diff options
Diffstat (limited to 'playbooks/common')
7 files changed, 127 insertions, 5 deletions
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 113b401f9..82f711f40 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -27,6 +27,9 @@ when: openshift_docker_selinux_enabled is not defined - include: disable_excluder.yml + vars: + # the excluders needs to be disabled no matter what status says + with_status_check: false tags: - always diff --git a/playbooks/common/openshift-cluster/disable_excluder.yml b/playbooks/common/openshift-cluster/disable_excluder.yml index eb146bab8..b2e025cb8 100644 --- a/playbooks/common/openshift-cluster/disable_excluder.yml +++ b/playbooks/common/openshift-cluster/disable_excluder.yml @@ -3,9 +3,15 @@ hosts: l_oo_all_hosts gather_facts: no tasks: + + # During installation the excluders are installed with present state. + # So no pre-validation check here as the excluders are either to be installed (present = latest) + # or they are not going to be updated if already installed + + # disable excluders based on their status - include_role: name: openshift_excluder - tasks_from: status - - include_role: - name: openshift_excluder - tasks_from: unexclude + tasks_from: disable + vars: + openshift_excluder_package_state: present + docker_excluder_package_state: present diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml index 6b40176e1..7f37c606f 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -19,6 +19,9 @@ when: "not openshift.common.is_atomic | bool and 'Plugin \"search-disabled-repos\" requires API 2.7. Supported API is 2.6.' in yum_ver_test.stdout" - include: disable_excluder.yml + vars: + # the excluders needs to be disabled no matter what status says + with_status_check: false tags: - always diff --git a/playbooks/common/openshift-cluster/reset_excluder.yml b/playbooks/common/openshift-cluster/reset_excluder.yml index fe86f4c23..7c544ee32 100644 --- a/playbooks/common/openshift-cluster/reset_excluder.yml +++ b/playbooks/common/openshift-cluster/reset_excluder.yml @@ -5,4 +5,4 @@ tasks: - include_role: name: openshift_excluder - tasks_from: reset + tasks_from: enable diff --git a/playbooks/common/openshift-cluster/upgrades/disable_excluder.yml b/playbooks/common/openshift-cluster/upgrades/disable_excluder.yml new file mode 100644 index 000000000..2a85dc92e --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/disable_excluder.yml @@ -0,0 +1,21 @@ +--- +- name: Record excluder state and disable + hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include: pre/validate_excluder.yml + vars: + #repoquery_cmd: repoquery_cmd + #openshift_upgrade_target: openshift_upgrade_target + excluder: "{{ item }}" + with_items: + - "{{ openshift.common.service_type }}-docker-excluder" + - "{{ openshift.common.service_type }}-excluder" + + # disable excluders based on their status + - include_role: + name: openshift_excluder + tasks_from: disable + vars: + openshift_excluder_package_state: latest + docker_excluder_package_state: latest diff --git a/playbooks/common/openshift-cluster/upgrades/pre/validate_excluder.yml b/playbooks/common/openshift-cluster/upgrades/pre/validate_excluder.yml new file mode 100644 index 000000000..5078638b7 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/pre/validate_excluder.yml @@ -0,0 +1,22 @@ +--- +# input variables: +# - repoquery_cmd +# - excluder +# - openshift_upgrade_target +- name: Get available excluder version + command: > + {{ repoquery_cmd }} --qf '%{version}' "{{ excluder }}" + register: excluder_version + failed_when: false + changed_when: false + +- name: Docker excluder version detected + debug: + msg: "{{ excluder }}: {{ excluder_version.stdout }}" + +- name: Check the available {{ excluder }} version is at most of the upgrade target version + fail: + msg: "Available {{ excluder }} version {{ excluder_version.stdout }} is higher than the upgrade target version {{ openshift_upgrade_target }}" + when: + - "{{ excluder_version.stdout != '' }}" + - "{{ excluder_version.stdout.split('.')[0:2] | join('.') | version_compare(openshift_upgrade_target, '>', strict=True) }}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/validator.yml new file mode 100644 index 000000000..9c126033c --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/validator.yml @@ -0,0 +1,67 @@ +--- +############################################################################### +# Pre upgrade checks for known data problems, if this playbook fails you should +# contact support. If you're not supported contact users@lists.openshift.com +# +# oc_objectvalidator provides these two checks +# 1 - SDN Data issues, never seen in the wild but known possible due to code audits +# https://github.com/openshift/origin/issues/12697 +# 2 - Namespace protections, https://bugzilla.redhat.com/show_bug.cgi?id=1428934 +# +############################################################################### +- name: Verify 3.5 specific upgrade checks + hosts: oo_first_master + roles: + - { role: lib_openshift } + tasks: + - name: Check for invalid namespaces and SDN errors + oc_objectvalidator: + + # What's all this PetSet business about? + # + # 'PetSets' were ALPHA resources in Kube <= 3.4. In >= 3.5 they are + # no longer supported. The BETA resource 'StatefulSets' replaces + # them. We can't migrate clients PetSets to + # StatefulSets. Additionally, Red Hat has never officially supported + # these resource types. Sorry users, but if you were using + # unsupported resources from the Kube documentation then we can't + # help you at this time. + # + # Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1428229 + - name: Check if legacy PetSets exist + oc_obj: + state: list + all_namespaces: true + kind: petsets + register: l_do_petsets_exist + + - name: FAIL ON Resource migration 'PetSets' unsupported + fail: + msg: > + PetSet objects were detected in your cluster. These are an + Alpha feature in upstream Kubernetes 1.4 and are not supported + by Red Hat. In Kubernetes 1.5, they are replaced by the Beta + feature StatefulSets. Red Hat currently does not offer support + for either PetSets or StatefulSets. + + Automatically migrating PetSets to StatefulSets in OpenShift + Container Platform (OCP) 3.5 is not supported. See the + Kubernetes "Upgrading from PetSets to StatefulSets" + documentation for additional information: + + https://kubernetes.io/docs/tasks/manage-stateful-set/upgrade-pet-set-to-stateful-set/ + + PetSets MUST be removed before upgrading to OCP 3.5. Red Hat + strongly recommends reading the above referenced documentation + in its entirety before taking any destructive actions. + + If you want to simply remove all PetSets without manually + migrating to StatefulSets, run this command as a user with + cluster-admin privileges: + + $ oc get petsets --all-namespaces -o yaml | oc delete -f - --cascale=false + when: + # Search did not fail, valid resource type found + - l_do_petsets_exist.results.returncode == "0" + # Items do exist in the search results + - l_do_petsets_exist.results.results.0['items'] | length > 0 |