summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorewolinetz <ewolinet@redhat.com>2017-02-27 15:55:01 -0600
committerewolinetz <ewolinet@redhat.com>2017-02-28 12:46:15 -0600
commit6a0c52a0642b1e962246633bf6bb8a0cde3930ba (patch)
treedba6aa5663f86a784c8bc1038179400c67460654
parent29b5e97870bf3c24a433b906ea56c8a21b392e0a (diff)
downloadopenshift-6a0c52a0642b1e962246633bf6bb8a0cde3930ba.tar.gz
openshift-6a0c52a0642b1e962246633bf6bb8a0cde3930ba.tar.bz2
openshift-6a0c52a0642b1e962246633bf6bb8a0cde3930ba.tar.xz
openshift-6a0c52a0642b1e962246633bf6bb8a0cde3930ba.zip
Adding changed_whens for role, rolebinding, and scc reconciliation based on output from oadm policy command
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml24
1 files changed, 20 insertions, 4 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index fd01a6625..08cc2cc42 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -173,7 +173,11 @@
- name: Reconcile Cluster Roles
command: >
{{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig
- policy reconcile-cluster-roles --additive-only=true --confirm
+ policy reconcile-cluster-roles --additive-only=true --confirm -o name
+ register: reconcile_cluster_role_result
+ changed_when:
+ - reconcile_cluster_role_result.stdout.length > 0
+ - reconcile_cluster_role_result.rc == 0
run_once: true
- name: Reconcile Cluster Role Bindings
@@ -184,19 +188,31 @@
--exclude-groups=system:authenticated:oauth
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
- --additive-only=true --confirm
+ --additive-only=true --confirm -o name
when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
+ register: reconcile_bindings_result
+ changed_when:
+ - reconcile_bindings_result.stdout.length > 0
+ - reconcile_bindings_result.rc == 0
run_once: true
- name: Reconcile Jenkins Pipeline Role Bindings
command: >
- {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm
+ {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm -o name
run_once: true
+ register: reconcile_jenkens_role_binding_result
+ changed_when:
+ - reconcile_jenkins_role_binding_result.stdout.length > 0
+ - reconcile_jenkins_role_binding_result.rc == 0
when: openshift.common.version_gte_3_4_or_1_4 | bool
- name: Reconcile Security Context Constraints
command: >
- {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true
+ {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true -o name
+ register: reconcile_scc_result
+ changed_when:
+ - reconcile_scc_result.stdout.length > 0
+ - reconcile_scc_result.rc == 0
run_once: true
- set_fact: