diff options
| author | ewolinetz <ewolinet@redhat.com> | 2017-02-27 15:55:01 -0600 |
|---|---|---|
| committer | ewolinetz <ewolinet@redhat.com> | 2017-02-28 12:46:15 -0600 |
| commit | 6a0c52a0642b1e962246633bf6bb8a0cde3930ba (patch) | |
| tree | dba6aa5663f86a784c8bc1038179400c67460654 /playbooks/common/openshift-cluster/upgrades | |
| parent | 29b5e97870bf3c24a433b906ea56c8a21b392e0a (diff) | |
| download | openshift-6a0c52a0642b1e962246633bf6bb8a0cde3930ba.tar.gz openshift-6a0c52a0642b1e962246633bf6bb8a0cde3930ba.tar.bz2 openshift-6a0c52a0642b1e962246633bf6bb8a0cde3930ba.tar.xz openshift-6a0c52a0642b1e962246633bf6bb8a0cde3930ba.zip | |
Adding changed_whens for role, rolebinding, and scc reconciliation based on output from oadm policy command
Diffstat (limited to 'playbooks/common/openshift-cluster/upgrades')
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index fd01a6625..08cc2cc42 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -173,7 +173,11 @@ - name: Reconcile Cluster Roles command: > {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig - policy reconcile-cluster-roles --additive-only=true --confirm + policy reconcile-cluster-roles --additive-only=true --confirm -o name + register: reconcile_cluster_role_result + changed_when: + - reconcile_cluster_role_result.stdout.length > 0 + - reconcile_cluster_role_result.rc == 0 run_once: true - name: Reconcile Cluster Role Bindings @@ -184,19 +188,31 @@ --exclude-groups=system:authenticated:oauth --exclude-groups=system:unauthenticated --exclude-users=system:anonymous - --additive-only=true --confirm + --additive-only=true --confirm -o name when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool + register: reconcile_bindings_result + changed_when: + - reconcile_bindings_result.stdout.length > 0 + - reconcile_bindings_result.rc == 0 run_once: true - name: Reconcile Jenkins Pipeline Role Bindings command: > - {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm + {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm -o name run_once: true + register: reconcile_jenkens_role_binding_result + changed_when: + - reconcile_jenkins_role_binding_result.stdout.length > 0 + - reconcile_jenkins_role_binding_result.rc == 0 when: openshift.common.version_gte_3_4_or_1_4 | bool - name: Reconcile Security Context Constraints command: > - {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true + {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true -o name + register: reconcile_scc_result + changed_when: + - reconcile_scc_result.stdout.length > 0 + - reconcile_scc_result.rc == 0 run_once: true - set_fact: |