diff options
Diffstat (limited to 'playbooks')
45 files changed, 288 insertions, 132 deletions
| diff --git a/playbooks/aws/README.md b/playbooks/aws/README.md index fbab61189..4e5c1017b 100644 --- a/playbooks/aws/README.md +++ b/playbooks/aws/README.md @@ -66,7 +66,7 @@ openshift_pkg_version: # example: -3.7.0  openshift_aws_ssh_key_name: # example: myuser_key  openshift_aws_base_ami: # example: ami-12345678  openshift_aws_iam_cert_path: # example: '/path/to/wildcard.<clusterid>.example.com.crt' -openshift_aws_iam_key_path: # example: '/path/to/wildcard.<clusterid>.example.com.key' +openshift_aws_iam_cert_key_path: # example: '/path/to/wildcard.<clusterid>.example.com.key'  ```  If customization is required for the instances, scale groups, or any other configurable option please see the ['openshift_aws/defaults/main.yml'](../../roles/openshift_aws/defaults/main.yml) for variables and overrides. These overrides can be placed in the `provisioning_vars.yml`, `inventory`, or `group_vars`. diff --git a/playbooks/aws/openshift-cluster/accept.yml b/playbooks/aws/openshift-cluster/accept.yml index ffc367f9f..c2c8bea50 100755 --- a/playbooks/aws/openshift-cluster/accept.yml +++ b/playbooks/aws/openshift-cluster/accept.yml @@ -42,12 +42,12 @@      until: "'instances' in instancesout and instancesout.instances|length > 0"    - debug: -      msg: "{{ instancesout.instances|map(attribute='private_dns_name') | list | regex_replace('.ec2.internal') }}" +      msg: "{{ instancesout.instances|map(attribute='private_dns_name') | list }}"    - name: approve nodes      oc_adm_csr:        #approve_all: True -      nodes: "{{ instancesout.instances|map(attribute='private_dns_name') | list | regex_replace('.ec2.internal') }}" -      timeout: 0 +      nodes: "{{ instancesout.instances|map(attribute='private_dns_name') | list  }}" +      timeout: 60      register: nodeout      delegate_to: "{{ mastersout.instances[0].public_ip_address }}" diff --git a/playbooks/aws/openshift-cluster/build_ami.yml b/playbooks/aws/openshift-cluster/build_ami.yml index 559a37cbe..5b4a6a1e8 100644 --- a/playbooks/aws/openshift-cluster/build_ami.yml +++ b/playbooks/aws/openshift-cluster/build_ami.yml @@ -26,7 +26,8 @@    tasks:    - name: set the user to perform installation      set_fact: -      ansible_ssh_user: "{{ openshift_aws_build_ami_ssh_user | default('root') }}" +      ansible_ssh_user: "{{ openshift_aws_build_ami_ssh_user | default(ansible_ssh_user) }}" +      openshift_node_bootstrap: True  # This is the part that installs all of the software and configs for the instance  # to become a node. diff --git a/playbooks/aws/provisioning_vars.yml.example b/playbooks/aws/provisioning_vars.yml.example index aa91363ae..1491fb868 100644 --- a/playbooks/aws/provisioning_vars.yml.example +++ b/playbooks/aws/provisioning_vars.yml.example @@ -116,5 +116,5 @@ openshift_aws_base_ami: # ami-12345678  # custom certificates are required for the ELB  openshift_aws_iam_cert_path: # '/path/to/wildcard.<clusterid>.example.com.crt' -openshift_aws_iam_key_path: # '/path/to/wildcard.<clusterid>.example.com.key' -#openshift_aws_iam_cert_chain_path: '/path/to/cert.ca.crt' +openshift_aws_iam_cert_key_path: # '/path/to/wildcard.<clusterid>.example.com.key' +openshift_aws_iam_cert_chain_path: # '/path/to/cert.ca.crt' diff --git a/playbooks/byo/openshift-cluster/config.yml b/playbooks/byo/openshift-cluster/config.yml index 60fa44c5b..f2e52782b 100644 --- a/playbooks/byo/openshift-cluster/config.yml +++ b/playbooks/byo/openshift-cluster/config.yml @@ -8,5 +8,3 @@    - always  - include: ../../common/openshift-cluster/config.yml -  vars: -    openshift_deployment_subtype: "{{ deployment_subtype | default(none) }}" diff --git a/playbooks/byo/openshift-management/add_container_provider.yml b/playbooks/byo/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..3378b5abd --- /dev/null +++ b/playbooks/byo/openshift-management/add_container_provider.yml @@ -0,0 +1,6 @@ +--- +- include: ../openshift-cluster/initialize_groups.yml + +- include: ../../common/openshift-cluster/evaluate_groups.yml + +- include: ../../common/openshift-management/add_container_provider.yml diff --git a/playbooks/byo/openshift-management/add_many_container_providers.yml b/playbooks/byo/openshift-management/add_many_container_providers.yml new file mode 100644 index 000000000..62fdb11c5 --- /dev/null +++ b/playbooks/byo/openshift-management/add_many_container_providers.yml @@ -0,0 +1,36 @@ +--- +- hosts: localhost +  tasks: +  - name: Ensure the container provider configuration is defined +    assert: +      that: container_providers_config is defined +      msg: | +        Error: Must provide providers config path. Fix: Add '-e container_providers_config=/path/to/your/config' to the ansible-playbook command + +  - name: Include providers/management configuration +    include_vars: +      file: "{{ container_providers_config }}" + +  - name: Ensure this cluster is a container provider +    uri: +      url: "https://{{ management_server['hostname'] }}/api/providers" +      body_format: json +      method: POST +      user: "{{ management_server['user'] }}" +      password: "{{ management_server['password'] }}" +      validate_certs: no +      # Docs on formatting the BODY of the POST request: +      # http://manageiq.org/docs/reference/latest/api/reference/providers.html#specifying-connection-configurations +      body: "{{ item }}" +    failed_when: false +    with_items: "{{ container_providers }}" +    register: results + +  # Include openshift_management for access to filter_plugins. +  - include_role: +      name: openshift_management +      tasks_from: noop + +  - name: print each result +    debug: +      msg: "{{ results.results | oo_filter_container_providers }}" diff --git a/playbooks/byo/openshift-management/config.yml b/playbooks/byo/openshift-management/config.yml index 33a555cc1..e8795ef85 100644 --- a/playbooks/byo/openshift-management/config.yml +++ b/playbooks/byo/openshift-management/config.yml @@ -1,7 +1,5 @@  ---  - include: ../openshift-cluster/initialize_groups.yml -  tags: -    - always  - include: ../../common/openshift-cluster/evaluate_groups.yml diff --git a/playbooks/byo/openshift-management/roles b/playbooks/byo/openshift-management/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/byo/openshift-management/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/byo/openshift-management/uninstall.yml b/playbooks/byo/openshift-management/uninstall.yml index ebd6fb261..e95c1c88a 100644 --- a/playbooks/byo/openshift-management/uninstall.yml +++ b/playbooks/byo/openshift-management/uninstall.yml @@ -1,6 +1,2 @@  --- -# - include: ../openshift-cluster/initialize_groups.yml -#   tags: -#     - always -  - include: ../../common/openshift-management/uninstall.yml diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index dbe09dce2..395eb51f1 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -55,7 +55,7 @@  - include: service_catalog.yml    when: openshift_enable_service_catalog | default(false) | bool -- include: openshift_management.yml +- include: ../openshift-management/config.yml    when: openshift_management_install_management | default(false) | bool  - name: Print deprecated variable warning message if necessary diff --git a/playbooks/common/openshift-cluster/create_persistent_volumes.yml b/playbooks/common/openshift-cluster/create_persistent_volumes.yml index 8a60a30b8..ec6f2c52c 100644 --- a/playbooks/common/openshift-cluster/create_persistent_volumes.yml +++ b/playbooks/common/openshift-cluster/create_persistent_volumes.yml @@ -1,4 +1,13 @@  --- +- name: Create persistent volumes +  hosts: oo_first_master +  vars: +    persistent_volumes: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volumes(groups) }}" +    persistent_volume_claims: "{{ hostvars[groups.oo_first_master.0] | oo_persistent_volume_claims }}" +  tasks: +  - debug: var=persistent_volumes +  - debug: var=persistent_volume_claims +  - name: Create Hosted Resources - persistent volumes    hosts: oo_first_master    vars: diff --git a/playbooks/common/openshift-cluster/evaluate_groups.yml b/playbooks/common/openshift-cluster/evaluate_groups.yml index e55b2f964..78b552279 100644 --- a/playbooks/common/openshift-cluster/evaluate_groups.yml +++ b/playbooks/common/openshift-cluster/evaluate_groups.yml @@ -51,7 +51,7 @@      when:      - g_etcd_hosts | default([]) | length not in [3,1]      - not openshift_master_unsupported_embedded_etcd | default(False) -    - not openshift_node_bootstrap | default(False) +    - not (openshift_node_bootstrap | default(False))    - name: Evaluate oo_all_hosts      add_host: diff --git a/playbooks/common/openshift-cluster/initialize_facts.yml b/playbooks/common/openshift-cluster/initialize_facts.yml index be2f8b5f4..0f563adb7 100644 --- a/playbooks/common/openshift-cluster/initialize_facts.yml +++ b/playbooks/common/openshift-cluster/initialize_facts.yml @@ -145,7 +145,19 @@          https_proxy: "{{ openshift_https_proxy | default(None) }}"          no_proxy: "{{ openshift_no_proxy | default(None) }}"          generate_no_proxy_hosts: "{{ openshift_generate_no_proxy_hosts | default(True) }}" -        no_proxy_internal_hostnames: "{{ openshift_no_proxy_internal_hostnames | default(None) }}" + +  - name: Set fact of no_proxy_internal_hostnames +    openshift_facts: +      role: common +      local_facts: +        no_proxy_internal_hostnames: "{{ hostvars | oo_select_keys(groups['oo_nodes_to_config'] +                                             | union(groups['oo_masters_to_config']) +                                             | union(groups['oo_etcd_to_config'] | default([]))) +                                         | oo_collect('openshift.common.hostname') | default([]) | join (',') +                                         }}" +    when: +    - openshift_http_proxy is defined or openshift_https_proxy is defined +    - openshift_generate_no_proxy_hosts | default(True) | bool    - name: initialize_facts set_fact repoquery command      set_fact: diff --git a/playbooks/common/openshift-cluster/initialize_openshift_version.yml b/playbooks/common/openshift-cluster/initialize_openshift_version.yml index e6400ea61..37a5284d5 100644 --- a/playbooks/common/openshift-cluster/initialize_openshift_version.yml +++ b/playbooks/common/openshift-cluster/initialize_openshift_version.yml @@ -1,15 +1,4 @@  --- -# openshift_install_base_package_group may be set in a play variable to limit -# the host groups the base package is installed on.  This is currently used -# for master/control-plane upgrades. -- name: Set version_install_base_package true on masters and nodes -  hosts: "{{ openshift_install_base_package_group | default('oo_masters_to_config:oo_nodes_to_config') }}" -  tasks: -  - name: Set version_install_base_package true -    set_fact: -      version_install_base_package: True -    when: version_install_base_package is not defined -  # NOTE: requires openshift_facts be run  - name: Determine openshift_version to configure on first master    hosts: oo_first_master diff --git a/playbooks/common/openshift-cluster/openshift_management.yml b/playbooks/common/openshift-cluster/openshift_management.yml deleted file mode 100644 index 6e582920b..000000000 --- a/playbooks/common/openshift-cluster/openshift_management.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Management Install Checkpoint Start -  hosts: localhost -  connection: local -  gather_facts: false -  tasks: -  - name: Set Management install 'In Progress' -    set_stats: -      data: -        installer_phase_Management: "In Progress" -      aggregate: false - -- name: Management -  include: ../openshift-management/config.yml - -- name: Management Install Checkpoint End -  hosts: localhost -  connection: local -  gather_facts: false -  tasks: -  - name: Set Management install 'Complete' -    set_stats: -      data: -        installer_phase_Management: "Complete" -      aggregate: false diff --git a/playbooks/common/openshift-cluster/openshift_prometheus.yml b/playbooks/common/openshift-cluster/openshift_prometheus.yml index ac2d250a3..a73b294a5 100644 --- a/playbooks/common/openshift-cluster/openshift_prometheus.yml +++ b/playbooks/common/openshift-cluster/openshift_prometheus.yml @@ -1,5 +1,25 @@  --- +- name: Prometheus Install Checkpoint Start +  hosts: oo_all_hosts +  gather_facts: false +  tasks: +  - name: Set Prometheus install 'In Progress' +    set_stats: +      data: +        installer_phase_prometheus: "In Progress" +      aggregate: false +  - name: Create Hosted Resources - openshift_prometheus    hosts: oo_first_master    roles:    - role: openshift_prometheus + +- name: Prometheus Install Checkpoint End +  hosts: oo_all_hosts +  gather_facts: false +  tasks: +  - name: Set Prometheus install 'Complete' +    set_stats: +      data: +        installer_phase_prometheus: "Complete" +      aggregate: false diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml index 45022cd61..6a5bc24f7 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml @@ -9,16 +9,29 @@        local_facts:          ha: "{{ groups.oo_masters_to_config | length > 1 }}" -  - name: Ensure HA Master is running -    service: -      name: "{{ openshift.common.service_type }}-master-api" -      state: started -      enabled: yes -    when: openshift.common.is_containerized | bool +  - when: openshift.common.is_containerized | bool +    block: +    - set_fact: +        master_services: +        - "{{ openshift.common.service_type }}-master" -  - name: Ensure HA Master is running -    service: -      name: "{{ openshift.common.service_type }}-master-controllers" -      state: started -      enabled: yes -    when: openshift.common.is_containerized | bool +    # In case of the non-ha to ha upgrade. +    - name: Check if the {{ openshift.common.service_type }}-master-api.service exists +      command: > +        systemctl list-units {{ openshift.common.service_type }}-master-api.service --no-legend +      register: master_api_service_status + +    - set_fact: +        master_services: +        - "{{ openshift.common.service_type }}-master-api" +        - "{{ openshift.common.service_type }}-master-controllers" +      when: +      - master_api_service_status.stdout_lines | length > 0 +      - (openshift.common.service_type + '-master-api.service') in master_api_service_status.stdout_lines[0] + +    - name: Ensure Master is running +      service: +        name: "{{ item }}" +        state: started +        enabled: yes +      with_items: "{{ master_services }}" diff --git a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml index 142ce5f3d..13fa37b09 100644 --- a/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml +++ b/playbooks/common/openshift-cluster/upgrades/pre/verify_upgrade_targets.yml @@ -4,6 +4,12 @@      msg: Verify OpenShift is already installed    when: openshift.common.version is not defined +- name: Update oreg_auth docker login credentials if necessary +  include_role: +    name: docker +    tasks_from: registry_auth.yml +  when: oreg_auth_user is defined +  - name: Verify containers are available for upgrade    command: >      docker pull {{ openshift.common.cli_image }}:{{ openshift_image_tag }} @@ -37,7 +43,7 @@      fail:        msg: "OpenShift {{ avail_openshift_version }} is available, but {{ openshift_upgrade_target }} or greater is required"      when: -    - openshift_pkg_version | default('0.0', True) | version_compare(openshift_release, '<') +    - (openshift_pkg_version | default('-0.0', True)).split('-')[1] | version_compare(openshift_release, '<')  - name: Fail when openshift version does not meet minium requirement for Origin upgrade    fail: diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index c37a5f9ab..a5e2f7940 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -90,6 +90,9 @@    - include_vars: ../../../../roles/openshift_master/vars/main.yml +  - name: Update journald config +    include: ../../../../roles/openshift_master/tasks/journald.yml +    - name: Remove any legacy systemd units and update systemd units      include: ../../../../roles/openshift_master/tasks/systemd_units.yml @@ -199,7 +202,7 @@        {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig        policy reconcile-cluster-roles --additive-only=true --confirm -o name      register: reconcile_cluster_role_result -    when: not openshift.common.version_gte_3_7 | bool +    when: openshift_version | version_compare('3.7','<')      changed_when:      - reconcile_cluster_role_result.stdout != ''      - reconcile_cluster_role_result.rc == 0 @@ -214,7 +217,7 @@        --exclude-groups=system:unauthenticated        --exclude-users=system:anonymous        --additive-only=true --confirm -o name -    when: not openshift.common.version_gte_3_7 | bool +    when: openshift_version | version_compare('3.7','<')      register: reconcile_bindings_result      changed_when:      - reconcile_bindings_result.stdout != '' @@ -229,9 +232,11 @@      changed_when:      - reconcile_jenkins_role_binding_result.stdout != ''      - reconcile_jenkins_role_binding_result.rc == 0 -    when: (not openshift.common.version_gte_3_7 | bool) and (openshift.common.version_gte_3_4_or_1_4 | bool) +    when: +    - openshift_version | version_compare('3.7','<') +    - openshift_version | version_compare('3.4','>=') -  - when: (openshift.common.version_gte_3_6 | bool) and (not openshift.common.version_gte_3_7 | bool) +  - when: openshift_upgrade_target | version_compare('3.7','<')      block:      - name: Retrieve shared-resource-viewer        oc_obj: @@ -250,7 +255,6 @@        - "'annotations' in objout['results']['results'][0]['metadata']"        - "'openshift.io/reconcile-protect' in objout['results']['results'][0]['metadata']['annotations']"        - "objout['results']['results'][0]['metadata']['annotations']['openshift.io/reconcile-protect'] == 'true'" -      - copy:          src: "{{ item }}"          dest: "/tmp/{{ item }}" @@ -268,6 +272,12 @@          - "/tmp/{{ __master_shared_resource_viewer_file }}"          delete_after: true        when: __shared_resource_viewer_protected is not defined +      register: result +      retries: 3 +      delay: 5 +      until: result.rc == 0 +      ignore_errors: true +    - name: Reconcile Security Context Constraints      command: > diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml index d69472fad..5e7a66171 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml @@ -41,12 +41,12 @@  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'controllerConfig.servicesServingCert.signer.certFile' +    yaml_key: 'controllerConfig.serviceServingCert.signer.certFile'      yaml_value: service-signer.crt  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'controllerConfig.servicesServingCert.signer.keyFile' +    yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile'      yaml_value: service-signer.key  - modify_yaml: diff --git a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml index f64f0e003..54c85f0fb 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml @@ -68,7 +68,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml index ed89dbe8d..52458e03c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_4/master_config_upgrade.yml @@ -1,16 +1,10 @@  ---  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'admissionConfig.pluginConfig' -    yaml_value: "{{ openshift.master.admission_plugin_config }}" -  when: "'admission_plugin_config' in openshift.master" +    yaml_key: 'controllerConfig.serviceServingCert.signer.certFile' +    yaml_value: service-signer.crt  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'admissionConfig.pluginOrderOverride' -    yaml_value: - -- modify_yaml: -    dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'kubernetesMasterConfig.admissionConfig' -    yaml_value: +    yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' +    yaml_value: service-signer.key diff --git a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml index 43da5b629..d7cb38d03 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml @@ -68,7 +68,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/master_config_upgrade.yml index ed89dbe8d..52458e03c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/master_config_upgrade.yml @@ -1,16 +1,10 @@  ---  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'admissionConfig.pluginConfig' -    yaml_value: "{{ openshift.master.admission_plugin_config }}" -  when: "'admission_plugin_config' in openshift.master" +    yaml_key: 'controllerConfig.serviceServingCert.signer.certFile' +    yaml_value: service-signer.crt  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'admissionConfig.pluginOrderOverride' -    yaml_value: - -- modify_yaml: -    dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'kubernetesMasterConfig.admissionConfig' -    yaml_value: +    yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' +    yaml_value: service-signer.key diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml index 30e719d8f..bda245fe1 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade.yml @@ -112,6 +112,8 @@    - include: ../cleanup_unused_images.yml  - include: ../upgrade_control_plane.yml +  vars: +    master_config_hook: "v3_5/master_config_upgrade.yml"  - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml index e9cec9220..6cdea7b84 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml @@ -72,7 +72,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml index ed89dbe8d..db0c8f886 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/master_config_upgrade.yml @@ -1,16 +1,15 @@  ---  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'admissionConfig.pluginConfig' -    yaml_value: "{{ openshift.master.admission_plugin_config }}" -  when: "'admission_plugin_config' in openshift.master" +    yaml_key: 'controllerConfig.serviceServingCert.signer.certFile' +    yaml_value: service-signer.crt  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'admissionConfig.pluginOrderOverride' -    yaml_value: +    yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' +    yaml_value: service-signer.key  - modify_yaml: -    dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'kubernetesMasterConfig.admissionConfig' -    yaml_value: +    dest: "{{ openshift.common.config_base }}/master/master-config.yaml" +    yaml_key: servingInfo.clientCA +    yaml_value: ca.crt diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml index 920dc2ffc..dd109cfa9 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade.yml @@ -116,6 +116,8 @@    - include: ../cleanup_unused_images.yml  - include: ../upgrade_control_plane.yml +  vars: +    master_config_hook: "v3_6/master_config_upgrade.yml"  - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml index 27d8515dc..8ab68002d 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_6/upgrade_control_plane.yml @@ -76,7 +76,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml index df59a8782..1d4d1919c 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/master_config_upgrade.yml @@ -1,21 +1,20 @@  ---  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'admissionConfig.pluginConfig' -    yaml_value: "{{ openshift.master.admission_plugin_config }}" -  when: "'admission_plugin_config' in openshift.master" +    yaml_key: 'controllerConfig.election.lockName' +    yaml_value: 'openshift-master-controllers'  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'admissionConfig.pluginOrderOverride' -    yaml_value: +    yaml_key: 'controllerConfig.serviceServingCert.signer.certFile' +    yaml_value: service-signer.crt  - modify_yaml:      dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'kubernetesMasterConfig.admissionConfig' -    yaml_value: +    yaml_key: 'controllerConfig.serviceServingCert.signer.keyFile' +    yaml_value: service-signer.key  - modify_yaml: -    dest: "{{ openshift.common.config_base}}/master/master-config.yaml" -    yaml_key: 'controllerConfig.election.lockName' -    yaml_value: 'openshift-master-controllers' +    dest: "{{ openshift.common.config_base }}/master/master-config.yaml" +    yaml_key: servingInfo.clientCA +    yaml_value: ca.crt diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml index f1ca1edb9..f4862e321 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml @@ -120,6 +120,22 @@    - include: ../cleanup_unused_images.yml  - include: ../upgrade_control_plane.yml +  vars: +    master_config_hook: "v3_7/master_config_upgrade.yml" + +# All controllers must be stopped at the same time then restarted +- name: Cycle all controller services to force new leader election mode +  hosts: oo_masters_to_config +  gather_facts: no +  tasks: +  - name: Stop {{ openshift.common.service_type }}-master-controllers +    systemd: +      name: "{{ openshift.common.service_type }}-master-controllers" +      state: stopped +  - name: Start {{ openshift.common.service_type }}-master-controllers +    systemd: +      name: "{{ openshift.common.service_type }}-master-controllers" +      state: started  - include: ../upgrade_nodes.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml index 6c4f9671b..d5a8379d7 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml @@ -80,7 +80,6 @@      # defined, and overriding the normal behavior of protecting the installed version      openshift_release: "{{ openshift_upgrade_target }}"      openshift_protect_installed_version: False -    openshift_install_base_package_group: "oo_masters_to_config"      # We skip the docker role at this point in upgrade to prevent      # unintended package, container, or config upgrades which trigger @@ -128,4 +127,18 @@    vars:      master_config_hook: "v3_7/master_config_upgrade.yml" +# All controllers must be stopped at the same time then restarted +- name: Cycle all controller services to force new leader election mode +  hosts: oo_etcd_to_config +  gather_facts: no +  tasks: +  - name: Stop {{ openshift.common.service_type }}-master-controllers +    systemd: +      name: "{{ openshift.common.service_type }}-master-controllers" +      state: stopped +  - name: Start {{ openshift.common.service_type }}-master-controllers +    systemd: +      name: "{{ openshift.common.service_type }}-master-controllers" +      state: started +  - include: ../post_control_plane.yml diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml index f76fc68d1..8e4f99c91 100644 --- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml +++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml @@ -15,7 +15,7 @@    - name: Confirm OpenShift authorization objects are in sync      command: >        {{ openshift.common.client_binary }} adm migrate authorization -    when: not openshift.common.version_gte_3_7 | bool +    when: openshift_version | version_compare('3.7','<')      changed_when: false      register: l_oc_result      until: l_oc_result.rc == 0 diff --git a/playbooks/common/openshift-etcd/embedded2external.yml b/playbooks/common/openshift-etcd/embedded2external.yml index 9264f3c32..b16b78c4f 100644 --- a/playbooks/common/openshift-etcd/embedded2external.yml +++ b/playbooks/common/openshift-etcd/embedded2external.yml @@ -158,7 +158,7 @@        tasks_from: configure_external_etcd      vars:        etcd_peer_url_scheme: "https" -      etcd_ip: "{{ openshift.common.ip }}" +      etcd_ip: "{{ hostvars[groups.oo_etcd_to_config.0].openshift.common.ip }}"        etcd_peer_port: 2379    # 9. start the master diff --git a/playbooks/common/openshift-etcd/migrate.yml b/playbooks/common/openshift-etcd/migrate.yml index 2456ad3a8..31362f2f6 100644 --- a/playbooks/common/openshift-etcd/migrate.yml +++ b/playbooks/common/openshift-etcd/migrate.yml @@ -1,4 +1,17 @@  --- +- name: Check if the master has embedded etcd +  hosts: localhost +  connection: local +  become: no +  gather_facts: no +  tags: +  - always +  tasks: +  - fail: +      msg: "Migration of an embedded etcd is not supported. Please, migrate the embedded etcd into an external etcd first." +    when: +    - groups.oo_etcd_to_config | default([]) | length == 0 +  - name: Run pre-checks    hosts: oo_etcd_to_migrate    tasks: @@ -60,12 +73,11 @@    hosts: oo_etcd_to_migrate    gather_facts: no    pre_tasks: -  - set_fact: -      l_etcd_service: "{{ 'etcd_container' if openshift.common.is_containerized else 'etcd' }}" -  - name: Disable etcd members -    service: -      name: "{{ l_etcd_service }}" -      state: stopped +  - include_role: +      name: etcd +      tasks_from: disable_etcd +    vars: +      r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"  - name: Migrate data on first etcd    hosts: oo_etcd_to_migrate[0] diff --git a/playbooks/common/openshift-etcd/scaleup.yml b/playbooks/common/openshift-etcd/scaleup.yml index 58848a81b..20061366c 100644 --- a/playbooks/common/openshift-etcd/scaleup.yml +++ b/playbooks/common/openshift-etcd/scaleup.yml @@ -46,7 +46,7 @@      etcd_ca_host: "{{ groups.oo_etcd_to_config.0 }}"      etcd_certificates_etcd_hosts: "{{ groups.oo_etcd_to_config | default([], true) }}"      etcd_initial_cluster_state: "existing" -    initial_etcd_cluster: "{{ etcd_add_check.stdout_lines[3] | regex_replace('ETCD_INITIAL_CLUSTER=','') | regex_replace('\"','') }}" +    etcd_initial_cluster: "{{ etcd_add_check.stdout_lines[3] | regex_replace('ETCD_INITIAL_CLUSTER=','') | regex_replace('\"','') }}"      etcd_ca_setup: False      r_etcd_common_etcd_runtime: "{{ openshift.common.etcd_runtime }}"    - role: nickhammond.logrotate diff --git a/playbooks/common/openshift-management/add_container_provider.yml b/playbooks/common/openshift-management/add_container_provider.yml new file mode 100644 index 000000000..facb3a5b9 --- /dev/null +++ b/playbooks/common/openshift-management/add_container_provider.yml @@ -0,0 +1,8 @@ +--- +- name: Add Container Provider to Management +  hosts: oo_first_master +  tasks: +  - name: Run the Management Integration Tasks +    include_role: +      name: openshift_management +      tasks_from: add_container_provider diff --git a/playbooks/common/openshift-management/config.yml b/playbooks/common/openshift-management/config.yml index 0aaafe440..908679e81 100644 --- a/playbooks/common/openshift-management/config.yml +++ b/playbooks/common/openshift-management/config.yml @@ -1,4 +1,14 @@  --- +- name: Management Install Checkpoint Start +  hosts: oo_all_hosts +  gather_facts: false +  tasks: +  - name: Set Management install 'In Progress' +    set_stats: +      data: +        installer_phase_management: "In Progress" +      aggregate: false +  - name: Setup CFME    hosts: oo_first_master    pre_tasks: @@ -13,3 +23,13 @@        name: openshift_management      vars:        template_dir: "{{ hostvars[groups.masters.0].r_openshift_management_mktemp.stdout }}" + +- name: Management Install Checkpoint End +  hosts: oo_all_hosts +  gather_facts: false +  tasks: +  - name: Set Management install 'Complete' +    set_stats: +      data: +        installer_phase_management: "Complete" +      aggregate: false diff --git a/playbooks/common/openshift-management/uninstall.yml b/playbooks/common/openshift-management/uninstall.yml index 698d93405..9f35cc276 100644 --- a/playbooks/common/openshift-management/uninstall.yml +++ b/playbooks/common/openshift-management/uninstall.yml @@ -1,6 +1,6 @@  ---  - name: Uninstall CFME -  hosts: masters +  hosts: masters[0]    tasks:    - name: Run the CFME Uninstall Role Tasks      include_role: diff --git a/playbooks/common/openshift-master/additional_config.yml b/playbooks/common/openshift-master/additional_config.yml index 1b3eb268a..e1472ce38 100644 --- a/playbooks/common/openshift-master/additional_config.yml +++ b/playbooks/common/openshift-master/additional_config.yml @@ -25,7 +25,7 @@    - role: openshift_hosted_templates      registry_url: "{{ openshift.master.registry_url }}"    - role: openshift_manageiq -    when: openshift_use_manageiq | default(false) | bool +    when: openshift_use_manageiq | default(true) | bool    - role: cockpit      when:      - openshift.common.is_atomic diff --git a/playbooks/common/openshift-master/config.yml b/playbooks/common/openshift-master/config.yml index 6e57f282e..b359919ba 100644 --- a/playbooks/common/openshift-master/config.yml +++ b/playbooks/common/openshift-master/config.yml @@ -206,6 +206,12 @@      when: openshift_use_nuage | default(false) | bool    - role: calico_master      when: openshift_use_calico | default(false) | bool +  tasks: +  - include_role: +      name: kuryr +      tasks_from: master +    when: openshift_use_kuryr | default(false) | bool +    post_tasks:    - name: Create group for deployment type      group_by: key=oo_masters_deployment_type_{{ openshift.common.deployment_type }} diff --git a/playbooks/common/openshift-node/additional_config.yml b/playbooks/common/openshift-node/additional_config.yml index fe51ef833..ac757397b 100644 --- a/playbooks/common/openshift-node/additional_config.yml +++ b/playbooks/common/openshift-node/additional_config.yml @@ -19,10 +19,14 @@    - group_by:        key: oo_nodes_use_{{ (openshift_use_contiv | default(False)) | ternary('contiv','nothing') }}      changed_when: False +  # Create group for kuryr nodes +  - group_by: +      key: oo_nodes_use_{{ (openshift_use_kuryr | default(False)) | ternary('kuryr','nothing') }} +    changed_when: False  - include: etcd_client_config.yml    vars: -    openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv" +    openshift_node_scale_up_group: "oo_nodes_use_flannel:oo_nodes_use_calico:oo_nodes_use_contiv:oo_nodes_use_kuryr"  - name: Additional node config    hosts: oo_nodes_use_flannel @@ -50,3 +54,11 @@    - role: contiv      contiv_role: netplugin      when: openshift_use_contiv | default(false) | bool + +- name: Configure Kuryr node +  hosts: oo_nodes_use_kuryr +  tasks: +  - include_role: +      name: kuryr +      tasks_from: node +    when: openshift_use_kuryr | default(false) | bool diff --git a/playbooks/common/openshift-node/clean_image.yml b/playbooks/common/openshift-node/clean_image.yml new file mode 100644 index 000000000..38753d0af --- /dev/null +++ b/playbooks/common/openshift-node/clean_image.yml @@ -0,0 +1,10 @@ +--- +- name: Configure nodes +  hosts: oo_nodes_to_config:!oo_containerized_master_nodes +  tasks: +  - name: Remove any ansible facts created during AMI creation +    file: +      path: "/etc/ansible/facts.d/{{ item }}" +      state: absent +    with_items: +    - openshift.fact diff --git a/playbooks/common/openshift-node/image_prep.yml b/playbooks/common/openshift-node/image_prep.yml index fc06621ee..30651a1df 100644 --- a/playbooks/common/openshift-node/image_prep.yml +++ b/playbooks/common/openshift-node/image_prep.yml @@ -2,13 +2,13 @@  - name: normalize groups    include: ../../byo/openshift-cluster/initialize_groups.yml -- name: run the std_include +- name: evaluate the groups    include: ../openshift-cluster/evaluate_groups.yml -- name: run the std_include +- name: initialize the facts    include: ../openshift-cluster/initialize_facts.yml -- name: run the std_include +- name: initialize the repositories    include: ../openshift-cluster/initialize_openshift_repos.yml  - name: run node config setup @@ -19,3 +19,6 @@  - name: Re-enable excluders    include: enable_excluders.yml + +- name: Remove any undesired artifacts from build +  include: clean_image.yml | 
