summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-10-23 20:44:26 -0400
committerGitHub <noreply@github.com>2017-10-23 20:44:26 -0400
commitb9ddd26431a1c5be0b9f289bf5606796e548aaed (patch)
tree53c16a949476f30d112270044a915e56f98cbde9
parent78ab1bccc4475b66eb9de122a8cc7fcc3752698a (diff)
parent6ca954de98be2be9496347db8849928e4f79016c (diff)
downloadopenshift-b9ddd26431a1c5be0b9f289bf5606796e548aaed.tar.gz
openshift-b9ddd26431a1c5be0b9f289bf5606796e548aaed.tar.bz2
openshift-b9ddd26431a1c5be0b9f289bf5606796e548aaed.tar.xz
openshift-b9ddd26431a1c5be0b9f289bf5606796e548aaed.zip
Merge pull request #5832 from sdodson/bz1504525
Correct version gates on policy reconciliation and add retries
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml17
-rw-r--r--playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml2
2 files changed, 13 insertions, 6 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
index c37a5f9ab..ea4e25f8f 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -199,7 +199,7 @@
{{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig
policy reconcile-cluster-roles --additive-only=true --confirm -o name
register: reconcile_cluster_role_result
- when: not openshift.common.version_gte_3_7 | bool
+ when: openshift_version | version_compare('3.7','<')
changed_when:
- reconcile_cluster_role_result.stdout != ''
- reconcile_cluster_role_result.rc == 0
@@ -214,7 +214,7 @@
--exclude-groups=system:unauthenticated
--exclude-users=system:anonymous
--additive-only=true --confirm -o name
- when: not openshift.common.version_gte_3_7 | bool
+ when: openshift_version | version_compare('3.7','<')
register: reconcile_bindings_result
changed_when:
- reconcile_bindings_result.stdout != ''
@@ -229,9 +229,11 @@
changed_when:
- reconcile_jenkins_role_binding_result.stdout != ''
- reconcile_jenkins_role_binding_result.rc == 0
- when: (not openshift.common.version_gte_3_7 | bool) and (openshift.common.version_gte_3_4_or_1_4 | bool)
+ when:
+ - openshift_version | version_compare('3.7','<')
+ - openshift_version | version_compare('3.4','>=')
- - when: (openshift.common.version_gte_3_6 | bool) and (not openshift.common.version_gte_3_7 | bool)
+ - when: openshift_upgrade_target | version_compare('3.7','<')
block:
- name: Retrieve shared-resource-viewer
oc_obj:
@@ -250,7 +252,6 @@
- "'annotations' in objout['results']['results'][0]['metadata']"
- "'openshift.io/reconcile-protect' in objout['results']['results'][0]['metadata']['annotations']"
- "objout['results']['results'][0]['metadata']['annotations']['openshift.io/reconcile-protect'] == 'true'"
-
- copy:
src: "{{ item }}"
dest: "/tmp/{{ item }}"
@@ -268,6 +269,12 @@
- "/tmp/{{ __master_shared_resource_viewer_file }}"
delete_after: true
when: __shared_resource_viewer_protected is not defined
+ register: result
+ retries: 3
+ delay: 5
+ until: result.rc == 0
+ ignore_errors: true
+
- name: Reconcile Security Context Constraints
command: >
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
index f76fc68d1..8e4f99c91 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_7/validator.yml
@@ -15,7 +15,7 @@
- name: Confirm OpenShift authorization objects are in sync
command: >
{{ openshift.common.client_binary }} adm migrate authorization
- when: not openshift.common.version_gte_3_7 | bool
+ when: openshift_version | version_compare('3.7','<')
changed_when: false
register: l_oc_result
until: l_oc_result.rc == 0