86d4a348a3
This change solves bug [1]. Change introduces a new mandatory field to DnfStreams parameter and adjusts 'Ensure DNF modules have the right stream' task to use new field. New field is called distribution_version and its purpose is to choose modules enabled in centos8 or in centos9. DnfStreams parameter defines list of dnf module streams to be configured before updating packages both on undercloud and overcloud. [1]https://bugs.launchpad.net/tripleo/+bug/1968706 Change-Id: I3f7f3002c985b0b618ba30a2497635a33a318624
449 lines
17 KiB
YAML
449 lines
17 KiB
YAML
heat_template_version: wallaby
|
|
|
|
description: >
|
|
TripleO Package installation settings
|
|
|
|
parameters:
|
|
ServiceData:
|
|
default: {}
|
|
description: Dictionary packing service data
|
|
type: json
|
|
ServiceNetMap:
|
|
default: {}
|
|
description: Mapping of service_name -> network name. Typically set
|
|
via parameter_defaults in the resource registry. Use
|
|
parameter_merge_strategies to merge it with the defaults.
|
|
type: json
|
|
RoleName:
|
|
default: ''
|
|
description: Role name on which the service is applied
|
|
type: string
|
|
RoleParameters:
|
|
default: {}
|
|
description: Parameters specific to the role
|
|
type: json
|
|
EndpointMap:
|
|
default: {}
|
|
description: Mapping of service endpoint -> protocol. Typically set
|
|
via parameter_defaults in the resource registry.
|
|
type: json
|
|
EnablePackageInstall:
|
|
default: 'false'
|
|
description: Set to true to enable package installation at deploy time
|
|
type: boolean
|
|
UpgradeLeappEnabled:
|
|
description: Use Leapp for operating system upgrade
|
|
type: boolean
|
|
default: false
|
|
UpgradeLeappDebug:
|
|
description: Print debugging output when running Leapp
|
|
type: boolean
|
|
default: true
|
|
UpgradeLeappDevelSkip:
|
|
description: |
|
|
Skip Leapp checks by setting env variables when running Leapp in
|
|
development/testing. For example, LEAPP_NO_RHSM=1.
|
|
type: string
|
|
default: ''
|
|
tags:
|
|
- role_specific
|
|
UpgradeLeappCommandOptions:
|
|
description: |
|
|
In case or using UpgradeLeappDevelSkip with LEAPP_NO_RHSM=1 user
|
|
can specify --enablerepo <repo1> --enablerepo <repo2> options for
|
|
leapp to use these repositories for the upgrade process.
|
|
type: string
|
|
default: ''
|
|
tags:
|
|
- role_specific
|
|
UpgradeLeappRebootTimeout:
|
|
description: Timeout (seconds) for the OS upgrade phase via Leapp
|
|
type: number
|
|
default: 3600
|
|
UpgradeLeappPostRebootDelay:
|
|
description: |
|
|
Maximum (seconds) to wait for machine to reboot and respond to a test
|
|
command.
|
|
type: number
|
|
default: 120
|
|
UpgradeLeappToRemove:
|
|
default: []
|
|
description: List of packages to remove during Leapp upgrade.
|
|
type: comma_delimited_list
|
|
tags:
|
|
- role_specific
|
|
UpgradeLeappToInstall:
|
|
default: []
|
|
description: List of packages to install after Leapp upgrade.
|
|
type: comma_delimited_list
|
|
tags:
|
|
- role_specific
|
|
UpgradeInitCommand:
|
|
type: string
|
|
description: |
|
|
Command or script snippet to run on all overcloud nodes to
|
|
initialize the upgrade process. E.g. a repository switch.
|
|
default: ''
|
|
tags:
|
|
- role_specific
|
|
UpgradeInitCommonCommand:
|
|
type: string
|
|
description: |
|
|
Common commands required by the upgrades process. This should not
|
|
normally be modified by the operator and is set and unset in the
|
|
major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml
|
|
environment files.
|
|
default: ''
|
|
SkipPackageUpdate:
|
|
default: false
|
|
description: Set to true to skip the update all packages
|
|
type: boolean
|
|
SkipRhelEnforcement:
|
|
default: false
|
|
description: Whether to avoid or not RHEL/OSP policies enforcement on Red Hat.
|
|
Mainly for CI purpose. It shouldn't matter on other distributions
|
|
where it's disabled in the role. Set to true to skip the enforcement.
|
|
type: boolean
|
|
DnfStreams:
|
|
default: []
|
|
description: List of streams to be configured before updating packages. Each list
|
|
element contains a dictionary with the following values defined
|
|
module[mandatory], stream[mandatory], distribution_version[mandatory] and profile[optional].
|
|
If the profile is not specified 'common' will be used instead.
|
|
type: json
|
|
tags:
|
|
- role_specific
|
|
|
|
resources:
|
|
RoleParametersValue:
|
|
type: OS::Heat::Value
|
|
properties:
|
|
type: json
|
|
value:
|
|
map_replace:
|
|
- map_replace:
|
|
- dnf_module_list: DnfStreams
|
|
upgrade_leapp_devel_skip: UpgradeLeappDevelSkip
|
|
upgrade_leapp_command_options: UpgradeLeappCommandOptions
|
|
upgrade_leapp_to_remove: UpgradeLeappToRemove
|
|
upgrade_leapp_to_install: UpgradeLeappToInstall
|
|
upgrade_init_command: UpgradeInitCommand
|
|
- values: {get_param: [RoleParameters]}
|
|
- values:
|
|
DnfStreams: {get_param: DnfStreams}
|
|
UpgradeLeappDevelSkip: {get_param: UpgradeLeappDevelSkip}
|
|
UpgradeLeappCommandOptions: {get_param: UpgradeLeappCommandOptions}
|
|
UpgradeLeappToRemove: {get_param: UpgradeLeappToRemove}
|
|
UpgradeLeappToInstall: {get_param: UpgradeLeappToInstall}
|
|
UpgradeInitCommand: {get_param: UpgradeInitCommand}
|
|
|
|
outputs:
|
|
role_data:
|
|
description: Role data for the TripleO package settings
|
|
value:
|
|
service_name: tripleo_packages
|
|
config_settings:
|
|
tripleo::packages::enable_install: {get_param: EnablePackageInstall}
|
|
step_config: |
|
|
include tripleo::packages
|
|
upgrade_tasks:
|
|
- name: Gather missing facts
|
|
setup:
|
|
gather_subset:
|
|
- '!all'
|
|
- '!min'
|
|
- 'distribution'
|
|
when: >-
|
|
ansible_facts['distribution'] is not defined or
|
|
ansible_facts['distribution_major_version'] is not defined
|
|
tags:
|
|
- always
|
|
|
|
- name: Set leapp facts
|
|
set_fact:
|
|
upgrade_leapp_enabled: >-
|
|
{{ _upgradeLeappEnabled | bool and
|
|
ansible_facts['distribution'] == 'RedHat' and
|
|
ansible_facts['distribution_major_version'] is version('7', '==') }}
|
|
upgrade_leapp_debug: {get_param: UpgradeLeappDebug}
|
|
upgrade_leapp_devel_skip: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_devel_skip']}
|
|
upgrade_leapp_command_options: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_command_options']}
|
|
upgrade_leapp_reboot_timeout: {get_param: UpgradeLeappRebootTimeout}
|
|
upgrade_leapp_post_reboot_delay: {get_param: UpgradeLeappPostRebootDelay}
|
|
vars:
|
|
_upgradeLeappEnabled: {get_param: UpgradeLeappEnabled}
|
|
tags:
|
|
- always
|
|
|
|
- name: system_upgrade_prepare step 3
|
|
tags:
|
|
- never
|
|
- system_upgrade
|
|
- system_upgrade_prepare
|
|
when:
|
|
- step|int == 3
|
|
- upgrade_leapp_enabled
|
|
block:
|
|
- name: remove all OpenStack packages
|
|
shell: |
|
|
yum -y remove *el7ost* \
|
|
mariadb-server* -- \
|
|
-*openvswitch* \
|
|
-python2-babel \
|
|
-python2-dateutil \
|
|
-python2-ipaddress \
|
|
-python2-jinja2 \
|
|
-python2-markupsafe \
|
|
-python2-six
|
|
- name: install leapp
|
|
package:
|
|
name: leapp
|
|
state: latest
|
|
- name: "add packages into Leapp's to_remove file"
|
|
vars:
|
|
pkg_to_remove: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_to_remove']}
|
|
lineinfile:
|
|
path: "/etc/leapp/transaction/to_remove"
|
|
line: "{{ item }}"
|
|
loop: "{{ pkg_to_remove }}"
|
|
- name: "add packages into Leapp's to_install file"
|
|
vars:
|
|
pkg_to_install: {get_attr: [RoleParametersValue, value, 'upgrade_leapp_to_install']}
|
|
lineinfile:
|
|
path: "/etc/leapp/transaction/to_install"
|
|
line: "{{ item }}"
|
|
loop: "{{ pkg_to_install }}"
|
|
- name: "check sshd_config file"
|
|
stat:
|
|
path: "/etc/ssh/sshd_config"
|
|
register: sshd_config_result
|
|
- name: "add PermitRootLogin option for leapp"
|
|
lineinfile:
|
|
path: "/etc/ssh/sshd_config"
|
|
regexp: "^(# *)?PermitRootLogin"
|
|
line: "PermitRootLogin without-password"
|
|
- name: system_upgrade_prepare step 4
|
|
tags:
|
|
- never
|
|
- system_upgrade
|
|
- system_upgrade_prepare
|
|
when: step|int == 4
|
|
block:
|
|
- name: run leapp upgrade (download packages)
|
|
shell: >
|
|
{% if upgrade_leapp_devel_skip|default(false) %}{{ upgrade_leapp_devel_skip }}{% endif %}
|
|
leapp upgrade
|
|
{% if upgrade_leapp_debug|default(true) %}--debug{% endif %}
|
|
{% if upgrade_leapp_command_options|default(false) %}{{ upgrade_leapp_command_options }}{% endif %}
|
|
when: upgrade_leapp_enabled
|
|
|
|
- name: system_upgrade_run step 4
|
|
tags:
|
|
- never
|
|
- system_upgrade
|
|
- system_upgrade_run
|
|
# In case someone needs to re-run system_upgrade_run post-tasks
|
|
# but doesn't want to reboot, they can run with
|
|
# `--skip-tags system_upgrade_reboot`.
|
|
- system_upgrade_reboot
|
|
when:
|
|
- step|int == 4
|
|
- upgrade_leapp_enabled
|
|
block:
|
|
- name: reboot to perform the upgrade
|
|
reboot:
|
|
reboot_timeout: "{{upgrade_leapp_reboot_timeout}}"
|
|
# TODO(holser): ansible 2.10 and higher provides boot_time_command to detect boot_id before and after reboot.
|
|
test_command: >-
|
|
source /etc/os-release; [ "${VERSION_ID%.*}" -ge "8" ] && systemctl is-system-running | grep -qE "running|degraded" || exit 1
|
|
post_reboot_delay: "{{ upgrade_leapp_post_reboot_delay }}"
|
|
|
|
- name: Package and repo update tasks
|
|
when: step|int == 0
|
|
block:
|
|
- name: Run UpgradeInitCommand
|
|
shell:
|
|
list_join:
|
|
- ''
|
|
- - "#!/bin/bash\n\n"
|
|
- "if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi\n\n"
|
|
- {get_attr: [RoleParametersValue, value, 'upgrade_init_command']}
|
|
- name: Run UpgradeInitCommonCommand
|
|
shell:
|
|
list_join:
|
|
- ''
|
|
- - "#!/bin/bash\n\n"
|
|
- {get_param: UpgradeInitCommonCommand}
|
|
- name: Ensure DNF modules have the right stream
|
|
vars:
|
|
dnf_module_list: {get_attr: [RoleParametersValue, value, 'dnf_module_list']}
|
|
dnf:
|
|
name: "@{{ item.module }}:{{ item.stream }}/{{ item.profile|default('common') }}"
|
|
state: present
|
|
loop: "{{ dnf_module_list|list }}"
|
|
when:
|
|
- dnf_module_list|length > 0
|
|
- item.distribution_version is defined
|
|
- ansible_facts['distribution_major_version'] is version(item.distribution_version, '==')
|
|
- name: Ensure TripleO prerequisite packages are installed
|
|
package:
|
|
name:
|
|
- jq
|
|
- lvm2
|
|
- net-snmp
|
|
- openstack-selinux
|
|
- os-net-config
|
|
- puppet-tripleo
|
|
- python3-heat-agent*
|
|
- python3-openstackclient
|
|
- rsync
|
|
state: present
|
|
when: ansible_facts['distribution_major_version'] is version('8', '==')
|
|
- name: check if libvirt is installed
|
|
when: step|int == 0
|
|
command: /usr/bin/rpm -q libvirt-daemon
|
|
failed_when: false
|
|
register: libvirt_installed
|
|
check_mode: false
|
|
- name: make sure libvirt services are disabled and masked
|
|
service:
|
|
name: "{{ item }}"
|
|
state: stopped
|
|
enabled: false
|
|
masked: true
|
|
daemon_reload: true
|
|
loop:
|
|
- libvirtd.service
|
|
- virtlogd.socket
|
|
when:
|
|
- step|int == 0
|
|
- libvirt_installed.rc == 0
|
|
- name: Special treatment for OpenvSwitch
|
|
tripleo_ovs_upgrade:
|
|
when:
|
|
- step|int == 2
|
|
register: ovs_upgrade
|
|
- name: Always ensure the openvswitch service is enabled and running after upgrades
|
|
service:
|
|
name: openvswitch
|
|
enabled: true
|
|
state: started
|
|
when:
|
|
- step|int == 2
|
|
- ovs_upgrade.changed|bool
|
|
- name: Install libibverbs (https://bugs.launchpad.net/tripleo/+bug/1817743)
|
|
when: step|int == 2
|
|
package:
|
|
name: libibverbs
|
|
state: installed
|
|
- name: Check for os-net-config upgrade
|
|
shell: "yum check-upgrade | awk '/os-net-config/{print}'"
|
|
register: os_net_config_need_upgrade
|
|
when: step|int == 3
|
|
- name: Check that os-net-config has configuration
|
|
when: step|int == 3
|
|
stat:
|
|
path: /etc/os-net-config/config.json
|
|
get_attributes: false
|
|
get_checksum: false
|
|
get_mime: false
|
|
register: stat_config_json
|
|
- block:
|
|
- name: Upgrade os-net-config
|
|
package: name=os-net-config state=latest
|
|
- name: take new os-net-config parameters into account now
|
|
command: os-net-config --no-activate -c /etc/os-net-config/config.json -v --detailed-exit-codes
|
|
register: os_net_config_upgrade
|
|
failed_when: os_net_config_upgrade.rc not in [0,2]
|
|
changed_when: os_net_config_upgrade.rc == 2
|
|
when:
|
|
- step|int == 3
|
|
- os_net_config_need_upgrade.stdout
|
|
- stat_config_json.stat.exists
|
|
# Exclude ansible until https://github.com/ansible/ansible/issues/56636
|
|
# is available
|
|
- name: Update all packages
|
|
when:
|
|
- step|int == 3
|
|
- not skip_package_update|bool
|
|
yum:
|
|
name: '*'
|
|
state: latest
|
|
exclude: ansible
|
|
vars:
|
|
skip_package_update: {get_param: SkipPackageUpdate}
|
|
external_upgrade_tasks:
|
|
- name: Clean up upgrade artifacts
|
|
when: step|int == 1
|
|
tags:
|
|
- never
|
|
- system_upgrade_cleanup
|
|
block:
|
|
- name: cleanup tripleo_persist
|
|
include_role:
|
|
name: tripleo_persist
|
|
tasks_from: cleanup.yml
|
|
update_tasks:
|
|
- name: Enforce RHOSP rules regarding subscription.
|
|
include_role:
|
|
name: tripleo_redhat_enforce
|
|
vars:
|
|
skip_rhel_enforcement: {get_param: SkipRhelEnforcement}
|
|
when:
|
|
- step|int == 0
|
|
- ansible_facts['distribution'] == 'RedHat'
|
|
- not (skip_rhel_enforcement | bool)
|
|
- name: Ensure DNF modules have the right stream enabled
|
|
vars:
|
|
dnf_module_list: {get_attr: [RoleParametersValue, value, 'dnf_module_list']}
|
|
tripleo_dnf_stream:
|
|
name: "{{ item.module }}:{{ item.stream }}"
|
|
state: enabled
|
|
loop: "{{ dnf_module_list|list }}"
|
|
when:
|
|
- step|int == 0
|
|
- dnf_module_list|length > 0
|
|
- item.distribution_version is defined
|
|
- ansible_facts['distribution_major_version'] is version(item.distribution_version, '==')
|
|
- name: Check for existing yum.pid
|
|
stat: path=/run/yum.pid
|
|
register: yum_pid_file
|
|
when: step|int == 0 or step|int == 3
|
|
- name: Exit if existing yum process
|
|
fail: msg="ERROR existing yum.pid detected - can't continue! Please ensure there is no other package update process for the duration of the minor update worfklow. Exiting."
|
|
when: (step|int == 0 or step|int == 3) and yum_pid_file.stat.exists
|
|
- name: Special treatment for OpenvSwitch
|
|
tripleo_ovs_upgrade:
|
|
when:
|
|
- step|int == 2
|
|
register: ovs_upgrade
|
|
- name: Always ensure the openvswitch service is enabled and running after upgrades
|
|
service:
|
|
name: openvswitch
|
|
enabled: true
|
|
state: started
|
|
when:
|
|
- step|int == 2
|
|
- ovs_upgrade.changed|bool
|
|
# Exclude ansible until https://github.com/ansible/ansible/issues/56636
|
|
# is available
|
|
- name: Update all packages
|
|
when:
|
|
- step|int == 3
|
|
- not skip_package_update|bool
|
|
yum:
|
|
name: '*'
|
|
state: latest
|
|
exclude: ansible
|
|
vars:
|
|
skip_package_update: {get_param: SkipPackageUpdate}
|
|
# This is failsafe unless openvswitch package does something
|
|
# to the systemd service state.
|
|
- name: Ensure openvswitch is running after update
|
|
when: step|int == 3
|
|
service:
|
|
name: openvswitch
|
|
enabled: true
|
|
state: started
|
|
ignore_errors: true
|