summaryrefslogtreecommitdiff
path: root/roles/openshift_excluder
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_excluder')
-rw-r--r--roles/openshift_excluder/README.md44
-rw-r--r--roles/openshift_excluder/meta/main.yml15
-rw-r--r--roles/openshift_excluder/tasks/exclude.yml11
-rw-r--r--roles/openshift_excluder/tasks/install.yml16
-rw-r--r--roles/openshift_excluder/tasks/main.yml2
-rw-r--r--roles/openshift_excluder/tasks/reset.yml12
-rw-r--r--roles/openshift_excluder/tasks/status.yml56
-rw-r--r--roles/openshift_excluder/tasks/unexclude.yml12
8 files changed, 168 insertions, 0 deletions
diff --git a/roles/openshift_excluder/README.md b/roles/openshift_excluder/README.md
new file mode 100644
index 000000000..6c90b4e96
--- /dev/null
+++ b/roles/openshift_excluder/README.md
@@ -0,0 +1,44 @@
+OpenShift Excluder
+================
+
+Manages the excluder packages which add yum and dnf exclusions ensuring that
+the packages we care about are not inadvertantly updated. See
+https://github.com/openshift/origin/tree/master/contrib/excluder
+
+Requirements
+------------
+openshift_facts
+
+
+Facts
+-----
+
+| Name | Default Value | Description |
+-----------------------------|---------------|----------------------------------------|
+| docker_excluder_enabled | none | Records the status of docker excluder |
+| openshift_excluder_enabled | none | Records the status of the openshift excluder |
+
+Role Variables
+--------------
+None
+
+Dependencies
+------------
+
+Example Playbook
+----------------
+
+
+TODO
+----
+It should be possible to manage the two excluders independently though that's not a hard requirement. However it should be done to manage docker on RHEL Containerized hosts.
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Scott Dodson (sdodson@redhat.com)
diff --git a/roles/openshift_excluder/meta/main.yml b/roles/openshift_excluder/meta/main.yml
new file mode 100644
index 000000000..8bca38e77
--- /dev/null
+++ b/roles/openshift_excluder/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Scott Dodson
+ description: OpenShift Examples
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.2
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- { role: openshift_facts }
diff --git a/roles/openshift_excluder/tasks/exclude.yml b/roles/openshift_excluder/tasks/exclude.yml
new file mode 100644
index 000000000..570183aef
--- /dev/null
+++ b/roles/openshift_excluder/tasks/exclude.yml
@@ -0,0 +1,11 @@
+---
+- include: install.yml
+ when: not openshift.common.is_containerized | bool
+
+- name: Enable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+ when: not openshift.common.is_containerized | bool
+
+- name: Enable excluder
+ command: "{{ openshift.common.service_type }}-excluder exclude"
+ when: not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml
new file mode 100644
index 000000000..ee4cb2c05
--- /dev/null
+++ b/roles/openshift_excluder/tasks/install.yml
@@ -0,0 +1,16 @@
+---
+- name: Install latest excluder
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: latest
+ when:
+ - openshift_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
+
+- name: Install latest docker excluder
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: latest
+ when:
+ - docker_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml
new file mode 100644
index 000000000..78a3d37cb
--- /dev/null
+++ b/roles/openshift_excluder/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+include: status.yml
diff --git a/roles/openshift_excluder/tasks/reset.yml b/roles/openshift_excluder/tasks/reset.yml
new file mode 100644
index 000000000..486a23fd0
--- /dev/null
+++ b/roles/openshift_excluder/tasks/reset.yml
@@ -0,0 +1,12 @@
+---
+- name: Enable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+ when:
+ - docker_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
+
+- name: Enable excluder
+ command: "{{ openshift.common.service_type }}-excluder exclude"
+ when:
+ - openshift_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/status.yml b/roles/openshift_excluder/tasks/status.yml
new file mode 100644
index 000000000..6ef4af22d
--- /dev/null
+++ b/roles/openshift_excluder/tasks/status.yml
@@ -0,0 +1,56 @@
+---
+# Latest versions of the excluders include a status function, old packages dont
+# So, if packages are installed, upgrade them to the latest so we get the status
+# If they're not installed when we should assume they're disabled
+
+- name: Determine if excluder packages are installed
+ rpm_q:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: present
+ register: openshift_excluder_installed
+ failed_when: false
+
+- name: Determine if docker packages are installed
+ rpm_q:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: present
+ register: docker_excluder_installed
+ failed_when: false
+
+- name: Update to latest excluder packages
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ when:
+ - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+
+- name: Update to the latest docker-excluder packages
+ package:
+ name: "{{ openshift.common.service_type }}-docker-excluder"
+ when:
+ - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+
+- name: Record excluder status
+ command: "{{ openshift.common.service_type }}-excluder"
+ register: excluder_status
+ when:
+ - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+ failed_when: false
+
+- name: Record docker excluder status
+ command: "{{ openshift.common.service_type }}-docker-excluder"
+ register: docker_excluder_status
+ when:
+ - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+ failed_when: false
+
+- name: Set excluder status facts
+ set_fact:
+ docker_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or docker_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+ openshift_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or openshift_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+
+- debug: var=docker_excluder_enabled
+- debug: var=openshift_excluder_enabled
diff --git a/roles/openshift_excluder/tasks/unexclude.yml b/roles/openshift_excluder/tasks/unexclude.yml
new file mode 100644
index 000000000..38f0759aa
--- /dev/null
+++ b/roles/openshift_excluder/tasks/unexclude.yml
@@ -0,0 +1,12 @@
+---
+- name: disable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder unexclude"
+ when:
+ - docker_excluder_enabled | bool
+ - not openshift.common.is_containerized | bool
+
+- name: disable excluder
+ command: "{{ openshift.common.service_type }}-excluder unexclude"
+ when:
+ - openshift_excluder_enabled | bool
+ - not openshift.common.is_containerized | bool
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 06:59:54 +0000