Handle LP openvswitch meta-package on upgrade

With layered product packaging upgrading openvswitch may involve a
package rename of the openvswitch package (e.g. openvswitch to
openvswitch 2.10 or openvswitch2.12 to openvswitch2.13) This patch
adds special handling for the rhosp-openvswitch layered product package
to ensure that openvswitch networking remains available during the
upgrade.

Note that this patch also moves the special upgrade logic to
tripleo-packages because it could affect any node that is running
openvswitch for host networking, not just those that are using it for
cloud workloads.

Closes-Bug: #1794359

Change-Id: Ibd64ac1407333c1548261f9d2ae69cdf013e94ce
This commit is contained in:
Brent Eagles 2018-09-25 17:17:55 -02:30
parent a16cce6c4f
commit 1773afb068
6 changed files with 215 additions and 133 deletions

View File

@ -213,37 +213,34 @@ outputs:
enabled: yes enabled: yes
upgrade_tasks: upgrade_tasks:
list_concat: - when: step|int == 0
- get_attr: [NeutronOvsAgentBase, role_data, ovs_upgrade_tasks] tags: common
- block:
- when: step|int == 0 - name: Check if neutron_ovs_agent is deployed
tags: common command: systemctl is-enabled --quiet neutron-openvswitch-agent
block: ignore_errors: True
- name: Check if neutron_ovs_agent is deployed register: neutron_ovs_agent_enabled_result
command: systemctl is-enabled --quiet neutron-openvswitch-agent - name: Set fact neutron_ovs_agent_enabled
ignore_errors: True set_fact:
register: neutron_ovs_agent_enabled_result neutron_ovs_agent_enabled: "{{ neutron_ovs_agent_enabled_result.rc == 0 }}"
- name: Set fact neutron_ovs_agent_enabled - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
set_fact: command: systemctl is-active --quiet neutron-openvswitch-agent
neutron_ovs_agent_enabled: "{{ neutron_ovs_agent_enabled_result.rc == 0 }}" when: neutron_ovs_agent_enabled|bool
- name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" tags: validation
command: systemctl is-active --quiet neutron-openvswitch-agent - when: step|int == 2
when: neutron_ovs_agent_enabled|bool block:
tags: validation - name: Stop and disable neutron_ovs_agent service
- when: step|int == 2 when: neutron_ovs_agent_enabled|bool
block: service: name=neutron-openvswitch-agent state=stopped enabled=no
- name: Stop and disable neutron_ovs_agent service - when: step|int == 3
when: neutron_ovs_agent_enabled|bool block:
service: name=neutron-openvswitch-agent state=stopped enabled=no - name: Set fact for removal of openstack-neutron-openvswitch package
- when: step|int == 3 set_fact:
block: remove_neutron_openvswitch_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Set fact for removal of openstack-neutron-openvswitch package - name: Remove openstack-neutron-openvswitch package if operator requests it
set_fact: package: name=openstack-neutron-openvswitch state=removed
remove_neutron_openvswitch_package: {get_param: UpgradeRemoveUnusedPackages} ignore_errors: True
- name: Remove openstack-neutron-openvswitch package if operator requests it when: remove_neutron_openvswitch_package|bool
package: name=openstack-neutron-openvswitch state=removed
ignore_errors: True
when: remove_neutron_openvswitch_package|bool
update_tasks: update_tasks:
# puppetlabs-firewall manages security rules via Puppet but make the rules # puppetlabs-firewall manages security rules via Puppet but make the rules
# consistent by default. Since Neutron also creates some rules, we don't # consistent by default. Since Neutron also creates some rules, we don't

View File

@ -109,13 +109,6 @@ resources:
RoleName: {get_param: RoleName} RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters} RoleParameters: {get_param: RoleParameters}
Ovs:
type: ./openvswitch.yaml
properties:
ServiceNetMap: {get_param: ServiceNetMap}
DefaultPasswords: {get_param: DefaultPasswords}
EndpointMap: {get_param: EndpointMap}
# Merging role-specific parameters (RoleParameters) with the default parameters. # Merging role-specific parameters (RoleParameters) with the default parameters.
# RoleParameters will have the precedence over the default parameters. # RoleParameters will have the precedence over the default parameters.
RoleParametersValue: RoleParametersValue:
@ -137,7 +130,6 @@ outputs:
description: Role data for the Neutron OVS agent service. description: Role data for the Neutron OVS agent service.
value: value:
service_name: neutron_ovs_agent service_name: neutron_ovs_agent
ovs_upgrade_tasks: {get_attr: [Ovs, role_data, upgrade_tasks]}
monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs}
config_settings: config_settings:
map_merge: map_merge:
@ -181,24 +173,21 @@ outputs:
step_config: | step_config: |
include ::tripleo::profile::base::neutron::ovs include ::tripleo::profile::base::neutron::ovs
upgrade_tasks: upgrade_tasks:
list_concat: - name: Check if neutron_ovs_agent is deployed
- get_attr: [Ovs, role_data, upgrade_tasks] command: systemctl is-enabled neutron-openvswitch-agent
- tags: common
- name: Check if neutron_ovs_agent is deployed ignore_errors: True
command: systemctl is-enabled neutron-openvswitch-agent register: neutron_ovs_agent_enabled
tags: common - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running"
ignore_errors: True shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b'
register: neutron_ovs_agent_enabled when:
- name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" - step|int == 0
shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b' - neutron_ovs_agent_enabled.rc == 0
when: tags: validation
- step|int == 0 - name: Stop neutron_ovs_agent service
- neutron_ovs_agent_enabled.rc == 0 when:
tags: validation - step|int == 1
- name: Stop neutron_ovs_agent service - neutron_ovs_agent_enabled.rc == 0
when: service: name=neutron-openvswitch-agent state=stopped
- step|int == 1
- neutron_ovs_agent_enabled.rc == 0
service: name=neutron-openvswitch-agent state=stopped
metadata_settings: metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings] get_attr: [NeutronBase, role_data, metadata_settings]

View File

@ -123,7 +123,5 @@ outputs:
nova_libvirt: nova_libvirt:
nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, vhostuser_socket_group]} nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, vhostuser_socket_group]}
step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]}
upgrade_tasks:
get_attr: [Ovs, role_data, upgrade_tasks]
metadata_settings: metadata_settings:
get_attr: [NeutronOvsAgent, role_data, metadata_settings] get_attr: [NeutronOvsAgent, role_data, metadata_settings]

View File

@ -227,31 +227,28 @@ outputs:
step_config: | step_config: |
include tripleo::profile::base::neutron::plugins::ovs::opendaylight include tripleo::profile::base::neutron::plugins::ovs::opendaylight
upgrade_tasks: upgrade_tasks:
list_concat: - name: ODL container L2 update and upgrade tasks
- get_attr: [Ovs, role_data, upgrade_tasks] block: &odl_container_upgrade_tasks
- - name: Check if openvswitch is deployed
- name: ODL container L2 update and upgrade tasks command: systemctl is-enabled openvswitch
block: &odl_container_upgrade_tasks tags: common
- name: Check if openvswitch is deployed ignore_errors: True
command: systemctl is-enabled openvswitch register: openvswitch_enabled
tags: common - name: "PreUpgrade step0,validation: Check service openvswitch is running"
ignore_errors: True command: systemctl is-active --quiet openvswitch
register: openvswitch_enabled when:
- name: "PreUpgrade step0,validation: Check service openvswitch is running" - step|int == 0
command: systemctl is-active --quiet openvswitch - openvswitch_enabled.rc == 0
when: tags: validation
- step|int == 0 # Container upgrade steps.
- openvswitch_enabled.rc == 0 - name: Delete OVS groups and ports
tags: validation shell: >
# Container upgrade steps. sudo ovs-ofctl -O Openflow13 del-groups br-int;
- name: Delete OVS groups and ports for tun_port in $(sudo ovs-vsctl list-ports br-int | grep tun);
shell: > do sudo ovs-vsctl del-port br-int $tun_port; done
sudo ovs-ofctl -O Openflow13 del-groups br-int; when:
for tun_port in $(sudo ovs-vsctl list-ports br-int | grep tun); - step|int == 0
do sudo ovs-vsctl del-port br-int $tun_port; done - openvswitch_enabled.rc == 0
when:
- step|int == 0
- openvswitch_enabled.rc == 0
update_tasks: update_tasks:
- name: Get ODL update level - name: Get ODL update level
block: &get_odl_update_level block: &get_odl_update_level

View File

@ -104,51 +104,3 @@ outputs:
OvsDpdkSocketMemory: {get_param: OvsDpdkSocketMemory} OvsDpdkSocketMemory: {get_param: OvsDpdkSocketMemory}
OvsDpdkDriverType: {get_param: OvsDpdkDriverType} OvsDpdkDriverType: {get_param: OvsDpdkDriverType}
OvsPmdCoreList: {get_param: OvsPmdCoreList} OvsPmdCoreList: {get_param: OvsPmdCoreList}
upgrade_tasks:
- name: Check openvswitch version.
when: step|int == 2
register: ovs_version
shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}'
- name: Check for openvswitch upgrade.
when: step|int == 2
register: ovs_need_upgrade
ignore_errors: true
shell: |
yum check-upgrade openvswitch | awk '/openvswitch/{print}'
- name: Check openvswitch packaging.
when: step|int == 2
shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart"
register: ovs_packaging_issue
ignore_errors: true
- block:
- name: "Ensure empty directory: emptying."
file:
state: absent
path: /root/OVS_UPGRADE
- name: "Ensure empty directory: creating."
file:
state: directory
path: /root/OVS_UPGRADE
owner: root
group: root
mode: 0750
- name: Make yum cache.
command: yum makecache
- name: Download OVS packages.
command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch
- name: Get rpm list for manual upgrade of OVS.
shell: ls -1 /root/OVS_UPGRADE/*.rpm
register: ovs_list_of_rpms
- name: Manual upgrade of OVS
shell: |
rpm -U --replacepkgs --notriggerun --nopostun {{item}}
args:
chdir: /root/OVS_UPGRADE
with_items:
- "{{ovs_list_of_rpms.stdout_lines}}"
when:
- step|int == 2
- "'2.5.0-14' in ovs_version.stdout|default('') or
ovs_packaging_issue|default(false)|succeeded"
- ovs_need_upgrade.stdout|default('')

View File

@ -71,6 +71,148 @@ outputs:
when: when:
- step|int == 0 - step|int == 0
- rpm_python_check.changed != false - rpm_python_check.changed != false
# With the layered product packaging, the key package is rhosp-openvswitch. It depends on
# a openvswitch package that includes the version as part of the name (e.g openvswitch2.10).
# This requires some additional special handling:
# - During an upgrade the package name for openvswitch may change so
# upgrading the currently installed package won't do anything.
# - The rhosp-openvswitch package "obsoletes" several packages,
# including older openvswitch packages. This results in a pretty
# severe uninstall/install sequence of operations that stops and
# removes openvswitch which could break network links required to
# continue the upgrade.
# - To prevent rhosp-openvswitch breaking connectivity, the currently
# installed core openvswitch packages need to be erased from the rpm
# database but leave the binaries intact. This effectively
# short-circuits the obsoletes mechanism in rhosp-openvswitch and
# leaves the core elements of openvswitch running. In the future we
# may replace this mechanism with "an upgrade on reboot". We only
# do this for the core openvswitch packages so other packages
# obsoleted by rhosp-openvswitch will be removed when
# rhosp-openvswitch is installed/upgraded.
# - Neither the rhosp-openvswitch nor openvswitch{m.n} package enables
# or starts the systemd service so there must always be a task
# to ensure that it is enabled or OpenvSwitch functionality won't be
# available on reboot.
# - With LP, we expect that the core openvswitch package name will
# change with every major upgrade so this special handling will
# eventually replace the special handling of upgrading the
# openvswitch package "in place"
- name: Block for gathering information for upgrading OpenvSwitch layered product packaging
when: step|int == 2
block:
- name: Process rhosp-openvswitch layered package for new version number
shell: |
set -o pipefail
yum info -q rhosp-openvswitch | awk '/^Version/{print $NF}'
register: rhosp_package_result
ignore_errors: true
- name: Set fact for triggering OpenvSwitch layered product package handling
set_fact:
ovs_lp_packaging: "{{ rhosp_package_result.rc }} == 0"
- name: Capture the expected OpenvSwitch version.
set_fact:
new_ovs_version: "{{ rhosp_package_result.stdout }}"
when: ovs_lp_packaging|default(false)
- name: Get current OpenvSwitch package name
register: ovs_pkg_out
shell:
rpm -qa | awk -F- '/^(openvswitch[0-9]+\.[0-9]+-|openvswitch-2)/{print $1}'
- name: Get version from current OpenvSwitch package
register: ovs_version_out
shell:
rpm -qi "{{ ovs_pkg_out.stdout }}" | awk '/^Version/{print $NF}'
- name: split numeric version for OpenvSwitch into parts
set_fact:
ovs_version_parts: "{{ ovs_version_out.stdout.split('.') }}"
- name: get major minor version for OpenvSwitch package naming
set_fact:
current_ovs_version: "{{ ovs_version_parts[0] }}.{{ ovs_version_parts[1] }}"
- name: get OpenvSwitch major version
set_fact:
current_ovs_major_version: "{{ ovs_version_parts[0]|int }}"
- name: get OpenvSwitch minor version
set_fact:
current_ovs_minor_version: "{{ ovs_version_parts[1]|int }}"
- name: Block for upgrading OpenvSwitch when layer package is present
when:
- step|int == 2
- ovs_lp_packaging|default(false)
block:
- name: set current OpenvSwitch package suffix if old version is layered product format
set_fact:
package_suffix: "{{ current_ovs_version }}"
when:
- current_ovs_major_version|int >= 3 or current_ovs_minor_version|int >=10
- name: remove old OpenvSwitch package(s) if version doesn't match
shell: |
rpm -e --noscripts --nopreun --nopostun --notriggers --nodeps $(rpm -qa 'openvswitch{{ package_suffix|default('') }}*' | grep -v 'selinux')
warn: false
when: "{{ new_ovs_version }} != {{ current_ovs_version }}"
- name: install/upgrade OpenvSwitch LP package
package:
name: rhosp-openvswitch
state: latest
- name: set flag to skip other upgrade steps since OpenvSwitch is already upgraded!
set_fact:
run_ovs_update: false
- name: Check for openvswitch upgrade if not layered package installs
when:
- step|int == 2
- run_ovs_update|default(true)
block:
- name: check if an upgrade is required
register: ovs_need_upgrade
ignore_errors: true
shell: |
yum check-upgrade openvswitch | awk '/openvswitch/{print}'
- name: Check openvswitch packaging.
shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart"
register: ovs_packaging_issue
ignore_errors: true
- name: Upgrade openvswitch
block:
- name: "Ensure empty directory: emptying."
file:
state: absent
path: /root/OVS_UPGRADE
- name: "Ensure empty directory: creating."
file:
state: directory
path: /root/OVS_UPGRADE
owner: root
group: root
mode: 0750
- name: Make yum cache.
command: yum makecache
- name: Download OVS packages.
command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch
- name: Get rpm list for manual upgrade of OVS.
shell: ls -1 /root/OVS_UPGRADE/*.rpm
register: ovs_list_of_rpms
- name: Manual upgrade of OVS
shell: |
rpm -U --replacepkgs --notriggerun --nopostun {{item}}
args:
chdir: /root/OVS_UPGRADE
with_items:
- "{{ovs_list_of_rpms.stdout_lines}}"
when:
- step|int == 2
- run_ovs_update|default(true)
- ovs_packaging_issue|default(false)|succeeded
- ovs_need_upgrade.stdout|default('')
# The openvswitch package disables the systemd service on install. When installing
# the layered product we prevent the service from being killed, but it doesn't
# do anything to prevent the systemd service from being removed and it is not
# re-enabled by default by the new package.
- name: Always ensure the openvswitch service is enabled and running after upgrades
when: step|int == 2
service:
name: openvswitch
enabled: yes
state: started
- name: Check for os-net-config upgrade - name: Check for os-net-config upgrade
shell: "yum check-upgrade | awk '/os-net-config/{print}'" shell: "yum check-upgrade | awk '/os-net-config/{print}'"
register: os_net_config_need_upgrade register: os_net_config_need_upgrade
@ -106,6 +248,13 @@ outputs:
- name: Update all packages - name: Update all packages
package: name=* state=latest package: name=* state=latest
when: step == "3" when: step == "3"
# This is failsafe unless openvswitch package does something to the systemd service state.
- name: Ensure openvswitch is running after update
when: step|int == 3
service:
name: openvswitch
enabled: yes
state: started
fast_forward_upgrade_tasks: fast_forward_upgrade_tasks:
- name: Register repo type and args - name: Register repo type and args
set_fact: set_fact: