Refactor nova upgrade task

This is a prerequisite for patchset #924651 Nova runs checks before upgrading. A new nova_upgrade_checks container is started for that purpose. This container uses the new nova-api image, but the old config.json file. The image expects CA certificates in a certain location, but due to the old config.json file, they will not be present. This results in the container not trusting keystone SSL certificate and the upgrade fails, since it can't connect. Moving the config section before the checks ensures that the new container has all the certificates it needs to connect to Keystone. Also nova_enable_rolling_upgrade is no longed used, so there was no point in keeping upgrade tasks split. Change-Id: I44bf48fb86f639d7f0acb786392573ebfed7ee97 Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
2024-09-05 18:11:53 +02:00 · 2024-09-05 18:11:53 +02:00 · 41448f2077
commit 41448f2077
parent d62523f778
4 changed files with 24 additions and 24 deletions
--- a/ansible/roles/nova/tasks/rolling_upgrade.yml
+++ b/ansible/roles/nova/tasks/rolling_upgrade.yml
@ -1,16 +0,0 @@
---
-# Create new set of configs on nodes
- import_tasks: config.yml
-
- import_tasks: check-containers.yml
-
-# TODO(donghm): Flush_handlers to restart nova services
-# should be run in serial nodes to decrease downtime if
-# the previous task did not run. Update when the
-# Ansible strategy module for rolling upgrade is finished.
-
- name: Flush handlers
-  meta: flush_handlers
-
-# NOTE(dszumski): The Nova upgrade is not finished here and
-# continues in subsequent tasks.
--- a/ansible/roles/nova/tasks/upgrade.yml
+++ b/ansible/roles/nova/tasks/upgrade.yml
@ -6,6 +6,9 @@
    service_ks_register_auth: "{{ openstack_nova_auth }}"
    service_ks_register_user_roles: "{{ nova_ks_user_roles }}"

+# Create new set of configs on nodes
+- import_tasks: config.yml
+
 - name: Run Nova upgrade checks
  become: true
  vars:
@ -48,4 +51,15 @@
  when:
    - nova_safety_upgrade | bool

- import_tasks: rolling_upgrade.yml
+- import_tasks: check-containers.yml
+
+# TODO(donghm): Flush_handlers to restart nova services
+# should be run in serial nodes to decrease downtime if
+# the previous task did not run. Update when the
+# Ansible strategy module for rolling upgrade is finished.
+
+- name: Flush handlers
+  meta: flush_handlers
+
+# NOTE(dszumski): The Nova upgrade is not finished here and
+# continues in subsequent tasks.
--- a/etc/kolla/globals.yml
+++ b/etc/kolla/globals.yml
@ -608,13 +608,11 @@ workaround_ansible_issue_8743: yes
 # The number of fake driver per compute node
 #num_nova_fake_per_node: 5

-# The flag "nova_safety_upgrade" need to be consider when
-# "nova_enable_rolling_upgrade" is enabled. The "nova_safety_upgrade"
-# controls whether the nova services are all stopped before rolling
-# upgrade to the new version, for the safety and availability.
-# If "nova_safety_upgrade" is "yes", that will stop all nova services (except
-# nova-compute) for no failed API operations before upgrade to the
-# new version. And opposite.
+# The "nova_safety_upgrade" controls whether the nova services
+# are all stopped before rolling upgrade to the new version,
+# for the safety and availability. If "nova_safety_upgrade" is "yes",
+# that will stop all nova services (except nova-compute) for no failed
+# API operations before upgrade to the new version. And opposite.
 #nova_safety_upgrade: "no"

 # Valid options are [ none, novnc, spice ]
--- a/releasenotes/notes/refactor-nova-upgrade-2474a97fc38ef0b8.yaml
+++ b/releasenotes/notes/refactor-nova-upgrade-2474a97fc38ef0b8.yaml
@ -0,0 +1,4 @@
+---
+fixes:
+  - |
+    nova_upgrade_checks container uses a newly generated config.json