diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index c2318ba271..0aab83269b 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -209,37 +209,34 @@ outputs: enabled: yes upgrade_tasks: - list_concat: - - get_attr: [NeutronOvsAgentBase, role_data, ovs_upgrade_tasks] - - - - when: step|int == 0 - tags: common - block: - - name: Check if neutron_ovs_agent is deployed - command: systemctl is-enabled --quiet neutron-openvswitch-agent - ignore_errors: True - register: neutron_ovs_agent_enabled_result - - name: Set fact neutron_ovs_agent_enabled - set_fact: - neutron_ovs_agent_enabled: "{{ neutron_ovs_agent_enabled_result.rc == 0 }}" - - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" - command: systemctl is-active --quiet neutron-openvswitch-agent - when: neutron_ovs_agent_enabled|bool - tags: validation - - when: step|int == 2 - block: - - name: Stop and disable neutron_ovs_agent service - when: neutron_ovs_agent_enabled|bool - service: name=neutron-openvswitch-agent state=stopped enabled=no - - when: step|int == 3 - block: - - name: Set fact for removal of openstack-neutron-openvswitch package - set_fact: - remove_neutron_openvswitch_package: {get_param: UpgradeRemoveUnusedPackages} - - name: Remove openstack-neutron-openvswitch package if operator requests it - package: name=openstack-neutron-openvswitch state=removed - ignore_errors: True - when: remove_neutron_openvswitch_package|bool + - when: step|int == 0 + tags: common + block: + - name: Check if neutron_ovs_agent is deployed + command: systemctl is-enabled --quiet neutron-openvswitch-agent + ignore_errors: True + register: neutron_ovs_agent_enabled_result + - name: Set fact neutron_ovs_agent_enabled + set_fact: + neutron_ovs_agent_enabled: "{{ neutron_ovs_agent_enabled_result.rc == 0 }}" + - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" + command: systemctl is-active --quiet neutron-openvswitch-agent + when: neutron_ovs_agent_enabled|bool + tags: validation + - when: step|int == 2 + block: + - name: Stop and disable neutron_ovs_agent service + when: neutron_ovs_agent_enabled|bool + service: name=neutron-openvswitch-agent state=stopped enabled=no + - when: step|int == 3 + block: + - name: Set fact for removal of openstack-neutron-openvswitch package + set_fact: + remove_neutron_openvswitch_package: {get_param: UpgradeRemoveUnusedPackages} + - name: Remove openstack-neutron-openvswitch package if operator requests it + package: name=openstack-neutron-openvswitch state=removed + ignore_errors: True + when: remove_neutron_openvswitch_package|bool update_tasks: # puppetlabs-firewall manages security rules via Puppet but make the rules # consistent by default. Since Neutron also creates some rules, we don't diff --git a/puppet/services/neutron-ovs-agent.yaml b/puppet/services/neutron-ovs-agent.yaml index 4d648f17e4..be2ba27013 100644 --- a/puppet/services/neutron-ovs-agent.yaml +++ b/puppet/services/neutron-ovs-agent.yaml @@ -109,13 +109,6 @@ resources: RoleName: {get_param: RoleName} RoleParameters: {get_param: RoleParameters} - Ovs: - type: ./openvswitch.yaml - properties: - ServiceNetMap: {get_param: ServiceNetMap} - DefaultPasswords: {get_param: DefaultPasswords} - EndpointMap: {get_param: EndpointMap} - # Merging role-specific parameters (RoleParameters) with the default parameters. # RoleParameters will have the precedence over the default parameters. RoleParametersValue: @@ -137,7 +130,6 @@ outputs: description: Role data for the Neutron OVS agent service. value: service_name: neutron_ovs_agent - ovs_upgrade_tasks: {get_attr: [Ovs, role_data, upgrade_tasks]} monitoring_subscription: {get_param: MonitoringSubscriptionNeutronOvs} config_settings: map_merge: @@ -181,24 +173,21 @@ outputs: step_config: | include ::tripleo::profile::base::neutron::ovs upgrade_tasks: - list_concat: - - get_attr: [Ovs, role_data, upgrade_tasks] - - - - name: Check if neutron_ovs_agent is deployed - command: systemctl is-enabled neutron-openvswitch-agent - tags: common - ignore_errors: True - register: neutron_ovs_agent_enabled - - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" - shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b' - when: - - step|int == 0 - - neutron_ovs_agent_enabled.rc == 0 - tags: validation - - name: Stop neutron_ovs_agent service - when: - - step|int == 1 - - neutron_ovs_agent_enabled.rc == 0 - service: name=neutron-openvswitch-agent state=stopped + - name: Check if neutron_ovs_agent is deployed + command: systemctl is-enabled neutron-openvswitch-agent + tags: common + ignore_errors: True + register: neutron_ovs_agent_enabled + - name: "PreUpgrade step0,validation: Check service neutron-openvswitch-agent is running" + shell: /usr/bin/systemctl show 'neutron-openvswitch-agent' --property ActiveState | grep '\bactive\b' + when: + - step|int == 0 + - neutron_ovs_agent_enabled.rc == 0 + tags: validation + - name: Stop neutron_ovs_agent service + when: + - step|int == 1 + - neutron_ovs_agent_enabled.rc == 0 + service: name=neutron-openvswitch-agent state=stopped metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/puppet/services/neutron-ovs-dpdk-agent.yaml b/puppet/services/neutron-ovs-dpdk-agent.yaml index 30777f42cd..b42c7f25eb 100644 --- a/puppet/services/neutron-ovs-dpdk-agent.yaml +++ b/puppet/services/neutron-ovs-dpdk-agent.yaml @@ -123,7 +123,5 @@ outputs: nova_libvirt: nova::compute::libvirt::qemu::group: {get_attr: [RoleParametersValue, value, vhostuser_socket_group]} step_config: {get_attr: [NeutronOvsAgent, role_data, step_config]} - upgrade_tasks: - get_attr: [Ovs, role_data, upgrade_tasks] metadata_settings: get_attr: [NeutronOvsAgent, role_data, metadata_settings] diff --git a/puppet/services/opendaylight-ovs.yaml b/puppet/services/opendaylight-ovs.yaml index f8feb8df72..bbfb7c1b93 100644 --- a/puppet/services/opendaylight-ovs.yaml +++ b/puppet/services/opendaylight-ovs.yaml @@ -227,31 +227,28 @@ outputs: step_config: | include tripleo::profile::base::neutron::plugins::ovs::opendaylight upgrade_tasks: - list_concat: - - get_attr: [Ovs, role_data, upgrade_tasks] - - - - name: ODL container L2 update and upgrade tasks - block: &odl_container_upgrade_tasks - - name: Check if openvswitch is deployed - command: systemctl is-enabled openvswitch - tags: common - ignore_errors: True - register: openvswitch_enabled - - name: "PreUpgrade step0,validation: Check service openvswitch is running" - command: systemctl is-active --quiet openvswitch - when: - - step|int == 0 - - openvswitch_enabled.rc == 0 - tags: validation - # Container upgrade steps. - - name: Delete OVS groups and ports - shell: > - sudo ovs-ofctl -O Openflow13 del-groups br-int; - for tun_port in $(sudo ovs-vsctl list-ports br-int | grep tun); - do sudo ovs-vsctl del-port br-int $tun_port; done - when: - - step|int == 0 - - openvswitch_enabled.rc == 0 + - name: ODL container L2 update and upgrade tasks + block: &odl_container_upgrade_tasks + - name: Check if openvswitch is deployed + command: systemctl is-enabled openvswitch + tags: common + ignore_errors: True + register: openvswitch_enabled + - name: "PreUpgrade step0,validation: Check service openvswitch is running" + command: systemctl is-active --quiet openvswitch + when: + - step|int == 0 + - openvswitch_enabled.rc == 0 + tags: validation + # Container upgrade steps. + - name: Delete OVS groups and ports + shell: > + sudo ovs-ofctl -O Openflow13 del-groups br-int; + for tun_port in $(sudo ovs-vsctl list-ports br-int | grep tun); + do sudo ovs-vsctl del-port br-int $tun_port; done + when: + - step|int == 0 + - openvswitch_enabled.rc == 0 update_tasks: - name: Get ODL update level block: &get_odl_update_level diff --git a/puppet/services/openvswitch.yaml b/puppet/services/openvswitch.yaml index 7a0efa4a9d..b059838a67 100644 --- a/puppet/services/openvswitch.yaml +++ b/puppet/services/openvswitch.yaml @@ -104,51 +104,3 @@ outputs: OvsDpdkSocketMemory: {get_param: OvsDpdkSocketMemory} OvsDpdkDriverType: {get_param: OvsDpdkDriverType} OvsPmdCoreList: {get_param: OvsPmdCoreList} - - upgrade_tasks: - - name: Check openvswitch version. - when: step|int == 2 - register: ovs_version - shell: rpm -qa | awk -F- '/^openvswitch-2/{print $2 "-" $3}' - - name: Check for openvswitch upgrade. - when: step|int == 2 - register: ovs_need_upgrade - ignore_errors: true - shell: | - yum check-upgrade openvswitch | awk '/openvswitch/{print}' - - name: Check openvswitch packaging. - when: step|int == 2 - shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" - register: ovs_packaging_issue - ignore_errors: true - - block: - - name: "Ensure empty directory: emptying." - file: - state: absent - path: /root/OVS_UPGRADE - - name: "Ensure empty directory: creating." - file: - state: directory - path: /root/OVS_UPGRADE - owner: root - group: root - mode: 0750 - - name: Make yum cache. - command: yum makecache - - name: Download OVS packages. - command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch - - name: Get rpm list for manual upgrade of OVS. - shell: ls -1 /root/OVS_UPGRADE/*.rpm - register: ovs_list_of_rpms - - name: Manual upgrade of OVS - shell: | - rpm -U --replacepkgs --notriggerun --nopostun {{item}} - args: - chdir: /root/OVS_UPGRADE - with_items: - - "{{ovs_list_of_rpms.stdout_lines}}" - when: - - step|int == 2 - - "'2.5.0-14' in ovs_version.stdout|default('') or - ovs_packaging_issue|default(false)|succeeded" - - ovs_need_upgrade.stdout|default('') diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index a4ee6b4e05..e5fa469e56 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -71,6 +71,148 @@ outputs: when: - step|int == 0 - rpm_python_check.changed != false + # With the layered product packaging, the key package is rhosp-openvswitch. It depends on + # a openvswitch package that includes the version as part of the name (e.g openvswitch2.10). + # This requires some additional special handling: + # - During an upgrade the package name for openvswitch may change so + # upgrading the currently installed package won't do anything. + # - The rhosp-openvswitch package "obsoletes" several packages, + # including older openvswitch packages. This results in a pretty + # severe uninstall/install sequence of operations that stops and + # removes openvswitch which could break network links required to + # continue the upgrade. + # - To prevent rhosp-openvswitch breaking connectivity, the currently + # installed core openvswitch packages need to be erased from the rpm + # database but leave the binaries intact. This effectively + # short-circuits the obsoletes mechanism in rhosp-openvswitch and + # leaves the core elements of openvswitch running. In the future we + # may replace this mechanism with "an upgrade on reboot". We only + # do this for the core openvswitch packages so other packages + # obsoleted by rhosp-openvswitch will be removed when + # rhosp-openvswitch is installed/upgraded. + # - Neither the rhosp-openvswitch nor openvswitch{m.n} package enables + # or starts the systemd service so there must always be a task + # to ensure that it is enabled or OpenvSwitch functionality won't be + # available on reboot. + # - With LP, we expect that the core openvswitch package name will + # change with every major upgrade so this special handling will + # eventually replace the special handling of upgrading the + # openvswitch package "in place" + - name: Block for gathering information for upgrading OpenvSwitch layered product packaging + when: step|int == 2 + block: + - name: Process rhosp-openvswitch layered package for new version number + shell: | + set -o pipefail + yum info -q rhosp-openvswitch | awk '/^Version/{print $NF}' + register: rhosp_package_result + ignore_errors: true + - name: Set fact for triggering OpenvSwitch layered product package handling + set_fact: + ovs_lp_packaging: "{{ rhosp_package_result.rc }} == 0" + - name: Capture the expected OpenvSwitch version. + set_fact: + new_ovs_version: "{{ rhosp_package_result.stdout }}" + when: ovs_lp_packaging|default(false) + + - name: Get current OpenvSwitch package name + register: ovs_pkg_out + shell: + rpm -qa | awk -F- '/^(openvswitch[0-9]+\.[0-9]+-|openvswitch-2)/{print $1}' + - name: Get version from current OpenvSwitch package + register: ovs_version_out + shell: + rpm -qi "{{ ovs_pkg_out.stdout }}" | awk '/^Version/{print $NF}' + - name: split numeric version for OpenvSwitch into parts + set_fact: + ovs_version_parts: "{{ ovs_version_out.stdout.split('.') }}" + - name: get major minor version for OpenvSwitch package naming + set_fact: + current_ovs_version: "{{ ovs_version_parts[0] }}.{{ ovs_version_parts[1] }}" + - name: get OpenvSwitch major version + set_fact: + current_ovs_major_version: "{{ ovs_version_parts[0]|int }}" + - name: get OpenvSwitch minor version + set_fact: + current_ovs_minor_version: "{{ ovs_version_parts[1]|int }}" + - name: Block for upgrading OpenvSwitch when layer package is present + when: + - step|int == 2 + - ovs_lp_packaging|default(false) + block: + - name: set current OpenvSwitch package suffix if old version is layered product format + set_fact: + package_suffix: "{{ current_ovs_version }}" + when: + - current_ovs_major_version|int >= 3 or current_ovs_minor_version|int >=10 + - name: remove old OpenvSwitch package(s) if version doesn't match + shell: | + rpm -e --noscripts --nopreun --nopostun --notriggers --nodeps $(rpm -qa 'openvswitch{{ package_suffix|default('') }}*' | grep -v 'selinux') + warn: false + when: "{{ new_ovs_version }} != {{ current_ovs_version }}" + - name: install/upgrade OpenvSwitch LP package + package: + name: rhosp-openvswitch + state: latest + - name: set flag to skip other upgrade steps since OpenvSwitch is already upgraded! + set_fact: + run_ovs_update: false + - name: Check for openvswitch upgrade if not layered package installs + when: + - step|int == 2 + - run_ovs_update|default(true) + block: + - name: check if an upgrade is required + register: ovs_need_upgrade + ignore_errors: true + shell: | + yum check-upgrade openvswitch | awk '/openvswitch/{print}' + - name: Check openvswitch packaging. + shell: rpm -q --scripts openvswitch | awk '/postuninstall/,/*/' | grep -q "systemctl.*try-restart" + register: ovs_packaging_issue + ignore_errors: true + - name: Upgrade openvswitch + block: + - name: "Ensure empty directory: emptying." + file: + state: absent + path: /root/OVS_UPGRADE + - name: "Ensure empty directory: creating." + file: + state: directory + path: /root/OVS_UPGRADE + owner: root + group: root + mode: 0750 + - name: Make yum cache. + command: yum makecache + - name: Download OVS packages. + command: yumdownloader --destdir /root/OVS_UPGRADE --resolve openvswitch + - name: Get rpm list for manual upgrade of OVS. + shell: ls -1 /root/OVS_UPGRADE/*.rpm + register: ovs_list_of_rpms + - name: Manual upgrade of OVS + shell: | + rpm -U --replacepkgs --notriggerun --nopostun {{item}} + args: + chdir: /root/OVS_UPGRADE + with_items: + - "{{ovs_list_of_rpms.stdout_lines}}" + when: + - step|int == 2 + - run_ovs_update|default(true) + - ovs_packaging_issue|default(false)|succeeded + - ovs_need_upgrade.stdout|default('') + # The openvswitch package disables the systemd service on install. When installing + # the layered product we prevent the service from being killed, but it doesn't + # do anything to prevent the systemd service from being removed and it is not + # re-enabled by default by the new package. + - name: Always ensure the openvswitch service is enabled and running after upgrades + when: step|int == 2 + service: + name: openvswitch + enabled: yes + state: started - name: Check for os-net-config upgrade shell: "yum check-upgrade | awk '/os-net-config/{print}'" register: os_net_config_need_upgrade @@ -106,6 +248,13 @@ outputs: - name: Update all packages package: name=* state=latest when: step == "3" + # This is failsafe unless openvswitch package does something to the systemd service state. + - name: Ensure openvswitch is running after update + when: step|int == 3 + service: + name: openvswitch + enabled: yes + state: started fast_forward_upgrade_tasks: - name: Register repo type and args set_fact: