diff options
Diffstat (limited to 'playbooks')
19 files changed, 110 insertions, 35 deletions
diff --git a/playbooks/adhoc/openshift_hosted_logging_efk.yaml b/playbooks/adhoc/openshift_hosted_logging_efk.yaml index 0b30a221d..e83351272 100644 --- a/playbooks/adhoc/openshift_hosted_logging_efk.yaml +++ b/playbooks/adhoc/openshift_hosted_logging_efk.yaml @@ -1,7 +1,7 @@ --- - hosts: masters[0] roles: - - role: openshift_hosted_logging + - role: openshift_logging openshift_hosted_logging_cleanup: no - name: Update master-config for publicLoggingURL @@ -11,6 +11,6 @@ logging_hostname: "{{ openshift_hosted_logging_hostname | default('kibana.' ~ (openshift_master_default_subdomain | default('router.default.svc.cluster.local', true))) }}" tasks: - include_role: - name: openshift_hosted_logging + name: openshift_logging tasks_from: update_master_config when: openshift_hosted_logging_deploy | default(false) | bool diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml index bb08ca837..b1510e062 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml @@ -46,6 +46,10 @@ tags: - pre_upgrade +- include: ../../../../common/openshift-cluster/disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml index 907196d8f..d791e89f6 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml @@ -51,6 +51,10 @@ tags: - pre_upgrade +- include: ../../../../common/openshift-cluster/disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml index 5e28072da..f0b2a2c75 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml @@ -47,6 +47,10 @@ tags: - pre_upgrade +- include: ../../../../common/openshift-cluster/disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml index 6b69348b7..82a1d0935 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml @@ -46,6 +46,10 @@ tags: - pre_upgrade +- include: ../../../../common/openshift-cluster/disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml index 25b669f86..d1c2bd17a 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml @@ -51,6 +51,10 @@ tags: - pre_upgrade +- include: ../../../../common/openshift-cluster/disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml index 9868cb5b4..f6e66c477 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml @@ -47,6 +47,10 @@ tags: - pre_upgrade +- include: ../disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml index bef15eaab..e55ab1b16 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml @@ -46,6 +46,10 @@ tags: - pre_upgrade +- include: ../../../../common/openshift-cluster/disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml index dd88dde5f..e18b4280c 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml @@ -51,6 +51,10 @@ tags: - pre_upgrade +- include: ../../../../common/openshift-cluster/disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml index 931a1bcd7..259be6f8e 100644 --- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml +++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml @@ -47,6 +47,10 @@ tags: - pre_upgrade +- include: ../../../../common/openshift-cluster/disable_excluder.yml + tags: + - pre_upgrade + - include: ../../../../common/openshift-cluster/initialize_openshift_version.yml tags: - pre_upgrade diff --git a/playbooks/byo/openshift-preflight/roles b/playbooks/byo/openshift-preflight/roles new file mode 120000 index 000000000..20c4c58cf --- /dev/null +++ b/playbooks/byo/openshift-preflight/roles @@ -0,0 +1 @@ +../../../roles
\ No newline at end of file diff --git a/playbooks/byo/rhel_subscribe.yml b/playbooks/byo/rhel_subscribe.yml index 62f62680e..65c0b1c01 100644 --- a/playbooks/byo/rhel_subscribe.yml +++ b/playbooks/byo/rhel_subscribe.yml @@ -1,5 +1,5 @@ --- -- include: ../../common/openshift-cluster/std_include.yml +- include: ../common/openshift-cluster/std_include.yml tags: - always diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml index a0ba735ab..113b401f9 100644 --- a/playbooks/common/openshift-cluster/config.yml +++ b/playbooks/common/openshift-cluster/config.yml @@ -26,6 +26,10 @@ openshift_docker_selinux_enabled: "{{ lookup('oo_option', 'docker_selinux_enabled') }}" when: openshift_docker_selinux_enabled is not defined +- include: disable_excluder.yml + tags: + - always + - include: ../openshift-etcd/config.yml tags: - etcd diff --git a/playbooks/common/openshift-cluster/disable_excluder.yml b/playbooks/common/openshift-cluster/disable_excluder.yml new file mode 100644 index 000000000..eb146bab8 --- /dev/null +++ b/playbooks/common/openshift-cluster/disable_excluder.yml @@ -0,0 +1,11 @@ +--- +- name: Record excluder state and disable + hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_role: + name: openshift_excluder + tasks_from: status + - include_role: + name: openshift_excluder + tasks_from: unexclude diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml index 3c4a99887..7b58eebc3 100644 --- a/playbooks/common/openshift-cluster/openshift_hosted.yml +++ b/playbooks/common/openshift-cluster/openshift_hosted.yml @@ -27,21 +27,21 @@ logging_elasticsearch_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}" roles: - role: openshift_hosted - - role: openshift_hosted_metrics + - role: openshift_metrics when: openshift_hosted_metrics_deploy | default(false) | bool - - role: openshift_hosted_logging + - role: openshift_logging when: openshift_hosted_logging_deploy | default(false) | bool - openshift_hosted_logging_hostname: "{{ logging_hostname }}" - openshift_hosted_logging_ops_hostname: "{{ logging_ops_hostname }}" - openshift_hosted_logging_master_public_url: "{{ logging_master_public_url }}" - openshift_hosted_logging_elasticsearch_cluster_size: "{{ logging_elasticsearch_cluster_size }}" - openshift_hosted_logging_elasticsearch_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" - openshift_hosted_logging_elasticsearch_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}" - openshift_hosted_logging_elasticsearch_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" - openshift_hosted_logging_elasticsearch_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}" - openshift_hosted_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" - openshift_hosted_logging_elasticsearch_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs' ] else '' }}" - openshift_hosted_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) =='dynamic' else '' }}" + openshift_logging_kibana_hostname: "{{ logging_hostname }}" + openshift_logging_kibana_ops_hostname: "{{ logging_ops_hostname }}" + openshift_logging_master_public_url: "{{ logging_master_public_url }}" + openshift_logging_es_cluster_size: "{{ logging_elasticsearch_cluster_size }}" + openshift_logging_es_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" + openshift_logging_es_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}" + openshift_logging_es_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" + openshift_logging_es_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}" + openshift_logging_es_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}" + openshift_logging_es_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs' ] else '' }}" + openshift_logging_es_ops_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) =='dynamic' else '' }}" - role: cockpit-ui when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool) diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml index 03d64685d..a9e9f0915 100644 --- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml +++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml @@ -44,25 +44,26 @@ when: l_router_dc.rc == 0 and 'OPENSHIFT_CA_DATA' in router_env_vars and 'OPENSHIFT_CERT_DATA' in router_env_vars and 'OPENSHIFT_KEY_DATA' in router_env_vars - block: - - name: Generate router certificate + - name: Delete existing router certificate secret command: > - {{ openshift.common.client_binary }} adm ca create-server-cert - --hostnames=router.default.svc,router.default.svc.cluster.local - --signer-cert={{ openshift.common.config_base }}/master/service-signer.crt - --signer-key={{ openshift.common.config_base }}/master/service-signer.key - --signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt - --cert={{ mktemp.stdout }}/tls.crt - --key={{ mktemp.stdout }}/tls.key + {{ openshift.common.client_binary }} delete secret/router-certs + --config={{ mktemp.stdout }}/admin.kubeconfig + -n default - - name: Update router certificates secret - shell: > - {{ openshift.common.client_binary }} secret new router-certs - {{ mktemp.stdout }}/tls.crt - {{ mktemp.stdout }}/tls.key - --type=kubernetes.io/tls + - name: Remove router service annotations + command: > + {{ openshift.common.client_binary }} annotate service/router + service.alpha.openshift.io/serving-cert-secret-name- + service.alpha.openshift.io/serving-cert-signed-by- + --config={{ mktemp.stdout }}/admin.kubeconfig + -n default + + - name: Add serving-cert-secret annotation to router service + command: > + {{ openshift.common.client_binary }} annotate service/router + service.alpha.openshift.io/serving-cert-secret-name=router-certs --config={{ mktemp.stdout }}/admin.kubeconfig -n default - -o json | oc replace -f - when: l_router_dc.rc == 0 and 'router-certs' in router_secrets - name: Redeploy router diff --git a/playbooks/common/openshift-cluster/reset_excluder.yml b/playbooks/common/openshift-cluster/reset_excluder.yml new file mode 100644 index 000000000..fe86f4c23 --- /dev/null +++ b/playbooks/common/openshift-cluster/reset_excluder.yml @@ -0,0 +1,8 @@ +--- +- name: Re-enable excluder if it was previously enabled + hosts: l_oo_all_hosts + gather_facts: no + tasks: + - include_role: + name: openshift_excluder + tasks_from: reset diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 2bbcbe1f8..4135f7e94 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -26,21 +26,26 @@ registry_url: "{{ openshift.master.registry_url }}" openshift_hosted_templates_import_command: replace pre_tasks: + + # TODO: remove temp_skip_router_registry_upgrade variable. This is a short term hack + # to allow ops to use this control plane upgrade, without triggering router/registry + # upgrade which has not yet been synced with their process. - name: Collect all routers command: > {{ oc_cmd }} get pods --all-namespaces -l 'router' -o json register: all_routers failed_when: false changed_when: false + when: temp_skip_router_registry_upgrade is not defined - set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}" - when: all_routers.rc == 0 + when: all_routers.rc == 0 and temp_skip_router_registry_upgrade is not defined - set_fact: haproxy_routers=[] - when: all_routers.rc != 0 + when: all_routers.rc != 0 and temp_skip_router_registry_upgrade is not defined - name: Update router image to current version - when: all_routers.rc == 0 + when: all_routers.rc == 0 and temp_skip_router_registry_upgrade is not defined command: > {{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -n {{ item['namespace'] }} -p '{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}' @@ -53,9 +58,10 @@ register: _default_registry failed_when: false changed_when: false + when: temp_skip_router_registry_upgrade is not defined - name: Update registry image to current version - when: _default_registry.rc == 0 + when: _default_registry.rc == 0 and temp_skip_router_registry_upgrade is not defined command: > {{ oc_cmd }} patch dc/docker-registry -n default -p '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}' @@ -74,3 +80,7 @@ - name: Warn if pluginOrderOverride is in use in master-config.yaml debug: msg="WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information." when: not grep_plugin_order_override | skipped and grep_plugin_order_override.rc == 0 + +- include: ../reset_excluder.yml + tags: + - always diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml index 59188c570..e45b635f7 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml @@ -51,3 +51,7 @@ until: node_sched.rc == 0 retries: 3 delay: 1 + +- include: ../reset_excluder.yml + tags: + - always |