6 files changed, 83 insertions, 53 deletions
diff --git a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
index 869e185af..c8f397186 100644
--- a/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
@@ -12,3 +12,5 @@
 # You can run the upgrade_nodes.yml playbook after this to upgrade these components separately.
 #
 - import_playbook: ../../../../common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
+
+- import_playbook: ../../../../openshift-master/private/restart.yml
diff --git a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
index f790fd98d..de612da21 100644
--- a/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml
@@ -6,7 +6,9 @@
   hosts: oo_first_master
   roles:
   - role: openshift_web_console
-    when: openshift_web_console_install | default(true) | bool
+    when:
+    - openshift_web_console_install | default(true) | bool
+    - openshift_upgrade_target is version_compare('3.9','>=')
 
 - name: Upgrade default router and default registry
   hosts: oo_first_master
diff --git a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
index 1dcc38def..fe1fdefff 100644
--- a/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/v3_9/upgrade_control_plane.yml
@@ -25,10 +25,18 @@
       openshift_upgrade_target: '3.8'
       openshift_upgrade_min: '3.7'
       openshift_release: '3.8'
-      _requested_pkg_version: "{{openshift_pkg_version if openshift_pkg_version is defined else omit }}"
-      _requested_image_tag: "{{openshift_image_tag if openshift_image_tag is defined else omit }}"
+      _requested_pkg_version: "{{ openshift_pkg_version if openshift_pkg_version is defined else omit }}"
+      _requested_image_tag: "{{ openshift_image_tag if openshift_image_tag is defined else omit }}"
+      l_double_upgrade_cp: True
     when: hostvars[groups.oo_first_master.0].openshift_currently_installed_version | version_compare('3.8','<')
 
+  - name: set l_force_image_tag_to_version = True
+    set_fact:
+      # Need to set this during 3.8 upgrade to ensure image_tag is set correctly
+      # to match 3.8 version
+      l_force_image_tag_to_version: True
+    when: _requested_image_tag is defined
+
 - import_playbook: ../pre/config.yml
   # These vars a meant to exclude oo_nodes from plays that would otherwise include
   # them by default.
@@ -69,7 +77,20 @@
       openshift_upgrade_min: '3.8'
       openshift_release: '3.9'
       openshift_pkg_version: "{{ _requested_pkg_version | default ('-3.9*') }}"
-      openshift_image_tag: "{{ _requested_image_tag | default('v3.9') }}"
+  # Set the user's specified image_tag for 3.9 upgrade if it was provided.
+  - set_fact:
+      openshift_image_tag: "{{ _requested_image_tag }}"
+      l_force_image_tag_to_version: False
+    when: _requested_image_tag is defined
+  # If the user didn't specify an image_tag, we need to force update image_tag
+  # because it will have already been set during 3.8.  If we aren't running
+  # a double upgrade, then we can preserve image_tag because it will still
+  # be the user provided value.
+  - set_fact:
+      l_force_image_tag_to_version: True
+    when:
+    - l_double_upgrade_cp is defined and l_double_upgrade_cp
+    - _requested_image_tag is not defined
 
 - import_playbook: ../pre/config.yml
   # These vars a meant to exclude oo_nodes from plays that would otherwise include
@@ -112,3 +133,9 @@
       state: started
 
 - import_playbook: ../post_control_plane.yml
+
+- hosts: oo_masters
+  tasks:
+  - import_role:
+      name: openshift_web_console
+      tasks_from: remove_old_asset_config
diff --git a/playbooks/deploy_cluster.yml b/playbooks/deploy_cluster.yml
index 361553ee4..c8e30ddbc 100644
--- a/playbooks/deploy_cluster.yml
+++ b/playbooks/deploy_cluster.yml
@@ -6,11 +6,3 @@
 - import_playbook: openshift-node/private/config.yml
 
 - import_playbook: common/private/components.yml
-
-- name: Print deprecated variable warning message if necessary
-  hosts: oo_first_master
-  gather_facts: no
-  tasks:
-  - debug: msg="{{__deprecation_message}}"
-    when:
-    - __deprecation_message | default ('') | length > 0
diff --git a/playbooks/gcp/openshift-cluster/build_base_image.yml b/playbooks/gcp/openshift-cluster/build_base_image.yml
index 75d0ddf9d..8e9b0024a 100644
--- a/playbooks/gcp/openshift-cluster/build_base_image.yml
+++ b/playbooks/gcp/openshift-cluster/build_base_image.yml
@@ -90,6 +90,8 @@
       repo_gpgcheck: no
       state: present
     when: ansible_os_family == "RedHat"
+  - name: Accept GPG keys for the repos
+    command: yum -q makecache -y --disablerepo='*' --enablerepo='google-cloud,jdetiber-qemu-user-static'
   - name: Install qemu-user-static
     package:
       name: qemu-user-static
@@ -121,7 +123,6 @@
     with_items:
     # required by Ansible
     - PyYAML
-    - docker
     - google-compute-engine
     - google-compute-engine-init
     - google-config
diff --git a/playbooks/openshift-master/private/tasks/wire_aggregator.yml b/playbooks/openshift-master/private/tasks/wire_aggregator.yml
index 59e2b515c..cc812c300 100644
--- a/playbooks/openshift-master/private/tasks/wire_aggregator.yml
+++ b/playbooks/openshift-master/private/tasks/wire_aggregator.yml
@@ -142,11 +142,6 @@
     state: absent
   changed_when: False
 
-- name: Setup extension file for service console UI
-  template:
-    src: ../templates/openshift-ansible-catalog-console.js
-    dest: /etc/origin/master/openshift-ansible-catalog-console.js
-
 - name: Update master config
   yedit:
     state: present
@@ -166,8 +161,6 @@
       value: [X-Remote-Group]
     - key: authConfig.requestHeader.extraHeaderPrefixes
       value: [X-Remote-Extra-]
-    - key: assetConfig.extensionScripts
-      value: [/etc/origin/master/openshift-ansible-catalog-console.js]
     - key: kubernetesMasterConfig.apiServerArguments.runtime-config
       value: [apis/settings.k8s.io/v1alpha1=true]
     - key: admissionConfig.pluginConfig.PodPreset.configuration.kind
@@ -178,37 +171,50 @@
       value: false
   register: yedit_output
 
-#restart master serially here
-- name: restart master api
-  systemd: name={{ openshift_service_type }}-master-api state=restarted
-  when:
-  - yedit_output.changed
-
-# We retry the controllers because the API may not be 100% initialized yet.
-- name: restart master controllers
-  command: "systemctl restart {{ openshift_service_type }}-master-controllers"
-  retries: 3
-  delay: 5
-  register: result
-  until: result.rc == 0
-  when:
-  - yedit_output.changed
+# Only add the catalog extension script if not 3.9. From 3.9 on, the console
+# can discover if template service broker is running.
+- when: not openshift.common.version_gte_3_9
+  block:
+  - name: Setup extension file for service console UI
+    template:
+      src: ../templates/openshift-ansible-catalog-console.js
+      dest: /etc/origin/master/openshift-ansible-catalog-console.js
+
+  - name: Update master config
+    yedit:
+      state: present
+      src: /etc/origin/master/master-config.yaml
+      key: assetConfig.extensionScripts
+      value: [/etc/origin/master/openshift-ansible-catalog-console.js]
+    register: yedit_asset_config_output
 
-- name: Verify API Server
-  # Using curl here since the uri module requires python-httplib2 and
-  # wait_for port doesn't provide health information.
-  command: >
-    curl --silent --tlsv1.2
-    --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
-    {{ openshift.master.api_url }}/healthz/ready
-  args:
-    # Disables the following warning:
-    # Consider using get_url or uri module rather than running curl
-    warn: no
-  register: api_available_output
-  until: api_available_output.stdout == 'ok'
-  retries: 120
-  delay: 1
-  changed_when: false
-  when:
-  - yedit_output.changed
+#restart master serially here
+- when: yedit_output.changed or (yedit_asset_config_output is defined and yedit_asset_config_output.changed)
+  block:
+  - name: restart master api
+    systemd: name={{ openshift_service_type }}-master-api state=restarted
+
+  # We retry the controllers because the API may not be 100% initialized yet.
+  - name: restart master controllers
+    command: "systemctl restart {{ openshift_service_type }}-master-controllers"
+    retries: 3
+    delay: 5
+    register: result
+    until: result.rc == 0
+
+  - name: Verify API Server
+    # Using curl here since the uri module requires python-httplib2 and
+    # wait_for port doesn't provide health information.
+    command: >
+      curl --silent --tlsv1.2
+      --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
+      {{ openshift.master.api_url }}/healthz/ready
+    args:
+      # Disables the following warning:
+      # Consider using get_url or uri module rather than running curl
+      warn: no
+    register: api_available_output
+    until: api_available_output.stdout == 'ok'
+    retries: 120
+    delay: 1
+    changed_when: false