diff options
author | Russell Teague <rteague@redhat.com> | 2017-05-11 11:46:34 -0400 |
---|---|---|
committer | Russell Teague <rteague@redhat.com> | 2017-05-16 11:20:26 -0400 |
commit | c5c222eddb0b8950995105c4c406f5a5d0bfbacd (patch) | |
tree | 7f5cd9c30afb7f8f9e0d78696de0813078fb9928 /roles/openshift_excluder | |
parent | 15fd42020a0b5fee665c45cd23b9ba3bd152251d (diff) | |
download | openshift-c5c222eddb0b8950995105c4c406f5a5d0bfbacd.tar.gz openshift-c5c222eddb0b8950995105c4c406f5a5d0bfbacd.tar.bz2 openshift-c5c222eddb0b8950995105c4c406f5a5d0bfbacd.tar.xz openshift-c5c222eddb0b8950995105c4c406f5a5d0bfbacd.zip |
Rework openshift_excluders role
Diffstat (limited to 'roles/openshift_excluder')
-rw-r--r-- | roles/openshift_excluder/README.md | 65 | ||||
-rw-r--r-- | roles/openshift_excluder/defaults/main.yml | 19 | ||||
-rw-r--r-- | roles/openshift_excluder/meta/main.yml | 6 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/disable.yml | 65 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/enable.yml | 20 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/exclude.yml | 42 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/init.yml | 12 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/install.yml | 29 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/main.yml | 38 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/unexclude.yml | 38 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/verify_excluder.yml | 49 | ||||
-rw-r--r-- | roles/openshift_excluder/tasks/verify_upgrade.yml | 19 |
12 files changed, 207 insertions, 195 deletions
diff --git a/roles/openshift_excluder/README.md b/roles/openshift_excluder/README.md index df45c28bf..80cb88d45 100644 --- a/roles/openshift_excluder/README.md +++ b/roles/openshift_excluder/README.md @@ -1,50 +1,69 @@ OpenShift Excluder -================ +================== Manages the excluder packages which add yum and dnf exclusions ensuring that -the packages we care about are not inadvertantly updated. See +the packages we care about are not inadvertently updated. See https://github.com/openshift/origin/tree/master/contrib/excluder Requirements ------------ -openshift_facts +None -Facts ------ +Inventory Variables +------------------- -| Name | Default Value | Description | ------------------------------|---------------|----------------------------------------| -| enable_docker_excluder | enable_excluders | Enable docker excluder. If not set, the docker excluder is ignored. | -| enable_openshift_excluder | enable_excluders | Enable openshift excluder. If not set, the openshift excluder is ignored. | -| enable_excluders | None | Enable all excluders +| Name | Default Value | Description | +---------------------------------------|----------------------------|----------------------------------------| +| openshift_enable_excluders | True | Enable all excluders | +| openshift_enable_docker_excluder | openshift_enable_excluders | Enable docker excluder. If not set, the docker excluder is ignored. | +| openshift_enable_openshift_excluder | openshift_enable_excluders | Enable openshift excluder. If not set, the openshift excluder is ignored. | Role Variables -------------- -None + +| Name | Default | Choices | Description | +|-------------------------------------------|---------|-----------------|---------------------------------------------------------------------------| +| r_openshift_excluder_action | enable | enable, disable | Action to perform when calling this role | +| r_openshift_excluder_verify_upgrade | false | true, false | When upgrading, this variable should be set to true when calling the role | +| r_openshift_excluder_package_state | present | present, latest | Use 'latest' to upgrade openshift_excluder package | +| r_openshift_excluder_docker_package_state | present | present, latest | Use 'latest' to upgrade docker_excluder package | +| r_openshift_excluder_service_type | None | | (Required) Defined as openshift.common.service_type e.g. atomic-openshift | +| r_openshift_excluder_upgrade_target | None | | Required when r_openshift_excluder_verify_upgrade is true, defined as openshift_upgrade_target by Upgrade playbooks e.g. '3.6'| Dependencies ------------ -- openshift_facts -- openshift_repos -- lib_utils - -Tasks to include ----------------- - -- exclude: enable excluders -- unexclude: disable excluders -- install: install excluders (installation is followed by excluder enabling) -- enable: enable excluders (install excluder(s) if not installed) -- disabled: disable excluders (install excluder(s) if not installed) +- lib_utils Example Playbook ---------------- +```yaml +- name: Demonstrate OpenShift Excluder usage + hosts: oo_masters_to_config:oo_nodes_to_config + roles: + # Disable all excluders + - role: openshift_excluder + r_openshift_excluder_action: disable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + # Enable all excluders + - role: openshift_excluder + r_openshift_excluder_action: enable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + # Disable all excluders and verify appropriate excluder packages are available for upgrade + - role: openshift_excluder + r_openshift_excluder_action: disable + r_openshift_excluder_service_type: "{{ openshift.common.service_type }}" + r_openshift_excluder_verify_upgrade: true + r_openshift_excluder_upgrade_target: "{{ openshift_upgrade_target }}" + r_openshift_excluder_package_state: latest + r_openshift_excluder_docker_package_state: latest +``` TODO ---- + It should be possible to manage the two excluders independently though that's not a hard requirement. However it should be done to manage docker on RHEL Containerized hosts. License diff --git a/roles/openshift_excluder/defaults/main.yml b/roles/openshift_excluder/defaults/main.yml index 7c3ae2a86..d4f151142 100644 --- a/roles/openshift_excluder/defaults/main.yml +++ b/roles/openshift_excluder/defaults/main.yml @@ -1,6 +1,19 @@ --- # keep the 'current' package or update to 'latest' if available? -openshift_excluder_package_state: present -docker_excluder_package_state: present +r_openshift_excluder_package_state: present +r_openshift_excluder_docker_package_state: present -enable_excluders: true +# Legacy variables are included for backwards compatibility with v3.5 +# Inventory variables Legacy +# openshift_enable_excluders enable_excluders +# openshift_enable_openshift_excluder enable_openshift_excluder +# openshift_enable_docker_excluder enable_docker_excluder +r_openshift_excluder_enable_excluders: "{{ openshift_enable_excluders | default(enable_excluders) | default(true) }}" +r_openshift_excluder_enable_openshift_excluder: "{{ openshift_enable_openshift_excluder | default(enable_openshift_excluder) | default(r_openshift_excluder_enable_excluders) }}" +r_openshift_excluder_enable_docker_excluder: "{{ openshift_enable_docker_excluder | default(enable_docker_excluder) | default(r_openshift_excluder_enable_excluders) }}" + +# Default action when calling this role +r_openshift_excluder_action: enable + +# When upgrading, this variable should be set to true when calling the role +r_openshift_excluder_verify_upgrade: false diff --git a/roles/openshift_excluder/meta/main.yml b/roles/openshift_excluder/meta/main.yml index c6081cdb2..871081c19 100644 --- a/roles/openshift_excluder/meta/main.yml +++ b/roles/openshift_excluder/meta/main.yml @@ -1,7 +1,7 @@ --- galaxy_info: author: Scott Dodson - description: OpenShift Examples + description: OpenShift Excluder company: Red Hat, Inc. license: Apache License, Version 2.0 min_ansible_version: 2.2 @@ -12,6 +12,4 @@ galaxy_info: categories: - cloud dependencies: -- { role: openshift_facts } -- { role: openshift_repos } -- { role: lib_utils } +- role: lib_utils diff --git a/roles/openshift_excluder/tasks/disable.yml b/roles/openshift_excluder/tasks/disable.yml index 97044fff6..8d5a08874 100644 --- a/roles/openshift_excluder/tasks/disable.yml +++ b/roles/openshift_excluder/tasks/disable.yml @@ -1,47 +1,38 @@ --- -# input variables -# - excluder_package_state -# - docker_excluder_package_state -- include: init.yml +- when: r_openshift_excluder_verify_upgrade + block: + - name: Include verify_upgrade.yml when upgrading + include: verify_upgrade.yml # unexclude the current openshift/origin-excluder if it is installed so it can be updated -- include: unexclude.yml +- name: Disable OpenShift excluder so it can be updated + include: unexclude.yml vars: unexclude_docker_excluder: false - unexclude_openshift_excluder: "{{ openshift_excluder_on | bool }}" - when: - - not openshift.common.is_atomic | bool + unexclude_openshift_excluder: "{{ r_openshift_excluder_enable_openshift_excluder }}" # Install any excluder that is enabled -- include: install.yml - vars: - # Both docker_excluder_on and openshift_excluder_on are set in openshift_excluder->init task - install_docker_excluder: "{{ docker_excluder_on | bool }}" - install_openshift_excluder: "{{ openshift_excluder_on | bool }}" - when: docker_excluder_on or openshift_excluder_on - - # if the docker excluder is not enabled, we don't care about its status - # it the docker excluder is enabled, we install it and in case its status is non-zero - # it is enabled no matter what +- name: Include install.yml + include: install.yml # And finally adjust an excluder in order to update host components correctly. First # exclude then unexclude -- block: - - include: exclude.yml - vars: - # Enable the docker excluder only if it is overrided - # BZ #1430612: docker excluders should be enabled even during installation and upgrade - exclude_docker_excluder: "{{ docker_excluder_on | bool }}" - # excluder is to be disabled by default - exclude_openshift_excluder: false - # All excluders that are to be disabled are disabled - - include: unexclude.yml - vars: - # If the docker override is not set, default to the generic behaviour - # BZ #1430612: docker excluders should be enabled even during installation and upgrade - unexclude_docker_excluder: false - # disable openshift excluder is never overrided to be enabled - # disable it if the docker excluder is enabled - unexclude_openshift_excluder: "{{ openshift_excluder_on | bool }}" - when: - - not openshift.common.is_atomic | bool +- name: Include exclude.yml + include: exclude.yml + vars: + # Enable the docker excluder only if it is overridden + # BZ #1430612: docker excluders should be enabled even during installation and upgrade + exclude_docker_excluder: "{{ r_openshift_excluder_enable_docker_excluder }}" + # excluder is to be disabled by default + exclude_openshift_excluder: false + +# All excluders that are to be disabled are disabled +- name: Include unexclude.yml + include: unexclude.yml + vars: + # If the docker override is not set, default to the generic behaviour + # BZ #1430612: docker excluders should be enabled even during installation and upgrade + unexclude_docker_excluder: false + # disable openshift excluder is never overridden to be enabled + # disable it if the docker excluder is enabled + unexclude_openshift_excluder: "{{ r_openshift_excluder_enable_openshift_excluder }}" diff --git a/roles/openshift_excluder/tasks/enable.yml b/roles/openshift_excluder/tasks/enable.yml index e719325bc..fce44cfb5 100644 --- a/roles/openshift_excluder/tasks/enable.yml +++ b/roles/openshift_excluder/tasks/enable.yml @@ -1,18 +1,6 @@ --- -# input variables: -- block: - - include: init.yml +- name: Install excluders + include: install.yml - - include: install.yml - vars: - install_docker_excluder: "{{ docker_excluder_on | bool }}" - install_openshift_excluder: "{{ openshift_excluder_on | bool }}" - when: docker_excluder_on or openshift_excluder_on | bool - - - include: exclude.yml - vars: - exclude_docker_excluder: "{{ docker_excluder_on | bool }}" - exclude_openshift_excluder: "{{ openshift_excluder_on | bool }}" - - when: - - not openshift.common.is_atomic | bool +- name: Enable excluders + include: exclude.yml diff --git a/roles/openshift_excluder/tasks/exclude.yml b/roles/openshift_excluder/tasks/exclude.yml index ca18d343f..934f1b2d2 100644 --- a/roles/openshift_excluder/tasks/exclude.yml +++ b/roles/openshift_excluder/tasks/exclude.yml @@ -1,30 +1,22 @@ --- -# input variables: -# - exclude_docker_excluder -# - exclude_openshift_excluder -- block: +- name: Check for docker-excluder + stat: + path: /sbin/{{ r_openshift_excluder_service_type }}-docker-excluder + register: docker_excluder_stat - - name: Check for docker-excluder - stat: - path: /sbin/{{ openshift.common.service_type }}-docker-excluder - register: docker_excluder_stat - - name: Enable docker excluder - command: "{{ openshift.common.service_type }}-docker-excluder exclude" - when: - - exclude_docker_excluder | default(false) | bool - - docker_excluder_stat.stat.exists +- name: Enable docker excluder + command: "{{ r_openshift_excluder_service_type }}-docker-excluder exclude" + when: + - r_openshift_excluder_enable_docker_excluder | bool + - docker_excluder_stat.stat.exists - - name: Check for openshift excluder - stat: - path: /sbin/{{ openshift.common.service_type }}-excluder - register: openshift_excluder_stat - - name: Enable openshift excluder - command: "{{ openshift.common.service_type }}-excluder exclude" - # if the openshift override is set, it means the openshift excluder is disabled no matter what - # if the openshift override is not set, the excluder is set based on enable_openshift_excluder - when: - - exclude_openshift_excluder | default(false) | bool - - openshift_excluder_stat.stat.exists +- name: Check for openshift excluder + stat: + path: /sbin/{{ r_openshift_excluder_service_type }}-excluder + register: openshift_excluder_stat +- name: Enable openshift excluder + command: "{{ r_openshift_excluder_service_type }}-excluder exclude" when: - - not openshift.common.is_atomic | bool + - r_openshift_excluder_enable_openshift_excluder | bool + - openshift_excluder_stat.stat.exists diff --git a/roles/openshift_excluder/tasks/init.yml b/roles/openshift_excluder/tasks/init.yml deleted file mode 100644 index 1ea18f363..000000000 --- a/roles/openshift_excluder/tasks/init.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -- name: Evalute if docker excluder is to be enabled - set_fact: - docker_excluder_on: "{{ enable_docker_excluder | default(enable_excluders) | bool }}" - -- debug: var=docker_excluder_on - -- name: Evalute if openshift excluder is to be enabled - set_fact: - openshift_excluder_on: "{{ enable_openshift_excluder | default(enable_excluders) | bool }}" - -- debug: var=openshift_excluder_on diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml index 3490a613e..d09358bee 100644 --- a/roles/openshift_excluder/tasks/install.yml +++ b/roles/openshift_excluder/tasks/install.yml @@ -1,21 +1,14 @@ --- -# input Variables -# - install_docker_excluder -# - install_openshift_excluder -- block: - - - name: Install docker excluder - package: - name: "{{ openshift.common.service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" - state: "{{ docker_excluder_package_state }}" - when: - - install_docker_excluder | default(true) | bool +- name: Install docker excluder + package: + name: "{{ r_openshift_excluder_service_type }}-docker-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" + state: "{{ r_openshift_excluder_docker_package_state }}" + when: + - r_openshift_excluder_enable_docker_excluder | bool - - name: Install openshift excluder - package: - name: "{{ openshift.common.service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" - state: "{{ openshift_excluder_package_state }}" - when: - - install_openshift_excluder | default(true) | bool +- name: Install openshift excluder + package: + name: "{{ r_openshift_excluder_service_type }}-excluder{{ openshift_pkg_version | default('') | oo_image_tag_to_rpm_version(include_dash=True) + '*' }}" + state: "{{ r_openshift_excluder_package_state }}" when: - - not openshift.common.is_atomic | bool + - r_openshift_excluder_enable_openshift_excluder | bool diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml new file mode 100644 index 000000000..db20b4012 --- /dev/null +++ b/roles/openshift_excluder/tasks/main.yml @@ -0,0 +1,38 @@ +--- +- name: Detecting Atomic Host Operating System + stat: + path: /run/ostree-booted + register: ostree_booted + +- block: + + - name: Debug r_openshift_excluder_enable_docker_excluder + debug: + var: r_openshift_excluder_enable_docker_excluder + + - name: Debug r_openshift_excluder_enable_openshift_excluder + debug: + var: r_openshift_excluder_enable_openshift_excluder + + - name: Fail if invalid openshift_excluder_action provided + fail: + msg: "openshift_excluder role can only be called with 'enable' or 'disable'" + when: r_openshift_excluder_action not in ['enable', 'disable'] + + - name: Fail if r_openshift_excluder_service_type is not defined + fail: + msg: "r_openshift_excluder_service_type must be specified for this role" + when: r_openshift_excluder_service_type is not defined + + - name: Fail if r_openshift_excluder_upgrade_target is not defined + fail: + msg: "r_openshift_excluder_upgrade_target must be provided when using this role for upgrades" + when: + - r_openshift_excluder_verify_upgrade | bool + - r_openshift_excluder_upgrade_target is not defined + + - name: Include main action task file + include: "{{ r_openshift_excluder_action }}.yml" + + when: + - not ostree_booted.stat.exists | bool diff --git a/roles/openshift_excluder/tasks/unexclude.yml b/roles/openshift_excluder/tasks/unexclude.yml index 4df7f14b4..a5ce8d5c7 100644 --- a/roles/openshift_excluder/tasks/unexclude.yml +++ b/roles/openshift_excluder/tasks/unexclude.yml @@ -2,27 +2,25 @@ # input variables: # - unexclude_docker_excluder # - unexclude_openshift_excluder -- block: - - name: Check for docker-excluder - stat: - path: /sbin/{{ openshift.common.service_type }}-docker-excluder - register: docker_excluder_stat - - name: disable docker excluder - command: "{{ openshift.common.service_type }}-docker-excluder unexclude" - when: - - unexclude_docker_excluder | default(false) | bool - - docker_excluder_stat.stat.exists +- name: Check for docker-excluder + stat: + path: /sbin/{{ r_openshift_excluder_service_type }}-docker-excluder + register: docker_excluder_stat - - name: Check for openshift excluder - stat: - path: /sbin/{{ openshift.common.service_type }}-excluder - register: openshift_excluder_stat - - name: disable openshift excluder - command: "{{ openshift.common.service_type }}-excluder unexclude" - when: - - unexclude_openshift_excluder | default(false) | bool - - openshift_excluder_stat.stat.exists +- name: disable docker excluder + command: "{{ r_openshift_excluder_service_type }}-docker-excluder unexclude" + when: + - unexclude_docker_excluder | default(false) | bool + - docker_excluder_stat.stat.exists + +- name: Check for openshift excluder + stat: + path: /sbin/{{ r_openshift_excluder_service_type }}-excluder + register: openshift_excluder_stat +- name: disable openshift excluder + command: "{{ r_openshift_excluder_service_type }}-excluder unexclude" when: - - not openshift.common.is_atomic | bool + - unexclude_openshift_excluder | default(false) | bool + - openshift_excluder_stat.stat.exists diff --git a/roles/openshift_excluder/tasks/verify_excluder.yml b/roles/openshift_excluder/tasks/verify_excluder.yml index aebdb8c58..c35639c1b 100644 --- a/roles/openshift_excluder/tasks/verify_excluder.yml +++ b/roles/openshift_excluder/tasks/verify_excluder.yml @@ -1,35 +1,32 @@ --- # input variables: -# - repoquery_cmd # - excluder -# - openshift_upgrade_target -- block: - - name: Get available excluder version - repoquery: - name: "{{ excluder }}" - ignore_excluders: true - register: excluder_out +- name: Get available excluder version + repoquery: + name: "{{ excluder }}" + ignore_excluders: true + register: repoquery_out - - fail: - msg: "Package {{ excluder }} not found" - when: not excluder_out.results.package_found +- name: Fail when excluder package is not found + fail: + msg: "Package {{ excluder }} not found" + when: not repoquery_out.results.package_found - - set_fact: - excluder_version: "{{ excluder_out.results.versions.available_versions.0 }}" +- name: Set fact excluder_version + set_fact: + excluder_version: "{{ repoquery_out.results.versions.available_versions.0 }}" - - name: "{{ excluder }} version detected" - debug: - msg: "{{ excluder }}: {{ excluder_version }}" +- name: "{{ excluder }} version detected" + debug: + msg: "{{ excluder }}: {{ excluder_version }}" - - name: Printing upgrade target version - debug: - msg: "{{ openshift_upgrade_target }}" +- name: Printing upgrade target version + debug: + msg: "{{ r_openshift_excluder_upgrade_target }}" - - name: Check the available {{ excluder }} version is at most of the upgrade target version - fail: - msg: "Available {{ excluder }} version {{ excluder_version }} is higher than the upgrade target version" - when: - - "{{ excluder_version != '' }}" - - "{{ excluder_version.split('.')[0:2] | join('.') | version_compare(openshift_upgrade_target.split('.')[0:2] | join('.'), '>', strict=True) }}" +- name: Check the available {{ excluder }} version is at most of the upgrade target version + fail: + msg: "Available {{ excluder }} version {{ excluder_version }} is higher than the upgrade target version" when: - - not openshift.common.is_atomic | bool + - excluder_version != '' + - excluder_version.split('.')[0:2] | join('.') | version_compare(r_openshift_excluder_upgrade_target.split('.')[0:2] | join('.'), '>', strict=True) diff --git a/roles/openshift_excluder/tasks/verify_upgrade.yml b/roles/openshift_excluder/tasks/verify_upgrade.yml index 6ea2130ac..42026664a 100644 --- a/roles/openshift_excluder/tasks/verify_upgrade.yml +++ b/roles/openshift_excluder/tasks/verify_upgrade.yml @@ -1,15 +1,12 @@ --- -# input variables -# - repoquery_cmd -# - openshift_upgrade_target -- include: init.yml - -- include: verify_excluder.yml +- name: Verify Docker Excluder version + include: verify_excluder.yml vars: - excluder: "{{ openshift.common.service_type }}-docker-excluder" - when: docker_excluder_on + excluder: "{{ r_openshift_excluder_service_type }}-docker-excluder" + when: r_openshift_excluder_enable_docker_excluder | bool -- include: verify_excluder.yml +- name: Verify OpenShift Excluder version + include: verify_excluder.yml vars: - excluder: "{{ openshift.common.service_type }}-excluder" - when: openshift_excluder_on + excluder: "{{ r_openshift_excluder_service_type }}-excluder" + when: r_openshift_excluder_enable_openshift_excluder | bool |