Merge pull request #2211 from dgoodwin/33-upgrade-playbook

1.3 / 3.3 Upgrades

library/modify_yaml.py

@@ -20,6 +20,24 @@ EXAMPLES = '''
     yaml_value: 2
 '''
 
+
+# pylint: disable=missing-docstring
+def set_key(yaml_data, yaml_key, yaml_value):
+    changes = []
+    ptr = yaml_data
+    for key in yaml_key.split('.'):
+        if key not in ptr and key != yaml_key.split('.')[-1]:
+            ptr[key] = {}
+            ptr = ptr[key]
+        elif key == yaml_key.split('.')[-1]:
+            if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr):
+                ptr[key] = yaml_value
+                changes.append((yaml_key, yaml_value))
+        else:
+            ptr = ptr[key]
+    return changes
+
+
 def main():
     ''' Modify key (supplied in jinja2 dot notation) in yaml file, setting
         the key to the desired value.
@@ -53,22 +71,12 @@ def main():
     yaml.add_representer(type(None), none_representer)
 
     try:
-        changes = []
 
         yaml_file = open(dest)
         yaml_data = yaml.safe_load(yaml_file.read())
         yaml_file.close()
 
-        ptr = yaml_data
-        for key in yaml_key.split('.'):
-            if key not in ptr and key != yaml_key.split('.')[-1]:
-                ptr[key] = {}
-            elif key == yaml_key.split('.')[-1]:
-                if (key in ptr and module.safe_eval(ptr[key]) != yaml_value) or (key not in ptr):
-                    ptr[key] = yaml_value
-                    changes.append((yaml_key, yaml_value))
-            else:
-                ptr = ptr[key]
+        changes = set_key(yaml_data, yaml_key, yaml_value)
 
         if len(changes) > 0:
             if backup:

playbooks/byo/openshift-cluster/upgrades/v3_2/README.md

@@ -1,10 +1,12 @@
-# v3.1 to v3.2 upgrade playbook
+# v3.2 Major and Minor Upgrade Playbook
 
 ## Overview
 This playbook currently performs the
 following steps.
 
  * Upgrade and restart master services
+ * Unschedule node.
+ * Upgrade and restart docker
  * Upgrade and restart node services
  * Modifies the subset of the configuration necessary
  * Applies the latest cluster policies
@@ -13,4 +15,4 @@ following steps.
  * Updates image streams and quickstarts
 
 ## Usage
-ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
+ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml

playbooks/byo/openshift-cluster/upgrades/v3_2/upgrade.yml

@@ -47,11 +47,19 @@
       openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}"
     when: openshift_docker_log_options is not defined
 
-- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml
+
+# Configure the upgrade target for the common upgrade tasks:
+- hosts: l_oo_all_hosts
+  tasks:
+  - set_fact:
+      openshift_upgrade_target: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
+      openshift_upgrade_min: "{{ '1.1' if deployment_type == 'origin' else '3.1' }}"
+
+- include: ../../../../common/openshift-cluster/upgrades/pre.yml
   vars:
     openshift_deployment_type: "{{ deployment_type }}"
-- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml
+- include: ../../../../common/openshift-cluster/upgrades/upgrade.yml
   vars:
     openshift_deployment_type: "{{ deployment_type }}"
 - include: ../../../openshift-master/restart.yml
-- include: ../../../../common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml
+- include: ../../../../common/openshift-cluster/upgrades/post.yml

playbooks/byo/openshift-cluster/upgrades/v3_3/README.md

@@ -0,0 +1,18 @@
+# v3.3 Major and Minor Upgrade Playbook
+
+## Overview
+This playbook currently performs the
+following steps.
+
+ * Upgrade and restart master services
+ * Unschedule node.
+ * Upgrade and restart docker
+ * Upgrade and restart node services
+ * Modifies the subset of the configuration necessary
+ * Applies the latest cluster policies
+ * Updates the default router if one exists
+ * Updates the default registry if one exists
+ * Updates image streams and quickstarts
+
+## Usage
+ansible-playbook -i ~/ansible-inventory openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml

playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml

@@ -0,0 +1,67 @@
+---
+- include: ../../../../common/openshift-cluster/verify_ansible_version.yml
+
+- hosts: localhost
+  connection: local
+  become: no
+  gather_facts: no
+  tasks:
+  - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+  - add_host:
+      name: "{{ item }}"
+      groups: l_oo_all_hosts
+    with_items: g_all_hosts | default([])
+
+- hosts: l_oo_all_hosts
+  gather_facts: no
+  tasks:
+  - include_vars: ../../../../byo/openshift-cluster/cluster_hosts.yml
+
+- include: ../../../../common/openshift-cluster/evaluate_groups.yml
+  vars:
+    # Do not allow adding hosts during upgrade.
+    g_new_master_hosts: []
+    g_new_node_hosts: []
+    openshift_cluster_id: "{{ cluster_id | default('default') }}"
+    openshift_deployment_type: "{{ deployment_type }}"
+
+- name: Set oo_options
+  hosts: oo_all_hosts
+  tasks:
+  - set_fact:
+      openshift_docker_additional_registries: "{{ lookup('oo_option', 'docker_additional_registries') }}"
+    when: openshift_docker_additional_registries is not defined
+  - set_fact:
+      openshift_docker_insecure_registries: "{{ lookup('oo_option',  'docker_insecure_registries') }}"
+    when: openshift_docker_insecure_registries is not defined
+  - set_fact:
+      openshift_docker_blocked_registries: "{{ lookup('oo_option', 'docker_blocked_registries') }}"
+    when: openshift_docker_blocked_registries is not defined
+  - set_fact:
+      openshift_docker_options: "{{ lookup('oo_option', 'docker_options') }}"
+    when: openshift_docker_options is not defined
+  - set_fact:
+      openshift_docker_log_driver: "{{ lookup('oo_option', 'docker_log_driver') }}"
+    when: openshift_docker_log_driver is not defined
+  - set_fact:
+      openshift_docker_log_options: "{{ lookup('oo_option', 'docker_log_options') }}"
+    when: openshift_docker_log_options is not defined
+
+
+# Configure the upgrade target for the common upgrade tasks:
+- hosts: l_oo_all_hosts
+  tasks:
+  - set_fact:
+      openshift_upgrade_target: "{{ '1.3' if deployment_type == 'origin' else '3.3' }}"
+      openshift_upgrade_min: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
+
+- include: ../../../../common/openshift-cluster/upgrades/pre.yml
+  vars:
+    openshift_deployment_type: "{{ deployment_type }}"
+- include: ../../../../common/openshift-cluster/upgrades/upgrade.yml
+  vars:
+    openshift_deployment_type: "{{ deployment_type }}"
+    master_config_hook: "v3_3/master_config_upgrade.yml"
+    node_config_hook: "v3_3/node_config_upgrade.yml"
+- include: ../../../openshift-master/restart.yml
+- include: ../../../../common/openshift-cluster/upgrades/post.yml

playbooks/common/openshift-cluster/enable_dnsmasq.yml

@@ -8,11 +8,12 @@
   post_tasks:
   - fail: msg="This playbook requires a master version of at least Origin 1.1 or OSE 3.1"
     when: not openshift.common.version_gte_3_1_1_or_1_1_1 | bool
-  
+
 - name: Reconfigure masters to listen on our new dns_port
   hosts: oo_masters_to_config
   handlers:
   - include: ../../../roles/openshift_master/handlers/main.yml
+    static: yes
   vars:
     os_firewall_allow:
     - service: skydns tcp
@@ -43,6 +44,7 @@
   hosts: oo_nodes_to_config
   handlers:
   - include: ../../../roles/openshift_node/handlers/main.yml
+    static: yes
   pre_tasks:
   - openshift_facts:
       role: "{{ item.role }}"

playbooks/common/openshift-cluster/upgrades/atomic-openshift-master.j2

@@ -0,0 +1 @@
+../../../../roles/openshift_master/templates/atomic-openshift-master.j2

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_node_upgrade.yml

@@ -1,7 +1,7 @@
-- include_vars: ../../../../../roles/openshift_node/vars/main.yml
+- include_vars: ../../../../roles/openshift_node/vars/main.yml
 
 - name: Update systemd units
-  include: ../../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version={{ openshift_image_tag }}
+  include: ../../../../roles/openshift_node/tasks/systemd_units.yml openshift_version={{ openshift_image_tag }}
 
 - name: Verifying the correct version was configured
   shell: grep {{ verify_upgrade_version }} {{ item }}

playbooks/common/openshift-cluster/upgrades/docker-cluster

@@ -0,0 +1 @@
+../../../../roles/openshift_master/templates/docker-cluster

playbooks/common/openshift-cluster/upgrades/master_docker

@@ -0,0 +1 @@
+../../../../roles/openshift_master/templates/master_docker

playbooks/common/openshift-cluster/upgrades/native-cluster

@@ -0,0 +1 @@
+../../../../roles/openshift_master/templates/native-cluster

playbooks/common/openshift-cluster/upgrades/openshift.docker.node.dep.service

@@ -0,0 +1 @@
+../../../../roles/openshift_node/templates/openshift.docker.node.dep.service

playbooks/common/openshift-cluster/upgrades/openshift.docker.node.service

@@ -0,0 +1 @@
+../../../../roles/openshift_node/templates/openshift.docker.node.service

playbooks/common/openshift-cluster/upgrades/openvswitch.docker.service

@@ -0,0 +1 @@
+../../../../roles/openshift_node/templates/openvswitch.docker.service

playbooks/common/openshift-cluster/upgrades/openvswitch.sysconfig.j2

@@ -0,0 +1 @@
+../../../../roles/openshift_node/templates/openvswitch.sysconfig.j2

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/post.yml

@@ -56,4 +56,3 @@
       {{ oc_cmd }} patch dc/docker-registry -n default -p
       '{"spec":{"template":{"spec":{"containers":[{"name":"registry","image":"{{ registry_image }}"}]}}}}'
       --api-version=v1
-

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml

@@ -3,7 +3,7 @@
 # Evaluate host groups and gather facts
 ###############################################################################
 
-- include: ../../initialize_facts.yml
+- include: ../initialize_facts.yml
 
 - name: Update repos and initialize facts on all hosts
   hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config
@@ -39,7 +39,6 @@
 - name: Verify upgrade can proceed on first master
   hosts: oo_first_master
   vars:
-    target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
     g_pacemaker_upgrade_url_segment: "{{ 'org/latest' if deployment_type =='origin' else '.com/enterprise/3.1' }}"
   gather_facts: no
   tasks:
@@ -63,14 +62,14 @@
   - fail:
       msg: >
         openshift_pkg_version is {{ openshift_pkg_version }} which is not a
-        valid version for a {{ target_version }} upgrade
-    when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(target_version ,'<')
+        valid version for a {{ openshift_upgrade_target }} upgrade
+    when: openshift_pkg_version is defined and openshift_pkg_version.split('-',1).1 | version_compare(openshift_upgrade_target ,'<')
 
   - fail:
       msg: >
         openshift_image_tag is {{ openshift_image_tag }} which is not a
-        valid version for a {{ target_version }} upgrade
-    when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(target_version ,'<')
+        valid version for a {{ openshift_upgrade_target }} upgrade
+    when: openshift_image_tag is defined and openshift_image_tag.split('v',1).1 | version_compare(openshift_upgrade_target ,'<')
 
   - set_fact:
       openshift_release: "{{ openshift_release[1:] }}"
@@ -79,15 +78,15 @@
   - fail:
       msg: >
         openshift_release is {{ openshift_release }} which is not a
-        valid release for a {{ target_version }} upgrade
-    when: openshift_release is defined and not openshift_release | version_compare(target_version ,'=')
+        valid release for a {{ openshift_upgrade_target }} upgrade
+    when: openshift_release is defined and not openshift_release | version_compare(openshift_upgrade_target ,'=')
 
-- include: ../../../../common/openshift-cluster/initialize_openshift_version.yml
+- include: ../../../common/openshift-cluster/initialize_openshift_version.yml
   vars:
-    # Request openshift_release 3.2 and let the openshift_version role handle converting this
+    # Request specific openshift_release and let the openshift_version role handle converting this
     # to a more specific version, respecting openshift_image_tag and openshift_pkg_version if
     # defined, and overriding the normal behavior of protecting the installed version
-    openshift_release: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
+    openshift_release: "{{ openshift_upgrade_target }}"
     openshift_protect_installed_version: False
     # Docker role (a dependency) should be told not to do anything to installed version
     # of docker, we handle this separately during upgrade. (the inventory may have a
@@ -141,7 +140,6 @@
 - name: Verify upgrade targets
   hosts: oo_masters_to_config:oo_nodes_to_config
   vars:
-    target_version: "{{ '1.2' if deployment_type == 'origin' else '3.2' }}"
     openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
   pre_tasks:
   - fail:
@@ -175,40 +173,14 @@
     register: avail_openshift_version
     when: not openshift.common.is_containerized | bool
 
-  - name: Verify OpenShift 3.2 RPMs are available for upgrade
+  - name: Verify OpenShift RPMs are available for upgrade
     fail:
-      msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 3.2 or greater is required"
-    when: deployment_type != 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<')
-
-  - name: Verify Origin 1.2 RPMs are available for upgrade
-    fail:
-      msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but 1.2 or greater is required"
-    when: deployment_type == 'origin' and not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<')
-
-  # TODO: Are these two grep checks necessary anymore?
-  # Note: the version number is hardcoded here in hopes of catching potential
-  # bugs in how g_aos_versions.curr_version is set
-  - name: Verifying the correct version is installed for upgrade
-    shell: grep 3.1.1.6 {{ item }}
-    with_items:
-      - /etc/sysconfig/openvswitch
-      - /etc/sysconfig/{{ openshift.common.service_type }}*
-    when: verify_upgrade_version is defined
-
-  - name: Verifying the image version is used in the systemd unit
-    shell: grep IMAGE_VERSION {{ item }}
-    with_items:
-      - /etc/systemd/system/openvswitch.service
-      - /etc/systemd/system/{{ openshift.common.service_type }}*.service
-    when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
-
-  - fail:
-      msg: This upgrade playbook must be run on Origin 1.1 or later
-    when: deployment_type == 'origin' and openshift.common.version | version_compare('1.1','<')
+      msg: "OpenShift {{ avail_openshift_version.stdout }} is available, but {{ openshift_upgrade_target }} or greater is required"
+    when: not openshift.common.is_containerized | bool and not avail_openshift_version | skipped and avail_openshift_version.stdout | default('0.0', True) | version_compare(openshift_release, '<')
 
   - fail:
-      msg: This upgrade playbook must be run on OpenShift Enterprise 3.1 or later
-    when: deployment_type == 'atomic-openshift' and openshift.common.version | version_compare('3.1','<')
+      msg: "This upgrade playbook must be run against OpenShift {{ openshift_upgrade_min }} or later"
+    when: deployment_type == 'origin' and openshift.common.version | version_compare(openshift_upgrade_min,'<')
 
 - name: Verify docker upgrade targets
   hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml

@@ -9,17 +9,21 @@
 - name: Upgrade master
   hosts: oo_masters_to_config
   handlers:
-  - include: ../../../../../roles/openshift_master/handlers/main.yml
+  - include: ../../../../roles/openshift_master/handlers/main.yml
+    static: yes
   roles:
   - openshift_facts
   tasks:
   - include: rpm_upgrade.yml component=master
     when: not openshift.common.is_containerized | bool
 
-  - include_vars: ../../../../../roles/openshift_master/vars/main.yml
+  - include: "{{ master_config_hook }}"
+    when: master_config_hook is defined
+
+  - include_vars: ../../../../roles/openshift_master/vars/main.yml
 
   - name: Update systemd units
-    include: ../../../../../roles/openshift_master/tasks/systemd_units.yml
+    include: ../../../../roles/openshift_master/tasks/systemd_units.yml
 
 #  - name: Upgrade master configuration
 #    openshift_upgrade_config:
@@ -28,6 +32,31 @@
 #      role: master
 #      config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}"
 
+  - name: Check for ca-bundle.crt
+    stat:
+      path: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
+    register: ca_bundle_stat
+    failed_when: false
+
+  - name: Check for ca.crt
+    stat:
+      path: "{{ openshift.common.config_base }}/master/ca.crt"
+    register: ca_crt_stat
+    failed_when: false
+
+  - name: Migrate ca.crt to ca-bundle.crt
+    command: mv ca.crt ca-bundle.crt
+    args:
+      chdir: "{{ openshift.common.config_base }}/master"
+    when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists
+
+  - name: Link ca.crt to ca-bundle.crt
+    file:
+      src: "{{ openshift.common.config_base }}/master/ca-bundle.crt"
+      path: "{{ openshift.common.config_base }}/master/ca.crt"
+      state: link
+    when: ca_crt_stat.stat.isreg and not ca_bundle_stat.stat.exists
+
 - name: Set master update status to complete
   hosts: oo_masters_to_config
   tasks:
@@ -64,7 +93,8 @@
   roles:
   - openshift_facts
   handlers:
-  - include: ../../../../../roles/openshift_node/handlers/main.yml
+  - include: ../../../../roles/openshift_node/handlers/main.yml
+    static: yes
   tasks:
   # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
   # or docker actually needs an upgrade before proceeding. Perhaps best to save this until
@@ -83,11 +113,13 @@
 
   # Only check if docker upgrade is required if docker_upgrade is not
   # already set to False.
-  - include: ../docker/upgrade_check.yml
+  - include: docker/upgrade_check.yml
     when: docker_upgrade is not defined or docker_upgrade | bool and not openshift.common.is_atomic | bool
 
-  - include: ../docker/upgrade.yml
+  - include: docker/upgrade.yml
     when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool
+  - include: "{{ node_config_hook }}"
+    when: node_config_hook is defined
 
   - include: rpm_upgrade.yml
     vars:

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/atomic-openshift-master.j2

@@ -1 +0,0 @@
-../../../../../roles/openshift_master/templates/atomic-openshift-master.j2

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker

@@ -1 +0,0 @@
-../../../../../roles/openshift_master/templates/docker

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/docker-cluster

@@ -1 +0,0 @@
-../../../../../roles/openshift_master/templates/docker-cluster

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/filter_plugins

@@ -1 +0,0 @@
-../../../../../filter_plugins

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/library

@@ -1 +0,0 @@
-../library

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/lookup_plugins

@@ -1 +0,0 @@
-../../../../../lookup_plugins

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/native-cluster

@@ -1 +0,0 @@
-../../../../../roles/openshift_master/templates/native-cluster

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.dep.service

@@ -1 +0,0 @@
-../../../../../roles/openshift_node/templates/openshift.docker.node.dep.service

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openshift.docker.node.service

@@ -1 +0,0 @@
-../../../../../roles/openshift_node/templates/openshift.docker.node.service

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.docker.service

@@ -1 +0,0 @@
-../../../../../roles/openshift_node/templates/openvswitch.docker.service

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/openvswitch.sysconfig.j2

@@ -1 +0,0 @@
-../../../../../roles/openshift_node/templates/openvswitch.sysconfig.j2

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/roles

@@ -1 +0,0 @@
-../../../../../roles

playbooks/common/openshift-cluster/upgrades/v3_3/master_config_upgrade.yml

@@ -0,0 +1,40 @@
+---
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.acceptContentTypes'
+    yaml_value: 'application/vnd.kubernetes.protobuf,application/json'
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.contentType'
+    yaml_value: 'application/vnd.kubernetes.protobuf'
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.burst'
+    yaml_value: 400
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'masterClients.externalKubernetesClientConnectionOverrides.ops'
+    yaml_value: 200
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.acceptContentTypes'
+    yaml_value: 'application/vnd.kubernetes.protobuf,application/json'
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.contentType'
+    yaml_value: 'application/vnd.kubernetes.protobuf'
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.burst'
+    yaml_value: 600
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/master/master-config.yaml"
+    yaml_key: 'masterClients.openshiftLoopbackClientConnectionOverrides.ops'
+    yaml_value: 300

playbooks/common/openshift-cluster/upgrades/v3_3/node_config_upgrade.yml

@@ -0,0 +1,21 @@
+---
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
+    yaml_key: 'masterClientConnectionOverrides.acceptContentTypes'
+    yaml_value: 'application/vnd.kubernetes.protobuf,application/json'
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
+    yaml_key: 'masterClientConnectionOverrides.contentType'
+    yaml_value: 'application/vnd.kubernetes.protobuf'
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
+    yaml_key: 'masterClientConnectionOverrides.burst'
+    yaml_value: 40
+
+- modify_yaml:
+    dest: "{{ openshift.common.config_base}}/node/node-config.yaml"
+    yaml_key: 'masterClientConnectionOverrides.ops'
+    yaml_value: 20
+

roles/openshift_master/tasks/systemd_units.yml

@@ -16,7 +16,7 @@
 # workaround for missing systemd unit files
 - name: Create the systemd unit files
   template:
-    src: "docker/master.docker.service.j2"
+    src: "master_docker/master.docker.service.j2"
     dest: "{{ containerized_svc_dir }}/{{ openshift.common.service_type }}-master.service"
   when: openshift.common.is_containerized | bool and (openshift.master.ha is not defined or not openshift.master.ha | bool)
   register: create_master_unit_file
@@ -84,12 +84,12 @@
     line: "{{ item }}"
   with_items: "{{ master_controllers_proxy.stdout_lines | default([]) }}"
   when: openshift.master.ha is defined and openshift.master.ha | bool and openshift_master_cluster_method == "native"
-        and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common 
+        and master_controllers_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
 
 - name: Install Master docker service file
   template:
     dest: "/etc/systemd/system/{{ openshift.common.service_type }}-master.service"
-    src: docker/master.docker.service.j2
+    src: master_docker/master.docker.service.j2
   register: install_result
   when: openshift.common.is_containerized | bool and openshift.master.ha is defined and not openshift.master.ha | bool
 
@@ -112,4 +112,4 @@
     dest: /etc/sysconfig/{{ openshift.common.service_type }}-master
     line: "{{ item }}"
   with_items: "{{ master_proxy.stdout_lines | default([]) }}"
-  when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common
+  when: master_proxy.rc == 0 and 'http_proxy' not in openshift.common and 'https_proxy' not in openshift.common

roles/openshift_master/templates/master.yaml.v1.j2

@@ -131,7 +131,21 @@ kubernetesMasterConfig:
 {% endif %}
 masterClients:
 {# TODO: allow user to set externalKubernetesKubeConfig #}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+  externalKubernetesClientConnectionOverrides:
+    acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+    contentType: application/vnd.kubernetes.protobuf
+    burst: 400
+    ops: 200
+{% endif %}
   externalKubernetesKubeConfig: ""
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+  openshiftLoopbackClientConnectionOverrides:
+    acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+    contentType: application/vnd.kubernetes.protobuf
+    burst: 600
+    ops: 300
+{% endif %}
   openshiftLoopbackKubeConfig: openshift-master.kubeconfig
 masterPublicURL: {{ openshift.master.public_api_url }}
 networkConfig:

roles/openshift_node/templates/node.yaml.v1.j2

@@ -12,6 +12,13 @@ imageConfig:
   latest: false
 kind: NodeConfig
 kubeletArguments: {{ openshift.node.kubelet_args | default(None) | to_padded_yaml(level=1) }}
+{% if openshift.common.version_gte_3_3_or_1_3 | bool %}
+masterClientConnectionOverrides:
+  acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
+  contentType: application/vnd.kubernetes.protobuf
+  burst: 40
+  ops: 20
+{% endif %}
 masterKubeConfig: system:node:{{ openshift.common.hostname }}.kubeconfig
 {% if openshift.common.use_openshift_sdn | bool and not openshift.common.version_gte_3_3_or_1_3 | bool %}
 networkPluginName: {{ openshift.common.sdn_network_plugin_name }}

test/modify_yaml_tests.py

@@ -0,0 +1,37 @@
+""" Tests for the modify_yaml Ansible module. """
+# pylint: disable=missing-docstring,invalid-name
+
+import os
+import sys
+import unittest
+
+sys.path = [os.path.abspath(os.path.dirname(__file__) + "/../library/")] + sys.path
+
+# pylint: disable=import-error
+from modify_yaml import set_key
+
+class ModifyYamlTests(unittest.TestCase):
+
+    def test_simple_nested_value(self):
+        cfg = {"section": {"a": 1, "b": 2}}
+        changes = set_key(cfg, 'section.c', 3)
+        self.assertEquals(1, len(changes))
+        self.assertEquals(3, cfg['section']['c'])
+
+    # Tests a previous bug where property would land in section above where it should,
+    # if the destination section did not yet exist:
+    def test_nested_property_in_new_section(self):
+        cfg = {
+            "masterClients": {
+                "externalKubernetesKubeConfig": "",
+                "openshiftLoopbackKubeConfig": "openshift-master.kubeconfig",
+            },
+        }
+
+        yaml_key = 'masterClients.externalKubernetesClientConnectionOverrides.acceptContentTypes'
+        yaml_value = 'application/vnd.kubernetes.protobuf,application/json'
+        set_key(cfg, yaml_key, yaml_value)
+        self.assertEquals(yaml_value, cfg['masterClients']
+                          ['externalKubernetesClientConnectionOverrides']
+                          ['acceptContentTypes'])
+