Add service catalog components to upgrade

This commit ensures service catalog and related
components are upgraded during upgrade_control_plane
via post_control_plane.yml.

This commit also cleans up template_service_broker to
eliminate unnecessary usage of set_fact and
with_first_found vars.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1540840
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1540842

playbooks/common/openshift-cluster/upgrades/post_control_plane.yml

@@ -166,9 +166,4 @@
     when:
     - __shared_resource_viewer_protected | default(false)
 
-- name: Upgrade Service Catalog
-  hosts: oo_first_master
-  roles:
-  - role: openshift_service_catalog
-    when:
-    - openshift_enable_service_catalog | default(true) | bool
+- import_playbook: upgrade_components.yml

playbooks/common/openshift-cluster/upgrades/upgrade_components.yml

@@ -0,0 +1,21 @@
+---
+- name: Upgrade Service Catalog
+  hosts: oo_first_master
+  vars:
+    first_master: "{{ groups.oo_first_master[0] }}"
+  tasks:
+  - import_role:
+      name: openshift_service_catalog
+      tasks_from: install.yml
+    when:
+    - openshift_enable_service_catalog | default(true) | bool
+  - import_role:
+      name: ansible_service_broker
+      tasks_from: install.yml
+    when:
+    - openshift_enable_service_catalog | default(true) | bool
+  - import_role:
+      name: template_service_broker
+      tasks_from: upgrade.yml
+    when:
+    - openshift_enable_service_catalog | default(true) | bool

roles/template_service_broker/defaults/main.yml

@@ -1,6 +1,26 @@
 ---
-# placeholder file?
 template_service_broker_remove: False
 template_service_broker_install: True
 openshift_template_service_broker_namespaces: ['openshift']
 template_service_broker_selector: "{{ openshift_hosted_infra_selector | default('region=infra') | map_from_pairs }}"
+
+__tsb_template_file: "apiserver-template.yaml"
+__tsb_config_file: "apiserver-config.yaml"
+__tsb_rbac_file: "rbac-template.yaml"
+__tsb_broker_file: "template-service-broker-registration.yaml"
+
+l_tsb_image_dict:
+  origin:
+    prefix: "docker.io/openshift/origin-"
+    version: "{{ openshift_image_tag }}"
+    image_name: "template-service-broker"
+  openshift-enterprise:
+    prefix: "registry.access.redhat.com/openshift3/ose-"
+    version: "{{ openshift_image_tag }}"
+    image_name: "template-service-broker"
+
+template_service_broker_prefix: "{{ l_tsb_image_dict[openshift_deployment_type]['prefix'] }}"
+template_service_broker_version: "{{ l_tsb_image_dict[openshift_deployment_type]['version'] }}"
+template_service_broker_image_name: "{{ l_tsb_image_dict[openshift_deployment_type]['image_name'] }}"
+
+openshift_master_config_dir: "{{ openshift.common.config_base }}/master"

roles/template_service_broker/tasks/deploy.yml

@@ -0,0 +1,77 @@
+---
+- oc_project:
+    name: openshift-template-service-broker
+    state: present
+    node_selector:
+    - ""
+
+- command: mktemp -d /tmp/tsb-ansible-XXXXXX
+  register: mktemp
+  changed_when: False
+
+- name: Copy admin client config
+  command: >
+    cp {{ openshift.common.config_base }}/master//admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
+  changed_when: false
+
+- copy:
+    src: "{{ item }}"
+    dest: "{{ mktemp.stdout }}/{{ item }}"
+  with_items:
+  - "{{ __tsb_template_file }}"
+  - "{{ __tsb_rbac_file }}"
+  - "{{ __tsb_broker_file }}"
+  - "{{ __tsb_config_file }}"
+
+- yedit:
+    src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}"
+    key: templateNamespaces
+    value: "{{ openshift_template_service_broker_namespaces }}"
+    value_type: list
+
+- slurp:
+    src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}"
+  register: config
+
+- name: Apply template file
+  shell: >
+    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig
+    -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}"
+    --param API_SERVER_CONFIG="{{ config['content'] | b64decode }}"
+    --param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}"
+    --param NODE_SELECTOR={{ template_service_broker_selector | to_json | quote }}
+    | {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f -
+
+# reconcile with rbac
+- name: Reconcile with RBAC file
+  shell: >
+    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig -f "{{ mktemp.stdout }}/{{ __tsb_rbac_file }}"
+    | {{ openshift_client_binary }} auth reconcile --config={{ mktemp.stdout }}/admin.kubeconfig -f -
+
+# Check that the TSB is running
+- name: Verify that TSB is running
+  command: >
+    curl -k https://apiserver.openshift-template-service-broker.svc/healthz
+  args:
+    # Disables the following warning:
+    # Consider using get_url or uri module rather than running curl
+    warn: no
+  register: api_health
+  until: api_health.stdout == 'ok'
+  retries: 60
+  delay: 10
+  changed_when: false
+
+- slurp:
+    src: "{{ openshift_master_config_dir }}/service-signer.crt"
+  register: __ca_bundle
+
+# Register with broker
+- name: Register TSB with broker
+  shell: >
+    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" --param CA_BUNDLE="{{ __ca_bundle.content }}" | {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f -
+
+- file:
+    state: absent
+    name: "{{ mktemp.stdout }}"
+  changed_when: False

roles/template_service_broker/tasks/install.yml

@@ -7,98 +7,7 @@
     openshift_master_ensure_nodes_selector: "{{ template_service_broker_selector | map_to_pairs }}"
     openshift_master_ensure_nodes_service: Template Service Broker
 
-- name: Set default image variables based on openshift_deployment_type
-  include_vars: "{{ item }}"
-  with_first_found:
-  - "{{ openshift_deployment_type }}.yml"
-  - "default_images.yml"
-
-- name: set template_service_broker facts
-  set_fact:
-    template_service_broker_prefix: "{{ template_service_broker_prefix | default(__template_service_broker_prefix) }}"
-    template_service_broker_version: "{{ template_service_broker_version | default(__template_service_broker_version) }}"
-    template_service_broker_image_name: "{{ template_service_broker_image_name | default(__template_service_broker_image_name) }}"
-
-- oc_project:
-    name: openshift-template-service-broker
-    state: present
-    node_selector:
-    - ""
-
-- command: mktemp -d /tmp/tsb-ansible-XXXXXX
-  register: mktemp
-  changed_when: False
-
-- name: Copy admin client config
-  command: >
-    cp {{ openshift.common.config_base }}/master//admin.kubeconfig {{ mktemp.stdout }}/admin.kubeconfig
-  changed_when: false
-
-- copy:
-    src: "{{ item }}"
-    dest: "{{ mktemp.stdout }}/{{ item }}"
-  with_items:
-  - "{{ __tsb_template_file }}"
-  - "{{ __tsb_rbac_file }}"
-  - "{{ __tsb_broker_file }}"
-  - "{{ __tsb_config_file }}"
-
-- yedit:
-    src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}"
-    key: templateNamespaces
-    value: "{{ openshift_template_service_broker_namespaces }}"
-    value_type: list
-
-- slurp:
-    src: "{{ mktemp.stdout }}/{{ __tsb_config_file }}"
-  register: config
-
-- name: Apply template file
-  shell: >
-    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig
-    -f "{{ mktemp.stdout }}/{{ __tsb_template_file }}"
-    --param API_SERVER_CONFIG="{{ config['content'] | b64decode }}"
-    --param IMAGE="{{ template_service_broker_prefix }}{{ template_service_broker_image_name }}:{{ template_service_broker_version }}"
-    --param NODE_SELECTOR={{ template_service_broker_selector | to_json | quote }}
-    | {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f -
-
-# reconcile with rbac
-- name: Reconcile with RBAC file
-  shell: >
-    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig -f "{{ mktemp.stdout }}/{{ __tsb_rbac_file }}"
-    | {{ openshift_client_binary }} auth reconcile --config={{ mktemp.stdout }}/admin.kubeconfig -f -
-
-# Check that the TSB is running
-- name: Verify that TSB is running
-  command: >
-    curl -k https://apiserver.openshift-template-service-broker.svc/healthz
-  args:
-    # Disables the following warning:
-    # Consider using get_url or uri module rather than running curl
-    warn: no
-  register: api_health
-  until: api_health.stdout == 'ok'
-  retries: 60
-  delay: 10
-  changed_when: false
-
-- set_fact:
-    openshift_master_config_dir: "{{ openshift.common.config_base }}/master"
-  when: openshift_master_config_dir is undefined
-
-- slurp:
-    src: "{{ openshift_master_config_dir }}/service-signer.crt"
-  register: __ca_bundle
-
-# Register with broker
-- name: Register TSB with broker
-  shell: >
-    {{ openshift_client_binary }} process --config={{ mktemp.stdout }}/admin.kubeconfig -f "{{ mktemp.stdout }}/{{ __tsb_broker_file }}" --param CA_BUNDLE="{{ __ca_bundle.content }}" | {{ openshift_client_binary }} apply --config={{ mktemp.stdout }}/admin.kubeconfig -f -
-
-- file:
-    state: absent
-    name: "{{ mktemp.stdout }}"
-  changed_when: False
+- include_tasks: deploy.yml
 
 - name: Rollout console so it discovers the template service broker is installed
   include_role:

roles/template_service_broker/tasks/upgrade.yml

@@ -0,0 +1,3 @@
+---
+
+- include_tasks: deploy.yml

roles/template_service_broker/vars/default_images.yml

@@ -1,4 +0,0 @@
----
-__template_service_broker_prefix: "docker.io/openshift/origin-"
-__template_service_broker_version: "{{ openshift_image_tag }}"
-__template_service_broker_image_name: "template-service-broker"

roles/template_service_broker/vars/main.yml

@@ -1,5 +1 @@
 ---
-__tsb_template_file: "apiserver-template.yaml"
-__tsb_config_file: "apiserver-config.yaml"
-__tsb_rbac_file: "rbac-template.yaml"
-__tsb_broker_file: "template-service-broker-registration.yaml"

roles/template_service_broker/vars/openshift-enterprise.yml

@@ -1,4 +0,0 @@
----
-__template_service_broker_prefix: "registry.access.redhat.com/openshift3/ose-"
-__template_service_broker_version: "{{ openshift_image_tag }}"
-__template_service_broker_image_name: "template-service-broker"