diff options
Diffstat (limited to 'playbooks/common')
40 files changed, 276 insertions, 96 deletions
| diff --git a/playbooks/common/openshift-checks/adhoc.yml b/playbooks/common/openshift-checks/adhoc.yml index dfcef8435..d0deaeb65 100644 --- a/playbooks/common/openshift-checks/adhoc.yml +++ b/playbooks/common/openshift-checks/adhoc.yml @@ -1,12 +1,13 @@  --- -- name: OpenShift health checks +- name: OpenShift Health Checks    hosts: oo_all_hosts +    roles:    - openshift_health_checker    vars:    - r_openshift_health_checker_playbook_context: adhoc    post_tasks: -  - name: Run health checks +  - name: Run health checks (adhoc)      action: openshift_health_check      args:        checks: '{{ openshift_checks | default([]) }}' diff --git a/playbooks/common/openshift-checks/health.yml b/playbooks/common/openshift-checks/health.yml index 21ea785ef..d0921b9d3 100644 --- a/playbooks/common/openshift-checks/health.yml +++ b/playbooks/common/openshift-checks/health.yml @@ -1,11 +1,13 @@  --- -- name: Run OpenShift health checks +- name: OpenShift Health Checks    hosts: oo_all_hosts +    roles:    - openshift_health_checker    vars:    - r_openshift_health_checker_playbook_context: health    post_tasks: -  - action: openshift_health_check +  - name: Run health checks (@health) +    action: openshift_health_check      args:        checks: ['@health'] diff --git a/playbooks/common/openshift-checks/install.yml b/playbooks/common/openshift-checks/install.yml new file mode 100644 index 000000000..6701a2e15 --- /dev/null +++ b/playbooks/common/openshift-checks/install.yml @@ -0,0 +1,47 @@ +--- +- name: Health Check Checkpoint Start +  hosts: oo_all_hosts +  gather_facts: false +  tasks: +  - name: Set Health Check 'In Progress' +    set_stats: +      data: +        installer_phase_health: "In Progress" +      aggregate: false + +- name: OpenShift Health Checks +  hosts: oo_all_hosts +  any_errors_fatal: true +  roles: +  - openshift_health_checker +  vars: +  - r_openshift_health_checker_playbook_context: install +  post_tasks: +  - name: Run health checks (install) - EL +    when: ansible_distribution != "Fedora" +    action: openshift_health_check +    args: +      checks: +      - disk_availability +      - memory_availability +      - package_availability +      - package_version +      - docker_image_availability +      - docker_storage + +  - name: Run health checks (install) - Fedora +    when: ansible_distribution == "Fedora" +    action: openshift_health_check +    args: +      checks: +      - docker_image_availability + +- name: Health Check Checkpoint End +  hosts: oo_all_hosts +  gather_facts: false +  tasks: +  - name: Set Health Check 'Complete' +    set_stats: +      data: +        installer_phase_health: "Complete" +      aggregate: false diff --git a/playbooks/common/openshift-checks/pre-install.yml b/playbooks/common/openshift-checks/pre-install.yml index 88e6f9120..32449d4e4 100644 --- a/playbooks/common/openshift-checks/pre-install.yml +++ b/playbooks/common/openshift-checks/pre-install.yml @@ -1,11 +1,13 @@  --- -- name: run OpenShift pre-install checks +- name: OpenShift Health Checks    hosts: oo_all_hosts +    roles:    - openshift_health_checker    vars:    - r_openshift_health_checker_playbook_context: pre-install    post_tasks: -  - action: openshift_health_check +  - name: Run health checks (@preflight) +    action: openshift_health_check      args:        checks: ['@preflight'] diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index 395eb51f1..3b4d6f9a6 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -1,31 +1,5 @@  --- -# TODO: refactor this into its own include -# and pass a variable for ctx -- name: Verify Requirements -  hosts: oo_all_hosts -  roles: -  - openshift_health_checker -  vars: -  - r_openshift_health_checker_playbook_context: install -  post_tasks: - -  - name: Verify Requirements - EL -    when: ansible_distribution != "Fedora" -    action: openshift_health_check -    args: -      checks: -      - disk_availability -      - memory_availability -      - package_availability -      - package_version -      - docker_image_availability -      - docker_storage -  - name: Verify Requirements - Fedora -    when: ansible_distribution == "Fedora" -    action: openshift_health_check -    args: -      checks: -      - docker_image_availability +- include: ../openshift-checks/install.yml  - include: ../openshift-etcd/config.yml @@ -53,7 +27,7 @@    when: openshift_logging_install_logging | default(false) | bool  - include: service_catalog.yml -  when: openshift_enable_service_catalog | default(false) | bool +  when: openshift_enable_service_catalog | default(true) | bool  - include: ../openshift-management/config.yml    when: openshift_management_install_management | default(false) | bool diff --git a/playbooks/common/openshift-cluster/create_persistent_volumes.yml b/playbooks/common/openshift-cluster/create_persistent_volumes.yml index ec6f2c52c..8a60a30b8 100644 --- a/playbooks/common/openshift-cluster/create_persistent_volumes.yml +++ b/playbooks/common/openshift-cluster/create_persistent_volumes.yml @@ -1,13 +1,4 @@  --- -- name: Create persistent volumes -  hosts: oo_first_master -  vars: -    persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" -    persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" -  tasks: -  - debug: var=persistent_volumes -  - debug: var=persistent_volume_claims -  - name: Create Hosted Resources - persistent volumes    hosts: oo_first_master    vars: diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml index be2f8b5f4..91223d368 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -10,6 +10,7 @@    - name: load openshift_facts module      include_role:        name: openshift_facts +    static: yes    # TODO: Should this role be refactored into health_checks??    - name: Run openshift_sanitize_inventory to set variables @@ -145,7 +146,19 @@          https_proxy: "{{ openshift_https_proxy | default(None) }}"          no_proxy: "{{ openshift_no_proxy | default(None) }}"          generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" -        no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + +  - name: Set fact of no_proxy_internal_hostnames +    openshift_facts: +      role: common +      local_facts: +        no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] +                                             | union(groups['oo_masters_to_config']) +                                             | union(groups['oo_etcd_to_config'] | default([]))) +                                         | oo_collect('openshift.common.hostname') | default([]) | join (',') +                                         }}" +    when: +    - openshift_http_proxy is defined or openshift_https_proxy is defined +    - openshift_generate_no_proxy_hosts | default(True) | bool    - name: initialize_facts set_fact repoquery command      set_fact: diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml index e6400ea61..37a5284d5 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -1,15 +1,4 @@  --- -# openshift_install_base_package_group may be set in a play variable to limit -# the host groups the base package is installed on.  This is currently used -# for master/control-plane upgrades. -- name: Set version_install_base_package true on masters and nodes -  hosts: "{{ openshift_install_base_package_group | default('oo_masters_to_config:oo_nodes_to_config') }}" -  tasks: -  - name: Set version_install_base_package true -    set_fact: -      version_install_base_package: True -    when: version_install_base_package is not defined -  # NOTE: requires openshift_facts be run  - name: Determine openshift_version to configure on first master    hosts: oo_first_master diff --git a/playbooks/common/openshift-cluster/install_docker_gc.yml b/playbooks/common/openshift-cluster/install_docker_gc.yml new file mode 100644 index 000000000..1e3dfee07 --- /dev/null +++ b/playbooks/common/openshift-cluster/install_docker_gc.yml @@ -0,0 +1,7 @@ +--- +- name: Install docker gc +  hosts: oo_first_master +  gather_facts: false +  tasks: +    - include_role: +        name: openshift_docker_gc diff --git a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml b/playbooks/common/openshift-cluster/openshift_default_storage_class.yml index 4b4f19690..62fe0dd60 100644 --- a/playbooks/common/openshift-cluster/openshift_default_storage_class.yml +++ b/playbooks/common/openshift-cluster/openshift_default_storage_class.yml @@ -3,4 +3,4 @@    hosts: oo_first_master    roles:    - role: openshift_default_storage_class -    when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce') +    when: openshift_cloudprovider_kind is defined and (openshift_cloudprovider_kind == 'aws' or openshift_cloudprovider_kind == 'gce' or openshift_cloudprovider_kind == 'openstack') diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index c1536eb36..281ccce2e 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -24,6 +24,11 @@  - include: openshift_prometheus.yml    when: openshift_hosted_prometheus_deploy | default(False) | bool +- include: install_docker_gc.yml +  when: +  - openshift_use_crio | default(False) | bool +  - openshift_crio_enable_docker_gc | default(False) | bool +  - name: Hosted Install Checkpoint End    hosts: oo_all_hosts    gather_facts: false diff --git a/playbooks/common/openshift-cluster/openshift_prometheus.yml b/playbooks/common/openshift-cluster/openshift_prometheus.yml index ac2d250a3..a73b294a5 100644 --- a/playbooks/common/openshift-cluster/openshift_prometheus.yml +++ b/playbooks/common/openshift-cluster/openshift_prometheus.yml @@ -1,5 +1,25 @@  --- +- name: Prometheus Install Checkpoint Start +  hosts: oo_all_hosts +  gather_facts: false +  tasks: +  - name: Set Prometheus install 'In Progress' +    set_stats: +      data: +        installer_phase_prometheus: "In Progress" +      aggregate: false +  - name: Create Hosted Resources - openshift_prometheus    hosts: oo_first_master    roles:    - role: openshift_prometheus + +- name: Prometheus Install Checkpoint End +  hosts: oo_all_hosts +  gather_facts: false +  tasks: +  - name: Set Prometheus install 'Complete' +    set_stats: +      data: +        installer_phase_prometheus: "Complete" +      aggregate: false diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml index 2068ed199..e22c8cbdb 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/openshift-ca.yml @@ -43,11 +43,6 @@      when: (g_master_config_output.content|b64decode|from_yaml).oauthConfig.masterCA != 'ca-bundle.crt'    - modify_yaml:        dest: "{{ openshift.common.config_base }}/master/master-config.yaml" -      yaml_key: servingInfo.clientCA -      yaml_value: ca.crt -    when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt' -  - modify_yaml: -      dest: "{{ openshift.common.config_base }}/master/master-config.yaml"        yaml_key: etcdClientInfo.ca        yaml_value: ca-bundle.crt      when: @@ -67,6 +62,13 @@      when:      - groups.oo_etcd_to_config | default([]) | length == 0      - (g_master_config_output.content|b64decode|from_yaml).etcdConfig.servingInfo.clientCA != 'ca-bundle.crt' +  # Set servingInfo.clientCA to client-ca-bundle.crt in order to roll the CA certificate. +  # This change will be reverted in playbooks/byo/openshift-cluster/redeploy-certificates.yml +  - modify_yaml: +      dest: "{{ openshift.common.config_base }}/master/master-config.yaml" +      yaml_key: servingInfo.clientCA +      yaml_value: client-ca-bundle.crt +    when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'client-ca-bundle.crt'  - name: Copy current OpenShift CA to legacy directory    hosts: oo_masters_to_config @@ -155,6 +157,7 @@      - ca.key      - ca-bundle.crt      - ca.serial.txt +    - client-ca-bundle.crt      delegate_to: "{{ openshift_ca_host }}"      run_once: true      changed_when: false @@ -173,6 +176,7 @@      - ca.key      - ca-bundle.crt      - ca.serial.txt +    - client-ca-bundle.crt    - name: Update master client kubeconfig CA data      kubeclient_ca:        client_path: "{{ openshift.common.config_base }}/master/openshift-master.kubeconfig" diff --git a/playbooks/common/openshift-cluster/upgrades/init.yml b/playbooks/common/openshift-cluster/upgrades/init.yml index 2826951e6..6ad0b6b86 100644 --- a/playbooks/common/openshift-cluster/upgrades/init.yml +++ b/playbooks/common/openshift-cluster/upgrades/init.yml @@ -9,7 +9,12 @@  - name: Ensure firewall is not switched during upgrade    hosts: oo_all_hosts +  vars: +    openshift_master_installed_version: "{{ hostvars[groups.oo_first_master.0].openshift.common.version }}"    tasks: +  - name: set currently installed version +    set_fact: +      openshift_currently_installed_version: "{{ openshift_master_installed_version }}"    - name: Check if iptables is running      command: systemctl status iptables      changed_when: false diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml index 45022cd61..6a5bc24f7 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml @@ -9,16 +9,29 @@        local_facts:          ha: "{{ groups.oo_masters_to_config | length > 1 }}" -  - name: Ensure HA Master is running -    service: -      name: "{{ openshift.common.service_type }}-master-api" -      state: started -      enabled: yes -    when: openshift.common.is_containerized | bool +  - when: openshift.common.is_containerized | bool +    block: +    - set_fact: +        master_services: +        - "{{ openshift.common.service_type }}-master" -  - name: Ensure HA Master is running -    service: -      name: "{{ openshift.common.service_type }}-master-controllers" -      state: started -      enabled: yes -    when: openshift.common.is_containerized | bool +    # In case of the non-ha to ha upgrade. +    - name: Check if the {{ openshift.common.service_type }}-master-api.service exists +      command: > +        systemctl list-units {{ openshift.common.service_type }}-master-api.service --no-legend +      register: master_api_service_status + +    - set_fact: +        master_services: +        - "{{ openshift.common.service_type }}-master-api" +        - "{{ openshift.common.service_type }}-master-controllers" +      when: +      - master_api_service_status.stdout_lines | length > 0 +      - (openshift.common.service_type + '-master-api.service') in master_api_service_status.stdout_lines[0] + +    - name: Ensure Master is running +      service: +        name: "{{ item }}" +        state: started +        enabled: yes +      with_items: "{{ master_services }}" diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index 142ce5f3d..13fa37b09 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -4,6 +4,12 @@      msg: Verify OpenShift is already installed    when: openshift.common.version is not defined +- name: Update oreg_auth docker login credentials if necessary +  include_role: +    name: docker +    tasks_from: registry_auth.yml +  when: oreg_auth_user is defined +  - name: Verify containers are available for upgrade    command: >      docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} @@ -37,7 +43,7 @@      fail:        msg: "OpenShift {{ avail_openshift_version }} is available, but {{ openshift_upgrade_target }} or greater is required"      when: -    - openshift_pkg_version | default('0.0', True) | version_compare(openshift_release, '<') +    - (openshift_pkg_version | default('-0.0', True)).split('-')[1] | version_compare(openshift_release, '<')  - name: Fail when openshift version does not meet minium requirement for Origin upgrade    fail: diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index c37a5f9ab..a5e2f7940 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -90,6 +90,9 @@    - include_vars: ../../../../roles/openshift_master/vars/main.yml +  - name: Update journald config +    include: ../../../../roles/openshift_master/tasks/journald.yml +    - name: Remove any legacy systemd units and update systemd units      include: ../../../../roles/openshift_master/tasks/systemd_units.yml @@ -199,7 +202,7 @@        {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig        policy reconcile-cluster-roles --additive-only=true --confirm -o name      register: reconcile_cluster_role_result -    when: not openshift.common.version_gte_3_7 | bool +    when: openshift_version | version_compare('3.7','<')      changed_when:      - reconcile_cluster_role_result.stdout != ''      - reconcile_cluster_role_result.rc == 0 @@ -214,7 +217,7 @@        --exclude-groups=system:unauthenticated        --exclude-users=system:anonymous        --additive-only=true --confirm -o name -    when: not openshift.common.version_gte_3_7 | bool +    when: openshift_version | version_compare('3.7','<')      register: reconcile_bindings_result      changed_when:      - reconcile_bindings_result.stdout != '' @@ -229,9 +232,11 @@      changed_when:      - reconcile_jenkins_role_binding_result.stdout != ''      - reconcile_jenkins_role_binding_result.rc == 0 -    when: (not openshift.common.version_gte_3_7 | bool) and (openshift.common.version_gte_3_4_or_1_4 | bool) +    when: +    - openshift_version | version_compare('3.7','<') +    - openshift_version | version_compare('3.4','>=') -  - when: (openshift.common.version_gte_3_6 | bool) and (not openshift.common.version_gte_3_7 | bool) +  - when: openshift_upgrade_target | version_compare('3.7','<')      block:      - name: Retrieve shared-resource-viewer        oc_obj: @@ -250,7 +255,6 @@        - "'annotations' in objout['results']['results'][0]['metadata']"        - "'openshift.io/reconcile-protect' in objout['results']['results'][0]['metadata']['annotations']"        - "objout['results']['results'][0]['metadata']['annotations']['openshift.io/reconcile-protect'] == 'true'" -      - copy:          src: "{{ item }}"          dest: "/tmp/{{ item }}" @@ -268,6 +272,12 @@          - "/tmp/{{ __master_shared_resource_viewer_file }}"          delete_after: true        when: __shared_resource_viewer_protected is not defined +      register: result +      retries: 3 +      delay: 5 +      until: result.rc == 0 +      ignore_errors: true +    - name: Reconcile Security Context Constraints      command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml index f64f0e003..54c85f0fb 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml @@ -68,7 +68,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml index 43da5b629..d7cb38d03 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml @@ -68,7 +68,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml index 30e719d8f..bda245fe1 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml @@ -112,6 +112,8 @@    - include: ../cleanup_unused_images.yml  - include: ../upgrade_control_plane.yml +  vars: +    master_config_hook: "v3_5/master_config_upgrade.yml"  - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml index e9cec9220..6cdea7b84 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml @@ -72,7 +72,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml index 52458e03c..db0c8f886 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml @@ -8,3 +8,8 @@      dest: "{{ openshift.common.config_base}}/master/master-config.yaml"      yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile'      yaml_value: service-signer.key + +- modify_yaml: +    dest: "{{ openshift.common.config_base }}/master/master-config.yaml" +    yaml_key: servingInfo.clientCA +    yaml_value: ca.crt diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index 920dc2ffc..dd109cfa9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -116,6 +116,8 @@    - include: ../cleanup_unused_images.yml  - include: ../upgrade_control_plane.yml +  vars: +    master_config_hook: "v3_6/master_config_upgrade.yml"  - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 27d8515dc..8ab68002d 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -76,7 +76,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml index c26e8f744..1d4d1919c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml @@ -13,3 +13,8 @@      dest: "{{ openshift.common.config_base}}/master/master-config.yaml"      yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile'      yaml_value: service-signer.key + +- modify_yaml: +    dest: "{{ openshift.common.config_base }}/master/master-config.yaml" +    yaml_key: servingInfo.clientCA +    yaml_value: ca.crt diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index bf3b94682..f4862e321 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -119,13 +119,13 @@    tasks:    - include: ../cleanup_unused_images.yml -#TODO: Why doesn't this compose using ./upgrade_control_plane rather than -# ../upgrade_control_plane?  - include: ../upgrade_control_plane.yml +  vars: +    master_config_hook: "v3_7/master_config_upgrade.yml"  # All controllers must be stopped at the same time then restarted  - name: Cycle all controller services to force new leader election mode -  hosts: oo_etcd_to_config +  hosts: oo_masters_to_config    gather_facts: no    tasks:    - name: Stop {{ openshift.common.service_type }}-master-controllers diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index b91bea617..b905d6d86 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -80,7 +80,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger @@ -130,7 +129,7 @@  # All controllers must be stopped at the same time then restarted  - name: Cycle all controller services to force new leader election mode -  hosts: oo_etcd_to_config +  hosts: oo_masters_to_config    gather_facts: no    tasks:    - name: Stop {{ openshift.common.service_type }}-master-controllers diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml index f76fc68d1..7a28eeb27 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml @@ -15,7 +15,7 @@    - name: Confirm OpenShift authorization objects are in sync      command: >        {{ openshift.common.client_binary }} adm migrate authorization -    when: not openshift.common.version_gte_3_7 | bool +    when: openshift_currently_installed_version | version_compare('3.7','<')      changed_when: false      register: l_oc_result      until: l_oc_result.rc == 0 diff --git a/playbooks/common/openshift-etcd/embedded2external.yml b/playbooks/common/openshift-etcd/embedded2external.yml index 9264f3c32..b16b78c4f 100644 --- a/playbooks/common/openshift-etcd/embedded2external.yml +++ b/playbooks/common/openshift-etcd/embedded2external.yml @@ -158,7 +158,7 @@        tasks_from: configure_external_etcd      vars:        etcd_peer_url_scheme: "https" -      etcd_ip: "{{ openshift.common.ip }}" +      etcd_ip: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.ip }}"        etcd_peer_port: 2379    # 9. start the master diff --git a/playbooks/common/openshift-glusterfs/config.yml b/playbooks/common/openshift-glusterfs/config.yml index 80cda9e21..c2ae5f313 100644 --- a/playbooks/common/openshift-glusterfs/config.yml +++ b/playbooks/common/openshift-glusterfs/config.yml @@ -17,6 +17,11 @@        tasks_from: firewall.yml      when:      - openshift_storage_glusterfs_is_native | default(True) | bool +  - include_role: +      name: openshift_storage_glusterfs +      tasks_from: kernel_modules.yml +    when: +    - openshift_storage_glusterfs_is_native | default(True) | bool  - name: Open firewall ports for GlusterFS registry nodes    hosts: glusterfs_registry @@ -26,6 +31,11 @@        tasks_from: firewall.yml      when:      - openshift_storage_glusterfs_registry_is_native | default(True) | bool +  - include_role: +      name: openshift_storage_glusterfs +      tasks_from: kernel_modules.yml +    when: +    - openshift_storage_glusterfs_registry_is_native | default(True) | bool  - name: Configure GlusterFS    hosts: oo_first_master diff --git a/playbooks/common/openshift-management/add_container_provider.yml b/playbooks/common/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..facb3a5b9 --- /dev/null +++ b/playbooks/common/openshift-management/add_container_provider.yml @@ -0,0 +1,8 @@ +--- +- name: Add Container Provider to Management +  hosts: oo_first_master +  tasks: +  - name: Run the Management Integration Tasks +    include_role: +      name: openshift_management +      tasks_from: add_container_provider diff --git a/playbooks/common/openshift-management/uninstall.yml b/playbooks/common/openshift-management/uninstall.yml index 698d93405..9f35cc276 100644 --- a/playbooks/common/openshift-management/uninstall.yml +++ b/playbooks/common/openshift-management/uninstall.yml @@ -1,6 +1,6 @@  ---  - name: Uninstall CFME -  hosts: masters +  hosts: masters[0]    tasks:    - name: Run the CFME Uninstall Role Tasks      include_role: diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml index 1b3eb268a..350557f19 100644 --- a/playbooks/common/openshift-master/additional_config.yml +++ b/playbooks/common/openshift-master/additional_config.yml @@ -25,10 +25,10 @@    - role: openshift_hosted_templates      registry_url: "{{ openshift.master.registry_url }}"    - role: openshift_manageiq -    when: openshift_use_manageiq | default(false) | bool +    when: openshift_use_manageiq | default(true) | bool    - role: cockpit      when: -    - openshift.common.is_atomic +    - not openshift.common.is_atomic | bool      - deployment_type == 'openshift-enterprise'      - osm_use_cockpit is undefined or osm_use_cockpit | bool      - openshift.common.deployment_subtype != 'registry' diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 6e57f282e..7ce0362ef 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -206,6 +206,18 @@      when: openshift_use_nuage | default(false) | bool    - role: calico_master      when: openshift_use_calico | default(false) | bool +  tasks: +  - include_role: +      name: kuryr +      tasks_from: master +    when: openshift_use_kuryr | default(false) | bool + +  - name: Setup the node group config maps +    include_role: +      name: openshift_node_group +    when: openshift_master_bootstrap_enabled | default(false) | bool +    run_once: True +    post_tasks:    - name: Create group for deployment type      group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} diff --git a/playbooks/common/openshift-master/revert-client-ca.yml b/playbooks/common/openshift-master/revert-client-ca.yml new file mode 100644 index 000000000..9ae23bf5b --- /dev/null +++ b/playbooks/common/openshift-master/revert-client-ca.yml @@ -0,0 +1,17 @@ +--- +- name: Set servingInfo.clientCA = ca.crt in master config +  hosts: oo_masters_to_config +  tasks: +  - name: Read master config +    slurp: +      src: "{{ openshift.common.config_base }}/master/master-config.yaml" +    register: g_master_config_output + +  # servingInfo.clientCA may be set as the client-ca-bundle.crt from +  # CA redeployment and this task reverts that change. +  - name: Set servingInfo.clientCA = ca.crt in master config +    modify_yaml: +      dest: "{{ openshift.common.config_base }}/master/master-config.yaml" +      yaml_key: servingInfo.clientCA +      yaml_value: ca.crt +    when: (g_master_config_output.content|b64decode|from_yaml).servingInfo.clientCA != 'ca.crt' diff --git a/playbooks/common/openshift-master/scaleup.yml b/playbooks/common/openshift-master/scaleup.yml index f4dc9df8a..05b37d59f 100644 --- a/playbooks/common/openshift-master/scaleup.yml +++ b/playbooks/common/openshift-master/scaleup.yml @@ -22,8 +22,13 @@    - name: restart master api      service: name={{ openshift.common.service_type }}-master-controllers state=restarted      notify: verify api server +  # We retry the controllers because the API may not be 100% initialized yet.    - name: restart master controllers -    service: name={{ openshift.common.service_type }}-master-controllers state=restarted +    command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" +    retries: 3 +    delay: 5 +    register: result +    until: result.rc == 0    - name: verify api server      command: >        curl --silent --tlsv1.2 diff --git a/playbooks/common/openshift-master/tasks/wire_aggregator.yml b/playbooks/common/openshift-master/tasks/wire_aggregator.yml index 560eea785..df3ea27b4 100644 --- a/playbooks/common/openshift-master/tasks/wire_aggregator.yml +++ b/playbooks/common/openshift-master/tasks/wire_aggregator.yml @@ -179,8 +179,13 @@    - yedit_output.changed    - openshift.master.cluster_method == 'native' +# We retry the controllers because the API may not be 100% initialized yet.  - name: restart master controllers -  systemd: name={{ openshift.common.service_type }}-master-controllers state=restarted +  command: "systemctl restart {{ openshift.common.service_type }}-master-controllers" +  retries: 3 +  delay: 5 +  register: result +  until: result.rc == 0    when:    - yedit_output.changed    - openshift.master.cluster_method == 'native' diff --git a/playbooks/common/openshift-node/additional_config.yml b/playbooks/common/openshift-node/additional_config.yml index fe51ef833..ac757397b 100644 --- a/playbooks/common/openshift-node/additional_config.yml +++ b/playbooks/common/openshift-node/additional_config.yml @@ -19,10 +19,14 @@    - group_by:        key: oo_nodes_use_{{ (openshift_use_contiv | default(False)) | ternary('contiv','nothing') }}      changed_when: False +  # Create group for kuryr nodes +  - group_by: +      key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }} +    changed_when: False  - include: etcd_client_config.yml    vars: -    openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv" +    openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr"  - name: Additional node config    hosts: oo_nodes_use_flannel @@ -50,3 +54,11 @@    - role: contiv      contiv_role: netplugin      when: openshift_use_contiv | default(false) | bool + +- name: Configure Kuryr node +  hosts: oo_nodes_use_kuryr +  tasks: +  - include_role: +      name: kuryr +      tasks_from: node +    when: openshift_use_kuryr | default(false) | bool diff --git a/playbooks/common/openshift-node/clean_image.yml b/playbooks/common/openshift-node/clean_image.yml new file mode 100644 index 000000000..38753d0af --- /dev/null +++ b/playbooks/common/openshift-node/clean_image.yml @@ -0,0 +1,10 @@ +--- +- name: Configure nodes +  hosts: oo_nodes_to_config:!oo_containerized_master_nodes +  tasks: +  - name: Remove any ansible facts created during AMI creation +    file: +      path: "/etc/ansible/facts.d/{{ item }}" +      state: absent +    with_items: +    - openshift.fact diff --git a/playbooks/common/openshift-node/image_prep.yml b/playbooks/common/openshift-node/image_prep.yml index 00d167c22..30651a1df 100644 --- a/playbooks/common/openshift-node/image_prep.yml +++ b/playbooks/common/openshift-node/image_prep.yml @@ -19,3 +19,6 @@  - name: Re-enable excluders    include: enable_excluders.yml + +- name: Remove any undesired artifacts from build +  include: clean_image.yml | 
