summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml4
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml4
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml4
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml4
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml4
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml4
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml4
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml4
-rw-r--r--playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml4
-rw-r--r--playbooks/common/openshift-cluster/config.yml4
-rw-r--r--playbooks/common/openshift-cluster/disable_excluder.yml11
-rw-r--r--playbooks/common/openshift-cluster/reset_excluder.yml8
-rw-r--r--playbooks/common/openshift-cluster/upgrades/post_control_plane.yml4
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml4
-rw-r--r--roles/openshift_excluder/README.md44
-rw-r--r--roles/openshift_excluder/meta/main.yml15
-rw-r--r--roles/openshift_excluder/tasks/exclude.yml11
-rw-r--r--roles/openshift_excluder/tasks/install.yml16
-rw-r--r--roles/openshift_excluder/tasks/main.yml2
-rw-r--r--roles/openshift_excluder/tasks/reset.yml12
-rw-r--r--roles/openshift_excluder/tasks/status.yml56
-rw-r--r--roles/openshift_excluder/tasks/unexclude.yml12
22 files changed, 235 insertions, 0 deletions
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
index bb08ca837..b1510e062 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
@@ -46,6 +46,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml
index 907196d8f..d791e89f6 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml
@@ -51,6 +51,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml
index 5e28072da..f0b2a2c75 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml
@@ -47,6 +47,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml
index 6b69348b7..82a1d0935 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade.yml
@@ -46,6 +46,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml
index 25b669f86..d1c2bd17a 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_control_plane.yml
@@ -51,6 +51,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml
index 9868cb5b4..f6e66c477 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_4/upgrade_nodes.yml
@@ -47,6 +47,10 @@
tags:
- pre_upgrade
+- include: ../disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml
index bef15eaab..e55ab1b16 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade.yml
@@ -46,6 +46,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml
index dd88dde5f..e18b4280c 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_control_plane.yml
@@ -51,6 +51,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml
index 931a1bcd7..259be6f8e 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_5/upgrade_nodes.yml
@@ -47,6 +47,10 @@
tags:
- pre_upgrade
+- include: ../../../../common/openshift-cluster/disable_excluder.yml
+ tags:
+ - pre_upgrade
+
- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
tags:
- pre_upgrade
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index a0ba735ab..113b401f9 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -26,6 +26,10 @@
openshift_docker_selinux_enabled: "{{ lookup('oo_option', 'docker_selinux_enabled') }}"
when: openshift_docker_selinux_enabled is not defined
+- include: disable_excluder.yml
+ tags:
+ - always
+
- include: ../openshift-etcd/config.yml
tags:
- etcd
diff --git a/playbooks/common/openshift-cluster/disable_excluder.yml b/playbooks/common/openshift-cluster/disable_excluder.yml
new file mode 100644
index 000000000..eb146bab8
--- /dev/null
+++ b/playbooks/common/openshift-cluster/disable_excluder.yml
@@ -0,0 +1,11 @@
+---
+- name: Record excluder state and disable
+ hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_role:
+ name: openshift_excluder
+ tasks_from: status
+ - include_role:
+ name: openshift_excluder
+ tasks_from: unexclude
diff --git a/playbooks/common/openshift-cluster/reset_excluder.yml b/playbooks/common/openshift-cluster/reset_excluder.yml
new file mode 100644
index 000000000..fe86f4c23
--- /dev/null
+++ b/playbooks/common/openshift-cluster/reset_excluder.yml
@@ -0,0 +1,8 @@
+---
+- name: Re-enable excluder if it was previously enabled
+ hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_role:
+ name: openshift_excluder
+ tasks_from: reset
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
index 9771d5445..4135f7e94 100644
--- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
@@ -80,3 +80,7 @@
- name: Warn if pluginOrderOverride is in use in master-config.yaml
debug: msg="WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information."
when: not grep_plugin_order_override | skipped and grep_plugin_order_override.rc == 0
+
+- include: ../reset_excluder.yml
+ tags:
+ - always
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index 59188c570..e45b635f7 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -51,3 +51,7 @@
until: node_sched.rc == 0
retries: 3
delay: 1
+
+- include: ../reset_excluder.yml
+ tags:
+ - always
diff --git a/roles/openshift_excluder/README.md b/roles/openshift_excluder/README.md
new file mode 100644
index 000000000..6c90b4e96
--- /dev/null
+++ b/roles/openshift_excluder/README.md
@@ -0,0 +1,44 @@
+OpenShift Excluder
+================
+
+Manages the excluder packages which add yum and dnf exclusions ensuring that
+the packages we care about are not inadvertantly updated. See
+https://github.com/openshift/origin/tree/master/contrib/excluder
+
+Requirements
+------------
+openshift_facts
+
+
+Facts
+-----
+
+| Name | Default Value | Description |
+-----------------------------|---------------|----------------------------------------|
+| docker_excluder_enabled | none | Records the status of docker excluder |
+| openshift_excluder_enabled | none | Records the status of the openshift excluder |
+
+Role Variables
+--------------
+None
+
+Dependencies
+------------
+
+Example Playbook
+----------------
+
+
+TODO
+----
+It should be possible to manage the two excluders independently though that's not a hard requirement. However it should be done to manage docker on RHEL Containerized hosts.
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Scott Dodson (sdodson@redhat.com)
diff --git a/roles/openshift_excluder/meta/main.yml b/roles/openshift_excluder/meta/main.yml
new file mode 100644
index 000000000..8bca38e77
--- /dev/null
+++ b/roles/openshift_excluder/meta/main.yml
@@ -0,0 +1,15 @@
+---
+galaxy_info:
+ author: Scott Dodson
+ description: OpenShift Examples
+ company: Red Hat, Inc.
+ license: Apache License, Version 2.0
+ min_ansible_version: 2.2
+ platforms:
+ - name: EL
+ versions:
+ - 7
+ categories:
+ - cloud
+dependencies:
+- { role: openshift_facts }
diff --git a/roles/openshift_excluder/tasks/exclude.yml b/roles/openshift_excluder/tasks/exclude.yml
new file mode 100644
index 000000000..570183aef
--- /dev/null
+++ b/roles/openshift_excluder/tasks/exclude.yml
@@ -0,0 +1,11 @@
+---
+- include: install.yml
+ when: not openshift.common.is_containerized | bool
+
+- name: Enable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+ when: not openshift.common.is_containerized | bool
+
+- name: Enable excluder
+ command: "{{ openshift.common.service_type }}-excluder exclude"
+ when: not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/install.yml b/roles/openshift_excluder/tasks/install.yml
new file mode 100644
index 000000000..ee4cb2c05
--- /dev/null
+++ b/roles/openshift_excluder/tasks/install.yml
@@ -0,0 +1,16 @@
+---
+- name: Install latest excluder
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: latest
+ when:
+ - openshift_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
+
+- name: Install latest docker excluder
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: latest
+ when:
+ - docker_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/main.yml b/roles/openshift_excluder/tasks/main.yml
new file mode 100644
index 000000000..78a3d37cb
--- /dev/null
+++ b/roles/openshift_excluder/tasks/main.yml
@@ -0,0 +1,2 @@
+---
+include: status.yml
diff --git a/roles/openshift_excluder/tasks/reset.yml b/roles/openshift_excluder/tasks/reset.yml
new file mode 100644
index 000000000..486a23fd0
--- /dev/null
+++ b/roles/openshift_excluder/tasks/reset.yml
@@ -0,0 +1,12 @@
+---
+- name: Enable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+ when:
+ - docker_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
+
+- name: Enable excluder
+ command: "{{ openshift.common.service_type }}-excluder exclude"
+ when:
+ - openshift_excluder_enabled | default(false) | bool
+ - not openshift.common.is_containerized | bool
diff --git a/roles/openshift_excluder/tasks/status.yml b/roles/openshift_excluder/tasks/status.yml
new file mode 100644
index 000000000..6ef4af22d
--- /dev/null
+++ b/roles/openshift_excluder/tasks/status.yml
@@ -0,0 +1,56 @@
+---
+# Latest versions of the excluders include a status function, old packages dont
+# So, if packages are installed, upgrade them to the latest so we get the status
+# If they're not installed when we should assume they're disabled
+
+- name: Determine if excluder packages are installed
+ rpm_q:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: present
+ register: openshift_excluder_installed
+ failed_when: false
+
+- name: Determine if docker packages are installed
+ rpm_q:
+ name: "{{ openshift.common.service_type }}-excluder"
+ state: present
+ register: docker_excluder_installed
+ failed_when: false
+
+- name: Update to latest excluder packages
+ package:
+ name: "{{ openshift.common.service_type }}-excluder"
+ when:
+ - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+
+- name: Update to the latest docker-excluder packages
+ package:
+ name: "{{ openshift.common.service_type }}-docker-excluder"
+ when:
+ - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+
+- name: Record excluder status
+ command: "{{ openshift.common.service_type }}-excluder"
+ register: excluder_status
+ when:
+ - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+ failed_when: false
+
+- name: Record docker excluder status
+ command: "{{ openshift.common.service_type }}-docker-excluder"
+ register: docker_excluder_status
+ when:
+ - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+ - not openshift.common.is_containerized | bool
+ failed_when: false
+
+- name: Set excluder status facts
+ set_fact:
+ docker_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or docker_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+ openshift_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or openshift_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+
+- debug: var=docker_excluder_enabled
+- debug: var=openshift_excluder_enabled
diff --git a/roles/openshift_excluder/tasks/unexclude.yml b/roles/openshift_excluder/tasks/unexclude.yml
new file mode 100644
index 000000000..38f0759aa
--- /dev/null
+++ b/roles/openshift_excluder/tasks/unexclude.yml
@@ -0,0 +1,12 @@
+---
+- name: disable docker excluder
+ command: "{{ openshift.common.service_type }}-docker-excluder unexclude"
+ when:
+ - docker_excluder_enabled | bool
+ - not openshift.common.is_containerized | bool
+
+- name: disable excluder
+ command: "{{ openshift.common.service_type }}-excluder unexclude"
+ when:
+ - openshift_excluder_enabled | bool
+ - not openshift.common.is_containerized | bool
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 06:54:06 +0000