tripleo-heat-templates/deployment/undercloud/undercloud-upgrade.yaml
mciecier 4939e19eeb Replace dnf by tripleo_dnf_stream for undercloud upgrade
Dnf Ansible module doesn't only enable the stream, but
synchronizes the whole content. Dnf module installs
packages which were not installed before the undercloud upgrade.
As a result some packages are installed in step0, and not as it
should be done in step3.

This patch replaces the dnf Ansible module by a custom tripleo
module, tripleo_dnf_stream, which will only enable the stream
(if the stream wasn't enabled).

This is the same change that was made for minor update workflow,
but for undercloud upgrade. [1]

[1]https://review.opendev.org/#/q/I3fa4ccc224cf510bcc85a9c86a2b4f0d367c687f

Change-Id: I3c24f6c0b1877caca225d532e2c40cabe9095577
2022-10-12 14:01:52 +02:00

180 lines
6.7 KiB
YAML

heat_template_version: wallaby
description: >
Upgrade a non-containerized undercloud to a containerized undercloud.
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
SkipRhelEnforcement:
default: false
description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat.
Mainly for CI purpose. It shouldn't matter on other distributions
where it's disabled in the role. Set to true to skip the enforcement.
type: boolean
DnfStreams:
default: []
description: List of streams to be configured before updating packages. Each list
element contains a dictionary with the following values defined
module[mandatory], stream[mandatory], distribution_version[mandatory] and profile[optional].
If the profile is not specified 'common' will be used instead.
type: json
tags:
- role_specific
outputs:
role_data:
description: Role data for the TripleO Undercloud Upgrade service.
value:
service_name: undercloud_upgrade
config_settings: {}
deploy_steps_tasks: []
docker_config: {}
kolla_config: {}
puppet_config: {}
upgrade_tasks:
- name: Enforce RHOSP rules regarding subscription.
include_role:
name: tripleo_redhat_enforce
vars:
skip_rhel_enforcement: {get_param: SkipRhelEnforcement}
when:
- step|int == 0
- ansible_facts['distribution'] == 'RedHat'
- not (skip_rhel_enforcement | bool)
- name: Ensure DNF modules have the right stream enabled
vars:
dnf_module_list: {get_param: DnfStreams}
tripleo_dnf_stream:
name: "{{ item.module }}:{{ item.stream }}"
state: enabled
loop: "{{ dnf_module_list|list }}"
when:
- step|int == 0
- dnf_module_list|length > 0
- item.distribution_version is defined
- ansible_facts['distribution_major_version'] is version(item.distribution_version, '==')
- name: Clean up Nova containers
when: step|int == 0
block:
- name: Stop nova containers
import_role:
name: tripleo_container_stop
vars:
tripleo_containers_to_stop: &nova_containers
- nova_api
- nova_api_cron
- nova_conductor
- nova_scheduler
- placement_api
- nova_compute
- name: Remove nova containers
import_role:
name: tripleo_container_rm
vars:
containers_to_rm: *nova_containers
- name: Remove one-off nova init-containers
import_role:
name: tripleo_container_rm
vars:
containers_to_rm:
- nova_api_db_sync
- nova_api_init_logs
- nova_api_map_cell0
- nova_api_ensure_default_cell
- nova_statedir_owner
- nova_wait_for_compute_service
- nova_wait_for_api_service
- nova_db_sync
- placement_api_db_sync
- placement_wait_for_service
- placement_init_log
- name: migrate existing introspection data
shell: >
{{ container_cli }} exec -u root ironic_inspector ironic-inspector-migrate-data
--from swift --to database --config-file /etc/ironic-inspector/inspector.conf
become: true
register: ironic_inspector_migrate_data_result
when:
- step|int == 1
failed_when:
- ironic_inspector_migrate_data_result.rc is defined # do not fail in dry run mode
- ironic_inspector_migrate_data_result.rc not in [0, 125] # ignore if container not running
- name: Special treatment for OpenvSwitch
tripleo_ovs_upgrade:
when:
- step|int == 2
register: ovs_upgrade
- name: Always ensure the openvswitch service is enabled and running after upgrades
service:
name: openvswitch
enabled: true
state: started
when:
- step|int == 2
- ovs_upgrade.changed|bool
# Exclude ansible until https://github.com/ansible/ansible/issues/56636
# is available
- name: Update all packages
when: step|int == 3
dnf:
name: '*'
state: latest
allowerasing: yes
exclude: ansible
- name: Check that os-net-config has configuration
when: step|int == 3
stat:
path: /etc/os-net-config/config.json
get_attributes: false
get_checksum: false
get_mime: false
register: stat_config_json
- name: take new os-net-config parameters into account now
when:
- step|int == 3
- stat_config_json.stat.exists
command: os-net-config --no-activate -c /etc/os-net-config/config.json -v --detailed-exit-codes
register: os_net_config_upgrade
failed_when: os_net_config_upgrade.rc not in [0,2]
changed_when: os_net_config_upgrade.rc == 2
# Keepalived was removed and the VIPs are now deployed by
# os-net-config.
# When Keepalived is stopped, it brings down the VIPs which is
# problematic since it'll remove the resources created by os-net-config
# so let's teardown keepalived in the upgrade tasks here and later
# during the deploy the os-net-config tool will re-create the VIPs.
# Doing it at step 5 so upgrade steps which need API access still work.
- name: Remove keepalived container
include_role:
name: tripleo_container_rm
vars:
tripleo_container_cli: "{{ container_cli }}"
tripleo_containers_to_rm:
- keepalived
when:
- step|int == 5