Merge "Prevent accidental downgrades of RabbitMQ"

2024-10-30 17:59:22 +00:00 · 2024-10-30 17:59:22 +00:00 · 9b98ce997e
commit 9b98ce997e
parent 1c7d17d1ee f5ad7829c3
3 changed files with 79 additions and 50 deletions
--- a/ansible/roles/rabbitmq/tasks/deploy.yml
+++ b/ansible/roles/rabbitmq/tasks/deploy.yml
@ -1,4 +1,6 @@
 ---
+- import_tasks: version-check.yml
+
 - include_tasks: remove-ha-all-policy.yml
  when:
    - not om_enable_rabbitmq_high_availability | bool
--- a/ansible/roles/rabbitmq/tasks/version-check.yml
+++ b/ansible/roles/rabbitmq/tasks/version-check.yml
@ -1,59 +1,81 @@
 ---
 - block:
-    - name: Get current RabbitMQ version
-      vars:
-        service_name: "rabbitmq"
-        service: "{{ rabbitmq_services[service_name] }}"
+    - name: Get container facts
      become: true
-      command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version"
-      register: rabbitmq_version_current
-      changed_when: false
+      kolla_container_facts:
+        action: get_containers
+        container_engine: "{{ kolla_container_engine }}"
+        name:
+          - "{{ service.container_name }}"
+      register: container_facts

-    - name: Get new RabbitMQ version
-      become: true
-      vars:
-        rabbitmq_container: "{{ rabbitmq_services['rabbitmq'] }}"
-      kolla_container:
-        action: "start_container"
-        command: "rabbitmqctl --version"
-        detach: false
-        environment:
-          KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
-        image: "{{ rabbitmq_container.image }}"
-        name: "rabbitmq_version_check"
-        restart_policy: oneshot
-        volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
-      register: rabbitmq_version_new
-      failed_when: false
-      check_mode: false
+    - block:
+        - name: Get current RabbitMQ version
+          become: true
+          command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version"
+          register: rabbitmq_version_current
+          changed_when: false

-    # As an example, when the new RabbitMQ version is 3.13.6:
-    # new_major_version = 3
-    # new_minor_version = 13
-    # new_version = 3.13
-    # And if the current RabbitMQ version is 3.11.28:
-    # upgrade_version = 3.12
-    - name: Check if running RabbitMQ is at most one version behind
-      vars:
-        current_version_major: "{{ rabbitmq_version_current.stdout | regex_search('^[0-9]+') }}"
-        current_version_minor: "{{ rabbitmq_version_current.stdout | regex_search('(?<=.)[^.].') }}"
-        current_version: "{{ rabbitmq_version_current.stdout | regex_replace('.[^.]+$', '') }}"
-        new_version_major: "{{ rabbitmq_version_new.stdout | regex_search('^[0-9]+') }}"
-        new_version_minor: "{{ rabbitmq_version_new.stdout | regex_search('(?<=.)[^.].') }}"
-        new_version: "{{ rabbitmq_version_new.stdout | regex_replace('.[^.]+$', '') }}"
-        # Note: this assumes 3.13 will be the last release before 4.0.
-        upgrade_version: "{{ '4.0' if current_version == '3.13' else current_version_major + '.' + (current_version_minor | int + 1) | string }}"
-      assert:
-        that: (current_version_major == new_version_major and
-              new_version_minor | int - current_version_minor | int <= 1) or
-              (new_version | float == 4.0 and current_version | float == 3.13)
-        fail_msg: >
-          Looks like you're trying to run a skip-release upgrade!
-          RabbitMQ must be at most one version behind the target release version ({{ rabbitmq_version_new.stdout | trim }}) to run this upgrade.
-          You are running {{ rabbitmq_version_current.stdout }}.
-          Please first upgrade to {{ upgrade_version }} with the command ``kolla-ansible rabbitmq-upgrade {{ upgrade_version }}``.
-          See these docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#slurp
+        - name: Get new RabbitMQ version
+          become: true
+          vars:
+            rabbitmq_container: "{{ rabbitmq_services['rabbitmq'] }}"
+          kolla_container:
+            action: "start_container"
+            command: "rabbitmqctl --version"
+            container_engine: "{{ kolla_container_engine }}"
+            detach: false
+            environment:
+              KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
+            image: "{{ rabbitmq_container.image }}"
+            name: "rabbitmq_version_check"
+            restart_policy: oneshot
+            volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
+          register: rabbitmq_version_new
+          failed_when: false
+          check_mode: false
+
+        # As an example, when the new RabbitMQ version is 3.13.6:
+        # new_major_version = 3
+        # new_minor_version = 13
+        # new_version = 3.13
+        # And if the current RabbitMQ version is 3.11.28:
+        # upgrade_version = 3.12
+        - name: Check if running RabbitMQ is at most one version behind
+          vars:
+            current_version_major: "{{ rabbitmq_version_current.stdout | regex_search('^[0-9]+') }}"
+            current_version_minor: "{{ rabbitmq_version_current.stdout | regex_search('(?<=.)[^.].') }}"
+            current_version: "{{ rabbitmq_version_current.stdout | regex_replace('.[^.]+$', '') }}"
+            new_version_major: "{{ rabbitmq_version_new.stdout | regex_search('^[0-9]+') }}"
+            new_version_minor: "{{ rabbitmq_version_new.stdout | regex_search('(?<=.)[^.].') }}"
+            new_version: "{{ rabbitmq_version_new.stdout | regex_replace('.[^.]+$', '') }}"
+            # Note: this assumes 3.13 will be the last release before 4.0.
+            upgrade_version: "{{ '4.0' if current_version == '3.13' else current_version_major + '.' + (current_version_minor | int + 1) | string }}"
+          assert:
+            that: (current_version_major == new_version_major and
+                  new_version_minor | int - current_version_minor | int <= 1) or
+                  (new_version | float == 4.0 and current_version | float == 3.13)
+            fail_msg: >
+              Looks like you're trying to run a skip-release upgrade!
+              RabbitMQ must be at most one version behind the target release version ({{ rabbitmq_version_new.stdout | trim }}) to run this upgrade.
+              You are running {{ rabbitmq_version_current.stdout }}.
+              Please first upgrade to {{ upgrade_version }} with the command ``kolla-ansible rabbitmq-upgrade {{ upgrade_version }}``.
+              See these docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#slurp
+
+        - name: Catch when RabbitMQ is being downgraded
+          assert:
+            that: rabbitmq_version_current.stdout is version(rabbitmq_version_new.stdout | trim, 'le', version_type='semver')
+            fail_msg: >
+              Looks like you're about to downgrade RabbitMQ from version {{ rabbitmq_version_current.stdout }} to version {{ rabbitmq_version_new.stdout | trim }}.
+              If you're absolutely certain you want to do this, please skip the tag `rabbitmq-version-check`.
+              Otherwise, see these docs for how to pin the version of RabbitMQ:
+              https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#rabbitmq-versions
+
+      when: container_facts[service.container_name] is defined

  delegate_to: "{{ groups[role_rabbitmq_groups] | first }}"
  run_once: true
  tags: rabbitmq-version-check
+  vars:
+    service_name: "rabbitmq"
+    service: "{{ rabbitmq_services[service_name] }}"
--- a/releasenotes/notes/rabbitmq-catch-downgrade-1005c7475a97bf19.yaml
+++ b/releasenotes/notes/rabbitmq-catch-downgrade-1005c7475a97bf19.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Adds a check to stop deploying/upgrading the RabbitMQ containers if it
+    will result in downgrading the version of RabbitMQ running.