okd/playbooks/byo/calico/legacy_upgrade.yml

---
- name: Calico Upgrade | Validate
  hosts: nodes
  tasks:
  - name: Check legacy upgrade exists
    stat:
      path: /lib/systemd/system/calico.service
      get_checksum: false
      get_attributes: false
      get_mime: false
    register: sym
  - fail:
      msg: No service to upgrade
    when: not sym.stat.exists
  - include_tasks: upgrade_versions.yml

- import_playbook: ../../init/evaluate_groups.yml
- import_playbook: ../../init/basic_facts.yml
- import_playbook: ../../init/cluster_facts.yml

- name: Calico Upgrade | Gather Facts
  hosts: oo_first_master
  gather_facts: no
  pre_tasks:
  - set_fact:
      openshift_master_etcd_hosts: "{{ hostvars
                                     | lib_utils_oo_select_keys(groups['oo_etcd_to_config'] | default([]))
                                     | lib_utils_oo_collect('openshift.common.hostname')
                                     | default(none, true) }}"
      openshift_master_etcd_port: "{{ (etcd_client_port | default('2379')) if (groups.oo_etcd_to_config is defined and groups.oo_etcd_to_config) else none }}"
  roles:
  - role: openshift_facts
  - role: openshift_master_facts
  - role: lib_openshift
  tasks:
  - include_tasks: ../roles/calico_master/tasks/certs.yml

- name: Calico Upgrade | Prepare Nodes
  hosts: nodes
  gather_facts: no
  tasks:
  - name: Prepull Images
    command: "docker pull {{ calico_node_image }}"

- name: Calico Upgrade | Initiate
  hosts: oo_first_master
  roles:
  - role: openshift_facts
  tasks:
  - name: Calico Master | Create temp directory
    command: mktemp -d /tmp/openshift-ansible-XXXXXXX
    register: mktemp
    changed_when: False

  - name: Calico Master | Write Calico install yaml
    template:
      dest: "{{ mktemp.stdout }}/calico.yml"
      src: ../roles/calico_master/templates/calico.yml.j2

  - name: Calico Master | oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico-node
    oc_adm_policy_user:
      user: system:serviceaccount:kube-system:calico-node
      resource_kind: scc
      resource_name: privileged
      state: present

  - name: Calico Master | oc adm policy add-scc-to-user privileged system:serviceaccount:kube-system:calico-kube-controllers
    oc_adm_policy_user:
      user: system:serviceaccount:kube-system:calico-kube-controllers
      resource_kind: scc
      resource_name: privileged
      state: present

  - name: Apply Calico manifest
    command: >
      {{ openshift_client_binary }} apply
      -f {{ mktemp.stdout }}/calico.yml
      --config={{ openshift.common.config_base }}/master/admin.kubeconfig
    register: calico_create_output
    failed_when: "('already exists' not in calico_create_output.stderr) and ('created' not in calico_create_output.stdout) and calico_create_output.rc != 0"
    changed_when: ('created' in calico_create_output.stdout)

  - name: Delete old policy controller
    oc_obj:
      name: calico-policy-controller
      kind: deployment
      state: absent
      namespace: kube-system

- name: Calico Upgrade | Upgrade nodes
  hosts: nodes
  serial: 1
  any_errors_fatal: true
  tasks:
  - name: Stop legacy service
    become: yes
    systemd:
      name: calico
      state: stopped
  - name: Apply node label
    delegate_to: "{{ groups.oo_first_master.0 }}"
    command: >
      {{ openshift_client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig label node {{ openshift.node.nodename | lower }} --overwrite projectcalico.org/ds-ready=true
  - name: Wait for node running
    uri:
      url: http://localhost:9099/readiness
      status_code: 204
    delay: 3
    retries: 10
    register: result
    until: result.status == 204
  - name: Disable legacy service
    become: yes
    systemd:
      name: calico
      enabled: no
  - name: Rename legacy service
    command: mv /lib/systemd/system/calico.service /lib/systemd/system/calico-legacy.service.bak