift_docker_hosted_registry_image or openshift_docker_hosted_router_image
- Fix issue with nodes after upgrading and until removing the flag (Keep restarting the openvswitch)
- Fix issue DNS does not work over TCP from pod (Adjusting DNSMasq binding interfaces) < 3.6
- Fix issue when ussing docker 1.12+ (https://bugzilla.redhat.com/show_bug.cgi?id=1502560)
- Fix typo when upgrading ConfigMap of the customised Hosted Router
- Fix typo when applying openshift_node_kubelet_args_custom
- Give the possibility of controlling dnsmasq openshift_node_dnsmasq_log_queries (false) openshift_node_dnsmasq_cache_size (150) openshift_node_dnsmasq_maxcachettl (1)
- Improve the node reset mechanism (Deleting master and node directories)
- Give the possibility to override global variables at the node level ((Read README)
- Give possibility to override sharding router template location file
- Fix issue when resetting a master node
- Fix issue when resetting an ETCD node
- Fix several Cloning resource attributes issues
- Give the possibility to reset a node including the docker-storage thin-pool (If it is in used) adhoc_reset_control_flag
- Give the possibility to deploy router sharding (Read README)
- Improve metrics deployment logic
- Fix issue when deleting servers
- Automatically upgrade the custom router template during upgrades
- Fix issue with cloud_provider when restarting node service.
- Fix issue reported 247 (Upgrade 36 -> 37)
- Fix rubocop issues
- Fix issue reported 244 (Insecure docker registry)
- Fix issue reported 247 (Customised CA)
- Give the possibility of providing an array for the SCCs
- Fix several Cloning resource attributes issues
- Fix ETCD ca perms on certificate server
- Prevent Docker to reinstall or update without control
- Asynchronous Errata Updates via variable asynchronous_upgrade (Default to false)
- Add possibility to specify specific yum options when installing docker docker_yum_options
- Add reverse lookup for SkyDNS
- Give the possibilty to provide a custom location for '/etc/NetworkManager/dispatcher.d/99-origin-dns.sh'
- Change the ETCD CA directory for the certificate server (Moving the certificate server becomes easier: mv /var/www/html)
- Fix issue 240 when using standalone master
- Regression bug for controller servers (TTL missing)
- Remove the openshift-master.kubeconfig file when regenerating certs (Issue < 3.2)
- Wrong option for generating node certs
- Bug with certificates renewal for node servers
- Bug with certificates renewal
- Bug with library for identifying the server roles
- Bug with library for identifying the server roles
- Force secret for registry HTTPS
- Improve the certs renewal
- Improve the custom router template (Name can be customised) openshift_hosted_deploy_custom_name
- Stop pushing for etcd / docker package upgrade
- New vars for upgrade (ETCD/Docker) upgrade_docker_version upgrade_etcd_version
- Fix issue when upgrading etcd
- Fix foodcritic issue with new metric logic
- Fix issue with excluder pkgs when server has got dual roles (master && node)
- Refactor the metrics logi to support all versions (3.3+)
- Fix issue when disabling SWAP for node servers
- Add option to control docker yum exclude options custom_pkgs_excluder
- Revert last logic not working
- Fix issue with master keys != 400 perms
- Add option to control docker yum options (Exclude/Include X pkgs) docker_yum_options
- Fix issue with node service when NM is not turned off (Openshift >= 3.6)
- Fix issue when restarting ETCD during upgrade
- Fix issue during upgrade when having certificate_server which is not first master
- Add ETCD package to servers (Master for certificates, Etcd and certificate server for certificate renewal)
- Fix issue during upgrade when upgrading master services
- Split the certificate server function from the other roles
- General code review
- Improve the general experience during certificate renewal
- Fix issue during upgrade node components
- Give the possibility for setting ENV to router (openshift_hosted_deploy_env_router)
- Fix issue during uninstall when server has not got docker installed
- Improve the general experience during upgrades
- Restarts of services are aligned with activities (upgrade/intall)
- Give the possibility for deploying custom router (openshift_hosted_deploy_custom_router)
- Fix issue during upgrade when master are separated from ETCD
- Fix race condition for certs
- Fix issue when deploying hosted services outside of the default project
- General code improvements/MISC issues
- General code improvements/MISC issues
- Fix issue for upgrade when being a master only (No need to restart Docker)
- Fix issue when creating PV (NFS)
- General code improvements/MISC issues
- General code improvements/MISC issues
- Improve creating PV/PVC
- General code improvements/MISC issues
- Add logic for removing redhat registry (Fixed issue 206)
- Improve IPtables logic
- General code improvements/MISC issues
- General code improvements/MISC issues
- Initial Support for 3.7.x
- Capability for automated upgrade between versions
- Certitificate redeploy for ETCD (CA/CERTS)
- Fixes error in v1.10.66 - use action ':nothing' on declaration, cf: https://serverfault.com/questions/587188/chef-how-to-run-a-resource-on-notification-only
- admin.kubeconfig made unambiguous - file creation failures avoided
- Add timeout to
ducall - Rewrite ruby blocks into Chef resources
- Initial support for 3.6
- Capability for Overriding master and node servingInfo.minTLSVersion and .cipherSuites [openshift_(master|node)cipher_suites, openshift(master|node)_min_tls_version]
- Capability for defining ExternalIPNetworkCIDRs controls what values are acceptable for the service external IP field [openshift_master_external_ip_network_cidrs]
- Capability for defining IngressIPNetworkCIDR controls the range to assign ingress IPs [openshift_master_ingress_ip_network_cidr]
- Capability for defining mcs_allocator_range, mcs_labels_per_project and uid_allocator_range [openshift_master_NAME]
- Capability for referencing the registry by a stable name (not IP) [openshift_push_via_dns]
- Add etcd_debug and etcd_log_package_levels capabilities
- All tgz files are encrypted with a default passphrase, and decrypted at the other end after downloading.
- Fixes error in v1.10.62 - file permissions on tar.gz
- Fix bug with LDAP Provider (Enforce LDAPS when selecting secure)
## v1.10.63
- Fixes error in v1.10.62 - file permissions on tar.gz
- Jenkinsfile parameters added
- New Centos yum repos added
- Allow users to suppress ruby block call from provider code (breaks in older Chef client versions)
- Make perms and ownership on tar.gz files explicit for more restrictive distributions
- Kitchen tests updated for latest versions
- Allow passing custom arguments when deploying the hosted router
- Fix issue with cookstyle indentation
- Update Example files (ImageStreams/Templates)
- Update Hosted templates
- Add more logic for dnsmasq (Install NetworkManager and add conf-dir line)
- Fix issues with certificate_servers
- Add the possibilty for openshift_buildoverrides
- Add the possibilty of retrieving the OCP certs from a custom location/server
- Fix issue with cookstyle indentation
- Improve the code for ignoring dnsmasq issues
- Add missing dirs and files to be removed when uninstalling
- Remove support for 1.2/3.2 (README)
- Remove support for 1.2/3.2
- Update openshift_example files
- Add extra wait time for 1.3/3.3 installation
- Change test for 1.3/3.3 to use docker 1.10.x
- Adapt the kubelet args
- Add the possibility of deploying Metrics according to https://docs.openshift.com/container-platform/latest/install_config/cluster_metrics.html
- Fix backticks in environment not working (#138)
- Fix CHEF-3694 warning that triggered while waiting for node registration
- Remove duplicated code between etcd_cluster and master_cluster recipes.
- Enable *-master-controllers and *-master-api services on master nodes.
- Fix Jenkinsfile: email address does not support aliases
- Fix CHEF-3694 warning with master certificates
- Fix cookstyle issues
- Fix bug when not declaring lb_servers role
- Fix Foodcritic issues related to CONTRIBUTING.md
- Fix Foodcritic issues related to metada.rb
- Initial support for 1.5/3.5 OCP
- Refactor logic for HA cluster deployment
- Add support for deploying only LB role (Haproxy) #100
- MISC bug fix
- Separated certificates to be copied from first master
- Jenkinsfile gets correct branch
- Kitchen tests at end (less likely to fail)
- Separated etcd cluster now works (all certs pulled from first master)
- Spacing corrected and defaults not included as per discussion in #115
- Jenkinsfile has resilient kitchen tests reinstated
- Certificate redeployment code fixed to remove node certs
- Certificate redeployment - run etcd code only if etcd on the node (eg standalone)
- Upgrade from x.2 to x.3 supported
- Service signer cert created as part of cert creation
- Added Jenkinsfile
- Rename file: service_openvsitch-containerized.service.erb -> service_openvswitch-containerized.service.erb
- Fix redeploy certs for separate etcd cluster
- Use more config items rather than hard-coded values in delete node
- Replace most hard link usage with local copy
- Change http server binding to default IP address
- Give the possibility to specify custom certificate for hosted router
- Fix CHEF-3694 warning due to redundant package resource
- Removed potentially unsafe identity providers defaults
- Fix named certificates when common_name is also listed in alternative names
- Allow distinct hostnames for internal and public API access
- Fix AWS issue when using empty data bag
- Fix bug for enterprise version (Hosted template files)
- Fix deletion of service files
- Give the possibility of adding custom master CA certificate
- Give the possibility of supporting AWS IAM based integration
- Fix dnsIP for dedicated nameserver within PODS (Default to IP of the node)
- Give the possibility of adding cAdvisor port and read-only port for kubelet arguments
- Give the possibility of skipping nodes when applying schedulability and labelling
- Fix issue reported by #77
- Emergency update for fixing ose_major_version when running standalone deployment
- Fixed cookstyle offenses
- Revert the ETCD change causing issue when adding / removing members
- Make secret call compatible with x.2 version(s)
- Expand .kitchen.yml to test OSE v1.4.1, v1.3.3 and v1.2.1
- Improved code readability
- Added support for multiple identity providers
- Added support for AWS cloud provider
- Fix ETCD service defined in 2 places
- Fix cookstyle issues
- Fix admin.kubeconfig logic
- Adjust predicates and priorities based on ose_major_version
- Fix containerized deployment
- Give the possibility to add or remove etcd server members
- Improve ETCD deployment for single etcd server
- Revert e168f9b, use stable repository URLs again
- Use stable CentOS PaaS repository during tests
- Add integration test for hosted metrics feature
- Make apiServerArguments conditional on the version for pre-1.3/3.3 versions
- Handle 1.4/3.4 deployment
- Clean codes over unused attributes
- Integration tests for 1.4/3.4
- Add the possibility to supply dns-search option via Docker
- Add the possibility to specify a deserialization cache size parameter.
- Fix permissions over /etc/origin/node
- Fix iptables issue due to version used by clients
- Add the possibility to deploy the cluster metrics
- Add the possibility to add more manageName serviceaccount in master config
- Move registry persistent_volume_claim name to explicit LWRP attribute
- Added integration test for openshift_hosted_manage_registry feature
- Added integration test for openshift_hosted_manage_router feature
- Added integration test for persistent_storage feature
- Refactor router-related resources to new openshift_deploy_router LWRP
- Move registry persistent_volume_claim name to explicit LWRP attribute
- Fix README.md typo
- Fix issue with systemd when uninstalling the Openshift
- Fix issue for systemctl daemon-reload
- Removed redundant guard clause for registry deloyment
- Remove property attributes for resources (backward compatibility)
- Add the possibility to deploy the cluster metrics
- Add the possibility to add more manageName serviceaccount in master config
- Fix README.md typo
- Fix issue with systemd when uninstalling the Openshift
- Fix issue for systemctl daemon-reload
- Set the default ipaddress used in etcd-related attributes accordingly with the etcd_server variable
- Remove duplicated variables for ETCD
- Fix documentation
- Fix redeploying OSE certificates
- Add the possibility to run adhoc command for redeploying OSE certificates
- Add FW rules in a dedicated jump chain
- Add a validation point for mandatory variables
- Add the possibility to specify logging drivers (https://docs.docker.com/engine/admin/logging/overview/)
- Fix adhoc uninstall
- Move openssl.conf under CA directory (ETCD)
- Typo in README
- Fix schedulability and node-labelling guards
- Skip nodes which are not listed when labelling or seetingn schedulability (#32)
- Improve delete adhoc
- Remove duplicates for cors origin (Forcing ETCD to fail)
- Remove the need to specify the master server peers.
- Add the possibility to specify scc rather than assuming 'privileged' one
- Add new scheduler predicates & priorities
- Add the possibility to create PV and PVC (Type NFS only)
- Deploy Hosted environment (Registry & Router)
- Autoscale Hosted environment (Registry & Router) based on labelling
- Only 1 recipe is needed for deploying the environment : recipe[cookbook-openshift3]
- Remove duplicated resources
- Fix Docker log-driver for json
- Remove the node['cookbook-openshift3']['use_params_roles'] which used the CHEF search capability
- Remove the node['cookbook-openshift3']['set_nameserver'] and node['cookbook-openshift3']['register_dns']
- Add the possibility to enable the Audit logging
- Add the possibility to label nodes
- Add the possibility to set scheduling against nodes
- Add the possibility to deploy the Stand-alone Registry & Router
- Remove automatic rebooting when playing adhoc uninstallation
- Add the possibility to run adhoc command for uninstalling Openshift on dedicated server(s)
- Add the possibility to have any number of ETCD servers
- Fix HTTPD service enabling for ETCD
- Add the possibility to only deploy ETCD role
- Remove hard-coded values for deployment type (Affecting Origin deploymemts)
- Add the possibility to specifying an exact rpm version to install or configure.
- Update Openshift configuration for 1.3 or 3.3
- Add the possibilty to specifying a major version (3.1, 3.2 or 3.3)
- Add logging EFK
- Add SNI capability when testing master API
- Give the choice to user to select CHEF search or solo capability
- Add the concept of wildcard nodes --> wildcard kubeconfig (AWS cloud deployment)
- Update Openshift templates
- Fix nodeSelector issue when using cluster architecture
- Add capacity to manage container logs (Docker options)
- Remove too restrictive version for RHEL
- Fix typo for URL for Public master API
- Fix URL for master API
- Clarify use of masterPublicURL, publicURL and masterURL
- Simplify the creation of node/master servers
- Fix issue for dnsmasq
- Fix issue for documentation
- Fix issue for documentation
- Fix issue for restarting openshift-api or controllers
- Fix issue for restarting node
- Update Openshift documentation
- Use chef-solo attribute style as a default for setting attributes
- Remove queries for any type of data that is indexed by the Chef server
- Fix issue for Openshift Node (Clashing ClusterNetwork)
- Fix issue for generating certificates (NODES)
- Add capability for deploying 3.2.x
- Add capability for deploying containerized version of Openshift
- Add capability of using dnsmasq for interacting with skyDNS
- Update Openshift template examples
- Fix issue for nodes certificate SAN
- Fix issue for ETCD certificate lifetime
- Fix IP discovery for origin_deploy.sh
- Add capability for enabling or not a yum repository
- Fix docker restrart when running CHEF
- Fix openshift-master restart when running CHEF
- Fix openshift-node restart when running CHEF
- Remove dnsIP from node definiton. Default to use the kubernetes service network 172.x.x.1
- Add kubeletArguments for node servers
- Enable Docker at startup
- Mask master service when running native HA
- Add possibility to disable yum repositories
- Fix etcd certificate (Simplify the call for peers members)
- Add possibility to specify a version to be installed for docker
- Fix permissions for directory (Set to Apache in case of a dodgy umask number)
- Add delay/retry before installing servcieaccount
- Change xip.io for nip.io (STABLE)
- Fix scripts/origin_deploy.sh
- Fix hostname for origin_deploy.sh
- Fix bug when enabling HTTPD at startup
- Detect the CN or SAN from certificates file when using named certificates.
- Move origin_deploy.sh in scripts folder
- Enable HTTPD at startup
- Fix some typos
mprovement
- Add the possibility to only deploy ETCD role
- Remove hard-coded values for deployment type (Affecting Origin deploymemts)
- Add possibility to customise docker-storage-setup
- Add possibility for configuring Custom Certificates
- Add MIT LICENCE model
- Add script to auto deploy origin instance
- Add the possibility to exclude packages from updates or installs
- Fix attributes labelling when using chef in local mode (or solo)
- Remove specific mentions to OSE
- Current public release