summaryrefslogtreecommitdiff
path: root/playbooks/common
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common')
-rw-r--r--playbooks/common/openshift-cluster/upgrades/init.yml14
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml15
3 files changed, 30 insertions, 1 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml
index b62557550..a3b8c489e 100644
--- a/playbooks/common/openshift-cluster/upgrades/init.yml
+++ b/playbooks/common/openshift-cluster/upgrades/init.yml
@@ -65,3 +65,17 @@
when: not openshift.common.is_atomic | bool
args:
warn: no
+
+- name: Ensure firewall is not switched during upgrade
+ hosts: oo_all_hosts
+ tasks:
+ - name: Check if iptables is running
+ command: systemctl status iptables
+ ignore_errors: true
+ changed_when: false
+ register: service_iptables_status
+
+ - name: Set fact os_firewall_use_firewalld FALSE for iptables
+ set_fact:
+ os_firewall_use_firewalld: false
+ when: "'Active: active' in service_iptables_status.stdout"
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 23b976192..9cad931af 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -32,7 +32,7 @@
include: ./etcd/main.yml
# Create service signer cert when missing. Service signer certificate
-# is added to master config in the master config hook for v3_3.
+# is added to master config in the master_config_upgrade hook.
- name: Determine if service signer cert must be created
hosts: oo_first_master
tasks:
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index 5fa74898f..a6a49e5ff 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -81,6 +81,21 @@
failed_when: false
when: openshift.common.is_containerized | bool
+ - name: Upgrade openvswitch
+ package:
+ name: openvswitch
+ state: latest
+ register: ovs_pkg
+ when: inventory_hostname in groups.oo_nodes_to_upgrade and not openshift.common.is_containerized | bool
+
+ - name: Restart openvswitch
+ systemd:
+ name: openvswitch
+ state: restarted
+ when:
+ - inventory_hostname in groups.oo_nodes_to_upgrade and not openshift.common.is_containerized | bool
+ - ovs_pkg | changed
+
# Mandatory Docker restart, ensure all containerized services are running:
- include: docker/restart.yml
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 01:00:53 +0000