summaryrefslogtreecommitdiffstats
path: root/playbooks/common
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common')
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml39
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml27
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml1
-rw-r--r--playbooks/common/openshift-master/config.yml59
-rw-r--r--playbooks/common/openshift-node/config.yml3
6 files changed, 73 insertions, 58 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
index 55c36810f..049ac997c 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml
@@ -74,6 +74,11 @@
- set_fact:
g_new_version: "{{ g_aos_versions.curr_version.split('-', 1).0 if g_aos_versions.avail_version is none else g_aos_versions.avail_version.split('-', 1).0 }}"
+ when: openshift_pkg_version is not defined
+
+ - set_fact:
+ g_new_version: "{{ openshift_pkg_version | replace('-','') }}"
+ when: openshift_pkg_version is defined
- fail:
msg: This playbook requires Origin 1.0.6 or later
@@ -258,7 +263,7 @@
openshift_master_certs_no_etcd:
- admin.crt
- master.kubelet-client.crt
- - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+ - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}"
- master.server.crt
- openshift-master.crt
- openshift-registry.crt
@@ -496,6 +501,7 @@
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-role-bindings
--exclude-groups=system:authenticated
+ --exclude-groups=system:authenticated:oauth
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
--additive-only=true --confirm
@@ -567,46 +573,55 @@
- role: openshift_examples
openshift_examples_import_command: replace
pre_tasks:
- - name: Check for default router
+ - name: Collect all routers
command: >
- {{ oc_cmd }} get -n default dc/router
- register: _default_router
+ {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json
+ register: all_routers
failed_when: false
changed_when: false
+ - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
+ when: all_routers.rc == 0
+
+ - set_fact: haproxy_routers=[]
+ when: all_routers.rc != 0
+
- name: Check for allowHostNetwork and allowHostPorts
- when: _default_router.rc == 0
+ when: all_routers.rc == 0
shell: >
{{ oc_cmd }} get -o yaml scc/privileged | /usr/bin/grep -e allowHostPorts -e allowHostNetwork
register: _scc
- name: Grant allowHostNetwork and allowHostPorts
when:
- - _default_router.rc == 0
+ - all_routers.rc == 0
- "'false' in _scc.stdout"
command: >
{{ oc_cmd }} patch scc/privileged -p
'{"allowHostPorts":true,"allowHostNetwork":true}' --api-version=v1
- name: Update deployment config to 1.0.4/3.0.1 spec
- when: _default_router.rc == 0
+ when: all_routers.rc == 0
command: >
- {{ oc_cmd }} patch dc/router -p
+ {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
'{"spec":{"strategy":{"rollingParams":{"updatePercent":-10},"spec":{"serviceAccount":"router","serviceAccountName":"router"}}}}'
--api-version=v1
+ with_items: haproxy_routers
- name: Switch to hostNetwork=true
- when: _default_router.rc == 0
+ when: all_routers.rc == 0
command: >
- {{ oc_cmd }} patch dc/router -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}'
+ {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p '{"spec":{"template":{"spec":{"hostNetwork":true}}}}'
--api-version=v1
+ with_items: haproxy_routers
- name: Update router image to current version
- when: _default_router.rc == 0
+ when: all_routers.rc == 0
command: >
- {{ oc_cmd }} patch dc/router -p
+ {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
'{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
--api-version=v1
+ with_items: haproxy_routers
- name: Check for default registry
command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
index d8336fcae..d7a2ac405 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/post.yml
@@ -20,13 +20,27 @@
- role: openshift_examples
openshift_examples_import_command: replace
pre_tasks:
- - name: Check for default router
+ - name: Collect all routers
command: >
- {{ oc_cmd }} get -n default dc/router
- register: _default_router
+ {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json
+ register: all_routers
failed_when: false
changed_when: false
+ - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
+ when: all_routers.rc == 0
+
+ - set_fact: haproxy_routers=[]
+ when: all_routers.rc != 0
+
+ - name: Update router image to current version
+ when: all_routers.rc == 0
+ command: >
+ {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -p
+ '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
+ --api-version=v1
+ with_items: haproxy_routers
+
- name: Check for default registry
command: >
{{ oc_cmd }} get -n default dc/docker-registry
@@ -34,13 +48,6 @@
failed_when: false
changed_when: false
- - name: Update router image to current version
- when: _default_router.rc == 0
- command: >
- {{ oc_cmd }} patch dc/router -p
- '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}"}]}}}}'
- --api-version=v1
-
- name: Update registry image to current version
when: _default_registry.rc == 0
command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
index 91780de09..12b9c84d3 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/pre.yml
@@ -41,7 +41,7 @@
g_new_service_name: "{{ 'origin' if deployment_type =='origin' else 'atomic-openshift' }}"
- name: Determine available versions
- script: ../files/versions.sh {{ g_new_service_name }} openshift
+ script: ../files/versions.sh {{ g_new_service_name }}
register: g_versions_result
- set_fact:
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
index 81dbba1e3..dbf746f12 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml
@@ -109,6 +109,7 @@
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-role-bindings
--exclude-groups=system:authenticated
+ --exclude-groups=system:authenticated:oauth
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
--additive-only=true --confirm
diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml
index 3d646be64..77edbd1a6 100644
--- a/playbooks/common/openshift-master/config.yml
+++ b/playbooks/common/openshift-master/config.yml
@@ -18,6 +18,10 @@
- .config_managed
- set_fact:
+ openshift_master_pod_eviction_timeout: "{{ lookup('oo_option', 'openshift_master_pod_eviction_timeout') | default(none, true) }}"
+ when: openshift_master_pod_eviction_timeout is not defined
+
+ - set_fact:
openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
openshift_master_etcd_hosts: "{{ hostvars
| oo_select_keys(groups['oo_etcd_to_config']
@@ -146,7 +150,7 @@
openshift_master_certs_no_etcd:
- admin.crt
- master.kubelet-client.crt
- - "{{ 'master.proxy-client.crt' if openshift.common.version_greater_than_3_1_or_1_1 else omit }}"
+ - "{{ 'master.proxy-client.crt' if openshift.common.version_gte_3_1_or_1_1 else omit }}"
- master.server.crt
- openshift-master.crt
- openshift-registry.crt
@@ -170,10 +174,10 @@
master_cert_subdir: master-{{ openshift.common.hostname }}
master_cert_config_dir: "{{ openshift.common.config_base }}/master"
- set_fact:
- openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['nodes'])
+ openshift_infra_nodes: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'])
| oo_nodes_with_label('region', 'infra')
| oo_collect('inventory_hostname') }}"
- when: openshift_infra_nodes is not defined
+ when: openshift_infra_nodes is not defined and groups.oo_nodes_to_config | default([]) | length > 0
- name: Configure master certificates
hosts: oo_first_master
@@ -348,8 +352,6 @@
roles:
- openshift_master
- role: nickhammond.logrotate
- - role: fluentd_master
- when: openshift.common.use_fluentd | bool
- role: nuage_master
when: openshift.common.use_nuage | bool
post_tasks:
@@ -360,6 +362,8 @@
- name: Additional master configuration
hosts: oo_first_master
vars:
+ cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
+ etcd_urls: "{{ openshift.master.etcd_urls }}"
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
omc_cluster_hosts: "{{ groups.oo_masters_to_config | join(' ')}}"
roles:
@@ -371,30 +375,16 @@
when: openshift.common.use_cluster_metrics | bool
- role: openshift_manageiq
when: openshift.common.use_manageiq | bool
-
-- name: Enable cockpit
- hosts: oo_first_master
- vars:
- cockpit_plugins: "{{ osm_cockpit_plugins | default(['cockpit-kubernetes']) }}"
- roles:
- role: cockpit
when: not openshift.common.is_atomic and ( deployment_type in ['atomic-enterprise','openshift-enterprise'] ) and
(osm_use_cockpit | bool or osm_use_cockpit is undefined )
-
-- name: Configure flannel
- hosts: oo_first_master
- vars:
- etcd_urls: "{{ openshift.master.etcd_urls }}"
- roles:
- role: flannel_register
when: openshift.common.use_flannel | bool
+ - role: pods
+ when: openshift.common.deployment_type == 'online'
+ - role: os_env_extras
+ when: openshift.common.deployment_type == 'online'
-# Additional instance config for online deployments
-- name: Additional instance config
- hosts: oo_masters_deployment_type_online
- roles:
- - pods
- - os_env_extras
- name: Delete temporary directory on localhost
hosts: localhost
@@ -405,22 +395,25 @@
- file: name={{ g_master_mktemp.stdout }} state=absent
changed_when: False
-- name: Configure service accounts
- hosts: oo_first_master
- vars:
- accounts: ["router", "registry"]
- roles:
- - openshift_serviceaccounts
-
-- name: Create persistent volumes and services
+- name: Create persistent volumes and create hosted services
hosts: oo_first_master
vars:
+ attach_registry_volume: "{{ openshift.hosted.registry.storage.kind != None }}"
+ deploy_infra: "{{ openshift.master.infra_nodes | default([]) | length > 0 }}"
persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}"
persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}"
roles:
- role: openshift_persistent_volumes
when: persistent_volumes | length > 0 or persistent_volume_claims | length > 0
+ - role: openshift_serviceaccounts
+ openshift_serviceaccounts_names:
+ - router
+ - registry
+ openshift_serviceaccounts_namespace: default
+ openshift_serviceaccounts_sccs:
+ - privileged
- role: openshift_router
- when: openshift.master.infra_nodes is defined
+ when: deploy_infra | bool
- role: openshift_registry
- when: openshift.master.infra_nodes is defined and openshift.hosted.registry.storage.kind != None
+ when: deploy_infra | bool and attach_registry_volume | bool
+
diff --git a/playbooks/common/openshift-node/config.yml b/playbooks/common/openshift-node/config.yml
index e07de0e99..56d30e9b9 100644
--- a/playbooks/common/openshift-node/config.yml
+++ b/playbooks/common/openshift-node/config.yml
@@ -176,6 +176,7 @@
- name: Evaluate node groups
hosts: localhost
become: no
+ connection: local
tasks:
- name: Evaluate oo_containerized_master_nodes
add_host:
@@ -216,8 +217,6 @@
- role: nuage_node
when: openshift.common.use_nuage | bool
- role: nickhammond.logrotate
- - role: fluentd_node
- when: openshift.common.use_fluentd | bool
tasks:
- name: Create group for deployment type
group_by: key=oo_nodes_deployment_type_{{ openshift.common.deployment_type }}