openstack/tripleo-heat-templates
Code Issues Proposed changes
0ba612d07d
tripleo-heat-templates/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml

420 lines
16 KiB
YAML
Raw Blame History

heat_template_version: wallaby
description: >
TripleO Package installation settings
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnablePackageInstall:
default: true
description: Set to true to enable package installation at deploy time
type: boolean
UpgradeLeappEnabled:
description: Use Leapp for operating system upgrade
type: boolean
default: false
UpgradeLeappDebug:
description: Print debugging output when running Leapp
type: boolean
default: true
UpgradeLeappDevelSkip:
description: |
Skip Leapp checks by setting env variables when running Leapp in
development/testing. For example, LEAPP_NO_RHSM=1.
type: string
default: ''
tags:
- role_specific
UpgradeLeappCommandOptions:
description: |
In case or using UpgradeLeappDevelSkip with LEAPP_NO_RHSM=1 user
can specify --enablerepo <repo1> --enablerepo <repo2> options for
leapp to use these repositories for the upgrade process.
type: string
default: ''
tags:
- role_specific
UpgradeLeappRebootTimeout:
description: Timeout (seconds) for the OS upgrade phase via Leapp
type: number
default: 3600
UpgradeLeappPostRebootDelay:
description: |
Maximum (seconds) to wait for machine to reboot and respond to a test
command.
type: number
default: 120
UpgradeLeappToRemove:
default: []
description: List of packages to remove during Leapp upgrade.
type: comma_delimited_list
tags:
- role_specific
UpgradeLeappToInstall:
default: []
description: List of packages to install after Leapp upgrade.
type: comma_delimited_list
tags:
- role_specific
UpgradeInitCommand:
type: string
description: |
Command or script snippet to run on all overcloud nodes to
initialize the upgrade process. E.g. a repository switch.
default: ''
tags:
- role_specific
UpgradeInitCommonCommand:
type: string
description: |
Common commands required by the upgrades process. This should not
normally be modified by the operator and is set and unset in the
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
SkipPackageUpdate:
default: false
description: Set to true to skip the update all packages
type: boolean
SkipRhelEnforcement:
default: false
description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat.
Mainly for CI purpose. It shouldn't matter on other distributions
where it's disabled in the role. Set to true to skip the enforcement.
type: boolean
DnfStreams:
default: []
description: List of streams to be configured before updating packages. Each list
element contains a dictionary with the following values defined
module[mandatory], stream[mandatory], distribution_version[mandatory] and profile[optional].
If the profile is not specified 'common' will be used instead.
type: json
tags:
- role_specific
BaseTripleoPackages:
default: []
description: List of packages to install.
type: comma_delimited_list
tags:
- role_specific
resources:
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- dnf_module_list: DnfStreams
upgrade_leapp_devel_skip: UpgradeLeappDevelSkip
upgrade_leapp_command_options: UpgradeLeappCommandOptions
upgrade_leapp_to_remove: UpgradeLeappToRemove
upgrade_leapp_to_install: UpgradeLeappToInstall
upgrade_init_command: UpgradeInitCommand
base_tripleo_packages: BaseTripleoPackages
- values: {get_param: [RoleParameters]}
- values:
DnfStreams: {get_param: DnfStreams}
UpgradeLeappDevelSkip: {get_param: UpgradeLeappDevelSkip}
UpgradeLeappCommandOptions: {get_param: UpgradeLeappCommandOptions}
UpgradeLeappToRemove: {get_param: UpgradeLeappToRemove}
UpgradeLeappToInstall: {get_param: UpgradeLeappToInstall}
UpgradeInitCommand: {get_param: UpgradeInitCommand}
BaseTripleoPackages: {get_param: BaseTripleoPackages}
outputs:
role_data:
description: Role data for the TripleO package settings
value:
service_name: tripleo_packages
config_settings:
tripleo::packages::enable_install: {get_param: EnablePackageInstall}
step_config: |
include tripleo::packages
upgrade_tasks:
- name: Gather missing facts
setup:
gather_subset:
- '!all'
- '!min'
- 'distribution'
when: >-
ansible_facts['distribution'] is not defined or
ansible_facts['distribution_major_version'] is not defined
tags:
- always
- name: Set leapp facts
set_fact:
upgrade_leapp_enabled: >-
{{ _upgradeLeappEnabled | bool and
ansible_facts['distribution'] == 'RedHat' and
ansible_facts['distribution_major_version'] is version('7', '==') }}
upgrade_leapp_debug: {get_param: UpgradeLeappDebug}
upgrade_leapp_devel_skip: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_devel_skip']}
upgrade_leapp_command_options: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_command_options']}
upgrade_leapp_reboot_timeout: {get_param: UpgradeLeappRebootTimeout}
upgrade_leapp_post_reboot_delay: {get_param: UpgradeLeappPostRebootDelay}
vars:
_upgradeLeappEnabled: {get_param: UpgradeLeappEnabled}
tags:
- always
- name: system_upgrade_prepare step 3
tags:
- never
- system_upgrade
- system_upgrade_prepare
when:
- step|int == 3
- upgrade_leapp_enabled
block:
- name: remove all OpenStack packages
shell: |
yum -y remove *el7ost* \
mariadb-server* -- \
-*openvswitch* \
-python2-babel \
-python2-dateutil \
-python2-ipaddress \
-python2-jinja2 \
-python2-markupsafe \
-python2-six
- name: install leapp
package:
name: leapp
state: latest
- name: "add packages into Leapp's to_remove file"
vars:
pkg_to_remove: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_to_remove']}
lineinfile:
path: "/etc/leapp/transaction/to_remove"
line: "{{ item }}"
loop: "{{ pkg_to_remove }}"
- name: "add packages into Leapp's to_install file"
vars:
pkg_to_install: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_to_install']}
lineinfile:
path: "/etc/leapp/transaction/to_install"
line: "{{ item }}"
loop: "{{ pkg_to_install }}"
- name: "check sshd_config file"
stat:
path: "/etc/ssh/sshd_config"
register: sshd_config_result
- name: "add PermitRootLogin option for leapp"
lineinfile:
path: "/etc/ssh/sshd_config"
regexp: "^(# *)?PermitRootLogin"
line: "PermitRootLogin without-password"
- name: system_upgrade_prepare step 4
tags:
- never
- system_upgrade
- system_upgrade_prepare
when: step|int == 4
block:
- name: run leapp upgrade (download packages)
shell: >
{% if upgrade_leapp_devel_skip|default(false) %}{{ upgrade_leapp_devel_skip }}{% endif %}
leapp upgrade
{% if upgrade_leapp_debug|default(true) %}--debug{% endif %}
{% if upgrade_leapp_command_options|default(false) %}{{ upgrade_leapp_command_options }}{% endif %}
when: upgrade_leapp_enabled
- name: system_upgrade_run step 4
tags:
- never
- system_upgrade
- system_upgrade_run
# In case someone needs to re-run system_upgrade_run post-tasks
# but doesn't want to reboot, they can run with
# `--skip-tags system_upgrade_reboot`.
- system_upgrade_reboot
when:
- step|int == 4
- upgrade_leapp_enabled
block:
- name: reboot to perform the upgrade
reboot:
reboot_timeout: "{{upgrade_leapp_reboot_timeout}}"
# TODO(holser): ansible 2.10 and higher provides boot_time_command to detect boot_id before and after reboot.
test_command: >-
source /etc/os-release; [ "${VERSION_ID%.*}" -ge "8" ] && systemctl is-system-running | grep -qE "running|degraded" || exit 1
post_reboot_delay: "{{ upgrade_leapp_post_reboot_delay }}"
- name: Package and repo update tasks
when: step|int == 0
block:
- name: Run UpgradeInitCommand
shell:
list_join:
- ''
- - "#!/bin/bash\n\n"
- "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- {get_attr: [RoleParametersValue, value, 'upgrade_init_command']}
- name: Run UpgradeInitCommonCommand
shell:
list_join:
- ''
- - "#!/bin/bash\n\n"
- {get_param: UpgradeInitCommonCommand}
- name: Ensure DNF modules have the right stream
vars:
dnf_module_list: {get_attr: [RoleParametersValue, value, 'dnf_module_list']}
dnf:
name: "@{{ item.module }}:{{ item.stream }}/{{ item.profile|default('common') }}"
state: present
loop: "{{ dnf_module_list|list }}"
when:
- dnf_module_list|length > 0
- item.distribution_version is defined
- ansible_facts['distribution_major_version'] is version(item.distribution_version, '==')
- name: Ensure TripleO prerequisite packages are installed
package:
name:
- jq
- lvm2
- openstack-selinux
- os-net-config
- puppet-tripleo
- python3-heat-agent*
- rsync
state: present
when: ansible_facts['distribution_major_version'] is version('8', '==')
- name: Ensure TripleO prerequisite packages are installed and use role based heat variable to provide specific list of packages
vars:
base_tripleo_packages: {get_attr: [RoleParametersValue, value, 'base_tripleo_packages']}
package:
name:
"{{ base_tripleo_packages }}"
state: present
when:
- ansible_facts['distribution_major_version'] is version('8', '==')
- base_tripleo_packages|length > 0
- name: check if libvirt is installed
when: step|int == 0
command: /usr/bin/rpm -q libvirt-daemon
failed_when: false
register: libvirt_installed
check_mode: false
- name: make sure libvirt services are disabled and masked
service:
name: "{{ item }}"
state: stopped
enabled: false
masked: true
daemon_reload: true
loop:
- libvirtd.service
- virtlogd.socket
when:
- step|int == 0
- libvirt_installed.rc == 0
- name: Special treatment for OpenvSwitch
tripleo_ovs_upgrade:
when:
- step|int == 2
register: ovs_upgrade
- name: Always ensure the openvswitch service is enabled and running after upgrades
service:
name: openvswitch
enabled: true
state: started
when:
- step|int == 2
- ovs_upgrade.changed|bool
- name: Install libibverbs (https://bugs.launchpad.net/tripleo/+bug/1817743)
when: step|int == 2
package:
name: libibverbs
state: installed
- name: Check for os-net-config upgrade
shell: "yum check-upgrade | awk '/os-net-config/{print}'"
register: os_net_config_need_upgrade
when: step|int == 3
- name: Check that os-net-config has configuration
when: step|int == 3
stat:
path: /etc/os-net-config/config.json
get_attributes: false
get_checksum: false
get_mime: false
register: stat_config_json
- block:
- name: Upgrade os-net-config
package: name=os-net-config state=latest
- name: take new os-net-config parameters into account now
command: os-net-config --no-activate -c /etc/os-net-config/config.json -v --detailed-exit-codes
register: os_net_config_upgrade
failed_when: os_net_config_upgrade.rc not in [0,2]
changed_when: os_net_config_upgrade.rc == 2
when:
- step|int == 3
- os_net_config_need_upgrade.stdout
- stat_config_json.stat.exists
# Exclude ansible until https://github.com/ansible/ansible/issues/56636
# is available
- name: Update all packages
when:
- step|int == 3
- not skip_package_update|bool
yum:
name: '*'
state: latest
exclude: ansible
vars:
skip_package_update: {get_param: SkipPackageUpdate}
external_upgrade_tasks:
- name: Clean up upgrade artifacts
when: step|int == 1
tags:
- never
- system_upgrade_cleanup
block:
- name: cleanup tripleo_persist
include_role:
name: tripleo_persist
tasks_from: cleanup.yml
update_tasks:
- include_role:
name: tripleo_packages
tasks_from: update_bootstrap.yml
when: step|int == 0
vars:
dnf_module_list: {get_attr: [RoleParametersValue, value, 'dnf_module_list']}
skip_rhel_enforcement: {get_param: SkipRhelEnforcement}
- include_role:
name: tripleo_packages
tasks_from: update_ovs.yml
when: step|int == 2
- include_role:
name: tripleo_packages
tasks_from: update.yml
when: step|int == 3
vars:
skip_package_update: {get_param: SkipPackageUpdate}
View Git Blame Copy Permalink