Página Principal Explorar Ajuda
Registe-se Iniciar Sessão
shixiong
/
okd
1
0
Fork 0
Ficheiros Problemas 0 Pull Requests 0 Wiki
Árvore: 2972c11092
Ramos Etiquetas
okd
/
playbooks
/
common
/
openshift-cluster
/
upgrades
/
v3_1_to_v3_2
/
upgrade.yml

upgrade.yml 7.1 KB
Histórico Em bruto

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167 
  1. ---
    2. 

  2. ###############################################################################
    3. 

  3. # The restart playbook should be run after this playbook completes.
    4. 

  4. ###############################################################################
    5. 

  5. 

  6. ###############################################################################
    7. 

  7. # Upgrade Masters
    8. 

  8. ###############################################################################
    9. 

  9. - name: Upgrade master
    10. 

  10.   hosts: oo_masters_to_config
    11. 

  11.   handlers:
    12. 

  12.   - include: ../../../../../roles/openshift_master/handlers/main.yml
    13. 

  13.   roles:
    14. 

  14.   - openshift_facts
    15. 

  15.   tasks:
    16. 

  16.   - include: rpm_upgrade.yml component=master
    17. 

  17.     when: not openshift.common.is_containerized | bool
    18. 

  18. 

  19.   - include_vars: ../../../../../roles/openshift_master/vars/main.yml
    20. 

  20. 

  21.   - name: Update systemd units
    22. 

  22.     include: ../../../../../roles/openshift_master/tasks/systemd_units.yml
    23. 

  23. 

  24. #  - name: Upgrade master configuration
    25. 

  25. #    openshift_upgrade_config:
    26. 

  26. #      from_version: '3.1'
    27. 

  27. #       to_version: '3.2'
    28. 

  28. #      role: master
    29. 

  29. #      config_base: "{{ hostvars[inventory_hostname].openshift.common.config_base }}"
    30. 

  30. 

  31. - name: Set master update status to complete
    32. 

  32.   hosts: oo_masters_to_config
    33. 

  33.   tasks:
    34. 

  34.   - set_fact:
    35. 

  35.       master_update_complete: True
    36. 

  36. 

  37. ##############################################################################
    38. 

  38. # Gate on master update complete
    39. 

  39. ##############################################################################
    40. 

  40. - name: Gate on master update
    41. 

  41.   hosts: localhost
    42. 

  42.   connection: local
    43. 

  43.   become: no
    44. 

  44.   tasks:
    45. 

  45.   - set_fact:
    46. 

  46.       master_update_completed: "{{ hostvars
    47. 

  47.                                  | oo_select_keys(groups.oo_masters_to_config)
    48. 

  48.                                  | oo_collect('inventory_hostname', {'master_update_complete': true}) }}"
    49. 

  49.   - set_fact:
    50. 

  50.       master_update_failed: "{{ groups.oo_masters_to_config | difference(master_update_completed) }}"
    51. 

  51.   - fail:
    52. 

  52.       msg: "Upgrade cannot continue. The following masters did not finish updating: {{ master_update_failed | join(',') }}"
    53. 

  53.     when: master_update_failed | length > 0
    54. 

  54. 

  55. ###############################################################################
    56. 

  56. # Upgrade Nodes
    57. 

  57. ###############################################################################
    58. 

  58. 

  59. # Here we handle all tasks that might require a node evac. (upgrading docker, and the node service)
    60. 

  60. - name: Perform upgrades that may require node evacuation
    61. 

  61.   hosts: oo_masters_to_config:oo_etcd_to_config:oo_nodes_to_config
    62. 

  62.   serial: 1
    63. 

  63.   any_errors_fatal: true
    64. 

  64.   roles:
    65. 

  65.   - openshift_facts
    66. 

  66.   handlers:
    67. 

  67.   - include: ../../../../../roles/openshift_node/handlers/main.yml
    68. 

  68.   tasks:
    69. 

  69.   # TODO: To better handle re-trying failed upgrades, it would be nice to check if the node
    70. 

  70.   # or docker actually needs an upgrade before proceeding. Perhaps best to save this until
    71. 

  71.   # we merge upgrade functionality into the base roles and a normal config.yml playbook run.
    72. 

  72.   - name: Mark unschedulable if host is a node
    73. 

  73.     command: >
    74. 

  74.       {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=false
    75. 

  75.     delegate_to: "{{ groups.oo_first_master.0 }}"
    76. 

  76.     when: inventory_hostname in groups.oo_nodes_to_config
    77. 

  77. 

  78.   - name: Evacuate Node for Kubelet upgrade
    79. 

  79.     command: >
    80. 

  80.       {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --evacuate --force
    81. 

  81.     delegate_to: "{{ groups.oo_first_master.0 }}"
    82. 

  82.     when: inventory_hostname in groups.oo_nodes_to_config
    83. 

  83. 

  84.   # Only check if docker upgrade is required if docker_upgrade is not
    85. 

  85.   # already set to False.
    86. 

  86.   - include: ../docker/upgrade_check.yml
    87. 

  87.     when: docker_upgrade is not defined or docker_upgrade | bool and not openshift.common.is_atomic | bool
    88. 

  88. 

  89.   - include: ../docker/upgrade.yml
    90. 

  90.     when: l_docker_upgrade is defined and l_docker_upgrade | bool and not openshift.common.is_atomic | bool
    91. 

  91. 

  92.   - include: rpm_upgrade.yml
    93. 

  93.     vars:
    94. 

  94.        component: "node"
    95. 

  95.        openshift_version: "{{ openshift_pkg_version | default('') }}"
    96. 

  96.     when: inventory_hostname in groups.oo_nodes_to_config and not openshift.common.is_containerized | bool
    97. 

  97. 

  98.   - include: containerized_node_upgrade.yml
    99. 

  99.     when: inventory_hostname in groups.oo_nodes_to_config and openshift.common.is_containerized | bool
    100. 

  100. 

  101.   - name: Set node schedulability
    102. 

  102.     command: >
    103. 

  103.       {{ openshift.common.admin_binary }} manage-node {{ openshift.common.hostname | lower }} --schedulable=true
    104. 

  104.     delegate_to: "{{ groups.oo_first_master.0 }}"
    105. 

  105.     when: inventory_hostname in groups.oo_nodes_to_config and openshift.node.schedulable | bool
    106. 

  106. 

  107. 

  108. ###############################################################################
    109. 

  109. # Reconcile Cluster Roles, Cluster Role Bindings and Security Context Constraints
    110. 

  110. ###############################################################################
    111. 

  111. 

  112. - name: Reconcile Cluster Roles and Cluster Role Bindings and Security Context Constraints
    113. 

  113.   hosts: oo_masters_to_config
    114. 

  114.   roles:
    115. 

  115.   - { role: openshift_cli }
    116. 

  116.   vars:
    117. 

  117.     origin_reconcile_bindings: "{{ deployment_type == 'origin' and openshift_version | version_compare('1.0.6', '>') }}"
    118. 

  118.     ent_reconcile_bindings: true
    119. 

  119.     openshift_docker_hosted_registry_network: "{{ hostvars[groups.oo_first_master.0].openshift.common.portal_net }}"
    120. 

  120.   tasks:
    121. 

  121.   - name: Verifying the correct commandline tools are available
    122. 

  122.     shell: grep {{ verify_upgrade_version }} {{ openshift.common.admin_binary}}
    123. 

  123.     when: openshift.common.is_containerized | bool and verify_upgrade_version is defined
    124. 

  124. 

  125.   - name: Reconcile Cluster Roles
    126. 

  126.     command: >
    127. 

  127.       {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
    128. 

  128.       policy reconcile-cluster-roles --additive-only=true --confirm
    129. 

  129.     run_once: true
    130. 

  130. 

  131.   - name: Reconcile Cluster Role Bindings
    132. 

  132.     command: >
    133. 

  133.       {{ openshift.common.admin_binary}} --config={{ openshift.common.config_base }}/master/admin.kubeconfig
    134. 

  134.       policy reconcile-cluster-role-bindings
    135. 

  135.       --exclude-groups=system:authenticated
    136. 

  136.       --exclude-groups=system:authenticated:oauth
    137. 

  137.       --exclude-groups=system:unauthenticated
    138. 

  138.       --exclude-users=system:anonymous
    139. 

  139.       --additive-only=true --confirm
    140. 

  140.     when: origin_reconcile_bindings | bool or ent_reconcile_bindings | bool
    141. 

  141.     run_once: true
    142. 

  142. 

  143.   - name: Reconcile Security Context Constraints
    144. 

  144.     command: >
    145. 

  145.       {{ openshift.common.admin_binary}} policy reconcile-sccs --confirm --additive-only=true
    146. 

  146.     run_once: true
    147. 

  147. 

  148.   - set_fact:
    149. 

  149.       reconcile_complete: True
    150. 

  150. 

  151. ##############################################################################
    152. 

  152. # Gate on reconcile
    153. 

  153. ##############################################################################
    154. 

  154. - name: Gate on reconcile
    155. 

  155.   hosts: localhost
    156. 

  156.   connection: local
    157. 

  157.   become: no
    158. 

  158.   tasks:
    159. 

  159.   - set_fact:
    160. 

  160.       reconcile_completed: "{{ hostvars
    161. 

  161.                                  | oo_select_keys(groups.oo_masters_to_config)
    162. 

  162.                                  | oo_collect('inventory_hostname', {'reconcile_complete': true}) }}"
    163. 

  163.   - set_fact:
    164. 

  164.       reconcile_failed: "{{ groups.oo_masters_to_config | difference(reconcile_completed) }}"
    165. 

  165.   - fail:
    166. 

  166.       msg: "Upgrade cannot continue. The following masters did not finish reconciling: {{ reconcile_failed | join(',') }}"
    167. 

  167.     when: reconcile_failed | length > 0
    168.