diff options
Diffstat (limited to 'playbooks/common/openshift-cluster')
22 files changed, 207 insertions, 86 deletions
diff --git a/playbooks/common/openshift-cluster/additional_config.yml b/playbooks/common/openshift-cluster/additional_config.yml index 1ac78468a..5ed1d3b3c 100644 --- a/playbooks/common/openshift-cluster/additional_config.yml +++ b/playbooks/common/openshift-cluster/additional_config.yml @@ -27,10 +27,6 @@ (osm_use_cockpit | bool or osm_use_cockpit is undefined ) - role: flannel_register when: openshift.common.use_flannel | bool - - role: pods - when: openshift.common.deployment_type == 'online' - - role: os_env_extras - when: openshift.common.deployment_type == 'online' - name: Create persistent volumes and create hosted services hosts: oo_first_master @@ -49,8 +45,8 @@ openshift_serviceaccounts_namespace: default openshift_serviceaccounts_sccs: - privileged - - role: openshift_router - when: deploy_infra | bool - role: openshift_registry registry_volume_claim: "{{ openshift.hosted.registry.storage.volume.name }}-claim" when: deploy_infra | bool and attach_registry_volume | bool + - role: openshift_metrics + when: openshift.hosted.metrics.deploy | bool diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 2411e7360..903babc45 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,10 +1,12 @@ --- - include: evaluate_groups.yml +- include: initialize_facts.yml + - include: validate_hostnames.yml - name: Set oo_options - hosts: oo_hosts_to_config + hosts: oo_all_hosts tasks: - set_fact: openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}" @@ -34,3 +36,5 @@ - include: additional_config.yml - include: ../openshift-node/config.yml + +- include: openshift_hosted.yml diff --git a/playbooks/common/openshift-cluster/enable_dnsmasq.yml b/playbooks/common/openshift-cluster/enable_dnsmasq.yml new file mode 100644 index 000000000..f2bcc872f --- /dev/null +++ b/playbooks/common/openshift-cluster/enable_dnsmasq.yml @@ -0,0 +1,66 @@ +--- +- include: evaluate_groups.yml + +- name: Load openshift_facts + hosts: oo_masters_to_config:oo_nodes_to_config + roles: + - openshift_facts + post_tasks: + - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1" + when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool + +- name: Reconfigure masters to listen on our new dns_port + hosts: oo_masters_to_config + handlers: + - include: ../../../roles/openshift_master/handlers/main.yml + vars: + os_firewall_allow: + - service: skydns tcp + port: "{{ openshift.master.dns_port }}/tcp" + - service: skydns udp + port: "{{ openshift.master.dns_port }}/udp" + roles: + - os_firewall + tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + use_dnsmasq: True + - role: master + local_facts: + dns_port: '8053' + - modify_yaml: + dest: "{{ openshift.common.config_base }}/master/master-config.yaml" + yaml_key: dnsConfig.bindAddress + yaml_value: "{{ openshift.master.bind_addr }}:{{ openshift.master.dns_port }}" + notify: restart master + - meta: flush_handlers + +- name: Configure nodes for dnsmasq + hosts: oo_nodes_to_config + handlers: + - include: ../../../roles/openshift_node/handlers/main.yml + pre_tasks: + - openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: common + local_facts: + use_dnsmasq: True + - role: node + local_facts: + dns_ip: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }}" + vars: + openshift_deployment_type: "{{ deployment_type }}" + roles: + - openshift_node_dnsmasq + post_tasks: + - modify_yaml: + dest: "{{ openshift.common.config_base }}/node/node-config.yaml" + yaml_key: dnsIP + yaml_value: "{{ openshift.node.dns_ip }}" + notify: restart node diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index ce0134c44..c5273b08f 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -34,15 +34,15 @@ name: "{{ item }}" groups: oo_all_hosts ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" - with_items: "{{ g_all_hosts | default([]) }}" + ansible_become: "{{ g_sudo | default(omit) }}" + with_items: g_all_hosts | default([]) - name: Evaluate oo_masters add_host: name: "{{ item }}" groups: oo_masters ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_master_hosts | union(g_new_master_hosts) | default([]) }}" - name: Evaluate oo_etcd_to_config @@ -50,7 +50,7 @@ name: "{{ item }}" groups: oo_etcd_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_etcd_hosts | default([]) }}" - name: Evaluate oo_masters_to_config @@ -58,7 +58,7 @@ name: "{{ item }}" groups: oo_masters_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_new_master_hosts | default(g_master_hosts | default([], true), true) }}" - name: Evaluate oo_nodes_to_config @@ -66,7 +66,7 @@ name: "{{ item }}" groups: oo_nodes_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_new_node_hosts | default(g_node_hosts | default([], true), true) }}" # Skip adding the master to oo_nodes_to_config when g_new_node_hosts is @@ -75,7 +75,7 @@ name: "{{ item }}" groups: oo_nodes_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_master_hosts | default([]) }}" when: g_nodeonmaster | default(false) == true and g_new_node_hosts is not defined @@ -91,7 +91,7 @@ name: "{{ g_master_hosts[0] }}" groups: oo_first_master ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" when: g_master_hosts|length > 0 - name: Evaluate oo_lb_to_config @@ -99,7 +99,7 @@ name: "{{ item }}" groups: oo_lb_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_lb_hosts | default([]) }}" - name: Evaluate oo_nfs_to_config @@ -107,5 +107,5 @@ name: "{{ item }}" groups: oo_nfs_to_config ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" - ansible_sudo: "{{ g_sudo | default(omit) }}" + ansible_become: "{{ g_sudo | default(omit) }}" with_items: "{{ g_nfs_hosts | default([]) }}" diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml new file mode 100644 index 000000000..cda490b1f --- /dev/null +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -0,0 +1,10 @@ +--- +- name: Initialize host facts + hosts: oo_all_hosts + roles: + - openshift_facts + tasks: + - openshift_facts: + role: common + local_facts: + hostname: "{{ openshift_hostname | default(None) }}" diff --git a/playbooks/common/openshift-cluster/library b/playbooks/common/openshift-cluster/library new file mode 120000 index 000000000..d0b7393d3 --- /dev/null +++ b/playbooks/common/openshift-cluster/library @@ -0,0 +1 @@ +../../../library/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml new file mode 100644 index 000000000..1cbc0f544 --- /dev/null +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -0,0 +1,5 @@ +- name: Create Hosted Resources + hosts: oo_first_master + roles: + - role: openshift_hosted + openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}" diff --git a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh index 7a1edf38f..96944a78b 100644 --- a/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh +++ b/playbooks/common/openshift-cluster/upgrades/files/openshift_container_versions.sh @@ -3,19 +3,19 @@ # Here we don't really care if this is a master, api, controller or node image. # We just need to know the version of one of them. unit_file=$(ls /etc/systemd/system/${1}*.service | head -n1) -installed_container_name=$(basename -s .service ${unit_file}) -installed=$(docker exec ${installed_container_name} openshift version 2> /dev/null | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') if [ ${1} == "origin" ]; then image_name="openshift/origin" elif grep aep $unit_file 2>&1 > /dev/null; then - image_name="aep3/aep" + image_name="aep3/node" elif grep openshift3 $unit_file 2>&1 > /dev/null; then - image_name="openshift3/ose" + image_name="openshift3/node" fi +installed=$(docker run --rm --entrypoint=/bin/openshift ${image_name} version 2> /dev/null | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') + docker pull ${image_name} 2>&1 > /dev/null -available=$(docker run --rm ${image_name} version 2> /dev/null | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') +available=$(docker run --rm --entrypoint=/bin/openshift ${image_name} version 2> /dev/null | grep openshift | awk '{ print $2 }' | cut -f1 -d"-" | tr -d 'v') echo "---" echo "curr_version: ${installed}" diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml index 63c8ef756..5b2bf9f93 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_minor/upgrade.yml @@ -36,16 +36,17 @@ - name: Ensure AOS 3.0.2 or Origin 1.0.6 hosts: oo_first_master tasks: - fail: This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later + - fail: + msg: "This playbook requires Origin 1.0.6 or Atomic OpenShift 3.0.2 or later" when: _new_version.stdout | version_compare('1.0.6','<') or ( _new_version.stdout | version_compare('3.0','>=' and _new_version.stdout | version_compare('3.0.2','<') ) - name: Update cluster policy hosts: oo_first_master tasks: - - name: oadm policy reconcile-cluster-roles --confirm + - name: oadm policy reconcile-cluster-roles --additive-only=true --confirm command: > {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --confirm + policy reconcile-cluster-roles --additive-only=true --confirm - name: Upgrade default router hosts: oo_first_master diff --git a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml index 31ba8c4a9..a72749a2b 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_0_to_v3_1/upgrade.yml @@ -490,7 +490,7 @@ - name: Reconcile Cluster Roles command: > {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --confirm + policy reconcile-cluster-roles --additive-only=true --confirm run_once: true - name: Reconcile Cluster Role Bindings diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml index 54bb251f7..5e62b43a3 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_minor/upgrade.yml @@ -103,7 +103,7 @@ - name: Reconcile Cluster Roles command: > {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --confirm + policy reconcile-cluster-roles --additive-only=true --confirm run_once: true - name: Reconcile Cluster Role Bindings diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 new file mode 120000 index 000000000..cf20e8959 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2 @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/atomic-openshift-master.j2
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml index cc587bfa1..319758a06 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml @@ -1,7 +1,7 @@ - include_vars: ../../../../../roles/openshift_node/vars/main.yml - name: Update systemd units - include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version=g_aos_versions.avail_version + include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} - name: Verifying the correct version was configured shell: grep {{ verify_upgrade_version }} {{ item }} diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker new file mode 120000 index 000000000..5a3dd12b3 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/docker
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster new file mode 120000 index 000000000..3ee319365 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/docker-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster new file mode 120000 index 000000000..f44f8eb4f --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster @@ -0,0 +1 @@ +../../../../../roles/openshift_master/templates/native-cluster
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml new file mode 100644 index 000000000..a911f12be --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/node_upgrade.yml @@ -0,0 +1,24 @@ +- name: Prepare for Node evacuation + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false + delegate_to: "{{ groups.oo_first_master.0 }}" + +- name: Evacuate Node for Kubelet upgrade + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --evacuate --force + delegate_to: "{{ groups.oo_first_master.0 }}" + +- include: rpm_upgrade.yml + vars: + component: "node" + openshift_version: "{{ openshift_pkg_version | default('') }}" + when: not openshift.common.is_containerized | bool + +- include: containerized_upgrade.yml + when: openshift.common.is_containerized | bool + +- name: Set node schedulability + command: > + {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true + delegate_to: "{{ groups.oo_first_master.0 }}" + when: openshift.node.schedulable | bool diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml index 3fd97ac14..12e2edfb9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml @@ -10,6 +10,7 @@ router_image: "{{ openshift.master.registry_url | replace( '${component}', 'haproxy-router' ) | replace ( '${version}', 'v' + g_new_version ) }}" oc_cmd: "{{ openshift.common.client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig" roles: + - openshift_manageiq # Create the new templates shipped in 3.2, existing templates are left # unmodified. This prevents the subsequent role definition for # openshift_examples from failing when trying to replace templates that do diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml index d6abeb345..dd9843290 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml @@ -2,10 +2,11 @@ ############################################################################### # Evaluate host groups and gather facts ############################################################################### -- name: Load openshift_facts +- name: Load openshift_facts and update repos hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config roles: - openshift_facts + - openshift_repos - name: Evaluate additional groups for upgrade hosts: localhost @@ -25,6 +26,7 @@ hosts: oo_first_master vars: target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" + g_pacemaker_upgrade_url_segment: "{{ 'org/latest' if deployment_type =='origin' else '.com/enterprise/3.1' }}" gather_facts: no tasks: - fail: @@ -35,6 +37,12 @@ - fail: msg: > + This upgrade does not support Pacemaker: + https://docs.openshift.{{ g_pacemaker_upgrade_url_segment }}/install_config/upgrading/pacemaker_to_native_ha.html + when: openshift.master.cluster_method is defined and openshift.master.cluster_method == 'pacemaker' + + - fail: + msg: > openshift_pkg_version is {{ openshift_pkg_version }} which is not a valid version for a {{ target_version }} upgrade when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<') @@ -50,6 +58,11 @@ roles: - openshift_facts tasks: + - openshift_facts: + role: master + local_facts: + ha: "{{ groups.oo_masters_to_config | length > 1 }}" + - name: Ensure Master is running service: name: "{{ openshift.common.service_type }}-master" @@ -87,14 +100,18 @@ hosts: oo_masters_to_config:oo_nodes_to_config vars: target_version: "{{ '1.2' if deployment_type == 'origin' else '3.1.1.900' }}" - openshift_docker_hosted_registry_insecure: True - openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}" + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + upgrading: True handlers: - include: ../../../../../roles/openshift_master/handlers/main.yml - include: ../../../../../roles/openshift_node/handlers/main.yml roles: - - openshift_cli - tasks: + # We want the cli role to evaluate so that the containerized oc/oadm wrappers + # are modified to use the correct image tag. However, this can trigger a + # docker restart if new configuration is laid down which would immediately + # pull the latest image and defeat the purpose of these tasks. + - { role: openshift_cli } + pre_tasks: - name: Clean package cache command: "{{ ansible_pkg_mgr }} clean all" when: not openshift.common.is_atomic | bool @@ -135,20 +152,24 @@ - fail: msg: Verifying the correct version was found + when: g_aos_versions.curr_version == "" + + - fail: + msg: Verifying the correct version was found when: verify_upgrade_version is defined and g_new_version != verify_upgrade_version - include_vars: ../../../../../roles/openshift_master/vars/main.yml when: inventory_hostname in groups.oo_masters_to_config - name: Update systemd units - include: ../../../../../roles/openshift_master/tasks/systemd_units.yml openshift_version=g_aos_versions.curr_version + include: ../../../../../roles/openshift_master/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} when: inventory_hostname in groups.oo_masters_to_config - include_vars: ../../../../../roles/openshift_node/vars/main.yml when: inventory_hostname in groups.oo_nodes_to_config - name: Update systemd units - include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version=g_aos_versions.curr_version + include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} when: inventory_hostname in groups.oo_nodes_to_config # Note: the version number is hardcoded here in hopes of catching potential @@ -199,8 +220,7 @@ - fail: msg: This playbook requires access to Docker 1.9 or later - when: not openshift.common.is_atomic | bool - and (g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.9','<')) + when: g_docker_version.avail_version | default(g_docker_version.curr_version, true) | version_compare('1.9','<') # TODO: add check to upgrade ostree to get latest Docker diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml index 7a2718e1b..5c96ad094 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/rpm_upgrade.yml @@ -4,3 +4,6 @@ - name: Ensure python-yaml present for config upgrade action: "{{ ansible_pkg_mgr }} name=PyYAML state=present" when: not openshift.common.is_atomic | bool + +- name: Restart node service + service: name="{{ openshift.common.service_type }}-node" state=restarted diff --git a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml index b393b64fe..c93bf2a17 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml @@ -1,33 +1,4 @@ --- -# This is a workaround for authenticated registries -- name: Download new images - hosts: oo_nodes_to_config - roles: - - openshift_facts - tasks: - - name: Pull Images - command: > - docker pull {{ item }}:v{{ g_new_version }} - with_items: - - "{{ openshift.node.node_image }}" - - "{{ openshift.node.ovs_image }}" - - "{{ openshift.common.pod_image }}" - - "{{ openshift.common.router_image }}" - - "{{ openshift.common.registry_image }}" - - "{{ openshift.common.deployer_image }}" - -# This is a workaround for authenticated registries -- name: Download new images - hosts: oo_masters_to_config - roles: - - openshift_facts - tasks: - - name: Pull Images - command: > - docker pull {{ item }}:v{{ g_new_version }} - with_items: - - "{{ openshift.master.master_image }}" - ############################################################################### # The restart playbook should be run after this playbook completes. ############################################################################### @@ -39,6 +10,32 @@ tasks: - include: docker_upgrade.yml when: not openshift.common.is_atomic | bool + - name: Set post docker install facts + openshift_facts: + role: "{{ item.role }}" + local_facts: "{{ item.local_facts }}" + with_items: + - role: docker + local_facts: + openshift_image_tag: "v{{ g_new_version }}" + openshift_version: "{{ g_new_version }}" + +# The cli image is used by openshift_docker_facts to determine the currently installed +# version. We need to explicitly pull the latest image to handle cases where +# the locally cached 'latest' tag is older the g_new_version. +- name: Download cli image + hosts: oo_masters_to_config:oo_nodes_to_config + roles: + - { role: openshift_docker_facts } + vars: + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + tasks: + - name: Pull Images + command: > + docker pull {{ item }}:latest + with_items: + - "{{ openshift.common.cli_image }}" + when: openshift.common.is_containerized | bool ############################################################################### # Upgrade Masters @@ -56,7 +53,7 @@ - include_vars: ../../../../../roles/openshift_master/vars/main.yml - name: Update systemd units - include: ../../../../../roles/openshift_master/tasks/systemd_units.yml openshift_version=g_aos_versions.avail_version + include: ../../../../../roles/openshift_master/tasks/systemd_units.yml openshift_version=v{{ g_new_version }} # - name: Upgrade master configuration # openshift_upgrade_config: @@ -94,23 +91,13 @@ ############################################################################### - name: Upgrade nodes hosts: oo_nodes_to_config + serial: 1 roles: - openshift_facts handlers: - include: ../../../../../roles/openshift_node/handlers/main.yml tasks: - - include: rpm_upgrade.yml - vars: - component: "node" - openshift_version: "{{ openshift_pkg_version | default('') }}" - when: not openshift.common.is_containerized | bool - - - include: containerized_upgrade.yml - when: openshift.common.is_containerized | bool - - # This will restart the node - - name: Restart openvswitch service - service: name="{{ openshift.common.service_type }}-node" state=restarted + - include: node_upgrade.yml - set_fact: node_update_complete: True @@ -136,15 +123,16 @@ ############################################################################### # Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints ############################################################################### + - name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints hosts: oo_masters_to_config roles: - - { role: openshift_cli, openshift_image_tag: "v{{ g_new_version }}" } + - { role: openshift_cli, openshift_image_tag: "v{{ g_new_version }}" } vars: origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}" ent_reconcile_bindings: true - openshift_docker_hosted_registry_insecure: True - openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.master.portal_net }}" + openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" + upgrading: True tasks: - name: Verifying the correct commandline tools are available shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}} @@ -153,7 +141,7 @@ - name: Reconcile Cluster Roles command: > {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --confirm + policy reconcile-cluster-roles --additive-only=true --confirm run_once: true - name: Reconcile Cluster Role Bindings @@ -170,7 +158,7 @@ - name: Reconcile Security Context Constraints command: > - {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm + {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true run_once: true - set_fact: diff --git a/playbooks/common/openshift-cluster/validate_hostnames.yml b/playbooks/common/openshift-cluster/validate_hostnames.yml index 0f562e019..50e25984f 100644 --- a/playbooks/common/openshift-cluster/validate_hostnames.yml +++ b/playbooks/common/openshift-cluster/validate_hostnames.yml @@ -1,6 +1,4 @@ --- -- include: evaluate_groups.yml - - name: Gather and set facts for node hosts hosts: oo_nodes_to_config roles: |