summaryrefslogtreecommitdiffstats
path: root/playbooks/common
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/common')
-rw-r--r--playbooks/common/openshift-cluster/config.yml4
-rw-r--r--playbooks/common/openshift-cluster/disable_excluder.yml11
-rw-r--r--playbooks/common/openshift-cluster/openshift_hosted.yml26
-rw-r--r--playbooks/common/openshift-cluster/redeploy-certificates/router.yml31
-rw-r--r--playbooks/common/openshift-cluster/reset_excluder.yml8
-rw-r--r--playbooks/common/openshift-cluster/upgrades/post_control_plane.yml18
-rw-r--r--playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml4
-rw-r--r--playbooks/common/openshift-master/restart_hosts.yml1
8 files changed, 71 insertions, 32 deletions
diff --git a/playbooks/common/openshift-cluster/config.yml b/playbooks/common/openshift-cluster/config.yml
index a0ba735ab..113b401f9 100644
--- a/playbooks/common/openshift-cluster/config.yml
+++ b/playbooks/common/openshift-cluster/config.yml
@@ -26,6 +26,10 @@
openshift_docker_selinux_enabled: "{{ lookup('oo_option', 'docker_selinux_enabled') }}"
when: openshift_docker_selinux_enabled is not defined
+- include: disable_excluder.yml
+ tags:
+ - always
+
- include: ../openshift-etcd/config.yml
tags:
- etcd
diff --git a/playbooks/common/openshift-cluster/disable_excluder.yml b/playbooks/common/openshift-cluster/disable_excluder.yml
new file mode 100644
index 000000000..eb146bab8
--- /dev/null
+++ b/playbooks/common/openshift-cluster/disable_excluder.yml
@@ -0,0 +1,11 @@
+---
+- name: Record excluder state and disable
+ hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_role:
+ name: openshift_excluder
+ tasks_from: status
+ - include_role:
+ name: openshift_excluder
+ tasks_from: unexclude
diff --git a/playbooks/common/openshift-cluster/openshift_hosted.yml b/playbooks/common/openshift-cluster/openshift_hosted.yml
index 3c4a99887..7b58eebc3 100644
--- a/playbooks/common/openshift-cluster/openshift_hosted.yml
+++ b/playbooks/common/openshift-cluster/openshift_hosted.yml
@@ -27,21 +27,21 @@
logging_elasticsearch_ops_cluster_size: "{{ openshift_hosted_logging_elasticsearch_ops_cluster_size | default(1) }}"
roles:
- role: openshift_hosted
- - role: openshift_hosted_metrics
+ - role: openshift_metrics
when: openshift_hosted_metrics_deploy | default(false) | bool
- - role: openshift_hosted_logging
+ - role: openshift_logging
when: openshift_hosted_logging_deploy | default(false) | bool
- openshift_hosted_logging_hostname: "{{ logging_hostname }}"
- openshift_hosted_logging_ops_hostname: "{{ logging_ops_hostname }}"
- openshift_hosted_logging_master_public_url: "{{ logging_master_public_url }}"
- openshift_hosted_logging_elasticsearch_cluster_size: "{{ logging_elasticsearch_cluster_size }}"
- openshift_hosted_logging_elasticsearch_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
- openshift_hosted_logging_elasticsearch_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}"
- openshift_hosted_logging_elasticsearch_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
- openshift_hosted_logging_elasticsearch_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}"
- openshift_hosted_logging_elasticsearch_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
- openshift_hosted_logging_elasticsearch_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs' ] else '' }}"
- openshift_hosted_logging_elasticsearch_ops_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) =='dynamic' else '' }}"
+ openshift_logging_kibana_hostname: "{{ logging_hostname }}"
+ openshift_logging_kibana_ops_hostname: "{{ logging_ops_hostname }}"
+ openshift_logging_master_public_url: "{{ logging_master_public_url }}"
+ openshift_logging_es_cluster_size: "{{ logging_elasticsearch_cluster_size }}"
+ openshift_logging_es_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
+ openshift_logging_es_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs'] else '' }}"
+ openshift_logging_es_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
+ openshift_logging_es_ops_cluster_size: "{{ logging_elasticsearch_ops_cluster_size }}"
+ openshift_logging_es_ops_pvc_dynamic: "{{ 'true' if openshift_hosted_logging_storage_kind | default(none) == 'dynamic' else '' }}"
+ openshift_logging_es_ops_pvc_size: "{{ openshift.hosted.logging.storage.volume.size if openshift_hosted_logging_storage_kind | default(none) in ['dynamic','nfs' ] else '' }}"
+ openshift_logging_es_ops_pvc_prefix: "{{ 'logging-es' if openshift_hosted_logging_storage_kind | default(none) =='dynamic' else '' }}"
- role: cockpit-ui
when: ( openshift.common.version_gte_3_3_or_1_3 | bool ) and ( openshift_hosted_manage_registry | default(true) | bool ) and not (openshift.docker.hosted_registry_insecure | default(false) | bool)
diff --git a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
index 03d64685d..a9e9f0915 100644
--- a/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
+++ b/playbooks/common/openshift-cluster/redeploy-certificates/router.yml
@@ -44,25 +44,26 @@
when: l_router_dc.rc == 0 and 'OPENSHIFT_CA_DATA' in router_env_vars and 'OPENSHIFT_CERT_DATA' in router_env_vars and 'OPENSHIFT_KEY_DATA' in router_env_vars
- block:
- - name: Generate router certificate
+ - name: Delete existing router certificate secret
command: >
- {{ openshift.common.client_binary }} adm ca create-server-cert
- --hostnames=router.default.svc,router.default.svc.cluster.local
- --signer-cert={{ openshift.common.config_base }}/master/service-signer.crt
- --signer-key={{ openshift.common.config_base }}/master/service-signer.key
- --signer-serial={{ openshift.common.config_base }}/master/ca.serial.txt
- --cert={{ mktemp.stdout }}/tls.crt
- --key={{ mktemp.stdout }}/tls.key
+ {{ openshift.common.client_binary }} delete secret/router-certs
+ --config={{ mktemp.stdout }}/admin.kubeconfig
+ -n default
- - name: Update router certificates secret
- shell: >
- {{ openshift.common.client_binary }} secret new router-certs
- {{ mktemp.stdout }}/tls.crt
- {{ mktemp.stdout }}/tls.key
- --type=kubernetes.io/tls
+ - name: Remove router service annotations
+ command: >
+ {{ openshift.common.client_binary }} annotate service/router
+ service.alpha.openshift.io/serving-cert-secret-name-
+ service.alpha.openshift.io/serving-cert-signed-by-
+ --config={{ mktemp.stdout }}/admin.kubeconfig
+ -n default
+
+ - name: Add serving-cert-secret annotation to router service
+ command: >
+ {{ openshift.common.client_binary }} annotate service/router
+ service.alpha.openshift.io/serving-cert-secret-name=router-certs
--config={{ mktemp.stdout }}/admin.kubeconfig
-n default
- -o json | oc replace -f -
when: l_router_dc.rc == 0 and 'router-certs' in router_secrets
- name: Redeploy router
diff --git a/playbooks/common/openshift-cluster/reset_excluder.yml b/playbooks/common/openshift-cluster/reset_excluder.yml
new file mode 100644
index 000000000..fe86f4c23
--- /dev/null
+++ b/playbooks/common/openshift-cluster/reset_excluder.yml
@@ -0,0 +1,8 @@
+---
+- name: Re-enable excluder if it was previously enabled
+ hosts: l_oo_all_hosts
+ gather_facts: no
+ tasks:
+ - include_role:
+ name: openshift_excluder
+ tasks_from: reset
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
index 2bbcbe1f8..4135f7e94 100644
--- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
@@ -26,21 +26,26 @@
registry_url: "{{ openshift.master.registry_url }}"
openshift_hosted_templates_import_command: replace
pre_tasks:
+
+ # TODO: remove temp_skip_router_registry_upgrade variable. This is a short term hack
+ # to allow ops to use this control plane upgrade, without triggering router/registry
+ # upgrade which has not yet been synced with their process.
- name: Collect all routers
command: >
{{ oc_cmd }} get pods --all-namespaces -l 'router' -o json
register: all_routers
failed_when: false
changed_when: false
+ when: temp_skip_router_registry_upgrade is not defined
- set_fact: haproxy_routers="{{ (all_routers.stdout | from_json)['items'] | oo_pods_match_component(openshift_deployment_type, 'haproxy-router') | oo_select_keys_from_list(['metadata']) }}"
- when: all_routers.rc == 0
+ when: all_routers.rc == 0 and temp_skip_router_registry_upgrade is not defined
- set_fact: haproxy_routers=[]
- when: all_routers.rc != 0
+ when: all_routers.rc != 0 and temp_skip_router_registry_upgrade is not defined
- name: Update router image to current version
- when: all_routers.rc == 0
+ when: all_routers.rc == 0 and temp_skip_router_registry_upgrade is not defined
command: >
{{ oc_cmd }} patch dc/{{ item['labels']['deploymentconfig'] }} -n {{ item['namespace'] }} -p
'{"spec":{"template":{"spec":{"containers":[{"name":"router","image":"{{ router_image }}","livenessProbe":{"tcpSocket":null,"httpGet":{"path": "/healthz", "port": 1936, "host": "localhost", "scheme": "HTTP"},"initialDelaySeconds":10,"timeoutSeconds":1}}]}}}}'
@@ -53,9 +58,10 @@
register: _default_registry
failed_when: false
changed_when: false
+ when: temp_skip_router_registry_upgrade is not defined
- name: Update registry image to current version
- when: _default_registry.rc == 0
+ when: _default_registry.rc == 0 and temp_skip_router_registry_upgrade is not defined
command: >
{{ oc_cmd }} patch dc/docker-registry -n default -p
'{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}'
@@ -74,3 +80,7 @@
- name: Warn if pluginOrderOverride is in use in master-config.yaml
debug: msg="WARNING pluginOrderOverride is being deprecated in master-config.yaml, please see https://docs.openshift.com/enterprise/latest/architecture/additional_concepts/admission_controllers.html for more information."
when: not grep_plugin_order_override | skipped and grep_plugin_order_override.rc == 0
+
+- include: ../reset_excluder.yml
+ tags:
+ - always
diff --git a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
index 59188c570..e45b635f7 100644
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -51,3 +51,7 @@
until: node_sched.rc == 0
retries: 3
delay: 1
+
+- include: ../reset_excluder.yml
+ tags:
+ - always
diff --git a/playbooks/common/openshift-master/restart_hosts.yml b/playbooks/common/openshift-master/restart_hosts.yml
index 475144dbf..a9750e40f 100644
--- a/playbooks/common/openshift-master/restart_hosts.yml
+++ b/playbooks/common/openshift-master/restart_hosts.yml
@@ -14,6 +14,7 @@
state=started
delay=10
timeout=600
+ port="{{ ansible_ssh_port }}"
become: no
# Now that ssh is back up we can wait for API on the remote system,
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 23:28:48 +0000