Merge "Add IronicPxe to the default controller" into stable/pike

diff --git a/docker/services/README.rst b/docker/services/README.rst
index ce255ba..a843efc 100644 (file)
--- a/docker/services/README.rst
+++ b/docker/services/README.rst
@@ -124,3 +124,24 @@ Steps correlate to the following:
    5) Service activation (Pacemaker)
      a) step 5 baremetal
      b) step 5 containers
+
+Update steps:
+-------------
+
+All services have an associated update_tasks output that is an ansible
+snippet that will be run during update in an rolling update that is
+expected to run in a rolling update fashion (one node at a time)
+
+For Controller (where pacemaker is running) we have the following states:
+ 1. Step=1: stop the cluster on the updated node;
+ 2. Step=2: Pull the latest image and retag the it pcmklatest
+ 3. Step=3: yum upgrade happens on the host.
+ 4. Step=4: Restart the cluster on the node
+ 5. Step=5: Verification:
+    Currently we test that the pacemaker services are running.
+
+Then the usual deploy steps are run which pull in the latest image for
+all containerized services and the updated configuration if any.
+
+Note: as pacemaker is not containerized, the points 1 and 4 happen in
+puppet/services/pacemaker.yaml.

diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml
index 18068c8..9445069 100644 (file)
--- a/docker/services/aodh-api.yaml
+++ b/docker/services/aodh-api.yaml
@@ -39,6 +39,10 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 conditions:
 
@@ -160,5 +164,10 @@ outputs:
         - name: Stop and disable aodh service (running under httpd)
           tags: step2
           service: name=httpd state=stopped enabled=no
+        - name: Remove openstack-aodh-api package if operator requests it
+          yum: name=openstack-aodh-api state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
       metadata_settings:
         get_attr: [AodhApiPuppetBase, role_data, metadata_settings]

diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml
index 077ad46..fda6faa 100644 (file)
--- a/docker/services/aodh-evaluator.yaml
+++ b/docker/services/aodh-evaluator.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -114,3 +118,8 @@ outputs:
         - name: Stop and disable openstack-aodh-evaluator service
           tags: step2
           service: name=openstack-aodh-evaluator.service state=stopped enabled=no
+        - name: Remove openstack-aodh-evaluator package if operator requests it
+          yum: name=openstack-aodh-evaluator state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml
index 4471884..fbe86d3 100644 (file)
--- a/docker/services/aodh-listener.yaml
+++ b/docker/services/aodh-listener.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -114,3 +118,8 @@ outputs:
         - name: Stop and disable openstack-aodh-listener service
           tags: step2
           service: name=openstack-aodh-listener.service state=stopped enabled=no
+        - name: Remove openstack-aodh-listener package if operator requests it
+          yum: name=openstack-aodh-listener state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml
index ffed5af..d9081d5 100644 (file)
--- a/docker/services/aodh-notifier.yaml
+++ b/docker/services/aodh-notifier.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -114,3 +118,8 @@ outputs:
         - name: Stop and disable openstack-aodh-notifier service
           tags: step2
           service: name=openstack-aodh-notifier.service state=stopped enabled=no
+        - name: Remove openstack-aodh-notifier package if operator requests it
+          yum: name=openstack-aodh-notifier state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/barbican-api.yaml b/docker/services/barbican-api.yaml
index 1aa000b..af528f7 100644 (file)
--- a/docker/services/barbican-api.yaml
+++ b/docker/services/barbican-api.yaml
@@ -39,6 +39,10 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 conditions:
 
@@ -152,5 +156,10 @@ outputs:
         - name: Stop and disable barbican_api service
           tags: step2
           service: name=openstack-barbican-api state=stopped enabled=no
+        - name: Remove openstack-barbican-api package if operator requests it
+          yum: name=openstack-barbican-api state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
       metadata_settings:
         get_attr: [BarbicanApiBase, role_data, metadata_settings]

diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml
index 7033e0b..6342c82 100644 (file)
--- a/docker/services/ceilometer-agent-central.yaml
+++ b/docker/services/ceilometer-agent-central.yaml
@@ -36,6 +36,11 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
+
 resources:
 
   ContainersCommon:
@@ -126,3 +131,8 @@ outputs:
         - name: Stop and disable ceilometer agent central service
           tags: step2
           service: name=openstack-ceilometer-central state=stopped enabled=no
+        - name: Remove openstack-ceilometer-central package if operator requests it
+          yum: name=openstack-ceilometer-central state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml
index ccde928..1ee9f49 100644 (file)
--- a/docker/services/ceilometer-agent-compute.yaml
+++ b/docker/services/ceilometer-agent-compute.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -118,3 +122,13 @@ outputs:
           tags: step2
           service: name=openstack-ceilometer-polling state=stopped enabled=no
           when: openstack_ceilometer_polling_enabled.rc|default('') == 0
+        - name: Remove openstack-ceilometer-compute package if operator requests it
+          yum: name=openstack-ceilometer-compute state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
+        - name: Remove openstack-ceilometer-polling package if operator requests it
+          yum: name=openstack-ceilometer-polling state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml
index a139f29..9df93aa 100644 (file)
--- a/docker/services/ceilometer-agent-ipmi.yaml
+++ b/docker/services/ceilometer-agent-ipmi.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -104,3 +108,8 @@ outputs:
         - name: Stop and disable ceilometer agent ipmi service
           tags: step2
           service: name=openstack-ceilometer-agent-ipmi state=stopped enabled=no
+        - name: Remove openstack-ceilometer-ipmi package if operator requests it
+          yum: name=openstack-ceilometer-ipmi state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml
index 6c49513..de1d2e7 100644 (file)
--- a/docker/services/ceilometer-agent-notification.yaml
+++ b/docker/services/ceilometer-agent-notification.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -119,3 +123,8 @@ outputs:
         - name: Stop and disable ceilometer agent notification service
           tags: step2
           service: name=openstack-ceilometer-notification state=stopped enabled=no
+        - name: Remove openstack-ceilometer-notification package if operator requests it
+          yum: name=openstack-ceilometer-notification state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml
index 93890d0..25390c6 100644 (file)
--- a/docker/services/cinder-api.yaml
+++ b/docker/services/cinder-api.yaml
@@ -39,6 +39,10 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 conditions:
 
@@ -199,3 +203,8 @@ outputs:
           file:
             path: /var/spool/cron/cinder
             state: absent
+        - name: Remove httpd package if operator requests it
+          yum: name=httpd state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml
index 53febdb..66877b5 100644 (file)
--- a/docker/services/cinder-backup.yaml
+++ b/docker/services/cinder-backup.yaml
@@ -36,7 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
-
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -147,3 +150,8 @@ outputs:
         - name: Stop and disable cinder_backup service
           tags: step2
           service: name=openstack-cinder-backup state=stopped enabled=no
+        - name: Remove openstack-cinder package if operator requests it
+          yum: name=openstack-cinder state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml
index fa9d241..1772f9e 100644 (file)
--- a/docker/services/cinder-scheduler.yaml
+++ b/docker/services/cinder-scheduler.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -122,3 +126,8 @@ outputs:
         - name: Stop and disable cinder_scheduler service
           tags: step2
           service: name=openstack-cinder-scheduler state=stopped enabled=no
+        - name: Remove openstack-cinder package if operator requests it
+          yum: name=openstack-cinder state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml
index 88e7712..d8a93b1 100644 (file)
--- a/docker/services/cinder-volume.yaml
+++ b/docker/services/cinder-volume.yaml
@@ -45,6 +45,10 @@ parameters:
     default: 10280
     description: The size of the loopback file used by the cinder LVM driver.
     type: number
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -187,3 +191,8 @@ outputs:
         - name: Stop and disable cinder_volume service
           tags: step2
           service: name=openstack-cinder-volume state=stopped enabled=no
+        - name: Remove openstack-cinder package if operator requests it
+          yum: name=openstack-cinder state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml
index ef7ddc5..2ab020c 100644 (file)
--- a/docker/services/collectd.yaml
+++ b/docker/services/collectd.yaml
@@ -36,7 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
-
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -113,3 +116,8 @@ outputs:
         - name: Stop and disable collectd service
           tags: step2
           service: name=collectd.service state=stopped enabled=no
+        - name: Remove collectd package if operator requests it
+          yum: name=collectd state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/congress.yaml b/docker/services/congress.yaml
index ba899b8..eb287d5 100644 (file)
--- a/docker/services/congress.yaml
+++ b/docker/services/congress.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -141,3 +145,8 @@ outputs:
         - name: Stop and disable congress_api service
           tags: step2
           service: name=openstack-congress-server state=stopped enabled=no
+        - name: Remove openstack-congress package if operator requests it
+          yum: name=openstack-congress state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml
index f23ec35..e1a3827 100644 (file)
--- a/docker/services/glance-api.yaml
+++ b/docker/services/glance-api.yaml
@@ -44,6 +44,10 @@ parameters:
     description: >
       When using GlanceBackend 'file', mount NFS share for image storage.
     type: boolean
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 conditions:
 
@@ -193,5 +197,10 @@ outputs:
         - name: Stop and disable glance_api service
           tags: step2
           service: name=openstack-glance-api state=stopped enabled=no
+        - name: Remove openstack-glance package if operator requests it
+          yum: name=openstack-glance state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
       metadata_settings:
         get_attr: [GlanceApiPuppetBase, role_data, metadata_settings]

diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml
index 11ab93b..34d70ff 100644 (file)
--- a/docker/services/neutron-api.yaml
+++ b/docker/services/neutron-api.yaml
@@ -39,6 +39,10 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 conditions:
 
@@ -191,5 +195,10 @@ outputs:
           tags: step2
           when: neutron_server_enabled.rc == 0
           service: name=neutron-server state=stopped enabled=no
+        - name: Remove openstack-neutron package if operator requests it
+          yum: name=openstack-neutron state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
       metadata_settings:
         get_attr: [NeutronBase, role_data, metadata_settings]

diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml
index 246008c..e6faf34 100644 (file)
--- a/docker/services/neutron-ovs-agent.yaml
+++ b/docker/services/neutron-ovs-agent.yaml
@@ -36,6 +36,10 @@ parameters:
     description: Mapping of service endpoint -> protocol. Typically set
                  via parameter_defaults in the resource registry.
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -138,3 +142,8 @@ outputs:
         - name: Stop and disable neutron_ovs_agent service
           tags: step2
           service: name=neutron-openvswitch-agent state=stopped enabled=no
+        - name: Remove openstack-neutron-openvswitch package if operator requests it
+          yum: name=openstack-neutron-openvswitch state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml
index ed4a617..f262bcb 100644 (file)
--- a/docker/services/nova-api.yaml
+++ b/docker/services/nova-api.yaml
@@ -39,6 +39,10 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 conditions:
 
@@ -236,6 +240,11 @@ outputs:
         - name: Stop and disable nova_api service
           tags: step2
           service: name=openstack-nova-api state=stopped enabled=no
+        - name: Remove openstack-nova-api package if operator requests it
+          yum: name=openstack-nova-api state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
         - name: remove old nova cron jobs
           file:
             path: /var/spool/cron/nova

diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml
index c484671..883f438 100644 (file)
--- a/docker/services/nova-compute.yaml
+++ b/docker/services/nova-compute.yaml
@@ -45,6 +45,10 @@ parameters:
     type: string
     description: Nova Compute upgrade level
     default: ''
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -157,3 +161,8 @@ outputs:
         - name: Stop and disable nova-compute service
           tags: step2
           service: name=openstack-nova-compute state=stopped enabled=no
+        - name: Remove openstack-nova-compute package if operator requests it
+          yum: name=openstack-nova-compute state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml
index 56275b0..f15c3a6 100644 (file)
--- a/docker/services/nova-conductor.yaml
+++ b/docker/services/nova-conductor.yaml
@@ -40,6 +40,11 @@ parameters:
     type: string
     description: Nova Compute upgrade level
     default: ''
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
+
 
 resources:
 
@@ -123,3 +128,8 @@ outputs:
         - name: Stop and disable nova_conductor service
           tags: step2
           service: name=openstack-nova-conductor state=stopped enabled=no
+        - name: Remove openstack-nova-conductor package if operator requests it
+          yum: name=openstack-nova-conductor state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml
index 85078f1..069b09b 100644 (file)
--- a/docker/services/nova-consoleauth.yaml
+++ b/docker/services/nova-consoleauth.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -112,3 +116,8 @@ outputs:
         - name: Stop and disable nova_consoleauth service
           tags: step2
           service: name=openstack-nova-consoleauth state=stopped enabled=no
+        - name: Remove openstack-nova-console package if operator requests it
+          yum: name=openstack-nova-console state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml
index 8015071..bd5ae73 100644 (file)
--- a/docker/services/nova-placement.yaml
+++ b/docker/services/nova-placement.yaml
@@ -39,6 +39,10 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 conditions:
 
@@ -140,3 +144,9 @@ outputs:
         - name: Stop and disable nova_placement service (running under httpd)
           tags: step2
           service: name=httpd state=stopped enabled=no
+        - name: Remove httpd package if operator requests it
+          yum: name=httpd state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
+

diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml
index e75df94..f8109b9 100644 (file)
--- a/docker/services/nova-scheduler.yaml
+++ b/docker/services/nova-scheduler.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -113,3 +117,8 @@ outputs:
         - name: Stop and disable nova_scheduler service
           tags: step2
           service: name=openstack-nova-scheduler state=stopped enabled=no
+        - name: Remove openstack-nova-scheduler package if operator requests it
+          yum: name=openstack-nova-scheduler state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml
index f1bb0eb..b1da294 100644 (file)
--- a/docker/services/nova-vnc-proxy.yaml
+++ b/docker/services/nova-vnc-proxy.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -112,3 +116,8 @@ outputs:
         - name: Stop and disable nova_vnc_proxy service
           tags: step2
           service: name=openstack-nova-novncproxy state=stopped enabled=no
+        - name: Remove openstack-nova-novncproxy package if operator requests it
+          yum: name=openstack-nova-novncproxy state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/octavia-health-manager.yaml b/docker/services/octavia-health-manager.yaml
index 38c4faf..5180e41 100644 (file)
--- a/docker/services/octavia-health-manager.yaml
+++ b/docker/services/octavia-health-manager.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -116,3 +120,8 @@ outputs:
         - name: Stop and disable octavia_health_manager service
           tags: step2
           service: name=openstack-octavia-health-manager state=stopped enabled=no
+        - name: Remove openstack-octavia-health-manager package if operator requests it
+          yum: name=openstack-octavia-health-manager state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml
index 46b9932..4a99184 100644 (file)
--- a/docker/services/pacemaker/cinder-backup.yaml
+++ b/docker/services/pacemaker/cinder-backup.yaml
@@ -207,3 +207,33 @@ outputs:
         - name: Disable cinder_backup service
           tags: step2
           service: name=openstack-cinder-backup enabled=no
+      update_tasks:
+        - name: Get docker Cinder-Backup image
+          set_fact:
+            docker_image: {get_param: DockerCinderBackupImage}
+            docker_image_latest: *cinder_backup_image_pcmklatest
+          when: step == '2'
+        - name: Pull latest Cinder-Backup images
+          command: "docker pull {{docker_image}}"
+          when: step == "2"
+        - name: Get previous Cinder-Backup image id
+          shell: "docker images | awk '/cinder-backup.* pcmklatest/{print $3}'"
+          register: cinder_backup_image_id
+        - block:
+            - name: Get a list of container using Cinder-Backup image
+              shell: "docker ps -q -f 'ancestor={{cinder_backup_image_id.stdout}}'"
+              register: cinder_backup_containers_to_destroy
+            # It will be recreated with the delpoy step.
+            - name: Remove any container using the same Cinder-Backup image
+              shell: "docker rm -fv {{item}}"
+              with_items: "{{ cinder_backup_containers_to_destroy.stdout_lines }}"
+            - name: Remove previous Cinder-Backup images
+              shell: "docker rmi -f {{cinder_backup_image_id.stdout}}"
+          when:
+            - step == '2'
+            - cinder_backup_image_id.stdout != ''
+        - name: Retag pcmklatest to latest Cinder-Backup image
+          shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+          when: step == "2"
+        # Got to check that pacemaker_is_active is working fine with bundle.
+        # TODO: pacemaker_is_active resource doesn't support bundle.

diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml
index 2f68b12..ce93e5f 100644 (file)
--- a/docker/services/pacemaker/cinder-volume.yaml
+++ b/docker/services/pacemaker/cinder-volume.yaml
@@ -225,6 +225,33 @@ outputs:
         - name: Disable cinder_volume service from boot
           tags: step2
           service: name=openstack-cinder-volume enabled=no
-
-
-
+      update_tasks:
+        - name: Get docker Cinder-Volume image
+          set_fact:
+            docker_image: {get_param: DockerCinderVolumeImage}
+            docker_image_latest: *cinder_volume_image_pcmklatest
+          when: step == '2'
+        - name: Get previous Cinder-Volume image id
+          shell: "docker images | awk '/cinder-volume.* pcmklatest/{print $3}'"
+          register: cinder_volume_image_id
+        - block:
+            - name: Get a list of container using Cinder-Volume image
+              shell: "docker ps -q -f 'ancestor={{cinder_volume_image_id.stdout}}'"
+              register: cinder_volume_containers_to_destroy
+            # It will be recreated with the delpoy step.
+            - name: Remove any container using the same Cinder-Volume image
+              shell: "docker rm -fv {{item}}"
+              with_items: "{{ cinder_volume_containers_to_destroy.stdout_lines }}"
+            - name: Remove previous Cinder-Volume images
+              shell: "docker rmi -f {{cinder_volume_image_id.stdout}}"
+          when:
+            - step == '2'
+            - cinder_volume_image_id.stdout != ''
+        - name: Pull latest Cinder-Volume images
+          command: "docker pull {{docker_image}}"
+          when: step == "2"
+        - name: Retag pcmklatest to latest Cinder-Volume image
+          shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+          when: step == "2"
+        # Got to check that pacemaker_is_active is working fine with bundle.
+        # TODO: pacemaker_is_active resource doesn't support bundle.

diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml
index 69f306b..b5d128d 100644 (file)
--- a/docker/services/pacemaker/clustercheck.yaml
+++ b/docker/services/pacemaker/clustercheck.yaml
@@ -95,3 +95,5 @@ outputs:
               - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
       host_prep_tasks:
       upgrade_tasks:
+      update_tasks:
+        # Nothing: It's not managed by pacemaker, so let paunch do it.

diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml
index 80c1985..a65117f 100644 (file)
--- a/docker/services/pacemaker/database/mysql.yaml
+++ b/docker/services/pacemaker/database/mysql.yaml
@@ -313,3 +313,33 @@ outputs:
         - name: Restart xinetd service after clustercheck removal
           tags: step2
           service: name=xinetd state=restarted
+      update_tasks:
+        - name: Get docker Mariadb image
+          set_fact:
+            docker_image: {get_param: DockerMysqlImage}
+            docker_image_latest: *mysql_image_pcmklatest
+          when: step == '2'
+        - name: Get previous Mariadb image id
+          shell: "docker images | awk '/mariadb.* pcmklatest/{print $3}'"
+          register: mariadb_image_id
+        - block:
+            - name: Get a list of container using Mariadb image
+              shell: "docker ps -q -f 'ancestor={{mariadb_image_id.stdout}}'"
+              register: mariadb_containers_to_destroy
+            # It will be recreated with the delpoy step.
+            - name: Remove any container using the same Mariadb image
+              shell: "docker rm -fv {{item}}"
+              with_items: "{{ mariadb_containers_to_destroy.stdout_lines }}"
+            - name: Remove previous Mariadb images
+              shell: "docker rmi -f {{mariadb_image_id.stdout}}"
+          when:
+            - step == '2'
+            - mariadb_image_id.stdout != ''
+        - name: Pull latest Mariadb images
+          command: "docker pull {{docker_image}}"
+          when: step == "2"
+        - name: Retag pcmklatest to latest Mariadb image
+          shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+          when: step == "2"
+        # Got to check that pacemaker_is_active is working fine with bundle.
+        # TODO: pacemaker_is_active resource doesn't support bundle.

diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml
index bcda4ef..fe69bb0 100644 (file)
--- a/docker/services/pacemaker/database/redis.yaml
+++ b/docker/services/pacemaker/database/redis.yaml
@@ -255,3 +255,33 @@ outputs:
         - name: Disable redis service
           tags: step2
           service: name=redis enabled=no
+      update_tasks:
+        - name: Get docker Redis image
+          set_fact:
+            docker_image: {get_param: DockerRedisImage}
+            docker_image_latest: *redis_image_pcmklatest
+          when: step == '2'
+        - name: Get previous Redis image id
+          shell: "docker images | awk '/redis.* pcmklatest/{print $3}'"
+          register: redis_image_id
+        - block:
+            - name: Get a list of container using Redis image
+              shell: "docker ps -q -f 'ancestor={{redis_image_id.stdout}}'"
+              register: redis_containers_to_destroy
+            # It will be recreated with the delpoy step.
+            - name: Remove any container using the same Redis image
+              shell: "docker rm -fv {{item}}"
+              with_items: "{{ redis_containers_to_destroy.stdout_lines }}"
+            - name: Remove previous Redis images
+              shell: "docker rmi -f {{redis_image_id.stdout}}"
+          when:
+            - step == '2'
+            - redis_image_id.stdout != ''
+        - name: Pull latest Redis images
+          command: "docker pull {{docker_image}}"
+          when: step == "2"
+        - name: Retag pcmklatest to latest Redis image
+          shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+          when: step == "2"
+        # Got to check that pacemaker_is_active is working fine with bundle.
+        # TODO: pacemaker_is_active resource doesn't support bundle.

diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml
index ba0f0ef..f1c8f90 100644 (file)
--- a/docker/services/pacemaker/haproxy.yaml
+++ b/docker/services/pacemaker/haproxy.yaml
@@ -253,3 +253,33 @@ outputs:
           retries: 5
           until: output.rc == 0
           when: is_bootstrap_node and haproxy_res|succeeded
+      update_tasks:
+        - name: Get docker Haproxy image
+          set_fact:
+            docker_image: {get_param: DockerHAProxyImage}
+            docker_image_latest: *haproxy_image_pcmklatest
+          when: step == '2'
+        - name: Get previous Haproxy image id
+          shell: "docker images | awk '/haproxy.* pcmklatest/{print $3}'"
+          register: haproxy_image_id
+        - block:
+            - name: Get a list of container using Haproxy image
+              shell: "docker ps -q -f 'ancestor={{haproxy_image_id.stdout}}'"
+              register: haproxy_containers_to_destroy
+            # It will be recreated with the delpoy step.
+            - name: Remove any container using the same Haproxy image
+              shell: "docker rm -fv {{item}}"
+              with_items: "{{ haproxy_containers_to_destroy.stdout_lines }}"
+            - name: Remove previous Haproxy images
+              shell: "docker rmi -f {{haproxy_image_id.stdout}}"
+          when:
+            - step == '2'
+            - haproxy_image_id.stdout != ''
+        - name: Pull latest Haproxy images
+          command: "docker pull {{docker_image}}"
+          when: step == "2"
+        - name: Retag pcmklatest to latest Haproxy image
+          shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+          when: step == "2"
+        # Got to check that pacemaker_is_active is working fine with bundle.
+        # TODO: pacemaker_is_active resource doesn't support bundle.

diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml
index a31c1c7..55f66b9 100644 (file)
--- a/docker/services/pacemaker/manila-share.yaml
+++ b/docker/services/pacemaker/manila-share.yaml
@@ -166,3 +166,33 @@ outputs:
         - name: Stop and disable manila_share service
           tags: step2
           service: name=openstack-manila-share state=stopped enabled=no
+      update_tasks:
+        - name: Get docker Manila-Share image
+          set_fact:
+            docker_image: {get_param: DockerManilaShareImage}
+            docker_image_latest: *manila_share_image_pcmklatest
+          when: step == '2'
+        - name: Get previous Manila-Share image id
+          shell: "docker images | awk '/manila-share.* pcmklatest/{print $3}'"
+          register: manila_share_image_id
+        - block:
+            - name: Get a list of container using Manila-Share image
+              shell: "docker ps -q -f 'ancestor={{manila_share_image_id.stdout}}'"
+              register: manila-share_containers_to_destroy
+            # It will be recreated with the delpoy step.
+            - name: Remove any container using the same Manila-Share image
+              shell: "docker rm -fv {{item}}"
+              with_items: "{{ manila_share_containers_to_destroy.stdout_lines }}"
+            - name: Remove previous Manila-Share images
+              shell: "docker rmi -f {{manila_share_image_id.stdout}}"
+          when:
+            - step == '2'
+            - manila_share_image_id.stdout != ''
+        - name: Pull latest Manila-Share images
+          command: "docker pull {{docker_image}}"
+          when: step == "2"
+        - name: Retag pcmklatest to latest Manila-Share image
+          shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+          when: step == "2"
+        # Got to check that pacemaker_is_active is working fine with bundle.
+        # TODO: pacemaker_is_active resource doesn't support bundle.

diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml
index 5660856..f17747c 100644 (file)
--- a/docker/services/pacemaker/rabbitmq.yaml
+++ b/docker/services/pacemaker/rabbitmq.yaml
@@ -248,3 +248,33 @@ outputs:
         - name: Disable rabbitmq service
           tags: step2
           service: name=rabbitmq-server enabled=no
+      update_tasks:
+        - name: Get docker Rabbitmq image
+          set_fact:
+            docker_image: {get_param: DockerRabbitmqImage}
+            docker_image_latest: *rabbitmq_image_pcmklatest
+          when: step == '2'
+        - name: Get previous Rabbitmq image id
+          shell: "docker images | awk '/rabbitmq.* pcmklatest/{print $3}'"
+          register: rabbitmq_image_id
+        - block:
+            - name: Get a list of container using Rabbitmq image
+              shell: "docker ps -q -f 'ancestor={{rabbitmq_image_id.stdout}}'"
+              register: rabbitmq_containers_to_destroy
+            # It will be recreated with the delpoy step.
+            - name: Remove any container using the same Rabbitmq image
+              shell: "docker rm -fv {{item}}"
+              with_items: "{{ rabbitmq_containers_to_destroy.stdout_lines }}"
+            - name: Remove previous Rabbitmq images
+              shell: "docker rmi -f {{rabbitmq_image_id.stdout}}"
+          when:
+            - step == '2'
+            - rabbitmq_image_id.stdout != ''
+        - name: Pull latest Rabbitmq images
+          command: "docker pull {{docker_image}}"
+          when: step == "2"
+        - name: Retag pcmklatest to latest Rabbitmq image
+          shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+          when: step == "2"
+        # Got to check that pacemaker_is_active is working fine with bundle.
+        # TODO: pacemaker_is_active resource doesn't support bundle.

diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml
index 632bdc2..237995b 100644 (file)
--- a/docker/services/rabbitmq.yaml
+++ b/docker/services/rabbitmq.yaml
@@ -220,3 +220,9 @@ outputs:
         - name: Stop and disable rabbitmq service
           tags: step2
           service: name=rabbitmq-server state=stopped enabled=no
+      update_tasks:
+        # TODO: Are we sure we want to support this.  Rolling update
+        # without pacemaker may fail.  Do we test this ?  In any case,
+        # this is under paunch control so the latest image should be
+        # pulled in by the deploy steps.  Same question for other
+        # usually managed by pacemaker container.

diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml
index ab8cef1..cf7eae8 100644 (file)
--- a/docker/services/sahara-api.yaml
+++ b/docker/services/sahara-api.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -138,3 +142,8 @@ outputs:
         - name: Stop and disable sahara_api service
           tags: step2
           service: name=openstack-sahara-api state=stopped enabled=no
+        - name: Remove openstack-sahara-api package if operator requests it
+          yum: name=openstack-sahara-api state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml
index 0884116..0a061bd 100644 (file)
--- a/docker/services/sahara-engine.yaml
+++ b/docker/services/sahara-engine.yaml
@@ -36,6 +36,10 @@ parameters:
     default: {}
     description: Parameters specific to the role
     type: json
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -121,3 +125,8 @@ outputs:
         - name: Stop and disable sahara_engine service
           tags: step2
           service: name=openstack-sahara-engine state=stopped enabled=no
+        - name: Remove openstack-sahara-engine package if operator requests it
+          yum: name=openstack-sahara-engine state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}

diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml
index 2d745f7..3a27ab8 100644 (file)
--- a/docker/services/swift-proxy.yaml
+++ b/docker/services/swift-proxy.yaml
@@ -39,6 +39,10 @@ parameters:
   EnableInternalTLS:
     type: boolean
     default: false
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 conditions:
 
@@ -147,5 +151,10 @@ outputs:
         - name: Stop and disable swift_proxy service
           tags: step2
           service: name=openstack-swift-proxy state=stopped enabled=no
+        - name: Remove openstack-swift-proxy package if operator requests it
+          yum: name=openstack-swift-proxy state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
       metadata_settings:
         get_attr: [SwiftProxyBase, role_data, metadata_settings]

diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml
index 108a036..e0c1194 100644 (file)
--- a/docker/services/swift-storage.yaml
+++ b/docker/services/swift-storage.yaml
@@ -50,7 +50,10 @@ parameters:
     default: {}
     description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
     type: json
-
+  UpgradeRemoveUnusedPackages:
+    default: false
+    description: Remove package if the service is being disabled during upgrade
+    type: boolean
 
 resources:
 
@@ -468,3 +471,12 @@ outputs:
             - openstack-swift-object-replicator
             - openstack-swift-object-updater
             - openstack-swift-object
+        - name: Remove openstack-swift-container,object,account packages if operator requests it
+          yum: name={{ item }} state=removed
+          tags: step2
+          ignore_errors: True
+          when: {get_param: UpgradeRemoveUnusedPackages}
+          with_items:
+            - openstack-swift-container
+            - openstack-swift-object
+            - openstack-swift-account

diff --git a/environments/major-upgrade-composable-steps-docker.yaml b/environments/major-upgrade-composable-steps-docker.yaml
index 1b7f17e..1f45d02 100644 (file)
--- a/environments/major-upgrade-composable-steps-docker.yaml
+++ b/environments/major-upgrade-composable-steps-docker.yaml
@@ -10,3 +10,4 @@ parameter_defaults:
     # Ocata to Pike, put any needed host-level workarounds here
     yum install -y ansible-pacemaker
   MigrationSshPort: 22
+  UpgradeRemoveUnusedPackages: false
\ No newline at end of file

diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml
index 5433572..e8a0074 100644 (file)
--- a/environments/major-upgrade-composable-steps.yaml
+++ b/environments/major-upgrade-composable-steps.yaml
@@ -15,3 +15,4 @@ parameter_defaults:
     rm -f /usr/libexec/os-refresh-config/configure.d/40-hiera-datafiles
     rm -f /etc/puppet/hieradata/*.yaml
   MigrationSshPort: 22
+  UpgradeRemoveUnusedPackages: false
\ No newline at end of file

diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml
index 158d04b..badb1a4 100644 (file)
--- a/puppet/services/pacemaker.yaml
+++ b/puppet/services/pacemaker.yaml
@@ -156,3 +156,15 @@ outputs:
         - name: Start pacemaker cluster
           tags: step4
           pacemaker_cluster: state=online
+      update_tasks:
+        - name: Check pacemaker cluster running before the minor update
+          when: step == "0"  # TODO(marios) disabling validations?
+          pacemaker_cluster: state=online check_and_fail=true
+          async: 30
+          poll: 4
+        - name: Stop pacemaker cluster
+          when: step == "1"
+          pacemaker_cluster: state=offline
+        - name: Start pacemaker cluster
+          when: step == "4"
+          pacemaker_cluster: state=online

diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml
index 0dbdbf8..bfdac3e 100644 (file)
--- a/puppet/services/tripleo-packages.yaml
+++ b/puppet/services/tripleo-packages.yaml
@@ -66,6 +66,13 @@ outputs:
           tags: step3
           yum: name=* state=latest
       update_tasks:
+        - name: Check for existing yum.pid
+          stat:  path=/var/run/yum.pid
+          register: yum_pid_file
+          when: step == "0" or step == "3"
+        - name: Exit if existing yum process
+          fail: msg="ERROR existing yum.pid detected - can't continue! Please ensure there is no other package update process for the duration of the minor update worfklow. Exiting."
+          when: (step == "0" or step == "3") and yum_pid_file.stat.exists
         - name: Update all packages
-          yum: name=* state=latest
+          yum: name=* state=latest update_cache=yes  # cache for tripleo/+bug/1703830
           when: step == "3"

diff --git a/releasenotes/notes/add-option-remove-unused-packages-on-upgrade-5a469428a6948148.yaml b/releasenotes/notes/add-option-remove-unused-packages-on-upgrade-5a469428a6948148.yaml
new file mode 100644 (file)
index 0000000..dbb7af1
--- /dev/null
+++ b/releasenotes/notes/add-option-remove-unused-packages-on-upgrade-5a469428a6948148.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+  - Adds a new UpgradeRemoveUnusedPackages parameter (default False) and some
+    service upgrade_tasks that use this parameter to remove any unused
+    packages. "Unused" is those services that are being stopped and disabled
+    from starting on boot (because they are being containerized). Note that
+    ignore_errors is set on all the package removal ansible tasks so any
+    issues removing a given package will not fail the upgrade workflow.
+
+    For clarity, setting UpgradeRemoveUnusedPackages to True in your deployment
+    environment file(s) will result in the REMOVAL of packages for stopped
+    and disabled services, during the upgrade.

diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py
index de8ba80..c322962 100755 (executable)
--- a/tools/yaml-validate.py
+++ b/tools/yaml-validate.py
@@ -35,7 +35,8 @@ OPTIONAL_SECTIONS = ['workflow_tasks']
 REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config',
                             'config_settings', 'step_config']
 OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks',
-                            'post_upgrade_tasks', 'service_config_settings',
+                            'post_upgrade_tasks', 'update_tasks',
+                            'service_config_settings',
                             'host_prep_tasks', 'metadata_settings',
                             'kolla_config', 'logging_source', 'logging_groups']
 REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config',