summaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/adhoc/uninstall.yml274
-rw-r--r--playbooks/common/openshift-cluster/upgrades/docker/restart.yml12
-rw-r--r--playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml2
-rw-r--r--playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml3
-rw-r--r--playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check193
-rw-r--r--playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh12
-rw-r--r--playbooks/common/openshift-master/restart_services.yml12
7 files changed, 189 insertions, 319 deletions
diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml
index b9966e715..f0cfa7f55 100644
--- a/playbooks/adhoc/uninstall.yml
+++ b/playbooks/adhoc/uninstall.yml
@@ -75,6 +75,10 @@
- hosts: nodes
become: yes
+ vars:
+ node_dirs:
+ - "/etc/origin"
+ - "/var/lib/origin"
tasks:
- name: unmask services
command: systemctl unmask "{{ item }}"
@@ -83,63 +87,66 @@
with_items:
- firewalld
- - name: Remove packages
- package: name={{ item }} state=absent
- when: not is_atomic | bool
- with_items:
- - atomic-enterprise
- - atomic-enterprise-node
- - atomic-enterprise-sdn-ovs
- - atomic-openshift
- - atomic-openshift-clients
- - atomic-openshift-excluder
- - atomic-openshift-docker-excluder
- - atomic-openshift-node
- - atomic-openshift-sdn-ovs
- - cockpit-bridge
- - cockpit-docker
- - cockpit-shell
- - cockpit-ws
- - kubernetes-client
- - openshift
- - openshift-node
- - openshift-sdn
- - openshift-sdn-ovs
- - openvswitch
- - origin
- - origin-excluder
- - origin-docker-excluder
- - origin-clients
- - origin-node
- - origin-sdn-ovs
- - tuned-profiles-atomic-enterprise-node
- - tuned-profiles-atomic-openshift-node
- - tuned-profiles-openshift-node
- - tuned-profiles-origin-node
-
- - name: Remove flannel package
- package: name=flannel state=absent
- when: openshift_use_flannel | default(false) | bool and not is_atomic | bool
-
- - shell: systemctl reset-failed
- changed_when: False
-
- - shell: systemctl daemon-reload
- changed_when: False
-
- - name: Remove br0 interface
- shell: ovs-vsctl del-br br0
- changed_when: False
- failed_when: False
-
- - name: Remove linux interfaces
- shell: ip link del "{{ item }}"
- changed_when: False
- failed_when: False
- with_items:
- - lbr0
- - vlinuxbr
- - vovsbr
+ - block:
+ - block:
+ - name: Remove packages
+ package: name={{ item }} state=absent
+ with_items:
+ - atomic-enterprise
+ - atomic-enterprise-node
+ - atomic-enterprise-sdn-ovs
+ - atomic-openshift
+ - atomic-openshift-clients
+ - atomic-openshift-excluder
+ - atomic-openshift-docker-excluder
+ - atomic-openshift-node
+ - atomic-openshift-sdn-ovs
+ - cockpit-bridge
+ - cockpit-docker
+ - cockpit-shell
+ - cockpit-ws
+ - kubernetes-client
+ - openshift
+ - openshift-node
+ - openshift-sdn
+ - openshift-sdn-ovs
+ - openvswitch
+ - origin
+ - origin-excluder
+ - origin-docker-excluder
+ - origin-clients
+ - origin-node
+ - origin-sdn-ovs
+ - tuned-profiles-atomic-enterprise-node
+ - tuned-profiles-atomic-openshift-node
+ - tuned-profiles-openshift-node
+ - tuned-profiles-origin-node
+
+ - name: Remove flannel package
+ package: name=flannel state=absent
+ when: openshift_use_flannel | default(false) | bool
+ when: "{{ not is_atomic | bool }}"
+
+ - shell: systemctl reset-failed
+ changed_when: False
+
+ - shell: systemctl daemon-reload
+ changed_when: False
+
+ - name: Remove br0 interface
+ shell: ovs-vsctl del-br br0
+ changed_when: False
+ failed_when: False
+
+ - name: Remove linux interfaces
+ shell: ip link del "{{ item }}"
+ changed_when: False
+ failed_when: False
+ with_items:
+ - lbr0
+ - vlinuxbr
+ - vovsbr
+ when: "{{ openshift_remove_all | default(true) | bool }}"
- shell: find /var/lib/origin/openshift.local.volumes -type d -exec umount {} \; 2>/dev/null || true
changed_when: False
@@ -176,28 +183,57 @@
failed_when: False
with_items: "{{ exited_containers_to_delete.results }}"
- - shell: docker images | egrep {{ item }} | awk '{ print $3 }'
- changed_when: False
- failed_when: False
- register: images_to_delete
+ - block:
+ - block:
+ - shell: docker images | egrep {{ item }} | awk '{ print $3 }'
+ changed_when: False
+ failed_when: False
+ register: images_to_delete
+ with_items:
+ - registry\.access\..*redhat\.com/openshift3
+ - registry\.access\..*redhat\.com/aep3
+ - registry\.qe\.openshift\.com/.*
+ - registry\.access\..*redhat\.com/rhel7/etcd
+ - docker.io/openshift
+
+ - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}"
+ changed_when: False
+ failed_when: False
+ with_items: "{{ images_to_delete.results }}"
+ when: "{{ openshift_uninstall_images | default(True) | bool }}"
+
+ - name: remove sdn drop files
+ file:
+ path: /run/openshift-sdn
+ state: absent
+
+ - name: Remove files owned by RPMs
+ file: path={{ item }} state=absent
+ with_items:
+ - /etc/sysconfig/openshift-node
+ - /etc/sysconfig/openvswitch
+ - /run/openshift-sdn
+ when: "{{ openshift_remove_all | default(True) | bool }}"
+
+ - find: path={{ item }} file_type=file
+ register: files
with_items:
- - registry\.access\..*redhat\.com/openshift3
- - registry\.access\..*redhat\.com/aep3
- - registry\.qe\.openshift\.com/.*
- - registry\.access\..*redhat\.com/rhel7/etcd
- - docker.io/openshift
- when: openshift_uninstall_images | default(True) | bool
-
- - shell: "docker rmi -f {{ item.stdout_lines | join(' ') }}"
- changed_when: False
- failed_when: False
- with_items: "{{ images_to_delete.results }}"
- when: openshift_uninstall_images | default(True) | bool
+ - "{{ node_dirs }}"
+
+ - find: path={{ item }} file_type=directory
+ register: directories
+ with_items:
+ - "{{ node_dirs }}"
- - name: Remove sdn drop files
- file:
- path: /run/openshift-sdn
- state: absent
+ - file: path={{ item.1.path }} state=absent
+ with_subelements:
+ - "{{ files.results | default([]) }}"
+ - files
+
+ - file: path={{ item.1.path }} state=absent
+ with_subelements:
+ - "{{ directories.results | default([]) }}"
+ - files
- name: Remove remaining files
file: path={{ item }} state=absent
@@ -209,13 +245,10 @@
- /etc/NetworkManager/dispatcher.d/99-origin-dns.sh
- /etc/openshift
- /etc/openshift-sdn
- - /etc/origin
- /etc/sysconfig/atomic-enterprise-node
- /etc/sysconfig/atomic-openshift-node
- /etc/sysconfig/atomic-openshift-node-dep
- - /etc/sysconfig/openshift-node
- /etc/sysconfig/openshift-node-dep
- - /etc/sysconfig/openvswitch
- /etc/sysconfig/origin-node
- /etc/sysconfig/origin-node
- /etc/sysconfig/origin-node-dep
@@ -227,10 +260,8 @@
- /etc/systemd/system/origin-node-dep.service
- /etc/systemd/system/origin-node.service
- /etc/systemd/system/origin-node.service.wants
- - /run/openshift-sdn
- /var/lib/atomic-enterprise
- /var/lib/openshift
- - /var/lib/origin
- name: restart docker
service: name=docker state=restarted
@@ -238,9 +269,12 @@
- name: restart NetworkManager
service: name=NetworkManager state=restarted
-
- hosts: masters
become: yes
+ vars:
+ master_dirs:
+ - "/etc/origin"
+ - "/var/lib/origin"
tasks:
- name: unmask services
command: systemctl unmask "{{ item }}"
@@ -252,7 +286,7 @@
- name: Remove packages
package: name={{ item }} state=absent
- when: not is_atomic | bool
+ when: not is_atomic | bool and openshift_remove_all | default(True) | bool
with_items:
- atomic-enterprise
- atomic-enterprise-master
@@ -283,6 +317,33 @@
- shell: systemctl daemon-reload
changed_when: False
+ - name: Remove files owned by RPMs
+ file: path={{ item }} state=absent
+ when: openshift_remove_all | default(True) | bool
+ with_items:
+ - /etc/sysconfig/atomic-openshift-master
+ - /etc/sysconfig/openvswitch
+
+ - find: path={{ item }} file_type=file
+ register: files
+ with_items:
+ - "{{ master_dirs }}"
+
+ - find: path={{ item }} file_type=directory
+ register: directories
+ with_items:
+ - "{{ master_dirs }}"
+
+ - file: path={{ item.1.path }} state=absent
+ with_subelements:
+ - "{{ files.results | default([]) }}"
+ - files
+
+ - file: path={{ item.1.path }} state=absent
+ with_subelements:
+ - "{{ directories.results | default([]) }}"
+ - files
+
- name: Remove remaining files
file: path={{ item }} state=absent
with_items:
@@ -292,7 +353,6 @@
- /etc/corosync
- /etc/openshift
- /etc/openshift-sdn
- - /etc/origin
- /etc/systemd/system/atomic-openshift-master.service
- /etc/systemd/system/atomic-openshift-master-api.service
- /etc/systemd/system/atomic-openshift-master-controllers.service
@@ -303,14 +363,12 @@
- /etc/sysconfig/atomic-enterprise-master
- /etc/sysconfig/atomic-enterprise-master-api
- /etc/sysconfig/atomic-enterprise-master-controllers
- - /etc/sysconfig/atomic-openshift-master
- /etc/sysconfig/atomic-openshift-master-api
- /etc/sysconfig/atomic-openshift-master-controllers
- /etc/sysconfig/origin-master
- /etc/sysconfig/origin-master-api
- /etc/sysconfig/origin-master-controllers
- /etc/sysconfig/openshift-master
- - /etc/sysconfig/openvswitch
- /etc/sysconfig/origin-master
- /etc/sysconfig/origin-master-api
- /etc/sysconfig/origin-master-controllers
@@ -318,7 +376,6 @@
- /usr/share/openshift/examples
- /var/lib/atomic-enterprise
- /var/lib/openshift
- - /var/lib/origin
- /var/lib/pacemaker
- /var/lib/pcsd
- /usr/lib/systemd/system/atomic-openshift-master-api.service
@@ -339,6 +396,10 @@
- hosts: etcd
become: yes
+ vars:
+ etcd_dirs:
+ - "/etc/etcd"
+ - "/var/lib/etcd"
tasks:
- name: unmask services
command: systemctl unmask "{{ item }}"
@@ -358,7 +419,7 @@
- name: Remove packages
package: name={{ item }} state=absent
- when: not is_atomic | bool
+ when: not is_atomic | bool and openshift_remove_all | default(True) | bool
with_items:
- etcd
- etcd3
@@ -369,13 +430,25 @@
- shell: systemctl daemon-reload
changed_when: False
- - name: Remove remaining files
- file: path={{ item }} state=absent
+ - find: path={{ item }} file_type=file
+ register: files
with_items:
- - /etc/ansible/facts.d/openshift.fact
- - /etc/etcd
- - /etc/systemd/system/etcd_container.service
- - /etc/profile.d/etcdctl.sh
+ - "{{ etcd_dirs }}"
+
+ - find: path={{ item }} file_type=directory
+ register: directories
+ with_items:
+ - "{{ etcd_dirs }}"
+
+ - file: path={{ item.1.path }} state=absent
+ with_subelements:
+ - "{{ files.results | default([]) }}"
+ - files
+
+ - file: path={{ item.1.path }} state=absent
+ with_subelements:
+ - "{{ directories.results | default([]) }}"
+ - files
# Intenationally using rm command over file module because if someone had mounted a filesystem
# at /var/lib/etcd then the contents was not removed correctly
@@ -385,6 +458,13 @@
warn: no
failed_when: false
+ - name: Remove remaining files
+ file: path={{ item }} state=absent
+ with_items:
+ - /etc/ansible/facts.d/openshift.fact
+ - /etc/systemd/system/etcd_container.service
+ - /etc/profile.d/etcdctl.sh
+
- hosts: lb
become: yes
tasks:
@@ -397,7 +477,7 @@
- name: Remove packages
package: name={{ item }} state=absent
- when: not is_atomic | bool
+ when: not is_atomic | bool and openshift_remove_all | default(True) | bool
with_items:
- haproxy
@@ -411,4 +491,4 @@
file: path={{ item }} state=absent
with_items:
- /etc/ansible/facts.d/openshift.fact
- - /var/lib/haproxy
+ - /var/lib/haproxy/stats
diff --git a/playbooks/common/openshift-cluster/upgrades/docker/restart.yml b/playbooks/common/openshift-cluster/upgrades/docker/restart.yml
index d800b289b..1b418920f 100644
--- a/playbooks/common/openshift-cluster/upgrades/docker/restart.yml
+++ b/playbooks/common/openshift-cluster/upgrades/docker/restart.yml
@@ -19,11 +19,9 @@
when: openshift.common.is_containerized | bool
- name: Wait for master API to come back online
- become: no
- local_action:
- module: wait_for
- host="{{ inventory_hostname }}"
- state=started
- delay=10
- port="{{ openshift.master.api_port }}"
+ wait_for:
+ host: "{{ openshift.common.hostname }}"
+ state: started
+ delay: 10
+ port: "{{ openshift.master.api_port }}"
when: inventory_hostname in groups.oo_masters_to_config
diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
index 44ddf97ad..17f8fc6e9 100644
--- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
+++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade.yml
@@ -20,7 +20,7 @@
- debug: var=docker_image_count.stdout
- name: Remove all containers and images
- script: nuke_images.sh docker
+ script: nuke_images.sh
register: nuke_images_result
when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool
diff --git a/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml b/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
index f88981a0b..5f8b59e17 100644
--- a/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
+++ b/playbooks/common/openshift-cluster/upgrades/etcd/containerized_tasks.yml
@@ -8,8 +8,7 @@
- name: Set new_etcd_image
set_fact:
- new_etcd_image: "{{ current_image.stdout | regex_replace('/etcd.*$','/etcd3:' ~ upgrade_version ) if upgrade_version | version_compare('3.0','>=')
- else current_image.stdout.split(':')[0] ~ ':' ~ upgrade_version }}"
+ new_etcd_image: "{{ current_image.stdout | regex_replace('/etcd.*$','/etcd:' ~ upgrade_version ) }}"
- name: Pull new etcd image
command: "docker pull {{ new_etcd_image }}"
diff --git a/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check b/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check
deleted file mode 100644
index e5c958ebb..000000000
--- a/playbooks/common/openshift-cluster/upgrades/files/pre-upgrade-check
+++ /dev/null
@@ -1,193 +0,0 @@
-#!/usr/bin/env python
-"""
-Pre-upgrade checks that must be run on a master before proceeding with upgrade.
-"""
-# This is a script not a python module:
-# pylint: disable=invalid-name
-
-# NOTE: This script should not require any python libs other than what is
-# in the standard library.
-
-__license__ = "ASL 2.0"
-
-import json
-import os
-import subprocess
-import re
-
-# The maximum length of container.ports.name
-ALLOWED_LENGTH = 15
-# The valid structure of container.ports.name
-ALLOWED_CHARS = re.compile('^[a-z0-9][a-z0-9\\-]*[a-z0-9]$')
-AT_LEAST_ONE_LETTER = re.compile('[a-z]')
-# look at OS_PATH for the full path. Default ot 'oc'
-OC_PATH = os.getenv('OC_PATH', 'oc')
-
-
-def validate(value):
- """
- validate verifies that value matches required conventions
-
- Rules of container.ports.name validation:
-
- * must be less that 16 chars
- * at least one letter
- * only a-z0-9-
- * hyphens can not be leading or trailing or next to each other
-
- :Parameters:
- - `value`: Value to validate
- """
- if len(value) > ALLOWED_LENGTH:
- return False
-
- if '--' in value:
- return False
-
- # We search since it can be anywhere
- if not AT_LEAST_ONE_LETTER.search(value):
- return False
-
- # We match because it must start at the beginning
- if not ALLOWED_CHARS.match(value):
- return False
- return True
-
-
-def list_items(kind):
- """
- list_items returns a list of items from the api
-
- :Parameters:
- - `kind`: Kind of item to access
- """
- response = subprocess.check_output([OC_PATH, 'get', '--all-namespaces', '-o', 'json', kind])
- items = json.loads(response)
- return items.get("items", [])
-
-
-def get(obj, *paths):
- """
- Gets an object
-
- :Parameters:
- - `obj`: A dictionary structure
- - `path`: All other non-keyword arguments
- """
- ret_obj = obj
- for path in paths:
- if ret_obj.get(path, None) is None:
- return []
- ret_obj = ret_obj[path]
- return ret_obj
-
-
-# pylint: disable=too-many-arguments
-def pretty_print_errors(namespace, kind, item_name, container_name, invalid_label, port_name, valid):
- """
- Prints out results in human friendly way.
-
- :Parameters:
- - `namespace`: Namespace of the resource
- - `kind`: Kind of the resource
- - `item_name`: Name of the resource
- - `container_name`: Name of the container. May be "" when kind=Service.
- - `port_name`: Name of the port
- - `invalid_label`: The label of the invalid port. Port.name/targetPort
- - `valid`: True if the port is valid
- """
- if not valid:
- if len(container_name) > 0:
- print('%s/%s -n %s (Container="%s" %s="%s")' % (
- kind, item_name, namespace, container_name, invalid_label, port_name))
- else:
- print('%s/%s -n %s (%s="%s")' % (
- kind, item_name, namespace, invalid_label, port_name))
-
-
-def print_validation_header():
- """
- Prints the error header. Should run on the first error to avoid
- overwhelming the user.
- """
- print """\
-At least one port name is invalid and must be corrected before upgrading.
-Please update or remove any resources with invalid port names.
-
- Valid port names must:
-
- * be less that 16 characters
- * have at least one letter
- * contain only a-z0-9-
- * not start or end with -
- * not contain dashes next to each other ('--')
-"""
-
-
-def main():
- """
- main is the main entry point to this script
- """
- try:
- # the comma at the end suppresses the newline
- print "Checking for oc ...",
- subprocess.check_output([OC_PATH, 'whoami'])
- print "found"
- except:
- print(
- 'Unable to run "%s whoami"\n'
- 'Please ensure OpenShift is running, and "oc" is on your system '
- 'path.\n'
- 'You can override the path with the OC_PATH environment variable.'
- % OC_PATH)
- raise SystemExit(1)
-
- # Where the magic happens
- first_error = True
- for kind, path in [
- ('deploymentconfigs', ("spec", "template", "spec", "containers")),
- ('replicationcontrollers', ("spec", "template", "spec", "containers")),
- ('pods', ("spec", "containers"))]:
- for item in list_items(kind):
- namespace = item["metadata"]["namespace"]
- item_name = item["metadata"]["name"]
- for container in get(item, *path):
- container_name = container["name"]
- for port in get(container, "ports"):
- port_name = port.get("name", None)
- if not port_name:
- # Unnamed ports are OK
- continue
- valid = validate(port_name)
- if not valid and first_error:
- first_error = False
- print_validation_header()
- pretty_print_errors(
- namespace, kind, item_name,
- container_name, "Port.name", port_name, valid)
-
- # Services follow a different flow
- for item in list_items('services'):
- namespace = item["metadata"]["namespace"]
- item_name = item["metadata"]["name"]
- for port in get(item, "spec", "ports"):
- port_name = port.get("targetPort", None)
- if isinstance(port_name, int) or port_name is None:
- # Integer only or unnamed ports are OK
- continue
- valid = validate(port_name)
- if not valid and first_error:
- first_error = False
- print_validation_header()
- pretty_print_errors(
- namespace, "services", item_name, "",
- "targetPort", port_name, valid)
-
- # If we had at least 1 error then exit with 1
- if not first_error:
- raise SystemExit(1)
-
-
-if __name__ == '__main__':
- main()
-
diff --git a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh b/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh
deleted file mode 100644
index 7bf249742..000000000
--- a/playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/bash
-if [ `which dnf 2> /dev/null` ]; then
- installed=$(dnf repoquery --installed --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null)
- available=$(dnf repoquery --available --latest-limit 1 -d 0 --qf '%{version}-%{release}' "${@}" 2> /dev/null)
-else
- installed=$(repoquery --plugins --pkgnarrow=installed --qf '%{version}-%{release}' "${@}" 2> /dev/null)
- available=$(repoquery --plugins --pkgnarrow=available --qf '%{version}-%{release}' "${@}" 2> /dev/null)
-fi
-
-echo "---"
-echo "curr_version: ${installed}"
-echo "avail_version: ${available}"
diff --git a/playbooks/common/openshift-master/restart_services.yml b/playbooks/common/openshift-master/restart_services.yml
index 25fa10450..b40c32669 100644
--- a/playbooks/common/openshift-master/restart_services.yml
+++ b/playbooks/common/openshift-master/restart_services.yml
@@ -10,13 +10,11 @@
state: restarted
when: openshift_master_ha | bool and openshift.master.cluster_method != 'pacemaker'
- name: Wait for master API to come back online
- become: no
- local_action:
- module: wait_for
- host="{{ openshift.common.hostname }}"
- state=started
- delay=10
- port="{{ openshift.master.api_port }}"
+ wait_for:
+ host: "{{ openshift.common.hostname }}"
+ state: started
+ delay: 10
+ port: "{{ openshift.master.api_port }}"
when: openshift_master_ha | bool and openshift.master.cluster_method != 'pacemaker'
- name: Restart master controllers
service: