diff options
5 files changed, 28 insertions, 20 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml index 0a972adf6..be42f005f 100644 --- a/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml +++ b/playbooks/common/openshift-cluster/upgrades/etcd/backup.yml @@ -42,15 +42,28 @@ {{ avail_disk.stdout }} Kb available. when: (embedded_etcd | bool) and (etcd_disk_usage.stdout|int > avail_disk.stdout|int) - # TODO - Refactor containerized backup to use etcd_container to backup the data so we don't rely on - # the host's etcdctl binary which may be of a different version. - - # for non containerized and non embedded we should have the correct version of etcd installed already - # For embedded we need to use the latest because OCP 3.3 uses a version of etcd that can only be backed - # up with etcd-3.x + # For non containerized and non embedded we should have the correct version of + # etcd installed already. So don't do anything. + # + # For embedded or containerized we need to use the latest because OCP 3.3 uses + # a version of etcd that can only be backed up with etcd-3.x and if it's + # containerized then etcd version may be newer than that on the host so + # upgrade it. + # + # On atomic we have neither yum nor dnf so ansible throws a hard to debug error + # if you use package there, like this: "Could not find a module for unknown." + # see https://bugzilla.redhat.com/show_bug.cgi?id=1408668 + # + # TODO - We should refactor all containerized backups to use the containerized + # version of etcd to perform the backup rather than relying on the host's + # binaries. Until we do that we'll continue to have problems backing up etcd + # when atomic host has an older version than the version that's running in the + # container whether that's embedded or not - name: Install latest etcd for containerized or embedded - package: name=etcd state=latest - when: ( openshift.common.is_containerized and not openshift.common.is_atomic ) or embedded_etcd | bool + package: + name: etcd + state: latest + when: ( embedded_etcd | bool or openshift.common.is_containerized ) and not openshift.common.is_atomic - name: Generate etcd backup command: > diff --git a/roles/openshift_hosted/tasks/registry/secure.yml b/roles/openshift_hosted/tasks/registry/secure.yml index b6d007835..d87a3847c 100644 --- a/roles/openshift_hosted/tasks/registry/secure.yml +++ b/roles/openshift_hosted/tasks/registry/secure.yml @@ -34,9 +34,9 @@ - name: Create registry certificates if they do not exist command: > {{ openshift.common.client_binary }} adm ca create-server-cert - --signer-cert=/etc/origin/master/ca.crt - --signer-key=/etc/origin/master/ca.key - --signer-serial=/etc/origin/master/ca.serial.txt + --signer-cert={{ openshift_master_config_dir }}/ca.crt + --signer-key={{ openshift_master_config_dir }}/ca.key + --signer-serial={{ openshift_master_config_dir }}/ca.serial.txt --hostnames="{{ docker_registry_service_ip.stdout }},docker-registry.default.svc.cluster.local,{{ docker_registry_route_hostname }}" --cert={{ openshift_master_config_dir }}/registry.crt --key={{ openshift_master_config_dir }}/registry.key @@ -65,12 +65,12 @@ - name: Determine if registry-certificates secret volume attached command: > {{ openshift.common.client_binary }} get dc/docker-registry - -o jsonpath='{.spec.template.spec.volumes[*].secret.secretName}' + -o jsonpath='{.spec.template.spec.volumes[?(@.secret)].secret.secretName}' --config={{ openshift_hosted_kubeconfig }} -n default register: docker_registry_volumes changed_when: false - failed_when: "'secretName is not found' not in docker_registry_volumes.stdout and docker_registry_volumes.rc != 0" + failed_when: "docker_registry_volumes.stdout != '' and 'secretName is not found' not in docker_registry_volumes.stdout and docker_registry_volumes.rc != 0" - name: Attach registry-certificates secret volume command: > diff --git a/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml index 13cef2d66..c47d5361d 100644 --- a/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.3/enterprise/logging-deployer.yaml @@ -72,7 +72,6 @@ items: metadata: name: logging-deployer-edit-role roleRef: - kind: ClusterRole name: edit subjects: - kind: ServiceAccount @@ -83,7 +82,6 @@ items: metadata: name: logging-deployer-dsadmin-role roleRef: - kind: ClusterRole name: daemonset-admin subjects: - kind: ServiceAccount diff --git a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml index ddfda1272..c67058696 100644 --- a/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml +++ b/roles/openshift_hosted_templates/files/v1.4/enterprise/logging-deployer.yaml @@ -81,7 +81,6 @@ items: metadata: name: logging-deployer-edit-role roleRef: - kind: ClusterRole name: edit subjects: - kind: ServiceAccount @@ -92,7 +91,6 @@ items: metadata: name: logging-deployer-dsadmin-role roleRef: - kind: ClusterRole name: daemonset-admin subjects: - kind: ServiceAccount @@ -103,7 +101,6 @@ items: metadata: name: logging-elasticsearch-view-role roleRef: - kind: ClusterRole name: view subjects: - kind: ServiceAccount diff --git a/roles/openshift_repos/tasks/main.yaml b/roles/openshift_repos/tasks/main.yaml index d5ed9c09d..23dcd0440 100644 --- a/roles/openshift_repos/tasks/main.yaml +++ b/roles/openshift_repos/tasks/main.yaml @@ -37,7 +37,7 @@ when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" and openshift_deployment_type == 'origin' and not openshift.common.is_containerized | bool - and openshift_enable_origin_repo | default(true) + and openshift_enable_origin_repo | default(true) | bool - name: Configure origin yum repositories RHEL/CentOS copy: @@ -47,4 +47,4 @@ when: ansible_os_family == "RedHat" and ansible_distribution != "Fedora" and openshift_deployment_type == 'origin' and not openshift.common.is_containerized | bool - and openshift_enable_origin_repo | default(true) + and openshift_enable_origin_repo | default(true) | bool |