summaryrefslogtreecommitdiffstats
path: root/playbooks/common
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common')
-rw-r--r--playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/init.yml1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/post_control_plane.yml45
-rw-r--r--playbooks/common/openshift-cluster/upgrades/pre/config.yml1
-rw-r--r--playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml22
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml3
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml5
-rw-r--r--playbooks/common/private/components.yml4
8 files changed, 40 insertions, 43 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml
index 8392e21ee..094c70b46 100644
--- a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml
@@ -19,7 +19,7 @@
- import_role:
name: container_runtime
tasks_from: docker_upgrade_check.yml
- when: docker_upgrade is not defined or docker_upgrade | bool
+ when: docker_upgrade | default(True) | bool
# If a node fails, halt everything, the admin will need to clean up and we
diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml
index ba783638d..a9a35b028 100644
--- a/playbooks/common/openshift-cluster/upgrades/init.yml
+++ b/playbooks/common/openshift-cluster/upgrades/init.yml
@@ -6,6 +6,7 @@
g_new_node_hosts: []
- import_playbook: ../../../init/basic_facts.yml
+- import_playbook: ../../../init/base_packages.yml
- import_playbook: ../../../init/cluster_facts.yml
- name: Ensure firewall is not switched during upgrade
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
index 9c927c0a1..3144e9ef5 100644
--- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
@@ -114,23 +114,27 @@
openshift_hosted_templates_import_command: replace
post_tasks:
- # we need to migrate customers to the new pattern of pushing to the registry via dns
- # Step 1: verify the certificates have the docker registry service name
- - shell: >
- echo -n | openssl s_client -showcerts -servername docker-registry.default.svc -connect docker-registry.default.svc:5000 | openssl x509 -text | grep -A1 'X509v3 Subject Alternative Name:' | grep -Pq 'DNS:docker-registry\.default\.svc(,|$)'
- register: cert_output
- changed_when: false
- failed_when:
- - cert_output.rc not in [0, 1]
-
- # Step 2: Set a fact to be used to determine if we should run the redeploy of registry certs
- - name: set a fact to include the registry certs playbook if needed
- set_fact:
- openshift_hosted_rollout_certs_and_registry: "{{ cert_output.rc == 0 }}"
-
-# Run the redeploy certs based upon the certificates
-- when: hostvars[groups.oo_first_master.0].openshift_hosted_rollout_certs_and_registry
- import_playbook: ../../../openshift-hosted/redeploy-registry-certificates.yml
+ # Do not perform these tasks when the registry is insecure. The default registry is insecure in openshift_hosted/defaults/main.yml
+ - when: not (openshift_docker_hosted_registry_insecure | default(True))
+ block:
+ # we need to migrate customers to the new pattern of pushing to the registry via dns
+ # Step 1: verify the certificates have the docker registry service name
+ - name: shell command to determine if the docker-registry.default.svc is found in the registry certificate
+ shell: >
+ echo -n | openssl s_client -showcerts -servername docker-registry.default.svc -connect docker-registry.default.svc:5000 | openssl x509 -text | grep -A1 'X509v3 Subject Alternative Name:' | grep -Pq 'DNS:docker-registry\.default\.svc(,|$)'
+ register: cert_output
+ changed_when: false
+ failed_when:
+ - cert_output.rc not in [0, 1]
+
+ # Step 2: Set a fact to be used to determine if we should run the redeploy of registry certs
+ - name: set a fact to include the registry certs playbook if needed
+ set_fact:
+ openshift_hosted_rollout_certs_and_registry: "{{ cert_output.rc != 0 }}"
+
+# Run the redeploy certs based upon the certificates. Defaults to False for insecure registries
+- when: (hostvars[groups.oo_first_master.0].openshift_hosted_rollout_certs_and_registry | default(False)) | bool
+ import_playbook: ../../../openshift-hosted/private/redeploy-registry-certificates.yml
# Check for warnings to be printed at the end of the upgrade:
- name: Clean up and display warnings
@@ -161,3 +165,10 @@
msg: "WARNING the shared-resource-viewer role could not be upgraded to 3.6 spec because it's marked protected, please see https://bugzilla.redhat.com/show_bug.cgi?id=1493213"
when:
- __shared_resource_viewer_protected | default(false)
+
+- name: Upgrade Service Catalog
+ hosts: oo_first_master
+ roles:
+ - role: openshift_service_catalog
+ when:
+ - openshift_enable_service_catalog | default(true) | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/config.yml b/playbooks/common/openshift-cluster/upgrades/pre/config.yml
index 44af37b2d..c027fc8f5 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/config.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/config.yml
@@ -79,3 +79,4 @@
- import_role:
name: container_runtime
tasks_from: docker_upgrade_check.yml
+ when: docker_upgrade | default(True) | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml
index 463a05688..4902b9ecd 100644
--- a/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml
+++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml
@@ -94,25 +94,3 @@
state: started
enabled: yes
with_items: "{{ master_services }}"
-
-# Until openshift-ansible is determining which host is the CA host we
-# must (unfortunately) ensure that the first host in the etcd group is
-# the etcd CA host.
-# https://bugzilla.redhat.com/show_bug.cgi?id=1469358
-- name: Verify we can proceed on first etcd
- hosts: oo_first_etcd
- gather_facts: no
- tasks:
- - name: Ensure CA exists on first etcd
- stat:
- path: /etc/etcd/generated_certs
- register: __etcd_ca_stat
-
- - fail:
- msg: >
- In order to correct an etcd certificate signing problem
- upgrading may require re-generating etcd certificates. Please
- ensure that the /etc/etcd/generated_certs directory exists on
- the first host defined in your [etcd] group.
- when:
- - not __etcd_ca_stat.stat.exists | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 40e245d75..3c0b72832 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -311,6 +311,9 @@
post_tasks:
- import_role:
name: openshift_node
+ tasks_from: upgrade_pre.yml
+ - import_role:
+ name: openshift_node
tasks_from: upgrade.yml
- import_role:
name: openshift_manage_node
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
index 8792295c6..9c7677f1b 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
@@ -15,6 +15,7 @@
vars:
l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
l_init_fact_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
+ l_base_packages_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config"
## Check to see if they're running 3.7 and if so upgrade them to 3.8 on control plan
## If they've specified pkg_version or image_tag preserve that for later use
@@ -125,8 +126,8 @@
- name: Restart master controllers to force new leader election mode
service:
name: "{{ openshift_service_type }}-master-controllers"
- state: restart
- when: openshift.common.rolling_restart_mode == 'service'
+ state: restarted
+ when: openshift.common.rolling_restart_mode == 'services'
- name: Re-enable master controllers to force new leader election mode
service:
name: "{{ openshift_service_type }}-master-controllers"
diff --git a/playbooks/common/private/components.yml b/playbooks/common/private/components.yml
index 089645d07..739be93c5 100644
--- a/playbooks/common/private/components.yml
+++ b/playbooks/common/private/components.yml
@@ -20,7 +20,9 @@
- import_playbook: ../../openshift-hosted/private/config.yml
- import_playbook: ../../openshift-web-console/private/config.yml
- when: openshift_web_console_install | default(true) | bool
+ when:
+ - openshift_web_console_install | default(true) | bool
+ - openshift.common.version_gte_3_9
- import_playbook: ../../openshift-metrics/private/config.yml
when: openshift_metrics_install_metrics | default(false) | bool
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-08 23:17:59 +0000