summaryrefslogtreecommitdiffstats
path: root/roles/openshift_excluder
diff options
context:
space:
mode:
authorRussell Teague <rteague@redhat.com>2017-05-11 11:46:34 -0400
committerRussell Teague <rteague@redhat.com>2017-05-16 11:20:26 -0400
commitc5c222eddb0b8950995105c4c406f5a5d0bfbacd (patch)
tree7f5cd9c30afb7f8f9e0d78696de0813078fb9928 /roles/openshift_excluder
parent15fd42020a0b5fee665c45cd23b9ba3bd152251d (diff)
downloadopenshift-c5c222eddb0b8950995105c4c406f5a5d0bfbacd.tar.gz
openshift-c5c222eddb0b8950995105c4c406f5a5d0bfbacd.tar.bz2
openshift-c5c222eddb0b8950995105c4c406f5a5d0bfbacd.tar.xz
openshift-c5c222eddb0b8950995105c4c406f5a5d0bfbacd.zip
Rework openshift_excluders role
Diffstat (limited to 'roles/openshift_excluder')
-rw-r--r--roles/openshift_excluder/README.md65
-rw-r--r--roles/openshift_excluder/defaults/main.yml19
-rw-r--r--roles/openshift_excluder/meta/main.yml6
-rw-r--r--roles/openshift_excluder/tasks/disable.yml65
-rw-r--r--roles/openshift_excluder/tasks/enable.yml20
-rw-r--r--roles/openshift_excluder/tasks/exclude.yml42
-rw-r--r--roles/openshift_excluder/tasks/init.yml12
-rw-r--r--roles/openshift_excluder/tasks/install.yml29
-rw-r--r--roles/openshift_excluder/tasks/main.yml38
-rw-r--r--roles/openshift_excluder/tasks/unexclude.yml38
-rw-r--r--roles/openshift_excluder/tasks/verify_excluder.yml49
-rw-r--r--roles/openshift_excluder/tasks/verify_upgrade.yml19
12 files changed, 207 insertions, 195 deletions
diff --git a/roles/openshift_excluder/README.md b/roles/openshift_excluder/README.md
index df45c28bf..80cb88d45 100644
--- a/roles/openshift_excluder/README.md
+++ b/roles/openshift_excluder/README.md
@@ -1,50 +1,69 @@
OpenShift Excluder
-================
+==================
Manages the excluder packages which add yum and dnf exclusions ensuring that
-the packages we care about are not inadvertantly updated. See
+the packages we care about are not inadvertently updated. See
https://github.com/openshift/origin/tree/master/contrib/excluder
Requirements
------------
-openshift_facts
+None
-Facts
------
+Inventory Variables
+-------------------
-| Name | Default Value | Description |
------------------------------|---------------|----------------------------------------|
-| enable_docker_excluder | enable_excluders | Enable docker excluder. If not set, the docker excluder is ignored. |
-| enable_openshift_excluder | enable_excluders | Enable openshift excluder. If not set, the openshift excluder is ignored. |
-| enable_excluders | None | Enable all excluders
+| Name | Default Value | Description |
+---------------------------------------|----------------------------|----------------------------------------|
+| openshift_enable_excluders | True | Enable all excluders |
+| openshift_enable_docker_excluder | openshift_enable_excluders | Enable docker excluder. If not set, the docker excluder is ignored. |
+| openshift_enable_openshift_excluder | openshift_enable_excluders | Enable openshift excluder. If not set, the openshift excluder is ignored. |
Role Variables
--------------
-None
+
+| Name | Default | Choices | Description |
+|-------------------------------------------|---------|-----------------|---------------------------------------------------------------------------|
+| r_openshift_excluder_action | enable | enable, disable | Action to perform when calling this role |
+| r_openshift_excluder_verify_upgrade | false | true, false | When upgrading, this variable should be set to true when calling the role |
+| r_openshift_excluder_package_state | present | present, latest | Use 'latest' to upgrade openshift_excluder package |
+| r_openshift_excluder_docker_package_state | present | present, latest | Use 'latest' to upgrade docker_excluder package |
+| r_openshift_excluder_service_type | None | | (Required) Defined as openshift.common.service_type e.g. atomic-openshift |
+| r_openshift_excluder_upgrade_target | None | | Required when r_openshift_excluder_verify_upgrade is true, defined as openshift_upgrade_target by Upgrade playbooks e.g. '3.6'|
Dependencies
------------
-- openshift_facts
-- openshift_repos
-- lib_utils
-
-Tasks to include
-----------------
-
-- exclude: enable excluders
-- unexclude: disable excluders
-- install: install excluders (installation is followed by excluder enabling)
-- enable: enable excluders (install excluder(s) if not installed)
-- disabled: disable excluders (install excluder(s) if not installed)
+- lib_utils
Example Playbook
----------------
+```yaml
+- name: Demonstrate OpenShift Excluder usage
+ hosts: oo_masters_to_config:oo_nodes_to_config
+ roles:
+ # Disable all excluders
+ - role: openshift_excluder
+ r_openshift_excluder_action: disable
+ r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
+ # Enable all excluders
+ - role: openshift_excluder
+ r_openshift_excluder_action: enable
+ r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
+ # Disable all excluders and verify appropriate excluder packages are available for upgrade
+ - role: openshift_excluder
+ r_openshift_excluder_action: disable
+ r_openshift_excluder_service_type: "{{ openshift.common.service_type }}"
+ r_openshift_excluder_verify_upgrade: true
+ r_openshift_excluder_upgrade_target: "{{ openshift_upgrade_target }}"
+ r_openshift_excluder_package_state: latest
+ r_openshift_excluder_docker_package_state: latest
+```
TODO
----
+
It should be possible to manage the two excluders independently though that's not a hard requirement. However it should be done to manage docker on RHEL Containerized hosts.
License
diff --git a/roles/openshift_excluder/defaults/main.yml b/roles/openshift_excluder/defaults/main.yml
index 7c3ae2a86..d4f151142 100644
--- a/roles/openshift_excluder/defaults/main.yml
+++ b/roles/openshift_excluder/defaults/main.yml
@@ -1,6 +1,19 @@
---
# keep the 'current' package or update to 'latest' if available?
-openshift_excluder_package_state: present
-docker_excluder_package_state: present
+r_openshift_excluder_package_state: present
+r_openshift_excluder_docker_package_state: present
-enable_excluders: true
+# Legacy variables are included for backwards compatibility with v3.5
+# Inventory variables Legacy
+# openshift_enable_excluders enable_excluders
+# openshift_enable_openshift_excluder enable_openshift_excluder
+# openshift_enable_docker_excluder enable_docker_excluder
+r_openshift_excluder_enable_excluders: "{{ openshift_enable_excluders | default(enable_excluders) | default(true) }}"
+r_openshift_excluder_enable_openshift_excluder: "{{ openshift_enable_openshift_excluder | default(enable_openshift_excluder) | default(r_openshift_excluder_enable_excluders) }}"
+r_openshift_excluder_enable_docker_excluder: "{{ openshift_enable_docker_excluder | default(enable_docker_excluder) | default(r_openshift_excluder_enable_excluders) }}"
+
+# Default action when calling this role
+r_openshift_excluder_action: enable
+
+# When upgrading, this variable should be set to true when calling the role
+r_openshift_excluder_verify_upgrade: false
diff --git a/roles/openshift_excluder/meta/main.yml b/roles/openshift_excluder/meta/main.yml
index c6081cdb2..871081c19 100644
--- a/roles/openshift_excluder/meta/main.yml
+++ b/roles/openshift_excluder/meta/main.yml
@@ -1,7 +1,7 @@
---
galaxy_info:
author: Scott Dodson
- description: OpenShift Examples
+ description: OpenShift Excluder
company: Red Hat, Inc.
license: Apache License, Version 2.0
min_ansible_version: 2.2
@@ -12,6 +12,4 @@ galaxy_info:
categories:
- cloud
dependencies:
-- { role: openshift_facts }
-- { role: openshift_repos }
-- { role: lib_utils }
+- role: lib_utils
diff --git a/roles/openshift_excluder/tasks/disable.yml b/roles/openshift_excluder/tasks/disable.yml
index 97044fff6..8d5a08874 100644
--- a/roles/openshift_excluder/tasks/disable.yml
+++ b/roles/openshift_excluder/tasks/disable.yml
@@ -1,47 +1,38 @@
---
-# input variables
-# - excluder_package_state
-# - docker_excluder_package_state
-- include: init.yml
+- when: r_openshift_excluder_verify_upgrade
+ block:
+ - name: Include verify_upgrade.yml when upgrading
+ include: verify_upgrade.yml
# unexclude the current openshift/origin-excluder if it is installed so it can be updated
-- include: unexclude.yml
+- name: Disable OpenShift excluder so it can be updated
+ include: unexclude.yml
vars:
unexclude_docker_excluder: false
- unexclude_openshift_excluder: "{{ openshift_excluder_on | bool }}"
- when:
- - not openshift.common.is_atomic | bool
+ unexclude_openshift_excluder: "{{ r_openshift_excluder_enable_openshift_excluder }}"
# Install any excluder that is enabled
-- include: install.yml
- vars:
- # Both docker_excluder_on and openshift_excluder_on are set in openshift_excluder->init task
- install_docker_excluder: "{{ docker_excluder_on | bool }}"
- install_openshift_excluder: "{{ openshift_excluder_on | bool }}"
- when: docker_excluder_on or openshift_excluder_on
-
- # if the docker excluder is not enabled, we don't care about its status
- # it the docker excluder is enabled, we install it and in case its status is non-zero
- # it is enabled no matter what
+- name: Include install.yml
+ include: install.yml
# And finally adjust an excluder in order to update host components correctly. First
# exclude then unexclude
-- block:
- - include: exclude.yml
- vars:
- # Enable the docker excluder only if it is overrided
- # BZ #1430612: docker excluders should be enabled even during installation and upgrade
- exclude_docker_excluder: "{{ docker_excluder_on | bool }}"
- # excluder is to be disabled by default
- exclude_openshift_excluder: false
- # All excluders that are to be disabled are disabled
- - include: unexclude.yml
- vars:
- # If the docker override is not set, default to the generic behaviour
- # BZ #1430612: docker excluders should be enabled even during installation and upgrade
- unexclude_docker_excluder: false
- # disable openshift excluder is never overrided to be enabled
- # disable it if the docker excluder is enabled
- unexclude_openshift_excluder: "{{ openshift_excluder_on | bool }}"
- when:
- - not openshift.common.is_atomic | bool
+- name: Include exclude.yml
+ include: exclude.yml
+ vars:
+ # Enable the docker excluder only if it is overridden
+ # BZ #1430612: docker excluders should be enabled even during installation and upgrade
+ exclude_docker_excluder: "{{ r_openshift_excluder_enable_docker_excluder }}"
+ # excluder is to be disabled by default
+ exclude_openshift_excluder: false
+
+# All excluders that are to be disabled are disabled
+- name: Include unexclude.yml
+ include: unexclude.yml
+ vars:
+ # If the docker override is not set, default to the generic behaviour
+ # BZ #1430612: docker excluders should be enabled even during installation and upgrade
+ unexclude_docker_excluder: false
+ # disable openshift excluder is never overridden to be enabled
+ # disable it if the docker excluder is enabled
+ unexclude_openshift_excluder: "{{ r_openshift_excluder_enable_openshift_excluder }}"
diff --git a/roles/openshift_excluder/tasks/enable.yml b/roles/openshift_excluder/tasks/enable.yml
index e719325bc..fce44cfb5 100644
--- a/roles/openshift_excluder/tasks/enable.yml
+++ b/roles/openshift_excluder/tasks/enable.yml
@@ -1,18 +1,6 @@
---
-# input variables:
-- block:
- - include: init.yml
+- name: Install excluders
+ include: install.yml
- - include: install.yml
- vars:
- install_docker_excluder: "{{ docker_excluder_on | bool }}"
- install_openshift_excluder: "{{ openshift_excluder_on | bool }}"
- when: docker_excluder_on or openshift_excluder_on | bool
-
- - include: exclude.yml
- vars:
- exclude_docker_excluder: "{{ docker_excluder_on | bool }}"
- exclude_openshift_excluder: "{{ openshift_excluder_on | bool }}"
-
- when:
- - not openshift.common.is_atomic | bool
+- name: Enable excluders
+ include: exclude.yml
diff --git a/roles/openshift_excluder/tasks/exclude.yml b/roles/openshift_excluder/tasks/exclude.yml
index ca18d343f..934f1b2d2 100644
--- a/roles/openshift_excluder/tasks/exclude.yml
+++ b/roles/openshift_excluder/tasks/exclude.yml
@@ -1,30 +1,22 @@
---
-# input variables:
-# - exclude_docker_excluder
-# - exclude_openshift_excluder
-- block:
+- name: Check for docker-excluder
+ stat:
+ path: /sbin/{{ r_openshift_excluder_service_type }}-docker-excluder
+ register: docker_excluder_stat
- - name: Check for docker-excluder
- stat:
- path: /sbin/{{ openshift.common.service_type }}-docker-excluder
- register: docker_excluder_stat
- - name: Enable docker excluder
- command: "{{ openshift.common.service_type }}-docker-excluder exclude"
- when:
- - exclude_docker_excluder | default(false) | bool
- - docker_excluder_stat.stat.exists
+- name: Enable docker excluder
+ command: "{{ r_openshift_excluder_service_type }}-docker-excluder exclude"
+ when:
+ - r_openshift_excluder_enable_docker_excluder | bool
+ - docker_excluder_stat.stat.exists
- - name: Check for openshift excluder
- stat:
- path: /sbin/{{ openshift.common.service_type }}-excluder
- register: openshift_excluder_stat
- - name: Enable openshift excluder
- command: "{{ openshift.common.service_type }}-excluder exclude"
- # if the openshift override is set, it means the openshift excluder is disabled no matter what
- # if the openshift override is not set, the excluder is set based on enable_openshift_excluder
- when:
- - exclude_openshift_excluder | default(false) | bool
- - openshift_excluder_stat.stat.exists
+- name: Check for openshift excluder
+ stat:
+ path: /sbin/{{ r_openshift_excluder_service_type }}-excluder
+ register: openshift_excluder_stat
+- name: Enable openshift excluder
+ command: "{{ r_openshift_excluder_service_type }}-excluder exclude"
when:
- - not openshift.common.is_atomic | bool
+ - r_openshift_excluder_enable_openshift_excluder | bool
+ - openshift_excluder_stat.stat.exists
diff --git a/roles/openshift_excluder/tasks/init.yml b/roles/openshift_excluder/tasks/init.yml
deleted file mode 100644
index 1ea18f363..000000000
--- a/roles/openshift_excluder/tasks/init.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-- name: Evalute if docker excluder is to be enabled
- set_fact:
- docker_excluder_on: "{{ enable_docker_excluder | default(enable_excluders) | bool }}"
-
-- debug: var=docker_excluder_on
-
-- name: Evalute if openshift excluder is to be enabled
- set_fact:
- openshift_excluder_on: "{{ enable_openshift_excluder | default(enable_excluders) | bool }}"
-
-- debug: var=openshift_excluder_on
diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml
index 3490a613e..d09358bee 100644
--- a/roles/openshift_excluder/tasks/install.yml
+++ b/roles/openshift_excluder/tasks/install.yml
@@ -1,21 +1,14 @@
---
-# input Variables
-# - install_docker_excluder
-# - install_openshift_excluder
-- block:
-
- - name: Install docker excluder
- package:
- name: "{{ openshift.common.service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}"
- state: "{{ docker_excluder_package_state }}"
- when:
- - install_docker_excluder | default(true) | bool
+- name: Install docker excluder
+ package:
+ name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}"
+ state: "{{ r_openshift_excluder_docker_package_state }}"
+ when:
+ - r_openshift_excluder_enable_docker_excluder | bool
- - name: Install openshift excluder
- package:
- name: "{{ openshift.common.service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}"
- state: "{{ openshift_excluder_package_state }}"
- when:
- - install_openshift_excluder | default(true) | bool
+- name: Install openshift excluder
+ package:
+ name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}"
+ state: "{{ r_openshift_excluder_package_state }}"
when:
- - not openshift.common.is_atomic | bool
+ - r_openshift_excluder_enable_openshift_excluder | bool
diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml
new file mode 100644
index 000000000..db20b4012
--- /dev/null
+++ b/roles/openshift_excluder/tasks/main.yml
@@ -0,0 +1,38 @@
+---
+- name: Detecting Atomic Host Operating System
+ stat:
+ path: /run/ostree-booted
+ register: ostree_booted
+
+- block:
+
+ - name: Debug r_openshift_excluder_enable_docker_excluder
+ debug:
+ var: r_openshift_excluder_enable_docker_excluder
+
+ - name: Debug r_openshift_excluder_enable_openshift_excluder
+ debug:
+ var: r_openshift_excluder_enable_openshift_excluder
+
+ - name: Fail if invalid openshift_excluder_action provided
+ fail:
+ msg: "openshift_excluder role can only be called with 'enable' or 'disable'"
+ when: r_openshift_excluder_action not in ['enable', 'disable']
+
+ - name: Fail if r_openshift_excluder_service_type is not defined
+ fail:
+ msg: "r_openshift_excluder_service_type must be specified for this role"
+ when: r_openshift_excluder_service_type is not defined
+
+ - name: Fail if r_openshift_excluder_upgrade_target is not defined
+ fail:
+ msg: "r_openshift_excluder_upgrade_target must be provided when using this role for upgrades"
+ when:
+ - r_openshift_excluder_verify_upgrade | bool
+ - r_openshift_excluder_upgrade_target is not defined
+
+ - name: Include main action task file
+ include: "{{ r_openshift_excluder_action }}.yml"
+
+ when:
+ - not ostree_booted.stat.exists | bool
diff --git a/roles/openshift_excluder/tasks/unexclude.yml b/roles/openshift_excluder/tasks/unexclude.yml
index 4df7f14b4..a5ce8d5c7 100644
--- a/roles/openshift_excluder/tasks/unexclude.yml
+++ b/roles/openshift_excluder/tasks/unexclude.yml
@@ -2,27 +2,25 @@
# input variables:
# - unexclude_docker_excluder
# - unexclude_openshift_excluder
-- block:
- - name: Check for docker-excluder
- stat:
- path: /sbin/{{ openshift.common.service_type }}-docker-excluder
- register: docker_excluder_stat
- - name: disable docker excluder
- command: "{{ openshift.common.service_type }}-docker-excluder unexclude"
- when:
- - unexclude_docker_excluder | default(false) | bool
- - docker_excluder_stat.stat.exists
+- name: Check for docker-excluder
+ stat:
+ path: /sbin/{{ r_openshift_excluder_service_type }}-docker-excluder
+ register: docker_excluder_stat
- - name: Check for openshift excluder
- stat:
- path: /sbin/{{ openshift.common.service_type }}-excluder
- register: openshift_excluder_stat
- - name: disable openshift excluder
- command: "{{ openshift.common.service_type }}-excluder unexclude"
- when:
- - unexclude_openshift_excluder | default(false) | bool
- - openshift_excluder_stat.stat.exists
+- name: disable docker excluder
+ command: "{{ r_openshift_excluder_service_type }}-docker-excluder unexclude"
+ when:
+ - unexclude_docker_excluder | default(false) | bool
+ - docker_excluder_stat.stat.exists
+
+- name: Check for openshift excluder
+ stat:
+ path: /sbin/{{ r_openshift_excluder_service_type }}-excluder
+ register: openshift_excluder_stat
+- name: disable openshift excluder
+ command: "{{ r_openshift_excluder_service_type }}-excluder unexclude"
when:
- - not openshift.common.is_atomic | bool
+ - unexclude_openshift_excluder | default(false) | bool
+ - openshift_excluder_stat.stat.exists
diff --git a/roles/openshift_excluder/tasks/verify_excluder.yml b/roles/openshift_excluder/tasks/verify_excluder.yml
index aebdb8c58..c35639c1b 100644
--- a/roles/openshift_excluder/tasks/verify_excluder.yml
+++ b/roles/openshift_excluder/tasks/verify_excluder.yml
@@ -1,35 +1,32 @@
---
# input variables:
-# - repoquery_cmd
# - excluder
-# - openshift_upgrade_target
-- block:
- - name: Get available excluder version
- repoquery:
- name: "{{ excluder }}"
- ignore_excluders: true
- register: excluder_out
+- name: Get available excluder version
+ repoquery:
+ name: "{{ excluder }}"
+ ignore_excluders: true
+ register: repoquery_out
- - fail:
- msg: "Package {{ excluder }} not found"
- when: not excluder_out.results.package_found
+- name: Fail when excluder package is not found
+ fail:
+ msg: "Package {{ excluder }} not found"
+ when: not repoquery_out.results.package_found
- - set_fact:
- excluder_version: "{{ excluder_out.results.versions.available_versions.0 }}"
+- name: Set fact excluder_version
+ set_fact:
+ excluder_version: "{{ repoquery_out.results.versions.available_versions.0 }}"
- - name: "{{ excluder }} version detected"
- debug:
- msg: "{{ excluder }}: {{ excluder_version }}"
+- name: "{{ excluder }} version detected"
+ debug:
+ msg: "{{ excluder }}: {{ excluder_version }}"
- - name: Printing upgrade target version
- debug:
- msg: "{{ openshift_upgrade_target }}"
+- name: Printing upgrade target version
+ debug:
+ msg: "{{ r_openshift_excluder_upgrade_target }}"
- - name: Check the available {{ excluder }} version is at most of the upgrade target version
- fail:
- msg: "Available {{ excluder }} version {{ excluder_version }} is higher than the upgrade target version"
- when:
- - "{{ excluder_version != '' }}"
- - "{{ excluder_version.split('.')[0:2] | join('.') | version_compare(openshift_upgrade_target.split('.')[0:2] | join('.'), '>', strict=True) }}"
+- name: Check the available {{ excluder }} version is at most of the upgrade target version
+ fail:
+ msg: "Available {{ excluder }} version {{ excluder_version }} is higher than the upgrade target version"
when:
- - not openshift.common.is_atomic | bool
+ - excluder_version != ''
+ - excluder_version.split('.')[0:2] | join('.') | version_compare(r_openshift_excluder_upgrade_target.split('.')[0:2] | join('.'), '>', strict=True)
diff --git a/roles/openshift_excluder/tasks/verify_upgrade.yml b/roles/openshift_excluder/tasks/verify_upgrade.yml
index 6ea2130ac..42026664a 100644
--- a/roles/openshift_excluder/tasks/verify_upgrade.yml
+++ b/roles/openshift_excluder/tasks/verify_upgrade.yml
@@ -1,15 +1,12 @@
---
-# input variables
-# - repoquery_cmd
-# - openshift_upgrade_target
-- include: init.yml
-
-- include: verify_excluder.yml
+- name: Verify Docker Excluder version
+ include: verify_excluder.yml
vars:
- excluder: "{{ openshift.common.service_type }}-docker-excluder"
- when: docker_excluder_on
+ excluder: "{{ r_openshift_excluder_service_type }}-docker-excluder"
+ when: r_openshift_excluder_enable_docker_excluder | bool
-- include: verify_excluder.yml
+- name: Verify OpenShift Excluder version
+ include: verify_excluder.yml
vars:
- excluder: "{{ openshift.common.service_type }}-excluder"
- when: openshift_excluder_on
+ excluder: "{{ r_openshift_excluder_service_type }}-excluder"
+ when: r_openshift_excluder_enable_openshift_excluder | bool