diff options
Diffstat (limited to 'playbooks')
11 files changed, 434 insertions, 0 deletions
| diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_7/README.md new file mode 100644 index 000000000..4bf53be81 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/README.md @@ -0,0 +1,20 @@ +# v3.6 Major and Minor Upgrade Playbook + +## Overview +This playbook currently performs the following steps. + + * Upgrade and restart master services + * Unschedule node + * Upgrade and restart docker + * Upgrade and restart node services + * Modifies the subset of the configuration necessary + * Applies the latest cluster policies + * Updates the default router if one exists + * Updates the default registry if one exists + * Updates image streams and quickstarts + +## Usage + +``` +ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml +``` diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml new file mode 100644 index 000000000..e41c29682 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -0,0 +1,7 @@ +--- +# +# Full Control Plane + Nodes Upgrade +# +- include: ../../initialize_groups.yml + +- include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml new file mode 100644 index 000000000..21e0fd815 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -0,0 +1,16 @@ +--- +# +# Control Plane Upgrade Playbook +# +# Upgrades masters and Docker (only on standalone etcd hosts) +# +# This upgrade does not include: +# - node service running on masters +# - docker running on masters +# - node service running on dedicated nodes +# +# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. +# +- include: ../../initialize_groups.yml + +- include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml new file mode 100644 index 000000000..0e09d996e --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -0,0 +1,9 @@ +--- +# +# Node Upgrade Playbook +# +# Upgrades nodes only, but requires the control plane to have already been upgraded. +# +- include: ../../initialize_groups.yml + +- include: ../../../../common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins new file mode 120000 index 000000000..7de3c1dd7 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins @@ -0,0 +1 @@ +../../../../../filter_plugins/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml new file mode 100644 index 000000000..ed89dbe8d --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml @@ -0,0 +1,16 @@ +--- +- modify_yaml: +    dest: "{{ openshift.common.config_base}}/master/master-config.yaml" +    yaml_key: 'admissionConfig.pluginConfig' +    yaml_value: "{{ openshift.master.admission_plugin_config }}" +  when: "'admission_plugin_config' in openshift.master" + +- modify_yaml: +    dest: "{{ openshift.common.config_base}}/master/master-config.yaml" +    yaml_key: 'admissionConfig.pluginOrderOverride' +    yaml_value: + +- modify_yaml: +    dest: "{{ openshift.common.config_base}}/master/master-config.yaml" +    yaml_key: 'kubernetesMasterConfig.admissionConfig' +    yaml_value: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/roles b/playbooks/common/openshift-cluster/upgrades/v3_7/roles new file mode 120000 index 000000000..415645be6 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/roles @@ -0,0 +1 @@ +../../../../../roles/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml new file mode 100644 index 000000000..b8fc1b13c --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -0,0 +1,121 @@ +--- +# +# Full Control Plane + Nodes Upgrade +# +- include: ../init.yml +  tags: +  - pre_upgrade + +- name: Configure the upgrade target for the common upgrade tasks +  hosts: oo_all_hosts +  tags: +  - pre_upgrade +  tasks: +  - set_fact: +      openshift_upgrade_target: '3.7' +      openshift_upgrade_min: '3.6' + +# Pre-upgrade + +- include: ../initialize_nodes_to_upgrade.yml +  tags: +  - pre_upgrade + +- name: Update repos and initialize facts on all hosts +  hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config +  tags: +  - pre_upgrade +  roles: +  - openshift_repos + +- name: Set openshift_no_proxy_internal_hostnames +  hosts: oo_masters_to_config:oo_nodes_to_upgrade +  tags: +  - pre_upgrade +  tasks: +  - set_fact: +      openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] +                                                    | union(groups['oo_masters_to_config']) +                                                    | union(groups['oo_etcd_to_config'] | default([]))) +                                                | oo_collect('openshift.common.hostname') | default([]) | join (',') +                                                }}" +    when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and +            openshift_generate_no_proxy_hosts | default(True) | bool }}" + +- include: ../pre/verify_inventory_vars.yml +  tags: +  - pre_upgrade + +- include: ../disable_master_excluders.yml +  tags: +  - pre_upgrade + +- include: ../disable_node_excluders.yml +  tags: +  - pre_upgrade + +- include: ../../initialize_openshift_version.yml +  tags: +  - pre_upgrade +  vars: +    # Request specific openshift_release and let the openshift_version role handle converting this +    # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if +    # defined, and overriding the normal behavior of protecting the installed version +    openshift_release: "{{ openshift_upgrade_target }}" +    openshift_protect_installed_version: False + +    # We skip the docker role at this point in upgrade to prevent +    # unintended package, container, or config upgrades which trigger +    # docker restarts. At this early stage of upgrade we can assume +    # docker is configured and running. +    skip_docker_role: True + +- include: ../pre/verify_health_checks.yml +  tags: +  - pre_upgrade + +- include: ../pre/verify_control_plane_running.yml +  tags: +  - pre_upgrade + +- include: ../../../openshift-master/validate_restart.yml +  tags: +  - pre_upgrade + +- name: Verify upgrade targets +  hosts: oo_masters_to_config:oo_nodes_to_upgrade +  tasks: +  - include: ../pre/verify_upgrade_targets.yml +  tags: +  - pre_upgrade + +- name: Verify docker upgrade targets +  hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config +  tasks: +  - include: ../pre/verify_docker_upgrade_targets.yml +  tags: +  - pre_upgrade + +- include: validator.yml +  tags: +  - pre_upgrade + +- include: ../pre/gate_checks.yml +  tags: +  - pre_upgrade + +# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + +# Separate step so we can execute in parallel and clear out anything unused +# before we get into the serialized upgrade process which will then remove +# remaining images if possible. +- name: Cleanup unused Docker images +  hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config +  tasks: +  - include: ../cleanup_unused_images.yml + +- include: ../upgrade_control_plane.yml + +- include: ../upgrade_nodes.yml + +- include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml new file mode 100644 index 000000000..c571a03c8 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -0,0 +1,121 @@ +--- +# +# Control Plane Upgrade Playbook +# +# Upgrades masters and Docker (only on standalone etcd hosts) +# +# This upgrade does not include: +# - node service running on masters +# - docker running on masters +# - node service running on dedicated nodes +# +# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. +# +- include: ../init.yml +  tags: +  - pre_upgrade + +- name: Configure the upgrade target for the common upgrade tasks +  hosts: oo_all_hosts +  tags: +  - pre_upgrade +  tasks: +  - set_fact: +      openshift_upgrade_target: '3.7' +      openshift_upgrade_min: '3.6' + +# Pre-upgrade +- include: ../initialize_nodes_to_upgrade.yml +  tags: +  - pre_upgrade + +- name: Update repos on control plane hosts +  hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config +  tags: +  - pre_upgrade +  roles: +  - openshift_repos + +- name: Set openshift_no_proxy_internal_hostnames +  hosts: oo_masters_to_config:oo_nodes_to_upgrade +  tags: +  - pre_upgrade +  tasks: +  - set_fact: +      openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] +                                                    | union(groups['oo_masters_to_config']) +                                                    | union(groups['oo_etcd_to_config'] | default([]))) +                                                | oo_collect('openshift.common.hostname') | default([]) | join (',') +                                                }}" +    when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and +            openshift_generate_no_proxy_hosts | default(True) | bool }}" + +- include: ../pre/verify_inventory_vars.yml +  tags: +  - pre_upgrade + +- include: ../disable_master_excluders.yml +  tags: +  - pre_upgrade + +- include: ../../initialize_openshift_version.yml +  tags: +  - pre_upgrade +  vars: +    # Request specific openshift_release and let the openshift_version role handle converting this +    # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if +    # defined, and overriding the normal behavior of protecting the installed version +    openshift_release: "{{ openshift_upgrade_target }}" +    openshift_protect_installed_version: False + +    # We skip the docker role at this point in upgrade to prevent +    # unintended package, container, or config upgrades which trigger +    # docker restarts. At this early stage of upgrade we can assume +    # docker is configured and running. +    skip_docker_role: True + +- include: ../pre/verify_control_plane_running.yml +  tags: +  - pre_upgrade + +- include: ../../../openshift-master/validate_restart.yml +  tags: +  - pre_upgrade + +- name: Verify upgrade targets +  hosts: oo_masters_to_config +  tasks: +  - include: ../pre/verify_upgrade_targets.yml +  tags: +  - pre_upgrade + +- name: Verify docker upgrade targets +  hosts: oo_masters_to_config:oo_etcd_to_config +  tasks: +  - include: ../pre/verify_docker_upgrade_targets.yml +  tags: +  - pre_upgrade + +- include: validator.yml +  tags: +  - pre_upgrade + +- include: ../pre/gate_checks.yml +  tags: +  - pre_upgrade + +# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + +# Separate step so we can execute in parallel and clear out anything unused +# before we get into the serialized upgrade process which will then remove +# remaining images if possible. +- name: Cleanup unused Docker images +  hosts: oo_masters_to_config:oo_etcd_to_config +  tasks: +  - include: ../cleanup_unused_images.yml + +- include: ../upgrade_control_plane.yml +  vars: +    master_config_hook: "v3_7/master_config_upgrade.yml" + +- include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml new file mode 100644 index 000000000..8a2bd19c9 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -0,0 +1,110 @@ +--- +# +# Node Upgrade Playbook +# +# Upgrades nodes only, but requires the control plane to have already been upgraded. +# +- include: ../init.yml +  tags: +  - pre_upgrade + +- name: Configure the upgrade target for the common upgrade tasks +  hosts: oo_all_hosts +  tags: +  - pre_upgrade +  tasks: +  - set_fact: +      openshift_upgrade_target: '3.7' +      openshift_upgrade_min: '3.6' + +# Pre-upgrade +- include: ../initialize_nodes_to_upgrade.yml +  tags: +  - pre_upgrade + +- name: Update repos on nodes +  hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config +  roles: +  - openshift_repos +  tags: +  - pre_upgrade + +- name: Set openshift_no_proxy_internal_hostnames +  hosts: oo_masters_to_config:oo_nodes_to_upgrade +  tags: +  - pre_upgrade +  tasks: +  - set_fact: +      openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_upgrade'] +                                                    | union(groups['oo_masters_to_config']) +                                                    | union(groups['oo_etcd_to_config'] | default([]))) +                                                | oo_collect('openshift.common.hostname') | default([]) | join (',') +                                                }}" +    when: "{{ (openshift_http_proxy is defined or openshift_https_proxy is defined) and +            openshift_generate_no_proxy_hosts | default(True) | bool }}" + +- include: ../pre/verify_inventory_vars.yml +  tags: +  - pre_upgrade + +- include: ../disable_node_excluders.yml +  tags: +  - pre_upgrade + +- include: ../../initialize_openshift_version.yml +  tags: +  - pre_upgrade +  vars: +    # Request specific openshift_release and let the openshift_version role handle converting this +    # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if +    # defined, and overriding the normal behavior of protecting the installed version +    openshift_release: "{{ openshift_upgrade_target }}" +    openshift_protect_installed_version: False + +    # We skip the docker role at this point in upgrade to prevent +    # unintended package, container, or config upgrades which trigger +    # docker restarts. At this early stage of upgrade we can assume +    # docker is configured and running. +    skip_docker_role: True + +- name: Verify masters are already upgraded +  hosts: oo_masters_to_config +  tags: +  - pre_upgrade +  tasks: +  - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." +    when: openshift.common.version != openshift_version + +- include: ../pre/verify_control_plane_running.yml +  tags: +  - pre_upgrade + +- name: Verify upgrade targets +  hosts: oo_nodes_to_upgrade +  tasks: +  - include: ../pre/verify_upgrade_targets.yml +  tags: +  - pre_upgrade + +- name: Verify docker upgrade targets +  hosts: oo_nodes_to_upgrade +  tasks: +  - include: ../pre/verify_docker_upgrade_targets.yml +  tags: +  - pre_upgrade + +- include: ../pre/gate_checks.yml +  tags: +  - pre_upgrade + +# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + +# Separate step so we can execute in parallel and clear out anything unused +# before we get into the serialized upgrade process which will then remove +# remaining images if possible. +- name: Cleanup unused Docker images +  hosts: oo_nodes_to_upgrade +  tasks: +  - include: ../cleanup_unused_images.yml + +- include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml new file mode 100644 index 000000000..90e95422b --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml @@ -0,0 +1,12 @@ +--- +############################################################################### +# Pre upgrade checks for known data problems, if this playbook fails you should +# contact support. If you're not supported contact users@lists.openshift.com +############################################################################### +- name: Verify 3.7 specific upgrade checks +  hosts: oo_first_master +  roles: +  - { role: lib_openshift } +  tasks: +  - name: Check for invalid namespaces and SDN errors +    oc_objectvalidator: | 
