From 26de2df595eff4f11e2a05dcceab57b6301d9d4f Mon Sep 17 00:00:00 2001
From: Brendan Shephard <bshephar@redhat.com>
Date: Wed, 20 Apr 2022 09:07:05 +1000
Subject: [PATCH] Add update_tasks to tripleo_packages

Add the update_tasks from THT to the tripleo_packages
standalone role.

Change-Id: I26b955ae094a6525a79cfc38bd3b9a0d5c0b5f8b
---
 .../roles/tripleo_packages/defaults/main.yml  |  4 ++
 .../molecule/update/converge.yml              | 11 ++++-
 .../roles/tripleo_packages/tasks/update.yml   | 40 +++++++------------
 .../tasks/update_bootstrap.yml                | 30 ++++++++++++++
 .../tripleo_packages/tasks/update_ovs.yml     | 26 ++++++++++++
 5 files changed, 84 insertions(+), 27 deletions(-)
 create mode 100644 tripleo_ansible/roles/tripleo_packages/tasks/update_bootstrap.yml
 create mode 100644 tripleo_ansible/roles/tripleo_packages/tasks/update_ovs.yml

diff --git a/tripleo_ansible/roles/tripleo_packages/defaults/main.yml b/tripleo_ansible/roles/tripleo_packages/defaults/main.yml
index 93c745e69..9f10351a2 100644
--- a/tripleo_ansible/roles/tripleo_packages/defaults/main.yml
+++ b/tripleo_ansible/roles/tripleo_packages/defaults/main.yml
@@ -86,3 +86,7 @@ tripleo_packages_exclude_from_update:
   - ansible
 
 tripleo_release: "{{ release | default('queens') }}"
+
+dnf_module_list: []
+skip_rhel_enforcement: false
+skip_package_update: false
diff --git a/tripleo_ansible/roles/tripleo_packages/molecule/update/converge.yml b/tripleo_ansible/roles/tripleo_packages/molecule/update/converge.yml
index 873354605..cc5c4c8c5 100644
--- a/tripleo_ansible/roles/tripleo_packages/molecule/update/converge.yml
+++ b/tripleo_ansible/roles/tripleo_packages/molecule/update/converge.yml
@@ -18,11 +18,20 @@
 - name: Converge
   hosts: all
   vars:
-    step: 3
+    skip_package_update: true
+    skip_rhel_enforcement: true
     tripleo_packages_exclude_from_update:
       - ansible
       - redhat-release
   tasks:
+    - name: Import TripleO updates bootstrap tasks
+      include_role:
+        name: tripleo_packages
+        tasks_from: update_bootstrap.yml
+    - name: Import TripleO updates ovs tasks
+      include_role:
+        name: tripleo_packages
+        tasks_from: update_ovs.yml
     - name: Import TripleO packages role
       include_role:
         name: tripleo_packages
diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/update.yml b/tripleo_ansible/roles/tripleo_packages/tasks/update.yml
index 1a9c00267..7f2058683 100644
--- a/tripleo_ansible/roles/tripleo_packages/tasks/update.yml
+++ b/tripleo_ansible/roles/tripleo_packages/tasks/update.yml
@@ -14,32 +14,20 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-
-- name: Check for existing yum.pid
-  stat:
-    path: /var/run/yum.pid
-  register: yum_pid_file
-  when:
-    - ((step | int) == 0) or ((step | int) == 3)
-
-- name: Exit if existing yum process
-  fail:
-    msg: >-
-      ERROR existing yum.pid detected - can't continue! Please ensure there is no other
-      package update process for the duration of the minor update worfklow. Exiting.
-  when:
-    - (((step | int) == 0) or ((step | int) == 3)) and (yum_pid_file.stat.exists | bool)
-
+# Exclude ansible until https://github.com/ansible/ansible/issues/56636
+# is available
 - name: Update all packages
-  when: step|int == 3
-  package:
+  when:
+    - not skip_package_update|bool
+  ansible.builtin.dnf:
     name: '*'
     state: latest
-    exclude: "{{ tripleo_packages_exclude_from_update }}"
-  register: tripleo_package_update_result
-
-- name: Handle openvswitch service
-  include_tasks: openvswitch.yml
-  when:
-    - step|int == 3
-    - tripleo_package_update_result.changed
+    exclude: ansible
+# This is failsafe unless openvswitch package does something
+# to the systemd service state.
+- name: Ensure openvswitch is running after update
+  ansible.builtin.systemd:
+    name: openvswitch
+    enabled: true
+    state: started
+  ignore_errors: true
diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/update_bootstrap.yml b/tripleo_ansible/roles/tripleo_packages/tasks/update_bootstrap.yml
new file mode 100644
index 000000000..1ac69c162
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_packages/tasks/update_bootstrap.yml
@@ -0,0 +1,30 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Enforce RHOSP rules regarding subscription.
+  include_role:
+    name: tripleo_redhat_enforce
+  when:
+    - ansible_facts['distribution'] == 'RedHat'
+    - not (skip_rhel_enforcement | bool)
+- name: Ensure DNF modules have the right stream enabled
+  tripleo_dnf_stream:
+    name: "{{ item.module }}:{{ item.stream }}"
+    state: enabled
+  loop: "{{ dnf_module_list|list }}"
+  when:
+    - ansible_facts['distribution_major_version'] is version('8', '>=')
+    - dnf_module_list|length > 0
diff --git a/tripleo_ansible/roles/tripleo_packages/tasks/update_ovs.yml b/tripleo_ansible/roles/tripleo_packages/tasks/update_ovs.yml
new file mode 100644
index 000000000..ccac17d26
--- /dev/null
+++ b/tripleo_ansible/roles/tripleo_packages/tasks/update_ovs.yml
@@ -0,0 +1,26 @@
+---
+# Copyright 2019 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Special treatment for OpenvSwitch
+  tripleo_ovs_upgrade:
+  register: ovs_upgrade
+- name: Always ensure the openvswitch service is enabled and running after upgrades
+  ansible.builtin.systemd:
+    name: openvswitch
+    enabled: true
+    state: started
+  when:
+    - ovs_upgrade.changed|bool