Inicio Explorar Ayuda
Registro Iniciar sesión
shixiong
/
okd
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: ee2e117c92
Ramas Etiquetas
okd
/
playbooks
/
openshift-etcd
/
private
/
upgrade_main.yml

upgrade_main.yml 2.5 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 
  1. ---
    2. 

  2. # Prior to 3.6, openshift-ansible created etcd serving certificates
    3. 

  3. # without a SubjectAlternativeName entry for the system hostname. The
    4. 

  4. # SAN list in Go 1.8 is now (correctly) authoritative and since
    5. 

  5. # openshift-ansible configures masters to talk to etcd hostnames
    6. 

  6. # rather than IP addresses, we must correct etcd certificates.
    7. 

  7. #
    8. 

  8. # This play examines the etcd serving certificate SANs on each etcd
    9. 

  9. # host and records whether or not the system hostname is missing.
    10. 

  10. - name: Examine etcd serving certificate SAN
    11. 

  11.   hosts: oo_etcd_to_config
    12. 

  12.   tasks:
    13. 

  13.   - slurp:
    14. 

  14.       src: /etc/etcd/server.crt
    15. 

  15.     register: etcd_serving_cert
    16. 

  16.   - set_fact:
    17. 

  17.       __etcd_cert_lacks_hostname: "{{ (openshift.common.hostname not in (etcd_serving_cert.content | b64decode | lib_utils_oo_parse_certificate_san)) | bool }}"
    18. 

  18. 

  19. # Redeploy etcd certificates when hostnames were missing from etcd
    20. 

  20. # serving certificate SANs.
    21. 

  21. - import_playbook: redeploy-certificates.yml
    22. 

  22.   when:
    23. 

  23.   - true in hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config']) | lib_utils_oo_collect('__etcd_cert_lacks_hostname') | default([false])
    24. 

  24. 

  25. - import_playbook: restart.yml
    26. 

  26.   vars:
    27. 

  27.     g_etcd_certificates_expired: "{{ ('expired' in (hostvars | lib_utils_oo_select_keys(groups['etcd']) | lib_utils_oo_collect('check_results.check_results.etcd') | lib_utils_oo_collect('health'))) | bool }}"
    28. 

  28.   when:
    29. 

  29.   - true in hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config']) | lib_utils_oo_collect('__etcd_cert_lacks_hostname') | default([false])
    30. 

  30. 

  31. - import_playbook: ../../openshift-master/private/restart.yml
    32. 

  32.   when:
    33. 

  33.   - true in hostvars | lib_utils_oo_select_keys(groups['oo_etcd_to_config']) | lib_utils_oo_collect('__etcd_cert_lacks_hostname') | default([false])
    34. 

  34. 

  35. - name: Backup etcd before upgrading anything
    36. 

  36.   import_playbook: upgrade_backup.yml
    37. 

  37.   vars:
    38. 

  38.     etcd_backup_tag: "pre-upgrade-"
    39. 

  39.   when: openshift_etcd_backup | default(true) | bool
    40. 

  40. 

  41. - name: Drop etcdctl profiles
    42. 

  42.   hosts: oo_etcd_hosts_to_upgrade
    43. 

  43.   tasks:
    44. 

  44.   - import_role:
    45. 

  45.       name: etcd
    46. 

  46.       tasks_from: drop_etcdctl.yml
    47. 

  47. 

  48. # We only want to upgrade with the old method if the host is not part of
    49. 

  49. # master host.
    50. 

  50. - name: Perform etcd upgrade
    51. 

  51.   import_playbook: upgrade_step.yml
    52. 

  52.   when:
    53. 

  53.   - openshift_etcd_upgrade | default(true) | bool
    54. 

  54.   - inventory_hostname not in groups['oo_masters']
    55. 

  55. 

  56. # Upgrade / convert etcd to static pods
    57. 

  57. - name: Upgrade etcd static pods
    58. 

  58.   import_playbook: upgrade_static.yml
    59. 

  59. 

  60. - name: Backup etcd
    61. 

  61.   import_playbook: upgrade_backup.yml
    62. 

  62.   vars:
    63. 

  63.     etcd_backup_tag: "post-3.0-"
    64. 

  64.   when: openshift_etcd_backup | default(true) | bool
    65.