Add playbook to update reg-auth credentials

This commit adds playbook to update reg-auth credentials,
but does not update oreg config in master's config.

playbooks/container-runtime/private/registry_auth.yml

@@ -0,0 +1,9 @@
+---
+# This playbook is intended to be included from playbooks/updates/registry_auth.yml
+
+- name: Update registry authentication credentials
+  hosts: oo_nodes_to_config
+  tasks:
+  - import_role:
+      name: container_runtime
+      tasks_from: registry_auth.yml

playbooks/openshift-master/private/registry_auth.yml

@@ -0,0 +1,9 @@
+---
+# This playbook is intended to be included from playbooks/updates/registry_auth.yml
+- name: Update master registry_auth
+  hosts: oo_masters_to_config
+  serial: 1
+  tasks:
+  - import_role:
+      name: openshift_control_plane
+      tasks_from: registry_auth.yml

playbooks/openshift-node/private/registry_auth.yml

@@ -0,0 +1,47 @@
+---
+# This playbook is intended to be included from playbooks/updates/registry_auth.yml
+
+- name: Update registry authentication credentials
+  hosts: oo_nodes_to_config
+  tasks:
+  - import_role:
+      name: openshift_node
+      tasks_from: registry_auth.yml
+  # If there were previously no authenticated registries, the credential file
+  # won't be mounted in the system container;  Need to rerun this step to ensure
+  # additional mounts are provided.
+  - import_role:
+      name: openshift_node
+      tasks_from: node_system_container_install.yml
+    when: openshift_is_atomic
+
+- name: Restart nodes
+  hosts: oo_nodes_to_config
+  serial: "{{ openshift_restart_nodes_serial | default(1) }}"
+  roles:
+  - lib_openshift
+  - openshift_facts
+  tasks:
+  - name: restart node
+    service:
+      name: "{{ openshift_service_type }}-node"
+      state: restarted
+      daemon-reload: yes
+
+  - name: Wait for node to be ready
+    oc_obj:
+      state: list
+      kind: node
+      name: "{{ openshift.node.nodename | lower }}"
+    register: node_output
+    delegate_to: "{{ groups.oo_first_master.0 }}"
+    when: inventory_hostname in groups.oo_nodes_to_config
+    until:
+    - node_output.results is defined
+    - node_output.results.returncode is defined
+    - node_output.results.results is defined
+    - node_output.results.returncode == 0
+    - node_output.results.results[0].status.conditions | selectattr('type', 'match', '^Ready$') | map(attribute='status') | join | bool == True
+    # Give the node three minutes to come back online.
+    retries: 36
+    delay: 5

playbooks/updates/README.md

@@ -0,0 +1,7 @@
+# Updating config files
+
+The plays in this directory are for updating existing configuration files
+of various types.
+
+These plays are not for upgrading the version of OpenShift, those plays are in
+playbooks/common/openshift-cluster/upgrades/v<upgrade version>/.

playbooks/updates/registry_auth.yml

@@ -0,0 +1,8 @@
+---
+- import_playbook: ../init/main.yml
+
+- import_playbook: ../container-runtime/private/registry_auth.yml
+
+- import_playbook: ../openshift-node/private/registry_auth.yml
+
+- import_playbook: ../openshift-master/private/registry_auth.yml

roles/openshift_node/tasks/node_system_container.yml

@@ -37,33 +37,7 @@
   until: pull_result.rc == 0
   changed_when: "'Pulling layer' in pull_result.stdout"
 
-- name: Install or Update node system container
-  oc_atomic_container:
-    name: "{{ openshift_service_type }}-node"
-    image: "{{ system_osn_image }}"
-    values:
-    - "DNS_DOMAIN={{ openshift.common.dns_domain }}"
-    - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service"
-    - 'ADDTL_MOUNTS={{ l_node_syscon_add_mounts2 }}'
-    state: latest
-  vars:
-    # We need to evaluate some variables here to ensure
-    # l_bind_docker_reg_auth is evaluated after registry_auth.yml has been
-    # processed.
-
-    # Determine if we want to include auth credentials mount.
-    l_node_syscon_auth_mounts_l: "{{ l_bind_docker_reg_auth | ternary(openshift_node_syscon_auth_mounts_l,[]) }}"
-
-    # Join any user-provided mounts and auth_mounts into a combined list.
-    l_node_syscon_add_mounts_l: "{{ openshift_node_syscon_add_mounts_l | union(l_node_syscon_auth_mounts_l) }}"
-
-    # We must prepend a ',' here to ensure the value is inserted properly into an
-    # existing json list in the container's config.json
-    # lib_utils_oo_l_of_d_to_csv is a custom filter plugin in roles/lib_utils/oo_filters.py
-    l_node_syscon_add_mounts: ",{{ l_node_syscon_add_mounts_l | lib_utils_oo_l_of_d_to_csv }}"
-    # if we have just a ',' then both mount lists were empty, we don't want to add
-    # anything to config.json
-    l_node_syscon_add_mounts2: "{{ (l_node_syscon_add_mounts != ',') | bool | ternary(l_node_syscon_add_mounts,'') }}"
+- import_tasks: node_system_container_install.yml
 
 # TODO: network manager on RHEL is failing to execute 99-origin-dns.sh with signal 13, an immediate
 # restart seems to allow the job to configure. Only occurs with system containers.

roles/openshift_node/tasks/node_system_container_install.yml

@@ -0,0 +1,28 @@
+---
+- name: Install or Update node system container
+  oc_atomic_container:
+    name: "{{ openshift_service_type }}-node"
+    image: "{{ system_osn_image }}"
+    values:
+    - "DNS_DOMAIN={{ openshift.common.dns_domain }}"
+    - "DOCKER_SERVICE={{ openshift_docker_service_name }}.service"
+    - 'ADDTL_MOUNTS={{ l_node_syscon_add_mounts2 }}'
+    state: latest
+  vars:
+    # We need to evaluate some variables here to ensure
+    # l_bind_docker_reg_auth is evaluated after registry_auth.yml has been
+    # processed.
+
+    # Determine if we want to include auth credentials mount.
+    l_node_syscon_auth_mounts_l: "{{ l_bind_docker_reg_auth | ternary(openshift_node_syscon_auth_mounts_l,[]) }}"
+
+    # Join any user-provided mounts and auth_mounts into a combined list.
+    l_node_syscon_add_mounts_l: "{{ openshift_node_syscon_add_mounts_l | union(l_node_syscon_auth_mounts_l) }}"
+
+    # We must prepend a ',' here to ensure the value is inserted properly into an
+    # existing json list in the container's config.json
+    # lib_utils_oo_l_of_d_to_csv is a custom filter plugin in roles/lib_utils/oo_filters.py
+    l_node_syscon_add_mounts: ",{{ l_node_syscon_add_mounts_l | lib_utils_oo_l_of_d_to_csv }}"
+    # if we have just a ',' then both mount lists were empty, we don't want to add
+    # anything to config.json
+    l_node_syscon_add_mounts2: "{{ (l_node_syscon_add_mounts != ',') | bool | ternary(l_node_syscon_add_mounts,'') }}"