diff options
Diffstat (limited to 'playbooks')
160 files changed, 1033 insertions, 1879 deletions
diff --git a/playbooks/adhoc/openshift_hosted_logging_efk.yaml b/playbooks/adhoc/openshift_hosted_logging_efk.yaml index 69b2541bb..faeb332ad 100644 --- a/playbooks/adhoc/openshift_hosted_logging_efk.yaml +++ b/playbooks/adhoc/openshift_hosted_logging_efk.yaml @@ -10,7 +10,7 @@ - set_fact: openshift_logging_kibana_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ openshift_master_default_subdomain }}" tasks: - - include_role: + - import_role: name: openshift_logging tasks_from: update_master_config when: openshift_hosted_logging_deploy | default(false) | bool diff --git a/playbooks/adhoc/uninstall.yml b/playbooks/adhoc/uninstall.yml index 9f044c089..0e0e2b425 100644 --- a/playbooks/adhoc/uninstall.yml +++ b/playbooks/adhoc/uninstall.yml @@ -18,9 +18,8 @@ # Since we're not calling openshift_facts we'll do this for now - set_fact: - is_atomic: "{{ ostree_output.rc == 0 }}" - - set_fact: - is_containerized: "{{ is_atomic or containerized | default(false) | bool }}" + openshift_is_atomic: "{{ ostree_output.rc == 0 }}" + openshift_is_containerized: "{{ ostree_output.rc == 0 or containerized | default(false) | bool }}" # Stop services on all hosts prior to removing files. - hosts: nodes @@ -126,14 +125,14 @@ - tuned-profiles-atomic-openshift-node - tuned-profiles-origin-node register: result - until: result | success + until: result is succeeded - name: Remove flannel package package: name=flannel state=absent when: openshift_use_flannel | default(false) | bool register: result - until: result | success - when: not is_atomic | bool + until: result is succeeded + when: not openshift_is_atomic | bool - shell: systemctl reset-failed changed_when: False @@ -286,9 +285,9 @@ - name: restart docker service: name=docker state=stopped enabled=no failed_when: false - when: not (container_engine | changed) + when: not (container_engine is changed) register: l_docker_restart_docker_in_pb_result - until: not l_docker_restart_docker_in_pb_result | failed + until: not (l_docker_restart_docker_in_pb_result is failed) retries: 3 delay: 30 @@ -363,7 +362,7 @@ - name: Remove packages package: name={{ item }} state=absent - when: not is_atomic | bool and openshift_remove_all | default(True) | bool + when: not openshift_is_atomic | bool and openshift_remove_all | default(True) | bool with_items: - atomic-openshift - atomic-openshift-clients @@ -384,7 +383,7 @@ - origin-docker-excluder - origin-master register: result - until: result | success + until: result is succeeded - shell: systemctl reset-failed changed_when: False @@ -487,19 +486,19 @@ - name: Stop additional atomic services service: name={{ item }} state=stopped - when: is_containerized | bool + when: openshift_is_containerized | bool with_items: - etcd_container failed_when: false - name: Remove packages package: name={{ item }} state=absent - when: not is_atomic | bool and openshift_remove_all | default(True) | bool + when: not openshift_is_atomic | bool and openshift_remove_all | default(True) | bool with_items: - etcd - etcd3 register: result - until: result | success + until: result is succeeded - shell: systemctl reset-failed changed_when: False @@ -554,11 +553,11 @@ - name: Remove packages package: name={{ item }} state=absent - when: not is_atomic | bool and openshift_remove_all | default(True) | bool + when: not openshift_is_atomic | bool and openshift_remove_all | default(True) | bool with_items: - haproxy register: result - until: result | success + until: result is succeeded - shell: systemctl reset-failed changed_when: False diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md index c6fc75a50..d203b9cda 100644 --- a/playbooks/aws/README.md +++ b/playbooks/aws/README.md @@ -134,7 +134,7 @@ At this point we have successfully created the infrastructure including the mast Now it is time to install Openshift using the openshift-ansible installer. This can be achieved by running the following playbook: ``` -$ ansible-playbook -i inventory.yml install.yml @provisioning_vars.yml +$ ansible-playbook -i inventory.yml install.yml -e @provisioning_vars.yml ``` This playbook accomplishes the following: 1. Builds a dynamic inventory file by querying AWS. diff --git a/playbooks/aws/openshift-cluster/accept.yml b/playbooks/aws/openshift-cluster/accept.yml index cab2f1e40..e7bed4f6e 100755 --- a/playbooks/aws/openshift-cluster/accept.yml +++ b/playbooks/aws/openshift-cluster/accept.yml @@ -18,7 +18,7 @@ name: lib_openshift - name: fetch masters - ec2_remote_facts: + ec2_instance_facts: region: "{{ openshift_aws_region | default('us-east-1') }}" filters: "tag:clusterid": "{{ openshift_aws_clusterid | default('default') }}" @@ -30,7 +30,7 @@ until: "'instances' in mastersout and mastersout.instances|length > 0" - name: fetch new node instances - ec2_remote_facts: + ec2_instance_facts: region: "{{ openshift_aws_region | default('us-east-1') }}" filters: "tag:clusterid": "{{ openshift_aws_clusterid | default('default') }}" diff --git a/playbooks/aws/openshift-cluster/filter_plugins b/playbooks/aws/openshift-cluster/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/aws/openshift-cluster/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/aws/openshift-cluster/install.yml b/playbooks/aws/openshift-cluster/install.yml index b03fb0b7f..a3fc82f9a 100644 --- a/playbooks/aws/openshift-cluster/install.yml +++ b/playbooks/aws/openshift-cluster/install.yml @@ -2,7 +2,7 @@ - name: Setup the master node group hosts: localhost tasks: - - include_role: + - import_role: name: openshift_aws tasks_from: setup_master_group.yml @@ -11,7 +11,7 @@ gather_facts: no remote_user: root tasks: - - include_role: + - import_role: name: openshift_aws tasks_from: master_facts.yml diff --git a/playbooks/aws/openshift-cluster/lookup_plugins b/playbooks/aws/openshift-cluster/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/aws/openshift-cluster/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/aws/openshift-cluster/provision.yml b/playbooks/aws/openshift-cluster/provision.yml index 4b5bd22ea..7dde60b7d 100644 --- a/playbooks/aws/openshift-cluster/provision.yml +++ b/playbooks/aws/openshift-cluster/provision.yml @@ -12,6 +12,6 @@ msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" - name: provision cluster - include_role: + import_role: name: openshift_aws tasks_from: provision.yml diff --git a/playbooks/aws/openshift-cluster/provision_instance.yml b/playbooks/aws/openshift-cluster/provision_instance.yml index 6e843453c..6c7c1f069 100644 --- a/playbooks/aws/openshift-cluster/provision_instance.yml +++ b/playbooks/aws/openshift-cluster/provision_instance.yml @@ -7,6 +7,6 @@ gather_facts: no tasks: - name: create an instance and prepare for ami - include_role: + import_role: name: openshift_aws tasks_from: provision_instance.yml diff --git a/playbooks/aws/openshift-cluster/provision_nodes.yml b/playbooks/aws/openshift-cluster/provision_nodes.yml index 44c686e08..82f147865 100644 --- a/playbooks/aws/openshift-cluster/provision_nodes.yml +++ b/playbooks/aws/openshift-cluster/provision_nodes.yml @@ -13,6 +13,6 @@ msg: "openshift_aws_region={{ openshift_aws_region | default('us-east-1') }}" - name: create the node groups - include_role: + import_role: name: openshift_aws tasks_from: provision_nodes.yml diff --git a/playbooks/aws/openshift-cluster/provision_sec_group.yml b/playbooks/aws/openshift-cluster/provision_sec_group.yml index 7d74a691a..a0d4ec728 100644 --- a/playbooks/aws/openshift-cluster/provision_sec_group.yml +++ b/playbooks/aws/openshift-cluster/provision_sec_group.yml @@ -7,7 +7,7 @@ gather_facts: no tasks: - name: create security groups - include_role: + import_role: name: openshift_aws tasks_from: security_group.yml when: openshift_aws_create_security_groups | default(True) | bool diff --git a/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml b/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml index 3ec683958..d86ff9f9b 100644 --- a/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml +++ b/playbooks/aws/openshift-cluster/provision_ssh_keypair.yml @@ -4,7 +4,7 @@ gather_facts: no tasks: - name: create an instance and prepare for ami - include_role: + import_role: name: openshift_aws tasks_from: ssh_keys.yml vars: diff --git a/playbooks/aws/openshift-cluster/provision_vpc.yml b/playbooks/aws/openshift-cluster/provision_vpc.yml index 0a23a6d32..cf72f6c87 100644 --- a/playbooks/aws/openshift-cluster/provision_vpc.yml +++ b/playbooks/aws/openshift-cluster/provision_vpc.yml @@ -4,7 +4,7 @@ gather_facts: no tasks: - name: create a vpc - include_role: + import_role: name: openshift_aws tasks_from: vpc.yml when: openshift_aws_create_vpc | default(True) | bool diff --git a/playbooks/aws/openshift-cluster/seal_ami.yml b/playbooks/aws/openshift-cluster/seal_ami.yml index 8239a64fb..f315db604 100644 --- a/playbooks/aws/openshift-cluster/seal_ami.yml +++ b/playbooks/aws/openshift-cluster/seal_ami.yml @@ -7,6 +7,6 @@ become: no tasks: - name: seal the ami - include_role: + import_role: name: openshift_aws tasks_from: seal_ami.yml diff --git a/playbooks/aws/provisioning-inventory.example.ini b/playbooks/aws/provisioning-inventory.example.ini index 238a7eb2f..cf76c9d10 100644 --- a/playbooks/aws/provisioning-inventory.example.ini +++ b/playbooks/aws/provisioning-inventory.example.ini @@ -11,6 +11,7 @@ etcd openshift_deployment_type=origin openshift_master_bootstrap_enabled=True +openshift_master_api_port=443 openshift_hosted_router_wait=False openshift_hosted_registry_wait=False diff --git a/playbooks/aws/provisioning_vars.yml.example b/playbooks/aws/provisioning_vars.yml.example index 1491fb868..f6b1a6b5d 100644 --- a/playbooks/aws/provisioning_vars.yml.example +++ b/playbooks/aws/provisioning_vars.yml.example @@ -46,7 +46,7 @@ openshift_pkg_version: # -3.7.0 # Name of the subnet in the vpc to use. Needs to be set if using a pre-existing # vpc + subnet. -#openshift_aws_subnet_name: +#openshift_aws_subnet_az: # -------------- # # Security Group # @@ -93,6 +93,11 @@ openshift_aws_ssh_key_name: # myuser_key # --------- # # Variables in this section apply to building a node AMI for use in your # openshift cluster. +# openshift-ansible will perform the container runtime storage setup when specified +# The current storage setup with require a drive if using a separate storage device +# for the container runtime. +container_runtime_docker_storage_type: overlay2 +container_runtime_docker_storage_setup_device: /dev/xvdb # must specify a base_ami when building an AMI openshift_aws_base_ami: # ami-12345678 diff --git a/playbooks/byo/filter_plugins b/playbooks/byo/filter_plugins deleted file mode 120000 index a4f518f07..000000000 --- a/playbooks/byo/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/lookup_plugins b/playbooks/byo/lookup_plugins deleted file mode 120000 index c528bcd1d..000000000 --- a/playbooks/byo/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-cluster/filter_plugins b/playbooks/byo/openshift-cluster/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/byo/openshift-cluster/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/byo/openshift-cluster/lookup_plugins b/playbooks/byo/openshift-cluster/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/byo/openshift-cluster/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index 5a877809a..f70f05bac 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -6,8 +6,9 @@ roles: - role: rhel_subscribe when: - - deployment_type == 'openshift-enterprise' + - openshift_deployment_type == 'openshift-enterprise' - ansible_distribution == "RedHat" - - lookup('env', 'rhel_skip_subscription') | default(rhsub_skip, True) | default('no', True) | lower in ['no', 'false'] + - rhsub_user is defined + - rhsub_pass is defined - role: openshift_repos - role: os_update_latest diff --git a/playbooks/common/openshift-cluster/filter_plugins b/playbooks/common/openshift-cluster/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/common/openshift-cluster/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/library b/playbooks/common/openshift-cluster/library deleted file mode 120000 index d0b7393d3..000000000 --- a/playbooks/common/openshift-cluster/library +++ /dev/null @@ -1 +0,0 @@ -../../../library/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/lookup_plugins b/playbooks/common/openshift-cluster/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/common/openshift-cluster/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/cleanup_unused_images.yml b/playbooks/common/openshift-cluster/upgrades/cleanup_unused_images.yml index 6e953be69..ed97d539c 100644 --- a/playbooks/common/openshift-cluster/upgrades/cleanup_unused_images.yml +++ b/playbooks/common/openshift-cluster/upgrades/cleanup_unused_images.yml @@ -1,22 +1 @@ --- -- name: Check Docker image count - shell: "docker images -aq | wc -l" - register: docker_image_count - when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool - -- debug: var=docker_image_count.stdout - when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool - -- name: Remove unused Docker images for Docker 1.10+ migration - shell: "docker rmi `docker images -aq`" - # Will fail on images still in use: - failed_when: false - when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool - -- name: Check Docker image count - shell: "docker images -aq | wc -l" - register: docker_image_count - when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool - -- debug: var=docker_image_count.stdout - when: docker_upgrade_nuke_images is defined and docker_upgrade_nuke_images | bool diff --git a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml index 23cf8cf76..ef8233b67 100644 --- a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml +++ b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml @@ -2,7 +2,6 @@ - name: Create local temp directory for syncing certs hosts: localhost connection: local - become: no gather_facts: no tasks: - name: Create local temp directory for syncing certs @@ -11,6 +10,11 @@ changed_when: false when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool) + - name: Chmod local temp directory + local_action: command chmod 777 "{{ local_cert_sync_tmpdir.stdout }}" + changed_when: false + when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool) + - name: Create service signer certificate hosts: oo_first_master tasks: @@ -22,7 +26,7 @@ - name: Create service signer certificate command: > - {{ openshift.common.client_binary }} adm ca create-signer-cert + {{ openshift_client_binary }} adm ca create-signer-cert --cert="{{ remote_cert_create_tmpdir.stdout }}/"service-signer.crt --key="{{ remote_cert_create_tmpdir.stdout }}/"service-signer.key --name="{{ remote_cert_create_tmpdir.stdout }}/"openshift-service-serving-signer @@ -65,7 +69,6 @@ - name: Delete local temp directory hosts: localhost connection: local - become: no gather_facts: no tasks: - name: Delete local temp directory diff --git a/playbooks/common/openshift-cluster/upgrades/disable_master_excluders.yml b/playbooks/common/openshift-cluster/upgrades/disable_excluders.yml index 33ed6a283..858912379 100644 --- a/playbooks/common/openshift-cluster/upgrades/disable_master_excluders.yml +++ b/playbooks/common/openshift-cluster/upgrades/disable_excluders.yml @@ -1,6 +1,6 @@ --- - name: Disable excluders - hosts: oo_masters_to_config + hosts: "{{ l_upgrade_excluder_hosts }}" gather_facts: no roles: - role: openshift_excluder diff --git a/playbooks/common/openshift-cluster/upgrades/disable_node_excluders.yml b/playbooks/common/openshift-cluster/upgrades/disable_node_excluders.yml deleted file mode 100644 index ab3171c9a..000000000 --- a/playbooks/common/openshift-cluster/upgrades/disable_node_excluders.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: Disable excluders - hosts: oo_nodes_to_upgrade:!oo_masters_to_config - gather_facts: no - roles: - - role: openshift_excluder - r_openshift_excluder_action: disable - r_openshift_excluder_verify_upgrade: true - r_openshift_excluder_upgrade_target: "{{ openshift_upgrade_target }}" - r_openshift_excluder_package_state: latest - r_openshift_excluder_docker_package_state: latest diff --git a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml index 5c6def484..ffb11670d 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/docker_upgrade.yml @@ -12,14 +12,13 @@ roles: - openshift_facts tasks: - - set_fact: - repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" - - fail: msg: Cannot upgrade Docker on Atomic operating systems. - when: openshift.common.is_atomic | bool + when: openshift_is_atomic | bool - - include_tasks: upgrade_check.yml + - import_role: + name: container_runtime + tasks_from: docker_upgrade_check.yml when: docker_upgrade is not defined or docker_upgrade | bool @@ -32,6 +31,7 @@ any_errors_fatal: true roles: + - openshift_facts - lib_openshift tasks: @@ -43,7 +43,7 @@ retries: 10 delay: 5 register: node_unschedulable - until: node_unschedulable|succeeded + until: node_unschedulable is succeeded when: - l_docker_upgrade is defined - l_docker_upgrade | bool @@ -51,11 +51,11 @@ - name: Drain Node for Kubelet upgrade command: > - {{ openshift.common.client_binary }} adm drain {{ openshift.node.nodename }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + {{ openshift_client_binary }} adm drain {{ openshift.node.nodename }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets delegate_to: "{{ groups.oo_first_master.0 }}" when: l_docker_upgrade is defined and l_docker_upgrade | bool and inventory_hostname in groups.oo_nodes_to_upgrade register: l_docker_upgrade_drain_result - until: not l_docker_upgrade_drain_result | failed + until: not (l_docker_upgrade_drain_result is failed) retries: 60 delay: 60 @@ -70,5 +70,5 @@ retries: 10 delay: 5 register: node_schedulable - until: node_schedulable|succeeded - when: node_unschedulable|changed + until: node_schedulable is succeeded + when: node_unschedulable is changed diff --git a/playbooks/common/openshift-cluster/upgrades/docker/nuke_images.sh b/playbooks/common/openshift-cluster/upgrades/docker/nuke_images.sh deleted file mode 100644 index 8635eab0d..000000000 --- a/playbooks/common/openshift-cluster/upgrades/docker/nuke_images.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Stop any running containers -running_container_ids=`docker ps -q` -if test -n "$running_container_ids" -then - docker stop $running_container_ids -fi - -# Delete all containers -container_ids=`docker ps -a -q` -if test -n "$container_ids" -then - docker rm -f -v $container_ids -fi - -# Delete all images (forcefully) -image_ids=`docker images -aq` -if test -n "$image_ids" -then - # Some layers are deleted recursively and are no longer present - # when docker goes to remove them: - docker rmi -f `docker images -aq` || true -fi - diff --git a/playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml b/playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml index dbc4f39c7..3b47a11e0 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/tasks/restart.yml @@ -2,7 +2,7 @@ - name: Restart docker service: name=docker state=restarted register: l_docker_restart_docker_in_upgrade_result - until: not l_docker_restart_docker_in_upgrade_result | failed + until: not (l_docker_restart_docker_in_upgrade_result is failed) retries: 3 delay: 30 @@ -15,7 +15,7 @@ - "{{ openshift_service_type }}-master-controllers" - "{{ openshift_service_type }}-node" failed_when: false - when: openshift.common.is_containerized | bool + when: openshift_is_containerized | bool - name: Wait for master API to come back online wait_for: diff --git a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml index 4856a4b51..54eeb2ef5 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/tasks/upgrade.yml @@ -10,7 +10,7 @@ - etcd_container - openvswitch failed_when: false - when: openshift.common.is_containerized | bool + when: openshift_is_containerized | bool - name: Check Docker image count shell: "docker images -aq | wc -l" @@ -35,14 +35,14 @@ name: docker state: stopped register: l_pb_docker_upgrade_stop_result - until: not l_pb_docker_upgrade_stop_result | failed + until: not (l_pb_docker_upgrade_stop_result is failed) retries: 3 delay: 30 - name: Upgrade Docker package: name=docker{{ '-' + docker_version }} state=present register: result - until: result | success + until: result is succeeded - include_tasks: restart.yml when: not skip_docker_restart | default(False) | bool diff --git a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml index 2e3a7ae8b..ed97d539c 100644 --- a/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml +++ b/playbooks/common/openshift-cluster/upgrades/docker/upgrade_check.yml @@ -1,58 +1 @@ --- - -# This snippet determines if a Docker upgrade is required by checking the inventory -# variables, the available packages, and sets l_docker_upgrade to True if so. - -- set_fact: - docker_upgrade: True - when: docker_upgrade is not defined - -- name: Check if Docker is installed - command: rpm -q docker - args: - warn: no - register: pkg_check - failed_when: pkg_check.rc > 1 - changed_when: no - -- name: Get current version of Docker - command: "{{ repoquery_installed }} --qf '%{version}' docker" - register: curr_docker_version - retries: 4 - until: curr_docker_version | succeeded - changed_when: false - -- name: Get latest available version of Docker - command: > - {{ repoquery_cmd }} --qf '%{version}' "docker" - register: avail_docker_version - retries: 4 - until: avail_docker_version | succeeded - # Don't expect docker rpm to be available on hosts that don't already have it installed: - when: pkg_check.rc == 0 - failed_when: false - changed_when: false - -- fail: - msg: This playbook requires access to Docker 1.12 or later - # Disable the 1.12 requirement if the user set a specific Docker version - when: docker_version is not defined and (docker_upgrade is not defined or docker_upgrade | bool == True) and (pkg_check.rc == 0 and (avail_docker_version.stdout == "" or avail_docker_version.stdout | version_compare('1.12','<'))) - -# Default l_docker_upgrade to False, we'll set to True if an upgrade is required: -- set_fact: - l_docker_upgrade: False - -# Make sure a docker_version is set if none was requested: -- set_fact: - docker_version: "{{ avail_docker_version.stdout }}" - when: pkg_check.rc == 0 and docker_version is not defined - -- name: Flag for Docker upgrade if necessary - set_fact: - l_docker_upgrade: True - when: pkg_check.rc == 0 and curr_docker_version.stdout | version_compare(docker_version,'<') - -- name: Flag to delete all images prior to upgrade if crossing Docker 1.10 boundary - set_fact: - docker_upgrade_nuke_images: True - when: l_docker_upgrade | bool and docker_upgrade_nuke_images is not defined and curr_docker_version.stdout | version_compare('1.10','<') and docker_version | version_compare('1.10','>=') diff --git a/playbooks/common/openshift-cluster/upgrades/filter_plugins b/playbooks/common/openshift-cluster/upgrades/filter_plugins deleted file mode 120000 index b1213dedb..000000000 --- a/playbooks/common/openshift-cluster/upgrades/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index 5454a6680..8ee83819e 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -8,7 +8,7 @@ - import_playbook: ../../../init/facts.yml - name: Ensure firewall is not switched during upgrade - hosts: oo_all_hosts + hosts: "{{ l_upgrade_no_switch_firewall_hosts | default('oo_all_hosts') }}" vars: openshift_master_installed_version: "{{ hostvars[groups.oo_first_master.0].openshift.common.version }}" tasks: diff --git a/playbooks/common/openshift-cluster/upgrades/lookup_plugins b/playbooks/common/openshift-cluster/upgrades/lookup_plugins deleted file mode 120000 index aff753026..000000000 --- a/playbooks/common/openshift-cluster/upgrades/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 344ddea3c..1b57521df 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -27,8 +27,8 @@ - set_fact: haproxy_routers: "{{ all_routers.results.results[0]['items'] | - oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | - oo_select_keys_from_list(['metadata']) }}" + lib_utils_oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | + lib_utils_oo_select_keys_from_list(['metadata']) }}" when: - all_routers.results.returncode == 0 @@ -126,7 +126,7 @@ debug: msg: "WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information." when: - - not grep_plugin_order_override | skipped + - not (grep_plugin_order_override is skipped) - grep_plugin_order_override.rc == 0 - name: Warn if shared-resource-viewer could not be updated diff --git a/playbooks/common/openshift-cluster/upgrades/pre/config.yml b/playbooks/common/openshift-cluster/upgrades/pre/config.yml new file mode 100644 index 000000000..da63450b8 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/pre/config.yml @@ -0,0 +1,81 @@ +--- +# for control-plane upgrade, several variables may be passed in to this play +# why may affect the tasks here and in imported playbooks. + +# Pre-upgrade +- import_playbook: ../initialize_nodes_to_upgrade.yml + +- import_playbook: verify_cluster.yml + +- name: Update repos on upgrade hosts + hosts: "{{ l_upgrade_repo_hosts }}" + roles: + - openshift_repos + +- name: Set openshift_no_proxy_internal_hostnames + hosts: "{{ l_upgrade_no_proxy_hosts }}" + tasks: + - set_fact: + openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] + | union(groups['oo_masters_to_config']) + | union(groups['oo_etcd_to_config'] | default([]))) + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') + }}" + when: + - openshift_http_proxy is defined or openshift_https_proxy is defined + - openshift_generate_no_proxy_hosts | default(True) | bool + +- name: OpenShift Health Checks + hosts: "{{ l_upgrade_health_check_hosts }}" + any_errors_fatal: true + roles: + - openshift_health_checker + vars: + - r_openshift_health_checker_playbook_context: upgrade + post_tasks: + - name: Run health checks (upgrade) + action: openshift_health_check + args: + checks: + - disk_availability + - memory_availability + - docker_image_availability + +- import_playbook: ../disable_excluders.yml + +- import_playbook: ../../../../init/version.yml + vars: + # Request specific openshift_release and let the openshift_version role handle converting this + # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if + # defined, and overriding the normal behavior of protecting the installed version + openshift_release: "{{ openshift_upgrade_target }}" + openshift_protect_installed_version: False + # l_openshift_version_set_hosts is passed via upgrade_control_plane.yml + # l_openshift_version_check_hosts is passed via upgrade_control_plane.yml + +# If we're only upgrading nodes, we need to ensure masters are already upgraded +- name: Verify masters are already upgraded + hosts: oo_masters_to_config + tasks: + - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." + when: + - l_upgrade_nodes_only | default(False) | bool + - openshift.common.version != openshift_version + +# If we're only upgrading nodes, skip this. +- import_playbook: ../../../../openshift-master/private/validate_restart.yml + when: not (l_upgrade_nodes_only | default(False)) | bool + +- name: Verify upgrade targets + hosts: "{{ l_upgrade_verify_targets_hosts }}" + roles: + - role: openshift_facts + tasks: + - include_tasks: verify_upgrade_targets.yml + +- name: Verify docker upgrade targets + hosts: "{{ l_upgrade_docker_target_hosts }}" + tasks: + - import_role: + name: container_runtime + tasks_from: docker_upgrade_check.yml diff --git a/playbooks/common/openshift-cluster/upgrades/pre/gate_checks.yml b/playbooks/common/openshift-cluster/upgrades/pre/gate_checks.yml deleted file mode 100644 index 8ecae4539..000000000 --- a/playbooks/common/openshift-cluster/upgrades/pre/gate_checks.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: Flag pre-upgrade checks complete for hosts without errors - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - set_fact: - pre_upgrade_complete: True diff --git a/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml deleted file mode 100644 index 18a08eb99..000000000 --- a/playbooks/common/openshift-cluster/upgrades/pre/tasks/verify_docker_upgrade_targets.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Only check if docker upgrade is required if docker_upgrade is not -# already set to False. -- include_tasks: ../../docker/upgrade_check.yml - when: - - docker_upgrade is not defined or (docker_upgrade | bool) - - not (openshift.common.is_atomic | bool) - -# Additional checks for Atomic hosts: - -- name: Determine available Docker - shell: "rpm -q --queryformat '---\ncurr_version: %{VERSION}\navail_version: \n' docker" - register: g_atomic_docker_version_result - when: openshift.common.is_atomic | bool - -- set_fact: - l_docker_version: "{{ g_atomic_docker_version_result.stdout | from_yaml }}" - when: openshift.common.is_atomic | bool - -- fail: - msg: This playbook requires access to Docker 1.12 or later - when: openshift.common.is_atomic | bool and l_docker_version.avail_version | default(l_docker_version.curr_version, true) | version_compare('1.12','<') diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml new file mode 100644 index 000000000..693ab2d96 --- /dev/null +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_cluster.yml @@ -0,0 +1,94 @@ +--- +# Verify a few items before we proceed with upgrade process. + +- name: Verify upgrade can proceed on first master + hosts: oo_first_master + gather_facts: no + tasks: + + # Error out in situations where the user has older versions specified in their + # inventory in any of the openshift_release, openshift_image_tag, and + # openshift_pkg_version variables. These must be removed or updated to proceed + # with upgrade. + # TODO: Should we block if you're *over* the next major release version as well? + - fail: + msg: > + openshift_pkg_version is {{ openshift_pkg_version }} which is not a + valid version for a {{ openshift_upgrade_target }} upgrade + when: + - openshift_pkg_version is defined + - openshift_pkg_version.split('-',1).1 is version_compare(openshift_upgrade_target ,'<') + + - fail: + msg: > + openshift_image_tag is {{ openshift_image_tag }} which is not a + valid version for a {{ openshift_upgrade_target }} upgrade + when: + - openshift_image_tag is defined + - openshift_image_tag.split('v',1).1 is version_compare(openshift_upgrade_target ,'<') + + - set_fact: + openshift_release: "{{ openshift_release[1:] }}" + when: openshift_release is defined and openshift_release[0] == 'v' + + - fail: + msg: > + openshift_release is {{ openshift_release }} which is not a + valid release for a {{ openshift_upgrade_target }} upgrade + when: + - openshift_release is defined + - not (openshift_release is version_compare(openshift_upgrade_target ,'=')) + +- name: Verify master processes + hosts: oo_masters_to_config + roles: + - lib_utils + - openshift_facts + tasks: + - name: Read master storage backend setting + yedit: + state: list + src: /etc/origin/master/master-config.yaml + key: kubernetesMasterConfig.apiServerArguments.storage-backend + register: _storage_backend + + - fail: + msg: "Storage backend in /etc/origin/master/master-config.yaml must be set to 'etcd3' before the upgrade can continue" + when: + # assuming the master-config.yml is properly configured, i.e. the value is a list + - _storage_backend.result | default([], true) | length == 0 or _storage_backend.result[0] != "etcd3" + + - debug: + msg: "Storage backend is set to etcd3" + + - openshift_facts: + role: master + local_facts: + ha: "{{ groups.oo_masters_to_config | length > 1 }}" + + - when: openshift_is_containerized | bool + block: + - set_fact: + master_services: + - "{{ openshift_service_type }}-master" + + # In case of the non-ha to ha upgrade. + - name: Check if the {{ openshift_service_type }}-master-api.service exists + command: > + systemctl list-units {{ openshift_service_type }}-master-api.service --no-legend + register: master_api_service_status + + - set_fact: + master_services: + - "{{ openshift_service_type }}-master-api" + - "{{ openshift_service_type }}-master-controllers" + when: + - master_api_service_status.stdout_lines | length > 0 + - (openshift_service_type + '-master-api.service') in master_api_service_status.stdout_lines[0] + + - name: Ensure Master is running + service: + name: "{{ item }}" + state: started + enabled: yes + with_items: "{{ master_services }}" diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml deleted file mode 100644 index bef95546d..000000000 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Verify master processes - hosts: oo_masters_to_config - roles: - - openshift_facts - tasks: - - openshift_facts: - role: master - local_facts: - ha: "{{ groups.oo_masters_to_config | length > 1 }}" - - - when: openshift.common.is_containerized | bool - block: - - set_fact: - master_services: - - "{{ openshift_service_type }}-master" - - # In case of the non-ha to ha upgrade. - - name: Check if the {{ openshift_service_type }}-master-api.service exists - command: > - systemctl list-units {{ openshift_service_type }}-master-api.service --no-legend - register: master_api_service_status - - - set_fact: - master_services: - - "{{ openshift_service_type }}-master-api" - - "{{ openshift_service_type }}-master-controllers" - when: - - master_api_service_status.stdout_lines | length > 0 - - (openshift_service_type + '-master-api.service') in master_api_service_status.stdout_lines[0] - - - name: Ensure Master is running - service: - name: "{{ item }}" - state: started - enabled: yes - with_items: "{{ master_services }}" diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_etcd3_backend.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_etcd3_backend.yml deleted file mode 100644 index f75ae3b15..000000000 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_etcd3_backend.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Verify all masters has etcd3 storage backend set - hosts: oo_masters_to_config - gather_facts: no - roles: - - lib_utils - tasks: - - name: Read master storage backend setting - yedit: - state: list - src: /etc/origin/master/master-config.yaml - key: kubernetesMasterConfig.apiServerArguments.storage-backend - register: _storage_backend - - - fail: - msg: "Storage backend in /etc/origin/master/master-config.yaml must be set to 'etcd3' before the upgrade can continue" - when: - # assuming the master-config.yml is properly configured, i.e. the value is a list - - _storage_backend.result | default([], true) | length == 0 or _storage_backend.result[0] != "etcd3" - - - debug: - msg: "Storage backend is set to etcd3" diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_health_checks.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_health_checks.yml deleted file mode 100644 index 2a8de50a2..000000000 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_health_checks.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: OpenShift Health Checks - hosts: oo_all_hosts - any_errors_fatal: true - roles: - - openshift_health_checker - vars: - - r_openshift_health_checker_playbook_context: upgrade - post_tasks: - - name: Run health checks (upgrade) - action: openshift_health_check - args: - checks: - - disk_availability - - memory_availability - - docker_image_availability diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_inventory_vars.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_inventory_vars.yml deleted file mode 100644 index 3c0017891..000000000 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_inventory_vars.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -- name: Verify upgrade can proceed on first master - hosts: oo_first_master - gather_facts: no - tasks: - - fail: - msg: > - This upgrade is only supported for origin and openshift-enterprise - deployment types - when: deployment_type not in ['origin','openshift-enterprise'] - - # Error out in situations where the user has older versions specified in their - # inventory in any of the openshift_release, openshift_image_tag, and - # openshift_pkg_version variables. These must be removed or updated to proceed - # with upgrade. - # TODO: Should we block if you're *over* the next major release version as well? - - fail: - msg: > - openshift_pkg_version is {{ openshift_pkg_version }} which is not a - valid version for a {{ openshift_upgrade_target }} upgrade - when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(openshift_upgrade_target ,'<') - - - fail: - msg: > - openshift_image_tag is {{ openshift_image_tag }} which is not a - valid version for a {{ openshift_upgrade_target }} upgrade - when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(openshift_upgrade_target ,'<') - - - set_fact: - openshift_release: "{{ openshift_release[1:] }}" - when: openshift_release is defined and openshift_release[0] == 'v' - - - fail: - msg: > - openshift_release is {{ openshift_release }} which is not a - valid release for a {{ openshift_upgrade_target }} upgrade - when: openshift_release is defined and not openshift_release | version_compare(openshift_upgrade_target ,'=') diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index 96f970506..4c1156f4b 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -5,7 +5,7 @@ when: openshift.common.version is not defined - name: Update oreg_auth docker login credentials if necessary - include_role: + import_role: name: container_runtime tasks_from: registry_auth.yml when: oreg_auth_user is defined @@ -15,9 +15,9 @@ docker pull {{ openshift_cli_image }}:{{ openshift_image_tag }} register: pull_result changed_when: "'Downloaded newer image' in pull_result.stdout" - when: openshift.common.is_containerized | bool + when: openshift_is_containerized | bool -- when: not openshift.common.is_containerized | bool +- when: not openshift_is_containerized | bool block: - name: Check latest available OpenShift RPM version repoquery: @@ -43,11 +43,11 @@ fail: msg: "OpenShift {{ avail_openshift_version }} is available, but {{ openshift_upgrade_target }} or greater is required" when: - - (openshift_pkg_version | default('-0.0', True)).split('-')[1] | version_compare(openshift_release, '<') + - (openshift_pkg_version | default('-0.0', True)).split('-')[1] is version_compare(openshift_release, '<') - name: Fail when openshift version does not meet minium requirement for Origin upgrade fail: msg: "This upgrade playbook must be run against OpenShift {{ openshift_upgrade_min }} or later" when: - - deployment_type == 'origin' - - openshift.common.version | version_compare(openshift_upgrade_min,'<') + - openshift_deployment_type == 'origin' + - openshift.common.version is version_compare(openshift_upgrade_min,'<') diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index 37fc8a0f6..412075d41 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -2,20 +2,6 @@ ############################################################################### # Upgrade Masters ############################################################################### - -# If facts cache were for some reason deleted, this fact may not be set, and if not set -# it will always default to true. This causes problems for the etcd data dir fact detection -# so we must first make sure this is set correctly before attempting the backup. -- name: Set master embedded_etcd fact - hosts: oo_masters_to_config - roles: - - openshift_facts - tasks: - - openshift_facts: - role: master - local_facts: - embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" - - name: Backup and upgrade etcd import_playbook: ../../../openshift-etcd/private/upgrade_main.yml @@ -39,7 +25,7 @@ tasks: - name: Upgrade all storage command: > - {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig + {{ openshift_client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig migrate storage --include=* --confirm register: l_pb_upgrade_control_plane_pre_upgrade_storage when: openshift_upgrade_pre_storage_migration_enabled | default(true) | bool @@ -64,7 +50,7 @@ openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}" serial: 1 tasks: - - include_role: + - import_role: name: openshift_facts # Run the pre-upgrade hook if defined: @@ -74,7 +60,7 @@ - include_tasks: "{{ openshift_master_upgrade_pre_hook }}" when: openshift_master_upgrade_pre_hook is defined - - include_role: + - import_role: name: openshift_master tasks_from: upgrade.yml @@ -100,12 +86,12 @@ - name: Post master upgrade - Upgrade clusterpolicies storage command: > - {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig + {{ openshift_client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig migrate storage --include=clusterpolicies --confirm register: l_pb_upgrade_control_plane_post_upgrade_storage when: - openshift_upgrade_post_storage_migration_enabled | default(true) | bool - - openshift_version | version_compare('3.7','<') + - openshift_version is version_compare('3.7','<') failed_when: - openshift_upgrade_post_storage_migration_enabled | default(true) | bool - l_pb_upgrade_control_plane_post_upgrade_storage.rc != 0 @@ -122,12 +108,11 @@ - name: Gate on master update hosts: localhost connection: local - become: no tasks: - set_fact: master_update_completed: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('inventory_hostname', {'master_update_complete': true}) }}" + | lib_utils_oo_select_keys(groups.oo_masters_to_config) + | lib_utils_oo_collect('inventory_hostname', {'master_update_complete': true}) }}" - set_fact: master_update_failed: "{{ groups.oo_masters_to_config | difference(master_update_completed) | list }}" - fail: @@ -147,10 +132,10 @@ tasks: - name: Reconcile Cluster Roles command: > - {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig + {{ openshift_client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-roles --additive-only=true --confirm -o name register: reconcile_cluster_role_result - when: openshift_version | version_compare('3.7','<') + when: openshift_version is version_compare('3.7','<') changed_when: - reconcile_cluster_role_result.stdout != '' - reconcile_cluster_role_result.rc == 0 @@ -158,14 +143,14 @@ - name: Reconcile Cluster Role Bindings command: > - {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig + {{ openshift_client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings --exclude-groups=system:authenticated --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm -o name - when: openshift_version | version_compare('3.7','<') + when: openshift_version is version_compare('3.7','<') register: reconcile_bindings_result changed_when: - reconcile_bindings_result.stdout != '' @@ -174,16 +159,16 @@ - name: Reconcile Jenkins Pipeline Role Bindings command: > - {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm -o name + {{ openshift_client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm -o name run_once: true register: reconcile_jenkins_role_binding_result changed_when: - reconcile_jenkins_role_binding_result.stdout != '' - reconcile_jenkins_role_binding_result.rc == 0 when: - - openshift_version | version_compare('3.7','<') + - openshift_version is version_compare('3.7','<') - - when: openshift_upgrade_target | version_compare('3.7','<') + - when: openshift_upgrade_target is version_compare('3.7','<') block: - name: Retrieve shared-resource-viewer oc_obj: @@ -228,7 +213,7 @@ - name: Reconcile Security Context Constraints command: > - {{ openshift.common.client_binary }} adm policy --config={{ openshift.common.config_base }}/master/admin.kubeconfig reconcile-sccs --confirm --additive-only=true -o name + {{ openshift_client_binary }} adm policy --config={{ openshift.common.config_base }}/master/admin.kubeconfig reconcile-sccs --confirm --additive-only=true -o name register: reconcile_scc_result changed_when: - reconcile_scc_result.stdout != '' @@ -237,7 +222,7 @@ - name: Migrate storage post policy reconciliation command: > - {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig + {{ openshift_client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig migrate storage --include=* --confirm run_once: true register: l_pb_upgrade_control_plane_post_upgrade_storage @@ -256,12 +241,11 @@ - name: Gate on reconcile hosts: localhost connection: local - become: no tasks: - set_fact: reconcile_completed: "{{ hostvars - | oo_select_keys(groups.oo_masters_to_config) - | oo_collect('inventory_hostname', {'reconcile_complete': true}) }}" + | lib_utils_oo_select_keys(groups.oo_masters_to_config) + | lib_utils_oo_collect('inventory_hostname', {'reconcile_complete': true}) }}" - set_fact: reconcile_failed: "{{ groups.oo_masters_to_config | difference(reconcile_completed) | list }}" - fail: @@ -276,7 +260,7 @@ - openshift_facts tasks: - include_tasks: docker/tasks/upgrade.yml - when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool + when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift_is_atomic | bool - name: Drain and upgrade master nodes hosts: oo_masters_to_config:&oo_nodes_to_upgrade @@ -301,25 +285,23 @@ retries: 10 delay: 5 register: node_unschedulable - until: node_unschedulable|succeeded + until: node_unschedulable is succeeded - name: Drain Node for Kubelet upgrade command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + {{ hostvars[groups.oo_first_master.0]['first_master_client_binary'] }} adm drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets delegate_to: "{{ groups.oo_first_master.0 }}" register: l_upgrade_control_plane_drain_result - until: not l_upgrade_control_plane_drain_result | failed + until: not (l_upgrade_control_plane_drain_result is failed) retries: 60 delay: 60 roles: - openshift_facts post_tasks: - - include_role: + - import_role: name: openshift_node tasks_from: upgrade.yml - vars: - openshift_node_upgrade_in_progress: True - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" @@ -328,5 +310,5 @@ retries: 10 delay: 5 register: node_schedulable - until: node_schedulable|succeeded - when: node_unschedulable|changed + until: node_schedulable is succeeded + when: node_unschedulable is changed diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index f7a85545b..464af3ae6 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -1,16 +1,23 @@ --- +- name: Prepull images and rpms before doing rolling restart + hosts: oo_nodes_to_upgrade:!oo_masters_to_config + roles: + - role: openshift_facts + tasks: + - import_role: + name: openshift_node + tasks_from: upgrade_pre.yml + - name: Drain and upgrade nodes hosts: oo_nodes_to_upgrade:!oo_masters_to_config # This var must be set with -e on invocation, as it is not a per-host inventory var # and is evaluated early. Values such as "20%" can also be used. serial: "{{ openshift_upgrade_nodes_serial | default(1) }}" max_fail_percentage: "{{ openshift_upgrade_nodes_max_fail_percentage | default(0) }}" - + roles: + - lib_openshift + - openshift_facts pre_tasks: - - name: Load lib_openshift modules - import_role: - name: lib_openshift - # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node # or docker actually needs an upgrade before proceeding. Perhaps best to save this until # we merge upgrade functionality into the base roles and a normal config.yml playbook run. @@ -22,29 +29,21 @@ retries: 10 delay: 5 register: node_unschedulable - until: node_unschedulable|succeeded + until: node_unschedulable is succeeded - name: Drain Node for Kubelet upgrade command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + {{ hostvars[groups.oo_first_master.0]['first_master_client_binary'] }} adm drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets delegate_to: "{{ groups.oo_first_master.0 }}" register: l_upgrade_nodes_drain_result - until: not l_upgrade_nodes_drain_result | failed + until: not (l_upgrade_nodes_drain_result is failed) retries: 60 delay: 60 - roles: - - openshift_facts post_tasks: - - include_role: + - import_role: name: openshift_node tasks_from: upgrade.yml - vars: - openshift_node_upgrade_in_progress: True - - include_role: - name: openshift_excluder - vars: - r_openshift_excluder_action: enable - name: Set node schedulability oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" @@ -53,5 +52,13 @@ retries: 10 delay: 5 register: node_schedulable - until: node_schedulable|succeeded - when: node_unschedulable|changed + until: node_schedulable is succeeded + when: node_unschedulable is changed + +- name: Re-enable excluders + hosts: oo_nodes_to_upgrade:!oo_masters_to_config + tasks: + - import_role: + name: openshift_excluder + vars: + r_openshift_excluder_action: enable diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml index 47410dff3..6d59bfd0b 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_scale_group.yml @@ -3,7 +3,7 @@ hosts: localhost tasks: - name: build upgrade scale groups - include_role: + import_role: name: openshift_aws tasks_from: upgrade_node_group.yml @@ -11,25 +11,19 @@ msg: "Ensure that new scale groups were provisioned before proceeding to update." when: - "'oo_sg_new_nodes' not in groups or groups.oo_sg_new_nodes|length == 0" + - "'oo_sg_current_nodes' not in groups or groups.oo_sg_current_nodes|length == 0" + - groups.oo_sg_current_nodes == groups.oo_sg_new_nodes - name: initialize upgrade bits import_playbook: init.yml -- name: Drain and upgrade nodes +- name: unschedule nodes hosts: oo_sg_current_nodes - # This var must be set with -e on invocation, as it is not a per-host inventory var - # and is evaluated early. Values such as "20%" can also be used. - serial: "{{ openshift_upgrade_nodes_serial | default(1) }}" - max_fail_percentage: "{{ openshift_upgrade_nodes_max_fail_percentage | default(0) }}" - - pre_tasks: + tasks: - name: Load lib_openshift modules - include_role: + import_role: name: ../roles/lib_openshift - # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node - # or docker actually needs an upgrade before proceeding. Perhaps best to save this until - # we merge upgrade functionality into the base roles and a normal config.yml playbook run. - name: Mark node unschedulable oc_adm_manage_node: node: "{{ openshift.node.nodename | lower }}" @@ -38,22 +32,35 @@ retries: 10 delay: 5 register: node_unschedulable - until: node_unschedulable|succeeded + until: node_unschedulable is succeeded +- name: Drain nodes + hosts: oo_sg_current_nodes + # This var must be set with -e on invocation, as it is not a per-host inventory var + # and is evaluated early. Values such as "20%" can also be used. + serial: "{{ openshift_upgrade_nodes_serial | default(1) }}" + max_fail_percentage: "{{ openshift_upgrade_nodes_max_fail_percentage | default(0) }}" + tasks: - name: Drain Node for Kubelet upgrade command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm drain {{ openshift.node.nodename | lower }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig --force --delete-local-data --ignore-daemonsets + {{ hostvars[groups.oo_first_master.0]['first_master_client_binary'] }} adm drain {{ openshift.node.nodename | lower }} + --config={{ openshift.common.config_base }}/master/admin.kubeconfig + --force --delete-local-data --ignore-daemonsets + --timeout={{ openshift_upgrade_nodes_drain_timeout | default(0) }}s delegate_to: "{{ groups.oo_first_master.0 }}" register: l_upgrade_nodes_drain_result - until: not l_upgrade_nodes_drain_result | failed - retries: 60 - delay: 60 + until: not (l_upgrade_nodes_drain_result is failed) + retries: "{{ 1 if openshift_upgrade_nodes_drain_timeout | default(0) == '0' else 0 | int }}" + delay: 5 + failed_when: + - l_upgrade_nodes_drain_result is failed + - openshift_upgrade_nodes_drain_timeout | default(0) == '0' # Alright, let's clean up! - name: clean up the old scale group hosts: localhost tasks: - name: clean up scale group - include_role: + import_role: name: openshift_aws tasks_from: remove_scale_group.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins deleted file mode 120000 index 7de3c1dd7..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index 9f9399ff9..d520c6aee 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -13,101 +13,26 @@ tasks: - set_fact: openshift_upgrade_target: '3.6' - openshift_upgrade_min: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" + openshift_upgrade_min: "{{ '1.5' if openshift_deployment_type == 'origin' else '3.5' }}" -# Pre-upgrade - -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos and initialize facts on all hosts - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- import_playbook: ../../../../openshift-master/private/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade + l_upgrade_repo_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" - import_playbook: validator.yml - tags: - - pre_upgrade -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images +- name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include_tasks: ../cleanup_unused_images.yml + - set_fact: + pre_upgrade_complete: True + +# Pre-upgrade completed - import_playbook: ../upgrade_control_plane.yml vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 7374160d6..eb5f07ae0 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -12,106 +12,39 @@ # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # - import_playbook: ../init.yml - tags: - - pre_upgrade + vars: + l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_non_node_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" - name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_upgrade_target: '3.6' - openshift_upgrade_min: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" - -# Pre-upgrade -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on control plane hosts hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade tasks: - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_master_excluders.yml - tags: - - pre_upgrade + openshift_upgrade_target: '3.6' + openshift_upgrade_min: "{{ '1.5' if openshift_deployment_type == 'origin' else '3.5' }}" -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml + # These vars a meant to exclude oo_nodes from plays that would otherwise include + # them by default. vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- import_playbook: ../../../../openshift-master/private/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_etcd_to_config - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade + l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master" + l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_masters_to_config" - import_playbook: validator.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images +- name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include_tasks: ../cleanup_unused_images.yml + - set_fact: + pre_upgrade_complete: True + +# Pre-upgrade completed - import_playbook: ../upgrade_control_plane.yml vars: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml index de9bf098e..4febe76ee 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_nodes.yml @@ -15,95 +15,24 @@ tasks: - set_fact: openshift_upgrade_target: '3.6' - openshift_upgrade_min: "{{ '1.5' if deployment_type == 'origin' else '3.5' }}" + openshift_upgrade_min: "{{ '1.5' if openshift_deployment_type == 'origin' else '3.5' }}" -# Pre-upgrade -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on nodes - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - roles: - - openshift_repos - tags: - - pre_upgrade - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_upgrade'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- name: Verify masters are already upgraded - hosts: oo_masters_to_config - tags: - - pre_upgrade + l_upgrade_repo_hosts: "oo_nodes_to_config" + l_upgrade_no_proxy_hosts: "oo_all_hosts" + l_upgrade_health_check_hosts: "oo_nodes_to_config" + l_upgrade_verify_targets_hosts: "oo_nodes_to_config" + l_upgrade_docker_target_hosts: "oo_nodes_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:!oo_masters_to_config" + l_upgrade_nodes_only: True + +- name: Flag pre-upgrade checks complete for hosts without errors + hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." - when: openshift.common.version != openshift_version - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + - set_fact: + pre_upgrade_complete: True -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../cleanup_unused_images.yml +# Pre-upgrade completed - import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins deleted file mode 120000 index 7de3c1dd7..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index 0c1a99272..4daa9e490 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -15,103 +15,24 @@ openshift_upgrade_target: '3.7' openshift_upgrade_min: '3.6' -# Pre-upgrade - -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_etcd3_backend.yml - tags: - - pre_upgrade - -- name: Update repos and initialize facts on all hosts - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- import_playbook: ../../../../openshift-master/private/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade + l_upgrade_repo_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" - import_playbook: validator.yml - tags: - - pre_upgrade -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images +- name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include_tasks: ../cleanup_unused_images.yml + - set_fact: + pre_upgrade_complete: True + +# Pre-upgrade completed - import_playbook: ../upgrade_control_plane.yml vars: @@ -121,6 +42,8 @@ - name: Cycle all controller services to force new leader election mode hosts: oo_masters_to_config gather_facts: no + roles: + - role: openshift_facts tasks: - name: Stop {{ openshift_service_type }}-master-controllers systemd: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index 9dcad352c..8d42e4c91 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -12,110 +12,39 @@ # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # - import_playbook: ../init.yml - tags: - - pre_upgrade + vars: + l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_non_node_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" - name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade + hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config tasks: - set_fact: openshift_upgrade_target: '3.7' openshift_upgrade_min: '3.6' -# Pre-upgrade -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_etcd3_backend.yml - tags: - - pre_upgrade - -- name: Update repos on control plane hosts - hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml + # These vars a meant to exclude oo_nodes from plays that would otherwise include + # them by default. vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- import_playbook: ../../../../openshift-master/private/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_etcd_to_config - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade + l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master" + l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_masters_to_config" - import_playbook: validator.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images +- name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include_tasks: ../cleanup_unused_images.yml + - set_fact: + pre_upgrade_complete: True + +# Pre-upgrade completed - import_playbook: ../upgrade_control_plane.yml vars: @@ -125,6 +54,8 @@ - name: Cycle all controller services to force new leader election mode hosts: oo_masters_to_config gather_facts: no + roles: + - role: openshift_facts tasks: - name: Stop {{ openshift_service_type }}-master-controllers systemd: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml index 27a7f67ea..16d95514c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml @@ -17,93 +17,22 @@ openshift_upgrade_target: '3.7' openshift_upgrade_min: '3.6' -# Pre-upgrade -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on nodes - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - roles: - - openshift_repos - tags: - - pre_upgrade - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_upgrade'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- name: Verify masters are already upgraded - hosts: oo_masters_to_config - tags: - - pre_upgrade + l_upgrade_repo_hosts: "oo_nodes_to_config" + l_upgrade_no_proxy_hosts: "oo_all_hosts" + l_upgrade_health_check_hosts: "oo_nodes_to_config" + l_upgrade_verify_targets_hosts: "oo_nodes_to_config" + l_upgrade_docker_target_hosts: "oo_nodes_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:!oo_masters_to_config" + l_upgrade_nodes_only: True + +- name: Flag pre-upgrade checks complete for hosts without errors + hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." - when: openshift.common.version != openshift_version - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + - set_fact: + pre_upgrade_complete: True -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../cleanup_unused_images.yml +# Pre-upgrade completed - import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml index 74d0cd8ad..49e691352 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml @@ -14,9 +14,9 @@ # DO NOT DISABLE THIS, YOUR UPGRADE WILL FAIL IF YOU DO SO - name: Confirm OpenShift authorization objects are in sync command: > - {{ openshift.common.client_binary }} adm migrate authorization + {{ openshift_client_binary }} adm migrate authorization when: - - openshift_currently_installed_version | version_compare('3.7','<') + - openshift_currently_installed_version is version_compare('3.7','<') - openshift_upgrade_pre_authorization_migration_enabled | default(true) | bool changed_when: false register: l_oc_result diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins deleted file mode 120000 index 7de3c1dd7..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml index ead2efbd0..0f74e0137 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade.yml @@ -15,103 +15,24 @@ openshift_upgrade_target: '3.8' openshift_upgrade_min: '3.7' -# Pre-upgrade - -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_etcd3_backend.yml - tags: - - pre_upgrade - -- name: Update repos and initialize facts on all hosts - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- import_playbook: ../../../../openshift-master/private/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade + l_upgrade_repo_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" - import_playbook: validator.yml - tags: - - pre_upgrade -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. - -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images +- name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include_tasks: ../cleanup_unused_images.yml + - set_fact: + pre_upgrade_complete: True + +# Pre-upgrade completed - import_playbook: ../upgrade_control_plane.yml vars: @@ -121,6 +42,8 @@ - name: Cycle all controller services to force new leader election mode hosts: oo_masters_to_config gather_facts: no + roles: + - role: openshift_facts tasks: - name: Stop {{ openshift_service_type }}-master-controllers systemd: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml index ae37b1359..a2f316c25 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_control_plane.yml @@ -12,110 +12,39 @@ # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # - import_playbook: ../init.yml - tags: - - pre_upgrade + vars: + l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_non_node_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" - name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade + hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config tasks: - set_fact: openshift_upgrade_target: '3.8' openshift_upgrade_min: '3.7' -# Pre-upgrade -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_etcd3_backend.yml - tags: - - pre_upgrade - -- name: Update repos on control plane hosts - hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml + # These vars a meant to exclude oo_nodes from plays that would otherwise include + # them by default. vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- import_playbook: ../../../../openshift-master/private/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_etcd_to_config - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade + l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master" + l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_masters_to_config" - import_playbook: validator.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images +- name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include_tasks: ../cleanup_unused_images.yml + - set_fact: + pre_upgrade_complete: True + +# Pre-upgrade completed - import_playbook: ../upgrade_control_plane.yml vars: @@ -125,6 +54,8 @@ - name: Cycle all controller services to force new leader election mode hosts: oo_masters_to_config gather_facts: no + roles: + - role: openshift_facts tasks: - name: Stop {{ openshift_service_type }}-master-controllers systemd: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml index dd716b241..b5f1038fd 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_8/upgrade_nodes.yml @@ -17,93 +17,22 @@ openshift_upgrade_target: '3.8' openshift_upgrade_min: '3.7' -# Pre-upgrade -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on nodes - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - roles: - - openshift_repos - tags: - - pre_upgrade - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_upgrade'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - -- name: Verify masters are already upgraded - hosts: oo_masters_to_config - tags: - - pre_upgrade + l_upgrade_repo_hosts: "oo_nodes_to_config" + l_upgrade_no_proxy_hosts: "oo_all_hosts" + l_upgrade_health_check_hosts: "oo_nodes_to_config" + l_upgrade_verify_targets_hosts: "oo_nodes_to_config" + l_upgrade_docker_target_hosts: "oo_nodes_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:!oo_masters_to_config" + l_upgrade_nodes_only: True + +- name: Flag pre-upgrade checks complete for hosts without errors + hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." - when: openshift.common.version != openshift_version - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + - set_fact: + pre_upgrade_complete: True -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../cleanup_unused_images.yml +# Pre-upgrade completed - import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/filter_plugins b/playbooks/common/openshift-cluster/upgrades/v3_9/filter_plugins deleted file mode 120000 index 7de3c1dd7..000000000 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../../../filter_plugins/
\ No newline at end of file diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml index eb688f189..0aea5069d 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade.yml @@ -3,121 +3,32 @@ # Full Control Plane + Nodes Upgrade # - import_playbook: ../init.yml - tags: - - pre_upgrade - name: Configure the upgrade target for the common upgrade tasks hosts: oo_all_hosts - tags: - - pre_upgrade tasks: - set_fact: openshift_upgrade_target: '3.9' openshift_upgrade_min: '3.7' -# Pre-upgrade - -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_etcd3_backend.yml - tags: - - pre_upgrade - -- name: Update repos and initialize facts on all hosts - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True - -- import_playbook: ../../../../openshift-master/private/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config - tasks: - - import_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade + l_upgrade_repo_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config:oo_nodes_to_upgrade" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:oo_masters_to_config" - import_playbook: validator.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images +- name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - include_tasks: ../cleanup_unused_images.yml + - set_fact: + pre_upgrade_complete: True + +# Pre-upgrade completed - import_playbook: ../upgrade_control_plane.yml vars: @@ -127,6 +38,8 @@ - name: Cycle all controller services to force new leader election mode hosts: oo_masters_to_config gather_facts: no + roles: + - role: openshift_facts tasks: - name: Stop {{ openshift.common.service_type }}-master-controllers systemd: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml index 983bb4a63..ef9871008 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml @@ -12,116 +12,40 @@ # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately. # - import_playbook: ../init.yml - tags: - - pre_upgrade + vars: + l_upgrade_no_switch_firewall_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_non_node_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" - name: Configure the upgrade target for the common upgrade tasks - hosts: oo_all_hosts - tags: - - pre_upgrade + hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config tasks: - set_fact: openshift_upgrade_target: '3.9' openshift_upgrade_min: '3.7' -# Pre-upgrade -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_etcd3_backend.yml - tags: - - pre_upgrade - -- name: Update repos on control plane hosts - hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config - tags: - - pre_upgrade - roles: - - openshift_repos - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_master_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml + # These vars a meant to exclude oo_nodes from plays that would otherwise include + # them by default. vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True + l_openshift_version_set_hosts: "oo_etcd_to_config:oo_masters_to_config:!oo_first_master" + l_openshift_version_check_hosts: "oo_masters_to_config:!oo_first_master" + l_upgrade_repo_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_no_proxy_hosts: "oo_masters_to_config" + l_upgrade_health_check_hosts: "oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config" + l_upgrade_verify_targets_hosts: "oo_masters_to_config" + l_upgrade_docker_target_hosts: "oo_masters_to_config:oo_etcd_to_config" + l_upgrade_excluder_hosts: "oo_masters_to_config" -- import_playbook: ../../../../openshift-master/private/validate_restart.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_masters_to_config - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade +- import_playbook: validator.yml -- name: Verify docker upgrade targets +- name: Flag pre-upgrade checks complete for hosts without errors hosts: oo_masters_to_config:oo_etcd_to_config tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- import_playbook: validator.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade + - set_fact: + pre_upgrade_complete: True -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. +# Pre-upgrade completed -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_masters_to_config:oo_etcd_to_config - tasks: - - include_tasks: ../cleanup_unused_images.yml - import_playbook: ../upgrade_control_plane.yml vars: @@ -131,6 +55,8 @@ - name: Cycle all controller services to force new leader election mode hosts: oo_masters_to_config gather_facts: no + roles: + - role: openshift_facts tasks: - name: Stop {{ openshift.common.service_type }}-master-controllers systemd: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml index d95cfa4e1..1d1b255c1 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_nodes.yml @@ -5,111 +5,30 @@ # Upgrades nodes only, but requires the control plane to have already been upgraded. # - import_playbook: ../init.yml - tags: - - pre_upgrade - name: Configure the upgrade target for the common upgrade tasks hosts: oo_all_hosts - tags: - - pre_upgrade tasks: - set_fact: openshift_upgrade_target: '3.9' openshift_upgrade_min: '3.7' -# Pre-upgrade -- import_playbook: ../initialize_nodes_to_upgrade.yml - tags: - - pre_upgrade - -- name: Update repos on nodes - hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config:oo_lb_to_config - roles: - - openshift_repos - tags: - - pre_upgrade - -- name: Set openshift_no_proxy_internal_hostnames - hosts: oo_masters_to_config:oo_nodes_to_upgrade - tags: - - pre_upgrade - tasks: - - set_fact: - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_upgrade'] - | union(groups['oo_masters_to_config']) - | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') - }}" - when: - - openshift_http_proxy is defined or openshift_https_proxy is defined - - openshift_generate_no_proxy_hosts | default(True) | bool - -- import_playbook: ../pre/verify_inventory_vars.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/verify_health_checks.yml - tags: - - pre_upgrade - -- import_playbook: ../disable_node_excluders.yml - tags: - - pre_upgrade - -- import_playbook: ../../../../init/version.yml - tags: - - pre_upgrade +- import_playbook: ../pre/config.yml vars: - # Request specific openshift_release and let the openshift_version role handle converting this - # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if - # defined, and overriding the normal behavior of protecting the installed version - openshift_release: "{{ openshift_upgrade_target }}" - openshift_protect_installed_version: False - - # We skip the docker role at this point in upgrade to prevent - # unintended package, container, or config upgrades which trigger - # docker restarts. At this early stage of upgrade we can assume - # docker is configured and running. - skip_docker_role: True - -- name: Verify masters are already upgraded - hosts: oo_masters_to_config - tags: - - pre_upgrade + l_upgrade_repo_hosts: "oo_nodes_to_config" + l_upgrade_no_proxy_hosts: "oo_all_hosts" + l_upgrade_health_check_hosts: "oo_nodes_to_config" + l_upgrade_verify_targets_hosts: "oo_nodes_to_config" + l_upgrade_docker_target_hosts: "oo_nodes_to_config" + l_upgrade_excluder_hosts: "oo_nodes_to_config:!oo_masters_to_config" + l_upgrade_nodes_only: True + +- name: Flag pre-upgrade checks complete for hosts without errors + hosts: oo_masters_to_config:oo_nodes_to_upgrade:oo_etcd_to_config tasks: - - fail: msg="Master running {{ openshift.common.version }} must be upgraded to {{ openshift_version }} before node upgrade can be run." - when: openshift.common.version != openshift_version - -- import_playbook: ../pre/verify_control_plane_running.yml - tags: - - pre_upgrade - -- name: Verify upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/verify_upgrade_targets.yml - tags: - - pre_upgrade - -- name: Verify docker upgrade targets - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../pre/tasks/verify_docker_upgrade_targets.yml - tags: - - pre_upgrade - -- import_playbook: ../pre/gate_checks.yml - tags: - - pre_upgrade - -# Pre-upgrade completed, nothing after this should be tagged pre_upgrade. + - set_fact: + pre_upgrade_complete: True -# Separate step so we can execute in parallel and clear out anything unused -# before we get into the serialized upgrade process which will then remove -# remaining images if possible. -- name: Cleanup unused Docker images - hosts: oo_nodes_to_upgrade - tasks: - - include_tasks: ../cleanup_unused_images.yml +# Pre-upgrade completed - import_playbook: ../upgrade_nodes.yml diff --git a/playbooks/container-runtime/private/build_container_groups.yml b/playbooks/container-runtime/private/build_container_groups.yml new file mode 100644 index 000000000..7fd60743c --- /dev/null +++ b/playbooks/container-runtime/private/build_container_groups.yml @@ -0,0 +1,6 @@ +--- +- name: create oo_hosts_containerized_managed_true host group + hosts: oo_all_hosts:!oo_nodes_to_config + tasks: + - group_by: + key: oo_hosts_containerized_managed_{{ (containerized | default(False)) | ternary('true','false') }} diff --git a/playbooks/container-runtime/private/config.yml b/playbooks/container-runtime/private/config.yml index 67445edeb..7a49adcf0 100644 --- a/playbooks/container-runtime/private/config.yml +++ b/playbooks/container-runtime/private/config.yml @@ -1,26 +1,23 @@ --- -- hosts: "{{ l_containerized_host_groups }}" - vars: - l_chg_temp: "{{ openshift_containerized_host_groups | default([]) }}" - l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}" - # role: container_runtime is necessary here to bring role default variables - # into the play scope. +- import_playbook: build_container_groups.yml + +- hosts: oo_nodes_to_config:oo_hosts_containerized_managed_true roles: - role: container_runtime tasks: - - include_role: + - import_role: name: container_runtime tasks_from: package_docker.yml when: - not openshift_docker_use_system_container | bool - not openshift_use_crio_only | bool - - include_role: + - import_role: name: container_runtime tasks_from: systemcontainer_docker.yml when: - openshift_docker_use_system_container | bool - not openshift_use_crio_only | bool - - include_role: + - import_role: name: container_runtime tasks_from: systemcontainer_crio.yml when: diff --git a/playbooks/container-runtime/private/setup_storage.yml b/playbooks/container-runtime/private/setup_storage.yml new file mode 100644 index 000000000..a6d396270 --- /dev/null +++ b/playbooks/container-runtime/private/setup_storage.yml @@ -0,0 +1,18 @@ +--- +- import_playbook: build_container_groups.yml + +- hosts: oo_nodes_to_config:oo_hosts_containerized_managed_true + vars: + l_chg_temp: "{{ hostvars[groups['oo_first_master'][0]]['openshift_containerized_host_groups'] | default([]) }}" + l_containerized_host_groups: "{{ (['oo_nodes_to_config'] | union(l_chg_temp)) | join(':') }}" + # role: container_runtime is necessary here to bring role default variables + # into the play scope. + roles: + - role: container_runtime + tasks: + - import_role: + name: container_runtime + tasks_from: docker_storage_setup_overlay.yml + when: + - container_runtime_docker_storage_type|default('') == "overlay2" + - openshift_docker_is_node_or_master | bool diff --git a/playbooks/container-runtime/setup_storage.yml b/playbooks/container-runtime/setup_storage.yml new file mode 100644 index 000000000..98e876b2c --- /dev/null +++ b/playbooks/container-runtime/setup_storage.yml @@ -0,0 +1,6 @@ +--- +- import_playbook: ../init/main.yml + vars: + skip_verison: True + +- import_playbook: private/setup_storage.yml diff --git a/playbooks/deploy_cluster.yml b/playbooks/deploy_cluster.yml index 0e6bde09a..5efdc486a 100644 --- a/playbooks/deploy_cluster.yml +++ b/playbooks/deploy_cluster.yml @@ -22,6 +22,9 @@ - import_playbook: openshift-hosted/private/config.yml +- import_playbook: openshift-web-console/private/config.yml + when: openshift_web_console_install | default(true) | bool + - import_playbook: openshift-metrics/private/config.yml when: openshift_metrics_install_metrics | default(false) | bool diff --git a/playbooks/gcp/provision.yml b/playbooks/gcp/provision.yml index 6016e6a78..b6edf9961 100644 --- a/playbooks/gcp/provision.yml +++ b/playbooks/gcp/provision.yml @@ -6,7 +6,7 @@ tasks: - name: provision a GCP cluster in the specified project - include_role: + import_role: name: openshift_gcp - name: run the cluster deploy diff --git a/playbooks/init/base_packages.yml b/playbooks/init/base_packages.yml new file mode 100644 index 000000000..15b3dd492 --- /dev/null +++ b/playbooks/init/base_packages.yml @@ -0,0 +1,37 @@ +--- +- name: Install packages necessary for installer + hosts: oo_all_hosts + any_errors_fatal: true + tasks: + - when: + - not openshift_is_atomic | bool + block: + - name: Ensure openshift-ansible installer package deps are installed + package: + name: "{{ item }}" + state: present + with_items: + - iproute + - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}" + - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}" + - yum-utils + register: result + until: result is succeeded + + - name: Ensure various deps for running system containers are installed + package: + name: "{{ item }}" + state: present + with_items: + - atomic + - ostree + - runc + when: + - > + (openshift_use_system_containers | default(False)) | bool + or (openshift_use_etcd_system_container | default(False)) | bool + or (openshift_use_openvswitch_system_container | default(False)) | bool + or (openshift_use_node_system_container | default(False)) | bool + or (openshift_use_master_system_container | default(False)) | bool + register: result + until: result is succeeded diff --git a/playbooks/init/evaluate_groups.yml b/playbooks/init/evaluate_groups.yml index 8787c87e1..c4cd226c9 100644 --- a/playbooks/init/evaluate_groups.yml +++ b/playbooks/init/evaluate_groups.yml @@ -2,7 +2,6 @@ - name: Populate config host groups hosts: localhost connection: local - become: no gather_facts: no tasks: - name: Load group name mapping variables @@ -46,14 +45,9 @@ - name: Evaluate groups - Fail if no etcd hosts group is defined fail: msg: > - Running etcd as an embedded service is no longer supported. If this is a - new install please define an 'etcd' group with either one or three - hosts. These hosts may be the same hosts as your masters. If this is an - upgrade you may set openshift_master_unsupported_embedded_etcd=true - until a migration playbook becomes available. + Running etcd as an embedded service is no longer supported. when: - g_etcd_hosts | default([]) | length not in [3,1] - - not openshift_master_unsupported_embedded_etcd | default(False) - not (openshift_node_bootstrap | default(False)) - name: Evaluate oo_all_hosts diff --git a/playbooks/init/facts.yml b/playbooks/init/facts.yml index d41f365dc..8e4206948 100644 --- a/playbooks/init/facts.yml +++ b/playbooks/init/facts.yml @@ -5,7 +5,9 @@ tasks: - name: Initialize host facts - hosts: oo_all_hosts + # l_upgrade_non_node_hosts is passed in via play during control-plane-only + # upgrades; otherwise oo_all_hosts is used. + hosts: "{{ l_upgrade_non_node_hosts | default('oo_all_hosts') }}" tasks: - name: load openshift_facts module import_role: @@ -13,7 +15,7 @@ # TODO: Should this role be refactored into health_checks?? - name: Run openshift_sanitize_inventory to set variables - include_role: + import_role: name: openshift_sanitize_inventory - name: Detecting Operating System from ostree_booted @@ -21,40 +23,24 @@ path: /run/ostree-booted register: ostree_booted - # Locally setup containerized facts for now - - name: initialize_facts set fact l_is_atomic - set_fact: - l_is_atomic: "{{ ostree_booted.stat.exists }}" - - - name: initialize_facts set fact for containerized and l_is_*_system_container + # TODO(michaelgugino) remove this line once CI is updated. + - name: set openshift_deployment_type if unset set_fact: - l_is_containerized: "{{ (l_is_atomic | bool) or (containerized | default(false) | bool) }}" - - # TODO: Should this be moved into health checks?? - # Seems as though any check that happens with a corresponding fail should move into health_checks - - name: Validate python version - ans_dist is fedora and python is v3 - fail: - msg: | - openshift-ansible requires Python 3 for {{ ansible_distribution }}; - For information on enabling Python 3 with Ansible, see https://docs.ansible.com/ansible/python_3_support.html + openshift_deployment_type: "{{ deployment_type }}" when: - - ansible_distribution == 'Fedora' - - ansible_python['version']['major'] != 3 + - openshift_deployment_type is undefined + - deployment_type is defined - # TODO: Should this be moved into health checks?? - # Seems as though any check that happens with a corresponding fail should move into health_checks - - name: Validate python version - ans_dist not Fedora and python must be v2 - fail: - msg: "openshift-ansible requires Python 2 for {{ ansible_distribution }}" - when: - - ansible_distribution != 'Fedora' - - ansible_python['version']['major'] != 2 + - name: initialize_facts set fact openshift_is_atomic and openshift_is_containerized + set_fact: + openshift_is_atomic: "{{ ostree_booted.stat.exists }}" + openshift_is_containerized: "{{ ostree_booted.stat.exists or (containerized | default(false) | bool) }}" # TODO: Should this be moved into health checks?? # Seems as though any check that happens with a corresponding fail should move into health_checks # Fail as early as possible if Atomic and old version of Docker - when: - - l_is_atomic | bool + - openshift_is_atomic | bool block: # See https://access.redhat.com/articles/2317361 @@ -69,43 +55,10 @@ - name: assert atomic host docker version is 1.12 or later assert: that: - - l_atomic_docker_version.stdout | replace('"', '') | version_compare('1.12','>=') + - l_atomic_docker_version.stdout | replace('"', '') is version_compare('1.12','>=') msg: Installation on Atomic Host requires Docker 1.12 or later. Please upgrade and restart the Atomic Host. - - when: - - not l_is_atomic | bool - block: - - name: Ensure openshift-ansible installer package deps are installed - package: - name: "{{ item }}" - state: present - with_items: - - iproute - - "{{ 'python3-dbus' if ansible_distribution == 'Fedora' else 'dbus-python' }}" - - "{{ 'python3-PyYAML' if ansible_distribution == 'Fedora' else 'PyYAML' }}" - - yum-utils - register: result - until: result | success - - - name: Ensure various deps for running system containers are installed - package: - name: "{{ item }}" - state: present - with_items: - - atomic - - ostree - - runc - when: - - > - (openshift_use_system_containers | default(False)) | bool - or (openshift_use_etcd_system_container | default(False)) | bool - or (openshift_use_openvswitch_system_container | default(False)) | bool - or (openshift_use_node_system_container | default(False)) | bool - or (openshift_use_master_system_container | default(False)) | bool - register: result - until: result | success - - - name: Gather Cluster facts and set is_containerized if needed + - name: Gather Cluster facts openshift_facts: role: common local_facts: @@ -113,7 +66,6 @@ deployment_subtype: "{{ openshift_deployment_subtype | default(None) }}" hostname: "{{ openshift_hostname | default(None) }}" ip: "{{ openshift_ip | default(None) }}" - is_containerized: "{{ l_is_containerized | default(None) }}" public_hostname: "{{ openshift_public_hostname | default(None) }}" public_ip: "{{ openshift_public_ip | default(None) }}" portal_net: "{{ openshift_portal_net | default(openshift_master_portal_net) | default(None) }}" @@ -126,10 +78,10 @@ openshift_facts: role: common local_facts: - no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" when: - openshift_http_proxy is defined or openshift_https_proxy is defined @@ -141,7 +93,14 @@ local_facts: sdn_mtu: "{{ openshift_node_sdn_mtu | default(None) }}" - - name: initialize_facts set_fact repoquery command - set_fact: - repoquery_cmd: "{{ 'dnf repoquery --latest-limit 1 -d 0' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins' }}" - repoquery_installed: "{{ 'dnf repoquery --latest-limit 1 -d 0 --disableexcludes=all --installed' if ansible_pkg_mgr == 'dnf' else 'repoquery --plugins --installed' }}" +- name: Initialize special first-master variables + hosts: oo_first_master + roles: + - role: openshift_facts + tasks: + - set_fact: + # We need to setup openshift_client_binary here for special uses of delegate_to in + # later roles and plays. + first_master_client_binary: "{{ openshift_client_binary }}" + #Some roles may require this to be set for first master + openshift_client_binary: "{{ openshift_client_binary }}" diff --git a/playbooks/init/main.yml b/playbooks/init/main.yml index b2b972a7d..8a3f4682d 100644 --- a/playbooks/init/main.yml +++ b/playbooks/init/main.yml @@ -17,17 +17,12 @@ - import_playbook: facts.yml -- import_playbook: sanity_checks.yml - when: not (skip_sanity_checks | default(False)) - -- import_playbook: validate_hostnames.yml - when: not (skip_validate_hostnames | default(False)) - -- import_playbook: repos.yml - - import_playbook: version.yml when: not (skip_verison | default(False)) +- import_playbook: sanity_checks.yml + when: not (skip_sanity_checks | default(False)) + - name: Initialization Checkpoint End hosts: all gather_facts: false diff --git a/playbooks/init/repos.yml b/playbooks/init/repos.yml index a7114fc80..667f38ddd 100644 --- a/playbooks/init/repos.yml +++ b/playbooks/init/repos.yml @@ -3,6 +3,14 @@ hosts: oo_all_hosts gather_facts: no tasks: + - name: subscribe instances to Red Hat Subscription Manager + import_role: + name: rhel_subscribe + when: + - ansible_distribution == 'RedHat' + - openshift_deployment_type == 'openshift-enterprise' + - rhsub_user is defined + - rhsub_pass is defined - name: initialize openshift repos - include_role: + import_role: name: openshift_repos diff --git a/playbooks/init/sanity_checks.yml b/playbooks/init/sanity_checks.yml index 26716a92d..52bcf42c0 100644 --- a/playbooks/init/sanity_checks.yml +++ b/playbooks/init/sanity_checks.yml @@ -1,51 +1,15 @@ --- - name: Verify Requirements - hosts: oo_all_hosts + hosts: oo_first_master + roles: + - role: lib_utils tasks: - - fail: - msg: Flannel can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use flannel - when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_flannel | default(false) | bool - - - fail: - msg: Nuage sdn can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use nuage - when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_nuage | default(false) | bool - - - fail: - msg: Nuage sdn can not be used with flannel - when: openshift_use_flannel | default(false) | bool and openshift_use_nuage | default(false) | bool - - - fail: - msg: Contiv can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use contiv - when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_contiv | default(false) | bool - - - fail: - msg: Contiv can not be used with flannel - when: openshift_use_flannel | default(false) | bool and openshift_use_contiv | default(false) | bool - - - fail: - msg: Contiv can not be used with nuage - when: openshift_use_nuage | default(false) | bool and openshift_use_contiv | default(false) | bool - - - fail: - msg: Calico can not be used with openshift sdn, set openshift_use_openshift_sdn=false if you want to use Calico - when: openshift_use_openshift_sdn | default(true) | bool and openshift_use_calico | default(false) | bool - - - fail: - msg: The Calico playbook does not yet integrate with the Flannel playbook in Openshift. Set either openshift_use_calico or openshift_use_flannel, but not both. - when: openshift_use_calico | default(false) | bool and openshift_use_flannel | default(false) | bool - - - fail: - msg: Calico can not be used with Nuage in Openshift. Set either openshift_use_calico or openshift_use_nuage, but not both - when: openshift_use_calico | default(false) | bool and openshift_use_nuage | default(false) | bool - - - fail: - msg: Calico can not be used with Contiv in Openshift. Set either openshift_use_calico or openshift_use_contiv, but not both - when: openshift_use_calico | default(false) | bool and openshift_use_contiv | default(false) | bool - - - fail: - msg: openshift_hostname must be 63 characters or less - when: openshift_hostname is defined and openshift_hostname | length > 63 - - - fail: - msg: openshift_public_hostname must be 63 characters or less - when: openshift_public_hostname is defined and openshift_public_hostname | length > 63 + # sanity_checks is a custom action plugin defined in lib_utils. + # This module will loop through all the hostvars for each host + # specified in check_hosts. + # Since sanity_checks is an action_plugin, it executes on the control host. + # Thus, sanity_checks cannot gather new information about any hosts. + - name: Run variable sanity checks + sanity_checks: + check_hosts: "{{ groups['oo_all_hosts'] }}" + run_once: True diff --git a/playbooks/init/validate_hostnames.yml b/playbooks/init/validate_hostnames.yml index be2e6a15a..86e0b2416 100644 --- a/playbooks/init/validate_hostnames.yml +++ b/playbooks/init/validate_hostnames.yml @@ -1,6 +1,7 @@ --- - name: Validate node hostnames hosts: oo_nodes_to_config + any_errors_fatal: true tasks: - name: Query DNS for IP address of {{ openshift.common.hostname }} shell: @@ -8,16 +9,35 @@ register: lookupip changed_when: false failed_when: false - - name: Warn user about bad openshift_hostname values - pause: - prompt: + + - name: Validate openshift_hostname when defined + fail: + msg: > The hostname {{ openshift.common.hostname }} for {{ ansible_nodename }} doesn't resolve to an IP address owned by this host. Please set openshift_hostname variable to a hostname that when resolved on the host - in question resolves to an IP address matching an interface on this - host. This host will fail liveness checks for pods utilizing hostPorts, - press ENTER to continue or CTRL-C to abort. - seconds: "{{ 10 if openshift_override_hostname_check | default(false) | bool else omit }}" + in question resolves to an IP address matching an interface on this host. + This will ensure proper functionality of OpenShift networking features. + Inventory setting: openshift_hostname={{ openshift_hostname }} + This check can be overridden by setting openshift_hostname_check=false in + the inventory. + See https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-host-variables when: - lookupip.stdout != '127.0.0.1' - lookupip.stdout not in ansible_all_ipv4_addresses + - openshift_hostname_check | default(true) + + - name: Validate openshift_ip exists on node when defined + fail: + msg: > + The IP address {{ openshift_ip }} does not exist on {{ ansible_nodename }}. + Please set the openshift_ip variable to an IP address of this node. + This will ensure proper functionality of OpenShift networking features. + Inventory setting: openshift_ip={{ openshift_ip }} + This check can be overridden by setting openshift_ip_check=false in + the inventory. + See https://docs.openshift.org/latest/install_config/install/advanced_install.html#configuring-host-variables + when: + - openshift_ip is defined + - openshift_ip not in ansible_all_ipv4_addresses + - openshift_ip_check | default(true) diff --git a/playbooks/init/version.yml b/playbooks/init/version.yml index 37a5284d5..8d1d61fde 100644 --- a/playbooks/init/version.yml +++ b/playbooks/init/version.yml @@ -2,20 +2,32 @@ # NOTE: requires openshift_facts be run - name: Determine openshift_version to configure on first master hosts: oo_first_master - roles: - - openshift_version + tasks: + - include_role: + name: openshift_version + tasks_from: first_master.yml + - debug: msg="openshift_pkg_version set to {{ openshift_pkg_version }}" # NOTE: We set this even on etcd hosts as they may also later run as masters, # and we don't want to install wrong version of docker and have to downgrade # later. - name: Set openshift_version for etcd, node, and master hosts - hosts: oo_etcd_to_config:oo_nodes_to_config:oo_masters_to_config:!oo_first_master + hosts: "{{ l_openshift_version_set_hosts | default(l_default_version_set_hosts) }}" vars: - openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}" - pre_tasks: + l_default_version_set_hosts: "oo_etcd_to_config:oo_nodes_to_config:oo_masters_to_config:!oo_first_master" + l_first_master_openshift_version: "{{ hostvars[groups.oo_first_master.0].openshift_version }}" + l_first_master_openshift_pkg_version: "{{ hostvars[groups.oo_first_master.0].openshift_pkg_version }}" + l_first_master_openshift_image_tag: "{{ hostvars[groups.oo_first_master.0].openshift_image_tag}}" + tasks: - set_fact: - openshift_pkg_version: -{{ openshift_version }} - when: openshift_pkg_version is not defined - - debug: msg="openshift_pkg_version set to {{ openshift_pkg_version }}" - roles: - - openshift_version + openshift_version: "{{ l_first_master_openshift_version }}" + openshift_pkg_version: "{{ l_first_master_openshift_pkg_version }}" + openshift_image_tag: "{{ l_first_master_openshift_image_tag }}" + +# NOTE: These steps should only be run against masters and nodes. +- name: Ensure the requested version packages are available. + hosts: "{{ l_openshift_version_check_hosts | default('oo_nodes_to_config:oo_masters_to_config:!oo_first_master') }}" + tasks: + - include_role: + name: openshift_version + tasks_from: masters_and_nodes.yml diff --git a/playbooks/openshift-etcd/private/ca.yml b/playbooks/openshift-etcd/private/ca.yml index f3bb3c2d1..72c39d546 100644 --- a/playbooks/openshift-etcd/private/ca.yml +++ b/playbooks/openshift-etcd/private/ca.yml @@ -5,7 +5,7 @@ - role: openshift_clock - role: openshift_etcd_facts tasks: - - include_role: + - import_role: name: etcd tasks_from: ca.yml vars: diff --git a/playbooks/openshift-etcd/private/certificates-backup.yml b/playbooks/openshift-etcd/private/certificates-backup.yml index ce21a1f96..2f9bef799 100644 --- a/playbooks/openshift-etcd/private/certificates-backup.yml +++ b/playbooks/openshift-etcd/private/certificates-backup.yml @@ -3,10 +3,10 @@ hosts: oo_first_etcd any_errors_fatal: true tasks: - - include_role: + - import_role: name: etcd tasks_from: backup_generated_certificates.yml - - include_role: + - import_role: name: etcd tasks_from: remove_generated_certificates.yml @@ -14,6 +14,6 @@ hosts: oo_etcd_to_config any_errors_fatal: true tasks: - - include_role: + - import_role: name: etcd tasks_from: backup_server_certificates.yml diff --git a/playbooks/openshift-etcd/private/embedded2external.yml b/playbooks/openshift-etcd/private/embedded2external.yml index be177b714..674bd5088 100644 --- a/playbooks/openshift-etcd/private/embedded2external.yml +++ b/playbooks/openshift-etcd/private/embedded2external.yml @@ -18,7 +18,7 @@ - role: openshift_facts tasks: - name: Check the master API is ready - include_role: + import_role: name: openshift_master tasks_from: check_master_api_is_ready.yml - set_fact: @@ -31,8 +31,8 @@ name: "{{ master_service }}" state: stopped # 2. backup embedded etcd - # Can't use with_items with include_role: https://github.com/ansible/ansible/issues/21285 - - include_role: + # Can't use with_items with import_role: https://github.com/ansible/ansible/issues/21285 + - import_role: name: etcd tasks_from: backup.yml vars: @@ -40,7 +40,7 @@ r_etcd_common_embedded_etcd: "{{ true }}" r_etcd_common_backup_sufix_name: "{{ embedded_etcd_backup_suffix }}" - - include_role: + - import_role: name: etcd tasks_from: backup.archive.yml vars: @@ -56,7 +56,7 @@ - name: Backup etcd client certificates for master host hosts: oo_first_master tasks: - - include_role: + - import_role: name: etcd tasks_from: backup_master_etcd_certificates.yml @@ -73,10 +73,10 @@ hosts: oo_etcd_to_config[0] gather_facts: no pre_tasks: - - include_role: + - import_role: name: etcd tasks_from: disable_etcd.yml - - include_role: + - import_role: name: etcd tasks_from: clean_data.yml @@ -89,9 +89,12 @@ local_action: command mktemp -d /tmp/etcd_backup-XXXXXXX register: g_etcd_client_mktemp changed_when: False - become: no - - include_role: + - name: Chmod local temp directory for syncing etcd backup + local_action: command chmod 777 "{{ g_etcd_client_mktemp.stdout }}" + changed_when: False + + - import_role: name: etcd tasks_from: backup.fetch.yml vars: @@ -101,7 +104,7 @@ r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" delegate_to: "{{ groups.oo_first_master[0] }}" - - include_role: + - import_role: name: etcd tasks_from: backup.copy.yml vars: @@ -116,20 +119,19 @@ - name: Delete temporary directory local_action: file path="{{ g_etcd_client_mktemp.stdout }}" state=absent changed_when: False - become: no # 7. force new cluster from the backup - name: Force new etcd cluster hosts: oo_etcd_to_config[0] tasks: - - include_role: + - import_role: name: etcd tasks_from: backup.unarchive.yml vars: r_etcd_common_backup_tag: pre-migrate r_etcd_common_backup_sufix_name: "{{ hostvars[groups.oo_first_master.0].embedded_etcd_backup_suffix }}" - - include_role: + - import_role: name: etcd tasks_from: backup.force_new_cluster.yml vars: @@ -143,7 +145,7 @@ - name: Configure master to use external etcd hosts: oo_first_master tasks: - - include_role: + - import_role: name: openshift_master tasks_from: configure_external_etcd.yml vars: diff --git a/playbooks/openshift-etcd/private/filter_plugins b/playbooks/openshift-etcd/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-etcd/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-etcd/private/lookup_plugins b/playbooks/openshift-etcd/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-etcd/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-etcd/private/migrate.yml b/playbooks/openshift-etcd/private/migrate.yml index 9ddb4afe2..3f8b44032 100644 --- a/playbooks/openshift-etcd/private/migrate.yml +++ b/playbooks/openshift-etcd/private/migrate.yml @@ -2,7 +2,6 @@ - name: Check if the master has embedded etcd hosts: localhost connection: local - become: no gather_facts: no tags: - always @@ -15,11 +14,10 @@ - name: Run pre-checks hosts: oo_etcd_to_migrate tasks: - - include_role: + - import_role: name: etcd tasks_from: migrate.pre_check.yml vars: - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ ansible_default_ipv4.address }}" # TODO: This will be different for release-3.6 branch @@ -44,23 +42,21 @@ roles: - role: openshift_facts post_tasks: - - include_role: + - import_role: name: etcd tasks_from: backup.yml vars: r_etcd_common_backup_tag: pre-migration - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" - name: Gate on etcd backup hosts: localhost connection: local - become: no tasks: - set_fact: etcd_backup_completed: "{{ hostvars - | oo_select_keys(groups.oo_etcd_to_migrate) - | oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" + | lib_utils_oo_select_keys(groups.oo_etcd_to_migrate) + | lib_utils_oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" - set_fact: etcd_backup_failed: "{{ groups.oo_etcd_to_migrate | difference(etcd_backup_completed) | list }}" - fail: @@ -72,7 +68,7 @@ hosts: oo_etcd_to_migrate gather_facts: no pre_tasks: - - include_role: + - import_role: name: etcd tasks_from: disable_etcd.yml @@ -80,11 +76,10 @@ hosts: oo_etcd_to_migrate[0] gather_facts: no tasks: - - include_role: + - import_role: name: etcd tasks_from: migrate.yml vars: - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ openshift.common.ip }}" etcd_url_scheme: "https" etcd_peer_url_scheme: "https" @@ -93,11 +88,10 @@ hosts: oo_etcd_to_migrate[1:] gather_facts: no tasks: - - include_role: + - import_role: name: etcd tasks_from: clean_data.yml vars: - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" etcd_peer: "{{ openshift.common.ip }}" etcd_url_scheme: "https" etcd_peer_url_scheme: "https" @@ -122,15 +116,15 @@ tasks: - set_fact: etcd_migration_completed: "{{ hostvars - | oo_select_keys(groups.oo_etcd_to_migrate) - | oo_collect('inventory_hostname', {'r_etcd_migrate_success': true}) }}" + | lib_utils_oo_select_keys(groups.oo_etcd_to_migrate) + | lib_utils_oo_collect('inventory_hostname', {'r_etcd_migrate_success': true}) }}" - set_fact: etcd_migration_failed: "{{ groups.oo_etcd_to_migrate | difference(etcd_migration_completed) | list }}" - name: Add TTLs on the first master hosts: oo_first_master[0] tasks: - - include_role: + - import_role: name: etcd tasks_from: migrate.add_ttls.yml vars: @@ -142,7 +136,7 @@ - name: Configure masters if etcd data migration is succesfull hosts: oo_masters_to_config tasks: - - include_role: + - import_role: name: etcd tasks_from: migrate.configure_master.yml when: etcd_migration_failed | length == 0 diff --git a/playbooks/openshift-etcd/private/redeploy-ca.yml b/playbooks/openshift-etcd/private/redeploy-ca.yml index 158bcb849..a3acf6945 100644 --- a/playbooks/openshift-etcd/private/redeploy-ca.yml +++ b/playbooks/openshift-etcd/private/redeploy-ca.yml @@ -14,10 +14,10 @@ - name: Backup existing etcd CA certificate directories hosts: oo_etcd_to_config tasks: - - include_role: + - import_role: name: etcd tasks_from: backup_ca_certificates.yml - - include_role: + - import_role: name: etcd tasks_from: remove_ca_certificates.yml @@ -26,7 +26,6 @@ - name: Create temp directory for syncing certs hosts: localhost connection: local - become: no gather_facts: no tasks: - name: Create local temp directory for syncing certs @@ -34,10 +33,14 @@ register: g_etcd_mktemp changed_when: false + - name: Chmod local temp directory for syncing certs + local_action: command chmod 777 "{{ g_etcd_mktemp.stdout }}" + changed_when: false + - name: Distribute etcd CA to etcd hosts hosts: oo_etcd_to_config tasks: - - include_role: + - import_role: name: etcd tasks_from: distribute_ca.yml vars: @@ -47,14 +50,14 @@ - import_playbook: restart.yml # Do not restart etcd when etcd certificates were previously expired. when: ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) + | lib_utils_oo_select_keys(groups['etcd']) + | lib_utils_oo_collect('check_results.check_results.etcd') + | lib_utils_oo_collect('health'))) - name: Retrieve etcd CA certificate hosts: oo_first_etcd tasks: - - include_role: + - import_role: name: etcd tasks_from: retrieve_ca_certificates.yml vars: @@ -74,7 +77,6 @@ - name: Delete temporary directory on localhost hosts: localhost connection: local - become: no gather_facts: no tasks: - file: @@ -87,15 +89,15 @@ when: # masters - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) # etcd - ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) + | lib_utils_oo_select_keys(groups['etcd']) + | lib_utils_oo_collect('check_results.check_results.etcd') + | lib_utils_oo_collect('health'))) diff --git a/playbooks/openshift-etcd/private/restart.yml b/playbooks/openshift-etcd/private/restart.yml index 0751480e2..a2a53651b 100644 --- a/playbooks/openshift-etcd/private/restart.yml +++ b/playbooks/openshift-etcd/private/restart.yml @@ -3,7 +3,7 @@ hosts: oo_etcd_to_config serial: 1 tasks: - - include_role: + - import_role: name: etcd tasks_from: restart.yml when: @@ -12,7 +12,7 @@ - name: Restart etcd hosts: oo_etcd_to_config tasks: - - include_role: + - import_role: name: etcd tasks_from: restart.yml when: diff --git a/playbooks/openshift-etcd/private/scaleup.yml b/playbooks/openshift-etcd/private/scaleup.yml index 3ef043ec8..8a9811a25 100644 --- a/playbooks/openshift-etcd/private/scaleup.yml +++ b/playbooks/openshift-etcd/private/scaleup.yml @@ -30,7 +30,7 @@ retries: 3 delay: 10 until: etcd_add_check.rc == 0 - - include_role: + - import_role: name: etcd tasks_from: server_certificates.yml vars: @@ -69,13 +69,13 @@ etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}" openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] | union(groups['oo_new_etcd_to_config'] | default([]) )) - | oo_collect('openshift.common.hostname') + | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | union(groups['oo_new_etcd_to_config'] | default([]) )) + | lib_utils_oo_collect('openshift.common.hostname') | default(none, true) }}" openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}" roles: - role: openshift_master_facts post_tasks: - - include_role: + - import_role: name: openshift_master tasks_from: update_etcd_client_urls.yml diff --git a/playbooks/openshift-etcd/private/server_certificates.yml b/playbooks/openshift-etcd/private/server_certificates.yml index 695b53990..ebcf4a5ff 100644 --- a/playbooks/openshift-etcd/private/server_certificates.yml +++ b/playbooks/openshift-etcd/private/server_certificates.yml @@ -5,7 +5,7 @@ roles: - role: openshift_etcd_facts post_tasks: - - include_role: + - import_role: name: etcd tasks_from: server_certificates.yml vars: diff --git a/playbooks/openshift-etcd/private/upgrade_backup.yml b/playbooks/openshift-etcd/private/upgrade_backup.yml index 22ed7e610..081c024fc 100644 --- a/playbooks/openshift-etcd/private/upgrade_backup.yml +++ b/playbooks/openshift-etcd/private/upgrade_backup.yml @@ -4,23 +4,21 @@ roles: - role: openshift_etcd_facts post_tasks: - - include_role: + - import_role: name: etcd tasks_from: backup.yml vars: r_etcd_common_backup_tag: "{{ etcd_backup_tag }}" - r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" - name: Gate on etcd backup hosts: localhost connection: local - become: no tasks: - set_fact: etcd_backup_completed: "{{ hostvars - | oo_select_keys(groups.oo_etcd_hosts_to_backup) - | oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" + | lib_utils_oo_select_keys(groups.oo_etcd_hosts_to_backup) + | lib_utils_oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" - set_fact: etcd_backup_failed: "{{ groups.oo_etcd_hosts_to_backup | difference(etcd_backup_completed) | list }}" - fail: diff --git a/playbooks/openshift-etcd/private/upgrade_image_members.yml b/playbooks/openshift-etcd/private/upgrade_image_members.yml index c133c0201..f9e50e748 100644 --- a/playbooks/openshift-etcd/private/upgrade_image_members.yml +++ b/playbooks/openshift-etcd/private/upgrade_image_members.yml @@ -1,17 +1,17 @@ --- # INPUT etcd_upgrade_version # INPUT etcd_container_version -# INPUT openshift.common.is_containerized +# INPUT openshift_is_containerized - name: Upgrade containerized hosts to {{ etcd_upgrade_version }} hosts: oo_etcd_hosts_to_upgrade serial: 1 tasks: - - include_role: + - import_role: name: etcd tasks_from: upgrade_image.yml vars: r_etcd_upgrade_version: "{{ etcd_upgrade_version }}" etcd_peer: "{{ openshift.common.hostname }}" when: - - etcd_container_version | default('99') | version_compare(etcd_upgrade_version,'<') - - openshift.common.is_containerized | bool + - etcd_container_version | default('99') is version_compare(etcd_upgrade_version,'<') + - openshift_is_containerized | bool diff --git a/playbooks/openshift-etcd/private/upgrade_main.yml b/playbooks/openshift-etcd/private/upgrade_main.yml index e373a4a4c..8997680f9 100644 --- a/playbooks/openshift-etcd/private/upgrade_main.yml +++ b/playbooks/openshift-etcd/private/upgrade_main.yml @@ -14,7 +14,7 @@ - name: Drop etcdctl profiles hosts: oo_etcd_hosts_to_upgrade tasks: - - include_role: + - import_role: name: etcd tasks_from: drop_etcdctl.yml diff --git a/playbooks/openshift-etcd/private/upgrade_rpm_members.yml b/playbooks/openshift-etcd/private/upgrade_rpm_members.yml index 902c39d9c..e78cc5826 100644 --- a/playbooks/openshift-etcd/private/upgrade_rpm_members.yml +++ b/playbooks/openshift-etcd/private/upgrade_rpm_members.yml @@ -1,18 +1,18 @@ --- # INPUT etcd_upgrade_version # INPUT etcd_rpm_version -# INPUT openshift.common.is_containerized +# INPUT openshift_is_containerized - name: Upgrade to {{ etcd_upgrade_version }} hosts: oo_etcd_hosts_to_upgrade serial: 1 tasks: - - include_role: + - import_role: name: etcd tasks_from: upgrade_rpm.yml vars: r_etcd_upgrade_version: "{{ etcd_upgrade_version }}" etcd_peer: "{{ openshift.common.hostname }}" when: - - etcd_rpm_version.stdout | default('99') | version_compare(etcd_upgrade_version, '<') + - etcd_rpm_version.stdout | default('99') is version_compare(etcd_upgrade_version, '<') - ansible_distribution == 'RedHat' - - not openshift.common.is_containerized | bool + - not openshift_is_containerized | bool diff --git a/playbooks/openshift-etcd/private/upgrade_step.yml b/playbooks/openshift-etcd/private/upgrade_step.yml index 60127fc68..6aec838d4 100644 --- a/playbooks/openshift-etcd/private/upgrade_step.yml +++ b/playbooks/openshift-etcd/private/upgrade_step.yml @@ -2,7 +2,7 @@ - name: Determine etcd version hosts: oo_etcd_hosts_to_upgrade tasks: - - include_role: + - import_role: name: etcd tasks_from: version_detect.yml @@ -54,11 +54,11 @@ hosts: oo_etcd_hosts_to_upgrade serial: 1 tasks: - - include_role: + - import_role: name: etcd tasks_from: upgrade_image.yml vars: etcd_peer: "{{ openshift.common.hostname }}" when: - ansible_distribution == 'Fedora' - - not openshift.common.is_containerized | bool + - not openshift_is_containerized | bool diff --git a/playbooks/openshift-etcd/redeploy-certificates.yml b/playbooks/openshift-etcd/redeploy-certificates.yml index 753878d70..8ea1994f7 100644 --- a/playbooks/openshift-etcd/redeploy-certificates.yml +++ b/playbooks/openshift-etcd/redeploy-certificates.yml @@ -5,6 +5,6 @@ - import_playbook: private/restart.yml vars: - g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" + g_etcd_certificates_expired: "{{ ('expired' in (hostvars | lib_utils_oo_select_keys(groups['etcd']) | lib_utils_oo_collect('check_results.check_results.etcd') | lib_utils_oo_collect('health'))) | bool }}" - import_playbook: ../openshift-master/private/restart.yml diff --git a/playbooks/openshift-glusterfs/README.md b/playbooks/openshift-glusterfs/README.md index 107bbfff6..19c381490 100644 --- a/playbooks/openshift-glusterfs/README.md +++ b/playbooks/openshift-glusterfs/README.md @@ -63,7 +63,7 @@ glusterfs [OSEv3:vars] ansible_ssh_user=root -deployment_type=origin +openshift_deployment_type=origin [masters] master diff --git a/playbooks/openshift-glusterfs/private/config.yml b/playbooks/openshift-glusterfs/private/config.yml index 19e14ab3e..9a5bc143d 100644 --- a/playbooks/openshift-glusterfs/private/config.yml +++ b/playbooks/openshift-glusterfs/private/config.yml @@ -14,12 +14,12 @@ - name: Open firewall ports for GlusterFS nodes hosts: glusterfs tasks: - - include_role: + - import_role: name: openshift_storage_glusterfs tasks_from: firewall.yml when: - openshift_storage_glusterfs_is_native | default(True) | bool - - include_role: + - import_role: name: openshift_storage_glusterfs tasks_from: kernel_modules.yml when: @@ -28,12 +28,12 @@ - name: Open firewall ports for GlusterFS registry nodes hosts: glusterfs_registry tasks: - - include_role: + - import_role: name: openshift_storage_glusterfs tasks_from: firewall.yml when: - openshift_storage_glusterfs_registry_is_native | default(True) | bool - - include_role: + - import_role: name: openshift_storage_glusterfs tasks_from: kernel_modules.yml when: @@ -43,7 +43,7 @@ hosts: oo_first_master tasks: - name: setup glusterfs - include_role: + import_role: name: openshift_storage_glusterfs when: groups.oo_glusterfs_to_config | default([]) | count > 0 diff --git a/playbooks/openshift-glusterfs/private/filter_plugins b/playbooks/openshift-glusterfs/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-glusterfs/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-glusterfs/private/lookup_plugins b/playbooks/openshift-glusterfs/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-glusterfs/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-hosted/private/config.yml b/playbooks/openshift-hosted/private/config.yml index 036fe654d..4e7b98da2 100644 --- a/playbooks/openshift-hosted/private/config.yml +++ b/playbooks/openshift-hosted/private/config.yml @@ -21,6 +21,10 @@ - import_playbook: openshift_hosted_registry.yml +- import_playbook: openshift_hosted_wait_for_pods.yml + +- import_playbook: openshift_hosted_registry_storage.yml + - import_playbook: cockpit-ui.yml - import_playbook: install_docker_gc.yml diff --git a/playbooks/openshift-hosted/private/install_docker_gc.yml b/playbooks/openshift-hosted/private/install_docker_gc.yml index 1e3dfee07..03eb542d3 100644 --- a/playbooks/openshift-hosted/private/install_docker_gc.yml +++ b/playbooks/openshift-hosted/private/install_docker_gc.yml @@ -3,5 +3,5 @@ hosts: oo_first_master gather_facts: false tasks: - - include_role: + - import_role: name: openshift_docker_gc diff --git a/playbooks/openshift-hosted/private/openshift_hosted_create_projects.yml b/playbooks/openshift-hosted/private/openshift_hosted_create_projects.yml index d5ca5185c..b09432da2 100644 --- a/playbooks/openshift-hosted/private/openshift_hosted_create_projects.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_create_projects.yml @@ -2,6 +2,6 @@ - name: Create Hosted Resources - openshift projects hosts: oo_first_master tasks: - - include_role: + - import_role: name: openshift_hosted tasks_from: create_projects.yml diff --git a/playbooks/openshift-hosted/private/openshift_hosted_registry.yml b/playbooks/openshift-hosted/private/openshift_hosted_registry.yml index 2a91a827c..659c95eda 100644 --- a/playbooks/openshift-hosted/private/openshift_hosted_registry.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_registry.yml @@ -5,7 +5,7 @@ - set_fact: openshift_hosted_registry_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}" when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master" - - include_role: + - import_role: name: openshift_hosted tasks_from: registry.yml when: diff --git a/playbooks/openshift-hosted/private/openshift_hosted_registry_storage.yml b/playbooks/openshift-hosted/private/openshift_hosted_registry_storage.yml new file mode 100644 index 000000000..cfc47c9b2 --- /dev/null +++ b/playbooks/openshift-hosted/private/openshift_hosted_registry_storage.yml @@ -0,0 +1,13 @@ +--- +# This playbook waits for registry and router pods after both have been +# created. It is intended to allow the tasks of deploying both to complete +# before polling to save time. +- name: Poll for hosted pod deployments + hosts: oo_first_master + tasks: + - import_role: + name: openshift_hosted + tasks_from: registry_storage.yml + when: + - openshift_hosted_manage_registry | default(True) | bool + - openshift_hosted_registry_registryurl is defined diff --git a/playbooks/openshift-hosted/private/openshift_hosted_router.yml b/playbooks/openshift-hosted/private/openshift_hosted_router.yml index bcb5a34a4..353377189 100644 --- a/playbooks/openshift-hosted/private/openshift_hosted_router.yml +++ b/playbooks/openshift-hosted/private/openshift_hosted_router.yml @@ -5,7 +5,7 @@ - set_fact: openshift_hosted_router_registryurl: "{{ hostvars[groups.oo_first_master.0].openshift.master.registry_url }}" when: "'master' in hostvars[groups.oo_first_master.0].openshift and 'registry_url' in hostvars[groups.oo_first_master.0].openshift.master" - - include_role: + - import_role: name: openshift_hosted tasks_from: router.yml when: diff --git a/playbooks/openshift-hosted/private/openshift_hosted_wait_for_pods.yml b/playbooks/openshift-hosted/private/openshift_hosted_wait_for_pods.yml new file mode 100644 index 000000000..1f6868c2a --- /dev/null +++ b/playbooks/openshift-hosted/private/openshift_hosted_wait_for_pods.yml @@ -0,0 +1,26 @@ +--- +# This playbook waits for registry and router pods after both have been +# created. It is intended to allow the tasks of deploying both to complete +# before polling to save time. +- name: Poll for hosted pod deployments + hosts: oo_first_master + tasks: + - import_role: + name: openshift_hosted + tasks_from: wait_for_pod.yml + vars: + l_openshift_hosted_wait_for_pod: "{{ openshift_hosted_router_wait }}" + l_openshift_hosted_wfp_items: "{{ openshift_hosted_routers }}" + when: + - openshift_hosted_manage_router | default(True) | bool + - openshift_hosted_router_registryurl is defined + + - import_role: + name: openshift_hosted + tasks_from: wait_for_pod.yml + vars: + l_openshift_hosted_wait_for_pod: "{{ openshift_hosted_registry_wait }}" + l_openshift_hosted_wfp_items: "{{ r_openshift_hosted_registry_list }}" + when: + - openshift_hosted_manage_registry | default(True) | bool + - openshift_hosted_registry_registryurl is defined diff --git a/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml b/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml index 7e9363c5f..b817221b8 100644 --- a/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml +++ b/playbooks/openshift-hosted/private/redeploy-registry-certificates.yml @@ -17,7 +17,7 @@ - name: Determine if docker-registry exists command: > - {{ openshift.common.client_binary }} get dc/docker-registry -o json + {{ openshift_client_binary }} get dc/docker-registry -o json --config={{ mktemp.stdout }}/admin.kubeconfig -n default register: l_docker_registry_dc @@ -26,11 +26,11 @@ - set_fact: docker_registry_env_vars: "{{ ((l_docker_registry_dc.stdout | from_json)['spec']['template']['spec']['containers'][0]['env'] - | oo_collect('name')) + | lib_utils_oo_collect('name')) | default([]) }}" docker_registry_secrets: "{{ ((l_docker_registry_dc.stdout | from_json)['spec']['template']['spec']['volumes'] - | oo_collect('secret') - | oo_collect('secretName')) + | lib_utils_oo_collect('secret') + | lib_utils_oo_collect('secretName')) | default([]) }}" changed_when: false when: l_docker_registry_dc.rc == 0 @@ -38,7 +38,7 @@ # Replace dc/docker-registry environment variable certificate data if set. - name: Update docker-registry environment variables shell: > - {{ openshift.common.client_binary }} env dc/docker-registry + {{ openshift_client_binary }} env dc/docker-registry OPENSHIFT_CA_DATA="$(cat /etc/origin/master/ca.crt)" OPENSHIFT_CERT_DATA="$(cat /etc/origin/master/openshift-registry.crt)" OPENSHIFT_KEY_DATA="$(cat /etc/origin/master/openshift-registry.key)" @@ -62,7 +62,7 @@ - name: Generate registry certificate command: > - {{ openshift.common.client_binary }} adm ca create-server-cert + {{ openshift_client_binary }} adm ca create-server-cert --signer-cert={{ openshift.common.config_base }}/master/ca.crt --signer-key={{ openshift.common.config_base }}/master/ca.key --signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt @@ -88,7 +88,7 @@ - name: Redeploy docker registry command: > - {{ openshift.common.client_binary }} deploy dc/docker-registry + {{ openshift_client_binary }} deploy dc/docker-registry --latest --config={{ mktemp.stdout }}/admin.kubeconfig -n default diff --git a/playbooks/openshift-hosted/private/redeploy-router-certificates.yml b/playbooks/openshift-hosted/private/redeploy-router-certificates.yml index 2116c745c..0df748f47 100644 --- a/playbooks/openshift-hosted/private/redeploy-router-certificates.yml +++ b/playbooks/openshift-hosted/private/redeploy-router-certificates.yml @@ -17,7 +17,7 @@ - name: Determine if router exists command: > - {{ openshift.common.client_binary }} get dc/router -o json + {{ openshift_client_binary }} get dc/router -o json --config={{ router_cert_redeploy_tempdir.stdout }}/admin.kubeconfig -n default register: l_router_dc @@ -26,7 +26,7 @@ - name: Determine if router service exists command: > - {{ openshift.common.client_binary }} get svc/router -o json + {{ openshift_client_binary }} get svc/router -o json --config={{ router_cert_redeploy_tempdir.stdout }}/admin.kubeconfig -n default register: l_router_svc @@ -36,11 +36,11 @@ - name: Collect router environment variables and secrets set_fact: router_env_vars: "{{ ((l_router_dc.stdout | from_json)['spec']['template']['spec']['containers'][0]['env'] - | oo_collect('name')) + | lib_utils_oo_collect('name')) | default([]) }}" router_secrets: "{{ ((l_router_dc.stdout | from_json)['spec']['template']['spec']['volumes'] - | oo_collect('secret') - | oo_collect('secretName')) + | lib_utils_oo_collect('secret') + | lib_utils_oo_collect('secretName')) | default([]) }}" changed_when: false when: l_router_dc.rc == 0 @@ -52,7 +52,7 @@ - name: Update router environment variables shell: > - {{ openshift.common.client_binary }} env dc/router + {{ openshift_client_binary }} env dc/router OPENSHIFT_CA_DATA="$(cat /etc/origin/master/ca.crt)" OPENSHIFT_CERT_DATA="$(cat /etc/origin/master/openshift-router.crt)" OPENSHIFT_KEY_DATA="$(cat /etc/origin/master/openshift-router.key)" @@ -78,7 +78,7 @@ - name: Remove router service annotations command: > - {{ openshift.common.client_binary }} annotate service/router + {{ openshift_client_binary }} annotate service/router service.alpha.openshift.io/serving-cert-secret-name- service.alpha.openshift.io/serving-cert-signed-by- --config={{ router_cert_redeploy_tempdir.stdout }}/admin.kubeconfig @@ -86,7 +86,7 @@ - name: Add serving-cert-secret annotation to router service command: > - {{ openshift.common.client_binary }} annotate service/router + {{ openshift_client_binary }} annotate service/router service.alpha.openshift.io/serving-cert-secret-name=router-certs --config={{ router_cert_redeploy_tempdir.stdout }}/admin.kubeconfig -n default @@ -115,7 +115,7 @@ - ('service.alpha.openshift.io/serving-cert-secret-name') not in router_service_annotations - ('service.alpha.openshift.io/serving-cert-signed-by') not in router_service_annotations - - include_role: + - import_role: name: openshift_hosted tasks_from: main vars: @@ -129,7 +129,7 @@ - name: Redeploy router command: > - {{ openshift.common.client_binary }} deploy dc/router + {{ openshift_client_binary }} deploy dc/router --latest --config={{ router_cert_redeploy_tempdir.stdout }}/admin.kubeconfig -n default diff --git a/playbooks/openshift-loadbalancer/private/config.yml b/playbooks/openshift-loadbalancer/private/config.yml index 2636d857e..54c8483c8 100644 --- a/playbooks/openshift-loadbalancer/private/config.yml +++ b/playbooks/openshift-loadbalancer/private/config.yml @@ -15,12 +15,12 @@ hosts: oo_lb_to_config vars: openshift_loadbalancer_frontends: "{{ (openshift_master_api_port | default(8443) - | oo_openshift_loadbalancer_frontends(hostvars | oo_select_keys(groups['oo_masters']), + | lib_utils_oo_loadbalancer_frontends(hostvars | lib_utils_oo_select_keys(groups['oo_masters']), openshift_use_nuage | default(false), nuage_mon_rest_server_port | default(none))) + openshift_loadbalancer_additional_frontends | default([]) }}" openshift_loadbalancer_backends: "{{ (openshift_master_api_port | default(8443) - | oo_openshift_loadbalancer_backends(hostvars | oo_select_keys(groups['oo_masters']), + | lib_utils_oo_loadbalancer_backends(hostvars | lib_utils_oo_select_keys(groups['oo_masters']), openshift_use_nuage | default(false), nuage_mon_rest_server_port | default(none))) + openshift_loadbalancer_additional_backends | default([]) }}" diff --git a/playbooks/openshift-loadbalancer/private/filter_plugins b/playbooks/openshift-loadbalancer/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-loadbalancer/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-loadbalancer/private/lookup_plugins b/playbooks/openshift-loadbalancer/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-loadbalancer/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-logging/private/config.yml b/playbooks/openshift-logging/private/config.yml index bc59bd95a..d6b26647c 100644 --- a/playbooks/openshift-logging/private/config.yml +++ b/playbooks/openshift-logging/private/config.yml @@ -16,11 +16,12 @@ roles: - openshift_logging +# TODO: Remove when master config property is removed - name: Update Master configs hosts: oo_masters:!oo_first_master tasks: - block: - - include_role: + - import_role: name: openshift_logging tasks_from: update_master_config diff --git a/playbooks/openshift-logging/private/filter_plugins b/playbooks/openshift-logging/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-logging/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-logging/private/library b/playbooks/openshift-logging/private/library deleted file mode 120000 index ba40d2f56..000000000 --- a/playbooks/openshift-logging/private/library +++ /dev/null @@ -1 +0,0 @@ -../../../library
\ No newline at end of file diff --git a/playbooks/openshift-logging/private/lookup_plugins b/playbooks/openshift-logging/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-logging/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-management/add_many_container_providers.yml b/playbooks/openshift-management/add_many_container_providers.yml index 62fdb11c5..45231a495 100644 --- a/playbooks/openshift-management/add_many_container_providers.yml +++ b/playbooks/openshift-management/add_many_container_providers.yml @@ -27,7 +27,7 @@ register: results # Include openshift_management for access to filter_plugins. - - include_role: + - import_role: name: openshift_management tasks_from: noop diff --git a/playbooks/openshift-management/private/add_container_provider.yml b/playbooks/openshift-management/private/add_container_provider.yml index facb3a5b9..25d4058e5 100644 --- a/playbooks/openshift-management/private/add_container_provider.yml +++ b/playbooks/openshift-management/private/add_container_provider.yml @@ -3,6 +3,6 @@ hosts: oo_first_master tasks: - name: Run the Management Integration Tasks - include_role: + import_role: name: openshift_management tasks_from: add_container_provider diff --git a/playbooks/openshift-management/private/config.yml b/playbooks/openshift-management/private/config.yml index 3f1cdf713..22f3ee8f3 100644 --- a/playbooks/openshift-management/private/config.yml +++ b/playbooks/openshift-management/private/config.yml @@ -21,7 +21,7 @@ tasks: - name: Run the CFME Setup Role - include_role: + import_role: name: openshift_management vars: template_dir: "{{ hostvars[groups.masters.0].r_openshift_management_mktemp.stdout }}" diff --git a/playbooks/openshift-management/private/filter_plugins b/playbooks/openshift-management/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-management/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-management/private/library b/playbooks/openshift-management/private/library deleted file mode 120000 index ba40d2f56..000000000 --- a/playbooks/openshift-management/private/library +++ /dev/null @@ -1 +0,0 @@ -../../../library
\ No newline at end of file diff --git a/playbooks/openshift-management/private/uninstall.yml b/playbooks/openshift-management/private/uninstall.yml index 9f35cc276..6097ea45a 100644 --- a/playbooks/openshift-management/private/uninstall.yml +++ b/playbooks/openshift-management/private/uninstall.yml @@ -3,6 +3,6 @@ hosts: masters[0] tasks: - name: Run the CFME Uninstall Role Tasks - include_role: + import_role: name: openshift_management tasks_from: uninstall diff --git a/playbooks/openshift-master/private/additional_config.yml b/playbooks/openshift-master/private/additional_config.yml index a90cd6b22..85be0e600 100644 --- a/playbooks/openshift-master/private/additional_config.yml +++ b/playbooks/openshift-master/private/additional_config.yml @@ -30,8 +30,8 @@ when: openshift_use_manageiq | default(true) | bool - role: cockpit when: - - not openshift.common.is_atomic | bool - - deployment_type == 'openshift-enterprise' + - not openshift_is_atomic | bool + - openshift_deployment_type == 'openshift-enterprise' - osm_use_cockpit is undefined or osm_use_cockpit | bool - openshift.common.deployment_subtype != 'registry' - role: flannel_register diff --git a/playbooks/openshift-master/private/certificates.yml b/playbooks/openshift-master/private/certificates.yml index f6afbc36f..d42d4402b 100644 --- a/playbooks/openshift-master/private/certificates.yml +++ b/playbooks/openshift-master/private/certificates.yml @@ -9,6 +9,6 @@ - role: openshift_ca - role: openshift_master_certificates openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] | default([])) - | oo_collect('openshift.common.hostname') + | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | lib_utils_oo_collect('openshift.common.hostname') | default(none, true) }}" diff --git a/playbooks/openshift-master/private/config.yml b/playbooks/openshift-master/private/config.yml index 9f6d5afcc..153ea9993 100644 --- a/playbooks/openshift-master/private/config.yml +++ b/playbooks/openshift-master/private/config.yml @@ -47,7 +47,7 @@ state: absent when: - rpmgenerated_config.stat.exists == true - - deployment_type == 'openshift-enterprise' + - openshift_deployment_type == 'openshift-enterprise' with_items: - master - node @@ -56,9 +56,9 @@ - set_fact: openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}" openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] + | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([])) - | oo_collect('openshift.common.hostname') + | lib_utils_oo_collect('openshift.common.hostname') | default(none, true) }}" roles: - openshift_facts @@ -150,8 +150,8 @@ hosts: oo_first_master vars: g_session_secrets_present: "{{ (openshift.master.session_auth_secrets | default([])) | length > 0 and (openshift.master.session_encryption_secrets | default([])) | length > 0 }}" - g_session_auth_secrets: "{{ [ 24 | oo_generate_secret ] }}" - g_session_encryption_secrets: "{{ [ 24 | oo_generate_secret ] }}" + g_session_auth_secrets: "{{ [ 24 | lib_utils_oo_generate_secret ] }}" + g_session_encryption_secrets: "{{ [ 24 | lib_utils_oo_generate_secret ] }}" roles: - role: openshift_facts tasks: @@ -172,23 +172,19 @@ openshift_master_session_encryption_secrets: "{{ hostvars[groups.oo_first_master.0].openshift.master.session_encryption_secrets }}" openshift_ca_host: "{{ groups.oo_first_master.0 }}" openshift_master_etcd_hosts: "{{ hostvars - | oo_select_keys(groups['oo_etcd_to_config'] | default([])) - | oo_collect('openshift.common.hostname') + | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | lib_utils_oo_collect('openshift.common.hostname') | default(none, true) }}" - openshift_no_proxy_etcd_host_ips: "{{ hostvars | oo_select_keys(groups['oo_etcd_to_config'] | default([])) - | oo_collect('openshift.common.ip') | default([]) | join(',') + openshift_no_proxy_etcd_host_ips: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([])) + | lib_utils_oo_collect('openshift.common.ip') | default([]) | join(',') }}" roles: - role: openshift_master_facts - - role: openshift_hosted_facts - role: openshift_clock - role: openshift_cloud_provider - role: openshift_builddefaults - role: openshift_buildoverrides - role: nickhammond.logrotate - - role: contiv - contiv_role: netmaster - when: openshift_use_contiv | default(False) | bool - role: openshift_master openshift_master_hosts: "{{ groups.oo_masters_to_config }}" r_openshift_master_clean_install: "{{ hostvars[groups.oo_first_master.0].l_clean_install }}" @@ -207,13 +203,13 @@ - role: calico_master when: openshift_use_calico | default(false) | bool tasks: - - include_role: + - import_role: name: kuryr tasks_from: master when: openshift_use_kuryr | default(false) | bool - name: Setup the node group config maps - include_role: + import_role: name: openshift_node_group when: openshift_master_bootstrap_enabled | default(false) | bool run_once: True diff --git a/playbooks/openshift-master/private/filter_plugins b/playbooks/openshift-master/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-master/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-master/private/library b/playbooks/openshift-master/private/library deleted file mode 120000 index d0b7393d3..000000000 --- a/playbooks/openshift-master/private/library +++ /dev/null @@ -1 +0,0 @@ -../../../library/
\ No newline at end of file diff --git a/playbooks/openshift-master/private/lookup_plugins b/playbooks/openshift-master/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-master/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-master/private/redeploy-openshift-ca.yml b/playbooks/openshift-master/private/redeploy-openshift-ca.yml index 9f5502141..663c39868 100644 --- a/playbooks/openshift-master/private/redeploy-openshift-ca.yml +++ b/playbooks/openshift-master/private/redeploy-openshift-ca.yml @@ -125,7 +125,6 @@ - name: Create temp directory for syncing certs hosts: localhost connection: local - become: no gather_facts: no tasks: - name: Create local temp directory for syncing certs @@ -133,6 +132,10 @@ register: g_master_mktemp changed_when: false + - name: Chmod local temp directory for syncing certs + local_action: command chmod 777 "{{ g_master_mktemp.stdout }}" + changed_when: false + - name: Retrieve OpenShift CA hosts: oo_first_master vars: @@ -212,18 +215,18 @@ when: # masters - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) # etcd - ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) + | lib_utils_oo_select_keys(groups['etcd']) + | lib_utils_oo_collect('check_results.check_results.etcd') + | lib_utils_oo_collect('health'))) - name: Distribute OpenShift CA certificate to nodes hosts: oo_nodes_to_config @@ -264,7 +267,6 @@ - name: Delete temporary directory on localhost hosts: localhost connection: local - become: no gather_facts: no tasks: - file: @@ -277,24 +279,24 @@ when: # nodes - ('expired' not in hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_nodes_to_config.0].openshift.common.config_base ~ "/node/server.crt"})) + | lib_utils_oo_select_keys(groups['oo_nodes_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_nodes_to_config.0].openshift.common.config_base ~ "/node/server.crt"})) - ('expired' not in hostvars - | oo_select_keys(groups['oo_nodes_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_nodes_to_config.0].openshift.common.config_base ~ "/node/ca.crt"})) + | lib_utils_oo_select_keys(groups['oo_nodes_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_nodes_to_config.0].openshift.common.config_base ~ "/node/ca.crt"})) # masters - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/master.server.crt"})) - ('expired' not in hostvars - | oo_select_keys(groups['oo_masters_to_config']) - | oo_collect('check_results.check_results.ocp_certs') - | oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) + | lib_utils_oo_select_keys(groups['oo_masters_to_config']) + | lib_utils_oo_collect('check_results.check_results.ocp_certs') + | lib_utils_oo_collect('health', {'path':hostvars[groups.oo_first_master.0].openshift.common.config_base ~ "/master/ca-bundle.crt"})) # etcd - ('expired' not in (hostvars - | oo_select_keys(groups['etcd']) - | oo_collect('check_results.check_results.etcd') - | oo_collect('health'))) + | lib_utils_oo_select_keys(groups['etcd']) + | lib_utils_oo_collect('check_results.check_results.etcd') + | lib_utils_oo_collect('health'))) diff --git a/playbooks/openshift-master/private/tasks/restart_hosts.yml b/playbooks/openshift-master/private/tasks/restart_hosts.yml index a5dbe0590..76e1ea5f3 100644 --- a/playbooks/openshift-master/private/tasks/restart_hosts.yml +++ b/playbooks/openshift-master/private/tasks/restart_hosts.yml @@ -27,7 +27,6 @@ delay=10 timeout=600 port="{{ ansible_port | default(ansible_ssh_port | default(22,boolean=True),boolean=True) }}" - become: no # Now that ssh is back up we can wait for API on the remote system, # avoiding some potential connection issues from local system: diff --git a/playbooks/openshift-master/private/tasks/restart_services.yml b/playbooks/openshift-master/private/tasks/restart_services.yml index 4e1b3a3be..cf2c282e3 100644 --- a/playbooks/openshift-master/private/tasks/restart_services.yml +++ b/playbooks/openshift-master/private/tasks/restart_services.yml @@ -1,4 +1,4 @@ --- -- include_role: +- import_role: name: openshift_master tasks_from: restart.yml diff --git a/playbooks/openshift-master/private/tasks/wire_aggregator.yml b/playbooks/openshift-master/private/tasks/wire_aggregator.yml index 4f55d5c82..59e2b515c 100644 --- a/playbooks/openshift-master/private/tasks/wire_aggregator.yml +++ b/playbooks/openshift-master/private/tasks/wire_aggregator.yml @@ -21,7 +21,7 @@ # TODO: this currently has a bug where hostnames are required - name: Creating First Master Aggregator signer certs command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm ca create-signer-cert + {{ hostvars[groups.oo_first_master.0]['first_master_client_binary'] }} adm ca create-signer-cert --cert=/etc/origin/master/front-proxy-ca.crt --key=/etc/origin/master/front-proxy-ca.key --serial=/etc/origin/master/ca.serial.txt @@ -84,7 +84,7 @@ - block: - name: Create first master api-client config for Aggregator command: > - {{ hostvars[groups.oo_first_master.0].openshift.common.client_binary }} adm create-api-client-config + {{ hostvars[groups.oo_first_master.0]['first_master_client_binary'] }} adm create-api-client-config --certificate-authority=/etc/origin/master/front-proxy-ca.crt --signer-cert=/etc/origin/master/front-proxy-ca.crt --signer-key=/etc/origin/master/front-proxy-ca.key diff --git a/playbooks/openshift-master/private/validate_restart.yml b/playbooks/openshift-master/private/validate_restart.yml index 1077d0b9c..60b0e5bb6 100644 --- a/playbooks/openshift-master/private/validate_restart.yml +++ b/playbooks/openshift-master/private/validate_restart.yml @@ -21,7 +21,6 @@ - name: Create temp file on localhost hosts: localhost connection: local - become: no gather_facts: no tasks: - local_action: command mktemp @@ -38,7 +37,6 @@ - name: Cleanup temp file on localhost hosts: localhost connection: local - become: no gather_facts: no tasks: - file: path="{{ hostvars.localhost.mktemp.stdout }}" state=absent diff --git a/playbooks/openshift-master/scaleup.yml b/playbooks/openshift-master/scaleup.yml index f717cd0e9..7d31340a2 100644 --- a/playbooks/openshift-master/scaleup.yml +++ b/playbooks/openshift-master/scaleup.yml @@ -4,7 +4,6 @@ - name: Ensure there are new_masters or new_nodes hosts: localhost connection: local - become: no gather_facts: no tasks: - fail: diff --git a/playbooks/openshift-metrics/private/config.yml b/playbooks/openshift-metrics/private/config.yml index 80cd93e5f..1e237e3f0 100644 --- a/playbooks/openshift-metrics/private/config.yml +++ b/playbooks/openshift-metrics/private/config.yml @@ -16,12 +16,13 @@ roles: - role: openshift_metrics +# TODO: Remove when master config property is removed - name: OpenShift Metrics hosts: oo_masters:!oo_first_master serial: 1 tasks: - name: Setup the non-first masters configs - include_role: + import_role: name: openshift_metrics tasks_from: update_master_config.yaml diff --git a/playbooks/openshift-metrics/private/library b/playbooks/openshift-metrics/private/library deleted file mode 120000 index ba40d2f56..000000000 --- a/playbooks/openshift-metrics/private/library +++ /dev/null @@ -1 +0,0 @@ -../../../library
\ No newline at end of file diff --git a/playbooks/openshift-nfs/private/filter_plugins b/playbooks/openshift-nfs/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-nfs/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-nfs/private/lookup_plugins b/playbooks/openshift-nfs/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-nfs/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-node/private/additional_config.yml b/playbooks/openshift-node/private/additional_config.yml index 261e2048f..0881121c9 100644 --- a/playbooks/openshift-node/private/additional_config.yml +++ b/playbooks/openshift-node/private/additional_config.yml @@ -33,7 +33,6 @@ roles: - role: flannel etcd_urls: "{{ hostvars[groups.oo_first_master.0].openshift.master.etcd_urls }}" - embedded_etcd: "{{ hostvars[groups.oo_first_master.0].openshift.master.embedded_etcd }}" when: openshift_use_flannel | default(false) | bool - name: Additional node config @@ -48,17 +47,23 @@ - role: nuage_node when: openshift_use_nuage | default(false) | bool -- name: Additional node config - hosts: oo_nodes_use_contiv +- name: Configure Contiv masters + hosts: oo_masters_to_config + roles: + - role: contiv + contiv_master: true + when: openshift_use_contiv | default(false) | bool + +- name: Configure rest of Contiv nodes + hosts: "{{ groups.oo_nodes_use_contiv | default([]) | difference(groups.oo_masters_to_config) }}" roles: - role: contiv - contiv_role: netplugin when: openshift_use_contiv | default(false) | bool - name: Configure Kuryr node hosts: oo_nodes_use_kuryr tasks: - - include_role: + - import_role: name: kuryr tasks_from: node when: openshift_use_kuryr | default(false) | bool diff --git a/playbooks/openshift-node/private/configure_nodes.yml b/playbooks/openshift-node/private/configure_nodes.yml index 32b288c8b..a13173e63 100644 --- a/playbooks/openshift-node/private/configure_nodes.yml +++ b/playbooks/openshift-node/private/configure_nodes.yml @@ -4,13 +4,14 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" roles: - role: openshift_clock + - role: openshift_cloud_provider - role: openshift_node - role: tuned - role: nickhammond.logrotate diff --git a/playbooks/openshift-node/private/containerized_nodes.yml b/playbooks/openshift-node/private/containerized_nodes.yml index ef07669cb..644e6a69c 100644 --- a/playbooks/openshift-node/private/containerized_nodes.yml +++ b/playbooks/openshift-node/private/containerized_nodes.yml @@ -5,14 +5,15 @@ vars: openshift_node_master_api_url: "{{ hostvars[groups.oo_first_master.0].openshift.master.api_url }}" openshift_node_first_master_ip: "{{ hostvars[groups.oo_first_master.0].openshift.common.ip }}" - openshift_no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] + openshift_no_proxy_internal_hostnames: "{{ hostvars | lib_utils_oo_select_keys(groups['oo_nodes_to_config'] | union(groups['oo_masters_to_config']) | union(groups['oo_etcd_to_config'] | default([]))) - | oo_collect('openshift.common.hostname') | default([]) | join (',') + | lib_utils_oo_collect('openshift.common.hostname') | default([]) | join (',') }}" roles: - role: openshift_clock + - role: openshift_cloud_provider - role: openshift_node openshift_ca_host: "{{ groups.oo_first_master.0 }}" - role: nickhammond.logrotate diff --git a/playbooks/openshift-node/private/filter_plugins b/playbooks/openshift-node/private/filter_plugins deleted file mode 120000 index 99a95e4ca..000000000 --- a/playbooks/openshift-node/private/filter_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../filter_plugins
\ No newline at end of file diff --git a/playbooks/openshift-node/private/image_prep.yml b/playbooks/openshift-node/private/image_prep.yml index 6b517197d..adcbb0fdb 100644 --- a/playbooks/openshift-node/private/image_prep.yml +++ b/playbooks/openshift-node/private/image_prep.yml @@ -12,6 +12,13 @@ - name: run node config import_playbook: configure_nodes.yml +- name: node bootstrap config + hosts: oo_nodes_to_config:!oo_containerized_master_nodes + tasks: + - import_role: + name: openshift_node + tasks_from: bootstrap.yml + - name: Re-enable excluders import_playbook: enable_excluders.yml diff --git a/playbooks/openshift-node/private/lookup_plugins b/playbooks/openshift-node/private/lookup_plugins deleted file mode 120000 index ac79701db..000000000 --- a/playbooks/openshift-node/private/lookup_plugins +++ /dev/null @@ -1 +0,0 @@ -../../../lookup_plugins
\ No newline at end of file diff --git a/playbooks/openshift-node/private/network_manager.yml b/playbooks/openshift-node/private/network_manager.yml index 39640345f..2638c5223 100644 --- a/playbooks/openshift-node/private/network_manager.yml +++ b/playbooks/openshift-node/private/network_manager.yml @@ -8,7 +8,7 @@ name: 'NetworkManager' state: present register: result - until: result | success + until: result is succeeded - name: configure NetworkManager lineinfile: diff --git a/playbooks/openshift-node/private/restart.yml b/playbooks/openshift-node/private/restart.yml index 0786bd7d3..7249ced70 100644 --- a/playbooks/openshift-node/private/restart.yml +++ b/playbooks/openshift-node/private/restart.yml @@ -5,6 +5,7 @@ roles: - lib_openshift + - openshift_facts tasks: - name: Restart docker @@ -12,7 +13,7 @@ name: docker state: restarted register: l_docker_restart_docker_in_node_result - until: not l_docker_restart_docker_in_node_result | failed + until: not (l_docker_restart_docker_in_node_result is failed) retries: 3 delay: 30 @@ -27,7 +28,7 @@ - "{{ openshift_service_type }}-master-controllers" - "{{ openshift_service_type }}-node" failed_when: false - when: openshift.common.is_containerized | bool + when: openshift_is_containerized | bool - name: Wait for master API to come back online wait_for: diff --git a/playbooks/openshift-node/private/setup.yml b/playbooks/openshift-node/private/setup.yml index 541913aef..41c323f2b 100644 --- a/playbooks/openshift-node/private/setup.yml +++ b/playbooks/openshift-node/private/setup.yml @@ -8,7 +8,6 @@ - name: Evaluate node groups hosts: localhost - become: no connection: local tasks: - name: Evaluate oo_containerized_master_nodes @@ -21,6 +20,6 @@ when: - hostvars[item].openshift is defined - hostvars[item].openshift.common is defined - - hostvars[item].openshift.common.is_containerized | bool + - hostvars[item].openshift_is_containerized | bool - (item in groups.oo_nodes_to_config and item in groups.oo_masters_to_config) changed_when: False diff --git a/playbooks/openshift-node/scaleup.yml b/playbooks/openshift-node/scaleup.yml index bdfd3d3e6..cf13692ae 100644 --- a/playbooks/openshift-node/scaleup.yml +++ b/playbooks/openshift-node/scaleup.yml @@ -4,7 +4,6 @@ - name: Ensure there are new_nodes hosts: localhost connection: local - become: no gather_facts: no tasks: - fail: diff --git a/playbooks/openshift-web-console/config.yml b/playbooks/openshift-web-console/config.yml new file mode 100644 index 000000000..c7814207c --- /dev/null +++ b/playbooks/openshift-web-console/config.yml @@ -0,0 +1,4 @@ +--- +- import_playbook: ../init/main.yml + +- import_playbook: private/config.yml diff --git a/playbooks/openshift-web-console/private/config.yml b/playbooks/openshift-web-console/private/config.yml new file mode 100644 index 000000000..ffd702d20 --- /dev/null +++ b/playbooks/openshift-web-console/private/config.yml @@ -0,0 +1,31 @@ +--- +- name: Web Console Install Checkpoint Start + hosts: all + gather_facts: false + tasks: + - name: Set Web Console install 'In Progress' + run_once: true + set_stats: + data: + installer_phase_web_console: + status: "In Progress" + start: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" + +- name: Web Console + hosts: oo_first_master + roles: + - openshift_web_console + vars: + first_master: "{{ groups.oo_first_master[0] }}" + +- name: Web Console Install Checkpoint End + hosts: all + gather_facts: false + tasks: + - name: Set Web Console install 'Complete' + run_once: true + set_stats: + data: + installer_phase_web_console: + status: "Complete" + end: "{{ lookup('pipe', 'date +%Y%m%d%H%M%SZ') }}" diff --git a/playbooks/openshift-web-console/private/roles b/playbooks/openshift-web-console/private/roles new file mode 120000 index 000000000..e2b799b9d --- /dev/null +++ b/playbooks/openshift-web-console/private/roles @@ -0,0 +1 @@ +../../../roles/
\ No newline at end of file diff --git a/playbooks/openstack/advanced-configuration.md b/playbooks/openstack/advanced-configuration.md index 403e0e1a7..2c9b70b5f 100644 --- a/playbooks/openstack/advanced-configuration.md +++ b/playbooks/openstack/advanced-configuration.md @@ -159,11 +159,22 @@ So the provisioned cluster nodes will start using those natively as default nameservers. Technically, this allows to deploy OpenShift clusters without dnsmasq proxies. -The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` will form the cluster's DNS domain all -your servers will be under. With the default values, this will be -`openshift.example.com`. For workloads, the default subdomain is 'apps'. -That sudomain can be set as well by the `openshift_openstack_app_subdomain` variable in -the inventory. +The `openshift_openstack_clusterid` and `openshift_openstack_public_dns_domain` +will form the cluster's public DNS domain all your servers will be under. With +the default values, this will be `openshift.example.com`. For workloads, the +default subdomain is 'apps'. That sudomain can be set as well by the +`openshift_openstack_app_subdomain` variable in the inventory. + +If you want to use a two sets of hostnames for public and private/prefixed DNS +records for your externally managed public DNS server, you can specify +`openshift_openstack_public_hostname_suffix` and/or +`openshift_openstack_private_hostname_suffix`. The suffixes will be added +to the nsupdate records sent to the external DNS server. Those are empty by default. + +**Note** the real hostnames, Nova servers' or ansible hostnames and inventory +variables will not be updated. The deployment may be done on arbitrary named +hosts with the hostnames managed by cloud-init. Inventory hostnames will ignore +the suffixes. The `openstack_<role name>_hostname` is a set of variables used for customising public names of Nova servers provisioned with a given role. When such a variable stays commented, diff --git a/playbooks/openstack/openshift-cluster/install.yml b/playbooks/openstack/openshift-cluster/install.yml index 3211f619a..2ab7d14a0 100644 --- a/playbooks/openstack/openshift-cluster/install.yml +++ b/playbooks/openstack/openshift-cluster/install.yml @@ -9,4 +9,7 @@ # some logic here? - name: run the cluster deploy + import_playbook: ../../prerequisites.yml + +- name: run the cluster deploy import_playbook: ../../deploy_cluster.yml diff --git a/playbooks/openstack/openshift-cluster/prerequisites.yml b/playbooks/openstack/openshift-cluster/prerequisites.yml index 0356b37dd..8bb700501 100644 --- a/playbooks/openstack/openshift-cluster/prerequisites.yml +++ b/playbooks/openstack/openshift-cluster/prerequisites.yml @@ -2,11 +2,11 @@ - hosts: localhost tasks: - name: Check dependencies and OpenStack prerequisites - include_role: + import_role: name: openshift_openstack tasks_from: check-prerequisites.yml - name: Check network configuration - include_role: + import_role: name: openshift_openstack tasks_from: net_vars_check.yaml diff --git a/playbooks/openstack/openshift-cluster/provision.yml b/playbooks/openstack/openshift-cluster/provision.yml index 583e72b51..a38d7bff7 100644 --- a/playbooks/openstack/openshift-cluster/provision.yml +++ b/playbooks/openstack/openshift-cluster/provision.yml @@ -3,7 +3,7 @@ hosts: localhost tasks: - name: provision cluster - include_role: + import_role: name: openshift_openstack tasks_from: provision.yml @@ -36,7 +36,7 @@ hosts: localhost tasks: - name: Populate DNS entries - include_role: + import_role: name: openshift_openstack tasks_from: populate-dns.yml when: @@ -47,20 +47,28 @@ hosts: oo_all_hosts become: yes gather_facts: yes - roles: - - role: rhel_subscribe + tasks: + - name: Subscribe RHEL instances + import_role: + name: rhel_subscribe when: - ansible_distribution == "RedHat" - - rhsub_user | default(False) - - rhsub_pass | default(False) + - rhsub_user is defined + - rhsub_pass is defined + + - name: Enable required YUM repositories + import_role: + name: openshift_repos + when: + - ansible_distribution == "RedHat" + - rh_subscribed is defined - tasks: - name: Install dependencies - include_role: + import_role: name: openshift_openstack tasks_from: node-packages.yml - name: Configure Node - include_role: + import_role: name: openshift_openstack tasks_from: node-configuration.yml diff --git a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml index 933117127..481807dc9 100644 --- a/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/openstack/sample-inventory/group_vars/OSEv3.yml @@ -14,12 +14,12 @@ openshift_hosted_router_wait: True openshift_hosted_registry_wait: True ## Openstack credentials -#openshift_cloudprovider_kind=openstack +#openshift_cloudprovider_kind: openstack #openshift_cloudprovider_openstack_auth_url: "{{ lookup('env','OS_AUTH_URL') }}" #openshift_cloudprovider_openstack_username: "{{ lookup('env','OS_USERNAME') }}" #openshift_cloudprovider_openstack_password: "{{ lookup('env','OS_PASSWORD') }}" #openshift_cloudprovider_openstack_tenant_name: "{{ lookup('env','OS_TENANT_NAME') }}" -#openshift_cloudprovider_openstack_region="{{ lookup('env', 'OS_REGION_NAME') }}" +#openshift_cloudprovider_openstack_region: "{{ lookup('env', 'OS_REGION_NAME') }}" ## Use Cinder volume for Openshift registry: diff --git a/playbooks/openstack/sample-inventory/group_vars/all.yml b/playbooks/openstack/sample-inventory/group_vars/all.yml index c7afe9a24..d63229120 100644 --- a/playbooks/openstack/sample-inventory/group_vars/all.yml +++ b/playbooks/openstack/sample-inventory/group_vars/all.yml @@ -7,6 +7,7 @@ openshift_openstack_dns_nameservers: [] # # - set custom hostnames for roles by uncommenting corresponding lines #openshift_openstack_master_hostname: "master" #openshift_openstack_infra_hostname: "infra-node" +#openshift_openstack_cns_hostname: "cns" #openshift_openstack_node_hostname: "app-node" #openshift_openstack_lb_hostname: "lb" #openshift_openstack_etcd_hostname: "etcd" @@ -30,6 +31,7 @@ openshift_openstack_external_network_name: "public" # # - note: do not remove openshift_openstack_default_image_name definition #openshift_openstack_master_image_name: "centos7" #openshift_openstack_infra_image_name: "centos7" +#openshift_openstack_cns_image_name: "centos7" #openshift_openstack_node_image_name: "centos7" #openshift_openstack_lb_image_name: "centos7" #openshift_openstack_etcd_image_name: "centos7" @@ -37,6 +39,7 @@ openshift_openstack_default_image_name: "centos7" openshift_openstack_num_masters: 1 openshift_openstack_num_infra: 1 +openshift_openstack_num_cns: 0 openshift_openstack_num_nodes: 2 # # Used Flavors @@ -44,6 +47,7 @@ openshift_openstack_num_nodes: 2 # # - note: do note remove openshift_openstack_default_flavor definition #openshift_openstack_master_flavor: "m1.medium" #openshift_openstack_infra_flavor: "m1.medium" +#openshift_openstack_cns_flavor: "m1.medium" #openshift_openstack_node_flavor: "m1.medium" #openshift_openstack_lb_flavor: "m1.medium" #openshift_openstack_etcd_flavor: "m1.medium" @@ -57,6 +61,7 @@ openshift_openstack_default_flavor: "m1.medium" # # - note: do not remove docker_default_volume_size definition #openshift_openstack_docker_master_volume_size: "15" #openshift_openstack_docker_infra_volume_size: "15" +#openshift_openstack_docker_cns_volume_size: "15" #openshift_openstack_docker_node_volume_size: "15" #openshift_openstack_docker_etcd_volume_size: "2" #openshift_openstack_docker_lb_volume_size: "5" diff --git a/playbooks/openstack/sample-inventory/inventory.py b/playbooks/openstack/sample-inventory/inventory.py index ad3fd936b..45cc4e15a 100755 --- a/playbooks/openstack/sample-inventory/inventory.py +++ b/playbooks/openstack/sample-inventory/inventory.py @@ -9,6 +9,7 @@ environment. from __future__ import print_function +from collections import Mapping import json import shade @@ -42,7 +43,10 @@ def build_inventory(): if server.metadata['host-type'] == 'node' and server.metadata['sub-host-type'] == 'app'] - nodes = list(set(masters + infra_hosts + app)) + cns = [server.name for server in cluster_hosts + if server.metadata['host-type'] == 'cns'] + + nodes = list(set(masters + infra_hosts + app + cns)) dns = [server.name for server in cluster_hosts if server.metadata['host-type'] == 'dns'] @@ -59,6 +63,7 @@ def build_inventory(): inventory['nodes'] = {'hosts': nodes} inventory['infra_hosts'] = {'hosts': infra_hosts} inventory['app'] = {'hosts': app} + inventory['glusterfs'] = {'hosts': cns} inventory['dns'] = {'hosts': dns} inventory['lb'] = {'hosts': load_balancers} @@ -93,7 +98,14 @@ def build_inventory(): hostvars['openshift_hostname'] = server.private_v4 hostvars['openshift_public_hostname'] = server.name + if server.metadata['host-type'] == 'cns': + hostvars['glusterfs_devices'] = ['/dev/nvme0n1'] + node_labels = server.metadata.get('node_labels') + # NOTE(shadower): the node_labels value must be a dict not string + if not isinstance(node_labels, Mapping): + node_labels = json.loads(node_labels) + if node_labels: hostvars['openshift_node_labels'] = node_labels diff --git a/playbooks/prerequisites.yml b/playbooks/prerequisites.yml index 7b7868cfe..7802f83d9 100644 --- a/playbooks/prerequisites.yml +++ b/playbooks/prerequisites.yml @@ -3,10 +3,19 @@ vars: skip_verison: True +- import_playbook: init/validate_hostnames.yml + when: not (skip_validate_hostnames | default(False)) + +- import_playbook: init/repos.yml + +- import_playbook: init/base_packages.yml + # This is required for container runtime for crio, only needs to run once. - name: Configure os_firewall hosts: oo_masters_to_config:oo_etcd_to_config:oo_lb_to_config:oo_nfs_to_config:oo_nodes_to_config roles: - role: os_firewall +- import_playbook: container-runtime/private/setup_storage.yml + - import_playbook: container-runtime/private/config.yml diff --git a/playbooks/redeploy-certificates.yml b/playbooks/redeploy-certificates.yml index b5fcb951d..4e6defd6e 100644 --- a/playbooks/redeploy-certificates.yml +++ b/playbooks/redeploy-certificates.yml @@ -9,7 +9,7 @@ - import_playbook: openshift-etcd/private/restart.yml vars: - g_etcd_certificates_expired: "{{ ('expired' in (hostvars | oo_select_keys(groups['etcd']) | oo_collect('check_results.check_results.etcd') | oo_collect('health'))) | bool }}" + g_etcd_certificates_expired: "{{ ('expired' in (hostvars | lib_utils_oo_select_keys(groups['etcd']) | lib_utils_oo_collect('check_results.check_results.etcd') | lib_utils_oo_collect('health'))) | bool }}" - import_playbook: openshift-master/private/restart.yml |