summaryrefslogtreecommitdiffstats
path: root/roles/openshift_master/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_master/tasks')
-rw-r--r--roles/openshift_master/tasks/bootstrap.yml67
-rw-r--r--roles/openshift_master/tasks/bootstrap_settings.yml15
-rw-r--r--roles/openshift_master/tasks/main.yml92
-rw-r--r--roles/openshift_master/tasks/registry_auth.yml26
-rw-r--r--roles/openshift_master/tasks/restart.yml22
-rw-r--r--roles/openshift_master/tasks/system_container.yml6
-rw-r--r--roles/openshift_master/tasks/systemd_units.yml32
-rw-r--r--roles/openshift_master/tasks/upgrade.yml45
-rw-r--r--roles/openshift_master/tasks/upgrade/rpm_upgrade.yml22
-rw-r--r--roles/openshift_master/tasks/upgrade/upgrade_scheduler.yml173
-rw-r--r--roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml15
-rw-r--r--roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml20
12 files changed, 360 insertions, 175 deletions
diff --git a/roles/openshift_master/tasks/bootstrap.yml b/roles/openshift_master/tasks/bootstrap.yml
index f837a8bae..ce55e7d0c 100644
--- a/roles/openshift_master/tasks/bootstrap.yml
+++ b/roles/openshift_master/tasks/bootstrap.yml
@@ -2,7 +2,8 @@
# TODO: create a module for this command.
# oc_serviceaccounts_kubeconfig
- name: create service account kubeconfig with csr rights
- command: "oc serviceaccounts create-kubeconfig node-bootstrapper -n openshift-infra"
+ command: >
+ oc serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }}
register: kubeconfig_out
until: kubeconfig_out.rc == 0
retries: 24
@@ -12,67 +13,3 @@
copy:
content: "{{ kubeconfig_out.stdout }}"
dest: "{{ openshift_master_config_dir }}/bootstrap.kubeconfig"
-
-- name: create a temp dir for this work
- command: mktemp -d /tmp/openshift_node_config-XXXXXX
- register: mktempout
- run_once: true
-
-# This generate is so that we do not have to maintain
-# our own copy of the template. This is generated by
-# the product and the following settings will be
-# generated by the master
-- name: generate a node-config dynamically
- command: >
- {{ openshift_master_client_binary }} adm create-node-config
- --node-dir={{ mktempout.stdout }}/
- --node=CONFIGMAP
- --hostnames=test
- --dns-ip=0.0.0.0
- --certificate-authority={{ openshift_master_config_dir }}/ca.crt
- --signer-cert={{ openshift_master_config_dir }}/ca.crt
- --signer-key={{ openshift_master_config_dir }}/ca.key
- --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt
- --node-client-certificate-authority={{ openshift_master_config_dir }}/ca.crt
- register: configgen
- run_once: true
-
-- name: remove the default settings
- yedit:
- state: "{{ item.state | default('present') }}"
- src: "{{ mktempout.stdout }}/node-config.yaml"
- key: "{{ item.key }}"
- value: "{{ item.value | default(omit) }}"
- with_items: "{{ openshift_master_node_config_default_edits }}"
- run_once: true
-
-- name: copy the generated config into each group
- copy:
- src: "{{ mktempout.stdout }}/node-config.yaml"
- remote_src: true
- dest: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
- with_items: "{{ openshift_master_node_configs }}"
- run_once: true
-
-- name: "specialize the generated configs for node-config-{{ item.type }}"
- yedit:
- src: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
- edits: "{{ item.edits }}"
- with_items: "{{ openshift_master_node_configs }}"
- run_once: true
-
-- name: create node-config.yaml configmap
- oc_configmap:
- name: "node-config-{{ item.type }}"
- namespace: "{{ openshift_master_bootstrap_namespace }}"
- from_file:
- node-config.yaml: "{{ mktempout.stdout }}/node-config-{{ item.type }}.yaml"
- with_items: "{{ openshift_master_node_configs }}"
- run_once: true
-
-- name: remove templated files
- file:
- dest: "{{ mktempout.stdout }}/"
- state: absent
- with_items: "{{ openshift_master_node_configs }}"
- run_once: true
diff --git a/roles/openshift_master/tasks/bootstrap_settings.yml b/roles/openshift_master/tasks/bootstrap_settings.yml
new file mode 100644
index 000000000..10e0828eb
--- /dev/null
+++ b/roles/openshift_master/tasks/bootstrap_settings.yml
@@ -0,0 +1,15 @@
+---
+- name: modify controller args
+ yedit:
+ src: /etc/origin/master/master-config.yaml
+ edits:
+ - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
+ value:
+ - /etc/origin/master/ca.crt
+ - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
+ value:
+ - /etc/origin/master/ca.key
+ notify:
+ - restart master controllers
+ - restart master api
+ when: openshift_master_bootstrap_enabled | default(False)
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 48b34c578..5f4e6df71 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -11,34 +11,8 @@
- openshift_master_oauth_grant_method is defined
- openshift_master_oauth_grant_method not in openshift_master_valid_grant_methods
-# HA Variable Validation
-- fail:
- msg: "openshift_master_cluster_method must be set to either 'native' or 'pacemaker' for multi-master installations"
- when:
- - openshift.master.ha | bool
- - (openshift.master.cluster_method is not defined) or (openshift.master.cluster_method is defined and openshift.master.cluster_method not in ["native", "pacemaker"])
-- fail:
- msg: "'native' high availability is not supported for the requested OpenShift version"
- when:
- - openshift.master.ha | bool
- - openshift.master.cluster_method == "native"
- - not openshift.common.version_gte_3_1_or_1_1 | bool
-- fail:
- msg: "openshift_master_cluster_password must be set for multi-master installations"
- when:
- - openshift.master.ha | bool
- - openshift.master.cluster_method == "pacemaker"
- - openshift_master_cluster_password is not defined or not openshift_master_cluster_password
-- fail:
- msg: "Pacemaker based HA is not supported at this time when used with containerized installs"
- when:
- - openshift.master.ha | bool
- - openshift.master.cluster_method == "pacemaker"
- - openshift.common.is_containerized | bool
-
- name: Open up firewall ports
- include: firewall.yml
- static: yes
+ import_tasks: firewall.yml
- name: Install Master package
package:
@@ -46,6 +20,8 @@
state: present
when:
- not openshift.common.is_containerized | bool
+ register: result
+ until: result | success
- name: Create r_openshift_master_data_dir
file:
@@ -95,6 +71,8 @@
- item.kind == 'HTPasswdPasswordIdentityProvider'
- not openshift.common.is_atomic | bool
with_items: "{{ openshift.master.identity_providers }}"
+ register: result
+ until: result | success
- name: Ensure htpasswd directory exists
file:
@@ -178,16 +156,16 @@
no_proxy_etcd_host_ips: "{{ openshift_no_proxy_etcd_host_ips }}"
- name: Update journald config
- include: journald.yml
+ include_tasks: journald.yml
- name: Install the systemd units
- include: systemd_units.yml
+ include_tasks: systemd_units.yml
- name: Install Master system container
- include: system_container.yml
+ include_tasks: system_container.yml
when:
- openshift.common.is_containerized | bool
- - openshift.common.is_master_system_container | bool
+ - l_is_master_system_container | bool
- name: Create session secrets file
template:
@@ -218,23 +196,10 @@
- restart master api
- restart master controllers
-- name: modify controller args
- yedit:
- src: /etc/origin/master/master-config.yaml
- edits:
- - key: kubernetesMasterConfig.controllerArguments.cluster-signing-cert-file
- value:
- - /etc/origin/master/ca.crt
- - key: kubernetesMasterConfig.controllerArguments.cluster-signing-key-file
- value:
- - /etc/origin/master/ca.key
- notify:
- - restart master controllers
+- include_tasks: bootstrap_settings.yml
when: openshift_master_bootstrap_enabled | default(False)
-- include: set_loopback_context.yml
- when:
- - openshift.common.version_gte_3_2_or_1_2
+- include_tasks: set_loopback_context.yml
- name: Start and enable master api on first master
systemd:
@@ -242,7 +207,6 @@
enabled: yes
state: started
when:
- - openshift.master.cluster_method == 'native'
- inventory_hostname == openshift_master_hosts[0]
register: l_start_result
until: not l_start_result | failed
@@ -257,14 +221,12 @@
- set_fact:
master_api_service_status_changed: "{{ l_start_result | changed }}"
when:
- - openshift.master.cluster_method == 'native'
- inventory_hostname == openshift_master_hosts[0]
- pause:
seconds: 15
when:
- openshift.master.ha | bool
- - openshift.master.cluster_method == 'native'
- name: Start and enable master api all masters
systemd:
@@ -272,7 +234,6 @@
enabled: yes
state: started
when:
- - openshift.master.cluster_method == 'native'
- inventory_hostname != openshift_master_hosts[0]
register: l_start_result
until: not l_start_result | failed
@@ -287,14 +248,12 @@
- set_fact:
master_api_service_status_changed: "{{ l_start_result | changed }}"
when:
- - openshift.master.cluster_method == 'native'
- inventory_hostname != openshift_master_hosts[0]
# A separate wait is required here for native HA since notifies will
# be resolved after all tasks in the role.
-- include: check_master_api_is_ready.yml
+- include_tasks: check_master_api_is_ready.yml
when:
- - openshift.master.cluster_method == 'native'
- master_api_service_status_changed | bool
- name: Start and enable master controller service
@@ -302,8 +261,6 @@
name: "{{ openshift.common.service_type }}-master-controllers"
enabled: yes
state: started
- when:
- - openshift.master.cluster_method == 'native'
register: l_start_result
until: not l_start_result | failed
retries: 1
@@ -317,30 +274,7 @@
- name: Set fact master_controllers_service_status_changed
set_fact:
master_controllers_service_status_changed: "{{ l_start_result | changed }}"
- when:
- - openshift.master.cluster_method == 'native'
-
-- name: Install cluster packages
- package: name=pcs state=present
- when:
- - openshift.master.cluster_method == 'pacemaker'
- - not openshift.common.is_containerized | bool
- register: l_install_result
-
-- name: Start and enable cluster service
- systemd:
- name: pcsd
- enabled: yes
- state: started
- when:
- - openshift.master.cluster_method == 'pacemaker'
- - not openshift.common.is_containerized | bool
-
-- name: Set the cluster user password
- shell: echo {{ openshift_master_cluster_password | quote }} | passwd --stdin hacluster
- when:
- - l_install_result | changed
- name: node bootstrap settings
- include: bootstrap.yml
+ include_tasks: bootstrap.yml
when: openshift_master_bootstrap_enabled | default(False)
diff --git a/roles/openshift_master/tasks/registry_auth.yml b/roles/openshift_master/tasks/registry_auth.yml
index cde01c49e..ca04d2243 100644
--- a/roles/openshift_master/tasks/registry_auth.yml
+++ b/roles/openshift_master/tasks/registry_auth.yml
@@ -8,6 +8,7 @@
- name: Create credentials for registry auth
command: "docker --config={{ oreg_auth_credentials_path }} login -u {{ oreg_auth_user }} -p {{ oreg_auth_password }} {{ oreg_host }}"
when:
+ - not (openshift_docker_alternative_creds | default(False))
- oreg_auth_user is defined
- (not master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
register: master_oreg_auth_credentials_create
@@ -18,6 +19,25 @@
- restart master api
- restart master controllers
+# docker_creds is a custom module from lib_utils
+# 'docker login' requires a docker.service running on the local host, this is an
+# alternative implementation for non-docker hosts. This implementation does not
+# check the registry to determine whether or not the credentials will work.
+- name: Create credentials for registry auth (alternative)
+ docker_creds:
+ path: "{{ oreg_auth_credentials_path }}"
+ registry: "{{ oreg_host }}"
+ username: "{{ oreg_auth_user }}"
+ password: "{{ oreg_auth_password }}"
+ when:
+ - openshift_docker_alternative_creds | default(False) | bool
+ - oreg_auth_user is defined
+ - (not docker_cli_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace) | bool
+ register: master_oreg_auth_credentials_create_alt
+ notify:
+ - restart master api
+ - restart master controllers
+
# Container images may need the registry credentials
- name: Setup ro mount of /root/.docker for containerized hosts
set_fact:
@@ -25,4 +45,8 @@
when:
- openshift.common.is_containerized | bool
- oreg_auth_user is defined
- - (master_oreg_auth_credentials_stat.stat.exists or oreg_auth_credentials_replace or master_oreg_auth_credentials_create.changed) | bool
+ - >
+ (master_oreg_auth_credentials_stat.stat.exists
+ or oreg_auth_credentials_replace
+ or master_oreg_auth_credentials_create.changed
+ or master_oreg_auth_credentials_create_alt.changed) | bool
diff --git a/roles/openshift_master/tasks/restart.yml b/roles/openshift_master/tasks/restart.yml
new file mode 100644
index 000000000..4f8b758fd
--- /dev/null
+++ b/roles/openshift_master/tasks/restart.yml
@@ -0,0 +1,22 @@
+---
+- name: Restart master API
+ service:
+ name: "{{ openshift.common.service_type }}-master-api"
+ state: restarted
+ when: openshift_master_ha | bool
+- name: Wait for master API to come back online
+ wait_for:
+ host: "{{ openshift.common.hostname }}"
+ state: started
+ delay: 10
+ port: "{{ openshift.master.api_port }}"
+ timeout: 600
+ when: openshift_master_ha | bool
+- name: Restart master controllers
+ service:
+ name: "{{ openshift.common.service_type }}-master-controllers"
+ state: restarted
+ # Ignore errrors since it is possible that type != simple for
+ # pre-3.1.1 installations.
+ ignore_errors: true
+ when: openshift_master_ha | bool
diff --git a/roles/openshift_master/tasks/system_container.yml b/roles/openshift_master/tasks/system_container.yml
index 843352532..23386f11b 100644
--- a/roles/openshift_master/tasks/system_container.yml
+++ b/roles/openshift_master/tasks/system_container.yml
@@ -6,7 +6,7 @@
- name: Pre-pull master system container image
command: >
- atomic pull --storage=ostree {{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
+ atomic pull --storage=ostree {{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}
register: l_pull_result
changed_when: "'Pulling layer' in l_pull_result.stdout"
@@ -18,7 +18,7 @@
- name: Install or Update HA api master system container
oc_atomic_container:
name: "{{ openshift.common.service_type }}-master-api"
- image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+ image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
state: latest
values:
- COMMAND=api
@@ -26,7 +26,7 @@
- name: Install or Update HA controller master system container
oc_atomic_container:
name: "{{ openshift.common.service_type }}-master-controllers"
- image: "{{ 'docker:' if openshift.common.system_images_registry == 'docker' else openshift.common.system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
+ image: "{{ 'docker:' if system_images_registry == 'docker' else system_images_registry + '/' }}{{ openshift.master.master_system_image }}:{{ openshift_image_tag }}"
state: latest
values:
- COMMAND=controllers
diff --git a/roles/openshift_master/tasks/systemd_units.yml b/roles/openshift_master/tasks/systemd_units.yml
index 8420dfb8c..ee76413e3 100644
--- a/roles/openshift_master/tasks/systemd_units.yml
+++ b/roles/openshift_master/tasks/systemd_units.yml
@@ -2,9 +2,6 @@
# systemd_units.yml is included both in the openshift_master role and in the upgrade
# playbooks.
-- include: upgrade_facts.yml
- when: openshift_master_defaults_in_use is not defined
-
- name: Set HA Service Info for containerized installs
set_fact:
containerized_svc_dir: "/etc/systemd/system"
@@ -12,7 +9,7 @@
when:
- openshift.common.is_containerized | bool
-- include: registry_auth.yml
+- include_tasks: registry_auth.yml
- name: Disable the legacy master service if it exists
systemd:
@@ -28,8 +25,7 @@
state: absent
ignore_errors: true
when:
- - openshift.master.cluster_method == "native"
- - not openshift.common.is_master_system_container | bool
+ - not l_is_master_system_container | bool
# This is the image used for both HA and non-HA clusters:
- name: Pre-pull master image
@@ -39,15 +35,14 @@
changed_when: "'Downloaded newer image' in l_pull_result.stdout"
when:
- openshift.common.is_containerized | bool
- - not openshift.common.is_master_system_container | bool
+ - not l_is_master_system_container | bool
- name: Create the ha systemd unit files
template:
src: "{{ ha_svc_template_path }}/atomic-openshift-master-{{ item }}.service.j2"
dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master-{{ item }}.service"
when:
- - openshift.master.cluster_method == "native"
- - not openshift.common.is_master_system_container | bool
+ - not l_is_master_system_container | bool
with_items:
- api
- controllers
@@ -66,22 +61,17 @@
- api
- controllers
when:
- - openshift.master.cluster_method == "native"
- - not openshift.common.is_master_system_container | bool
+ - not l_is_master_system_container | bool
- name: Preserve Master API Proxy Config options
command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-api
register: l_master_api_proxy
- when:
- - openshift.master.cluster_method == "native"
failed_when: false
changed_when: false
- name: Preserve Master API AWS options
command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-api
register: master_api_aws
- when:
- - openshift.master.cluster_method == "native"
failed_when: false
changed_when: false
@@ -90,14 +80,11 @@
src: "{{ ha_svc_template_path }}/atomic-openshift-master-api.j2"
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-api
backup: true
- when:
- - openshift.master.cluster_method == "native"
notify:
- restart master api
- name: Restore Master API Proxy Config Options
when:
- - openshift.master.cluster_method == "native"
- l_master_api_proxy.rc == 0
- "'http_proxy' not in openshift.common"
- "'https_proxy' not in openshift.common"
@@ -108,7 +95,6 @@
- name: Restore Master API AWS Options
when:
- - openshift.master.cluster_method == "native"
- master_api_aws.rc == 0
- not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined)
lineinfile:
@@ -120,16 +106,12 @@
- name: Preserve Master Controllers Proxy Config options
command: grep PROXY /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
register: master_controllers_proxy
- when:
- - openshift.master.cluster_method == "native"
failed_when: false
changed_when: false
- name: Preserve Master Controllers AWS options
command: grep AWS_ /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
register: master_controllers_aws
- when:
- - openshift.master.cluster_method == "native"
failed_when: false
changed_when: false
@@ -138,8 +120,6 @@
src: "{{ ha_svc_template_path }}/atomic-openshift-master-controllers.j2"
dest: /etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
backup: true
- when:
- - openshift.master.cluster_method == "native"
notify:
- restart master controllers
@@ -149,7 +129,6 @@
line: "{{ item }}"
with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}"
when:
- - openshift.master.cluster_method == "native"
- master_controllers_proxy.rc == 0
- "'http_proxy' not in openshift.common"
- "'https_proxy' not in openshift.common"
@@ -160,6 +139,5 @@
line: "{{ item }}"
with_items: "{{ master_controllers_aws.stdout_lines | default([]) }}"
when:
- - openshift.master.cluster_method == "native"
- master_controllers_aws.rc == 0
- not (openshift_cloudprovider_kind is defined and openshift_cloudprovider_kind == 'aws' and openshift_cloudprovider_aws_access_key is defined and openshift_cloudprovider_aws_secret_key is defined)
diff --git a/roles/openshift_master/tasks/upgrade.yml b/roles/openshift_master/tasks/upgrade.yml
new file mode 100644
index 000000000..f84cf2f6e
--- /dev/null
+++ b/roles/openshift_master/tasks/upgrade.yml
@@ -0,0 +1,45 @@
+---
+- include_tasks: upgrade/rpm_upgrade.yml
+ when: not openshift.common.is_containerized | bool
+
+- include_tasks: upgrade/upgrade_scheduler.yml
+
+# master_config_hook is passed in from upgrade play.
+- include_tasks: "upgrade/{{ master_config_hook }}"
+ when: master_config_hook is defined
+
+- include_tasks: journald.yml
+
+- include_tasks: systemd_units.yml
+
+- name: Check for ca-bundle.crt
+ stat:
+ path: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
+ register: ca_bundle_stat
+ failed_when: false
+
+- name: Check for ca.crt
+ stat:
+ path: "{{ openshift.common.config_base }}/master/ca.crt"
+ register: ca_crt_stat
+ failed_when: false
+
+- name: Migrate ca.crt to ca-bundle.crt
+ command: mv ca.crt ca-bundle.crt
+ args:
+ chdir: "{{ openshift.common.config_base }}/master"
+ when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists
+
+- name: Link ca.crt to ca-bundle.crt
+ file:
+ src: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
+ path: "{{ openshift.common.config_base }}/master/ca.crt"
+ state: link
+ when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists
+
+- name: Update oreg value
+ yedit:
+ src: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ key: 'imageConfig.format'
+ value: "{{ oreg_url | default(oreg_url_master) }}"
+ when: oreg_url is defined or oreg_url_master is defined
diff --git a/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
new file mode 100644
index 000000000..caab3045a
--- /dev/null
+++ b/roles/openshift_master/tasks/upgrade/rpm_upgrade.yml
@@ -0,0 +1,22 @@
+---
+# When we update package "a-${version}" and a requires b >= ${version} if we
+# don't specify the version of b yum will choose the latest version of b
+# available and the whole set of dependencies end up at the latest version.
+# Since the package module, unlike the yum module, doesn't flatten a list
+# of packages into one transaction we need to do that explicitly. The ansible
+# core team tells us not to rely on yum module transaction flattening anyway.
+
+# TODO: If the sdn package isn't already installed this will install it, we
+# should fix that
+- name: Upgrade master packages
+ package: name={{ master_pkgs | join(',') }} state=present
+ vars:
+ master_pkgs:
+ - "{{ openshift.common.service_type }}{{ openshift_pkg_version }}"
+ - "{{ openshift.common.service_type }}-master{{ openshift_pkg_version }}"
+ - "{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}"
+ - "{{ openshift.common.service_type }}-sdn-ovs{{ openshift_pkg_version }}"
+ - "{{ openshift.common.service_type }}-clients{{ openshift_pkg_version }}"
+ - "tuned-profiles-{{ openshift.common.service_type }}-node{{ openshift_pkg_version }}"
+ register: result
+ until: result | success
diff --git a/roles/openshift_master/tasks/upgrade/upgrade_scheduler.yml b/roles/openshift_master/tasks/upgrade/upgrade_scheduler.yml
new file mode 100644
index 000000000..8558bf3e9
--- /dev/null
+++ b/roles/openshift_master/tasks/upgrade/upgrade_scheduler.yml
@@ -0,0 +1,173 @@
+---
+# Upgrade predicates
+- vars:
+ prev_predicates: "{{ lookup('openshift_master_facts_default_predicates', short_version=openshift_upgrade_min, deployment_type=openshift_deployment_type) }}"
+ prev_predicates_no_region: "{{ lookup('openshift_master_facts_default_predicates', short_version=openshift_upgrade_min, deployment_type=openshift_deployment_type, regions_enabled=False) }}"
+ default_predicates_no_region: "{{ lookup('openshift_master_facts_default_predicates', regions_enabled=False) }}"
+ # older_predicates are the set of predicates that have previously been
+ # hard-coded into openshift_facts
+ older_predicates:
+ - - name: MatchNodeSelector
+ - name: PodFitsResources
+ - name: PodFitsPorts
+ - name: NoDiskConflict
+ - name: NoVolumeZoneConflict
+ - name: MaxEBSVolumeCount
+ - name: MaxGCEPDVolumeCount
+ - name: Region
+ argument:
+ serviceAffinity:
+ labels:
+ - region
+ - - name: MatchNodeSelector
+ - name: PodFitsResources
+ - name: PodFitsPorts
+ - name: NoDiskConflict
+ - name: NoVolumeZoneConflict
+ - name: Region
+ argument:
+ serviceAffinity:
+ labels:
+ - region
+ - - name: MatchNodeSelector
+ - name: PodFitsResources
+ - name: PodFitsPorts
+ - name: NoDiskConflict
+ - name: Region
+ argument:
+ serviceAffinity:
+ labels:
+ - region
+ # older_predicates_no_region are the set of predicates that have previously
+ # been hard-coded into openshift_facts, with the Region predicate removed
+ older_predicates_no_region:
+ - - name: MatchNodeSelector
+ - name: PodFitsResources
+ - name: PodFitsPorts
+ - name: NoDiskConflict
+ - name: NoVolumeZoneConflict
+ - name: MaxEBSVolumeCount
+ - name: MaxGCEPDVolumeCount
+ - - name: MatchNodeSelector
+ - name: PodFitsResources
+ - name: PodFitsPorts
+ - name: NoDiskConflict
+ - name: NoVolumeZoneConflict
+ - - name: MatchNodeSelector
+ - name: PodFitsResources
+ - name: PodFitsPorts
+ - name: NoDiskConflict
+ block:
+
+ # Handle case where openshift_master_predicates is defined
+ - block:
+ - debug:
+ msg: "WARNING: openshift_master_scheduler_predicates is set to defaults from an earlier release of OpenShift current defaults are: {{ openshift_master_scheduler_default_predicates }}"
+ when: openshift_master_scheduler_predicates in older_predicates + older_predicates_no_region + [prev_predicates] + [prev_predicates_no_region]
+
+ - debug:
+ msg: "WARNING: openshift_master_scheduler_predicates does not match current defaults of: {{ openshift_master_scheduler_default_predicates }}"
+ when: openshift_master_scheduler_predicates != openshift_master_scheduler_default_predicates
+ when: openshift_master_scheduler_predicates | default(none) is not none
+
+ # Handle cases where openshift_master_predicates is not defined
+ - block:
+ - debug:
+ msg: "WARNING: existing scheduler config does not match previous known defaults automated upgrade of scheduler config is disabled.\nexisting scheduler predicates: {{ openshift_master_scheduler_current_predicates }}\ncurrent scheduler default predicates are: {{ openshift_master_scheduler_default_predicates }}"
+ when:
+ - openshift_master_scheduler_current_predicates != openshift_master_scheduler_default_predicates
+ - openshift_master_scheduler_current_predicates not in older_predicates + [prev_predicates]
+
+ - set_fact:
+ openshift_upgrade_scheduler_predicates: "{{ openshift_master_scheduler_default_predicates }}"
+ when:
+ - openshift_master_scheduler_current_predicates != openshift_master_scheduler_default_predicates
+ - openshift_master_scheduler_current_predicates in older_predicates + [prev_predicates]
+
+ - set_fact:
+ openshift_upgrade_scheduler_predicates: "{{ default_predicates_no_region }}"
+ when:
+ - openshift_master_scheduler_current_predicates != default_predicates_no_region
+ - openshift_master_scheduler_current_predicates in older_predicates_no_region + [prev_predicates_no_region]
+
+ when: openshift_master_scheduler_predicates | default(none) is none
+
+
+# Upgrade priorities
+- vars:
+ prev_priorities: "{{ lookup('openshift_master_facts_default_priorities', short_version=openshift_upgrade_min, deployment_type=openshift_deployment_type) }}"
+ prev_priorities_no_zone: "{{ lookup('openshift_master_facts_default_priorities', short_version=openshift_upgrade_min, deployment_type=openshift_deployment_type, zones_enabled=False) }}"
+ default_priorities_no_zone: "{{ lookup('openshift_master_facts_default_priorities', zones_enabled=False) }}"
+ # older_priorities are the set of priorities that have previously been
+ # hard-coded into openshift_facts
+ older_priorities:
+ - - name: LeastRequestedPriority
+ weight: 1
+ - name: SelectorSpreadPriority
+ weight: 1
+ - name: Zone
+ weight: 2
+ argument:
+ serviceAntiAffinity:
+ label: zone
+ # older_priorities_no_region are the set of priorities that have previously
+ # been hard-coded into openshift_facts, with the Zone priority removed
+ older_priorities_no_zone:
+ - - name: LeastRequestedPriority
+ weight: 1
+ - name: SelectorSpreadPriority
+ weight: 1
+ block:
+
+ # Handle case where openshift_master_priorities is defined
+ - block:
+ - debug:
+ msg: "WARNING: openshift_master_scheduler_priorities is set to defaults from an earlier release of OpenShift current defaults are: {{ openshift_master_scheduler_default_priorities }}"
+ when: openshift_master_scheduler_priorities in older_priorities + older_priorities_no_zone + [prev_priorities] + [prev_priorities_no_zone]
+
+ - debug:
+ msg: "WARNING: openshift_master_scheduler_priorities does not match current defaults of: {{ openshift_master_scheduler_default_priorities }}"
+ when: openshift_master_scheduler_priorities != openshift_master_scheduler_default_priorities
+ when: openshift_master_scheduler_priorities | default(none) is not none
+
+ # Handle cases where openshift_master_priorities is not defined
+ - block:
+ - debug:
+ msg: "WARNING: existing scheduler config does not match previous known defaults automated upgrade of scheduler config is disabled.\nexisting scheduler priorities: {{ openshift_master_scheduler_current_priorities }}\ncurrent scheduler default priorities are: {{ openshift_master_scheduler_default_priorities }}"
+ when:
+ - openshift_master_scheduler_current_priorities != openshift_master_scheduler_default_priorities
+ - openshift_master_scheduler_current_priorities not in older_priorities + [prev_priorities]
+
+ - set_fact:
+ openshift_upgrade_scheduler_priorities: "{{ openshift_master_scheduler_default_priorities }}"
+ when:
+ - openshift_master_scheduler_current_priorities != openshift_master_scheduler_default_priorities
+ - openshift_master_scheduler_current_priorities in older_priorities + [prev_priorities]
+
+ - set_fact:
+ openshift_upgrade_scheduler_priorities: "{{ default_priorities_no_zone }}"
+ when:
+ - openshift_master_scheduler_current_priorities != default_priorities_no_zone
+ - openshift_master_scheduler_current_priorities in older_priorities_no_zone + [prev_priorities_no_zone]
+
+ when: openshift_master_scheduler_priorities | default(none) is none
+
+
+# Update scheduler
+- vars:
+ scheduler_config:
+ kind: Policy
+ apiVersion: v1
+ predicates: "{{ openshift_upgrade_scheduler_predicates
+ | default(openshift_master_scheduler_current_predicates) }}"
+ priorities: "{{ openshift_upgrade_scheduler_priorities
+ | default(openshift_master_scheduler_current_priorities) }}"
+ block:
+ - name: Update scheduler config
+ copy:
+ content: "{{ scheduler_config | to_nice_json }}"
+ dest: "{{ openshift_master_scheduler_conf }}"
+ backup: true
+ when: >
+ openshift_upgrade_scheduler_predicates is defined or
+ openshift_upgrade_scheduler_priorities is defined
diff --git a/roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml b/roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml
new file mode 100644
index 000000000..db0c8f886
--- /dev/null
+++ b/roles/openshift_master/tasks/upgrade/v3_6/master_config_upgrade.yml
@@ -0,0 +1,15 @@
+---
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'controllerConfig.serviceServingCert.signer.certFile'
+ yaml_value: service-signer.crt
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile'
+ yaml_value: service-signer.key
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ yaml_key: servingInfo.clientCA
+ yaml_value: ca.crt
diff --git a/roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml b/roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml
new file mode 100644
index 000000000..1d4d1919c
--- /dev/null
+++ b/roles/openshift_master/tasks/upgrade/v3_7/master_config_upgrade.yml
@@ -0,0 +1,20 @@
+---
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'controllerConfig.election.lockName'
+ yaml_value: 'openshift-master-controllers'
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'controllerConfig.serviceServingCert.signer.certFile'
+ yaml_value: service-signer.crt
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+ yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile'
+ yaml_value: service-signer.key
+
+- modify_yaml:
+ dest: "{{ openshift.common.config_base }}/master/master-config.yaml"
+ yaml_key: servingInfo.clientCA
+ yaml_value: ca.crt
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-19 10:26:26 +0000