Home Explore Help
Register Sign In
shixiong
/
okd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #3517 from ewolinetz/idempotency_role_bindings

Adding changed_whens for role, rolebinding, and scc reconciliation ba…
Eric Wolinetz 8 years ago
parent
3e1557ad80 352917ae21
commit
f017f5afc8
1 changed files with 20 additions and 4 deletions
Split View Show Diff Stats
  1. 20 4
      playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml

+ 20 - 4
playbooks/common/openshift-cluster/upgrades/upgrade_control_plane.yml
View File 

@@ -173,7 +173,11 @@
 
   - name: Reconcile Cluster Roles
 
     command: >
 
       {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig
 
-      policy reconcile-cluster-roles --additive-only=true --confirm
 
+      policy reconcile-cluster-roles --additive-only=true --confirm -o name
 
+    register: reconcile_cluster_role_result
 
+    changed_when:
 
+    - reconcile_cluster_role_result.stdout != ''
 
+    - reconcile_cluster_role_result.rc == 0
 
     run_once: true
 
 
   - name: Reconcile Cluster Role Bindings
 
@@ -184,19 +188,31 @@
 
       --exclude-groups=system:authenticated:oauth
 
       --exclude-groups=system:unauthenticated
 
       --exclude-users=system:anonymous
 
-      --additive-only=true --confirm
 
+      --additive-only=true --confirm -o name
 
     when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
 
+    register: reconcile_bindings_result
 
+    changed_when:
 
+    - reconcile_bindings_result.stdout != ''
 
+    - reconcile_bindings_result.rc == 0
 
     run_once: true
 
 
   - name: Reconcile Jenkins Pipeline Role Bindings
 
     command: >
 
-      {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm
 
+      {{ openshift.common.client_binary }} adm --config={{ openshift.common.config_base }}/master/admin.kubeconfig policy reconcile-cluster-role-bindings system:build-strategy-jenkinspipeline --confirm -o name
 
     run_once: true
 
+    register: reconcile_jenkins_role_binding_result
 
+    changed_when:
 
+    - reconcile_jenkins_role_binding_result.stdout != ''
 
+    - reconcile_jenkins_role_binding_result.rc == 0
 
     when: openshift.common.version_gte_3_4_or_1_4  | bool
 
 
   - name: Reconcile Security Context Constraints
 
     command: >
 
-      {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true
 
+      {{ openshift.common.client_binary }} adm policy reconcile-sccs --confirm --additive-only=true -o name
 
+    register: reconcile_scc_result
 
+    changed_when:
 
+    - reconcile_scc_result.stdout != ''
 
+    - reconcile_scc_result.rc == 0
 
     run_once: true
 
 
   - set_fact: