Check for node-group configmaps during upgrades

This commit enforces presence of defined node-group
configmaps during upgrade.

.papr.sh

@@ -80,6 +80,8 @@ fi
 # Run upgrade playbook
 if [[ "${PAPR_RUN_UPDATE}" != "0" ]]; then
   update_version="$(echo $target_branch | sed 's/\./_/')"
+  # Create basic node-group configmaps for upgrade
+  ansible-playbook -vvv -i $PAPR_INVENTORY $PAPR_EXTRAVARS playbooks/openshift-master/openshift_node_group.yml
   ansible-playbook -vvv -i $PAPR_INVENTORY playbooks/byo/openshift-cluster/upgrades/v${update_version}/upgrade.yml
 fi
 

playbooks/common/openshift-cluster/upgrades/init.yml

@@ -9,6 +9,13 @@
 - import_playbook: ../../../init/base_packages.yml
 - import_playbook: ../../../init/cluster_facts.yml
 
+- name: Ensure essential node configmaps are present
+  hosts: oo_first_master
+  tasks:
+  - import_role:
+      name: openshift_node_group
+      tasks_from: check_for_configs.yml
+
 - name: Ensure firewall is not switched during upgrade
   hosts: "{{ l_upgrade_no_switch_firewall_hosts | default('oo_all_hosts') }}"
   vars:

playbooks/gcp/openshift-cluster/openshift_node_group.yml

@@ -0,0 +1,23 @@
+# This playbook installs onto a provisioned cluster
+---
+- hosts: localhost
+  connection: local
+  tasks:
+  - name: place all scale groups into Ansible groups
+    include_role:
+      name: openshift_gcp
+      tasks_from: setup_scale_group_facts.yml
+    vars:
+      all_nodes: true
+
+- import_playbook: ../../init/main.yml
+  vars:
+    l_init_fact_hosts: "oo_masters_to_config"
+    l_openshift_version_set_hosts: "all:!all"
+    l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}"
+
+- name: Setup node-group configmaps
+  hosts: oo_first_master
+  tasks:
+  - import_role:
+      name: openshift_node_group

playbooks/openshift-master/openshift_node_group.yml

@@ -1,6 +1,12 @@
 ---
+- import_playbook: ../init/main.yml
+  vars:
+    l_init_fact_hosts: "oo_masters_to_config"
+    l_openshift_version_set_hosts: "all:!all"
+    l_sanity_check_hosts: "{{ groups['oo_masters_to_config'] }}"
+
 - name: Setup node-group configmaps
   hosts: oo_first_master
   tasks:
-  - debug:
-      msg: "openshift_node_group play ran"
+  - import_role:
+      name: openshift_node_group

roles/openshift_node_group/defaults/main.yml

@@ -1,6 +1,4 @@
 ---
-openshift_node_group_namespace: openshift-node
-
 openshift_use_crio: False
 l_crio_var_sock: "/var/run/crio/crio.sock"
 
@@ -14,3 +12,5 @@ openshift_imageconfig_format: "{{ oreg_url | default(l_osm_registry_url_default)
 
 openshift_node_group_use_persistentlocalvolumes: "{{ openshift_persistentlocalstorage_enabled | default(False) | bool }}"
 openshift_node_group_name: 'node-config-compute'
+
+l_openshift_node_group_labels: []

roles/openshift_node_group/tasks/check_for_config.yml

@@ -0,0 +1,7 @@
+---
+# This file is looped over, must use include_tasks, not import_tasks
+- include_tasks: fetch_config.yml
+
+- fail:
+    msg: "Configmap for {{ l_openshift_node_group_name }} must be present"
+  when: configout.results.results.0 == {}

roles/openshift_node_group/tasks/check_for_configs.yml

@@ -0,0 +1,7 @@
+---
+- include_tasks: check_for_config.yml
+  vars:
+    l_openshift_node_group_name: "{{ node_group.name }}"
+  with_items: "{{ openshift_node_groups }}"
+  loop_control:
+    loop_var: node_group

roles/openshift_node_group/tasks/create_config.yml

@@ -1,118 +1,108 @@
 ---
-- name: fetch node configmap
-  oc_configmap:
-    name: "{{ l_openshift_node_group_name }}"
-    namespace: "{{ openshift_node_group_namespace }}"
-    state: list
-  register: configout
-  run_once: true
+# This file is looped over, must use include_tasks, not import_tasks
+- include_tasks: fetch_config.yml
 
-- name: debug node config
-  debug:
-    var: configout
-  run_once: true
 
-- when:
-  - configout.results.results.0 == {} or (configout.results.results.0 != {} and (l_openshift_node_group_edits|length > 0))
-  block:
-  - name: create a temp dir for this work
-    command: mktemp -d /tmp/openshift_node_config-XXXXXX
-    register: mktempout
-    run_once: true
+- name: create a temp dir for this work
+  command: mktemp -d /tmp/openshift_node_config-XXXXXX
+  register: mktempout
+  run_once: true
 
-  - name: create node config template
-    template:
-      src: node-config.yaml.j2
-      dest: "{{ mktempout.stdout }}/node-config.yaml"
-    when:
-    - configout.results.results.0 == {}
-    run_once: true
+- name: create node config template
+  template:
+    src: node-config.yaml.j2
+    dest: "{{ mktempout.stdout }}/node-config.yaml"
+  when:
+  - configout.results.results.0 == {}
+  run_once: true
 
-  - name: lay down the config from the existing configmap
-    copy:
-      content: "{{ configout.results.results.0.data['node-config.yaml'] }}"
-      dest: "{{ mktempout.stdout }}/node-config.yaml"
-    when:
-    - configout.results.results.0 != {}
-    run_once: true
+- name: lay down the config from the existing configmap
+  copy:
+    content: "{{ configout.results.results.0.data['node-config.yaml'] }}"
+    dest: "{{ mktempout.stdout }}/node-config.yaml"
+  when:
+  - configout.results.results.0 != {}
+  run_once: true
 
-  - name: "specialize the generated configs for {{ l_openshift_node_group_name }}"
-    yedit:
-      content:
-      src: "{{ mktempout.stdout }}/node-config.yaml"
-      edits: "{{ l_openshift_node_group_edits }}"
-    register: yeditout
-    run_once: true
-    when: l_openshift_node_group_edits != []
+- name: "specialize the generated configs for {{ l_openshift_node_group_name }}"
+  yedit:
+    content:
+    src: "{{ mktempout.stdout }}/node-config.yaml"
+    edits: "{{ l_openshift_node_group_all_edits }}"
+  register: yeditout
+  run_once: true
+  vars:
+    l_openshift_node_group_all_edits: "{{ l_openshift_node_group_edits | union(openshift_node_labels_edit) }}"
+  when: l_openshift_node_group_all_edits != []
 
-  - name: show the yeditout debug var
-    debug:
-      var: yeditout
-    run_once: true
+- name: show the yeditout debug var
+  debug:
+    var: yeditout
+  run_once: true
 
-  - name: create volume config template
-    template:
-      src: volume-config.yaml.j2
-      dest: "{{ mktempout.stdout }}/volume-config.yaml"
-    when:
-    - "'data' not in configout['results']['results'][0] or 'volume-config.yaml' not in configout['results']['results'][0]['data']"
-    - l_openshift_node_group_name != ""
-    - openshift_node_local_quota_per_fsgroup is defined
-    - openshift_node_local_quota_per_fsgroup != ""
-    run_once: true
+- name: create volume config template
+  template:
+    src: volume-config.yaml.j2
+    dest: "{{ mktempout.stdout }}/volume-config.yaml"
+  when:
+  - "'data' not in configout['results']['results'][0] or 'volume-config.yaml' not in configout['results']['results'][0]['data']"
+  - l_openshift_node_group_name != ""
+  - openshift_node_local_quota_per_fsgroup is defined
+  - openshift_node_local_quota_per_fsgroup != ""
+  run_once: true
 
-  - name: lay down the volume config from the existing configmap
-    copy:
-      content: "{{ configout.results.results.0.data['volume-config.yaml'] }}"
-      dest: "{{ mktempout.stdout }}/volume-config.yaml"
-    when:
-    - "'data' in configout['results']['results'][0]"
-    - "'volume-config.yaml' in configout['results']['results'][0]['data']"
-    - l_openshift_node_group_name != ""
-    - openshift_node_local_quota_per_fsgroup is defined
-    - openshift_node_local_quota_per_fsgroup != ""
-    run_once: true
+- name: lay down the volume config from the existing configmap
+  copy:
+    content: "{{ configout.results.results.0.data['volume-config.yaml'] }}"
+    dest: "{{ mktempout.stdout }}/volume-config.yaml"
+  when:
+  - "'data' in configout['results']['results'][0]"
+  - "'volume-config.yaml' in configout['results']['results'][0]['data']"
+  - l_openshift_node_group_name != ""
+  - openshift_node_local_quota_per_fsgroup is defined
+  - openshift_node_local_quota_per_fsgroup != ""
+  run_once: true
 
-  - name: "specialize the volume config for {{ l_openshift_node_group_name }}"
-    yedit:
-      content:
-      src: "{{ mktempout.stdout }}/volume-config.yaml"
-      key: localQuota.perFSGroup
-      value: "{{ openshift_node_local_quota_per_fsgroup }}"
-    register: volume_yeditout
-    when:
-    - openshift_node_local_quota_per_fsgroup is defined
-    - openshift_node_local_quota_per_fsgroup != ""
-    run_once: true
+- name: "specialize the volume config for {{ l_openshift_node_group_name }}"
+  yedit:
+    content:
+    src: "{{ mktempout.stdout }}/volume-config.yaml"
+    key: localQuota.perFSGroup
+    value: "{{ openshift_node_local_quota_per_fsgroup }}"
+  register: volume_yeditout
+  when:
+  - openshift_node_local_quota_per_fsgroup is defined
+  - openshift_node_local_quota_per_fsgroup != ""
+  run_once: true
 
-  - name: show the volume_yeditout debug var
-    debug:
-      var: volume_yeditout
-    run_once: true
+- name: show the volume_yeditout debug var
+  debug:
+    var: volume_yeditout
+  run_once: true
 
-  - name: create node-config.yaml configmap
-    oc_configmap:
-      name: "{{ l_openshift_node_group_name }}"
-      namespace: "{{ openshift_node_group_namespace }}"
-      from_file:
-        node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml"
-    when:
-    - openshift_node_local_quota_per_fsgroup is undefined or openshift_node_local_quota_per_fsgroup == ""
-    run_once: true
+- name: create node-config.yaml configmap
+  oc_configmap:
+    name: "{{ l_openshift_node_group_name }}"
+    namespace: "{{ openshift_node_group_namespace }}"
+    from_file:
+      node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml"
+  when:
+  - openshift_node_local_quota_per_fsgroup is undefined or openshift_node_local_quota_per_fsgroup == ""
+  run_once: true
 
-  - name: create node-config.yaml and volume-config.yaml configmap
-    oc_configmap:
-      name: "{{ l_openshift_node_group_name }}"
-      namespace: "{{ openshift_node_group_namespace }}"
-      from_file:
-        node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml"
-        volume-config.yaml: "{{ mktempout.stdout }}/volume-config.yaml"
-    when:
-    - openshift_node_local_quota_per_fsgroup is defined and openshift_node_local_quota_per_fsgroup != ""
-    run_once: true
+- name: create node-config.yaml and volume-config.yaml configmap
+  oc_configmap:
+    name: "{{ l_openshift_node_group_name }}"
+    namespace: "{{ openshift_node_group_namespace }}"
+    from_file:
+      node-config.yaml: "{{ mktempout.stdout }}/node-config.yaml"
+      volume-config.yaml: "{{ mktempout.stdout }}/volume-config.yaml"
+  when:
+  - openshift_node_local_quota_per_fsgroup is defined and openshift_node_local_quota_per_fsgroup != ""
+  run_once: true
 
-  - name: remove templated files
-    file:
-      dest: "{{ mktempout.stdout }}/"
-      state: absent
-    run_once: true
+- name: remove templated files
+  file:
+    dest: "{{ mktempout.stdout }}/"
+    state: absent
+  run_once: true

roles/openshift_node_group/tasks/fetch_config.yml

@@ -0,0 +1,14 @@
+---
+# This file is looped over, must use include_tasks, not import_tasks
+- name: fetch node configmap
+  oc_configmap:
+    name: "{{ l_openshift_node_group_name }}"
+    namespace: "{{ openshift_node_group_namespace }}"
+    state: list
+  register: configout
+  run_once: true
+
+- name: debug node config
+  debug:
+    var: configout
+  run_once: true

roles/openshift_node_group/templates/node-config.yaml.j2

@@ -50,9 +50,9 @@ kubeletArguments:
   cloud-provider:
   - {{ openshift_node_group_cloud_provider }}
 {% endif %}
-{% if l_openshift_node_group_labels is defined %}
+{% if l_openshift_node_group_labels != [] %}
   node-labels:
-  - {{ l_openshift_node_group_labels | join(',') }}
+  - < this is always modified via yedit: openshift_node_labels_edit >
 {% endif %}
   enable-controller-attach-detach:
   - 'true'

roles/openshift_node_group/vars/main.yml

@@ -1 +1,8 @@
 ---
+# These values should never be passed in, they are needed
+openshift_node_labels_edit:
+- key: kubeletArguments.node-labels
+  value:
+  - "{{ l_openshift_node_group_labels | join(',') }}"
+
+openshift_node_group_namespace: openshift-node