blob: 3552b8734ad94a5a656a77061b75214bb2f06239 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
---
###############################################################################
# The restart playbook should be run after this playbook completes.
###############################################################################
- include: docker_upgrade.yml
when: not openshift.common.is_atomic | bool
###############################################################################
# Upgrade Masters
###############################################################################
- name: Upgrade master
hosts: oo_masters_to_config
tasks:
- include: rpm_upgrade.yml component=master
when: not openshift.common.is_containerized | bool
- include: containerized_upgrade.yml
when: openshift.common.is_containerized | bool
# - name: Upgrade master configuration
# openshift_upgrade_config:
# from_version: '3.1'
# to_version: '3.2'
# role: master
# config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}"
- name: Set master update status to complete
hosts: oo_masters_to_config
tasks:
- set_fact:
master_update_complete: True
##############################################################################
# Gate on master update complete
##############################################################################
- name: Gate on master update
hosts: localhost
connection: local
become: no
tasks:
- set_fact:
master_update_completed: "{{ hostvars
| oo_select_keys(groups.oo_masters_to_config)
| oo_collect('inventory_hostname', {'master_update_complete': true}) }}"
- set_fact:
master_update_failed: "{{ groups.oo_masters_to_config | difference(master_update_completed) }}"
- fail:
msg: "Upgrade cannot continue. The following masters did not finish updating: {{ master_update_failed | join(',') }}"
when: master_update_failed | length > 0
###############################################################################
# Upgrade Nodes
###############################################################################
- name: Upgrade nodes
hosts: oo_nodes_to_config
tasks:
- include: rpm_upgrade.yml
vars:
component: "node"
openshift_version: "{{ openshift_pkg_version | default('') }}"
when: not openshift.common.is_containerized | bool
- include: containerized_upgrade.yml
when: openshift.common.is_containerized | bool
# This will restart the node
- name: Restart openvswitch service
service: name="{{ openshift.common.service_type }}-node" state=restarted
- set_fact:
node_update_complete: True
##############################################################################
# Gate on nodes update
##############################################################################
- name: Gate on nodes update
hosts: localhost
connection: local
become: no
tasks:
- set_fact:
node_update_completed: "{{ hostvars
| oo_select_keys(groups.oo_nodes_to_config)
| oo_collect('inventory_hostname', {'node_update_complete': true}) }}"
- set_fact:
node_update_failed: "{{ groups.oo_nodes_to_config | difference(node_update_completed) }}"
- fail:
msg: "Upgrade cannot continue. The following nodes did not finish updating: {{ node_update_failed | join(',') }}"
when: node_update_failed | length > 0
###############################################################################
# Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints
###############################################################################
- name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
hosts: oo_masters_to_config
roles:
- { role: openshift_cli, openshift_image_tag: "v{{ g_new_version }}" }
vars:
origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}"
ent_reconcile_bindings: true
openshift_master_ha: "{{ groups.oo_masters_to_config | length > 1 }}"
tasks:
- name: Verifying the correct commandline tools are available
shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
- name: Reconcile Cluster Roles
command: >
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-roles --confirm
run_once: true
- name: Reconcile Cluster Role Bindings
command: >
{{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-role-bindings
--exclude-groups=system:authenticated
--exclude-groups=system:authenticated:oauth
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
--additive-only=true --confirm
when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
run_once: true
- name: Reconcile Security Context Constraints
command: >
{{ openshift.common.admin_binary}} policy reconcile-sccs --confirm
run_once: true
- set_fact:
reconcile_complete: True
##############################################################################
# Gate on reconcile
##############################################################################
- name: Gate on reconcile
hosts: localhost
connection: local
become: no
tasks:
- set_fact:
reconcile_completed: "{{ hostvars
| oo_select_keys(groups.oo_masters_to_config)
| oo_collect('inventory_hostname', {'reconcile_complete': true}) }}"
- set_fact:
reconcile_failed: "{{ groups.oo_masters_to_config | difference(reconcile_completed) }}"
- fail:
msg: "Upgrade cannot continue. The following masters did not finish reconciling: {{ reconcile_failed | join(',') }}"
when: reconcile_failed | length > 0
|
