openstack/kolla-ansible
Code Issues Proposed changes

Fix prechecks in check mode

Browse Source 
When running in check mode, some prechecks previously failed because
they use the command module which is silently not run in check mode.
Other prechecks were not running correctly in check mode due to e.g.
looking for a string in empty command output or not querying which
containers are running.

This change fixes these issues.

Closes-Bug: #2002657
Change-Id: I5219cb42c48d5444943a2d48106dc338aa08fa7c
This commit is contained in:
Mark Goddard 2023-01-11 16:04:55 +00:00
parent bea4535613
commit 46aeb9843f
53 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/roles/aodh/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- aodh_api
check_mode: false
register: container_facts
- name: Checking free port for Aodh API

1
ansible/roles/barbican/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- barbican_api
check_mode: false
register: container_facts
- name: Checking free port for Barbican API

1
ansible/roles/blazar/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- blazar_api
check_mode: false
register: container_facts
- name: Checking free port for blazar API

2
ansible/roles/cinder/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- cinder_api
check_mode: false
register: container_facts
- name: Checking free port for Cinder API
@ -48,6 +49,7 @@
register: result
changed_when: false
failed_when: result is failed
check_mode: false
when:
- enable_cinder | bool
- enable_cinder_backend_lvm | bool

1
ansible/roles/cloudkitty/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- cloudkitty_api
check_mode: false
register: container_facts
- name: Checking free port for Cloudkitty API

1
ansible/roles/cyborg/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- cyborg_api
check_mode: false
register: container_facts
- name: Checking free port for cyborg API

1
ansible/roles/designate/tasks/precheck.yml
View File

@ -13,6 +13,7 @@
- designate_api
- designate_backend_bind9
- designate_mdns
check_mode: false
register: container_facts
- name: Checking free port for designate API

1
ansible/roles/etcd/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- etcd
check_mode: false
register: container_facts
- name: Checking free port for Etcd Peer

1
ansible/roles/freezer/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- freezer_api
check_mode: false
register: container_facts
- name: Checking free port for Freezer API

1
ansible/roles/glance/tasks/precheck.yml
View File

@ -10,6 +10,7 @@
kolla_container_facts:
container_engine: "{{ kolla_container_engine }}"
name: "{{ glance_services.values() | map(attribute='container_name') | list }}"
check_mode: false
register: container_facts
- name: Checking free port for Glance API

1
ansible/roles/gnocchi/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- gnocchi_api
check_mode: false
register: container_facts
- name: Checking free port for Gnocchi API

1
ansible/roles/grafana/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- grafana
check_mode: false
register: container_facts
- name: Checking free port for Grafana server

1
ansible/roles/hacluster/tasks/precheck.yml
View File

@ -5,6 +5,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- hacluster_pacemaker_remote
check_mode: false
register: container_facts
# NOTE(yoctozepto): Corosync runs over UDP so one cannot use wait_for to check

1
ansible/roles/influxdb/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- influxdb
check_mode: false
register: container_facts
- name: Checking free port for Influxdb Http

1
ansible/roles/ironic/tasks/precheck.yml
View File

@ -13,6 +13,7 @@
- ironic_api
- ironic_inspector
- ironic_http
check_mode: false
register: container_facts
- name: Checking free port for Ironic API

1
ansible/roles/iscsi/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- iscsid
check_mode: false
register: container_facts
- name: Checking free port for iscsi

1
ansible/roles/keystone/tasks/precheck.yml
View File

@ -12,6 +12,7 @@
name:
- keystone
- keystone_ssh
check_mode: false
register: container_facts
- name: Checking free port for Keystone Public

1
ansible/roles/kuryr/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- kuryr
check_mode: false
register: container_facts
- name: Checking free port for Kuryr

8
ansible/roles/loadbalancer/tasks/precheck.yml
View File

@ -13,12 +13,14 @@
- haproxy
- proxysql
- keepalived
check_mode: false
register: container_facts
- name: Group hosts by whether they are running keepalived
group_by:
key: "keepalived_running_{{ container_facts['keepalived'] is defined }}"
changed_when: false
check_mode: false
when:
- enable_keepalived | bool
- inventory_hostname in groups['loadbalancer']
@ -27,6 +29,7 @@
group_by:
key: "haproxy_running_{{ container_facts['haproxy'] is defined }}"
changed_when: false
check_mode: false
when:
- enable_haproxy | bool
- inventory_hostname in groups['loadbalancer']
@ -35,6 +38,7 @@
group_by:
key: "proxysql_running_{{ container_facts['proxysql'] is defined }}"
changed_when: false
check_mode: false
when:
- enable_proxysql | bool
- inventory_hostname in groups['loadbalancer']
@ -108,6 +112,7 @@
register: ping_output
changed_when: false
failed_when: ping_output.rc != 1
check_mode: false
with_items:
- "{{ kolla_internal_vip_address }}"
- "{{ kolla_external_vip_address }}"
@ -187,6 +192,7 @@
failed_when: >-
( ip_addr_output is failed or
kolla_internal_vip_address | ipaddr(ip_addr_output.stdout.split()[3]) is none)
check_mode: false
when:
- enable_haproxy | bool
- enable_keepalived | bool
@ -198,6 +204,7 @@
shell: echo "show stat" | {{ kolla_container_engine }} exec -i haproxy socat unix-connect:/var/lib/kolla/haproxy/haproxy.sock stdio # noqa risky-shell-pipe
register: haproxy_stat_shell
changed_when: false
check_mode: false
when: container_facts['haproxy'] is defined
- name: Setting haproxy stat fact
@ -827,6 +834,7 @@
register: firewalld_is_active
changed_when: false
failed_when: false
check_mode: false
- name: Fail if firewalld is not running
fail:

1
ansible/roles/magnum/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- magnum_api
check_mode: false
register: container_facts
- name: Checking free port for Magnum API

1
ansible/roles/manila/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- manila_api
check_mode: false
register: container_facts
- name: Checking free port for Manila API

1
ansible/roles/mariadb/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- mariadb
check_mode: false
register: container_facts
- name: Checking free port for MariaDB

1
ansible/roles/masakari/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- masakari_api
check_mode: false
register: container_facts
- name: Checking free port for Masakari API

1
ansible/roles/memcached/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- memcached
check_mode: false
register: container_facts
- name: Checking free port for Memcached

1
ansible/roles/mistral/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- mistral_api
check_mode: false
register: container_facts
- name: Checking free port for Mistral API

1
ansible/roles/murano/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- murano_api
check_mode: false
register: container_facts
- name: Checking free port for Murano API

1
ansible/roles/neutron/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- neutron_server
check_mode: false
register: container_facts
- name: Checking free port for Neutron Server

1
ansible/roles/nova-cell/tasks/precheck.yml
View File

@ -15,6 +15,7 @@
- nova_serialproxy
- nova_spicehtml5proxy
- nova_ssh
check_mode: false
register: container_facts
- name: Checking available compute nodes in inventory

1
ansible/roles/nova/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- nova_api
check_mode: false
register: container_facts
- name: Checking free port for Nova API

1
ansible/roles/octavia/tasks/precheck.yml
View File

@ -12,6 +12,7 @@
name:
- octavia_api
- octavia_health_manager
check_mode: false
register: container_facts
- name: Checking free port for Octavia API

1
ansible/roles/opensearch/tasks/precheck.yml
View File

@ -12,6 +12,7 @@
name:
- opensearch
- elasticsearch
check_mode: false
register: container_facts
- name: Checking free port for Opensearch

1
ansible/roles/openvswitch/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- openvswitch_db
check_mode: false
register: container_facts
- name: Checking free port for OVSDB

1
ansible/roles/ovn-db/tasks/precheck.yml
View File

@ -6,6 +6,7 @@
name:
- ovn_nb_db
- ovn_sb_db
check_mode: false
register: container_facts
- name: Checking free port for OVN northbound db

1
ansible/roles/placement/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- placement_api
check_mode: false
register: container_facts
- name: Checking free port for Placement API

1
ansible/roles/prechecks/tasks/host_os_checks.yml
View File

@ -23,6 +23,7 @@
command: grep -q Stream /etc/os-release
register: stream_status
changed_when: false
check_mode: false
when:
- ansible_facts.distribution == 'CentOS'

1
ansible/roles/prechecks/tasks/package_checks.yml
View File

@ -3,6 +3,7 @@
command: "{{ ansible_facts.python.executable }} -c \"import docker; print(docker.__version__)\""
register: result
changed_when: false
check_mode: false
when:
- inventory_hostname in groups['baremetal']
- kolla_container_engine == 'docker'

3
ansible/roles/prechecks/tasks/service_checks.yml
View File

@ -4,6 +4,7 @@
command: "{{ kolla_container_engine }} --version"
register: result
changed_when: false
check_mode: false
when: inventory_hostname in groups['baremetal']
failed_when: result is failed
or result.stdout | regex_replace('.*\\b(\\d+\\.\\d+\\.\\d+)\\b.*', '\\1') is version(docker_version_min, '<')
@ -19,12 +20,14 @@
register: result
changed_when: false
failed_when: result.stdout | regex_replace('(.*ssh_key.*)', '') is search(":")
check_mode: false
- name: Check if nscd is running
command: pgrep nscd
ignore_errors: yes
failed_when: false
changed_when: false
check_mode: false
register: nscd_status
- name: Fail if nscd is running

2
ansible/roles/prechecks/tasks/timesync_checks.yml
View File

@ -14,6 +14,7 @@
register: systemctl_is_active
changed_when: false
failed_when: false
check_mode: false
- name: Fail if a host NTP daemon is not running
fail:
@ -31,6 +32,7 @@
command: timedatectl status
register: timedatectl_status
changed_when: false
check_mode: false
- name: Fail if the clock is not synchronized
fail:

1
ansible/roles/prechecks/tasks/user_checks.yml
View File

@ -17,3 +17,4 @@
register: result
failed_when: result is failed
changed_when: False
check_mode: false

1
ansible/roles/prometheus/tasks/precheck.yml
View File

@ -22,6 +22,7 @@
- prometheus_blackbox_exporter
- prometheus_libvirt_exporter
- prometheus_msteams
check_mode: false
register: container_facts
- name: Checking free port for Prometheus server

3
ansible/roles/rabbitmq/tasks/precheck.yml
View File

@ -12,6 +12,7 @@
name:
- rabbitmq
- outward_rabbitmq
check_mode: false
register: container_facts
- name: Checking free port for RabbitMQ
@ -63,6 +64,7 @@
nss_database: "{{ 'ahostsv4' if api_address_family == 'ipv4' else 'ahostsv6' }}"
command: "getent {{ nss_database }} {{ hostvars[item].ansible_facts.hostname }}"
changed_when: false
check_mode: false
register: rabbitmq_hostnames
with_items: "{{ groups['rabbitmq'] }}"
@ -150,6 +152,7 @@
nss_database: "{{ 'ahostsv4' if api_address_family == 'ipv4' else 'ahostsv6' }}"
command: "getent {{ nss_database }} {{ hostvars[item].ansible_facts.hostname }}"
changed_when: false
check_mode: false
register: outward_rabbitmq_hostnames
with_items: "{{ groups['outward-rabbitmq'] }}"
when:

1
ansible/roles/redis/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- redis
check_mode: false
register: container_facts
- name: Checking free port for Redis

1
ansible/roles/sahara/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- sahara_api
check_mode: false
register: container_facts
- name: Checking free port for Sahara API

1
ansible/roles/senlin/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- senlin_api
check_mode: false
register: container_facts
- name: Checking free port for Senlin API

1
ansible/roles/solum/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- solum_api
check_mode: false
register: container_facts
- name: Checking free port for Solum Application Deployment

1
ansible/roles/swift/tasks/precheck.yml
View File

@ -14,6 +14,7 @@
- swift_container_server
- swift_object_server
- swift_proxy_server
check_mode: false
register: container_facts
- name: Checking free port for Swift Account Server

1
ansible/roles/tacker/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- tacker_server
check_mode: false
register: container_facts
- name: Checking free port for Tacker Server

1
ansible/roles/trove/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- trove_api
check_mode: false
register: container_facts
- name: Checking free port for Trove API

1
ansible/roles/venus/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- venus_api
check_mode: false
register: container_facts
- name: Checking free port for Venus API

1
ansible/roles/vitrage/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- vitrage_api
check_mode: false
register: container_facts
- name: Checking free port for vitrage API

1
ansible/roles/watcher/tasks/precheck.yml
View File

@ -11,6 +11,7 @@
container_engine: "{{ kolla_container_engine }}"
name:
- watcher_api
check_mode: false
register: container_facts
- name: Checking free port for watcher API

1
ansible/roles/zun/tasks/precheck.yml
View File

@ -13,6 +13,7 @@
- zun_api
- zun_wsproxy
- zun_cni_daemon
check_mode: false
register: container_facts
- name: Checking free port for Zun API

6
releasenotes/notes/prechecks-check-mode-65a7cb4cac82f4c7.yaml Normal file
View File

@ -0,0 +1,6 @@
---
fixes:
- |
Fixes an issue where some prechecks would fail or not run when running in
check mode. `LP#2002657
<https://bugs.launchpad.net/kolla-ansible/+bug/2002657>`__