Add hook to run RHOSP policies enforcement.

This add an import of the tripleo_redhat_enforce role[1] at the
beginning of undercloud upgrade tasks (which are used for update and
upgrade) and overcloud update.

The code upstream won't do anything even with SkipRhelEnforcement set
to 'false' as the role itself only activate the checks for RedHat
distribution. This variable is only there to support use case where we
deploy on Red Hat and for /some/ reason, the checks shouldn't
enabled (mainly CI).

[1] in tripleo-ansible

Note about the backport, the role naming change has changed from
master, where naming is using "_" as separator while train is using
"-".

Depends-On: https://review.opendev.org/721692
Change-Id: I076bebf6bbd5f45d5ecb372a3b83e8cc279946b8
(cherry picked from commit 67729aa0a5)
This commit is contained in:
Sofer Athlan-Guyot 2020-04-15 13:33:50 +02:00 committed by Jesse Pretorius (odyssey4me)
parent 908280a058
commit 45760e089d
2 changed files with 30 additions and 1 deletions

View File

@ -94,7 +94,12 @@ parameters:
default: 'false'
description: Set to true to skip the update all packages
type: boolean
SkipRhelEnforcement:
default: "false"
description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat.
Mainly for CI purpose. It shouldn't matter on other distributions
where it's disabled in the role. Set to true to skip the enforcement.
type: string
outputs:
role_data:
@ -442,6 +447,15 @@ outputs:
name: tripleo-transfer
tasks_from: cleanup.yml
update_tasks:
- name: Enforce RHOSP rules regarding subscription.
include_role:
name: tripleo-redhat-enforce
vars:
skip_rhel_enforcement: {get_param: SkipRhelEnforcement}
when:
- step|int == 0
- ansible_distribution == 'RedHat'
- not (skip_rhel_enforcement | bool)
- name: Check for existing yum.pid
stat: path=/var/run/yum.pid
register: yum_pid_file

View File

@ -30,6 +30,12 @@ parameters:
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SkipRhelEnforcement:
default: 'false'
description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat.
Mainly for CI purpose. It shouldn't matter on other distributions
where it's disabled in the role. Set to true to skip the enforcement.
type: string
outputs:
role_data:
@ -45,6 +51,15 @@ outputs:
step_config: ''
config_image: ''
upgrade_tasks:
- name: Enforce RHOSP rules regarding subscription.
include_role:
name: tripleo-redhat-enforce
vars:
skip_rhel_enforcement: {get_param: SkipRhelEnforcement}
when:
- step|int == 0
- ansible_distribution == 'RedHat'
- not (skip_rhel_enforcement | bool)
# With the layered product packaging, the key package is rhosp-openvswitch. It depends on
# a openvswitch package that includes the version as part of the name (e.g openvswitch2.10).
# This requires some additional special handling: