diff options
Diffstat (limited to 'playbooks/common/openshift-cluster/upgrades/post_control_plane.yml')
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/post_control_plane.yml | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml index 1b57521df..edc5aa9c5 100644 --- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml @@ -1,7 +1,15 @@ --- -############################################################################### -# Post upgrade - Upgrade default router, default registry and examples -############################################################################### +#################################################################################### +# Post upgrade - Upgrade web console, default router, default registry, and examples +#################################################################################### +- name: Upgrade web console + hosts: oo_first_master + roles: + - role: openshift_web_console + when: + - openshift_web_console_install | default(true) | bool + - openshift_upgrade_target is version_compare('3.9','>=') + - name: Upgrade default router and default registry hosts: oo_first_master vars: @@ -105,6 +113,29 @@ registry_url: "{{ openshift.master.registry_url }}" openshift_hosted_templates_import_command: replace + post_tasks: + # Do not perform these tasks when the registry is insecure. The default registry is insecure in openshift_hosted/defaults/main.yml + - when: not (openshift_docker_hosted_registry_insecure | default(True)) + block: + # we need to migrate customers to the new pattern of pushing to the registry via dns + # Step 1: verify the certificates have the docker registry service name + - name: shell command to determine if the docker-registry.default.svc is found in the registry certificate + shell: > + echo -n | openssl s_client -showcerts -servername docker-registry.default.svc -connect docker-registry.default.svc:5000 | openssl x509 -text | grep -A1 'X509v3 Subject Alternative Name:' | grep -Pq 'DNS:docker-registry\.default\.svc(,|$)' + register: cert_output + changed_when: false + failed_when: + - cert_output.rc not in [0, 1] + + # Step 2: Set a fact to be used to determine if we should run the redeploy of registry certs + - name: set a fact to include the registry certs playbook if needed + set_fact: + openshift_hosted_rollout_certs_and_registry: "{{ cert_output.rc == 0 }}" + +# Run the redeploy certs based upon the certificates. Defaults to False for insecure registries +- when: (hostvars[groups.oo_first_master.0].openshift_hosted_rollout_certs_and_registry | default(False)) | bool + import_playbook: ../../../openshift-hosted/private/redeploy-registry-certificates.yml + # Check for warnings to be printed at the end of the upgrade: - name: Clean up and display warnings hosts: oo_masters_to_config @@ -134,3 +165,10 @@ msg: "WARNING the shared-resource-viewer role could not be upgraded to 3.6 spec because it's marked protected, please see https://bugzilla.redhat.com/show_bug.cgi?id=1493213" when: - __shared_resource_viewer_protected | default(false) + +- name: Upgrade Service Catalog + hosts: oo_first_master + roles: + - role: openshift_service_catalog + when: + - openshift_enable_service_catalog | default(true) | bool |