4939e19eeb
Dnf Ansible module doesn't only enable the stream, but synchronizes the whole content. Dnf module installs packages which were not installed before the undercloud upgrade. As a result some packages are installed in step0, and not as it should be done in step3. This patch replaces the dnf Ansible module by a custom tripleo module, tripleo_dnf_stream, which will only enable the stream (if the stream wasn't enabled). This is the same change that was made for minor update workflow, but for undercloud upgrade. [1] [1]https://review.opendev.org/#/q/I3fa4ccc224cf510bcc85a9c86a2b4f0d367c687f Change-Id: I3c24f6c0b1877caca225d532e2c40cabe9095577
180 lines
6.7 KiB
YAML
180 lines
6.7 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
Upgrade a non-containerized undercloud to a containerized undercloud.
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
SkipRhelEnforcement:
|
|
default: false
|
|
description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat.
|
|
Mainly for CI purpose. It shouldn't matter on other distributions
|
|
where it's disabled in the role. Set to true to skip the enforcement.
|
|
type: boolean
|
|
DnfStreams:
|
|
default: []
|
|
description: List of streams to be configured before updating packages. Each list
|
|
element contains a dictionary with the following values defined
|
|
module[mandatory], stream[mandatory], distribution_version[mandatory] and profile[optional].
|
|
If the profile is not specified 'common' will be used instead.
|
|
type: json
|
|
tags:
|
|
- role_specific
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the TripleO Undercloud Upgrade service.
|
|
value:
|
|
service_name: undercloud_upgrade
|
|
config_settings: {}
|
|
deploy_steps_tasks: []
|
|
docker_config: {}
|
|
kolla_config: {}
|
|
puppet_config: {}
|
|
upgrade_tasks:
|
|
- name: Enforce RHOSP rules regarding subscription.
|
|
include_role:
|
|
name: tripleo_redhat_enforce
|
|
vars:
|
|
skip_rhel_enforcement: {get_param: SkipRhelEnforcement}
|
|
when:
|
|
- step|int == 0
|
|
- ansible_facts['distribution'] == 'RedHat'
|
|
- not (skip_rhel_enforcement | bool)
|
|
- name: Ensure DNF modules have the right stream enabled
|
|
vars:
|
|
dnf_module_list: {get_param: DnfStreams}
|
|
tripleo_dnf_stream:
|
|
name: "{{ item.module }}:{{ item.stream }}"
|
|
state: enabled
|
|
loop: "{{ dnf_module_list|list }}"
|
|
when:
|
|
- step|int == 0
|
|
- dnf_module_list|length > 0
|
|
- item.distribution_version is defined
|
|
- ansible_facts['distribution_major_version'] is version(item.distribution_version, '==')
|
|
- name: Clean up Nova containers
|
|
when: step|int == 0
|
|
block:
|
|
- name: Stop nova containers
|
|
import_role:
|
|
name: tripleo_container_stop
|
|
vars:
|
|
tripleo_containers_to_stop: &nova_containers
|
|
- nova_api
|
|
- nova_api_cron
|
|
- nova_conductor
|
|
- nova_scheduler
|
|
- placement_api
|
|
- nova_compute
|
|
|
|
- name: Remove nova containers
|
|
import_role:
|
|
name: tripleo_container_rm
|
|
vars:
|
|
containers_to_rm: *nova_containers
|
|
|
|
- name: Remove one-off nova init-containers
|
|
import_role:
|
|
name: tripleo_container_rm
|
|
vars:
|
|
containers_to_rm:
|
|
- nova_api_db_sync
|
|
- nova_api_init_logs
|
|
- nova_api_map_cell0
|
|
- nova_api_ensure_default_cell
|
|
- nova_statedir_owner
|
|
- nova_wait_for_compute_service
|
|
- nova_wait_for_api_service
|
|
- nova_db_sync
|
|
- placement_api_db_sync
|
|
- placement_wait_for_service
|
|
- placement_init_log
|
|
- name: migrate existing introspection data
|
|
shell: >
|
|
{{ container_cli }} exec -u root ironic_inspector ironic-inspector-migrate-data
|
|
--from swift --to database --config-file /etc/ironic-inspector/inspector.conf
|
|
become: true
|
|
register: ironic_inspector_migrate_data_result
|
|
when:
|
|
- step|int == 1
|
|
failed_when:
|
|
- ironic_inspector_migrate_data_result.rc is defined # do not fail in dry run mode
|
|
- ironic_inspector_migrate_data_result.rc not in [0, 125] # ignore if container not running
|
|
- name: Special treatment for OpenvSwitch
|
|
tripleo_ovs_upgrade:
|
|
when:
|
|
- step|int == 2
|
|
register: ovs_upgrade
|
|
- name: Always ensure the openvswitch service is enabled and running after upgrades
|
|
service:
|
|
name: openvswitch
|
|
enabled: true
|
|
state: started
|
|
when:
|
|
- step|int == 2
|
|
- ovs_upgrade.changed|bool
|
|
# Exclude ansible until https://github.com/ansible/ansible/issues/56636
|
|
# is available
|
|
- name: Update all packages
|
|
when: step|int == 3
|
|
dnf:
|
|
name: '*'
|
|
state: latest
|
|
allowerasing: yes
|
|
exclude: ansible
|
|
- name: Check that os-net-config has configuration
|
|
when: step|int == 3
|
|
stat:
|
|
path: /etc/os-net-config/config.json
|
|
get_attributes: false
|
|
get_checksum: false
|
|
get_mime: false
|
|
register: stat_config_json
|
|
- name: take new os-net-config parameters into account now
|
|
when:
|
|
- step|int == 3
|
|
- stat_config_json.stat.exists
|
|
command: os-net-config --no-activate -c /etc/os-net-config/config.json -v --detailed-exit-codes
|
|
register: os_net_config_upgrade
|
|
failed_when: os_net_config_upgrade.rc not in [0,2]
|
|
changed_when: os_net_config_upgrade.rc == 2
|
|
# Keepalived was removed and the VIPs are now deployed by
|
|
# os-net-config.
|
|
# When Keepalived is stopped, it brings down the VIPs which is
|
|
# problematic since it'll remove the resources created by os-net-config
|
|
# so let's teardown keepalived in the upgrade tasks here and later
|
|
# during the deploy the os-net-config tool will re-create the VIPs.
|
|
# Doing it at step 5 so upgrade steps which need API access still work.
|
|
- name: Remove keepalived container
|
|
include_role:
|
|
name: tripleo_container_rm
|
|
vars:
|
|
tripleo_container_cli: "{{ container_cli }}"
|
|
tripleo_containers_to_rm:
|
|
- keepalived
|
|
when:
|
|
- step|int == 5
|