Change task ordering to perform smooth upgrades
Currently we symlink /etc/neutron to empty directory at pre-stage, and filling it with config only during post_install. This means, that policies and rootwrap filters are not working properly until playbook execution finish. Additionally, we replace sudoers file with new path in it, which makes current operations impossible for the service, since rootwrap can not gain sudo privileges. With this change we move symlinking and rootwrap steps to handlers, which means that we will do replace configs while service is stopped. During post_install we place all of the configs inside the venv, which is versioned at the moment. This way we minimise downtime of the service while performing upgrades Change-Id: I6d1686ab79647acfc086f21864bde14c8a1a1a49
This commit is contained in:
parent
7f2b7ea4f4
commit
5763885453
@ -70,6 +70,30 @@
|
||||
- "Restart neutron services"
|
||||
- "venv changed"
|
||||
|
||||
- name: Symlink neutron config directory
|
||||
file:
|
||||
# NOTE(cloudnull): The "src" path is relative. This ensures all files remain
|
||||
# within the host/container confines when connecting to
|
||||
# them using the connection plugin or the root filesystem.
|
||||
src: "{{ neutron_conf_version_dir | regex_replace('^/', '../') }}"
|
||||
dest: "{{ neutron_conf_dir }}"
|
||||
state: link
|
||||
force: true
|
||||
when: neutron_install_method == 'source'
|
||||
listen:
|
||||
- "venv changed"
|
||||
|
||||
- name: Drop sudoers file
|
||||
template:
|
||||
src: "sudoers.j2"
|
||||
dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers"
|
||||
mode: "0440"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
listen:
|
||||
- "Restart neutron services"
|
||||
- "venv changed"
|
||||
|
||||
- name: Perform a DB contract
|
||||
command: "{{ neutron_bin }}/neutron-db-manage upgrade --contract"
|
||||
become: yes
|
||||
|
@ -14,7 +14,7 @@
|
||||
# limitations under the License.
|
||||
|
||||
- name: Perform a DB expand
|
||||
command: "{{ neutron_bin }}/neutron-db-manage upgrade --expand"
|
||||
command: "{{ neutron_bin }}/neutron-db-manage --config-file {{ neutron_conf_version_dir }}/neutron.conf upgrade --expand"
|
||||
become: yes
|
||||
become_user: "{{ neutron_system_user_name }}"
|
||||
when:
|
||||
@ -29,7 +29,7 @@
|
||||
value: "False"
|
||||
|
||||
- name: Check for available offline migrations
|
||||
command: "{{ neutron_bin }}/neutron-db-manage has_offline_migrations"
|
||||
command: "{{ neutron_bin }}/neutron-db-manage --config-file {{ neutron_conf_version_dir }}/neutron.conf has_offline_migrations"
|
||||
environment:
|
||||
LANGUAGE: en_US.UTF-8
|
||||
become: yes
|
||||
|
@ -21,11 +21,11 @@
|
||||
group: "{{ item.group|default(neutron_system_group_name) }}"
|
||||
mode: "{{ item.mode | default(omit) }}"
|
||||
with_items:
|
||||
- path: "{{ neutron_conf_dir }}/plugins"
|
||||
- path: "{{ neutron_conf_version_dir }}/plugins"
|
||||
mode: "0750"
|
||||
- path: "{{ neutron_conf_dir }}/plugins/{{ neutron_plugin_type.split('.')[0] }}"
|
||||
- path: "{{ neutron_conf_version_dir }}/plugins/{{ neutron_plugin_type.split('.')[0] }}"
|
||||
mode: "0750"
|
||||
- path: "{{ neutron_conf_dir }}/rootwrap.d"
|
||||
- path: "{{ neutron_conf_version_dir }}/rootwrap.d"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
- name: Copy extra neutron rootwrap filters
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ neutron_conf_dir }}/rootwrap.d/"
|
||||
dest: "{{ neutron_conf_version_dir }}/rootwrap.d/"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
with_fileglob:
|
||||
@ -53,11 +53,11 @@
|
||||
config_type: "{{ item.config_type }}"
|
||||
with_items:
|
||||
- src: "neutron.conf.j2"
|
||||
dest: "{{ neutron_conf_dir }}/neutron.conf"
|
||||
dest: "{{ neutron_conf_version_dir }}/neutron.conf"
|
||||
config_overrides: "{{ neutron_neutron_conf_overrides }}"
|
||||
config_type: "ini"
|
||||
- src: "{{ neutron_plugins[neutron_plugin_type].plugin_ini }}.j2"
|
||||
dest: "{{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
|
||||
dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
|
||||
config_overrides: "{{ neutron_plugins[neutron_plugin_type].plugin_conf_ini_overrides }}"
|
||||
config_type: "ini"
|
||||
notify:
|
||||
@ -66,7 +66,7 @@
|
||||
- name: Implement policy.yaml if there are overrides configured
|
||||
config_template:
|
||||
content: "{{ neutron_policy_overrides }}"
|
||||
dest: "{{ neutron_conf_dir }}/policy.yaml"
|
||||
dest: "{{ neutron_conf_version_dir }}/policy.yaml"
|
||||
owner: "root"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
mode: "0640"
|
||||
@ -88,7 +88,7 @@
|
||||
- name: Place api-paste.ini to the correct path in RedHat
|
||||
file:
|
||||
src: "/usr/share/neutron/api-paste.ini"
|
||||
dest: "{{ neutron_conf_dir }}/api-paste.ini"
|
||||
dest: "{{ neutron_conf_version_dir }}/api-paste.ini"
|
||||
owner: "root"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
mode: "0640"
|
||||
@ -141,7 +141,7 @@
|
||||
# NOTE(cloudnull): This will ensure strong permissions on all rootwrap files.
|
||||
- name: Set rootwrap.d permissions
|
||||
file:
|
||||
path: "{{ neutron_conf_dir }}/rootwrap.d"
|
||||
path: "{{ neutron_conf_version_dir }}/rootwrap.d"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
mode: "0640"
|
||||
@ -150,7 +150,7 @@
|
||||
- name: Copy neutron ml2 plugin config
|
||||
config_template:
|
||||
src: "{{ ('plugin_conf_bare' not in neutron_plugins[item]) | ternary(neutron_plugins[item].plugin_ini ~ '.j2', omit) }}"
|
||||
dest: "{{ neutron_conf_dir }}/{{ neutron_plugins[item].plugin_ini }}"
|
||||
dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[item].plugin_ini }}"
|
||||
owner: "root"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
mode: "0640"
|
||||
@ -161,7 +161,7 @@
|
||||
- name: Generate neutron dnsmasq Config
|
||||
template:
|
||||
src: "dnsmasq-neutron.conf.j2"
|
||||
dest: "{{ neutron_conf_dir }}/dnsmasq-neutron.conf"
|
||||
dest: "{{ neutron_conf_version_dir }}/dnsmasq-neutron.conf"
|
||||
owner: "root"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
mode: "0640"
|
||||
@ -189,7 +189,7 @@
|
||||
- name: Generate neutron bgpvpn networking configuration
|
||||
template:
|
||||
src: "networking_bgpvpn.conf.j2"
|
||||
dest: "{{ neutron_conf_dir }}/networking_bgpvpn.conf"
|
||||
dest: "{{ neutron_conf_version_dir }}/networking_bgpvpn.conf"
|
||||
owner: "root"
|
||||
group: "{{ neutron_system_group_name }}"
|
||||
mode: "0640"
|
||||
|
@ -53,29 +53,18 @@
|
||||
- name: Create neutron dir
|
||||
file:
|
||||
path: "{{ item.path | default(omit) }}"
|
||||
src: "{{ item.src | default(omit) }}"
|
||||
dest: "{{ item.dest | default(omit) }}"
|
||||
state: "{{ item.state | default('directory') }}"
|
||||
owner: "{{ item.owner | default(neutron_system_user_name) }}"
|
||||
group: "{{ item.group | default(neutron_system_group_name) }}"
|
||||
mode: "{{ item.mode | default(omit) }}"
|
||||
force: "{{ item.force | default(omit) }}"
|
||||
when:
|
||||
- (item.condition | default(true)) | bool
|
||||
with_items:
|
||||
- path: "/openstack"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
- path: "{{ (neutron_install_method == 'distro') | ternary(neutron_conf_dir, (neutron_bin | dirname) + '/etc/neutron') }}"
|
||||
- path: "{{ neutron_conf_version_dir }}"
|
||||
mode: "0755"
|
||||
# NOTE(cloudnull): The "src" path is relative. This ensures all files remain
|
||||
# within the host/container confines when connecting to
|
||||
# them using the connection plugin or the root filesystem.
|
||||
- dest: "{{ neutron_conf_dir }}"
|
||||
src: "{{ neutron_bin | dirname | regex_replace('^/', '../') }}/etc/neutron"
|
||||
state: link
|
||||
force: true
|
||||
condition: "{{ neutron_install_method == 'source' }}"
|
||||
- path: "/etc/sudoers.d"
|
||||
mode: "0750"
|
||||
owner: "root"
|
||||
@ -87,14 +76,6 @@
|
||||
mode: "0755"
|
||||
- path: "{{ neutron_system_home_folder }}/ha_confs"
|
||||
|
||||
- name: Drop sudoers file
|
||||
template:
|
||||
src: "sudoers.j2"
|
||||
dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers"
|
||||
mode: "0440"
|
||||
owner: "root"
|
||||
group: "root"
|
||||
|
||||
- name: Add dependency repos for Neutron
|
||||
package:
|
||||
name: "{{ neutron_repos }}"
|
||||
|
@ -122,6 +122,7 @@ neutron_venv_packages: >-
|
||||
###
|
||||
|
||||
neutron_conf_dir: /etc/neutron
|
||||
neutron_conf_version_dir: "{{ (neutron_install_method == 'distro') | ternary(neutron_conf_dir, (neutron_bin | dirname) + '/etc/neutron') }}"
|
||||
neutron_lock_path: "/var/lock/neutron"
|
||||
neutron_system_user_name: neutron
|
||||
neutron_system_group_name: neutron
|
||||
@ -348,7 +349,7 @@ neutron_services:
|
||||
group: neutron_dhcp_agent
|
||||
service_name: neutron-dhcp-agent
|
||||
service_en: "{{ neutron_dhcp | bool }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: dhcp_agent.ini
|
||||
service_rootwrap: rootwrap.d/dhcp.filters
|
||||
execstarts: "{{ neutron_bin }}/neutron-dhcp-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dhcp_agent.ini"
|
||||
@ -360,7 +361,7 @@ neutron_services:
|
||||
group: neutron_openvswitch_agent
|
||||
service_name: neutron-openvswitch-agent
|
||||
service_en: "{{ neutron_plugin_type in ['ml2.ovs', 'ml2.ovs.dvr'] }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: plugins/ml2/openvswitch_agent.ini
|
||||
service_rootwrap: rootwrap.d/openvswitch-plugin.filters
|
||||
execstarts: "{{ neutron_bin }}/neutron-openvswitch-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/openvswitch_agent.ini"
|
||||
@ -372,7 +373,7 @@ neutron_services:
|
||||
group: neutron_linuxbridge_agent
|
||||
service_name: neutron-linuxbridge-agent
|
||||
service_en: "{{ neutron_plugin_type == 'ml2.lxb' }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: plugins/ml2/linuxbridge_agent.ini
|
||||
service_rootwrap: rootwrap.d/linuxbridge-plugin.filters
|
||||
execstarts: "{{ neutron_bin }}/neutron-linuxbridge-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/linuxbridge_agent.ini"
|
||||
@ -384,7 +385,7 @@ neutron_services:
|
||||
group: neutron_metadata_agent
|
||||
service_name: neutron-metadata-agent
|
||||
service_en: "{{ neutron_metadata | bool }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: metadata_agent.ini
|
||||
execstarts: "{{ neutron_bin }}/neutron-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metadata_agent.ini"
|
||||
config_overrides: "{{ neutron_metadata_agent_ini_overrides }}"
|
||||
@ -395,7 +396,7 @@ neutron_services:
|
||||
group: neutron_metering_agent
|
||||
service_name: neutron-metering-agent
|
||||
service_en: "{{ neutron_metering | bool }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: metering_agent.ini
|
||||
execstarts: "{{ neutron_bin }}/neutron-metering-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metering_agent.ini"
|
||||
config_overrides: "{{ neutron_metering_agent_ini_overrides }}"
|
||||
@ -407,7 +408,7 @@ neutron_services:
|
||||
group: neutron_l3_agent
|
||||
service_name: neutron-l3-agent
|
||||
service_en: "{{ neutron_l3 | bool }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: l3_agent.ini
|
||||
service_rootwrap: rootwrap.d/l3.filters
|
||||
environment:
|
||||
@ -421,7 +422,7 @@ neutron_services:
|
||||
group: neutron_bgp_dragent
|
||||
service_name: neutron-bgp-dragent
|
||||
service_en: "{{ neutron_bgp | bool }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: bgp_dragent.ini
|
||||
execstarts: "{{ neutron_bin }}/neutron-bgp-dragent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/bgp_dragent.ini"
|
||||
config_overrides: "{{ neutron_bgp_dragent_ini_overrides }}"
|
||||
@ -436,7 +437,7 @@ neutron_services:
|
||||
group: neutron_l3_agent
|
||||
service_name: neutron-vpn-agent
|
||||
service_en: false
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: vpnaas_agent.ini
|
||||
service_rootwrap: rootwrap.d/vpnaas.filters
|
||||
execstarts: "{{ neutron_bin }}/neutron-vpn-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/vpnaas_agent.ini"
|
||||
@ -480,7 +481,7 @@ neutron_services:
|
||||
group: neutron_sriov_nic_agent
|
||||
service_name: neutron-sriov-nic-agent
|
||||
service_en: "{{ 'ml2.sriov' in neutron_plugin_types }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: plugins/ml2/sriov_nic_agent.ini
|
||||
execstarts: "{{ neutron_bin }}/neutron-sriov-nic-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/sriov_nic_agent.ini"
|
||||
config_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}"
|
||||
@ -499,7 +500,7 @@ neutron_services:
|
||||
systemd_group_name: root
|
||||
service_name: neutron-ovn-metadata-agent
|
||||
service_en: "{{ neutron_plugin_type == 'ml2.ovn' }}"
|
||||
service_conf_path: "{{ neutron_conf_dir }}"
|
||||
service_conf_path: "{{ neutron_conf_version_dir }}"
|
||||
service_conf: neutron_ovn_metadata_agent.ini
|
||||
service_rootwrap: rootwrap.d/ovn-plugin.filters
|
||||
execstarts: "{{ neutron_bin }}/neutron-ovn-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/neutron_ovn_metadata_agent.ini"
|
||||
@ -543,11 +544,11 @@ neutron_role_project_group: neutron_all
|
||||
|
||||
neutron_core_files:
|
||||
- tmp_f: "/tmp/api-paste.ini.original"
|
||||
target_f: "{{ neutron_conf_dir }}/api-paste.ini"
|
||||
target_f: "{{ neutron_conf_version_dir }}/api-paste.ini"
|
||||
config_overrides: "{{ _neutron_api_paste_ini_overrides | combine(neutron_api_paste_ini_overrides, recursive=True) }}"
|
||||
config_type: "ini"
|
||||
- tmp_f: "/tmp/rootwrap.conf.original"
|
||||
target_f: "{{ neutron_conf_dir }}/rootwrap.conf"
|
||||
target_f: "{{ neutron_conf_version_dir }}/rootwrap.conf"
|
||||
config_overrides: "{{ _neutron_rootwrap_conf_overrides | combine(neutron_rootwrap_conf_overrides, recursive=True) }}"
|
||||
config_type: "ini"
|
||||
owner: "root"
|
||||
|
Loading…
Reference in New Issue
Block a user