From 41448f2077b5469bedd62fe4b96cb0aff6c60938 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Roman=20Kr=C4=8Dek?= Date: Thu, 5 Sep 2024 18:11:53 +0200 Subject: [PATCH] Refactor nova upgrade task MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a prerequisite for patchset #924651 Nova runs checks before upgrading. A new nova_upgrade_checks container is started for that purpose. This container uses the new nova-api image, but the old config.json file. The image expects CA certificates in a certain location, but due to the old config.json file, they will not be present. This results in the container not trusting keystone SSL certificate and the upgrade fails, since it can't connect. Moving the config section before the checks ensures that the new container has all the certificates it needs to connect to Keystone. Also nova_enable_rolling_upgrade is no longed used, so there was no point in keeping upgrade tasks split. Change-Id: I44bf48fb86f639d7f0acb786392573ebfed7ee97 Signed-off-by: Roman KrĨek --- ansible/roles/nova/tasks/rolling_upgrade.yml | 16 ---------------- ansible/roles/nova/tasks/upgrade.yml | 16 +++++++++++++++- etc/kolla/globals.yml | 12 +++++------- .../refactor-nova-upgrade-2474a97fc38ef0b8.yaml | 4 ++++ 4 files changed, 24 insertions(+), 24 deletions(-) delete mode 100644 ansible/roles/nova/tasks/rolling_upgrade.yml create mode 100644 releasenotes/notes/refactor-nova-upgrade-2474a97fc38ef0b8.yaml diff --git a/ansible/roles/nova/tasks/rolling_upgrade.yml b/ansible/roles/nova/tasks/rolling_upgrade.yml deleted file mode 100644 index 1a2c675437..0000000000 --- a/ansible/roles/nova/tasks/rolling_upgrade.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Create new set of configs on nodes -- import_tasks: config.yml - -- import_tasks: check-containers.yml - -# TODO(donghm): Flush_handlers to restart nova services -# should be run in serial nodes to decrease downtime if -# the previous task did not run. Update when the -# Ansible strategy module for rolling upgrade is finished. - -- name: Flush handlers - meta: flush_handlers - -# NOTE(dszumski): The Nova upgrade is not finished here and -# continues in subsequent tasks. diff --git a/ansible/roles/nova/tasks/upgrade.yml b/ansible/roles/nova/tasks/upgrade.yml index b70c77d572..787bc7773a 100644 --- a/ansible/roles/nova/tasks/upgrade.yml +++ b/ansible/roles/nova/tasks/upgrade.yml @@ -6,6 +6,9 @@ service_ks_register_auth: "{{ openstack_nova_auth }}" service_ks_register_user_roles: "{{ nova_ks_user_roles }}" +# Create new set of configs on nodes +- import_tasks: config.yml + - name: Run Nova upgrade checks become: true vars: @@ -48,4 +51,15 @@ when: - nova_safety_upgrade | bool -- import_tasks: rolling_upgrade.yml +- import_tasks: check-containers.yml + +# TODO(donghm): Flush_handlers to restart nova services +# should be run in serial nodes to decrease downtime if +# the previous task did not run. Update when the +# Ansible strategy module for rolling upgrade is finished. + +- name: Flush handlers + meta: flush_handlers + +# NOTE(dszumski): The Nova upgrade is not finished here and +# continues in subsequent tasks. diff --git a/etc/kolla/globals.yml b/etc/kolla/globals.yml index bb7b16c285..793127d29c 100644 --- a/etc/kolla/globals.yml +++ b/etc/kolla/globals.yml @@ -608,13 +608,11 @@ workaround_ansible_issue_8743: yes # The number of fake driver per compute node #num_nova_fake_per_node: 5 -# The flag "nova_safety_upgrade" need to be consider when -# "nova_enable_rolling_upgrade" is enabled. The "nova_safety_upgrade" -# controls whether the nova services are all stopped before rolling -# upgrade to the new version, for the safety and availability. -# If "nova_safety_upgrade" is "yes", that will stop all nova services (except -# nova-compute) for no failed API operations before upgrade to the -# new version. And opposite. +# The "nova_safety_upgrade" controls whether the nova services +# are all stopped before rolling upgrade to the new version, +# for the safety and availability. If "nova_safety_upgrade" is "yes", +# that will stop all nova services (except nova-compute) for no failed +# API operations before upgrade to the new version. And opposite. #nova_safety_upgrade: "no" # Valid options are [ none, novnc, spice ] diff --git a/releasenotes/notes/refactor-nova-upgrade-2474a97fc38ef0b8.yaml b/releasenotes/notes/refactor-nova-upgrade-2474a97fc38ef0b8.yaml new file mode 100644 index 0000000000..a7e4709cac --- /dev/null +++ b/releasenotes/notes/refactor-nova-upgrade-2474a97fc38ef0b8.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + nova_upgrade_checks container uses a newly generated config.json