summaryrefslogtreecommitdiffstats
path: root/roles/openshift_excluder
diff options
context:
space:
mode:
Diffstat (limited to 'roles/openshift_excluder')
-rw-r--r--roles/openshift_excluder/README.md17
-rw-r--r--roles/openshift_excluder/defaults/main.yml4
-rw-r--r--roles/openshift_excluder/tasks/adjust.yml23
-rw-r--r--roles/openshift_excluder/tasks/disable.yml26
-rw-r--r--roles/openshift_excluder/tasks/enable.yml21
-rw-r--r--roles/openshift_excluder/tasks/exclude.yml27
-rw-r--r--roles/openshift_excluder/tasks/init.yml12
-rw-r--r--roles/openshift_excluder/tasks/install.yml29
-rw-r--r--roles/openshift_excluder/tasks/reset.yml12
-rw-r--r--roles/openshift_excluder/tasks/status.yml103
-rw-r--r--roles/openshift_excluder/tasks/unexclude.yml23
11 files changed, 215 insertions, 82 deletions
diff --git a/roles/openshift_excluder/README.md b/roles/openshift_excluder/README.md
index 6c90b4e96..e76a15952 100644
--- a/roles/openshift_excluder/README.md
+++ b/roles/openshift_excluder/README.md
@@ -15,8 +15,11 @@ Facts
| Name | Default Value | Description |
-----------------------------|---------------|----------------------------------------|
-| docker_excluder_enabled | none | Records the status of docker excluder |
-| openshift_excluder_enabled | none | Records the status of the openshift excluder |
+| enable_docker_excluder | enable_excluders | Enable docker excluder. If not set, the docker excluder is ignored. |
+| enable_openshift_excluder | enable_excluders | Enable openshift excluder. If not set, the openshift excluder is ignored. |
+| enable_excluders | None | Enable all excluders
+| enable_docker_excluder_override | None | indication the docker excluder needs to be enabled |
+| disable_openshift_excluder_override | None | indication the openshift excluder needs to be disabled |
Role Variables
--------------
@@ -25,6 +28,16 @@ None
Dependencies
------------
+Tasks to include
+----------------
+
+- exclude: enable excluders (assuming excluders are installed)
+- unexclude: disable excluders (assuming excluders are installed)
+- install: install excluders (installation is followed by excluder enabling)
+- enable: enable excluders (optionally with installation step)
+- disabled: disable excluders (optionally with installation and status step, the status check that can override which excluder gets enabled/disabled)
+- status: determine status of excluders
+
Example Playbook
----------------
diff --git a/roles/openshift_excluder/defaults/main.yml b/roles/openshift_excluder/defaults/main.yml
new file mode 100644
index 000000000..0d275e954
--- /dev/null
+++ b/roles/openshift_excluder/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+# keep the 'current' package or update to 'latest' if available?
+openshift_excluder_package_state: present
+docker_excluder_package_state: present
diff --git a/roles/openshift_excluder/tasks/adjust.yml b/roles/openshift_excluder/tasks/adjust.yml
new file mode 100644
index 000000000..6f4070c3d
--- /dev/null
+++ b/roles/openshift_excluder/tasks/adjust.yml
@@ -0,0 +1,23 @@
+---
+# Depending on enablement of individual excluders and their status
+# some excluders needs to be disabled, resp. enabled
+# By default, all excluders are disabled unless overrided.
+- block:
+ - include: init.yml
+ # All excluders that are to be enabled are enabled
+ - include: exclude.yml
+ vars:
+ # Enable the docker excluder only if it is overrided
+ enable_docker_excluder: "{{ enable_docker_excluder_override | default(false) | bool }}"
+ # excluder is to be disabled by default
+ enable_openshift_excluder: false
+ # All excluders that are to be disabled are disabled
+ - include: unexclude.yml
+ vars:
+ # If the docker override is not set, default to the generic behaviour
+ disable_docker_excluder: "{{ not enable_docker_excluder_override | default(not docker_excluder_on) | bool }}"
+ # disable openshift excluder is never overrided to be enabled
+ # disable it if the docker excluder is enabled
+ disable_openshift_excluder: "{{ openshift_excluder_on | bool }}"
+ when:
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/disable.yml b/roles/openshift_excluder/tasks/disable.yml
new file mode 100644
index 000000000..a8deb3eb1
--- /dev/null
+++ b/roles/openshift_excluder/tasks/disable.yml
@@ -0,0 +1,26 @@
+---
+# input variables
+# - with_status_check
+# - with_install
+# - excluder_package_state
+# - docker_excluder_package_state
+- include: init.yml
+
+# Install any excluder that is enabled
+- include: install.yml
+ vars:
+ # Both docker_excluder_on and openshift_excluder_on are set in openshift_excluder->init task
+ install_docker_excluder: "{{ docker_excluder_on | bool }}"
+ install_openshift_excluder: "{{ openshift_excluder_on | bool }}"
+ when: docker_excluder_on or openshift_excluder_on
+
+ # if the docker excluder is not enabled, we don't care about its status
+ # it the docker excluder is enabled, we install it and in case its status is non-zero
+ # it is enabled no matter what
+
+# Check the current state of all excluders
+- include: status.yml
+ when: with_status_check | default(docker_excluder_on or openshift_excluder_on) | bool
+
+ # And finally adjust an excluder in order to update host components correctly
+- include: adjust.yml
diff --git a/roles/openshift_excluder/tasks/enable.yml b/roles/openshift_excluder/tasks/enable.yml
new file mode 100644
index 000000000..ef6fc4a01
--- /dev/null
+++ b/roles/openshift_excluder/tasks/enable.yml
@@ -0,0 +1,21 @@
+---
+# input variables:
+# - with_install
+- block:
+ - include: init.yml
+
+ - include: install.yml
+ vars:
+ install_docker_excluder: "{{ docker_excluder_on | bool }}"
+ install_openshift_excluder: "{{ openshift_excluder_on | bool }}"
+ when: with_install | default(docker_excluder_on or openshift_excluder_on) | bool
+
+ - include: exclude.yml
+ vars:
+ # Enable the docker excluder only if it is overrided, resp. enabled by default (in that order)
+ enable_docker_excluder: "{{ enable_docker_excluder_override | default(docker_excluder_on) | bool }}"
+ # Enable the openshift excluder only if it is not overrided, resp. enabled by default (in that order)
+ enable_openshift_excluder: "{{ not disable_openshift_excluder_override | default(not openshift_excluder_on) | bool }}"
+
+ when:
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/exclude.yml b/roles/openshift_excluder/tasks/exclude.yml
index 570183aef..ee0ad8a0b 100644
--- a/roles/openshift_excluder/tasks/exclude.yml
+++ b/roles/openshift_excluder/tasks/exclude.yml
@@ -1,11 +1,20 @@
---
-- include: install.yml
- when: not openshift.common.is_containerized | bool
+# input variables:
+# - enable_docker_excluder
+# - enable_openshift_excluder
+- block:
+ - name: Enable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+ # if the docker override is set, it means the docker excluder needs to be enabled no matter what
+ # if the docker override is not set, the excluder is set based on enable_docker_excluder
+ when:
+ - enable_docker_excluder | default(false) | bool
-- name: Enable docker excluder
- command: "{{ openshift.common.service_type }}-docker-excluder exclude"
- when: not openshift.common.is_containerized | bool
-
-- name: Enable excluder
- command: "{{ openshift.common.service_type }}-excluder exclude"
- when: not openshift.common.is_containerized | bool
+ - name: Enable openshift excluder
+ command: "{{ openshift.common.service_type }}-excluder exclude"
+ # if the openshift override is set, it means the openshift excluder is disabled no matter what
+ # if the openshift override is not set, the excluder is set based on enable_openshift_excluder
+ when:
+ - enable_openshift_excluder | default(false) | bool
+ when:
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/init.yml b/roles/openshift_excluder/tasks/init.yml
new file mode 100644
index 000000000..dee779925
--- /dev/null
+++ b/roles/openshift_excluder/tasks/init.yml
@@ -0,0 +1,12 @@
+---
+- name: Evalute if docker excluder is to be enabled
+ set_fact:
+ docker_excluder_on: "{{ enable_docker_excluder | default(enable_excluders | default(false)) | bool }}"
+
+- debug: var=docker_excluder_on
+
+- name: Evalute if openshift excluder is to be enabled
+ set_fact:
+ openshift_excluder_on: "{{ enable_openshift_excluder | default(enable_excluders | default(false)) | bool }}"
+
+- debug: var=openshift_excluder_on
diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml
index ee4cb2c05..01fe5da55 100644
--- a/roles/openshift_excluder/tasks/install.yml
+++ b/roles/openshift_excluder/tasks/install.yml
@@ -1,16 +1,21 @@
---
-- name: Install latest excluder
- package:
- name: "{{ openshift.common.service_type }}-excluder"
- state: latest
- when:
- - openshift_excluder_enabled | default(false) | bool
- - not openshift.common.is_containerized | bool
+# input Variables
+# - install_docker_excluder
+# - install_openshift_excluder
+- block:
+
+ - name: Install docker excluder
+ package:
+ name: "{{ openshift.common.service_type }}-docker-excluder"
+ state: "{{ docker_excluder_package_state }}"
+ when:
+ - install_docker_excluder | default(true) | bool
-- name: Install latest docker excluder
- package:
- name: "{{ openshift.common.service_type }}-excluder"
- state: latest
+ - name: Install openshift excluder
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: "{{ openshift_excluder_package_state }}"
+ when:
+ - install_openshift_excluder | default(true) | bool
when:
- - docker_excluder_enabled | default(false) | bool
- not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/reset.yml b/roles/openshift_excluder/tasks/reset.yml
deleted file mode 100644
index 486a23fd0..000000000
--- a/roles/openshift_excluder/tasks/reset.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-- name: Enable docker excluder
- command: "{{ openshift.common.service_type }}-docker-excluder exclude"
- when:
- - docker_excluder_enabled | default(false) | bool
- - not openshift.common.is_containerized | bool
-
-- name: Enable excluder
- command: "{{ openshift.common.service_type }}-excluder exclude"
- when:
- - openshift_excluder_enabled | default(false) | bool
- - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/status.yml b/roles/openshift_excluder/tasks/status.yml
index ef118d94c..40bf98c18 100644
--- a/roles/openshift_excluder/tasks/status.yml
+++ b/roles/openshift_excluder/tasks/status.yml
@@ -1,8 +1,4 @@
---
-# Latest versions of the excluders include a status function, old packages dont
-# So, if packages are installed, upgrade them to the latest so we get the status
-# If they're not installed when we should assume they're disabled
-
- name: Determine if excluder packages are installed
rpm_q:
name: "{{ openshift.common.service_type }}-excluder"
@@ -10,49 +6,78 @@
register: openshift_excluder_installed
failed_when: false
+# docker excluder needs to be enable by default
- name: Determine if docker packages are installed
rpm_q:
- name: "{{ openshift.common.service_type }}-excluder"
+ name: "{{ openshift.common.service_type }}-docker-excluder"
state: present
register: docker_excluder_installed
failed_when: false
-- name: Update to latest excluder packages
- package:
- name: "{{ openshift.common.service_type }}-excluder"
- state: latest
- when:
- - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
- - not openshift.common.is_containerized | bool
+# The excluder status function returns 0 when everything is excluded
+# and 1 if any packages are missing from the exclusions list and outputs a warning to stderr
+# # atomic-openshift-excluder status ; echo $?
+# exclude -- All packages excluded
+# 0
+# # atomic-openshift-excluder unexclude
+# # atomic-openshift-excluder status ; echo $?
+# unexclude -- At least one package not excluded
+# 1
-- name: Update to the latest docker-excluder packages
- package:
- name: "{{ openshift.common.service_type }}-docker-excluder"
- state: latest
- when:
- - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
- - not openshift.common.is_containerized | bool
+- block:
+ - include: init.yml
+ - block:
+ - name: Record openshift excluder status
+ command: "{{ openshift.common.service_type }}-excluder status"
+ register: excluder_status
+ failed_when: false
-- name: Record excluder status
- command: "{{ openshift.common.service_type }}-excluder"
- register: excluder_status
- when:
- - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
- - not openshift.common.is_containerized | bool
- failed_when: false
+ # Even though the openshift excluder is enabled
+ # if the status is non-zero, disabled the excluder
+ - name: Override openshift excluder enablement if the status is non-zero
+ set_fact:
+ disable_openshift_excluder_override: true
+ when:
+ - "{{ excluder_status.rc | default(0) != 0 }}"
-- name: Record docker excluder status
- command: "{{ openshift.common.service_type }}-docker-excluder"
- register: docker_excluder_status
- when:
- - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
- - not openshift.common.is_containerized | bool
- failed_when: false
+ - debug:
+ msg: "Disabling openshift excluder"
+ when:
+ - "{{ excluder_status.rc | default(0) != 0 }}"
+
+ when:
+ - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - "{{ openshift_excluder_on }}"
+
+ - block:
+ - name: Record docker excluder status
+ command: "{{ openshift.common.service_type }}-docker-excluder status"
+ register: docker_excluder_status
+ failed_when: false
-- name: Set excluder status facts
- set_fact:
- docker_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or docker_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
- openshift_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or openshift_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+ # If the docker excluder is installed and the status is non-zero
+ # always enable the docker excluder
+ - name: Override docker excluder enablement if the status is non-zero
+ set_fact:
+ enable_docker_excluder_override: true
+ when:
+ - "{{ docker_excluder_status.rc | default(0) != 0 }}"
-- debug: var=docker_excluder_enabled
-- debug: var=openshift_excluder_enabled
+ - debug:
+ msg: "Enabling docker excluder"
+ when:
+ - "{{ docker_excluder_status.rc | default(0) != 0 }}"
+
+ # As the docker excluder status is not satisfied,
+ # re-enable entire docker excluder again
+ # At the same time keep the override set in a case other task would
+ - name: Enable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+
+ # Run the docker excluder status even if the excluder is disabled.
+ # In order to determine of the excluder needs to be enabled.
+ when:
+ - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+
+ when:
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/unexclude.yml b/roles/openshift_excluder/tasks/unexclude.yml
index 38f0759aa..4df92bc65 100644
--- a/roles/openshift_excluder/tasks/unexclude.yml
+++ b/roles/openshift_excluder/tasks/unexclude.yml
@@ -1,12 +1,19 @@
---
-- name: disable docker excluder
- command: "{{ openshift.common.service_type }}-docker-excluder unexclude"
- when:
- - docker_excluder_enabled | bool
- - not openshift.common.is_containerized | bool
+# input variables:
+# - disable_docker_excluder
+# - disable_openshift_excluder
+- block:
+ - include: init.yml
+
+ - name: disable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder unexclude"
+ when:
+ - disable_docker_excluder | default(false) | bool
+
+ - name: disable openshift excluder
+ command: "{{ openshift.common.service_type }}-excluder unexclude"
+ when:
+ - disable_openshift_excluder | default(false) | bool
-- name: disable excluder
- command: "{{ openshift.common.service_type }}-excluder unexclude"
when:
- - openshift_excluder_enabled | bool
- not openshift.common.is_containerized | bool
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 03:31:53 +0000