vsphere svc fix upgrade and datastore fix

playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml

@@ -44,6 +44,16 @@
   roles:
   - openshift_master_facts
 
+- name: configure vsphere svc account
+  hosts: oo_first_master
+  tasks:
+  - include_role:
+      name: openshift_cloud_provider
+      tasks_from: vsphere-svc
+    when:
+    - openshift_cloudprovider_kind in 'vsphere'
+    - openshift_version | version_compare('3.9', '>=')
+
 # The main master upgrade play. Should handle all changes to the system in one pass, with
 # support for optional hooks to be defined.
 - name: Upgrade master
@@ -63,6 +73,14 @@
       name: openshift_master
       tasks_from: upgrade.yml
 
+  - name: update vsphere provider master config
+    include_role:
+      name: openshift_master
+      tasks_from: update-vsphere
+    when:
+    - openshift_cloudprovider_kind in 'vsphere'
+    - openshift_version | version_compare('3.9', '>=')
+
   # Run the upgrade hook prior to restarting services/system if defined:
   - debug: msg="Running master upgrade hook {{ openshift_master_upgrade_hook }}"
     when: openshift_master_upgrade_hook is defined

roles/openshift_cloud_provider/files/vsphere-svc.yml

@@ -0,0 +1,47 @@
+apiVersion: v1
+kind: ClusterRole
+metadata:
+  annotations:
+    authorization.openshift.io/system-only: "true"
+    openshift.io/reconcile-protect: "false"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:vsphere-cloud-provider
+rules:
+- apiGroups:
+  - ""
+  attributeRestrictions: null
+  resources:
+  - nodes
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ""
+  attributeRestrictions: null
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+  - update
+
+---
+apiVersion: v1
+groupNames: null
+kind: ClusterRoleBinding
+metadata:
+  annotations:
+    openshift.io/reconcile-protect: "false"
+  labels:
+    kubernetes.io/bootstrapping: rbac-defaults
+  name: system:vsphere-cloud-provider
+roleRef:
+  name: system:vsphere-cloud-provider
+subjects:
+- kind: ServiceAccount
+  name: vsphere-cloud-provider
+  namespace: kube-system
+userNames:
+- system:serviceaccount:kube-system:vsphere-cloud-provider

roles/openshift_cloud_provider/tasks/vsphere-svc.yml

@@ -0,0 +1,24 @@
+---
+- name: Check to see if the vsphere cluster role already exists
+  command: oc get clusterrole
+  register: cluster_role
+
+- block:
+  - name: Create svc acccount file
+    copy:
+      dest: /tmp/vsphere-svc.yml
+      src: vsphere-svc.yml
+      owner: root
+      mode: 0400
+
+  - name: Create vsphere-svc on cluster
+    run_once: true
+    command: oc create -f /tmp/vsphere-svc.yml
+
+  - name: Remove vsphere-svc file
+    run_once: true
+    file:
+      path: /tmp/vsphere-svc.yml
+      state: absent
+
+  when: "'system:vsphere-cloud-provider' not in cluster_role.stdout"

roles/openshift_default_storage_class/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 # Must not be blank if you're using vsphere
-openshift_cloudprovider_vsphere_datacenter: ''
+openshift_cloudprovider_vsphere_datastore: ''
 
 openshift_storageclass_defaults:
   aws:
@@ -26,7 +26,7 @@ openshift_storageclass_defaults:
     provisioner: vsphere-volume
     name: standard
     parameters:
-      datastore: "{{ openshift_cloudprovider_vsphere_datacenter }}"
+      datastore: "{{ openshift_cloudprovider_vsphere_datastore }}"
 
 openshift_storageclass_default: "true"
 openshift_storageclass_name: "{{ openshift_storageclass_defaults[openshift_cloudprovider_kind]['name'] }}"

roles/openshift_master/tasks/main.yml

@@ -258,6 +258,21 @@
   retries: 1
   delay: 60
 
+- name: configure vsphere svc account
+  include_role:
+    name: openshift_cloud_provider
+    tasks_from: vsphere-svc
+  when:
+  - openshift_cloudprovider_kind in 'vsphere'
+  - openshift_version | version_compare('3.9', '>=')
+  - inventory_hostname == openshift_master_hosts[0]
+
+- name: update vsphere provider master config
+  include_tasks: update-vsphere.yml
+  when:
+  - openshift_cloudprovider_kind in 'vsphere'
+  - openshift_version | version_compare('3.9', '>=')
+
 - name: Dump logs from master-controllers if it failed
   command: journalctl --no-pager -n 100 -u {{ openshift_service_type }}-master-controllers
   when:

roles/openshift_master/tasks/update-vsphere.yml

@@ -0,0 +1,20 @@
+---
+- name: modify controller args
+  yedit:
+    src: /etc/origin/master/master-config.yaml
+    edits:
+    - key: kubernetesMasterConfig.controllerArguments.cloud-config
+      value:
+      - "{{ openshift.common.config_base }}/cloudprovider/vsphere.conf"
+    - key: kubernetesMasterConfig.controllerArguments.cloud-provider
+      value:
+      - vsphere
+    - key: kubernetesMasterConfig.apiServerArguments.cloud-config
+      value:
+      - "{{ openshift.common.config_base }}/cloudprovider/vsphere.conf"
+    - key: kubernetesMasterConfig.apiServerArguments.cloud-provider
+      value:
+      - vsphere
+  notify:
+  - restart master controllers
+  - restart master api