diff options
Diffstat (limited to 'playbooks/common')
8 files changed, 201 insertions, 20 deletions
| diff --git a/playbooks/common/openshift-checks/health.yml b/playbooks/common/openshift-checks/health.yml index 1bee460e8..c7766ff04 100644 --- a/playbooks/common/openshift-checks/health.yml +++ b/playbooks/common/openshift-checks/health.yml @@ -1,4 +1,9 @@  --- +# openshift_health_checker depends on openshift_version which now requires group eval. +- include: ../openshift-cluster/evaluate_groups.yml +  tags: +  - always +  - name: Run OpenShift health checks    hosts: OSEv3    roles: diff --git a/playbooks/common/openshift-checks/pre-install.yml b/playbooks/common/openshift-checks/pre-install.yml index e01c6f38d..7ca9f7e8b 100644 --- a/playbooks/common/openshift-checks/pre-install.yml +++ b/playbooks/common/openshift-checks/pre-install.yml @@ -1,4 +1,9 @@  --- +# openshift_health_checker depends on openshift_version which now requires group eval. +- include: ../openshift-cluster/evaluate_groups.yml +  tags: +  - always +  - hosts: OSEv3    name: run OpenShift pre-install checks    roles: diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 1482b3a3f..7224ae712 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,4 +1,23 @@  --- +# TODO: refactor this into its own include +# and pass a variable for ctx +- name: Verify Requirements +  hosts: oo_all_hosts +  roles: +  - openshift_health_checker +  vars: +  - r_openshift_health_checker_playbook_context: "install" +  post_tasks: +  - action: openshift_health_check +    args: +      checks: +      - disk_availability +      - memory_availability +      - package_availability +      - package_version +      - docker_image_availability +      - docker_storage +  - include: initialize_oo_option_facts.yml    tags:    - always @@ -45,6 +64,12 @@    tags:    - hosted +- include: service_catalog.yml +  when: +  - openshift_enable_service_catalog | default(false) | bool +  tags: +  - servicecatalog +  - name: Re-enable excluder if it was previously enabled    hosts: oo_masters_to_config:oo_nodes_to_config    tags: diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index c28ce4c14..baca72c58 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -157,3 +157,12 @@        ansible_become: "{{ g_sudo | default(omit) }}"      with_items: "{{ g_glusterfs_hosts | union(g_glusterfs_registry_hosts | default([])) }}"      changed_when: no + +  - name: Evaluate oo_etcd_to_migrate +    add_host: +      name: "{{ item }}" +      groups: oo_etcd_to_migrate +      ansible_ssh_user: "{{ g_ssh_user | default(omit) }}" +      ansible_become: "{{ g_sudo | default(omit) }}" +    with_items: "{{ groups.oo_etcd_to_config if groups.oo_etcd_to_config | default([]) | length != 0 else groups.oo_first_master }}" +    changed_when: no diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml index c30889d64..51b196299 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/masters.yml @@ -51,3 +51,13 @@                                       | oo_collect('openshift.common.hostname')                                       | default(none, true) }}"      openshift_certificates_redeploy: true +  - role: lib_utils +  post_tasks: +  - yedit: +      src: "{{ openshift.common.config_base }}/master/master-config.yaml" +      key: servingInfo.namedCertificates +      value: "{{ openshift.master.named_certificates | default([]) | oo_named_certificates_list }}" +    when: +    - ('named_certificates' in openshift.master) +    - openshift.master.named_certificates | default([]) | length > 0 +    - openshift_master_overwrite_named_certificates | default(false) | bool diff --git a/playbooks/common/openshift-cluster/service_catalog.yml b/playbooks/common/openshift-cluster/service_catalog.yml new file mode 100644 index 000000000..c42e8781a --- /dev/null +++ b/playbooks/common/openshift-cluster/service_catalog.yml @@ -0,0 +1,8 @@ +--- +- include: evaluate_groups.yml + +- name: Service Catalog +  hosts: oo_first_master +  roles: +  - openshift_service_catalog +  - ansible_service_broker diff --git a/playbooks/common/openshift-etcd/migrate.yml b/playbooks/common/openshift-etcd/migrate.yml new file mode 100644 index 000000000..c655449fa --- /dev/null +++ b/playbooks/common/openshift-etcd/migrate.yml @@ -0,0 +1,120 @@ +--- +- include: ../openshift-cluster/evaluate_groups.yml +  tags: +  - always + +- name: Run pre-checks +  hosts: oo_etcd_to_migrate +  tags: +  - always +  roles: +  - role: etcd_migrate +    r_etcd_migrate_action: check +    r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" +    etcd_peer: "{{ ansible_default_ipv4.address }}" + +- include: ../openshift-cluster/initialize_facts.yml +  tags: +  - always + +- name: Backup v2 data +  hosts: oo_etcd_to_migrate +  gather_facts: no +  tags: +  - always +  roles: +  - role: openshift_facts +  - role: etcd_common +    r_etcd_common_action: backup +    r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}" +    r_etcd_common_backup_tag: pre-migration +    r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" +    r_etcd_common_backup_sufix_name: "{{ lookup('pipe', 'date +%Y%m%d%H%M%S') }}" + +- name: Gate on etcd backup +  hosts: localhost +  connection: local +  become: no +  tasks: +  - set_fact: +      etcd_backup_completed: "{{ hostvars +                                 | oo_select_keys(groups.oo_etcd_to_migrate) +                                 | oo_collect('inventory_hostname', {'r_etcd_common_backup_complete': true}) }}" +  - set_fact: +      etcd_backup_failed: "{{ groups.oo_etcd_to_migrate | difference(etcd_backup_completed) }}" +  - fail: +      msg: "Migration cannot continue. The following hosts did not complete etcd backup: {{ etcd_backup_failed | join(',') }}" +    when: +    - etcd_backup_failed | length > 0 + +- name: Prepare masters for etcd data migration +  hosts: oo_masters_to_config +  tasks: +  - set_fact: +      master_services: +      - "{{ openshift.common.service_type + '-master' }}" +  - set_fact: +      master_services: +      - "{{ openshift.common.service_type + '-master-controllers' }}" +      - "{{ openshift.common.service_type + '-master-api' }}" +    when: +    - (openshift_master_cluster_method is defined and openshift_master_cluster_method == "native") or openshift.common.is_master_system_container | bool +  - debug: +      msg: "master service name: {{ master_services }}" +  - name: Stop masters +    service: +      name: "{{ item }}" +      state: stopped +    with_items: "{{ master_services }}" + +- name: Migrate etcd data from v2 to v3 +  hosts: oo_etcd_to_migrate +  gather_facts: no +  tags: +  - always +  roles: +  - role: etcd_migrate +    r_etcd_migrate_action: migrate +    r_etcd_common_embedded_etcd: "{{ groups.oo_etcd_to_config | default([]) | length == 0 }}" +    etcd_peer: "{{ ansible_default_ipv4.address }}" + +- name: Gate on etcd migration +  hosts: oo_masters_to_config +  gather_facts: no +  tasks: +  - set_fact: +      etcd_migration_completed: "{{ hostvars +                                 | oo_select_keys(groups.oo_etcd_to_migrate) +                                 | oo_collect('inventory_hostname', {'r_etcd_migrate_success': true}) }}" +  - set_fact: +      etcd_migration_failed: "{{ groups.oo_etcd_to_migrate | difference(etcd_migration_completed) }}" + +- name: Configure masters if etcd data migration is succesfull +  hosts: oo_masters_to_config +  roles: +  - role: etcd_migrate +    r_etcd_migrate_action: configure +    when: etcd_migration_failed | length == 0 +  tasks: +  - debug: +      msg: "Skipping master re-configuration since migration failed." +    when: +    - etcd_migration_failed | length > 0 + +- name: Start masters after etcd data migration +  hosts: oo_masters_to_config +  tasks: +  - name: Start master services +    service: +      name: "{{ item }}" +      state: started +    register: service_status +    # Sometimes the master-api, resp. master-controllers fails to start for the first time +    until: service_status.state is defined and service_status.state == "started" +    retries: 5 +    delay: 10 +    with_items: "{{ master_services[::-1] }}" +  - fail: +      msg: "Migration failed. The following hosts were not properly migrated: {{ etcd_migration_failed | join(',') }}" +    when: +    - etcd_migration_failed | length > 0 diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 70108fb7a..7d3a371e3 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -20,25 +20,6 @@      - node      - .config_managed -  - name: Check for existing configuration -    stat: -      path: /etc/origin/master/master-config.yaml -    register: master_config_stat - -  - name: Set clean install fact -    set_fact: -      l_clean_install: "{{ not master_config_stat.stat.exists | bool }}" - -  - name: Determine if etcd3 storage is in use -    command: grep  -Pzo  "storage-backend:\n.*etcd3" /etc/origin/master/master-config.yaml -q -    register: etcd3_grep -    failed_when: false -    changed_when: false - -  - name: Set etcd3 fact -    set_fact: -      l_etcd3_enabled: "{{ etcd3_grep.rc == 0 | bool }}" -    - set_fact:        openshift_master_pod_eviction_timeout: "{{ lookup('oo_option', 'openshift_master_pod_eviction_timeout') | default(none, true) }}"      when: openshift_master_pod_eviction_timeout is not defined @@ -88,7 +69,7 @@          ha: "{{ openshift_master_ha | default(groups.oo_masters | length > 1) }}"          master_count: "{{ openshift_master_count | default(groups.oo_masters | length) }}" -- name: Determine if session secrets must be generated +- name: Inspect state of first master session secrets and config    hosts: oo_first_master    roles:    - role: openshift_facts @@ -98,6 +79,24 @@        local_facts:          session_auth_secrets: "{{ openshift_master_session_auth_secrets | default(openshift.master.session_auth_secrets | default(None)) }}"          session_encryption_secrets: "{{ openshift_master_session_encryption_secrets | default(openshift.master.session_encryption_secrets | default(None)) }}" +  - name: Check for existing configuration +    stat: +      path: /etc/origin/master/master-config.yaml +    register: master_config_stat + +  - name: Set clean install fact +    set_fact: +      l_clean_install: "{{ not master_config_stat.stat.exists | bool }}" + +  - name: Determine if etcd3 storage is in use +    command: grep  -Pzo  "storage-backend:\n.*etcd3" /etc/origin/master/master-config.yaml -q +    register: etcd3_grep +    failed_when: false +    changed_when: false + +  - name: Set etcd3 fact +    set_fact: +      l_etcd3_enabled: "{{ etcd3_grep.rc == 0 | bool }}"  - name: Generate master session secrets    hosts: oo_first_master | 
