From 6a0c52a0642b1e962246633bf6bb8a0cde3930ba Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Mon, 27 Feb 2017 15:55:01 -0600
Subject: Adding changed_whens for role, rolebinding, and scc reconciliation
 based on output from oadm policy command

---
 .../upgrades/upgrade_control_plane.yml             | 24 ++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

(limited to 'playbooks')

diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index fd01a6625..08cc2cc42 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -173,7 +173,11 @@
   - name: Reconcile Cluster Roles
     command: >
       {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig
-      policy reconcile-cluster-roles --additive-only=true --confirm
+      policy reconcile-cluster-roles --additive-only=true --confirm -o name
+    register: reconcile_cluster_role_result
+    changed_when:
+      - reconcile_cluster_role_result.stdout.length > 0
+      - reconcile_cluster_role_result.rc == 0
     run_once: true
 
   - name: Reconcile Cluster Role Bindings
@@ -184,19 +188,31 @@
       --exclude-groups=system:authenticated:oauth
       --exclude-groups=system:unauthenticated
       --exclude-users=system:anonymous
-      --additive-only=true --confirm
+      --additive-only=true --confirm -o name
     when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
+    register: reconcile_bindings_result
+    changed_when:
+      - reconcile_bindings_result.stdout.length > 0
+      - reconcile_bindings_result.rc == 0
     run_once: true
 
   - name: Reconcile Jenkins Pipeline Role Bindings
     command: >
-      {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm
+      {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm -o name
     run_once: true
+    register: reconcile_jenkens_role_binding_result
+    changed_when:
+      - reconcile_jenkins_role_binding_result.stdout.length > 0
+      - reconcile_jenkins_role_binding_result.rc == 0
     when: openshift.common.version_gte_3_4_or_1_4  | bool
 
   - name: Reconcile Security Context Constraints
     command: >
-      {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true
+      {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true -o name
+    register: reconcile_scc_result
+    changed_when:
+      - reconcile_scc_result.stdout.length > 0
+      - reconcile_scc_result.rc == 0
     run_once: true
 
   - set_fact:
-- 
cgit v1.2.1


From f7c801f77284da83ccc18aee771e11ce17f59dd2 Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Wed, 1 Mar 2017 17:08:14 -0600
Subject: Resolving yammlint errors

---
 .../openshift-cluster/upgrades/upgrade_control_plane.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'playbooks')

diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 08cc2cc42..5d3af2c26 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -176,8 +176,8 @@
       policy reconcile-cluster-roles --additive-only=true --confirm -o name
     register: reconcile_cluster_role_result
     changed_when:
-      - reconcile_cluster_role_result.stdout.length > 0
-      - reconcile_cluster_role_result.rc == 0
+    - reconcile_cluster_role_result.stdout.length > 0
+    - reconcile_cluster_role_result.rc == 0
     run_once: true
 
   - name: Reconcile Cluster Role Bindings
@@ -192,8 +192,8 @@
     when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
     register: reconcile_bindings_result
     changed_when:
-      - reconcile_bindings_result.stdout.length > 0
-      - reconcile_bindings_result.rc == 0
+    - reconcile_bindings_result.stdout.length > 0
+    - reconcile_bindings_result.rc == 0
     run_once: true
 
   - name: Reconcile Jenkins Pipeline Role Bindings
@@ -202,8 +202,8 @@
     run_once: true
     register: reconcile_jenkens_role_binding_result
     changed_when:
-      - reconcile_jenkins_role_binding_result.stdout.length > 0
-      - reconcile_jenkins_role_binding_result.rc == 0
+    - reconcile_jenkins_role_binding_result.stdout.length > 0
+    - reconcile_jenkins_role_binding_result.rc == 0
     when: openshift.common.version_gte_3_4_or_1_4  | bool
 
   - name: Reconcile Security Context Constraints
@@ -211,8 +211,8 @@
       {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true -o name
     register: reconcile_scc_result
     changed_when:
-      - reconcile_scc_result.stdout.length > 0
-      - reconcile_scc_result.rc == 0
+    - reconcile_scc_result.stdout.length > 0
+    - reconcile_scc_result.rc == 0
     run_once: true
 
   - set_fact:
-- 
cgit v1.2.1


From 352917ae21424ba518d0fe4513dcc540c7698ae4 Mon Sep 17 00:00:00 2001
From: ewolinetz <ewolinet@redhat.com>
Date: Thu, 2 Mar 2017 11:38:32 -0600
Subject: Updating stdout check for changed_when

---
 .../openshift-cluster/upgrades/upgrade_control_plane.yml       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'playbooks')

diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index 5d3af2c26..babb7191d 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -176,7 +176,7 @@
       policy reconcile-cluster-roles --additive-only=true --confirm -o name
     register: reconcile_cluster_role_result
     changed_when:
-    - reconcile_cluster_role_result.stdout.length > 0
+    - reconcile_cluster_role_result.stdout != ''
     - reconcile_cluster_role_result.rc == 0
     run_once: true
 
@@ -192,7 +192,7 @@
     when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
     register: reconcile_bindings_result
     changed_when:
-    - reconcile_bindings_result.stdout.length > 0
+    - reconcile_bindings_result.stdout != ''
     - reconcile_bindings_result.rc == 0
     run_once: true
 
@@ -200,9 +200,9 @@
     command: >
       {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm -o name
     run_once: true
-    register: reconcile_jenkens_role_binding_result
+    register: reconcile_jenkins_role_binding_result
     changed_when:
-    - reconcile_jenkins_role_binding_result.stdout.length > 0
+    - reconcile_jenkins_role_binding_result.stdout != ''
     - reconcile_jenkins_role_binding_result.rc == 0
     when: openshift.common.version_gte_3_4_or_1_4  | bool
 
@@ -211,7 +211,7 @@
       {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true -o name
     register: reconcile_scc_result
     changed_when:
-    - reconcile_scc_result.stdout.length > 0
+    - reconcile_scc_result.stdout != ''
     - reconcile_scc_result.rc == 0
     run_once: true
 
-- 
cgit v1.2.1