From 67729aa0a5b0c75aadfb9e687e9178accf93e657 Mon Sep 17 00:00:00 2001 From: Sofer Athlan-Guyot Date: Wed, 15 Apr 2020 13:33:50 +0200 Subject: [PATCH] Add hook to run RHOSP policies enforcement. This add an import of the tripleo_redhat_enforce role[1] at the beginning of undercloud upgrade tasks (which are used for update and upgrade) and overcloud update. The code upstream won't do anything even with SkipRhelEnforcement set to 'false' as the role itself only activate the checks for RedHat distribution. This variable is only there to support use case where we deploy on Red Hat and for /some/ reason, the checks shouldn't enabled (mainly CI). [1] in tripleo-ansible Depends-On: https://review.opendev.org/721292 Change-Id: I076bebf6bbd5f45d5ecb372a3b83e8cc279946b8 --- .../tripleo-packages-baremetal-puppet.yaml | 16 +++++++++++++++- deployment/undercloud/undercloud-upgrade.yaml | 15 +++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml b/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml index 8c896c6664..efeac0017e 100644 --- a/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml +++ b/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml @@ -87,7 +87,12 @@ parameters: default: 'false' description: Set to true to skip the update all packages type: boolean - + SkipRhelEnforcement: + default: "false" + description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat. + Mainly for CI purpose. It shouldn't matter on other distributions + where it's disabled in the role. Set to true to skip the enforcement. + type: string outputs: role_data: @@ -399,6 +404,15 @@ outputs: name: tripleo_transfer tasks_from: cleanup.yml update_tasks: + - name: Enforce RHOSP rules regarding subscription. + include_role: + name: tripleo_redhat_enforce + vars: + skip_rhel_enforcement: {get_param: SkipRhelEnforcement} + when: + - step|int == 0 + - ansible_distribution == 'RedHat' + - not (skip_rhel_enforcement | bool) - name: Check for existing yum.pid stat: path=/var/run/yum.pid register: yum_pid_file diff --git a/deployment/undercloud/undercloud-upgrade.yaml b/deployment/undercloud/undercloud-upgrade.yaml index 3813695dfd..ef2aa8ab0f 100644 --- a/deployment/undercloud/undercloud-upgrade.yaml +++ b/deployment/undercloud/undercloud-upgrade.yaml @@ -30,6 +30,12 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + SkipRhelEnforcement: + default: 'false' + description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat. + Mainly for CI purpose. It shouldn't matter on other distributions + where it's disabled in the role. Set to true to skip the enforcement. + type: string outputs: role_data: @@ -45,6 +51,15 @@ outputs: step_config: '' config_image: '' upgrade_tasks: + - name: Enforce RHOSP rules regarding subscription. + include_role: + name: tripleo_redhat_enforce + vars: + skip_rhel_enforcement: {get_param: SkipRhelEnforcement} + when: + - step|int == 0 + - ansible_distribution == 'RedHat' + - not (skip_rhel_enforcement | bool) # With the layered product packaging, the key package is rhosp-openvswitch. It depends on # a openvswitch package that includes the version as part of the name (e.g openvswitch2.10). # This requires some additional special handling: