tripleo-heat-templates/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml
mciecier 86d4a348a3 Fix 'Ensure DNF modules have the right stream'
This change solves bug [1]. Change introduces a new mandatory field to
DnfStreams parameter and adjusts 'Ensure DNF modules have the right
stream' task to use new field. New field is called distribution_version
and its purpose is to choose modules enabled in centos8 or in centos9.

DnfStreams parameter defines list of dnf module streams to be configured
before updating packages both on undercloud and overcloud.

[1]https://bugs.launchpad.net/tripleo/+bug/1968706

Change-Id: I3f7f3002c985b0b618ba30a2497635a33a318624
2022-06-20 23:12:54 +02:00

449 lines
17 KiB
YAML

heat_template_version: wallaby
description: >
TripleO Package installation settings
parameters:
ServiceData:
default: {}
description: Dictionary packing service data
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. Use
parameter_merge_strategies to merge it with the defaults.
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
EnablePackageInstall:
default: 'false'
description: Set to true to enable package installation at deploy time
type: boolean
UpgradeLeappEnabled:
description: Use Leapp for operating system upgrade
type: boolean
default: false
UpgradeLeappDebug:
description: Print debugging output when running Leapp
type: boolean
default: true
UpgradeLeappDevelSkip:
description: |
Skip Leapp checks by setting env variables when running Leapp in
development/testing. For example, LEAPP_NO_RHSM=1.
type: string
default: ''
tags:
- role_specific
UpgradeLeappCommandOptions:
description: |
In case or using UpgradeLeappDevelSkip with LEAPP_NO_RHSM=1 user
can specify --enablerepo <repo1> --enablerepo <repo2> options for
leapp to use these repositories for the upgrade process.
type: string
default: ''
tags:
- role_specific
UpgradeLeappRebootTimeout:
description: Timeout (seconds) for the OS upgrade phase via Leapp
type: number
default: 3600
UpgradeLeappPostRebootDelay:
description: |
Maximum (seconds) to wait for machine to reboot and respond to a test
command.
type: number
default: 120
UpgradeLeappToRemove:
default: []
description: List of packages to remove during Leapp upgrade.
type: comma_delimited_list
tags:
- role_specific
UpgradeLeappToInstall:
default: []
description: List of packages to install after Leapp upgrade.
type: comma_delimited_list
tags:
- role_specific
UpgradeInitCommand:
type: string
description: |
Command or script snippet to run on all overcloud nodes to
initialize the upgrade process. E.g. a repository switch.
default: ''
tags:
- role_specific
UpgradeInitCommonCommand:
type: string
description: |
Common commands required by the upgrades process. This should not
normally be modified by the operator and is set and unset in the
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
environment files.
default: ''
SkipPackageUpdate:
default: false
description: Set to true to skip the update all packages
type: boolean
SkipRhelEnforcement:
default: false
description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat.
Mainly for CI purpose. It shouldn't matter on other distributions
where it's disabled in the role. Set to true to skip the enforcement.
type: boolean
DnfStreams:
default: []
description: List of streams to be configured before updating packages. Each list
element contains a dictionary with the following values defined
module[mandatory], stream[mandatory], distribution_version[mandatory] and profile[optional].
If the profile is not specified 'common' will be used instead.
type: json
tags:
- role_specific
resources:
RoleParametersValue:
type: OS::Heat::Value
properties:
type: json
value:
map_replace:
- map_replace:
- dnf_module_list: DnfStreams
upgrade_leapp_devel_skip: UpgradeLeappDevelSkip
upgrade_leapp_command_options: UpgradeLeappCommandOptions
upgrade_leapp_to_remove: UpgradeLeappToRemove
upgrade_leapp_to_install: UpgradeLeappToInstall
upgrade_init_command: UpgradeInitCommand
- values: {get_param: [RoleParameters]}
- values:
DnfStreams: {get_param: DnfStreams}
UpgradeLeappDevelSkip: {get_param: UpgradeLeappDevelSkip}
UpgradeLeappCommandOptions: {get_param: UpgradeLeappCommandOptions}
UpgradeLeappToRemove: {get_param: UpgradeLeappToRemove}
UpgradeLeappToInstall: {get_param: UpgradeLeappToInstall}
UpgradeInitCommand: {get_param: UpgradeInitCommand}
outputs:
role_data:
description: Role data for the TripleO package settings
value:
service_name: tripleo_packages
config_settings:
tripleo::packages::enable_install: {get_param: EnablePackageInstall}
step_config: |
include tripleo::packages
upgrade_tasks:
- name: Gather missing facts
setup:
gather_subset:
- '!all'
- '!min'
- 'distribution'
when: >-
ansible_facts['distribution'] is not defined or
ansible_facts['distribution_major_version'] is not defined
tags:
- always
- name: Set leapp facts
set_fact:
upgrade_leapp_enabled: >-
{{ _upgradeLeappEnabled | bool and
ansible_facts['distribution'] == 'RedHat' and
ansible_facts['distribution_major_version'] is version('7', '==') }}
upgrade_leapp_debug: {get_param: UpgradeLeappDebug}
upgrade_leapp_devel_skip: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_devel_skip']}
upgrade_leapp_command_options: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_command_options']}
upgrade_leapp_reboot_timeout: {get_param: UpgradeLeappRebootTimeout}
upgrade_leapp_post_reboot_delay: {get_param: UpgradeLeappPostRebootDelay}
vars:
_upgradeLeappEnabled: {get_param: UpgradeLeappEnabled}
tags:
- always
- name: system_upgrade_prepare step 3
tags:
- never
- system_upgrade
- system_upgrade_prepare
when:
- step|int == 3
- upgrade_leapp_enabled
block:
- name: remove all OpenStack packages
shell: |
yum -y remove *el7ost* \
mariadb-server* -- \
-*openvswitch* \
-python2-babel \
-python2-dateutil \
-python2-ipaddress \
-python2-jinja2 \
-python2-markupsafe \
-python2-six
- name: install leapp
package:
name: leapp
state: latest
- name: "add packages into Leapp's to_remove file"
vars:
pkg_to_remove: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_to_remove']}
lineinfile:
path: "/etc/leapp/transaction/to_remove"
line: "{{ item }}"
loop: "{{ pkg_to_remove }}"
- name: "add packages into Leapp's to_install file"
vars:
pkg_to_install: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_to_install']}
lineinfile:
path: "/etc/leapp/transaction/to_install"
line: "{{ item }}"
loop: "{{ pkg_to_install }}"
- name: "check sshd_config file"
stat:
path: "/etc/ssh/sshd_config"
register: sshd_config_result
- name: "add PermitRootLogin option for leapp"
lineinfile:
path: "/etc/ssh/sshd_config"
regexp: "^(# *)?PermitRootLogin"
line: "PermitRootLogin without-password"
- name: system_upgrade_prepare step 4
tags:
- never
- system_upgrade
- system_upgrade_prepare
when: step|int == 4
block:
- name: run leapp upgrade (download packages)
shell: >
{% if upgrade_leapp_devel_skip|default(false) %}{{ upgrade_leapp_devel_skip }}{% endif %}
leapp upgrade
{% if upgrade_leapp_debug|default(true) %}--debug{% endif %}
{% if upgrade_leapp_command_options|default(false) %}{{ upgrade_leapp_command_options }}{% endif %}
when: upgrade_leapp_enabled
- name: system_upgrade_run step 4
tags:
- never
- system_upgrade
- system_upgrade_run
# In case someone needs to re-run system_upgrade_run post-tasks
# but doesn't want to reboot, they can run with
# `--skip-tags system_upgrade_reboot`.
- system_upgrade_reboot
when:
- step|int == 4
- upgrade_leapp_enabled
block:
- name: reboot to perform the upgrade
reboot:
reboot_timeout: "{{upgrade_leapp_reboot_timeout}}"
# TODO(holser): ansible 2.10 and higher provides boot_time_command to detect boot_id before and after reboot.
test_command: >-
source /etc/os-release; [ "${VERSION_ID%.*}" -ge "8" ] && systemctl is-system-running | grep -qE "running|degraded" || exit 1
post_reboot_delay: "{{ upgrade_leapp_post_reboot_delay }}"
- name: Package and repo update tasks
when: step|int == 0
block:
- name: Run UpgradeInitCommand
shell:
list_join:
- ''
- - "#!/bin/bash\n\n"
- "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
- {get_attr: [RoleParametersValue, value, 'upgrade_init_command']}
- name: Run UpgradeInitCommonCommand
shell:
list_join:
- ''
- - "#!/bin/bash\n\n"
- {get_param: UpgradeInitCommonCommand}
- name: Ensure DNF modules have the right stream
vars:
dnf_module_list: {get_attr: [RoleParametersValue, value, 'dnf_module_list']}
dnf:
name: "@{{ item.module }}:{{ item.stream }}/{{ item.profile|default('common') }}"
state: present
loop: "{{ dnf_module_list|list }}"
when:
- dnf_module_list|length > 0
- item.distribution_version is defined
- ansible_facts['distribution_major_version'] is version(item.distribution_version, '==')
- name: Ensure TripleO prerequisite packages are installed
package:
name:
- jq
- lvm2
- net-snmp
- openstack-selinux
- os-net-config
- puppet-tripleo
- python3-heat-agent*
- python3-openstackclient
- rsync
state: present
when: ansible_facts['distribution_major_version'] is version('8', '==')
- name: check if libvirt is installed
when: step|int == 0
command: /usr/bin/rpm -q libvirt-daemon
failed_when: false
register: libvirt_installed
check_mode: false
- name: make sure libvirt services are disabled and masked
service:
name: "{{ item }}"
state: stopped
enabled: false
masked: true
daemon_reload: true
loop:
- libvirtd.service
- virtlogd.socket
when:
- step|int == 0
- libvirt_installed.rc == 0
- name: Special treatment for OpenvSwitch
tripleo_ovs_upgrade:
when:
- step|int == 2
register: ovs_upgrade
- name: Always ensure the openvswitch service is enabled and running after upgrades
service:
name: openvswitch
enabled: true
state: started
when:
- step|int == 2
- ovs_upgrade.changed|bool
- name: Install libibverbs (https://bugs.launchpad.net/tripleo/+bug/1817743)
when: step|int == 2
package:
name: libibverbs
state: installed
- name: Check for os-net-config upgrade
shell: "yum check-upgrade | awk '/os-net-config/{print}'"
register: os_net_config_need_upgrade
when: step|int == 3
- name: Check that os-net-config has configuration
when: step|int == 3
stat:
path: /etc/os-net-config/config.json
get_attributes: false
get_checksum: false
get_mime: false
register: stat_config_json
- block:
- name: Upgrade os-net-config
package: name=os-net-config state=latest
- name: take new os-net-config parameters into account now
command: os-net-config --no-activate -c /etc/os-net-config/config.json -v --detailed-exit-codes
register: os_net_config_upgrade
failed_when: os_net_config_upgrade.rc not in [0,2]
changed_when: os_net_config_upgrade.rc == 2
when:
- step|int == 3
- os_net_config_need_upgrade.stdout
- stat_config_json.stat.exists
# Exclude ansible until https://github.com/ansible/ansible/issues/56636
# is available
- name: Update all packages
when:
- step|int == 3
- not skip_package_update|bool
yum:
name: '*'
state: latest
exclude: ansible
vars:
skip_package_update: {get_param: SkipPackageUpdate}
external_upgrade_tasks:
- name: Clean up upgrade artifacts
when: step|int == 1
tags:
- never
- system_upgrade_cleanup
block:
- name: cleanup tripleo_persist
include_role:
name: tripleo_persist
tasks_from: cleanup.yml
update_tasks:
- name: Enforce RHOSP rules regarding subscription.
include_role:
name: tripleo_redhat_enforce
vars:
skip_rhel_enforcement: {get_param: SkipRhelEnforcement}
when:
- step|int == 0
- ansible_facts['distribution'] == 'RedHat'
- not (skip_rhel_enforcement | bool)
- name: Ensure DNF modules have the right stream enabled
vars:
dnf_module_list: {get_attr: [RoleParametersValue, value, 'dnf_module_list']}
tripleo_dnf_stream:
name: "{{ item.module }}:{{ item.stream }}"
state: enabled
loop: "{{ dnf_module_list|list }}"
when:
- step|int == 0
- dnf_module_list|length > 0
- item.distribution_version is defined
- ansible_facts['distribution_major_version'] is version(item.distribution_version, '==')
- name: Check for existing yum.pid
stat: path=/run/yum.pid
register: yum_pid_file
when: step|int == 0 or step|int == 3
- name: Exit if existing yum process
fail: msg="ERROR existing yum.pid detected - can't continue! Please ensure there is no other package update process for the duration of the minor update worfklow. Exiting."
when: (step|int == 0 or step|int == 3) and yum_pid_file.stat.exists
- name: Special treatment for OpenvSwitch
tripleo_ovs_upgrade:
when:
- step|int == 2
register: ovs_upgrade
- name: Always ensure the openvswitch service is enabled and running after upgrades
service:
name: openvswitch
enabled: true
state: started
when:
- step|int == 2
- ovs_upgrade.changed|bool
# Exclude ansible until https://github.com/ansible/ansible/issues/56636
# is available
- name: Update all packages
when:
- step|int == 3
- not skip_package_update|bool
yum:
name: '*'
state: latest
exclude: ansible
vars:
skip_package_update: {get_param: SkipPackageUpdate}
# This is failsafe unless openvswitch package does something
# to the systemd service state.
- name: Ensure openvswitch is running after update
when: step|int == 3
service:
name: openvswitch
enabled: true
state: started
ignore_errors: true