From 0db7598e374351a0380f5ba747c07f6aa82c912e Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 6 Feb 2017 13:34:14 -0500
Subject: Add openshift_excluder role
- install -- installs excluders, which enables them too
- exclude -- enables the excludes
- unexclude -- disables the excludes
- status -- sets facts based on status, included in main.yml
- reset -- sets excluders back to original state based on recorded facts
---
roles/openshift_excluder/README.md | 44 ++++++++++++++++++++++
roles/openshift_excluder/meta/main.yml | 15 ++++++++
roles/openshift_excluder/tasks/exclude.yml | 11 ++++++
roles/openshift_excluder/tasks/install.yml | 16 ++++++++
roles/openshift_excluder/tasks/main.yml | 2 +
roles/openshift_excluder/tasks/reset.yml | 12 ++++++
roles/openshift_excluder/tasks/status.yml | 56 ++++++++++++++++++++++++++++
roles/openshift_excluder/tasks/unexclude.yml | 12 ++++++
8 files changed, 168 insertions(+)
create mode 100644 roles/openshift_excluder/README.md
create mode 100644 roles/openshift_excluder/meta/main.yml
create mode 100644 roles/openshift_excluder/tasks/exclude.yml
create mode 100644 roles/openshift_excluder/tasks/install.yml
create mode 100644 roles/openshift_excluder/tasks/main.yml
create mode 100644 roles/openshift_excluder/tasks/reset.yml
create mode 100644 roles/openshift_excluder/tasks/status.yml
create mode 100644 roles/openshift_excluder/tasks/unexclude.yml
diff --git a/roles/openshift_excluder/README.md b/roles/openshift_excluder/README.md
new file mode 100644
index 000000000..6c90b4e96
--- /dev/null
+++ b/roles/openshift_excluder/README.md
@@ -0,0 +1,44 @@
+OpenShift Excluder
+================
+
+Manages the excluder packages which add yum and dnf exclusions ensuring that
+the packages we care about are not inadvertantly updated. See
+https://github.com/openshift/origin/tree/master/contrib/excluder
+
+Requirements
+------------
+openshift_facts
+
+
+Facts
+-----
+
+| Name | Default Value | Description |
+-----------------------------|---------------|----------------------------------------|
+| docker_excluder_enabled | none | Records the status of docker excluder |
+| openshift_excluder_enabled | none | Records the status of the openshift excluder |
+
+Role Variables
+--------------
+None
+
+Dependencies
+------------
+
+Example Playbook
+----------------
+
+
+TODO
+----
+It should be possible to manage the two excluders independently though that's not a hard requirement. However it should be done to manage docker on RHEL Containerized hosts.
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Scott Dodson (sdodson@redhat.com)
diff --git a/roles/openshift_excluder/meta/main.yml b/roles/openshift_excluder/meta/main.yml
new file mode 100644
index 000000000..8bca38e77
--- /dev/null
+++ b/roles/openshift_excluder/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Scott Dodson
+ description: OpenShift Examples
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.2
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- { role: openshift_facts }
diff --git a/roles/openshift_excluder/tasks/exclude.yml b/roles/openshift_excluder/tasks/exclude.yml
new file mode 100644
index 000000000..570183aef
--- /dev/null
+++ b/roles/openshift_excluder/tasks/exclude.yml
@@ -0,0 +1,11 @@
+---
+- include: install.yml
+ when: not openshift.common.is_containerized | bool
+
+- name: Enable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+ when: not openshift.common.is_containerized | bool
+
+- name: Enable excluder
+ command: "{{ openshift.common.service_type }}-excluder exclude"
+ when: not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml
new file mode 100644
index 000000000..ee4cb2c05
--- /dev/null
+++ b/roles/openshift_excluder/tasks/install.yml
@@ -0,0 +1,16 @@
+---
+- name: Install latest excluder
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: latest
+ when:
+ - openshift_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
+
+- name: Install latest docker excluder
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: latest
+ when:
+ - docker_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml
new file mode 100644
index 000000000..78a3d37cb
--- /dev/null
+++ b/roles/openshift_excluder/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+include: status.yml
diff --git a/roles/openshift_excluder/tasks/reset.yml b/roles/openshift_excluder/tasks/reset.yml
new file mode 100644
index 000000000..486a23fd0
--- /dev/null
+++ b/roles/openshift_excluder/tasks/reset.yml
@@ -0,0 +1,12 @@
+---
+- name: Enable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+ when:
+ - docker_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
+
+- name: Enable excluder
+ command: "{{ openshift.common.service_type }}-excluder exclude"
+ when:
+ - openshift_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/status.yml b/roles/openshift_excluder/tasks/status.yml
new file mode 100644
index 000000000..6ef4af22d
--- /dev/null
+++ b/roles/openshift_excluder/tasks/status.yml
@@ -0,0 +1,56 @@
+---
+# Latest versions of the excluders include a status function, old packages dont
+# So, if packages are installed, upgrade them to the latest so we get the status
+# If they're not installed when we should assume they're disabled
+
+- name: Determine if excluder packages are installed
+ rpm_q:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: present
+ register: openshift_excluder_installed
+ failed_when: false
+
+- name: Determine if docker packages are installed
+ rpm_q:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: present
+ register: docker_excluder_installed
+ failed_when: false
+
+- name: Update to latest excluder packages
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ when:
+ - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+
+- name: Update to the latest docker-excluder packages
+ package:
+ name: "{{ openshift.common.service_type }}-docker-excluder"
+ when:
+ - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+
+- name: Record excluder status
+ command: "{{ openshift.common.service_type }}-excluder"
+ register: excluder_status
+ when:
+ - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+ failed_when: false
+
+- name: Record docker excluder status
+ command: "{{ openshift.common.service_type }}-docker-excluder"
+ register: docker_excluder_status
+ when:
+ - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+ failed_when: false
+
+- name: Set excluder status facts
+ set_fact:
+ docker_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or docker_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+ openshift_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or openshift_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+
+- debug: var=docker_excluder_enabled
+- debug: var=openshift_excluder_enabled
diff --git a/roles/openshift_excluder/tasks/unexclude.yml b/roles/openshift_excluder/tasks/unexclude.yml
new file mode 100644
index 000000000..38f0759aa
--- /dev/null
+++ b/roles/openshift_excluder/tasks/unexclude.yml
@@ -0,0 +1,12 @@
+---
+- name: disable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder unexclude"
+ when:
+ - docker_excluder_enabled | bool
+ - not openshift.common.is_containerized | bool
+
+- name: disable excluder
+ command: "{{ openshift.common.service_type }}-excluder unexclude"
+ when:
+ - openshift_excluder_enabled | bool
+ - not openshift.common.is_containerized | bool
--
cgit v1.2.3
From 4aebe739fb18fc150c00e6fdacfabee909fbbb24 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 6 Feb 2017 13:36:11 -0500
Subject: Add excluder management to upgrade and config playbooks
---
playbooks/common/openshift-cluster/config.yml | 4 ++++
playbooks/common/openshift-cluster/disable_excluder.yml | 11 +++++++++++
playbooks/common/openshift-cluster/reset_excluder.yml | 8 ++++++++
playbooks/common/openshift-cluster/upgrades/init.yml | 2 ++
.../common/openshift-cluster/upgrades/post_control_plane.yml | 4 ++++
playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml | 4 ++++
6 files changed, 33 insertions(+)
create mode 100644 playbooks/common/openshift-cluster/disable_excluder.yml
create mode 100644 playbooks/common/openshift-cluster/reset_excluder.yml
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index a0ba735ab..113b401f9 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -26,6 +26,10 @@
openshift_docker_selinux_enabled: "{{ lookup('oo_option', 'docker_selinux_enabled') }}"
when: openshift_docker_selinux_enabled is not defined
+- include: disable_excluder.yml
+ tags:
+ - always
+
- include: ../openshift-etcd/config.yml
tags:
- etcd
diff --git a/playbooks/common/openshift-cluster/disable_excluder.yml b/playbooks/common/openshift-cluster/disable_excluder.yml
new file mode 100644
index 000000000..eb146bab8
--- /dev/null
+++ b/playbooks/common/openshift-cluster/disable_excluder.yml
@@ -0,0 +1,11 @@
+---
+- name: Record excluder state and disable
+ hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_role:
+ name: openshift_excluder
+ tasks_from: status
+ - include_role:
+ name: openshift_excluder
+ tasks_from: unexclude
diff --git a/playbooks/common/openshift-cluster/reset_excluder.yml b/playbooks/common/openshift-cluster/reset_excluder.yml
new file mode 100644
index 000000000..fe86f4c23
--- /dev/null
+++ b/playbooks/common/openshift-cluster/reset_excluder.yml
@@ -0,0 +1,8 @@
+---
+- name: Re-enable excluder if it was previously enabled
+ hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_role:
+ name: openshift_excluder
+ tasks_from: reset
diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml
index a3b8c489e..d2c8b1d20 100644
--- a/playbooks/common/openshift-cluster/upgrades/init.yml
+++ b/playbooks/common/openshift-cluster/upgrades/init.yml
@@ -55,6 +55,8 @@
- include: ../initialize_facts.yml
+- include: ../disable_excluder.yml
+
- name: Ensure clean repo cache in the event repos have been changed manually
hosts: oo_all_hosts
tags:
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
index 2bbcbe1f8..9f700423b 100644
--- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
@@ -74,3 +74,7 @@
- name: Warn if pluginOrderOverride is in use in master-config.yaml
debug: msg="WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information."
when: not grep_plugin_order_override | skipped and grep_plugin_order_override.rc == 0
+
+- include: ../reset_excluder.yml
+ tags:
+ - always
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index 59188c570..e45b635f7 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -51,3 +51,7 @@
until: node_sched.rc == 0
retries: 3
delay: 1
+
+- include: ../reset_excluder.yml
+ tags:
+ - always
--
cgit v1.2.3
From e27514ac435b13c7c507c0fcd73c1135547d37ca Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Mon, 6 Feb 2017 14:22:23 -0500
Subject: Move excluder disablement into control plane and node upgrade
playbooks
So that excluder is disabled and reset within the scope of each of those
in addition to the overall playbook
---
playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml | 4 ++++
.../byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml | 4 ++++
playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml | 4 ++++
playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml | 4 ++++
.../byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml | 4 ++++
playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml | 4 ++++
playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml | 4 ++++
.../byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml | 4 ++++
playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml | 4 ++++
playbooks/common/openshift-cluster/upgrades/init.yml | 2 --
10 files changed, 36 insertions(+), 2 deletions(-)
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
index bb08ca837..b1510e062 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
@@ -46,6 +46,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml
index 907196d8f..d791e89f6 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml
@@ -51,6 +51,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml
index 5e28072da..f0b2a2c75 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml
@@ -47,6 +47,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml
index 6b69348b7..82a1d0935 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml
@@ -46,6 +46,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml
index 25b669f86..d1c2bd17a 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml
@@ -51,6 +51,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml
index 9868cb5b4..f6e66c477 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml
@@ -47,6 +47,10 @@
tags:
- pre_upgrade
+- include: ../disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml
index bef15eaab..e55ab1b16 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml
@@ -46,6 +46,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml
index dd88dde5f..e18b4280c 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml
@@ -51,6 +51,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml
index 931a1bcd7..259be6f8e 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml
@@ -47,6 +47,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml
index d2c8b1d20..a3b8c489e 100644
--- a/playbooks/common/openshift-cluster/upgrades/init.yml
+++ b/playbooks/common/openshift-cluster/upgrades/init.yml
@@ -55,8 +55,6 @@
- include: ../initialize_facts.yml
-- include: ../disable_excluder.yml
-
- name: Ensure clean repo cache in the event repos have been changed manually
hosts: oo_all_hosts
tags:
--
cgit v1.2.3