Refactor nova upgrade task

This is a prerequisite for patchset #924651

Nova runs checks before upgrading. A new nova_upgrade_checks container
is started for that purpose. This container uses the new nova-api
image, but the old config.json file. The image expects CA certificates
in a certain location, but due to the old config.json file, they will
not be present. This results in the container not trusting keystone SSL
certificate and the upgrade fails, since it can't connect. Moving the
config section before the checks ensures that the new container has
all the certificates it needs to connect to Keystone.

Also nova_enable_rolling_upgrade is no longed used, so there was no
point in keeping upgrade tasks split.

Change-Id: I44bf48fb86f639d7f0acb786392573ebfed7ee97
Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
This commit is contained in:
Roman Krček 2024-09-05 18:11:53 +02:00
parent d62523f778
commit 41448f2077
4 changed files with 24 additions and 24 deletions

View File

@ -1,16 +0,0 @@
---
# Create new set of configs on nodes
- import_tasks: config.yml
- import_tasks: check-containers.yml
# TODO(donghm): Flush_handlers to restart nova services
# should be run in serial nodes to decrease downtime if
# the previous task did not run. Update when the
# Ansible strategy module for rolling upgrade is finished.
- name: Flush handlers
meta: flush_handlers
# NOTE(dszumski): The Nova upgrade is not finished here and
# continues in subsequent tasks.

View File

@ -6,6 +6,9 @@
service_ks_register_auth: "{{ openstack_nova_auth }}"
service_ks_register_user_roles: "{{ nova_ks_user_roles }}"
# Create new set of configs on nodes
- import_tasks: config.yml
- name: Run Nova upgrade checks
become: true
vars:
@ -48,4 +51,15 @@
when:
- nova_safety_upgrade | bool
- import_tasks: rolling_upgrade.yml
- import_tasks: check-containers.yml
# TODO(donghm): Flush_handlers to restart nova services
# should be run in serial nodes to decrease downtime if
# the previous task did not run. Update when the
# Ansible strategy module for rolling upgrade is finished.
- name: Flush handlers
meta: flush_handlers
# NOTE(dszumski): The Nova upgrade is not finished here and
# continues in subsequent tasks.

View File

@ -608,13 +608,11 @@ workaround_ansible_issue_8743: yes
# The number of fake driver per compute node
#num_nova_fake_per_node: 5
# The flag "nova_safety_upgrade" need to be consider when
# "nova_enable_rolling_upgrade" is enabled. The "nova_safety_upgrade"
# controls whether the nova services are all stopped before rolling
# upgrade to the new version, for the safety and availability.
# If "nova_safety_upgrade" is "yes", that will stop all nova services (except
# nova-compute) for no failed API operations before upgrade to the
# new version. And opposite.
# The "nova_safety_upgrade" controls whether the nova services
# are all stopped before rolling upgrade to the new version,
# for the safety and availability. If "nova_safety_upgrade" is "yes",
# that will stop all nova services (except nova-compute) for no failed
# API operations before upgrade to the new version. And opposite.
#nova_safety_upgrade: "no"
# Valid options are [ none, novnc, spice ]

View File

@ -0,0 +1,4 @@
---
fixes:
- |
nova_upgrade_checks container uses a newly generated config.json