Prevent accidental downgrades of RabbitMQ

As version-check.yml is added to deploy.yml, we must make sure the tasks are only run when the rabbitmq container exists. Change-Id: Iaa31bae739110094affb5e402ed9ac40b153ac3d
2024-09-19 13:10:00 +01:00 · 2024-09-19 13:10:00 +01:00 · f5ad7829c3
commit f5ad7829c3
parent 7a9b0db708
3 changed files with 79 additions and 50 deletions
--- a/ansible/roles/rabbitmq/tasks/deploy.yml
+++ b/ansible/roles/rabbitmq/tasks/deploy.yml
@ -1,4 +1,6 @@
 ---
+- import_tasks: version-check.yml
+
 - include_tasks: remove-ha-all-policy.yml
  when:
    - not om_enable_rabbitmq_high_availability | bool
--- a/ansible/roles/rabbitmq/tasks/version-check.yml
+++ b/ansible/roles/rabbitmq/tasks/version-check.yml
@ -1,9 +1,16 @@
 ---
 - block:
+    - name: Get container facts
+      become: true
+      kolla_container_facts:
+        action: get_containers
+        container_engine: "{{ kolla_container_engine }}"
+        name:
+          - "{{ service.container_name }}"
+      register: container_facts
+
+    - block:
        - name: Get current RabbitMQ version
-      vars:
-        service_name: "rabbitmq"
-        service: "{{ rabbitmq_services[service_name] }}"
          become: true
          command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version"
          register: rabbitmq_version_current
@ -16,6 +23,7 @@
          kolla_container:
            action: "start_container"
            command: "rabbitmqctl --version"
+            container_engine: "{{ kolla_container_engine }}"
            detach: false
            environment:
              KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
@ -54,6 +62,20 @@
              Please first upgrade to {{ upgrade_version }} with the command ``kolla-ansible rabbitmq-upgrade {{ upgrade_version }}``.
              See these docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#slurp

+        - name: Catch when RabbitMQ is being downgraded
+          assert:
+            that: rabbitmq_version_current.stdout is version(rabbitmq_version_new.stdout | trim, 'le', version_type='semver')
+            fail_msg: >
+              Looks like you're about to downgrade RabbitMQ from version {{ rabbitmq_version_current.stdout }} to version {{ rabbitmq_version_new.stdout | trim }}.
+              If you're absolutely certain you want to do this, please skip the tag `rabbitmq-version-check`.
+              Otherwise, see these docs for how to pin the version of RabbitMQ:
+              https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#rabbitmq-versions
+
+      when: container_facts[service.container_name] is defined
+
  delegate_to: "{{ groups[role_rabbitmq_groups] | first }}"
  run_once: true
  tags: rabbitmq-version-check
+  vars:
+    service_name: "rabbitmq"
+    service: "{{ rabbitmq_services[service_name] }}"
--- a/releasenotes/notes/rabbitmq-catch-downgrade-1005c7475a97bf19.yaml
+++ b/releasenotes/notes/rabbitmq-catch-downgrade-1005c7475a97bf19.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Adds a check to stop deploying/upgrading the RabbitMQ containers if it
+    will result in downgrading the version of RabbitMQ running.