diff options
Diffstat (limited to 'playbooks')
72 files changed, 483 insertions, 165 deletions
diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md index bdc98d1e0..cf811ca84 100644 --- a/playbooks/aws/README.md +++ b/playbooks/aws/README.md @@ -201,9 +201,7 @@ There are more enhancements that are arriving for provisioning. These will incl ## Uninstall / Deprovisioning -At this time, only deprovisioning of the output of the prerequisites step is provided. You can/must manually remove things like ELBs and scale groups before attempting to undo the work by the preprovisiong step. - -To undo the work done by the prerequisites playbook, simply call the uninstall_prerequisites.yml playbook. You should use the same inventory file and provisioning_vars.yml file that was used during provisioning. +To undo the work done by the prerequisites playbook, simply call the uninstall_prerequisites.yml playbook. You will have needed to remove any of the other objects (ie ELBs, instances, etc) before attempting. You should use the same inventory file and provisioning_vars.yml file that was used during provisioning. ``` ansible-playbook -i <previous inventory file> -e @<previous provisioning_vars file> uninstall_prerequisites.yml @@ -211,4 +209,10 @@ ansible-playbook -i <previous inventory file> -e @<previous provisioning_vars fi This should result in removal of the security groups and VPC that were created. +Cleaning up the S3 bucket contents can be accomplished with: + +``` +ansible-playbook -i <previous inventory file> -e @<previous provisioning_vars file> uninstall_s3.yml +``` + NOTE: If you want to also remove the ssh keys that were uploaded (**these ssh keys would be shared if you are running multiple clusters in the same AWS account** so we don't remove these by default) then you should add 'openshift_aws_enable_uninstall_shared_objects: True' to your provisioning_vars.yml file. diff --git a/playbooks/aws/openshift-cluster/uninstall_elb.yml b/playbooks/aws/openshift-cluster/uninstall_elb.yml new file mode 100644 index 000000000..c1b724f0c --- /dev/null +++ b/playbooks/aws/openshift-cluster/uninstall_elb.yml @@ -0,0 +1,9 @@ +--- +- name: Delete elb + hosts: localhost + connection: local + tasks: + - name: deprovision elb + include_role: + name: openshift_aws + tasks_from: uninstall_elb.yml diff --git a/playbooks/aws/openshift-cluster/uninstall_s3.yml b/playbooks/aws/openshift-cluster/uninstall_s3.yml new file mode 100644 index 000000000..448b47aee --- /dev/null +++ b/playbooks/aws/openshift-cluster/uninstall_s3.yml @@ -0,0 +1,10 @@ +--- +- name: Empty/delete s3 bucket + hosts: localhost + connection: local + tasks: + - name: empty/delete s3 bucket + include_role: + name: openshift_aws + tasks_from: uninstall_s3.yml + when: openshift_aws_create_s3 | default(true) | bool diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_10/README.md b/playbooks/byo/openshift-cluster/upgrades/v3_10/README.md new file mode 100644 index 000000000..7ede3a28c --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_10/README.md @@ -0,0 +1,20 @@ +# v3.10 Major and Minor Upgrade Playbook + +## Overview +This playbook currently performs the following steps. + + * Upgrade and restart master services + * Unschedule node + * Upgrade and restart docker + * Upgrade and restart node services + * Modifies the subset of the configuration necessary + * Applies the latest cluster policies + * Updates the default router if one exists + * Updates the default registry if one exists + * Updates image streams and quickstarts + +## Usage + +``` +ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade.yml +``` diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade.yml new file mode 100644 index 000000000..977b4f381 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade.yml @@ -0,0 +1,5 @@ +--- +# +# Full Control Plane + Nodes Upgrade +# +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_10/upgrade.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade_control_plane.yml new file mode 100644 index 000000000..8b76bf4ff --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade_control_plane.yml @@ -0,0 +1,16 @@ +--- +# +# Control Plane Upgrade Playbook +# +# Upgrades masters and Docker (only on standalone etcd hosts) +# +# This upgrade does not include: +# - node service running on masters +# - docker running on masters +# - node service running on dedicated nodes +# +# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. +# +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_10/upgrade_control_plane.yml + +- import_playbook: ../../../../openshift-master/private/restart.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade_nodes.yml new file mode 100644 index 000000000..b4353edc2 --- /dev/null +++ b/playbooks/byo/openshift-cluster/upgrades/v3_10/upgrade_nodes.yml @@ -0,0 +1,7 @@ +--- +# +# Node Upgrade Playbook +# +# Upgrades nodes only, but requires the control plane to have already been upgraded. +# +- import_playbook: ../../../../common/openshift-cluster/upgrades/v3_10/upgrade_nodes.yml diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_scale_groups.yml index 23a3fcbb5..23a3fcbb5 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_scale_groups.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_scale_groups.yml diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index ba783638d..a9a35b028 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -6,6 +6,7 @@ g_new_node_hosts: [] - import_playbook: ../../../init/basic_facts.yml +- import_playbook: ../../../init/base_packages.yml - import_playbook: ../../../init/cluster_facts.yml - name: Ensure firewall is not switched during upgrade diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index f44ab3580..86cde2844 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -114,20 +114,27 @@ openshift_hosted_templates_import_command: replace post_tasks: - # we need to migrate customers to the new pattern of pushing to the registry via dns - # Step 1: verify the certificates have the docker registry service name - - shell: > - echo -n | openssl s_client -showcerts -servername docker-registry.default.svc -connect docker-registry.default.svc:5000 | openssl x509 -text | grep -A1 'X509v3 Subject Alternative Name:' | grep -Pq 'DNS:docker-registry\.default\.svc(,|$)' - register: cert_output - - # Step 2: Set a fact to be used to determine if we should run the redeploy of registry certs - - name: set a fact to include the registry certs playbook if needed - set_fact: - openshift_hosted_rollout_certs_and_registry: "{{ cert_output.rc == 0 }}" - -# Run the redeploy certs based upon the certificates -- when: hostvars[groups.oo_first_master.0].openshift_hosted_rollout_certs_and_registry - import_playbook: ../../../openshift-hosted/redeploy-registry-certificates.yml + # Do not perform these tasks when the registry is insecure. The default registry is insecure in openshift_hosted/defaults/main.yml + - when: not (openshift_docker_hosted_registry_insecure | default(True)) + block: + # we need to migrate customers to the new pattern of pushing to the registry via dns + # Step 1: verify the certificates have the docker registry service name + - name: shell command to determine if the docker-registry.default.svc is found in the registry certificate + shell: > + echo -n | openssl s_client -showcerts -servername docker-registry.default.svc -connect docker-registry.default.svc:5000 | openssl x509 -text | grep -A1 'X509v3 Subject Alternative Name:' | grep -Pq 'DNS:docker-registry\.default\.svc(,|$)' + register: cert_output + changed_when: false + failed_when: + - cert_output.rc not in [0, 1] + + # Step 2: Set a fact to be used to determine if we should run the redeploy of registry certs + - name: set a fact to include the registry certs playbook if needed + set_fact: + openshift_hosted_rollout_certs_and_registry: "{{ cert_output.rc == 0 }}" + +# Run the redeploy certs based upon the certificates. Defaults to False for insecure registries +- when: (hostvars[groups.oo_first_master.0].openshift_hosted_rollout_certs_and_registry | default(False)) | bool + import_playbook: ../../../openshift-hosted/private/redeploy-registry-certificates.yml # Check for warnings to be printed at the end of the upgrade: - name: Clean up and display warnings diff --git a/playbooks/common/openshift-cluster/upgrades/pre/config.yml b/playbooks/common/openshift-cluster/upgrades/pre/config.yml index edc541ef9..44af37b2d 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/config.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/config.yml @@ -5,8 +5,6 @@ # Pre-upgrade - import_playbook: ../initialize_nodes_to_upgrade.yml -- import_playbook: verify_cluster.yml - - name: Update repos on upgrade hosts hosts: "{{ l_upgrade_repo_hosts }}" roles: @@ -53,6 +51,8 @@ # l_openshift_version_set_hosts is passed via upgrade_control_plane.yml # l_openshift_version_check_hosts is passed via upgrade_control_plane.yml +- import_playbook: verify_cluster.yml + # If we're only upgrading nodes, we need to ensure masters are already upgraded - name: Verify masters are already upgraded hosts: oo_masters_to_config diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml index 5ee8a9d78..4902b9ecd 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml @@ -17,6 +17,7 @@ valid version for a {{ openshift_upgrade_target }} upgrade when: - openshift_pkg_version is defined + - openshift_pkg_version != "" - openshift_pkg_version.split('-',1).1 is version_compare(openshift_upgrade_target ,'<') - fail: @@ -25,6 +26,7 @@ valid version for a {{ openshift_upgrade_target }} upgrade when: - openshift_image_tag is defined + - openshift_image_tag != "" - openshift_image_tag.split('v',1).1 is version_compare(openshift_upgrade_target ,'<') - set_fact: @@ -92,25 +94,3 @@ state: started enabled: yes with_items: "{{ master_services }}" - -# Until openshift-ansible is determining which host is the CA host we -# must (unfortunately) ensure that the first host in the etcd group is -# the etcd CA host. -# https://bugzilla.redhat.com/show_bug.cgi?id=1469358 -- name: Verify we can proceed on first etcd - hosts: oo_first_etcd - gather_facts: no - tasks: - - name: Ensure CA exists on first etcd - stat: - path: /etc/etcd/generated_certs - register: __etcd_ca_stat - - - fail: - msg: > - In order to correct an etcd certificate signing problem - upgrading may require re-generating etcd certificates. Please - ensure that the /etc/etcd/generated_certs directory exists on - the first host defined in your [etcd] group. - when: - - not __etcd_ca_stat.stat.exists | bool diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index c27118f6f..3c0b72832 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -3,29 +3,6 @@ # Upgrade Masters ############################################################################### -# Prior to 3.6, openshift-ansible created etcd serving certificates -# without a SubjectAlternativeName entry for the system hostname. The -# SAN list in Go 1.8 is now (correctly) authoritative and since -# openshift-ansible configures masters to talk to etcd hostnames -# rather than IP addresses, we must correct etcd certificates. -# -# This play examines the etcd serving certificate SANs on each etcd -# host and records whether or not the system hostname is missing. -- name: Examine etcd serving certificate SAN - hosts: oo_etcd_to_config - tasks: - - slurp: - src: /etc/etcd/server.crt - register: etcd_serving_cert - - set_fact: - __etcd_cert_lacks_hostname: "{{ (openshift.common.hostname not in (etcd_serving_cert.content | b64decode | lib_utils_oo_parse_certificate_san)) | bool }}" - -# Redeploy etcd certificates when hostnames were missing from etcd -# serving certificate SANs. -- import_playbook: ../../../openshift-etcd/redeploy-certificates.yml - when: - - true in hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config']) | lib_utils_oo_collect('__etcd_cert_lacks_hostname') | default([false]) - - name: Backup and upgrade etcd import_playbook: ../../../openshift-etcd/private/upgrade_main.yml @@ -56,7 +33,6 @@ register: l_pb_upgrade_control_plane_pre_upgrade_storage when: openshift_upgrade_pre_storage_migration_enabled | default(true) | bool failed_when: - - openshift_upgrade_pre_storage_migration_enabled | default(true) | bool - l_pb_upgrade_control_plane_pre_upgrade_storage.rc != 0 - openshift_upgrade_pre_storage_migration_fatal | default(true) | bool @@ -94,6 +70,12 @@ - include_tasks: "{{ openshift_master_upgrade_hook }}" when: openshift_master_upgrade_hook is defined + - name: Disable master controller + service: + name: "{{ openshift_service_type }}-master-controllers" + enabled: false + when: openshift.common.rolling_restart_mode == 'system' + - include_tasks: ../../../openshift-master/private/tasks/restart_hosts.yml when: openshift.common.rolling_restart_mode == 'system' @@ -116,7 +98,6 @@ - openshift_upgrade_post_storage_migration_enabled | default(true) | bool - openshift_version is version_compare('3.7','<') failed_when: - - openshift_upgrade_post_storage_migration_enabled | default(true) | bool - l_pb_upgrade_control_plane_post_upgrade_storage.rc != 0 - openshift_upgrade_post_storage_migration_fatal | default(false) | bool run_once: true @@ -252,7 +233,6 @@ register: l_pb_upgrade_control_plane_post_upgrade_storage when: openshift_upgrade_post_storage_migration_enabled | default(true) | bool failed_when: - - openshift_upgrade_post_storage_migration_enabled | default(true) | bool - l_pb_upgrade_control_plane_post_upgrade_storage.rc != 0 - openshift_upgrade_post_storage_migration_fatal | default(false) | bool @@ -331,9 +311,13 @@ post_tasks: - import_role: name: openshift_node + tasks_from: upgrade_pre.yml + - import_role: + name: openshift_node tasks_from: upgrade.yml - import_role: name: openshift_manage_node tasks_from: config.yml vars: openshift_master_host: "{{ groups.oo_first_master.0 }}" + openshift_manage_node_is_master: true diff --git a/playbooks/common/openshift-cluster/upgrades/v3_10/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_10/master_config_upgrade.yml new file mode 100644 index 000000000..ed97d539c --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_10/master_config_upgrade.yml @@ -0,0 +1 @@ +--- diff --git a/playbooks/common/openshift-cluster/upgrades/v3_10/roles b/playbooks/common/openshift-cluster/upgrades/v3_10/roles new file mode 120000 index 000000000..415645be6 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_10/roles @@ -0,0 +1 @@ +../../../../../roles/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade.yml new file mode 100644 index 000000000..ec1da6d39 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade.yml @@ -0,0 +1,7 @@ +--- +# +# Full Control Plane + Nodes Upgrade +# +- import_playbook: upgrade_control_plane.yml + +- import_playbook: upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade_control_plane.yml new file mode 100644 index 000000000..64ee03562 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade_control_plane.yml @@ -0,0 +1,58 @@ +--- +# +# Control Plane Upgrade Playbook +# +# Upgrades masters and Docker (only on standalone etcd hosts) +# +# This upgrade does not include: +# - node service running on masters +# - docker running on masters +# - node service running on dedicated nodes +# +# You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. +# +- import_playbook: ../init.yml + vars: + l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + +- name: Configure the upgrade target for the common upgrade tasks 3.10 + hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config + tasks: + - meta: clear_facts + - set_fact: + openshift_upgrade_target: '3.10' + openshift_upgrade_min: '3.9' + openshift_release: '3.10' + +- import_playbook: ../pre/config.yml + # These vars a meant to exclude oo_nodes from plays that would otherwise include + # them by default. + vars: + l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master" + l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_masters_to_config" + openshift_protect_installed_version: False + +- name: Flag pre-upgrade checks complete for hosts without errors + hosts: oo_masters_to_config:oo_etcd_to_config + tasks: + - set_fact: + pre_upgrade_complete: True + +- import_playbook: ../upgrade_control_plane.yml + vars: + openshift_release: '3.10' + +- import_playbook: ../post_control_plane.yml + +- hosts: oo_masters + tasks: + - import_role: + name: openshift_web_console + tasks_from: remove_old_asset_config diff --git a/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade_nodes.yml new file mode 100644 index 000000000..eea1b250e --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_10/upgrade_nodes.yml @@ -0,0 +1,35 @@ +--- +# +# Node Upgrade Playbook +# +# Upgrades nodes only, but requires the control plane to have already been upgraded. +# +- import_playbook: ../init.yml + +- name: Configure the upgrade target for the common upgrade tasks + hosts: oo_all_hosts + tasks: + - set_fact: + openshift_upgrade_target: '3.10' + openshift_upgrade_min: '3.9' + openshift_release: '3.10' + +- import_playbook: ../pre/config.yml + vars: + l_upgrade_repo_hosts: "oo_nodes_to_config" + l_upgrade_no_proxy_hosts: "oo_all_hosts" + l_upgrade_health_check_hosts: "oo_nodes_to_config" + l_upgrade_verify_targets_hosts: "oo_nodes_to_config" + l_upgrade_docker_target_hosts: "oo_nodes_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:!oo_masters_to_config" + l_upgrade_nodes_only: True + +- name: Flag pre-upgrade checks complete for hosts without errors + hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config + tasks: + - set_fact: + pre_upgrade_complete: True + +# Pre-upgrade completed + +- import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_10/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_10/validator.yml new file mode 100644 index 000000000..d8540abfb --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_10/validator.yml @@ -0,0 +1,7 @@ +--- +- name: Verify 3.8 specific upgrade checks + hosts: oo_first_master + roles: + - { role: lib_openshift } + tasks: + - debug: msg="noop" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml index bf6e8605e..ec1da6d39 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml @@ -2,54 +2,6 @@ # # Full Control Plane + Nodes Upgrade # -- import_playbook: ../init.yml +- import_playbook: upgrade_control_plane.yml -- name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tasks: - - set_fact: - openshift_upgrade_target: '3.9' - openshift_upgrade_min: '3.7' - openshift_release: '3.9' - -- import_playbook: ../pre/config.yml - vars: - l_upgrade_repo_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config" - l_upgrade_no_proxy_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" - l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" - l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" - l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" - l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" - openshift_protect_installed_version: False - -- import_playbook: validator.yml - -- name: Flag pre-upgrade checks complete for hosts without errors - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - set_fact: - pre_upgrade_complete: True - -# Pre-upgrade completed - -- import_playbook: ../upgrade_control_plane.yml - -# All controllers must be stopped at the same time then restarted -- name: Cycle all controller services to force new leader election mode - hosts: oo_masters_to_config - gather_facts: no - roles: - - role: openshift_facts - tasks: - - name: Stop {{ openshift_service_type }}-master-controllers - systemd: - name: "{{ openshift_service_type }}-master-controllers" - state: stopped - - name: Start {{ openshift_service_type }}-master-controllers - systemd: - name: "{{ openshift_service_type }}-master-controllers" - state: started - -- import_playbook: ../upgrade_nodes.yml - -- import_playbook: ../post_control_plane.yml +- import_playbook: upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml index c8a42322d..9c7677f1b 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml @@ -15,6 +15,7 @@ vars: l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_base_packages_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" ## Check to see if they're running 3.7 and if so upgrade them to 3.8 on control plan ## If they've specified pkg_version or image_tag preserve that for later use @@ -26,6 +27,7 @@ openshift_upgrade_min: '3.7' openshift_release: '3.8' _requested_pkg_version: "{{ openshift_pkg_version if openshift_pkg_version is defined else omit }}" + openshift_pkg_version: '' _requested_image_tag: "{{ openshift_image_tag if openshift_image_tag is defined else omit }}" l_double_upgrade_cp: True when: hostvars[groups.oo_first_master.0].openshift_currently_installed_version | version_compare('3.8','<') @@ -61,10 +63,8 @@ # Pre-upgrade completed -- import_playbook: ../upgrade_control_plane.yml - vars: - openshift_release: '3.8' - openshift_pkg_version: '' +- name: Intermediate 3.8 Upgrade + import_playbook: ../upgrade_control_plane.yml when: hostvars[groups.oo_first_master.0].openshift_currently_installed_version | version_compare('3.8','<') ## 3.8 upgrade complete we should now be able to upgrade to 3.9 @@ -77,7 +77,7 @@ openshift_upgrade_target: '3.9' openshift_upgrade_min: '3.8' openshift_release: '3.9' - openshift_pkg_version: "{{ _requested_pkg_version | default ('-3.9*') }}" + openshift_pkg_version: "{{ _requested_pkg_version if _requested_pkg_version is defined else '' }}" # Set the user's specified image_tag for 3.9 upgrade if it was provided. - set_fact: openshift_image_tag: "{{ _requested_image_tag }}" @@ -106,6 +106,7 @@ l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" l_upgrade_excluder_hosts: "oo_masters_to_config" openshift_protect_installed_version: False + openshift_version_reinit: True - name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_etcd_to_config @@ -114,8 +115,6 @@ pre_upgrade_complete: True - import_playbook: ../upgrade_control_plane.yml - vars: - openshift_release: '3.9' # All controllers must be stopped at the same time then restarted - name: Cycle all controller services to force new leader election mode @@ -124,14 +123,16 @@ roles: - role: openshift_facts tasks: - - name: Stop {{ openshift_service_type }}-master-controllers - systemd: + - name: Restart master controllers to force new leader election mode + service: name: "{{ openshift_service_type }}-master-controllers" - state: stopped - - name: Start {{ openshift_service_type }}-master-controllers - systemd: + state: restarted + when: openshift.common.rolling_restart_mode == 'services' + - name: Re-enable master controllers to force new leader election mode + service: name: "{{ openshift_service_type }}-master-controllers" - state: started + enabled: true + when: openshift.common.rolling_restart_mode == 'system' - import_playbook: ../post_control_plane.yml diff --git a/playbooks/container-runtime/config.yml b/playbooks/container-runtime/config.yml index f15aa771f..d7f3634ec 100644 --- a/playbooks/container-runtime/config.yml +++ b/playbooks/container-runtime/config.yml @@ -1,6 +1,8 @@ --- - import_playbook: ../init/main.yml vars: - skip_verison: True + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" - import_playbook: private/config.yml diff --git a/playbooks/container-runtime/private/config.yml b/playbooks/container-runtime/private/config.yml index 5396df20a..d5312de15 100644 --- a/playbooks/container-runtime/private/config.yml +++ b/playbooks/container-runtime/private/config.yml @@ -12,6 +12,12 @@ - role: container_runtime tasks: - import_role: + name: openshift_excluder + tasks_from: enable.yml + vars: + r_openshift_excluder_action: enable + r_openshift_excluder_enable_openshift_excluder: false + - import_role: name: container_runtime tasks_from: package_docker.yml when: diff --git a/playbooks/container-runtime/setup_storage.yml b/playbooks/container-runtime/setup_storage.yml index 98e876b2c..17ff11cfd 100644 --- a/playbooks/container-runtime/setup_storage.yml +++ b/playbooks/container-runtime/setup_storage.yml @@ -1,6 +1,8 @@ --- - import_playbook: ../init/main.yml vars: - skip_verison: True + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" - import_playbook: private/setup_storage.yml diff --git a/playbooks/gcp/openshift-cluster/build_image.yml b/playbooks/gcp/openshift-cluster/build_image.yml index 787de8ebc..0daf61122 100644 --- a/playbooks/gcp/openshift-cluster/build_image.yml +++ b/playbooks/gcp/openshift-cluster/build_image.yml @@ -62,6 +62,12 @@ timeout: 120 with_items: "{{ gce.instance_data }}" +- name: Wait for full SSH connection + hosts: nodes + gather_facts: no + tasks: + - wait_for_connection: + - hosts: nodes tasks: - name: Set facts diff --git a/playbooks/init/base_packages.yml b/playbooks/init/base_packages.yml index 0a730a88a..addb4f44d 100644 --- a/playbooks/init/base_packages.yml +++ b/playbooks/init/base_packages.yml @@ -1,8 +1,9 @@ --- -# l_scale_up_hosts may be passed in via prerequisites.yml during scaleup plays. +# l_base_packages_hosts may be passed in via prerequisites.yml during scaleup plays +# and upgrade_control_plane.yml upgrade plays. - name: Install packages necessary for installer - hosts: "{{ l_scale_up_hosts | default('oo_all_hosts') }}" + hosts: "{{ l_base_packages_hosts | default('oo_all_hosts') }}" any_errors_fatal: true tasks: - when: @@ -16,8 +17,9 @@ - iproute - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}" - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}" - - "{{ 'python-ipaddress' if ansible_distribution != 'Fedora' else omit }}" + - "{{ 'python-ipaddress' if ansible_distribution != 'Fedora' else '' }}" - yum-utils + when: item != '' register: result until: result is succeeded diff --git a/playbooks/init/evaluate_groups.yml b/playbooks/init/evaluate_groups.yml index e8bf1892c..81d7d63ca 100644 --- a/playbooks/init/evaluate_groups.yml +++ b/playbooks/init/evaluate_groups.yml @@ -51,7 +51,7 @@ upgrade please see https://docs.openshift.com/container-platform/latest/install_config/upgrading/migrating_embedded_etcd.html for documentation on how to migrate from embedded to external etcd. when: - - g_etcd_hosts | default([]) | length not in [5,3,1] + - g_etcd_hosts | default([]) | length == 0 - not (openshift_node_bootstrap | default(False)) - name: Evaluate oo_all_hosts diff --git a/playbooks/init/main.yml b/playbooks/init/main.yml index 9886691e0..468d81fbe 100644 --- a/playbooks/init/main.yml +++ b/playbooks/init/main.yml @@ -1,5 +1,5 @@ --- -# skip_verison and l_install_base_packages are passed in via prerequistes.yml. +# skip_version and l_install_base_packages are passed in via prerequistes.yml. # skip_sanity_checks is passed in via openshift-node/private/image_prep.yml - name: Initialization Checkpoint Start @@ -27,7 +27,7 @@ - import_playbook: cluster_facts.yml - import_playbook: version.yml - when: not (skip_verison | default(False)) + when: not (skip_version | default(False)) - import_playbook: sanity_checks.yml when: not (skip_sanity_checks | default(False)) diff --git a/playbooks/openshift-etcd/certificates.yml b/playbooks/openshift-etcd/certificates.yml index c06e3b575..86caba4e8 100644 --- a/playbooks/openshift-etcd/certificates.yml +++ b/playbooks/openshift-etcd/certificates.yml @@ -1,5 +1,11 @@ --- - import_playbook: ../init/main.yml + vars: + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" + l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}" - import_playbook: private/ca.yml diff --git a/playbooks/openshift-etcd/config.yml b/playbooks/openshift-etcd/config.yml index c7814207c..378edce85 100644 --- a/playbooks/openshift-etcd/config.yml +++ b/playbooks/openshift-etcd/config.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" + l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}" - import_playbook: private/config.yml diff --git a/playbooks/openshift-etcd/embedded2external.yml b/playbooks/openshift-etcd/embedded2external.yml index 7d090fa9b..34be38ac0 100644 --- a/playbooks/openshift-etcd/embedded2external.yml +++ b/playbooks/openshift-etcd/embedded2external.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" + l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}" - import_playbook: private/embedded2external.yml diff --git a/playbooks/openshift-etcd/migrate.yml b/playbooks/openshift-etcd/migrate.yml index 0340b74a5..4e8238ebd 100644 --- a/playbooks/openshift-etcd/migrate.yml +++ b/playbooks/openshift-etcd/migrate.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" + l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}" - import_playbook: private/migrate.yml diff --git a/playbooks/openshift-etcd/private/ca.yml b/playbooks/openshift-etcd/private/ca.yml index 72c39d546..77e7b0ed0 100644 --- a/playbooks/openshift-etcd/private/ca.yml +++ b/playbooks/openshift-etcd/private/ca.yml @@ -10,7 +10,6 @@ tasks_from: ca.yml vars: etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" when: - etcd_ca_setup | default(True) | bool diff --git a/playbooks/openshift-etcd/private/certificates-backup.yml b/playbooks/openshift-etcd/private/certificates-backup.yml index 2f9bef799..e1354de67 100644 --- a/playbooks/openshift-etcd/private/certificates-backup.yml +++ b/playbooks/openshift-etcd/private/certificates-backup.yml @@ -1,6 +1,6 @@ --- - name: Backup and remove generated etcd certificates - hosts: oo_first_etcd + hosts: oo_etcd_to_config any_errors_fatal: true tasks: - import_role: diff --git a/playbooks/openshift-etcd/private/config.yml b/playbooks/openshift-etcd/private/config.yml index 35407969e..bbc952d8e 100644 --- a/playbooks/openshift-etcd/private/config.yml +++ b/playbooks/openshift-etcd/private/config.yml @@ -22,7 +22,6 @@ - role: openshift_clock - role: openshift_etcd etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" - role: nickhammond.logrotate diff --git a/playbooks/openshift-etcd/private/master_etcd_certificates.yml b/playbooks/openshift-etcd/private/master_etcd_certificates.yml index d98470db2..4e4972dba 100644 --- a/playbooks/openshift-etcd/private/master_etcd_certificates.yml +++ b/playbooks/openshift-etcd/private/master_etcd_certificates.yml @@ -5,9 +5,7 @@ roles: - role: openshift_etcd_facts - role: openshift_etcd_client_certificates - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_cert_subdir: "openshift-master-{{ openshift.common.hostname }}" etcd_cert_config_dir: "{{ openshift.common.config_base }}/master" etcd_cert_prefix: "master.etcd-" - openshift_ca_host: "{{ groups.oo_first_master.0 }}" when: groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config diff --git a/playbooks/openshift-etcd/private/redeploy-ca.yml b/playbooks/openshift-etcd/private/redeploy-ca.yml index a3acf6945..55409e503 100644 --- a/playbooks/openshift-etcd/private/redeploy-ca.yml +++ b/playbooks/openshift-etcd/private/redeploy-ca.yml @@ -45,7 +45,6 @@ tasks_from: distribute_ca.yml vars: etcd_sync_cert_dir: "{{ hostvars['localhost'].g_etcd_mktemp.stdout }}" - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" - import_playbook: restart.yml # Do not restart etcd when etcd certificates were previously expired. diff --git a/playbooks/openshift-etcd/private/scaleup.yml b/playbooks/openshift-etcd/private/scaleup.yml index 8a9811a25..162a5eba7 100644 --- a/playbooks/openshift-etcd/private/scaleup.yml +++ b/playbooks/openshift-etcd/private/scaleup.yml @@ -12,8 +12,6 @@ hosts: oo_new_etcd_to_config serial: 1 any_errors_fatal: true - vars: - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" pre_tasks: - name: Add new etcd members to cluster command: > @@ -42,7 +40,6 @@ - role: openshift_etcd when: etcd_add_check.rc == 0 etcd_peers: "{{ groups.oo_etcd_to_config | union(groups.oo_new_etcd_to_config)| default([], true) }}" - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" etcd_initial_cluster_state: "existing" etcd_initial_cluster: "{{ etcd_add_check.stdout_lines[3] | regex_replace('ETCD_INITIAL_CLUSTER=','') | regex_replace('\"','') }}" @@ -66,8 +63,6 @@ hosts: oo_masters_to_config serial: 1 vars: - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" - openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_etcd_hosts: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | union(groups['oo_new_etcd_to_config'] | default([]) )) | lib_utils_oo_collect('openshift.common.hostname') diff --git a/playbooks/openshift-etcd/private/server_certificates.yml b/playbooks/openshift-etcd/private/server_certificates.yml index ebcf4a5ff..0abfe1650 100644 --- a/playbooks/openshift-etcd/private/server_certificates.yml +++ b/playbooks/openshift-etcd/private/server_certificates.yml @@ -9,6 +9,5 @@ name: etcd tasks_from: server_certificates.yml vars: - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_peers: "{{ groups.oo_etcd_to_config | default([], true) }}" etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}" diff --git a/playbooks/openshift-etcd/private/upgrade_main.yml b/playbooks/openshift-etcd/private/upgrade_main.yml index 8997680f9..fea588260 100644 --- a/playbooks/openshift-etcd/private/upgrade_main.yml +++ b/playbooks/openshift-etcd/private/upgrade_main.yml @@ -1,4 +1,37 @@ --- +# Prior to 3.6, openshift-ansible created etcd serving certificates +# without a SubjectAlternativeName entry for the system hostname. The +# SAN list in Go 1.8 is now (correctly) authoritative and since +# openshift-ansible configures masters to talk to etcd hostnames +# rather than IP addresses, we must correct etcd certificates. +# +# This play examines the etcd serving certificate SANs on each etcd +# host and records whether or not the system hostname is missing. +- name: Examine etcd serving certificate SAN + hosts: oo_etcd_to_config + tasks: + - slurp: + src: /etc/etcd/server.crt + register: etcd_serving_cert + - set_fact: + __etcd_cert_lacks_hostname: "{{ (openshift.common.hostname not in (etcd_serving_cert.content | b64decode | lib_utils_oo_parse_certificate_san)) | bool }}" + +# Redeploy etcd certificates when hostnames were missing from etcd +# serving certificate SANs. +- import_playbook: redeploy-certificates.yml + when: + - true in hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config']) | lib_utils_oo_collect('__etcd_cert_lacks_hostname') | default([false]) + +- import_playbook: restart.yml + vars: + g_etcd_certificates_expired: "{{ ('expired' in (hostvars | lib_utils_oo_select_keys(groups['etcd']) | lib_utils_oo_collect('check_results.check_results.etcd') | lib_utils_oo_collect('health'))) | bool }}" + when: + - true in hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config']) | lib_utils_oo_collect('__etcd_cert_lacks_hostname') | default([false]) + +- import_playbook: ../../openshift-master/private/restart.yml + when: + - true in hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config']) | lib_utils_oo_collect('__etcd_cert_lacks_hostname') | default([false]) + # For 1.4/3.4 we want to upgrade everyone to etcd-3.0. etcd docs say to # upgrade from 2.0.x to 2.1.x to 2.2.x to 2.3.x to 3.0.x. While this is a tedius # task for RHEL and CENTOS it's simply not possible in Fedora unless you've diff --git a/playbooks/openshift-etcd/redeploy-ca.yml b/playbooks/openshift-etcd/redeploy-ca.yml index 769d694ba..93b68a257 100644 --- a/playbooks/openshift-etcd/redeploy-ca.yml +++ b/playbooks/openshift-etcd/redeploy-ca.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" + l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}" - import_playbook: private/redeploy-ca.yml diff --git a/playbooks/openshift-etcd/redeploy-certificates.yml b/playbooks/openshift-etcd/redeploy-certificates.yml index 8ea1994f7..202acb493 100644 --- a/playbooks/openshift-etcd/redeploy-certificates.yml +++ b/playbooks/openshift-etcd/redeploy-certificates.yml @@ -1,5 +1,11 @@ --- - import_playbook: ../init/main.yml + vars: + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" + l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}" - import_playbook: private/redeploy-certificates.yml diff --git a/playbooks/openshift-etcd/restart.yml b/playbooks/openshift-etcd/restart.yml index 041c1384d..05aaa9809 100644 --- a/playbooks/openshift-etcd/restart.yml +++ b/playbooks/openshift-etcd/restart.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + skip_version: True + l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}" - import_playbook: private/restart.yml diff --git a/playbooks/openshift-etcd/scaleup.yml b/playbooks/openshift-etcd/scaleup.yml index 656454fe3..3e2fca8d4 100644 --- a/playbooks/openshift-etcd/scaleup.yml +++ b/playbooks/openshift-etcd/scaleup.yml @@ -32,6 +32,7 @@ l_build_container_groups_hosts: "oo_new_etcd_to_config" l_etcd_scale_up_hosts: "oo_hosts_containerized_managed_true" l_scale_up_hosts: "oo_new_etcd_to_config" + l_base_packages_hosts: "oo_new_etcd_to_config" l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_new_etcd_to_config" l_sanity_check_hosts: "{{ groups['oo_new_etcd_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config']) }}" when: @@ -42,8 +43,10 @@ # prerequisites, we can just init facts as normal. - import_playbook: ../init/main.yml vars: - skip_verison: True + skip_version: True l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_new_etcd_to_config" + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" when: - inventory_hostname in groups['oo_masters'] - inventory_hostname in groups['oo_nodes_to_config'] diff --git a/playbooks/openshift-etcd/upgrade.yml b/playbooks/openshift-etcd/upgrade.yml index 77999d92c..1edcd6819 100644 --- a/playbooks/openshift-etcd/upgrade.yml +++ b/playbooks/openshift-etcd/upgrade.yml @@ -1,7 +1,9 @@ --- - import_playbook: ../init/main.yml vars: - skip_verison: True + skip_version: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" l_sanity_check_hosts: "{{ groups['oo_etcd_to_config'] | union(groups['oo_masters_to_config']) }}" diff --git a/playbooks/openshift-glusterfs/config.yml b/playbooks/openshift-glusterfs/config.yml index c7814207c..ccdd8d069 100644 --- a/playbooks/openshift-glusterfs/config.yml +++ b/playbooks/openshift-glusterfs/config.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config:oo_glusterfs_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] | union(groups['oo_glusterfs_to_config']) }}" - import_playbook: private/config.yml diff --git a/playbooks/openshift-glusterfs/registry.yml b/playbooks/openshift-glusterfs/registry.yml index 5e3b18536..cc2846cb3 100644 --- a/playbooks/openshift-glusterfs/registry.yml +++ b/playbooks/openshift-glusterfs/registry.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config:oo_glusterfs_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] | union(groups['oo_glusterfs_to_config']) }}" - import_playbook: private/registry.yml diff --git a/playbooks/openshift-grafana/config.yml b/playbooks/openshift-grafana/config.yml index c7814207c..62d954d29 100644 --- a/playbooks/openshift-grafana/config.yml +++ b/playbooks/openshift-grafana/config.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/config.yml diff --git a/playbooks/openshift-hosted/config.yml b/playbooks/openshift-hosted/config.yml index c7814207c..62d954d29 100644 --- a/playbooks/openshift-hosted/config.yml +++ b/playbooks/openshift-hosted/config.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/config.yml diff --git a/playbooks/openshift-hosted/deploy_registry.yml b/playbooks/openshift-hosted/deploy_registry.yml index 2453329dd..e42af7149 100644 --- a/playbooks/openshift-hosted/deploy_registry.yml +++ b/playbooks/openshift-hosted/deploy_registry.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/openshift_hosted_registry.yml diff --git a/playbooks/openshift-hosted/deploy_router.yml b/playbooks/openshift-hosted/deploy_router.yml index e832eeeea..a3564fe51 100644 --- a/playbooks/openshift-hosted/deploy_router.yml +++ b/playbooks/openshift-hosted/deploy_router.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/openshift_hosted_router.yml diff --git a/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml b/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml index b817221b8..d88209593 100644 --- a/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml +++ b/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml @@ -88,8 +88,7 @@ - name: Redeploy docker registry command: > - {{ openshift_client_binary }} deploy dc/docker-registry - --latest + {{ openshift_client_binary }} rollout latest dc/docker-registry --config={{ mktemp.stdout }}/admin.kubeconfig -n default diff --git a/playbooks/openshift-hosted/private/redeploy-router-certificates.yml b/playbooks/openshift-hosted/private/redeploy-router-certificates.yml index 0df748f47..952a5f4ee 100644 --- a/playbooks/openshift-hosted/private/redeploy-router-certificates.yml +++ b/playbooks/openshift-hosted/private/redeploy-router-certificates.yml @@ -129,8 +129,7 @@ - name: Redeploy router command: > - {{ openshift_client_binary }} deploy dc/router - --latest + {{ openshift_client_binary }} rollout latest dc/router --config={{ router_cert_redeploy_tempdir.stdout }}/admin.kubeconfig -n default diff --git a/playbooks/openshift-hosted/redeploy-registry-certificates.yml b/playbooks/openshift-hosted/redeploy-registry-certificates.yml index 518a1d624..1ab237558 100644 --- a/playbooks/openshift-hosted/redeploy-registry-certificates.yml +++ b/playbooks/openshift-hosted/redeploy-registry-certificates.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/redeploy-registry-certificates.yml diff --git a/playbooks/openshift-hosted/redeploy-router-certificates.yml b/playbooks/openshift-hosted/redeploy-router-certificates.yml index a74dd8c79..4b44be405 100644 --- a/playbooks/openshift-hosted/redeploy-router-certificates.yml +++ b/playbooks/openshift-hosted/redeploy-router-certificates.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/redeploy-router-certificates.yml diff --git a/playbooks/openshift-loadbalancer/config.yml b/playbooks/openshift-loadbalancer/config.yml index c7814207c..13903ee17 100644 --- a/playbooks/openshift-loadbalancer/config.yml +++ b/playbooks/openshift-loadbalancer/config.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config:oo_lb_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] | union(groups['oo_lb_to_config']) }}" - import_playbook: private/config.yml diff --git a/playbooks/openshift-logging/config.yml b/playbooks/openshift-logging/config.yml index 83d330284..419dcbc3f 100644 --- a/playbooks/openshift-logging/config.yml +++ b/playbooks/openshift-logging/config.yml @@ -5,5 +5,10 @@ # currently supported method. # - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/config.yml diff --git a/playbooks/openshift-logging/private/config.yml b/playbooks/openshift-logging/private/config.yml index 07aa8bfde..f2a57f9f8 100644 --- a/playbooks/openshift-logging/private/config.yml +++ b/playbooks/openshift-logging/private/config.yml @@ -11,6 +11,38 @@ status: "In Progress" start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" +- name: Update vm.max_map_count for ES 5.x + hosts: all + gather_facts: false + tasks: + - when: + - openshift_logging_es5_techpreview | default(false) | bool + - openshift_deployment_type in ['origin'] + block: + - name: Checking vm max_map_count value + command: + cat /proc/sys/vm/max_map_count + register: _vm_max_map_count + + - stat: + path: /etc/sysctl.d/99-elasticsearch.conf + register: _99_es_conf + + - name: Check for current value of vm.max_map_count in 99-elasticsearch.conf + command: > + sed /etc/sysctl.d/99-elasticsearch.conf -e 's/vm.max_map_count=\(.*\)/\1/' + register: _curr_vm_max_map_count + when: _99_es_conf.stat.exists + + - name: Updating vm.max_map_count value + sysctl: + name: vm.max_map_count + value: 262144 + sysctl_file: "/etc/sysctl.d/99-elasticsearch.conf" + reload: yes + when: + - _vm_max_map_count.stdout | default(0) | int < 262144 | int or _curr_vm_max_map_count.stdout | default(0) | int < 262144 + - name: OpenShift Aggregated Logging hosts: oo_first_master roles: @@ -20,11 +52,10 @@ - name: Update Master configs hosts: oo_masters:!oo_first_master tasks: - - block: - - import_role: - name: openshift_logging - tasks_from: update_master_config - when: not openshift.common.version_gte_3_9 + - include_role: + name: openshift_logging + tasks_from: update_master_config + when: not openshift.common.version_gte_3_9 - name: Logging Install Checkpoint End hosts: all diff --git a/playbooks/openshift-management/config.yml b/playbooks/openshift-management/config.yml index c7814207c..62d954d29 100644 --- a/playbooks/openshift-management/config.yml +++ b/playbooks/openshift-management/config.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/config.yml diff --git a/playbooks/openshift-master/private/scaleup.yml b/playbooks/openshift-master/private/scaleup.yml index 20ebf70d3..5aaa0b156 100644 --- a/playbooks/openshift-master/private/scaleup.yml +++ b/playbooks/openshift-master/private/scaleup.yml @@ -45,7 +45,7 @@ - import_playbook: set_network_facts.yml -- import_playbook: ../../openshift-etcd/private/certificates.yml +- import_playbook: ../../openshift-etcd/private/master_etcd_certificates.yml - import_playbook: config.yml diff --git a/playbooks/openshift-master/private/tasks/restart_services.yml b/playbooks/openshift-master/private/tasks/restart_services.yml new file mode 100644 index 000000000..cf2c282e3 --- /dev/null +++ b/playbooks/openshift-master/private/tasks/restart_services.yml @@ -0,0 +1,4 @@ +--- +- import_role: + name: openshift_master + tasks_from: restart.yml diff --git a/playbooks/openshift-master/scaleup.yml b/playbooks/openshift-master/scaleup.yml index 09e205afc..0ca5d1a61 100644 --- a/playbooks/openshift-master/scaleup.yml +++ b/playbooks/openshift-master/scaleup.yml @@ -32,6 +32,7 @@ - import_playbook: ../prerequisites.yml vars: l_scale_up_hosts: "oo_nodes_to_config:oo_masters_to_config" + l_base_packages_hosts: "oo_nodes_to_config:oo_masters_to_config" l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nodes_to_config" l_sanity_check_hosts: "{{ groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) }}" diff --git a/playbooks/openshift-metrics/config.yml b/playbooks/openshift-metrics/config.yml index c7814207c..1ca68fb9e 100644 --- a/playbooks/openshift-metrics/config.yml +++ b/playbooks/openshift-metrics/config.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" + - import_playbook: private/config.yml diff --git a/playbooks/openshift-nfs/config.yml b/playbooks/openshift-nfs/config.yml index c7814207c..b22796228 100644 --- a/playbooks/openshift-nfs/config.yml +++ b/playbooks/openshift-nfs/config.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config:oo_nfs_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] | union(groups['oo_nfs_to_config']) }}" + - import_playbook: private/config.yml diff --git a/playbooks/openshift-node/private/etcd_client_config.yml b/playbooks/openshift-node/private/etcd_client_config.yml index c3fa38a81..148bdc769 100644 --- a/playbooks/openshift-node/private/etcd_client_config.yml +++ b/playbooks/openshift-node/private/etcd_client_config.yml @@ -6,6 +6,5 @@ - role: openshift_etcd_facts - role: openshift_etcd_client_certificates etcd_cert_prefix: flannel.etcd- - etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" etcd_cert_subdir: "openshift-node-{{ openshift.common.hostname }}" etcd_cert_config_dir: "{{ openshift.common.config_base }}/node" diff --git a/playbooks/openshift-node/scaleup.yml b/playbooks/openshift-node/scaleup.yml index 9cc7263b7..bda251fa5 100644 --- a/playbooks/openshift-node/scaleup.yml +++ b/playbooks/openshift-node/scaleup.yml @@ -27,6 +27,7 @@ - import_playbook: ../prerequisites.yml vars: l_scale_up_hosts: "oo_nodes_to_config" + l_base_packages_hosts: "oo_nodes_to_config" l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nodes_to_config" l_sanity_check_hosts: "{{ groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) }}" diff --git a/playbooks/openshift-prometheus/config.yml b/playbooks/openshift-prometheus/config.yml index c7814207c..1ca68fb9e 100644 --- a/playbooks/openshift-prometheus/config.yml +++ b/playbooks/openshift-prometheus/config.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" + - import_playbook: private/config.yml diff --git a/playbooks/openshift-prometheus/private/uninstall.yml b/playbooks/openshift-prometheus/private/uninstall.yml index 2df39c2a8..b01f7f988 100644 --- a/playbooks/openshift-prometheus/private/uninstall.yml +++ b/playbooks/openshift-prometheus/private/uninstall.yml @@ -5,4 +5,4 @@ - name: Run the Prometheus Uninstall Role Tasks include_role: name: openshift_prometheus - tasks_from: uninstall + tasks_from: uninstall_prometheus diff --git a/playbooks/openshift-provisioners/config.yml b/playbooks/openshift-provisioners/config.yml index c7814207c..1ca68fb9e 100644 --- a/playbooks/openshift-provisioners/config.yml +++ b/playbooks/openshift-provisioners/config.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" + - import_playbook: private/config.yml diff --git a/playbooks/openshift-service-catalog/config.yml b/playbooks/openshift-service-catalog/config.yml index c7814207c..1ca68fb9e 100644 --- a/playbooks/openshift-service-catalog/config.yml +++ b/playbooks/openshift-service-catalog/config.yml @@ -1,4 +1,10 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" + - import_playbook: private/config.yml diff --git a/playbooks/openshift-web-console/config.yml b/playbooks/openshift-web-console/config.yml index c7814207c..62d954d29 100644 --- a/playbooks/openshift-web-console/config.yml +++ b/playbooks/openshift-web-console/config.yml @@ -1,4 +1,9 @@ --- - import_playbook: ../init/main.yml + vars: + l_init_fact_hosts: "oo_masters_to_config" + l_openshift_version_set_hosts: "oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "all:!all" + l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}" - import_playbook: private/config.yml diff --git a/playbooks/prerequisites.yml b/playbooks/prerequisites.yml index 0b76ca862..544adbd4d 100644 --- a/playbooks/prerequisites.yml +++ b/playbooks/prerequisites.yml @@ -3,8 +3,10 @@ - import_playbook: init/main.yml vars: - skip_verison: True + skip_version: True l_install_base_packages: True + l_openshift_version_set_hosts: "all:!all" + l_openshift_version_check_hosts: "all:!all" - import_playbook: init/validate_hostnames.yml when: not (skip_validate_hostnames | default(False)) |