Ansible content supplemental to the openshift-ansible project for doing things that don't ship with that project, such as prerequisites for updates, upgrades, restarts, etc.
Playbooks provided by this project.
Performs a rolling (one host at a time) operating system (OS) update and/or upgrade to the OCP cluster. This is done as per the instructions at Operating System Updates and Upgrades.
- etcd is deployed to masters
- pull request welcome to make this work with etcd either on masters or on seperate nodes
- masters
- infra-nodes
- app-nodes
- ocp_deployment_version:
- ocp_docker_storage:
- expected_docker_version: <1.13.1 if using OCP 3.11>
- ocp_repositories:
- ocp_deployment_packages:
Performs the steps should be before Installing OpenShift
ansible-playbook ocp-install-preparation.yml
Performs the steps should be preforemd before Performing Automated In-place Cluster Upgrades. Specifically before running the appropriate upgrade playbook in the openshift-ansible project.
This is essentially an assible version of [Preparing for an Automated Upgrade] (https://docs.openshift.com/container-platform/latest/install_config/upgrading/automated_upgrades.html#preparing-for-an-automated-upgrade).
Performs the steps that should be prefored after Performing Automated In-place Cluster Upgrades. Specifically after running the appropriate upgrade playbookin the openshift-ansible project.
Performs an ldap group sync.
parameter | required | default | choices | comments |
---|---|---|---|---|
ocp_ldap_server_fqdn | yes | FQDN of the LDAP server | ||
ocp_ldap_bind_dn | yes | Bind DN to usu | ||
ocp_ldap_bind_password | yes | Bind passwrod assoicated with the ocp_ldap_bind_dn |
||
ocp_ldap_groups_query_base_dn | yes | Base DN for looking for LDAP groups | ||
ocp_ldap_users_query_base_dn | yes | Base DN for looking for LDAP users | ||
ocp_ldap_group_uid_name_mapping | yes | Hash of LDAP group DNs to OCP group names to map | ||
ocp_ldap_insecure | no | false | true, false | Whether to use insecure connection to LDAP |
ocp_ldap_ca | no | Path to CA for LDAP server | ||
ocp_projects_group_roll_mapping | no | Array of dictionaries mapping a group and role to a projects |