Remove playbooks and references to them in scripts and docs that are
only applicable to Mitaka->Newton upgrades.
Change-Id: I2c581f30d2906411282994b7950a7354d6abd96a
Changes and new services, in particular apt-cacher-ng, have been made
and added to haproxy_default_services between Mitaka and Newton that
require haproxy be reconfigured prior to running the playbook of any
other infrastructure service.
Change-Id: Idd4180f7af78b23b6f241a861b66187f2b05f658
repo-server-pip-conf-removal.yml was renamed to pip-conf-removal.yml in
change I85cba02628dc454947c0bb798764f5f3955dc48b. Remove the old
playbook name from the run-upgrade script.
Change-Id: Ic87972e5ae82cbbc7cecf65a444a95534fbe28cb
The default MariaDB apt repo was changed from using HTTPS to HTTP in
change I67a9fb48ee08866bd59d70730e62b7da28f81125.
Add an upgrade playbook between M->N to ensure that existing repos are
removed to avoid a 'Duplicate sources.list entry' error when the new
default is put in place.
Change-Id: If9693d61904cce9c57fd7f5fad68b57f2159955d
Because pip install role is used as meta of the repo_build, we have
circular dependencies before anything could be done.
This cleans up the hosts of the --isolated flags, and therefore can
properly bootstrap pip.
Change-Id: I85cba02628dc454947c0bb798764f5f3955dc48b
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
(manual forward port)
This commit does the following:
1. Sets a default for I_REALLY_KNOW_WHAT_I_AM_DOING
Without this default, the script will error due to an unbound variable.
This happens as we have a 'set -u' specified in the script.
2. Updates version numbers from 12->13 to 13->14
Change-Id: I97c02d44722342b1867b4400921a66e6b2ea8a48
(cherry picked from commit d3aaab4745)
Currently the library expects the user to be running bootstrap scripts
from the root of the openstack-ansible directory. If the user is not,
then the bootstrap exits with failure and an error message.
Directories with special characters (such as spaces) are also not
supported, so running the script from outside the base dir will cause
script errors.
This patch implements support for bootstrapping outside the base dir,
including support for directory names with special characters. This is
extended to test and upgrade scripts.
Change-Id: I5cfa5a0bdbd762c50fe5a41cb88b3c0677f62482
run-upgrade.sh is designated to re-run from the place
where it failed. Previous behavior is to print entire tasks list
when failures happen. Printing tasks that successfully
completed is not desired. The new update will only show leftover
tasks for the users debugging.
Change-Id: I2e33c43d55696bb91cb40ff590e167546f5f6d18
Closes-Bug:1582272
This commit adds additional control around how the galera cluster
nodes are restarted during an upgrade (both the openstack upgrade
as well as mariadb upgrade). lxc config that gets added during the
lxc-container-create play would normally force a container restart.
This commit essentially does the following:
- run lxc-container-create on galera nodes but prevent container restarts
from being triggered by the new lxc config that gets laid down
- run a mariadb upgrade
- run a controlled rolling restart of all mariadb cluster containers
Change-Id: I5d979eb15c471274cc14ce6f41c8ae479c5131d6
Instead of forcing to reinstall pip packages during an upgrade, we
should instead make sure the environment always have the latest pip
package version.
This commit is part of a group of commits to ensure latest pip packages
are installed in the venv (cf. topic pip-install-latest on gerrit) for
the standard playbooks, and remove the options used by default in the
upgrade script (pip_install_options=--force-reinstall)
Closes-Bug: 1596620
Change-Id: I9ce478217d806fe04a2fc25be4cd42a875a6ffa2
Signed-off-by: Jean-Philippe Evrard <jean-philippe.evrard@rackspace.co.uk>
Since the default database collation has changed, include an upgrade
playbook to ensure that existing tables and databases with the previous
collation are converted during upgrades from Mitaka.
Change-Id: Iadbcf50c9611561b56fa1ea6ef3e80f636e0c0a8
Depends-on: I8507b6c9bd058bb308cc089f3802e52e24bea324
Because LBaaS v1 isn't supported in Newton and we can't
migrate, deployer will have to manually disable LBaaS v1
before doing the upgrade.
Change-Id: I0aa309aa7adbdb37b333a550423b0d3b938c3923
The patch removes the duplicate execution of the exit_early function
so that the environment variable can be used to bypass the exit
if the deployer chooses to do so.
Change-Id: Ic206e8d90931982790c76b533b777fb3ae47f8bf
The changes created here allow for upgrades to take place
without impacting cluster availability in cases where a
a service may be dependent on a non-compliant hostname(s).
Upgrade playbook has been added for ensuring hostname aliases
are correctly created. Specific entries for nova, heat, cinder
neutron, galera and rabbitmq have been added to ensure all
nodes are able to contact all other nodes using a potentially
non-compliant hostname entry.
To make setting the domain name easy across the cluster a new
global variable has been created ``openstack_domain``. This
variable has a default value of "openstack.local".
Because the initial release of Mitaka (13.0.0) did not contain
the RFC1034/5 updates these changes are needed to guarentee
clusters deployed on our initial release are upgradable to
Newton (14.0.0).
Partial-Bug: #1577245
Partial-Bug: #1586148
Related-Change-Id: Ib1e3b6f02758906e3ec7ab35737c1a58fcbca216
Change-Id: I6901409c1dc5ac8ff4f0af988132b5ac71f6379e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
This commit imports much of the documentation, scripts, and
playbooks from the Liberty>Mitaka upgrade process and
applies the appropriate series name changes.
Implements: blueprint upgrade-mitaka-newton
Change-Id: If8e43f1549e6fd121eae7b8d98d8cb16b01e2aab
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
(cherry picked from commit 5a09cb7c8d)
This commit disables the security hardening role during major
upgrades by creating a temporary file. It removes the file after
a sucessful upgrade.
Change-Id: Ib32e0e317a84a443fb7fc9d3a364a16bd469b6e3
Closes-Bug: #1568029
This is a barebones start to the upgrade script for the Liberty cycle.
This change simply cleans it out, more work will come later.
Change-Id: I86515970164a000d321ac4375497bfeba860ba8e
Implements: blueprint liberty-upgrade-path
This change updates all fo the names that we were using to the post
openstack migration name for openstack-ansible.
Change-Id: I6524af53ed02e19a0f56908e42a65d2dae8b71e3
When performing an upgrade, this project strives to have minimal
downtime for VMs that are running. By removing the apparmor profile as a
precondition for upgrades, when the container create role runs, the
profile will default to contained (the most restrictive profile). This
causes instance downtime since neutron can not create network
namespaces.
Related-bug: 1487130
Closes-bug: 1489144
Change-Id: Ife7aab044c7cb882a89c6b108b2d66f5e39aa10c
Previously, we simply checked $? which at that point would be the exit
status of echo, not openstack-ansible. By recording the actual
openstack-ansible exit status, we can properly report failures of the
upgrade script.
Closes-bug: 1480342
Change-Id: Icf43bea84660e4160a2dfcdb4ac93055340b3573
(cherry picked from commit 8a106d184a)
This patch fixes the following:
1. Properly quote arguments to run_lock function
2. Properly parse out the playbook filename in run_lock
Specifically the upgrade steps where we were using
"-e 'rabbitmq_upgrade=true' setup-infrastructure.yml"
"/tmp/fix_container_interfaces.yml || true"
Were causing issues and this patch resolves them.
Closes-bug: 1479916
Change-Id: I809085d6da493f7f7d545547a0d984c0e7b1bf45
(cherry picked from commit 560fbbdb07)
The in-tree version of user_group_vars.yml was removed in
30f9443c5d, but the corresponding
reference in the upgrade script was not also updated.
This commit changes the behavior to remove the file from /etc/ if found.
Change-Id: I9f5b061289c5f43e32983845469f5123cc9f209d
Closes-Bug: #1479501
The rabbitmq playbook is designed to run in parallel across the cluster.
This causes an issue when upgrading rabbitmq to a new major or minor
version because RabbitMQ does not support doing an online migration of
datasets between major versions. while a minor release can be upgrade
while online it is recommended to bring down the cluster to do any
upgrade actions. The current configuration takes no account of this.
Reference:
https://www.rabbitmq.com/clustering.html#upgrading for further details.
* A new variable has been added called `rabbitmq_upgrade`. This is set to
false by default to prevent a new version being installed unintentionally.
To run the upgrade, which will shutdown the cluster, the variable can be
set to true on the commandline:
Example:
openstack-ansible -e rabbitmq_upgrade=true \
rabbitmq-install.yml
* A new variable has been added called `rabbitmq_ignore_version_state`
which can be set "true" to ignore the package and version state tasks.
This has been provided to allow a deployer to rerun the plays in an
environment where the playbooks have been upgraded and the default
version of rabbitmq has changed within the role and the deployer has
elected to upgraded the installation at that time. This will ensure a
deployer is able to recluster an environment as needed without
effecting the package state.
Example:
openstack-ansible -e rabbitmq_ignore_version_state=true \
rabbitmq-install.yml
* A new variable has been added `rabbitmq_primary_cluster_node` which
allows a deployer to elect / set the primary cluster node in an
environment. This variable is used to determine the restart order
of RabbitMQ nodes. IE this will be the last node down and first one
up in an environment. By default this variable is set to:
rabbitmq_primary_cluster_node: "{{ groups['rabbitmq_all'][0] }}"
scripts/run-upgrade.sh has been modified to pass 'rabbitmq_upgrade=true'
on the command line so that RabbitMQ can be upgraded as part of the
upgrade between OpenStack versions.
DocImpact
Change-Id: I17d4429b9b94d47c1578dd58a2fb20698d1fe02e
Closes-bug: #1474992
This change adds a container task to ensure that container networks are up
and using the new configs as written by the lxc-container-create play. This
should resolve an issue where the container networks could be in a down
state after an upgrade due to a configuration file change.
A run function was also added to make it possible for a deployer to know
where in the upgrade process something might have failed and the order in
which the tasks may need to be rerun to continue the upgrade.
Change-Id: If02c4e269375368b6f613c5a9e3c947dddbd27f9
Closes-Bug: #1474585
Partial-Bug: #1475727
Prior to kilo, we created a static 'haproxy' MySQL user for haproxy.
In kilo and onwards, we now have a user variable called
galera_monitoring_user which defaults to monitoring. This commit
updates scripts/run-upgrade.sh to remove the old haproxy user to
ensure we don't have a defunct MySQL user lying about.
Change-Id: I071596c4c6d881d5304fc49a7cf752d5489ee19b
Closes-Bug: #1472673
Currently, scripts/run-upgrade.sh will not successfully upgrade a
deploy from juno->kilo. This update does the following:
- copies etc/openstack_deploy/env.d/* to /etc/openstack_deploy/env.d
- uses ansible modules where possible rather than using the ansible
shell module
- forces ansible command to return true where necessary (we introduce
new ansible host groups in kilo and these groups do not yet have
containers built which will cause the ansible command to fail)
- updates the python code to keep is_metal configurations between
juno and kilo deployments (kilo defaults is_metal=true for
cinder_volumes, which was not the default on juno)
- moves a closing if statement higher up in the script which was
erroneously causing a bunch of code to be skipped
Change-Id: Ic99dcbc3f64b8dbfec6188a017a8bcda1c80e544
Closes-Bug: #1471190
Co-Authored-By: Kevin Carter <kevin.carter@rackspace.com>
Changed the command to find the containers to only look for the contianer
config file within a given directory and to only look one level deep.
This change is in response to an issue that can happen if the container
directory "/var/lib/lxc" is also a mounted file system.
Change-Id: Id39995580900e2b9d9a35435d0cfeba82075d62b
Closes-Bug: #1470571
This removes the link files that are powering the basic pip config
thoughout the stack. The removal is to ensure that there are no
conflicting sources of truth when upgrading from Juno.
Closes-Bug: #1450580
Change-Id: I074f46c9b35793b35cf22ab49dd97f938df0cfac
This change modifies the container create bind mounts to use the
absolute path that would be within the container instead of the
relitive path. This change is being done to ensure that there
are never issues with bind mounts as in newer versions of LXC and
the CGManager the absolute path is required.
Change-Id: I6af23c7ea0a7f905bdd587adde966a449402ed0a
Closes-Bug: #1462068
This change simply makes sure that all containers and hosts have the
`apt-transport-https` package installed. this package is absolutly
required everywhere because we've changed all of the repo endpoints
to https and not all systems have this package installed on a base
kick. Furthermore an entry was added into the upgrade script to
ensure that upon upgrade everything will converge and remain
consistent.
Change-Id: I4b357ff7099a4c1c63c85ac9560aefc8d56709be
Closes-Bug: #1463155
Moved all of the group_vars/all.yml file into its own variable file
This change was done to allow a user to override basic options
without having to modify the default group variable files. While
the group_vars/all.yml file is still present it is only holding the
revision information that is used for release data and the minimal
required kernel that allows the system to function using VXLAN.
The upgrade script was modified to support the new "default"
user_group_vars.yml file.
tempest_swift_enabled was set to true in group_vars, so this has
now been set as a default in the role instead.
Commit 1bd2bc052a implemented the
package URL update for rabbitmq, but not the corresponding sha256
update. This was not noticed due to group_vars overriding the URL
to a previous version, resulting in the above-mentioned commit
taking no effect. This patch therefore also corrects the sha256.
Closes-Bug: #1460516
Closes-Bug: #1460992
Change-Id: I8e42bb124827bb276134d662c9a171db8e4c017e
Upgrades stalled when installing pip packages with an external loadbalancer.
The temporary variable will allow pip to connect directly to the local pip
repo server instead of through the loadbalancer. The file this variable goes
in is named to be removed.
Closes-Bug: 1460700
Change-Id: I1b257a77b5814f3024c7d7885bf3b807eeb2526b
When adding rabbit_cluster_name: rpc to the user variables, it just
echoed it and did not redirect the output to add it to the
user_variables.yml file.
Change-Id: Idddc9eedf868f1312d7a449bba7079d207309538
This commit simply updates scripts/run-upgrade.sh to fix the typo
where the echo is not actually appending output to user_secrets.yml.
Change-Id: I21007c4fdf580cc2e1ef97b1f226d5518a7cb1fc
Closes-Bug: #1445665
This script was created to allow for Juno (v10.x) to be
upgrade to Kilo (v11.x). This script attempts to wrap all
of the changes that have taken place between the Rackspace
release of Juno and the community product created in master
that is Kilo.
Partially implements: blueprint master-kilofication
Change-Id: Ibbc2a8192fb3a4e8508aefc74b1d062cd890f1a0