diff options
| author | Simo Sorce <simo@redhat.com> | 2017-09-20 14:13:44 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2017-09-20 15:48:54 -0400 |
| commit | 680129e59b7cd05534e2690aec59e810924c6552 (patch) | |
| tree | 80130defd4fb4cbebdafb08c11363e92f6804517 /playbooks/common | |
| parent | 4f5839e585a78243eae2d215176047299c52a1eb (diff) | |
| download | openshift-680129e59b7cd05534e2690aec59e810924c6552.tar.gz openshift-680129e59b7cd05534e2690aec59e810924c6552.tar.bz2 openshift-680129e59b7cd05534e2690aec59e810924c6552.tar.xz openshift-680129e59b7cd05534e2690aec59e810924c6552.zip | |
Do not reconcile in >= 3.7
Starting with 3.7 we use kube's RBAC which happens to do a forceful reconcile at server startup.
Explicit reconciles are not needed anymore.
Also drop obsolete version checks and simplify 'when' conditional
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'playbooks/common')
| -rw-r--r-- | playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml index b75aae589..4e73293f0 100644 --- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml +++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml @@ -189,8 +189,6 @@ roles: - { role: openshift_cli } vars: - origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}" - ent_reconcile_bindings: true openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}" # Another spot where we assume docker is running and do not want to accidentally trigger an unsafe # restart. @@ -201,6 +199,7 @@ {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-roles --additive-only=true --confirm -o name register: reconcile_cluster_role_result + when: not openshift.common.version_gte_3_7 | bool changed_when: - reconcile_cluster_role_result.stdout != '' - reconcile_cluster_role_result.rc == 0 @@ -215,7 +214,7 @@ --exclude-groups=system:unauthenticated --exclude-users=system:anonymous --additive-only=true --confirm -o name - when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool + when: not openshift.common.version_gte_3_7 | bool register: reconcile_bindings_result changed_when: - reconcile_bindings_result.stdout != '' @@ -230,7 +229,7 @@ changed_when: - reconcile_jenkins_role_binding_result.stdout != '' - reconcile_jenkins_role_binding_result.rc == 0 - when: openshift.common.version_gte_3_4_or_1_4 | bool + when: (not openshift.common.version_gte_3_7 | bool) and (openshift.common.version_gte_3_4_or_1_4 | bool) - name: Reconcile Security Context Constraints command: > |