Ensure container's image get updated if their name stay the same.

In some environment the containers' tag isn't modified (think "latest"). This is already supported during deployment so we re-use the code during update. We also make sure that the same mechanism is available for ovn_controller update. It can be selectively disable if one pass: --skip-tags ovn_image to the external-update run command. We remove the ignore error as it's wrong indication that we are not taking errors into account in those tasks. We also adjust the delay as it's 3 seconds by default making the time we check longer than the async tasks. Eventually, we add a new parameter for controlling the downloading of the image "OVNControllerImageUpdateTimeout" which is set to 10min by default. Note that in order to pass CI, we need to modify the tht syntax test: - ensure containers.podman collection is installed; - ensure custom tripleo-ansible filter are found; - make sure tripleo_role_name is defined in the syntax test playbook. Change-Id: I6d439367816d5f5968b8f890f74b7a2f74715f52 (cherry picked from commit 90c52db21e)
2022-05-11 00:34:03 +02:00 · 2022-05-11 00:34:03 +02:00 · 0970a4f80d
parent e428db15cb
commit 0970a4f80d
5 changed files with 63 additions and 3 deletions
--- a/deployment/ovn/ovn-controller-container-puppet.yaml
+++ b/deployment/ovn/ovn-controller-container-puppet.yaml
@ -164,6 +164,12 @@ parameters:
    description: Entry in clouds.yaml to use for authentication
    type: string
    default: ""
+  OVNControllerImageUpdateTimeout:
+    description: >
+      During update, how long we wait for the container image to be updated,
+      in seconds.
+    type: number
+    default: 600
  OVNControllerUpdateTimeout:
    description: >
      During update, how long we wait for the container to be updated,
@ -488,6 +494,39 @@ outputs:
                ovn_bridge_mappings: {get_attr: [OVNBridgeMappingsValue, value, ovn_bridge_mappings]}
                ovn_static_bridge_mac_mappings: {get_attr: [OVNBridgeMappingsValue, value, ovn_static_bridge_mac_mappings]}
      external_update_tasks:
+        - name: Force pull image in case image name doesn't change.
+          when: step|int == 1
+          tags:
+            - ovn
+            - ovn_image
+          become: true
+          loop: "{{ groups['ovn_controller'] | difference(groups['excluded_overcloud']) }}"
+          delegate_to: "{{ item }}"
+          async: {get_param: OVNControllerImageUpdateTimeout}
+          poll: 0
+          register: ovn_controller_image_update
+          containers.podman.podman_image:
+            name: {get_param: ContainerOvnControllerConfigImage}
+            validate_certs: false
+            force: true
+        - name: Was the ovn_controller image pull successful.
+          when:
+            - step|int == 1
+            - "'results' in ovn_controller_image_update"
+          tags:
+            - ovn
+            - ovn_image
+          become: true
+          delegate_to: "{{ async_result_item.item }}"
+          async_status:
+            jid: "{{ async_result_item.ansible_job_id }}"
+          loop: "{{ovn_controller_image_update.results }}"
+          loop_control:
+            loop_var: "async_result_item"
+          register: async_poll_results
+          until: async_poll_results.finished
+          retries: {get_param: OVNControllerImageUpdateTimeout}
+          delay: 1
        - name: OVN Container image used
          debug:
            msg: "ovn container will be using {{ image }}"
@ -504,7 +543,6 @@ outputs:
          async: {get_param: OVNControllerUpdateTimeout}
          poll: 0
          register: ovn_controller_update
-          ignore_errors: true
          tripleo_container_manage:
            config_dir: "/var/lib/tripleo-config/container-startup-config/step_4"
            config_patterns: 'ovn_controller.json'
@ -530,6 +568,7 @@ outputs:
          register: async_poll_results
          until: async_poll_results.finished
          retries: {get_param: OVNControllerUpdateTimeout}
+          delay: 1
      upgrade_tasks: []
      scale_tasks:
        - when:
--- a/deployment/podman/podman-baremetal-ansible.yaml
+++ b/deployment/podman/podman-baremetal-ansible.yaml
@ -155,7 +155,7 @@ outputs:
      deploy_steps_tasks:
        - when:
            - (step|int) == 1
-          block:
+          block: &podman_prefetch_images
            # NOTE(mwhahaha): validate_certs is a misnomer because what it
            # actually does is enable the --tls-verify flag which forces
            # registries to only be over HTTPS. By default, podman will only
@ -224,6 +224,12 @@ outputs:
              command: /usr/sbin/pcs cluster destroy
              when: pcs_stat.stat.exists

+      update_tasks:
+        - name: Force pre-fetch of container images
+          when:
+            - (step|int) == 5
+          block: *podman_prefetch_images
+
      post_upgrade_tasks:
        # Podman purge tasks are disabled on the undercloud since the ephemeral
        # Heat images need to be kept. When commit
--- a/tox.ini
+++ b/tox.ini
@ -116,7 +116,7 @@ deps =
 whitelist_externals =
    bash
 commands_pre =
-    ansible-galaxy collection install ansible.posix
+    ansible-galaxy collection install ansible.posix containers.podman
    pip install -q bindep fixtures
    bindep test
 commands =
--- a/tripleo_heat_templates/tests/test_tht_ansible_syntax.py
+++ b/tripleo_heat_templates/tests/test_tht_ansible_syntax.py
@ -25,6 +25,10 @@ module_paths = [
    'ansible-pacemaker/modules'
 ]

+filter_plugin_paths = [
+    'tripleo-ansible/tripleo-ansible/tripleo_ansible/ansible_plugins/filter',
+]
+

 def append_path(path, new):
    if path == '':
@ -35,6 +39,7 @@ def append_path(path, new):

 def test_tht_ansible_syntax(pytestconfig):
    role_path = ''
+    filter_plugin_path = ''
    mod_path = ''
    tht_root = str(pytestconfig.invocation_params.dir)
    tht_test_path = os.path.join(tht_root, 'tripleo_heat_templates/tests')
@ -43,6 +48,10 @@ def test_tht_ansible_syntax(pytestconfig):
        role_path = append_path(
            role_path, os.path.join(tht_test_path, r))

+    for p in filter_plugin_paths:
+        filter_plugin_path = append_path(
+            filter_plugin_path, os.path.join(tht_test_path, p))
+
    for m in module_paths:
        mod_path = append_path(
            mod_path, os.path.join(tht_test_path, m))
@ -51,6 +60,8 @@ def test_tht_ansible_syntax(pytestconfig):

    os.environ["ANSIBLE_ROLES_PATH"] = role_path
    os.environ["ANSIBLE_LIBRARY"] = mod_path
+    os.environ["ANSIBLE_FILTER_PLUGINS"] = filter_plugin_path
+
    # Some variables are generated by config-download and part of TripleO inventory,
    # absent from this testing
    os.environ["ANSIBLE_ERROR_ON_UNDEFINED_VARS"] = "False"
--- a/tripleo_heat_templates/tests/test_tht_ansible_syntax.yml
+++ b/tripleo_heat_templates/tests/test_tht_ansible_syntax.yml
@ -88,6 +88,10 @@
    args:
      chdir: "{{ tmp_folder }}"

+  # Compute is hardcoded in the following tasks
+  - name: Ensure required tripleo_role_name get defined
+    set_fact:
+      tripleo_role_name: "Compute"
  # To check changes in the tool we check the script passing 1 task type and
  # 1 role
  - name: Render the ansible tasks for 1 role and 1 task type as an example