5) Service activation (Pacemaker)
a) step 5 baremetal
b) step 5 containers
+
+Update steps:
+-------------
+
+All services have an associated update_tasks output that is an ansible
+snippet that will be run during update in an rolling update that is
+expected to run in a rolling update fashion (one node at a time)
+
+For Controller (where pacemaker is running) we have the following states:
+ 1. Step=1: stop the cluster on the updated node;
+ 2. Step=2: Pull the latest image and retag the it pcmklatest
+ 3. Step=3: yum upgrade happens on the host.
+ 4. Step=4: Restart the cluster on the node
+ 5. Step=5: Verification:
+ Currently we test that the pacemaker services are running.
+
+Then the usual deploy steps are run which pull in the latest image for
+all containerized services and the updated configuration if any.
+
+Note: as pacemaker is not containerized, the points 1 and 4 happen in
+puppet/services/pacemaker.yaml.
EnableInternalTLS:
type: boolean
default: false
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
conditions:
- name: Stop and disable aodh service (running under httpd)
tags: step2
service: name=httpd state=stopped enabled=no
+ - name: Remove openstack-aodh-api package if operator requests it
+ yum: name=openstack-aodh-api state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [AodhApiPuppetBase, role_data, metadata_settings]
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable openstack-aodh-evaluator service
tags: step2
service: name=openstack-aodh-evaluator.service state=stopped enabled=no
+ - name: Remove openstack-aodh-evaluator package if operator requests it
+ yum: name=openstack-aodh-evaluator state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable openstack-aodh-listener service
tags: step2
service: name=openstack-aodh-listener.service state=stopped enabled=no
+ - name: Remove openstack-aodh-listener package if operator requests it
+ yum: name=openstack-aodh-listener state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable openstack-aodh-notifier service
tags: step2
service: name=openstack-aodh-notifier.service state=stopped enabled=no
+ - name: Remove openstack-aodh-notifier package if operator requests it
+ yum: name=openstack-aodh-notifier state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
EnableInternalTLS:
type: boolean
default: false
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
conditions:
- name: Stop and disable barbican_api service
tags: step2
service: name=openstack-barbican-api state=stopped enabled=no
+ - name: Remove openstack-barbican-api package if operator requests it
+ yum: name=openstack-barbican-api state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [BarbicanApiBase, role_data, metadata_settings]
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
+
resources:
ContainersCommon:
- name: Stop and disable ceilometer agent central service
tags: step2
service: name=openstack-ceilometer-central state=stopped enabled=no
+ - name: Remove openstack-ceilometer-central package if operator requests it
+ yum: name=openstack-ceilometer-central state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
tags: step2
service: name=openstack-ceilometer-polling state=stopped enabled=no
when: openstack_ceilometer_polling_enabled.rc|default('') == 0
+ - name: Remove openstack-ceilometer-compute package if operator requests it
+ yum: name=openstack-ceilometer-compute state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
+ - name: Remove openstack-ceilometer-polling package if operator requests it
+ yum: name=openstack-ceilometer-polling state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable ceilometer agent ipmi service
tags: step2
service: name=openstack-ceilometer-agent-ipmi state=stopped enabled=no
+ - name: Remove openstack-ceilometer-ipmi package if operator requests it
+ yum: name=openstack-ceilometer-ipmi state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable ceilometer agent notification service
tags: step2
service: name=openstack-ceilometer-notification state=stopped enabled=no
+ - name: Remove openstack-ceilometer-notification package if operator requests it
+ yum: name=openstack-ceilometer-notification state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
EnableInternalTLS:
type: boolean
default: false
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
conditions:
file:
path: /var/spool/cron/cinder
state: absent
+ - name: Remove httpd package if operator requests it
+ yum: name=httpd state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
-
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable cinder_backup service
tags: step2
service: name=openstack-cinder-backup state=stopped enabled=no
+ - name: Remove openstack-cinder package if operator requests it
+ yum: name=openstack-cinder state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable cinder_scheduler service
tags: step2
service: name=openstack-cinder-scheduler state=stopped enabled=no
+ - name: Remove openstack-cinder package if operator requests it
+ yum: name=openstack-cinder state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: 10280
description: The size of the loopback file used by the cinder LVM driver.
type: number
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable cinder_volume service
tags: step2
service: name=openstack-cinder-volume state=stopped enabled=no
+ - name: Remove openstack-cinder package if operator requests it
+ yum: name=openstack-cinder state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
-
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable collectd service
tags: step2
service: name=collectd.service state=stopped enabled=no
+ - name: Remove collectd package if operator requests it
+ yum: name=collectd state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable congress_api service
tags: step2
service: name=openstack-congress-server state=stopped enabled=no
+ - name: Remove openstack-congress package if operator requests it
+ yum: name=openstack-congress state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
description: >
When using GlanceBackend 'file', mount NFS share for image storage.
type: boolean
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
conditions:
- name: Stop and disable glance_api service
tags: step2
service: name=openstack-glance-api state=stopped enabled=no
+ - name: Remove openstack-glance package if operator requests it
+ yum: name=openstack-glance state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [GlanceApiPuppetBase, role_data, metadata_settings]
EnableInternalTLS:
type: boolean
default: false
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
conditions:
tags: step2
when: neutron_server_enabled.rc == 0
service: name=neutron-server state=stopped enabled=no
+ - name: Remove openstack-neutron package if operator requests it
+ yum: name=openstack-neutron state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [NeutronBase, role_data, metadata_settings]
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable neutron_ovs_agent service
tags: step2
service: name=neutron-openvswitch-agent state=stopped enabled=no
+ - name: Remove openstack-neutron-openvswitch package if operator requests it
+ yum: name=openstack-neutron-openvswitch state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
EnableInternalTLS:
type: boolean
default: false
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
conditions:
- name: Stop and disable nova_api service
tags: step2
service: name=openstack-nova-api state=stopped enabled=no
+ - name: Remove openstack-nova-api package if operator requests it
+ yum: name=openstack-nova-api state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
- name: remove old nova cron jobs
file:
path: /var/spool/cron/nova
type: string
description: Nova Compute upgrade level
default: ''
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable nova-compute service
tags: step2
service: name=openstack-nova-compute state=stopped enabled=no
+ - name: Remove openstack-nova-compute package if operator requests it
+ yum: name=openstack-nova-compute state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
type: string
description: Nova Compute upgrade level
default: ''
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
+
resources:
- name: Stop and disable nova_conductor service
tags: step2
service: name=openstack-nova-conductor state=stopped enabled=no
+ - name: Remove openstack-nova-conductor package if operator requests it
+ yum: name=openstack-nova-conductor state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable nova_consoleauth service
tags: step2
service: name=openstack-nova-consoleauth state=stopped enabled=no
+ - name: Remove openstack-nova-console package if operator requests it
+ yum: name=openstack-nova-console state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
EnableInternalTLS:
type: boolean
default: false
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
conditions:
- name: Stop and disable nova_placement service (running under httpd)
tags: step2
service: name=httpd state=stopped enabled=no
+ - name: Remove httpd package if operator requests it
+ yum: name=httpd state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
+
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable nova_scheduler service
tags: step2
service: name=openstack-nova-scheduler state=stopped enabled=no
+ - name: Remove openstack-nova-scheduler package if operator requests it
+ yum: name=openstack-nova-scheduler state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable nova_vnc_proxy service
tags: step2
service: name=openstack-nova-novncproxy state=stopped enabled=no
+ - name: Remove openstack-nova-novncproxy package if operator requests it
+ yum: name=openstack-nova-novncproxy state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable octavia_health_manager service
tags: step2
service: name=openstack-octavia-health-manager state=stopped enabled=no
+ - name: Remove openstack-octavia-health-manager package if operator requests it
+ yum: name=openstack-octavia-health-manager state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
- name: Disable cinder_backup service
tags: step2
service: name=openstack-cinder-backup enabled=no
+ update_tasks:
+ - name: Get docker Cinder-Backup image
+ set_fact:
+ docker_image: {get_param: DockerCinderBackupImage}
+ docker_image_latest: *cinder_backup_image_pcmklatest
+ when: step == '2'
+ - name: Pull latest Cinder-Backup images
+ command: "docker pull {{docker_image}}"
+ when: step == "2"
+ - name: Get previous Cinder-Backup image id
+ shell: "docker images | awk '/cinder-backup.* pcmklatest/{print $3}'"
+ register: cinder_backup_image_id
+ - block:
+ - name: Get a list of container using Cinder-Backup image
+ shell: "docker ps -q -f 'ancestor={{cinder_backup_image_id.stdout}}'"
+ register: cinder_backup_containers_to_destroy
+ # It will be recreated with the delpoy step.
+ - name: Remove any container using the same Cinder-Backup image
+ shell: "docker rm -fv {{item}}"
+ with_items: "{{ cinder_backup_containers_to_destroy.stdout_lines }}"
+ - name: Remove previous Cinder-Backup images
+ shell: "docker rmi -f {{cinder_backup_image_id.stdout}}"
+ when:
+ - step == '2'
+ - cinder_backup_image_id.stdout != ''
+ - name: Retag pcmklatest to latest Cinder-Backup image
+ shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+ when: step == "2"
+ # Got to check that pacemaker_is_active is working fine with bundle.
+ # TODO: pacemaker_is_active resource doesn't support bundle.
- name: Disable cinder_volume service from boot
tags: step2
service: name=openstack-cinder-volume enabled=no
-
-
-
+ update_tasks:
+ - name: Get docker Cinder-Volume image
+ set_fact:
+ docker_image: {get_param: DockerCinderVolumeImage}
+ docker_image_latest: *cinder_volume_image_pcmklatest
+ when: step == '2'
+ - name: Get previous Cinder-Volume image id
+ shell: "docker images | awk '/cinder-volume.* pcmklatest/{print $3}'"
+ register: cinder_volume_image_id
+ - block:
+ - name: Get a list of container using Cinder-Volume image
+ shell: "docker ps -q -f 'ancestor={{cinder_volume_image_id.stdout}}'"
+ register: cinder_volume_containers_to_destroy
+ # It will be recreated with the delpoy step.
+ - name: Remove any container using the same Cinder-Volume image
+ shell: "docker rm -fv {{item}}"
+ with_items: "{{ cinder_volume_containers_to_destroy.stdout_lines }}"
+ - name: Remove previous Cinder-Volume images
+ shell: "docker rmi -f {{cinder_volume_image_id.stdout}}"
+ when:
+ - step == '2'
+ - cinder_volume_image_id.stdout != ''
+ - name: Pull latest Cinder-Volume images
+ command: "docker pull {{docker_image}}"
+ when: step == "2"
+ - name: Retag pcmklatest to latest Cinder-Volume image
+ shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+ when: step == "2"
+ # Got to check that pacemaker_is_active is working fine with bundle.
+ # TODO: pacemaker_is_active resource doesn't support bundle.
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
upgrade_tasks:
+ update_tasks:
+ # Nothing: It's not managed by pacemaker, so let paunch do it.
- name: Restart xinetd service after clustercheck removal
tags: step2
service: name=xinetd state=restarted
+ update_tasks:
+ - name: Get docker Mariadb image
+ set_fact:
+ docker_image: {get_param: DockerMysqlImage}
+ docker_image_latest: *mysql_image_pcmklatest
+ when: step == '2'
+ - name: Get previous Mariadb image id
+ shell: "docker images | awk '/mariadb.* pcmklatest/{print $3}'"
+ register: mariadb_image_id
+ - block:
+ - name: Get a list of container using Mariadb image
+ shell: "docker ps -q -f 'ancestor={{mariadb_image_id.stdout}}'"
+ register: mariadb_containers_to_destroy
+ # It will be recreated with the delpoy step.
+ - name: Remove any container using the same Mariadb image
+ shell: "docker rm -fv {{item}}"
+ with_items: "{{ mariadb_containers_to_destroy.stdout_lines }}"
+ - name: Remove previous Mariadb images
+ shell: "docker rmi -f {{mariadb_image_id.stdout}}"
+ when:
+ - step == '2'
+ - mariadb_image_id.stdout != ''
+ - name: Pull latest Mariadb images
+ command: "docker pull {{docker_image}}"
+ when: step == "2"
+ - name: Retag pcmklatest to latest Mariadb image
+ shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+ when: step == "2"
+ # Got to check that pacemaker_is_active is working fine with bundle.
+ # TODO: pacemaker_is_active resource doesn't support bundle.
- name: Disable redis service
tags: step2
service: name=redis enabled=no
+ update_tasks:
+ - name: Get docker Redis image
+ set_fact:
+ docker_image: {get_param: DockerRedisImage}
+ docker_image_latest: *redis_image_pcmklatest
+ when: step == '2'
+ - name: Get previous Redis image id
+ shell: "docker images | awk '/redis.* pcmklatest/{print $3}'"
+ register: redis_image_id
+ - block:
+ - name: Get a list of container using Redis image
+ shell: "docker ps -q -f 'ancestor={{redis_image_id.stdout}}'"
+ register: redis_containers_to_destroy
+ # It will be recreated with the delpoy step.
+ - name: Remove any container using the same Redis image
+ shell: "docker rm -fv {{item}}"
+ with_items: "{{ redis_containers_to_destroy.stdout_lines }}"
+ - name: Remove previous Redis images
+ shell: "docker rmi -f {{redis_image_id.stdout}}"
+ when:
+ - step == '2'
+ - redis_image_id.stdout != ''
+ - name: Pull latest Redis images
+ command: "docker pull {{docker_image}}"
+ when: step == "2"
+ - name: Retag pcmklatest to latest Redis image
+ shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+ when: step == "2"
+ # Got to check that pacemaker_is_active is working fine with bundle.
+ # TODO: pacemaker_is_active resource doesn't support bundle.
retries: 5
until: output.rc == 0
when: is_bootstrap_node and haproxy_res|succeeded
+ update_tasks:
+ - name: Get docker Haproxy image
+ set_fact:
+ docker_image: {get_param: DockerHAProxyImage}
+ docker_image_latest: *haproxy_image_pcmklatest
+ when: step == '2'
+ - name: Get previous Haproxy image id
+ shell: "docker images | awk '/haproxy.* pcmklatest/{print $3}'"
+ register: haproxy_image_id
+ - block:
+ - name: Get a list of container using Haproxy image
+ shell: "docker ps -q -f 'ancestor={{haproxy_image_id.stdout}}'"
+ register: haproxy_containers_to_destroy
+ # It will be recreated with the delpoy step.
+ - name: Remove any container using the same Haproxy image
+ shell: "docker rm -fv {{item}}"
+ with_items: "{{ haproxy_containers_to_destroy.stdout_lines }}"
+ - name: Remove previous Haproxy images
+ shell: "docker rmi -f {{haproxy_image_id.stdout}}"
+ when:
+ - step == '2'
+ - haproxy_image_id.stdout != ''
+ - name: Pull latest Haproxy images
+ command: "docker pull {{docker_image}}"
+ when: step == "2"
+ - name: Retag pcmklatest to latest Haproxy image
+ shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+ when: step == "2"
+ # Got to check that pacemaker_is_active is working fine with bundle.
+ # TODO: pacemaker_is_active resource doesn't support bundle.
- name: Stop and disable manila_share service
tags: step2
service: name=openstack-manila-share state=stopped enabled=no
+ update_tasks:
+ - name: Get docker Manila-Share image
+ set_fact:
+ docker_image: {get_param: DockerManilaShareImage}
+ docker_image_latest: *manila_share_image_pcmklatest
+ when: step == '2'
+ - name: Get previous Manila-Share image id
+ shell: "docker images | awk '/manila-share.* pcmklatest/{print $3}'"
+ register: manila_share_image_id
+ - block:
+ - name: Get a list of container using Manila-Share image
+ shell: "docker ps -q -f 'ancestor={{manila_share_image_id.stdout}}'"
+ register: manila-share_containers_to_destroy
+ # It will be recreated with the delpoy step.
+ - name: Remove any container using the same Manila-Share image
+ shell: "docker rm -fv {{item}}"
+ with_items: "{{ manila_share_containers_to_destroy.stdout_lines }}"
+ - name: Remove previous Manila-Share images
+ shell: "docker rmi -f {{manila_share_image_id.stdout}}"
+ when:
+ - step == '2'
+ - manila_share_image_id.stdout != ''
+ - name: Pull latest Manila-Share images
+ command: "docker pull {{docker_image}}"
+ when: step == "2"
+ - name: Retag pcmklatest to latest Manila-Share image
+ shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+ when: step == "2"
+ # Got to check that pacemaker_is_active is working fine with bundle.
+ # TODO: pacemaker_is_active resource doesn't support bundle.
- name: Disable rabbitmq service
tags: step2
service: name=rabbitmq-server enabled=no
+ update_tasks:
+ - name: Get docker Rabbitmq image
+ set_fact:
+ docker_image: {get_param: DockerRabbitmqImage}
+ docker_image_latest: *rabbitmq_image_pcmklatest
+ when: step == '2'
+ - name: Get previous Rabbitmq image id
+ shell: "docker images | awk '/rabbitmq.* pcmklatest/{print $3}'"
+ register: rabbitmq_image_id
+ - block:
+ - name: Get a list of container using Rabbitmq image
+ shell: "docker ps -q -f 'ancestor={{rabbitmq_image_id.stdout}}'"
+ register: rabbitmq_containers_to_destroy
+ # It will be recreated with the delpoy step.
+ - name: Remove any container using the same Rabbitmq image
+ shell: "docker rm -fv {{item}}"
+ with_items: "{{ rabbitmq_containers_to_destroy.stdout_lines }}"
+ - name: Remove previous Rabbitmq images
+ shell: "docker rmi -f {{rabbitmq_image_id.stdout}}"
+ when:
+ - step == '2'
+ - rabbitmq_image_id.stdout != ''
+ - name: Pull latest Rabbitmq images
+ command: "docker pull {{docker_image}}"
+ when: step == "2"
+ - name: Retag pcmklatest to latest Rabbitmq image
+ shell: "docker tag {{docker_image}} {{docker_image_latest}}"
+ when: step == "2"
+ # Got to check that pacemaker_is_active is working fine with bundle.
+ # TODO: pacemaker_is_active resource doesn't support bundle.
- name: Stop and disable rabbitmq service
tags: step2
service: name=rabbitmq-server state=stopped enabled=no
+ update_tasks:
+ # TODO: Are we sure we want to support this. Rolling update
+ # without pacemaker may fail. Do we test this ? In any case,
+ # this is under paunch control so the latest image should be
+ # pulled in by the deploy steps. Same question for other
+ # usually managed by pacemaker container.
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable sahara_api service
tags: step2
service: name=openstack-sahara-api state=stopped enabled=no
+ - name: Remove openstack-sahara-api package if operator requests it
+ yum: name=openstack-sahara-api state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
default: {}
description: Parameters specific to the role
type: json
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- name: Stop and disable sahara_engine service
tags: step2
service: name=openstack-sahara-engine state=stopped enabled=no
+ - name: Remove openstack-sahara-engine package if operator requests it
+ yum: name=openstack-sahara-engine state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
EnableInternalTLS:
type: boolean
default: false
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
conditions:
- name: Stop and disable swift_proxy service
tags: step2
service: name=openstack-swift-proxy state=stopped enabled=no
+ - name: Remove openstack-swift-proxy package if operator requests it
+ yum: name=openstack-swift-proxy state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
metadata_settings:
get_attr: [SwiftProxyBase, role_data, metadata_settings]
default: {}
description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})'
type: json
-
+ UpgradeRemoveUnusedPackages:
+ default: false
+ description: Remove package if the service is being disabled during upgrade
+ type: boolean
resources:
- openstack-swift-object-replicator
- openstack-swift-object-updater
- openstack-swift-object
+ - name: Remove openstack-swift-container,object,account packages if operator requests it
+ yum: name={{ item }} state=removed
+ tags: step2
+ ignore_errors: True
+ when: {get_param: UpgradeRemoveUnusedPackages}
+ with_items:
+ - openstack-swift-container
+ - openstack-swift-object
+ - openstack-swift-account
# Ocata to Pike, put any needed host-level workarounds here
yum install -y ansible-pacemaker
MigrationSshPort: 22
+ UpgradeRemoveUnusedPackages: false
\ No newline at end of file
rm -f /usr/libexec/os-refresh-config/configure.d/40-hiera-datafiles
rm -f /etc/puppet/hieradata/*.yaml
MigrationSshPort: 22
+ UpgradeRemoveUnusedPackages: false
\ No newline at end of file
- name: Start pacemaker cluster
tags: step4
pacemaker_cluster: state=online
+ update_tasks:
+ - name: Check pacemaker cluster running before the minor update
+ when: step == "0" # TODO(marios) disabling validations?
+ pacemaker_cluster: state=online check_and_fail=true
+ async: 30
+ poll: 4
+ - name: Stop pacemaker cluster
+ when: step == "1"
+ pacemaker_cluster: state=offline
+ - name: Start pacemaker cluster
+ when: step == "4"
+ pacemaker_cluster: state=online
tags: step3
yum: name=* state=latest
update_tasks:
+ - name: Check for existing yum.pid
+ stat: path=/var/run/yum.pid
+ register: yum_pid_file
+ when: step == "0" or step == "3"
+ - name: Exit if existing yum process
+ fail: msg="ERROR existing yum.pid detected - can't continue! Please ensure there is no other package update process for the duration of the minor update worfklow. Exiting."
+ when: (step == "0" or step == "3") and yum_pid_file.stat.exists
- name: Update all packages
- yum: name=* state=latest
+ yum: name=* state=latest update_cache=yes # cache for tripleo/+bug/1703830
when: step == "3"
--- /dev/null
+---
+upgrade:
+ - Adds a new UpgradeRemoveUnusedPackages parameter (default False) and some
+ service upgrade_tasks that use this parameter to remove any unused
+ packages. "Unused" is those services that are being stopped and disabled
+ from starting on boot (because they are being containerized). Note that
+ ignore_errors is set on all the package removal ansible tasks so any
+ issues removing a given package will not fail the upgrade workflow.
+
+ For clarity, setting UpgradeRemoveUnusedPackages to True in your deployment
+ environment file(s) will result in the REMOVAL of packages for stopped
+ and disabled services, during the upgrade.
REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config',
'config_settings', 'step_config']
OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks',
- 'post_upgrade_tasks', 'service_config_settings',
+ 'post_upgrade_tasks', 'update_tasks',
+ 'service_config_settings',
'host_prep_tasks', 'metadata_settings',
'kolla_config', 'logging_source', 'logging_groups']
REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config',