41448f2077
This is a prerequisite for patchset #924651 Nova runs checks before upgrading. A new nova_upgrade_checks container is started for that purpose. This container uses the new nova-api image, but the old config.json file. The image expects CA certificates in a certain location, but due to the old config.json file, they will not be present. This results in the container not trusting keystone SSL certificate and the upgrade fails, since it can't connect. Moving the config section before the checks ensures that the new container has all the certificates it needs to connect to Keystone. Also nova_enable_rolling_upgrade is no longed used, so there was no point in keeping upgrade tasks split. Change-Id: I44bf48fb86f639d7f0acb786392573ebfed7ee97 Signed-off-by: Roman Krček <roman.krcek@tietoevry.com>
66 lines
2.0 KiB
YAML
66 lines
2.0 KiB
YAML
---
|
|
# TODO(bbezak): Remove this task in the Dalmatian cycle.
|
|
- import_role:
|
|
name: service-ks-register
|
|
vars:
|
|
service_ks_register_auth: "{{ openstack_nova_auth }}"
|
|
service_ks_register_user_roles: "{{ nova_ks_user_roles }}"
|
|
|
|
# Create new set of configs on nodes
|
|
- import_tasks: config.yml
|
|
|
|
- name: Run Nova upgrade checks
|
|
become: true
|
|
vars:
|
|
nova_api: "{{ nova_services['nova-api'] }}"
|
|
kolla_container:
|
|
action: "start_container"
|
|
common_options: "{{ docker_common_options }}"
|
|
detach: False
|
|
environment:
|
|
KOLLA_UPGRADE_CHECK:
|
|
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
|
|
image: "{{ nova_api.image }}"
|
|
labels:
|
|
UPGRADE:
|
|
name: "nova_upgrade_checks"
|
|
restart_policy: oneshot
|
|
volumes: "{{ nova_api_default_volumes + nova_api_extra_volumes }}"
|
|
run_once: True
|
|
register: nova_upgrade_check_stdout
|
|
delegate_to: "{{ groups['nova-api'][0] }}"
|
|
failed_when: false
|
|
check_mode: false
|
|
|
|
- name: Upgrade status check result
|
|
fail:
|
|
msg:
|
|
- "There was an upgrade status check failure!"
|
|
- "See the detail at https://docs.openstack.org/nova/latest/cli/nova-status.html#nova-status-checks"
|
|
vars:
|
|
first_nova_api_host: "{{ groups['nova-api'][0] }}"
|
|
when: hostvars[first_nova_api_host]['nova_upgrade_check_stdout']['rc'] not in [0, 1]
|
|
|
|
- name: Stopping top level nova services
|
|
become: true
|
|
kolla_container:
|
|
action: "stop_container"
|
|
common_options: "{{ docker_common_options }}"
|
|
name: "{{ item.value.container_name }}"
|
|
with_dict: "{{ nova_services | select_services_enabled_and_mapped_to_host }}"
|
|
when:
|
|
- nova_safety_upgrade | bool
|
|
|
|
- import_tasks: check-containers.yml
|
|
|
|
# TODO(donghm): Flush_handlers to restart nova services
|
|
# should be run in serial nodes to decrease downtime if
|
|
# the previous task did not run. Update when the
|
|
# Ansible strategy module for rolling upgrade is finished.
|
|
|
|
- name: Flush handlers
|
|
meta: flush_handlers
|
|
|
|
# NOTE(dszumski): The Nova upgrade is not finished here and
|
|
# continues in subsequent tasks.
|