8 anni fa · 910e23336d
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade.yml
@@ -41,10 +41,12 @@
 
				     # defined, and overriding the normal behavior of protecting the installed version
			
 
				     openshift_release: "{{ openshift_upgrade_target }}"
			
 
				     openshift_protect_installed_version: False
			
 
				-    # Docker role (a dependency) should be told not to do anything to installed version
			
 
				-    # of docker, we handle this separately during upgrade. (the inventory may have a
			
 
				-    # docker_version defined, we don't want to actually do it until later)
			
 
				-    docker_protect_installed_version: True
			
 
				+
			
 
				+    # We skip the docker role at this point in upgrade to prevent
			
 
				+    # unintended package, container, or config upgrades which trigger
			
 
				+    # docker restarts. At this early stage of upgrade we can assume
			
 
				+    # docker is configured and running.
			
 
				+    skip_docker_role: True
			
 
				 
			
 
				 - include: ../../../../common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml
			
 
				 
			
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_control_plane.yml
@@ -48,10 +48,12 @@
 
				     # defined, and overriding the normal behavior of protecting the installed version
			
 
				     openshift_release: "{{ openshift_upgrade_target }}"
			
 
				     openshift_protect_installed_version: False
			
 
				-    # Docker role (a dependency) should be told not to do anything to installed version
			
 
				-    # of docker, we handle this separately during upgrade. (the inventory may have a
			
 
				-    # docker_version defined, we don't want to actually do it until later)
			
 
				-    docker_protect_installed_version: True
			
 
				+
			
 
				+    # We skip the docker role at this point in upgrade to prevent
			
 
				+    # unintended package, container, or config upgrades which trigger
			
 
				+    # docker restarts. At this early stage of upgrade we can assume
			
 
				+    # docker is configured and running.
			
 
				+    skip_docker_role: True
			
 
				 
			
 
				 - include: ../../../../common/openshift-cluster/upgrades/pre/verify_control_plane_running.yml
			
 
				 
			
--- a/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml
+++ b/playbooks/byo/openshift-cluster/upgrades/v3_3/upgrade_nodes.yml
@@ -42,10 +42,12 @@
 
				     # defined, and overriding the normal behavior of protecting the installed version
			
 
				     openshift_release: "{{ openshift_upgrade_target }}"
			
 
				     openshift_protect_installed_version: False
			
 
				-    # Docker role (a dependency) should be told not to do anything to installed version
			
 
				-    # of docker, we handle this separately during upgrade. (the inventory may have a
			
 
				-    # docker_version defined, we don't want to actually do it until later)
			
 
				-    docker_protect_installed_version: True
			
 
				+
			
 
				+    # We skip the docker role at this point in upgrade to prevent
			
 
				+    # unintended package, container, or config upgrades which trigger
			
 
				+    # docker restarts. At this early stage of upgrade we can assume
			
 
				+    # docker is configured and running.
			
 
				+    skip_docker_role: True
			
 
				 
			
 
				 - name: Verify masters are already upgraded
			
 
				   hosts: oo_masters_to_config
			
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
@@ -111,9 +111,9 @@
 
				     origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}"
			
 
				     ent_reconcile_bindings: true
			
 
				     openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
			
 
				-    # Similar to pre.yml, we don't want to upgrade docker during the openshift_cli role,
			
 
				-    # it will be updated when we perform node upgrade.
			
 
				-    docker_protect_installed_version: True
			
 
				+    # Another spot where we assume docker is running and do not want to accidentally trigger an unsafe
			
 
				+    # restart.
			
 
				+    skip_docker_role: True
			
 
				   tasks:
			
 
				   - name: Verifying the correct commandline tools are available
			
 
				     shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
			
--- a/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
+++ b/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml
@@ -7,10 +7,11 @@
 
				   any_errors_fatal: true
			
 
				   roles:
			
 
				   - openshift_facts
			
 
				+  - docker
			
 
				   handlers:
			
 
				   - include: ../../../../roles/openshift_node/handlers/main.yml
			
 
				     static: yes
			
 
				-  tasks:
			
 
				+  pre_tasks:
			
 
				   # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
			
 
				   # or docker actually needs an upgrade before proceeding. Perhaps best to save this until
			
 
				   # we merge upgrade functionality into the base roles and a normal config.yml playbook run.
			
@@ -37,7 +38,7 @@
 
				       {{ openshift.common.admin_binary }} manage-node {{ openshift.node.nodename | lower }} --evacuate --force
			
 
				     delegate_to: "{{ groups.oo_first_master.0 }}"
			
 
				     when: inventory_hostname in groups.oo_nodes_to_upgrade
			
 
				-
			
 
				+  tasks:
			
 
				   - include: docker/upgrade.yml
			
 
				     when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool
			
 
				 
			
--- a/roles/docker/defaults/main.yml
+++ b/roles/docker/defaults/main.yml
@@ -1,2 +1 @@
 
				 ---
			
 
				-docker_protect_installed_version: False
			
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -11,7 +11,7 @@
 
				 - name: Error out if Docker pre-installed but too old
			
 
				   fail:
			
 
				     msg: "Docker {{ curr_docker_version.stdout }} is installed, but >= 1.9.1 is required."
			
 
				-  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined and not docker_protect_installed_version | bool
			
 
				+  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.9.1', '<') and not docker_version is defined
			
 
				 
			
 
				 - name: Error out if requested Docker is too old
			
 
				   fail:
			
@@ -31,19 +31,19 @@
 
				 - name: Fail if Docker version requested but downgrade is required
			
 
				   fail:
			
 
				     msg: "Docker {{ curr_docker_version.stdout }} is installed, but version {{ docker_version }} was requested."
			
 
				-  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>') and not docker_protect_installed_version | bool
			
 
				+  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and docker_version is defined and curr_docker_version.stdout | version_compare(docker_version, '>')
			
 
				 
			
 
				 # This involves an extremely slow migration process, users should instead run the
			
 
				 # Docker 1.10 upgrade playbook to accomplish this.
			
 
				 - name: Error out if attempting to upgrade Docker across the 1.10 boundary
			
 
				   fail:
			
 
				     msg: "Cannot upgrade Docker to >= 1.10, please upgrade or remove Docker manually, or use the Docker upgrade playbook if OpenShift is already installed."
			
 
				-  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=') and not docker_protect_installed_version | bool
			
 
				+  when: not curr_docker_version | skipped and curr_docker_version.stdout != '' and curr_docker_version.stdout | version_compare('1.10', '<') and docker_version is defined and docker_version | version_compare('1.10', '>=')
			
 
				 
			
 
				 # Make sure Docker is installed, but does not update a running version.
			
 
				 # Docker upgrades are handled by a separate playbook.
			
 
				 - name: Install Docker
			
 
				-  action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined and not docker_protect_installed_version | bool else '' }} state=present"
			
 
				+  action: "{{ ansible_pkg_mgr }} name=docker{{ '-' + docker_version if docker_version is defined else '' }} state=present"
			
 
				   when: not openshift.common.is_atomic | bool
			
 
				 
			
 
				 - name: Start the Docker service
			
--- a/roles/openshift_cli/meta/main.yml
+++ b/roles/openshift_cli/meta/main.yml
@@ -13,5 +13,6 @@ galaxy_info:
 
				   - cloud
			
 
				 dependencies:
			
 
				 - role: openshift_docker
			
 
				+  when: not skip_docker_role | default(False) | bool
			
 
				 - role: openshift_common
			
 
				 - role: openshift_cli_facts
			
--- a/roles/openshift_version/meta/main.yml
+++ b/roles/openshift_version/meta/main.yml
@@ -15,4 +15,4 @@ dependencies:
 
				 - role: openshift_repos
			
 
				 - role: openshift_docker_facts
			
 
				 - role: docker
			
 
				-  when: openshift.common.is_containerized | default(False) | bool
			
 
				+  when: openshift.common.is_containerized | default(False) | bool and not skip_docker_role | default(False) | bool