From 866cc9bcba76631ded9acd30fd8ed897b40ead6d Mon Sep 17 00:00:00 2001 From: Brent Eagles Date: Thu, 10 Sep 2020 10:37:57 -0230 Subject: [PATCH] Create post-deploy.conf on update/upgrade for octavia Containers are restarted with new command lines during upgrade/updates before the external_deploy_task are run that create a configuration file that is used on the command line. This results in octavia services failing to start. Note: this was originally merged as: https://review.opendev.org/#/c/750986/ but the OctaviaBase references in templates was incorrect so the original patch was reverted through: https://review.opendev.org/#/c/763561/ As the original patch had not been backported, it makes more sense to revert and get a correct fix in place and backport that instead of requiring backporting a series or backporting a squashed commit. Conflicts: deployment/octavia/octavia-api-container-puppet.yaml Change-Id: Ib3476e53f89b50bae72b9c95a5d3dec51ed3de7e Related-Bug: #1863595 (cherry picked from commit 6c11a949fc0b940ebc3815aeb86156bd60df5851) --- .../octavia/octavia-api-container-puppet.yaml | 93 +++++++++++-------- deployment/octavia/octavia-base.yaml | 17 ++++ ...tavia-health-manager-container-puppet.yaml | 3 +- ...octavia-housekeeping-container-puppet.yaml | 3 +- .../octavia-worker-container-puppet.yaml | 3 +- 5 files changed, 77 insertions(+), 42 deletions(-) diff --git a/deployment/octavia/octavia-api-container-puppet.yaml b/deployment/octavia/octavia-api-container-puppet.yaml index c4ea12be71..b66f89028d 100644 --- a/deployment/octavia/octavia-api-container-puppet.yaml +++ b/deployment/octavia/octavia-api-container-puppet.yaml @@ -404,49 +404,64 @@ outputs: content: | d /var/run/octavia 0755 root root - - update_tasks: - - name: Set internal tls variable - set_fact: - internal_tls_enabled: {get_param: EnableInternalTLS} - - name: remove TLS proxy if configured and running - when: - - step|int == 2 - - internal_tls_enabled|bool - block: &remove_octavia_tls_proxy_tasks - - name: stop and remove octavia_api_tls_proxy container if docker - docker: - name: octavia_api_tls_proxy - state: absent - when: container_cli == 'docker' - - name: "check if tripleo_octavia_api_tls_proxy service exists in systemd" - stat: - path: "/etc/systemd/system/tripleo_octavia_api_tls_proxy.service" - register: systemd_exists - - name: Remove tripleo_octavia_api_tls_proxy service - when: - - container_cli == 'podman' - - systemd_exists.stat.exists - block: - - name: stop and disable octavia_api_tls_proxy container - systemd: - name: tripleo_octavia_api_tls_proxy - state: stopped - enabled: no - - name: clean up tripleo service file for octavia_api_tls_proxy + list_concat: + - {get_attr: [OctaviaBase, role_data, update_tasks]} + - - name: octavia_api_tmpfile_cleanup + when: step|int == 1 + block: &octavia_api_tmpfile_cleanup + - name: octavia_api_tmpfile_cleanup file: + path: /etc/tmpfiles.d/var-run-octavia.conf state: absent + - name: Set internal tls variable + set_fact: + internal_tls_enabled: {get_param: EnableInternalTLS} + - name: remove TLS proxy if configured and running + when: + - step|int == 2 + - internal_tls_enabled|bool + block: &remove_octavia_tls_proxy_tasks + - name: stop and remove octavia_api_tls_proxy container if docker + docker: + name: octavia_api_tls_proxy + state: absent + when: container_cli == 'docker' + - name: "check if tripleo_octavia_api_tls_proxy service exists in systemd" + stat: path: "/etc/systemd/system/tripleo_octavia_api_tls_proxy.service" - - name: reload systemd - systemd: - daemon-reload: yes + register: systemd_exists + - name: Remove tripleo_octavia_api_tls_proxy service + when: + - container_cli == 'podman' + - systemd_exists.stat.exists + block: + - name: stop and disable octavia_api_tls_proxy container + systemd: + name: tripleo_octavia_api_tls_proxy + state: stopped + enabled: no + - name: clean up tripleo service file for octavia_api_tls_proxy + file: + state: absent + path: "/etc/systemd/system/tripleo_octavia_api_tls_proxy.service" + - name: reload systemd + systemd: + daemon-reload: yes + upgrade_tasks: - - name: Set internal tls variable - set_fact: - internal_tls_enabled: {get_param: EnableInternalTLS} - - name: remove TLS proxy if configured and running - when: - - step|int == 2 - - internal_tls_enabled|bool - block: *remove_octavia_tls_proxy_tasks + list_concat: + - {get_attr: [OctaviaBase, role_data, upgrade_tasks]} + - - name: octavia_api_tmpfile_cleanup + when: step|int == 1 + block: *octavia_api_tmpfile_cleanup + - name: Set internal tls variable + set_fact: + internal_tls_enabled: {get_param: EnableInternalTLS} + - name: remove TLS proxy if configured and running + when: + - step|int == 2 + - internal_tls_enabled|bool + block: *remove_octavia_tls_proxy_tasks external_upgrade_tasks: - when: - step|int == 1 diff --git a/deployment/octavia/octavia-base.yaml b/deployment/octavia/octavia-base.yaml index 7513decdcb..c8788680c7 100644 --- a/deployment/octavia/octavia-base.yaml +++ b/deployment/octavia/octavia-base.yaml @@ -308,3 +308,20 @@ outputs: - octavia_client_cert_unset - {} - octavia::certificates::client_cert_data: {get_param: OctaviaClientCert} + update_tasks: &ensure_start_up_files + - name: make sure that post-deploy.conf exists before restarting containers on update or upgrade + when: step|int == 5 + block: + - name: check for octavia post-deploy.conf file + stat: + path: /var/lib/config-data/puppet-generated/octavia/etc/octavia/post-deploy.conf + register: octavia_post_deploy_stat + - name: create an empty post-deploy.conf file if it does not exist + file: + path: /var/lib/config-data/puppet-generated/octavia/etc/octavia/post-deploy.conf + state: touch + setype: container_file_t + mode: '0755' + when: + - octavia_post_deploy_stat.exists is defined and not octavia_post_deploy_stat.exists + upgrade_tasks: *ensure_start_up_files diff --git a/deployment/octavia/octavia-health-manager-container-puppet.yaml b/deployment/octavia/octavia-health-manager-container-puppet.yaml index 72bfdba244..b399b7878c 100644 --- a/deployment/octavia/octavia-health-manager-container-puppet.yaml +++ b/deployment/octavia/octavia-health-manager-container-puppet.yaml @@ -195,7 +195,8 @@ outputs: environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS - {} - + update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]} + upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]} host_prep_tasks: - name: create persistent directories file: diff --git a/deployment/octavia/octavia-housekeeping-container-puppet.yaml b/deployment/octavia/octavia-housekeeping-container-puppet.yaml index 07f8abf156..7dc53f2f8b 100644 --- a/deployment/octavia/octavia-housekeeping-container-puppet.yaml +++ b/deployment/octavia/octavia-housekeeping-container-puppet.yaml @@ -147,6 +147,8 @@ outputs: - /var/log/containers/octavia:/var/log/octavia:z environment: KOLLA_CONFIG_STRATEGY: COPY_ALWAYS + update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]} + upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]} host_prep_tasks: - name: create persistent directories file: @@ -156,7 +158,6 @@ outputs: mode: "{{ item.mode }}" with_items: - { 'path': /var/log/containers/octavia, 'setype': container_file_t, 'mode': '0750' } - upgrade_tasks: [] external_upgrade_tasks: - when: - step|int == 1 diff --git a/deployment/octavia/octavia-worker-container-puppet.yaml b/deployment/octavia/octavia-worker-container-puppet.yaml index 09aa61e202..3bd5426434 100644 --- a/deployment/octavia/octavia-worker-container-puppet.yaml +++ b/deployment/octavia/octavia-worker-container-puppet.yaml @@ -167,7 +167,8 @@ outputs: name: virt_sandbox_use_netlink persistent: yes state: yes - upgrade_tasks: [] + update_tasks: {get_attr: [OctaviaBase, role_data, update_tasks]} + upgrade_tasks: {get_attr: [OctaviaBase, role_data, upgrade_tasks]} external_upgrade_tasks: - when: - step|int == 1