Ansible content supplemental to the openshift-ansible project for doing things that don't ship with that project, such as prerequisites for updates, upgrades, restarts, etc.
Playbooks provided by this project are currently supported in either OCP 3.9 or OCP 3.11. See details for each playbook to determine OCP compatability.
Performs a rolling (one host at a time) operating system (OS) update and/or upgrade to the OCP cluster. This is done as per the instructions at Operating System Updates and Upgrades.
- etcd is deployed to masters
- pull request welcome to make this work with etcd either on masters or on seperate nodes
- masters
- infra_nodes
- app_nodes
- ocp_deployment_version:
- ocp_docker_storage:
- expected_docker_version: <1.13.1 if using OCP 3.11>
- ocp_repositories:
- ocp_deployment_packages:
Performs a rolling (one host at a time) reboot for each node in the OCP cluster.
Performs a rolling (one host at a time) restart of OCP services for each node in the OCP cluster.
Performs a blanket reboot for all nodes in the OCP cluster
Performs some prerequisite steps before Installing OpenShift
ansible-playbook ocp-install-preparation.yml
Executes the steps that should be performed before Performing Automated In-place Cluster Upgrades. Specifically before running the appropriate upgrade playbook in the openshift-ansible project.
This is essentially an ansible version of Preparing for an Automated Upgrade.
Executes the steps that should be performed after Performing Automated In-place Cluster Upgrades. Specifically after running the appropriate upgrade playbook in the openshift-ansible project.
Performs an ldap group sync.
parameter | required | default | choices | comments |
---|---|---|---|---|
ocp_ldap_server_fqdn | yes | FQDN of the LDAP server | ||
ocp_ldap_bind_dn | yes | Bind DN to use | ||
ocp_ldap_bind_password | yes | Bind passwrod assoicated with the ocp_ldap_bind_dn |
||
ocp_ldap_groups_query_base_dn | yes | Base DN for looking for LDAP groups | ||
ocp_ldap_users_query_base_dn | yes | Base DN for looking for LDAP users | ||
ocp_ldap_group_uid_name_mapping | yes | Hash of LDAP group DNs to OCP group names to map | ||
ocp_ldap_insecure | no | false | true, false | Whether to use insecure connection to LDAP |
ocp_ldap_ca | no | Path to CA for LDAP server | ||
ocp_projects_group_roll_mapping | no | Array of dictionaries mapping a group and role to a projects |