summaryrefslogtreecommitdiffstats
path: root/playbooks/common
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common')
-rw-r--r--playbooks/common/openshift-cluster/upgrades/post_control_plane.yml16
-rw-r--r--playbooks/common/openshift-cluster/upgrades/pre/config.yml4
-rw-r--r--playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml32
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml52
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml26
6 files changed, 41 insertions, 91 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
index de612da21..f44ab3580 100644
--- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
@@ -113,6 +113,22 @@
registry_url: "{{ openshift.master.registry_url }}"
openshift_hosted_templates_import_command: replace
+ post_tasks:
+ # we need to migrate customers to the new pattern of pushing to the registry via dns
+ # Step 1: verify the certificates have the docker registry service name
+ - shell: >
+ echo -n | openssl s_client -showcerts -servername docker-registry.default.svc -connect docker-registry.default.svc:5000 | openssl x509 -text | grep -A1 'X509v3 Subject Alternative Name:' | grep -Pq 'DNS:docker-registry\.default\.svc(,|$)'
+ register: cert_output
+
+ # Step 2: Set a fact to be used to determine if we should run the redeploy of registry certs
+ - name: set a fact to include the registry certs playbook if needed
+ set_fact:
+ openshift_hosted_rollout_certs_and_registry: "{{ cert_output.rc == 0 }}"
+
+# Run the redeploy certs based upon the certificates
+- when: hostvars[groups.oo_first_master.0].openshift_hosted_rollout_certs_and_registry
+ import_playbook: ../../../openshift-hosted/redeploy-registry-certificates.yml
+
# Check for warnings to be printed at the end of the upgrade:
- name: Clean up and display warnings
hosts: oo_masters_to_config
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/config.yml b/playbooks/common/openshift-cluster/upgrades/pre/config.yml
index edc541ef9..44af37b2d 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/config.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/config.yml
@@ -5,8 +5,6 @@
# Pre-upgrade
- import_playbook: ../initialize_nodes_to_upgrade.yml
-- import_playbook: verify_cluster.yml
-
- name: Update repos on upgrade hosts
hosts: "{{ l_upgrade_repo_hosts }}"
roles:
@@ -53,6 +51,8 @@
# l_openshift_version_set_hosts is passed via upgrade_control_plane.yml
# l_openshift_version_check_hosts is passed via upgrade_control_plane.yml
+- import_playbook: verify_cluster.yml
+
# If we're only upgrading nodes, we need to ensure masters are already upgraded
- name: Verify masters are already upgraded
hosts: oo_masters_to_config
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml
index 5ee8a9d78..463a05688 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml
@@ -17,6 +17,7 @@
valid version for a {{ openshift_upgrade_target }} upgrade
when:
- openshift_pkg_version is defined
+ - openshift_pkg_version != ""
- openshift_pkg_version.split('-',1).1 is version_compare(openshift_upgrade_target ,'<')
- fail:
@@ -25,6 +26,7 @@
valid version for a {{ openshift_upgrade_target }} upgrade
when:
- openshift_image_tag is defined
+ - openshift_image_tag != ""
- openshift_image_tag.split('v',1).1 is version_compare(openshift_upgrade_target ,'<')
- set_fact:
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index c27118f6f..baec057f9 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -3,29 +3,6 @@
# Upgrade Masters
###############################################################################
-# Prior to 3.6, openshift-ansible created etcd serving certificates
-# without a SubjectAlternativeName entry for the system hostname. The
-# SAN list in Go 1.8 is now (correctly) authoritative and since
-# openshift-ansible configures masters to talk to etcd hostnames
-# rather than IP addresses, we must correct etcd certificates.
-#
-# This play examines the etcd serving certificate SANs on each etcd
-# host and records whether or not the system hostname is missing.
-- name: Examine etcd serving certificate SAN
- hosts: oo_etcd_to_config
- tasks:
- - slurp:
- src: /etc/etcd/server.crt
- register: etcd_serving_cert
- - set_fact:
- __etcd_cert_lacks_hostname: "{{ (openshift.common.hostname not in (etcd_serving_cert.content | b64decode | lib_utils_oo_parse_certificate_san)) | bool }}"
-
-# Redeploy etcd certificates when hostnames were missing from etcd
-# serving certificate SANs.
-- import_playbook: ../../../openshift-etcd/redeploy-certificates.yml
- when:
- - true in hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config']) | lib_utils_oo_collect('__etcd_cert_lacks_hostname') | default([false])
-
- name: Backup and upgrade etcd
import_playbook: ../../../openshift-etcd/private/upgrade_main.yml
@@ -56,7 +33,6 @@
register: l_pb_upgrade_control_plane_pre_upgrade_storage
when: openshift_upgrade_pre_storage_migration_enabled | default(true) | bool
failed_when:
- - openshift_upgrade_pre_storage_migration_enabled | default(true) | bool
- l_pb_upgrade_control_plane_pre_upgrade_storage.rc != 0
- openshift_upgrade_pre_storage_migration_fatal | default(true) | bool
@@ -94,6 +70,12 @@
- include_tasks: "{{ openshift_master_upgrade_hook }}"
when: openshift_master_upgrade_hook is defined
+ - name: Disable master controller
+ service:
+ name: "{{ openshift_service_type }}-master-controllers"
+ enabled: false
+ when: openshift.common.rolling_restart_mode == 'system'
+
- include_tasks: ../../../openshift-master/private/tasks/restart_hosts.yml
when: openshift.common.rolling_restart_mode == 'system'
@@ -116,7 +98,6 @@
- openshift_upgrade_post_storage_migration_enabled | default(true) | bool
- openshift_version is version_compare('3.7','<')
failed_when:
- - openshift_upgrade_post_storage_migration_enabled | default(true) | bool
- l_pb_upgrade_control_plane_post_upgrade_storage.rc != 0
- openshift_upgrade_post_storage_migration_fatal | default(false) | bool
run_once: true
@@ -252,7 +233,6 @@
register: l_pb_upgrade_control_plane_post_upgrade_storage
when: openshift_upgrade_post_storage_migration_enabled | default(true) | bool
failed_when:
- - openshift_upgrade_post_storage_migration_enabled | default(true) | bool
- l_pb_upgrade_control_plane_post_upgrade_storage.rc != 0
- openshift_upgrade_post_storage_migration_fatal | default(false) | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml
index bf6e8605e..ec1da6d39 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml
@@ -2,54 +2,6 @@
#
# Full Control Plane + Nodes Upgrade
#
-- import_playbook: ../init.yml
+- import_playbook: upgrade_control_plane.yml
-- name: Configure the upgrade target for the common upgrade tasks
- hosts: oo_all_hosts
- tasks:
- - set_fact:
- openshift_upgrade_target: '3.9'
- openshift_upgrade_min: '3.7'
- openshift_release: '3.9'
-
-- import_playbook: ../pre/config.yml
- vars:
- l_upgrade_repo_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config"
- l_upgrade_no_proxy_hosts: "oo_masters_to_config:oo_nodes_to_upgrade"
- l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
- l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade"
- l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config"
- l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config"
- openshift_protect_installed_version: False
-
-- import_playbook: validator.yml
-
-- name: Flag pre-upgrade checks complete for hosts without errors
- hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config
- tasks:
- - set_fact:
- pre_upgrade_complete: True
-
-# Pre-upgrade completed
-
-- import_playbook: ../upgrade_control_plane.yml
-
-# All controllers must be stopped at the same time then restarted
-- name: Cycle all controller services to force new leader election mode
- hosts: oo_masters_to_config
- gather_facts: no
- roles:
- - role: openshift_facts
- tasks:
- - name: Stop {{ openshift_service_type }}-master-controllers
- systemd:
- name: "{{ openshift_service_type }}-master-controllers"
- state: stopped
- - name: Start {{ openshift_service_type }}-master-controllers
- systemd:
- name: "{{ openshift_service_type }}-master-controllers"
- state: started
-
-- import_playbook: ../upgrade_nodes.yml
-
-- import_playbook: ../post_control_plane.yml
+- import_playbook: upgrade_nodes.yml
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
index c8a42322d..8792295c6 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
@@ -26,6 +26,7 @@
openshift_upgrade_min: '3.7'
openshift_release: '3.8'
_requested_pkg_version: "{{ openshift_pkg_version if openshift_pkg_version is defined else omit }}"
+ openshift_pkg_version: ''
_requested_image_tag: "{{ openshift_image_tag if openshift_image_tag is defined else omit }}"
l_double_upgrade_cp: True
when: hostvars[groups.oo_first_master.0].openshift_currently_installed_version | version_compare('3.8','<')
@@ -61,10 +62,8 @@
# Pre-upgrade completed
-- import_playbook: ../upgrade_control_plane.yml
- vars:
- openshift_release: '3.8'
- openshift_pkg_version: ''
+- name: Intermediate 3.8 Upgrade
+ import_playbook: ../upgrade_control_plane.yml
when: hostvars[groups.oo_first_master.0].openshift_currently_installed_version | version_compare('3.8','<')
## 3.8 upgrade complete we should now be able to upgrade to 3.9
@@ -77,7 +76,7 @@
openshift_upgrade_target: '3.9'
openshift_upgrade_min: '3.8'
openshift_release: '3.9'
- openshift_pkg_version: "{{ _requested_pkg_version | default ('-3.9*') }}"
+ openshift_pkg_version: "{{ _requested_pkg_version if _requested_pkg_version is defined else '' }}"
# Set the user's specified image_tag for 3.9 upgrade if it was provided.
- set_fact:
openshift_image_tag: "{{ _requested_image_tag }}"
@@ -106,6 +105,7 @@
l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config"
l_upgrade_excluder_hosts: "oo_masters_to_config"
openshift_protect_installed_version: False
+ openshift_version_reinit: True
- name: Flag pre-upgrade checks complete for hosts without errors
hosts: oo_masters_to_config:oo_etcd_to_config
@@ -114,8 +114,6 @@
pre_upgrade_complete: True
- import_playbook: ../upgrade_control_plane.yml
- vars:
- openshift_release: '3.9'
# All controllers must be stopped at the same time then restarted
- name: Cycle all controller services to force new leader election mode
@@ -124,14 +122,16 @@
roles:
- role: openshift_facts
tasks:
- - name: Stop {{ openshift_service_type }}-master-controllers
- systemd:
+ - name: Restart master controllers to force new leader election mode
+ service:
name: "{{ openshift_service_type }}-master-controllers"
- state: stopped
- - name: Start {{ openshift_service_type }}-master-controllers
- systemd:
+ state: restart
+ when: openshift.common.rolling_restart_mode == 'service'
+ - name: Re-enable master controllers to force new leader election mode
+ service:
name: "{{ openshift_service_type }}-master-controllers"
- state: started
+ enabled: true
+ when: openshift.common.rolling_restart_mode == 'system'
- import_playbook: ../post_control_plane.yml
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 09:07:53 +0000