Add openshift_excluder role

- install -- installs excluders, which enables them too
- exclude -- enables the excludes
- unexclude -- disables the excludes
- status -- sets facts based on status, included in main.yml
- reset -- sets excluders back to original state based on recorded facts

roles/openshift_excluder/README.md

@@ -0,0 +1,44 @@
+OpenShift Excluder
+================
+
+Manages the excluder packages which add yum and dnf exclusions ensuring that
+the packages we care about are not inadvertantly updated. See
+https://github.com/openshift/origin/tree/master/contrib/excluder
+
+Requirements
+------------
+openshift_facts
+
+
+Facts
+-----
+
+| Name                       | Default Value | Description                            |
+-----------------------------|---------------|----------------------------------------|
+| docker_excluder_enabled | none          | Records the status of docker excluder |
+| openshift_excluder_enabled | none | Records the status of the openshift excluder |
+
+Role Variables
+--------------
+None
+
+Dependencies
+------------
+
+Example Playbook
+----------------
+
+
+TODO
+----
+It should be possible to manage the two excluders independently though that's not a hard requirement. However it should be done to manage docker on RHEL Containerized hosts.
+
+License
+-------
+
+Apache License, Version 2.0
+
+Author Information
+------------------
+
+Scott Dodson (sdodson@redhat.com)

roles/openshift_excluder/meta/main.yml

@@ -0,0 +1,15 @@
+---
+galaxy_info:
+  author: Scott Dodson
+  description: OpenShift Examples
+  company: Red Hat, Inc.
+  license: Apache License, Version 2.0
+  min_ansible_version: 2.2
+  platforms:
+  - name: EL
+    versions:
+    - 7
+  categories:
+  - cloud
+dependencies:
+- { role: openshift_facts }

roles/openshift_excluder/tasks/exclude.yml

@@ -0,0 +1,11 @@
+---
+- include: install.yml
+  when: not openshift.common.is_containerized | bool
+
+- name: Enable docker excluder
+  command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+  when: not openshift.common.is_containerized | bool
+
+- name: Enable excluder
+  command: "{{ openshift.common.service_type }}-excluder exclude"
+  when: not openshift.common.is_containerized | bool

roles/openshift_excluder/tasks/install.yml

@@ -0,0 +1,16 @@
+---
+- name: Install latest excluder
+  package:
+    name: "{{ openshift.common.service_type }}-excluder"
+    state: latest
+  when:
+  - openshift_excluder_enabled | default(false) | bool
+  - not openshift.common.is_containerized | bool
+
+- name: Install latest docker excluder
+  package:
+    name: "{{ openshift.common.service_type }}-excluder"
+    state: latest
+  when:
+  - docker_excluder_enabled | default(false) | bool
+  - not openshift.common.is_containerized | bool

roles/openshift_excluder/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+include: status.yml

roles/openshift_excluder/tasks/reset.yml

@@ -0,0 +1,12 @@
+---
+- name: Enable docker excluder
+  command: "{{ openshift.common.service_type }}-docker-excluder exclude"
+  when:
+  - docker_excluder_enabled | default(false) | bool
+  - not openshift.common.is_containerized | bool
+
+- name: Enable excluder
+  command: "{{ openshift.common.service_type }}-excluder exclude"
+  when:
+  - openshift_excluder_enabled | default(false) | bool
+  - not openshift.common.is_containerized | bool

roles/openshift_excluder/tasks/status.yml

@@ -0,0 +1,56 @@
+---
+# Latest versions of the excluders include a status function, old packages dont
+# So, if packages are installed, upgrade them to the latest so we get the status
+# If they're not installed when we should assume they're disabled
+
+- name: Determine if excluder packages are installed
+  rpm_q:
+    name: "{{ openshift.common.service_type }}-excluder"
+    state: present
+  register: openshift_excluder_installed
+  failed_when: false
+
+- name: Determine if docker packages are installed
+  rpm_q:
+    name: "{{ openshift.common.service_type }}-excluder"
+    state: present
+  register: docker_excluder_installed
+  failed_when: false
+
+- name: Update to latest excluder packages
+  package:
+    name: "{{ openshift.common.service_type }}-excluder"
+  when:
+  - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+  - not openshift.common.is_containerized | bool
+
+- name: Update to the latest docker-excluder packages
+  package:
+    name: "{{ openshift.common.service_type }}-docker-excluder"
+  when:
+  - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+  - not openshift.common.is_containerized | bool
+
+- name: Record excluder status
+  command: "{{ openshift.common.service_type }}-excluder"
+  register: excluder_status
+  when:
+  - "{{ openshift_excluder_installed.installed_versions | default([]) | length > 0 }}"
+  - not openshift.common.is_containerized | bool
+  failed_when: false
+
+- name: Record docker excluder status
+  command: "{{ openshift.common.service_type }}-docker-excluder"
+  register: docker_excluder_status
+  when:
+  - "{{ docker_excluder_installed.installed_versions | default([]) | length > 0 }}"
+  - not openshift.common.is_containerized | bool
+  failed_when: false
+
+- name: Set excluder status facts
+  set_fact:
+    docker_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or docker_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+    openshift_excluder_enabled: "{{ 'false' if docker_excluder_status.rc | default(0) == 0 or openshift_excluder_installed.installed_versions | default(0) | length == 0 else 'true' }}"
+
+- debug: var=docker_excluder_enabled
+- debug: var=openshift_excluder_enabled

roles/openshift_excluder/tasks/unexclude.yml

@@ -0,0 +1,12 @@
+---
+- name: disable docker excluder
+  command: "{{ openshift.common.service_type }}-docker-excluder unexclude"
+  when:
+  - docker_excluder_enabled | bool
+  - not openshift.common.is_containerized | bool
+
+- name: disable excluder
+  command: "{{ openshift.common.service_type }}-excluder unexclude"
+  when:
+  - openshift_excluder_enabled | bool
+  - not openshift.common.is_containerized | bool