Correctly set the image tag for containerized installs (and upgrades)

playbooks/adhoc/uninstall.yml

@@ -193,6 +193,7 @@
         - /etc/sysconfig/atomic-openshift-node
         - /etc/sysconfig/openshift-master
         - /etc/sysconfig/openshift-node
+        - /etc/sysconfig/openvswitch
         - /etc/sysconfig/origin-master
         - /etc/sysconfig/origin-master-api
         - /etc/sysconfig/origin-master-controllers

playbooks/common/openshift-cluster/upgrades/files/ensure_system_units_have_version.sh

@@ -32,7 +32,7 @@ add_image_version_to_unit () {
     fi
 }
 
-for unit_file in $(ls /etc/systemd/system/${SERVICE_TYPE}*.service | head -n1); do
+for unit_file in $(ls /etc/systemd/system/${SERVICE_TYPE}*.service); do
     unit_name=$(basename -s .service ${unit_file})
     add_image_version_to_sysconfig $VERSION $unit_name
     add_image_version_to_unit $DEPLOYMENT_TYPE $unit_file
@@ -41,7 +41,6 @@ done
 if [ -e /etc/sysconfig/openvswitch ]; then
     add_image_version_to_sysconfig $VERSION openvswitch
 else
-    # TODO: add this to config.yml
     echo IMAGE_VERSION=${VERSION} > /etc/sysconfig/openvswitch
 fi 
 if ! grep EnvironmentFile /etc/systemd/system/openvswitch.service > /dev/null; then

playbooks/common/openshift-cluster/upgrades/files/rpm_versions.sh

@@ -1,23 +1,7 @@
 #!/bin/bash
 
-while getopts ":c" opt; do
-  case $opt in
-    c)
-      echo "-c was triggered!" >&2
-      containerized="TRUE"
-      ;;
-    \?)
-      echo "Invalid option: -$OPTARG" >&2
-      ;;
-  esac
-done
-
-if [ "${containerized}" == "TRUE" ] ; then
-  docker exec atomic-openshift-master rpm -q atomic-openshift 
-else
-  installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ')
-  available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ')
-fi 
+installed=$(yum list installed -e 0 -q "$@" 2>&1 | tail -n +2 | awk '{ print $2 }' | sort -r | tr '\n' ' ')
+available=$(yum list available -e 0 -q "$@" 2>&1 | tail -n +2 | grep -v 'el7ose' | awk '{ print $2 }' | sort -r | tr '\n' ' ')
 
 echo "---"
 echo "curr_version: ${installed}"

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/containerized_upgrade.yml

@@ -1,6 +1,2 @@
 - name: Update system_units
   script: ../files/ensure_system_units_have_version.sh {{ openshift.common.service_type }} {{ openshift.common.deployment_type }} {{ g_new_version }}
-
-- name: Ensure python-yaml present for config upgrade
-  action: "{{ ansible_pkg_mgr }} name=PyYAML state=present"
-  when: not openshift.common.is_atomic | bool

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/pre.yml

@@ -7,11 +7,6 @@
   roles:
   - openshift_facts
 
-- name: Load openshift_facts
-  hosts: oo_masters_to_config:oo_nodes_to_config:oo_etcd_to_config:oo_lb_to_config
-  roles:
-  - openshift_facts
-
 - name: Evaluate additional groups for upgrade
   hosts: localhost
   connection: local
@@ -35,9 +30,9 @@
   tasks:
   - fail:
       msg: >
-        This upgrade is only supported for origin, openshift-enterprise, and online
+        This upgrade is only supported for atomic-enterprise, origin, openshift-enterprise, and online
         deployment types
-    when: deployment_type not in ['origin','openshift-enterprise', 'online']
+    when: deployment_type not in ['atomic-enterprise', 'origin','openshift-enterprise', 'online']
 
   - fail:
       msg: >

playbooks/common/openshift-cluster/upgrades/v3_1_to_v3_2/upgrade.yml

@@ -11,8 +11,6 @@
 ###############################################################################
 - name: Upgrade master container
   hosts: oo_masters_to_config
-  roles:
-  - openshift_cli
   tasks:
   - include: rpm_upgrade.yml component=master
     when: not openshift.common.is_containerized | bool
@@ -56,8 +54,6 @@
 ###############################################################################
 - name: Upgrade nodes
   hosts: oo_nodes_to_config
-  roles:
-  - openshift_facts
   tasks:
   - include: rpm_upgrade.yml
     vars:
@@ -68,7 +64,8 @@
   - include: containerized_upgrade.yml
     when: openshift.common.is_containerized | bool
 
-  - name: Restart node service
+  # This will restart the node
+  - name: Restart openvswitch service
     service: name="{{ openshift.common.service_type }}-node" state=restarted
 
   - set_fact:
@@ -97,6 +94,8 @@
 ###############################################################################
 - name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
   hosts: oo_masters_to_config
+  roles:
+  - { role: openshift_cli, image_tag: "v{{ g_new_version }}"  }
   vars:
     origin_reconcile_bindings: "{{ deployment_type == 'origin' and g_new_version | version_compare('1.0.6', '>') }}"
     ent_reconcile_bindings: true

roles/openshift_cli/templates/openshift.j2

@@ -5,10 +5,11 @@ fi
 cmd=`basename $0`
 user=`id -u`
 group=`id -g`
+image_tag={{ image_tag | default(openshift.common.image_tag) }}
 
 >&2 echo """
 ================================================================================
-ATTENTION: You are running ${cmd} via a wrapper around 'docker run {{ openshift.common.cli_image }}'.
+ATTENTION: You are running ${cmd} via a wrapper around 'docker run {{ openshift.common.cli_image }}:${image_tag}'.
 This wrapper is intended only to be used to bootstrap an environment. Please
 install client tools on another host once you have granted cluster-admin
 privileges to a user. 
@@ -20,26 +21,4 @@ See https://docs.openshift.org/latest/cli_reference/get_started_cli.html
 =================================================================================
 """
 
-container="{{ openshift.common.service_type }}-master"
-is_running=false
-
-docker19_status=`docker inspect -f {% raw %}'{{ .State.Status }}'{% endraw %} $container`
-if [ "$docker19_status" == "<no value>"  ]; then
-    if docker inspect -f {% raw %}'{{ .State.Running }}'{% endraw %} $container | grep -i true > /dev/null; then
-        is_running=true
-    fi
-elif [ "$docker19_status" == "running"  ]; then
-   is_running=true
-fi
-
-if $is_running; then
-    image=:`docker inspect -f {% raw %}'{{ .Image }}'{% endraw %} {{ openshift.common.service_type }}-master`
-else
-    >&2 echo """
-
-Warning: {{ openshift.common.service_type }}-master service is not running.  Using the latest image.
-    """
-    image=:latest
-fi
-
-docker run -i --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }}${image} "${@}"
+docker run -i --privileged --net=host --user=${user}:${group} -v ~/.kube:/root/.kube -v /tmp:/tmp -v {{ openshift.common.config_base}}:{{ openshift.common.config_base }} -e KUBECONFIG=/root/.kube/config --entrypoint ${cmd} --rm {{ openshift.common.cli_image }}:${image_tag} "${@}"

roles/openshift_facts/library/openshift_facts.py

@@ -713,7 +713,7 @@ def set_version_facts_if_unset(facts):
     """
     if 'common' in facts:
         deployment_type = facts['common']['deployment_type']
-        facts['common']['version'] = version = get_openshift_version()
+        facts['common']['version'] = version = get_openshift_version(facts)
         if version is not None:
             if deployment_type == 'origin':
                 version_gte_3_1_or_1_1 = LooseVersion(version) >= LooseVersion('1.1.0')
@@ -873,22 +873,65 @@ def get_current_config(facts):
 
     return current_config
 
-def get_openshift_version():
+def get_openshift_version(facts, cli_image=None):
     """ Get current version of openshift on the host
 
+        Args:
+            facts (dict): existing facts
+            optional cli_image for pulling the version number
+
         Returns:
             version: the current openshift version
     """
     version = None
 
+    # No need to run this method repeatedly on a system if we already know the
+    # version
+    if 'common' in facts:
+        if 'version' in facts['common'] and facts['common']['version'] is not None:
+            return facts['common']['version']
+
     if os.path.isfile('/usr/bin/openshift'):
         _, output, _ = module.run_command(['/usr/bin/openshift', 'version'])
-        versions = dict(e.split(' v') for e in output.splitlines() if ' v' in e)
-        version = versions.get('openshift', '')
+        version = parse_openshift_version(output)
+
+    if 'is_containerized' in facts['common'] and facts['common']['is_containerized']:
+        container = None
+        if 'master' in facts:
+            if 'cluster_method' in facts['master']:
+                container = facts['common']['service_type'] + '-master-api'
+            else:
+                container = facts['common']['service_type'] + '-master'
+        elif 'node' in facts:
+            container = facts['common']['service_type'] + '-node'
+
+        if container is not None:
+            exit_code, output, _ = module.run_command(['docker', 'exec', container, 'openshift', 'version'])
+            # if for some reason the container is installed by not running
+            # we'll fall back to using docker run later in this method.
+            if exit_code == 0:
+                version = parse_openshift_version(output)
+
+        if version is None and cli_image is not None:
+            # Assume we haven't installed the environment yet and we need
+            # to query the latest image
+            exit_code, output, _ = module.run_command(['docker', 'run', '--rm', cli_image, 'version'])
+            version = parse_openshift_version(output)
 
-        #TODO: acknowledge the possility of a containerized install
     return version
 
+def parse_openshift_version(output):
+    """ Apply provider facts to supplied facts dict
+
+        Args:
+            string: output of 'openshift version'
+        Returns:
+            string: the version number
+    """
+    versions = dict(e.split(' v') for e in output.splitlines() if ' v' in e)
+    return versions.get('openshift', '')
+
+
 def apply_provider_facts(facts, provider_facts):
     """ Apply provider facts to supplied facts dict
 
@@ -1093,6 +1136,8 @@ def set_container_facts_if_unset(facts):
     if bool(strtobool(str(facts['common']['is_containerized']))):
         facts['common']['admin_binary'] = '/usr/local/bin/oadm'
         facts['common']['client_binary'] = '/usr/local/bin/oc'
+        base_version = get_openshift_version(facts, cli_image).split('-')[0]
+        facts['common']['image_tag'] = "v" + base_version
 
     return facts
 

roles/openshift_master/templates/atomic-openshift-master.j2

@@ -1,5 +1,8 @@
 OPTIONS=--loglevel={{ openshift.master.debug_level }}
 CONFIG_FILE={{ openshift_master_config_file }}
+{% if openshift.common.is_containerized %}
+IMAGE_VERSION={{ openshift.common.image_tag }}
+{% endif %}
 
 # Proxy configuration
 # Origin uses standard HTTP_PROXY environment variables. Be sure to set

roles/openshift_master/templates/docker-cluster/atomic-openshift-master-api.service.j2

@@ -12,7 +12,7 @@ PartOf=docker.service
 EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-api
 Environment=GOTRACEBACK=crash
 ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-api
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master api --config=${CONFIG_FILE} $OPTIONS
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-api -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master api --config=${CONFIG_FILE} $OPTIONS
 ExecStartPost=/usr/bin/sleep 10
 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-api
 LimitNOFILE=131072

roles/openshift_master/templates/docker-cluster/atomic-openshift-master-controllers.service.j2

@@ -11,7 +11,7 @@ PartOf=docker.service
 EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master-controllers
 Environment=GOTRACEBACK=crash
 ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type}}-master-controllers
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master controllers --config=${CONFIG_FILE} $OPTIONS
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master-controllers -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master controllers --config=${CONFIG_FILE} $OPTIONS
 ExecStartPost=/usr/bin/sleep 10
 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master-controllers
 LimitNOFILE=131072

roles/openshift_master/templates/docker/master.docker.service.j2

@@ -7,7 +7,7 @@ PartOf=docker.service
 [Service]
 EnvironmentFile=/etc/sysconfig/{{ openshift.common.service_type }}-master
 ExecStartPre=-/usr/bin/docker rm -f {{ openshift.common.service_type }}-master
-ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }} start master --config=${CONFIG_FILE} $OPTIONS
+ExecStart=/usr/bin/docker run --rm --privileged --net=host --name {{ openshift.common.service_type }}-master -v {{ openshift.common.data_dir }}:{{ openshift.common.data_dir }} -v /var/run/docker.sock:/var/run/docker.sock -v {{ openshift.common.config_base }}:{{ openshift.common.config_base }} {{ openshift.master.master_image }}:${IMAGE_VERSION} start master --config=${CONFIG_FILE} $OPTIONS
 ExecStartPost=/usr/bin/sleep 10
 ExecStop=/usr/bin/docker stop {{ openshift.common.service_type }}-master
 Restart=always

roles/openshift_master/templates/native-cluster/atomic-openshift-master-api.j2

@@ -1,5 +1,8 @@
 OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.api_port }} --master={{ openshift.master.loopback_api_url }}
 CONFIG_FILE={{ openshift_master_config_file }}
+{% if openshift.common.is_containerized %}
+IMAGE_VERSION={{ openshift.common.image_tag }}
+{% endif %}
 
 # Proxy configuration
 # Origin uses standard HTTP_PROXY environment variables. Be sure to set

roles/openshift_master/templates/native-cluster/atomic-openshift-master-controllers.j2

@@ -1,5 +1,8 @@
 OPTIONS=--loglevel={{ openshift.master.debug_level }} --listen={{ 'https' if openshift.master.api_use_ssl else 'http' }}://{{ openshift.master.bind_addr }}:{{ openshift.master.controllers_port }}
 CONFIG_FILE={{ openshift_master_config_file }}
+{% if openshift.common.is_containerized %}
+IMAGE_VERSION={{ openshift.common.image_tag }}
+{% endif %}
 
 # Proxy configuration
 # Origin uses standard HTTP_PROXY environment variables. Be sure to set

roles/openshift_node/handlers/main.yml

@@ -5,3 +5,6 @@
 
 - name: restart docker
   service: name=docker state=restarted
+
+- name: restart openvswitch
+  service: name=openvswitch state=restarted

roles/openshift_node/tasks/main.yml

@@ -62,12 +62,20 @@
   register: install_node_result
   when: openshift.common.is_containerized | bool
 
+- name: Create the openvswitch service env file
+  template:
+    src: openvswitch.sysconfig.j2
+    dest: /etc/sysconfig/openvswitch
+  when: openshift.common.is_containerized | bool
+  register: install_ovs_sysconfig
+
 - name: Install OpenvSwitch docker service file
   template:
     dest: "/etc/systemd/system/openvswitch.service"
     src: openvswitch.docker.service
-  register: install_ovs_result
   when: openshift.common.is_containerized | bool and openshift.common.use_openshift_sdn | bool
+  notify:
+  - restart openvswitch
 
 - name: Reload systemd units
   command: systemctl daemon-reload
@@ -101,6 +109,8 @@
       line: "OPTIONS=--loglevel={{ openshift.node.debug_level }}"
     - regex: '^CONFIG_FILE='
       line: "CONFIG_FILE={{ openshift_node_config_file }}"
+    - regex: '^IMAGE_VERSION='
+      line: "IMAGE_VERSION=v{{ openshift.common.version.split('-')[0] }}"
   notify:
   - restart node
 

roles/openshift_node/templates/openvswitch.docker.service

@@ -4,8 +4,9 @@ Requires=docker.service
 PartOf=docker.service
 
 [Service]
+EnvironmentFile=/etc/sysconfig/openvswitch
 ExecStartPre=-/usr/bin/docker rm -f openvswitch
-ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }}
+ExecStart=/usr/bin/docker run --name openvswitch --rm --privileged --net=host --pid=host -v /lib/modules:/lib/modules -v /run:/run -v /sys:/sys:ro -v /etc/origin/openvswitch:/etc/openvswitch {{ openshift.node.ovs_image }}:${IMAGE_VERSION}
 ExecStartPost=/usr/bin/sleep 5
 ExecStop=/usr/bin/docker stop openvswitch
 Restart=always

roles/openshift_node/templates/openvswitch.sysconfig.j2

@@ -0,0 +1 @@
+IMAGE_VERSION={{ openshift.common.image_tag }}