diff options
46 files changed, 557 insertions, 8 deletions
diff --git a/docker/services/README.rst b/docker/services/README.rst index ce255ba8..a843efc3 100644 --- a/docker/services/README.rst +++ b/docker/services/README.rst @@ -124,3 +124,24 @@ Steps correlate to the following: 5) Service activation (Pacemaker) a) step 5 baremetal b) step 5 containers + +Update steps: +------------- + +All services have an associated update_tasks output that is an ansible +snippet that will be run during update in an rolling update that is +expected to run in a rolling update fashion (one node at a time) + +For Controller (where pacemaker is running) we have the following states: + 1. Step=1: stop the cluster on the updated node; + 2. Step=2: Pull the latest image and retag the it pcmklatest + 3. Step=3: yum upgrade happens on the host. + 4. Step=4: Restart the cluster on the node + 5. Step=5: Verification: + Currently we test that the pacemaker services are running. + +Then the usual deploy steps are run which pull in the latest image for +all containerized services and the updated configuration if any. + +Note: as pacemaker is not containerized, the points 1 and 4 happen in +puppet/services/pacemaker.yaml. diff --git a/docker/services/aodh-api.yaml b/docker/services/aodh-api.yaml index 18068c85..9445069b 100644 --- a/docker/services/aodh-api.yaml +++ b/docker/services/aodh-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean conditions: @@ -160,5 +164,10 @@ outputs: - name: Stop and disable aodh service (running under httpd) tags: step2 service: name=httpd state=stopped enabled=no + - name: Remove openstack-aodh-api package if operator requests it + yum: name=openstack-aodh-api state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} metadata_settings: get_attr: [AodhApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/aodh-evaluator.yaml b/docker/services/aodh-evaluator.yaml index 077ad46e..fda6faa2 100644 --- a/docker/services/aodh-evaluator.yaml +++ b/docker/services/aodh-evaluator.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -114,3 +118,8 @@ outputs: - name: Stop and disable openstack-aodh-evaluator service tags: step2 service: name=openstack-aodh-evaluator.service state=stopped enabled=no + - name: Remove openstack-aodh-evaluator package if operator requests it + yum: name=openstack-aodh-evaluator state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/aodh-listener.yaml b/docker/services/aodh-listener.yaml index 4471884b..fbe86d3b 100644 --- a/docker/services/aodh-listener.yaml +++ b/docker/services/aodh-listener.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -114,3 +118,8 @@ outputs: - name: Stop and disable openstack-aodh-listener service tags: step2 service: name=openstack-aodh-listener.service state=stopped enabled=no + - name: Remove openstack-aodh-listener package if operator requests it + yum: name=openstack-aodh-listener state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/aodh-notifier.yaml b/docker/services/aodh-notifier.yaml index ffed5afa..d9081d54 100644 --- a/docker/services/aodh-notifier.yaml +++ b/docker/services/aodh-notifier.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -114,3 +118,8 @@ outputs: - name: Stop and disable openstack-aodh-notifier service tags: step2 service: name=openstack-aodh-notifier.service state=stopped enabled=no + - name: Remove openstack-aodh-notifier package if operator requests it + yum: name=openstack-aodh-notifier state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/barbican-api.yaml b/docker/services/barbican-api.yaml index 1aa000b6..af528f79 100644 --- a/docker/services/barbican-api.yaml +++ b/docker/services/barbican-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean conditions: @@ -152,5 +156,10 @@ outputs: - name: Stop and disable barbican_api service tags: step2 service: name=openstack-barbican-api state=stopped enabled=no + - name: Remove openstack-barbican-api package if operator requests it + yum: name=openstack-barbican-api state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} metadata_settings: get_attr: [BarbicanApiBase, role_data, metadata_settings] diff --git a/docker/services/ceilometer-agent-central.yaml b/docker/services/ceilometer-agent-central.yaml index 7033e0b0..6342c82e 100644 --- a/docker/services/ceilometer-agent-central.yaml +++ b/docker/services/ceilometer-agent-central.yaml @@ -36,6 +36,11 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean + resources: ContainersCommon: @@ -126,3 +131,8 @@ outputs: - name: Stop and disable ceilometer agent central service tags: step2 service: name=openstack-ceilometer-central state=stopped enabled=no + - name: Remove openstack-ceilometer-central package if operator requests it + yum: name=openstack-ceilometer-central state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/ceilometer-agent-compute.yaml b/docker/services/ceilometer-agent-compute.yaml index ccde928c..1ee9f492 100644 --- a/docker/services/ceilometer-agent-compute.yaml +++ b/docker/services/ceilometer-agent-compute.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -118,3 +122,13 @@ outputs: tags: step2 service: name=openstack-ceilometer-polling state=stopped enabled=no when: openstack_ceilometer_polling_enabled.rc|default('') == 0 + - name: Remove openstack-ceilometer-compute package if operator requests it + yum: name=openstack-ceilometer-compute state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} + - name: Remove openstack-ceilometer-polling package if operator requests it + yum: name=openstack-ceilometer-polling state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/ceilometer-agent-ipmi.yaml b/docker/services/ceilometer-agent-ipmi.yaml index a139f29f..9df93aaa 100644 --- a/docker/services/ceilometer-agent-ipmi.yaml +++ b/docker/services/ceilometer-agent-ipmi.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -104,3 +108,8 @@ outputs: - name: Stop and disable ceilometer agent ipmi service tags: step2 service: name=openstack-ceilometer-agent-ipmi state=stopped enabled=no + - name: Remove openstack-ceilometer-ipmi package if operator requests it + yum: name=openstack-ceilometer-ipmi state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/ceilometer-agent-notification.yaml b/docker/services/ceilometer-agent-notification.yaml index 6c495131..de1d2e72 100644 --- a/docker/services/ceilometer-agent-notification.yaml +++ b/docker/services/ceilometer-agent-notification.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -119,3 +123,8 @@ outputs: - name: Stop and disable ceilometer agent notification service tags: step2 service: name=openstack-ceilometer-notification state=stopped enabled=no + - name: Remove openstack-ceilometer-notification package if operator requests it + yum: name=openstack-ceilometer-notification state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/cinder-api.yaml b/docker/services/cinder-api.yaml index 93890d02..25390c63 100644 --- a/docker/services/cinder-api.yaml +++ b/docker/services/cinder-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean conditions: @@ -199,3 +203,8 @@ outputs: file: path: /var/spool/cron/cinder state: absent + - name: Remove httpd package if operator requests it + yum: name=httpd state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/cinder-backup.yaml b/docker/services/cinder-backup.yaml index 53febdb5..66877b5f 100644 --- a/docker/services/cinder-backup.yaml +++ b/docker/services/cinder-backup.yaml @@ -36,7 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json - + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -147,3 +150,8 @@ outputs: - name: Stop and disable cinder_backup service tags: step2 service: name=openstack-cinder-backup state=stopped enabled=no + - name: Remove openstack-cinder package if operator requests it + yum: name=openstack-cinder state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/cinder-scheduler.yaml b/docker/services/cinder-scheduler.yaml index fa9d2418..1772f9e9 100644 --- a/docker/services/cinder-scheduler.yaml +++ b/docker/services/cinder-scheduler.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -122,3 +126,8 @@ outputs: - name: Stop and disable cinder_scheduler service tags: step2 service: name=openstack-cinder-scheduler state=stopped enabled=no + - name: Remove openstack-cinder package if operator requests it + yum: name=openstack-cinder state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/cinder-volume.yaml b/docker/services/cinder-volume.yaml index 88e7712f..d8a93b13 100644 --- a/docker/services/cinder-volume.yaml +++ b/docker/services/cinder-volume.yaml @@ -45,6 +45,10 @@ parameters: default: 10280 description: The size of the loopback file used by the cinder LVM driver. type: number + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -187,3 +191,8 @@ outputs: - name: Stop and disable cinder_volume service tags: step2 service: name=openstack-cinder-volume state=stopped enabled=no + - name: Remove openstack-cinder package if operator requests it + yum: name=openstack-cinder state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/collectd.yaml b/docker/services/collectd.yaml index ef7ddc52..2ab020c7 100644 --- a/docker/services/collectd.yaml +++ b/docker/services/collectd.yaml @@ -36,7 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json - + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -113,3 +116,8 @@ outputs: - name: Stop and disable collectd service tags: step2 service: name=collectd.service state=stopped enabled=no + - name: Remove collectd package if operator requests it + yum: name=collectd state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/congress.yaml b/docker/services/congress.yaml index ba899b81..eb287d54 100644 --- a/docker/services/congress.yaml +++ b/docker/services/congress.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -141,3 +145,8 @@ outputs: - name: Stop and disable congress_api service tags: step2 service: name=openstack-congress-server state=stopped enabled=no + - name: Remove openstack-congress package if operator requests it + yum: name=openstack-congress state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/glance-api.yaml b/docker/services/glance-api.yaml index f23ec357..e1a3827a 100644 --- a/docker/services/glance-api.yaml +++ b/docker/services/glance-api.yaml @@ -44,6 +44,10 @@ parameters: description: > When using GlanceBackend 'file', mount NFS share for image storage. type: boolean + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean conditions: @@ -193,5 +197,10 @@ outputs: - name: Stop and disable glance_api service tags: step2 service: name=openstack-glance-api state=stopped enabled=no + - name: Remove openstack-glance package if operator requests it + yum: name=openstack-glance state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} metadata_settings: get_attr: [GlanceApiPuppetBase, role_data, metadata_settings] diff --git a/docker/services/neutron-api.yaml b/docker/services/neutron-api.yaml index 11ab93be..34d70ff0 100644 --- a/docker/services/neutron-api.yaml +++ b/docker/services/neutron-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean conditions: @@ -191,5 +195,10 @@ outputs: tags: step2 when: neutron_server_enabled.rc == 0 service: name=neutron-server state=stopped enabled=no + - name: Remove openstack-neutron package if operator requests it + yum: name=openstack-neutron state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} metadata_settings: get_attr: [NeutronBase, role_data, metadata_settings] diff --git a/docker/services/neutron-ovs-agent.yaml b/docker/services/neutron-ovs-agent.yaml index 246008c5..e6faf34d 100644 --- a/docker/services/neutron-ovs-agent.yaml +++ b/docker/services/neutron-ovs-agent.yaml @@ -36,6 +36,10 @@ parameters: description: Mapping of service endpoint -> protocol. Typically set via parameter_defaults in the resource registry. type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -138,3 +142,8 @@ outputs: - name: Stop and disable neutron_ovs_agent service tags: step2 service: name=neutron-openvswitch-agent state=stopped enabled=no + - name: Remove openstack-neutron-openvswitch package if operator requests it + yum: name=openstack-neutron-openvswitch state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/nova-api.yaml b/docker/services/nova-api.yaml index ed4a6175..f262bcb1 100644 --- a/docker/services/nova-api.yaml +++ b/docker/services/nova-api.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean conditions: @@ -236,6 +240,11 @@ outputs: - name: Stop and disable nova_api service tags: step2 service: name=openstack-nova-api state=stopped enabled=no + - name: Remove openstack-nova-api package if operator requests it + yum: name=openstack-nova-api state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} - name: remove old nova cron jobs file: path: /var/spool/cron/nova diff --git a/docker/services/nova-compute.yaml b/docker/services/nova-compute.yaml index c4846713..883f438b 100644 --- a/docker/services/nova-compute.yaml +++ b/docker/services/nova-compute.yaml @@ -45,6 +45,10 @@ parameters: type: string description: Nova Compute upgrade level default: '' + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -157,3 +161,8 @@ outputs: - name: Stop and disable nova-compute service tags: step2 service: name=openstack-nova-compute state=stopped enabled=no + - name: Remove openstack-nova-compute package if operator requests it + yum: name=openstack-nova-compute state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/nova-conductor.yaml b/docker/services/nova-conductor.yaml index 56275b02..f15c3a68 100644 --- a/docker/services/nova-conductor.yaml +++ b/docker/services/nova-conductor.yaml @@ -40,6 +40,11 @@ parameters: type: string description: Nova Compute upgrade level default: '' + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean + resources: @@ -123,3 +128,8 @@ outputs: - name: Stop and disable nova_conductor service tags: step2 service: name=openstack-nova-conductor state=stopped enabled=no + - name: Remove openstack-nova-conductor package if operator requests it + yum: name=openstack-nova-conductor state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/nova-consoleauth.yaml b/docker/services/nova-consoleauth.yaml index 85078f14..069b09bc 100644 --- a/docker/services/nova-consoleauth.yaml +++ b/docker/services/nova-consoleauth.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -112,3 +116,8 @@ outputs: - name: Stop and disable nova_consoleauth service tags: step2 service: name=openstack-nova-consoleauth state=stopped enabled=no + - name: Remove openstack-nova-console package if operator requests it + yum: name=openstack-nova-console state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/nova-placement.yaml b/docker/services/nova-placement.yaml index 8015071b..bd5ae731 100644 --- a/docker/services/nova-placement.yaml +++ b/docker/services/nova-placement.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean conditions: @@ -140,3 +144,9 @@ outputs: - name: Stop and disable nova_placement service (running under httpd) tags: step2 service: name=httpd state=stopped enabled=no + - name: Remove httpd package if operator requests it + yum: name=httpd state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} + diff --git a/docker/services/nova-scheduler.yaml b/docker/services/nova-scheduler.yaml index e75df942..f8109b96 100644 --- a/docker/services/nova-scheduler.yaml +++ b/docker/services/nova-scheduler.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -113,3 +117,8 @@ outputs: - name: Stop and disable nova_scheduler service tags: step2 service: name=openstack-nova-scheduler state=stopped enabled=no + - name: Remove openstack-nova-scheduler package if operator requests it + yum: name=openstack-nova-scheduler state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/nova-vnc-proxy.yaml b/docker/services/nova-vnc-proxy.yaml index f1bb0eba..b1da294b 100644 --- a/docker/services/nova-vnc-proxy.yaml +++ b/docker/services/nova-vnc-proxy.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -112,3 +116,8 @@ outputs: - name: Stop and disable nova_vnc_proxy service tags: step2 service: name=openstack-nova-novncproxy state=stopped enabled=no + - name: Remove openstack-nova-novncproxy package if operator requests it + yum: name=openstack-nova-novncproxy state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/octavia-health-manager.yaml b/docker/services/octavia-health-manager.yaml index 38c4faf0..5180e416 100644 --- a/docker/services/octavia-health-manager.yaml +++ b/docker/services/octavia-health-manager.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -116,3 +120,8 @@ outputs: - name: Stop and disable octavia_health_manager service tags: step2 service: name=openstack-octavia-health-manager state=stopped enabled=no + - name: Remove openstack-octavia-health-manager package if operator requests it + yum: name=openstack-octavia-health-manager state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/pacemaker/cinder-backup.yaml b/docker/services/pacemaker/cinder-backup.yaml index 46b9932a..4a99184f 100644 --- a/docker/services/pacemaker/cinder-backup.yaml +++ b/docker/services/pacemaker/cinder-backup.yaml @@ -207,3 +207,33 @@ outputs: - name: Disable cinder_backup service tags: step2 service: name=openstack-cinder-backup enabled=no + update_tasks: + - name: Get docker Cinder-Backup image + set_fact: + docker_image: {get_param: DockerCinderBackupImage} + docker_image_latest: *cinder_backup_image_pcmklatest + when: step == '2' + - name: Pull latest Cinder-Backup images + command: "docker pull {{docker_image}}" + when: step == "2" + - name: Get previous Cinder-Backup image id + shell: "docker images | awk '/cinder-backup.* pcmklatest/{print $3}'" + register: cinder_backup_image_id + - block: + - name: Get a list of container using Cinder-Backup image + shell: "docker ps -q -f 'ancestor={{cinder_backup_image_id.stdout}}'" + register: cinder_backup_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Cinder-Backup image + shell: "docker rm -fv {{item}}" + with_items: "{{ cinder_backup_containers_to_destroy.stdout_lines }}" + - name: Remove previous Cinder-Backup images + shell: "docker rmi -f {{cinder_backup_image_id.stdout}}" + when: + - step == '2' + - cinder_backup_image_id.stdout != '' + - name: Retag pcmklatest to latest Cinder-Backup image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + when: step == "2" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. diff --git a/docker/services/pacemaker/cinder-volume.yaml b/docker/services/pacemaker/cinder-volume.yaml index 2f68b126..ce93e5f1 100644 --- a/docker/services/pacemaker/cinder-volume.yaml +++ b/docker/services/pacemaker/cinder-volume.yaml @@ -225,6 +225,33 @@ outputs: - name: Disable cinder_volume service from boot tags: step2 service: name=openstack-cinder-volume enabled=no - - - + update_tasks: + - name: Get docker Cinder-Volume image + set_fact: + docker_image: {get_param: DockerCinderVolumeImage} + docker_image_latest: *cinder_volume_image_pcmklatest + when: step == '2' + - name: Get previous Cinder-Volume image id + shell: "docker images | awk '/cinder-volume.* pcmklatest/{print $3}'" + register: cinder_volume_image_id + - block: + - name: Get a list of container using Cinder-Volume image + shell: "docker ps -q -f 'ancestor={{cinder_volume_image_id.stdout}}'" + register: cinder_volume_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Cinder-Volume image + shell: "docker rm -fv {{item}}" + with_items: "{{ cinder_volume_containers_to_destroy.stdout_lines }}" + - name: Remove previous Cinder-Volume images + shell: "docker rmi -f {{cinder_volume_image_id.stdout}}" + when: + - step == '2' + - cinder_volume_image_id.stdout != '' + - name: Pull latest Cinder-Volume images + command: "docker pull {{docker_image}}" + when: step == "2" + - name: Retag pcmklatest to latest Cinder-Volume image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + when: step == "2" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. diff --git a/docker/services/pacemaker/clustercheck.yaml b/docker/services/pacemaker/clustercheck.yaml index 69f306b1..b5d128d4 100644 --- a/docker/services/pacemaker/clustercheck.yaml +++ b/docker/services/pacemaker/clustercheck.yaml @@ -95,3 +95,5 @@ outputs: - KOLLA_CONFIG_STRATEGY=COPY_ALWAYS host_prep_tasks: upgrade_tasks: + update_tasks: + # Nothing: It's not managed by pacemaker, so let paunch do it. diff --git a/docker/services/pacemaker/database/mysql.yaml b/docker/services/pacemaker/database/mysql.yaml index 80c1985a..a65117fc 100644 --- a/docker/services/pacemaker/database/mysql.yaml +++ b/docker/services/pacemaker/database/mysql.yaml @@ -313,3 +313,33 @@ outputs: - name: Restart xinetd service after clustercheck removal tags: step2 service: name=xinetd state=restarted + update_tasks: + - name: Get docker Mariadb image + set_fact: + docker_image: {get_param: DockerMysqlImage} + docker_image_latest: *mysql_image_pcmklatest + when: step == '2' + - name: Get previous Mariadb image id + shell: "docker images | awk '/mariadb.* pcmklatest/{print $3}'" + register: mariadb_image_id + - block: + - name: Get a list of container using Mariadb image + shell: "docker ps -q -f 'ancestor={{mariadb_image_id.stdout}}'" + register: mariadb_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Mariadb image + shell: "docker rm -fv {{item}}" + with_items: "{{ mariadb_containers_to_destroy.stdout_lines }}" + - name: Remove previous Mariadb images + shell: "docker rmi -f {{mariadb_image_id.stdout}}" + when: + - step == '2' + - mariadb_image_id.stdout != '' + - name: Pull latest Mariadb images + command: "docker pull {{docker_image}}" + when: step == "2" + - name: Retag pcmklatest to latest Mariadb image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + when: step == "2" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. diff --git a/docker/services/pacemaker/database/redis.yaml b/docker/services/pacemaker/database/redis.yaml index bcda4efc..fe69bb00 100644 --- a/docker/services/pacemaker/database/redis.yaml +++ b/docker/services/pacemaker/database/redis.yaml @@ -255,3 +255,33 @@ outputs: - name: Disable redis service tags: step2 service: name=redis enabled=no + update_tasks: + - name: Get docker Redis image + set_fact: + docker_image: {get_param: DockerRedisImage} + docker_image_latest: *redis_image_pcmklatest + when: step == '2' + - name: Get previous Redis image id + shell: "docker images | awk '/redis.* pcmklatest/{print $3}'" + register: redis_image_id + - block: + - name: Get a list of container using Redis image + shell: "docker ps -q -f 'ancestor={{redis_image_id.stdout}}'" + register: redis_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Redis image + shell: "docker rm -fv {{item}}" + with_items: "{{ redis_containers_to_destroy.stdout_lines }}" + - name: Remove previous Redis images + shell: "docker rmi -f {{redis_image_id.stdout}}" + when: + - step == '2' + - redis_image_id.stdout != '' + - name: Pull latest Redis images + command: "docker pull {{docker_image}}" + when: step == "2" + - name: Retag pcmklatest to latest Redis image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + when: step == "2" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. diff --git a/docker/services/pacemaker/haproxy.yaml b/docker/services/pacemaker/haproxy.yaml index ba0f0efc..f1c8f905 100644 --- a/docker/services/pacemaker/haproxy.yaml +++ b/docker/services/pacemaker/haproxy.yaml @@ -253,3 +253,33 @@ outputs: retries: 5 until: output.rc == 0 when: is_bootstrap_node and haproxy_res|succeeded + update_tasks: + - name: Get docker Haproxy image + set_fact: + docker_image: {get_param: DockerHAProxyImage} + docker_image_latest: *haproxy_image_pcmklatest + when: step == '2' + - name: Get previous Haproxy image id + shell: "docker images | awk '/haproxy.* pcmklatest/{print $3}'" + register: haproxy_image_id + - block: + - name: Get a list of container using Haproxy image + shell: "docker ps -q -f 'ancestor={{haproxy_image_id.stdout}}'" + register: haproxy_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Haproxy image + shell: "docker rm -fv {{item}}" + with_items: "{{ haproxy_containers_to_destroy.stdout_lines }}" + - name: Remove previous Haproxy images + shell: "docker rmi -f {{haproxy_image_id.stdout}}" + when: + - step == '2' + - haproxy_image_id.stdout != '' + - name: Pull latest Haproxy images + command: "docker pull {{docker_image}}" + when: step == "2" + - name: Retag pcmklatest to latest Haproxy image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + when: step == "2" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. diff --git a/docker/services/pacemaker/manila-share.yaml b/docker/services/pacemaker/manila-share.yaml index a31c1c74..55f66b9b 100644 --- a/docker/services/pacemaker/manila-share.yaml +++ b/docker/services/pacemaker/manila-share.yaml @@ -166,3 +166,33 @@ outputs: - name: Stop and disable manila_share service tags: step2 service: name=openstack-manila-share state=stopped enabled=no + update_tasks: + - name: Get docker Manila-Share image + set_fact: + docker_image: {get_param: DockerManilaShareImage} + docker_image_latest: *manila_share_image_pcmklatest + when: step == '2' + - name: Get previous Manila-Share image id + shell: "docker images | awk '/manila-share.* pcmklatest/{print $3}'" + register: manila_share_image_id + - block: + - name: Get a list of container using Manila-Share image + shell: "docker ps -q -f 'ancestor={{manila_share_image_id.stdout}}'" + register: manila-share_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Manila-Share image + shell: "docker rm -fv {{item}}" + with_items: "{{ manila_share_containers_to_destroy.stdout_lines }}" + - name: Remove previous Manila-Share images + shell: "docker rmi -f {{manila_share_image_id.stdout}}" + when: + - step == '2' + - manila_share_image_id.stdout != '' + - name: Pull latest Manila-Share images + command: "docker pull {{docker_image}}" + when: step == "2" + - name: Retag pcmklatest to latest Manila-Share image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + when: step == "2" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. diff --git a/docker/services/pacemaker/rabbitmq.yaml b/docker/services/pacemaker/rabbitmq.yaml index 5660856a..f17747c0 100644 --- a/docker/services/pacemaker/rabbitmq.yaml +++ b/docker/services/pacemaker/rabbitmq.yaml @@ -248,3 +248,33 @@ outputs: - name: Disable rabbitmq service tags: step2 service: name=rabbitmq-server enabled=no + update_tasks: + - name: Get docker Rabbitmq image + set_fact: + docker_image: {get_param: DockerRabbitmqImage} + docker_image_latest: *rabbitmq_image_pcmklatest + when: step == '2' + - name: Get previous Rabbitmq image id + shell: "docker images | awk '/rabbitmq.* pcmklatest/{print $3}'" + register: rabbitmq_image_id + - block: + - name: Get a list of container using Rabbitmq image + shell: "docker ps -q -f 'ancestor={{rabbitmq_image_id.stdout}}'" + register: rabbitmq_containers_to_destroy + # It will be recreated with the delpoy step. + - name: Remove any container using the same Rabbitmq image + shell: "docker rm -fv {{item}}" + with_items: "{{ rabbitmq_containers_to_destroy.stdout_lines }}" + - name: Remove previous Rabbitmq images + shell: "docker rmi -f {{rabbitmq_image_id.stdout}}" + when: + - step == '2' + - rabbitmq_image_id.stdout != '' + - name: Pull latest Rabbitmq images + command: "docker pull {{docker_image}}" + when: step == "2" + - name: Retag pcmklatest to latest Rabbitmq image + shell: "docker tag {{docker_image}} {{docker_image_latest}}" + when: step == "2" + # Got to check that pacemaker_is_active is working fine with bundle. + # TODO: pacemaker_is_active resource doesn't support bundle. diff --git a/docker/services/rabbitmq.yaml b/docker/services/rabbitmq.yaml index 632bdc29..237995b9 100644 --- a/docker/services/rabbitmq.yaml +++ b/docker/services/rabbitmq.yaml @@ -220,3 +220,9 @@ outputs: - name: Stop and disable rabbitmq service tags: step2 service: name=rabbitmq-server state=stopped enabled=no + update_tasks: + # TODO: Are we sure we want to support this. Rolling update + # without pacemaker may fail. Do we test this ? In any case, + # this is under paunch control so the latest image should be + # pulled in by the deploy steps. Same question for other + # usually managed by pacemaker container. diff --git a/docker/services/sahara-api.yaml b/docker/services/sahara-api.yaml index ab8cef12..cf7eae85 100644 --- a/docker/services/sahara-api.yaml +++ b/docker/services/sahara-api.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -138,3 +142,8 @@ outputs: - name: Stop and disable sahara_api service tags: step2 service: name=openstack-sahara-api state=stopped enabled=no + - name: Remove openstack-sahara-api package if operator requests it + yum: name=openstack-sahara-api state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/sahara-engine.yaml b/docker/services/sahara-engine.yaml index 08841160..0a061bd3 100644 --- a/docker/services/sahara-engine.yaml +++ b/docker/services/sahara-engine.yaml @@ -36,6 +36,10 @@ parameters: default: {} description: Parameters specific to the role type: json + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -121,3 +125,8 @@ outputs: - name: Stop and disable sahara_engine service tags: step2 service: name=openstack-sahara-engine state=stopped enabled=no + - name: Remove openstack-sahara-engine package if operator requests it + yum: name=openstack-sahara-engine state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} diff --git a/docker/services/swift-proxy.yaml b/docker/services/swift-proxy.yaml index 2d745f7b..3a27ab85 100644 --- a/docker/services/swift-proxy.yaml +++ b/docker/services/swift-proxy.yaml @@ -39,6 +39,10 @@ parameters: EnableInternalTLS: type: boolean default: false + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean conditions: @@ -147,5 +151,10 @@ outputs: - name: Stop and disable swift_proxy service tags: step2 service: name=openstack-swift-proxy state=stopped enabled=no + - name: Remove openstack-swift-proxy package if operator requests it + yum: name=openstack-swift-proxy state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} metadata_settings: get_attr: [SwiftProxyBase, role_data, metadata_settings] diff --git a/docker/services/swift-storage.yaml b/docker/services/swift-storage.yaml index 108a0368..e0c1194a 100644 --- a/docker/services/swift-storage.yaml +++ b/docker/services/swift-storage.yaml @@ -50,7 +50,10 @@ parameters: default: {} description: 'A hash of additional raw devices to use as Swift backend (eg. {sdb: {}})' type: json - + UpgradeRemoveUnusedPackages: + default: false + description: Remove package if the service is being disabled during upgrade + type: boolean resources: @@ -468,3 +471,12 @@ outputs: - openstack-swift-object-replicator - openstack-swift-object-updater - openstack-swift-object + - name: Remove openstack-swift-container,object,account packages if operator requests it + yum: name={{ item }} state=removed + tags: step2 + ignore_errors: True + when: {get_param: UpgradeRemoveUnusedPackages} + with_items: + - openstack-swift-container + - openstack-swift-object + - openstack-swift-account diff --git a/environments/major-upgrade-composable-steps-docker.yaml b/environments/major-upgrade-composable-steps-docker.yaml index 1b7f17e0..1f45d025 100644 --- a/environments/major-upgrade-composable-steps-docker.yaml +++ b/environments/major-upgrade-composable-steps-docker.yaml @@ -10,3 +10,4 @@ parameter_defaults: # Ocata to Pike, put any needed host-level workarounds here yum install -y ansible-pacemaker MigrationSshPort: 22 + UpgradeRemoveUnusedPackages: false
\ No newline at end of file diff --git a/environments/major-upgrade-composable-steps.yaml b/environments/major-upgrade-composable-steps.yaml index 5433572c..e8a00740 100644 --- a/environments/major-upgrade-composable-steps.yaml +++ b/environments/major-upgrade-composable-steps.yaml @@ -15,3 +15,4 @@ parameter_defaults: rm -f /usr/libexec/os-refresh-config/configure.d/40-hiera-datafiles rm -f /etc/puppet/hieradata/*.yaml MigrationSshPort: 22 + UpgradeRemoveUnusedPackages: false
\ No newline at end of file diff --git a/puppet/services/pacemaker.yaml b/puppet/services/pacemaker.yaml index 158d04bd..badb1a4e 100644 --- a/puppet/services/pacemaker.yaml +++ b/puppet/services/pacemaker.yaml @@ -156,3 +156,15 @@ outputs: - name: Start pacemaker cluster tags: step4 pacemaker_cluster: state=online + update_tasks: + - name: Check pacemaker cluster running before the minor update + when: step == "0" # TODO(marios) disabling validations? + pacemaker_cluster: state=online check_and_fail=true + async: 30 + poll: 4 + - name: Stop pacemaker cluster + when: step == "1" + pacemaker_cluster: state=offline + - name: Start pacemaker cluster + when: step == "4" + pacemaker_cluster: state=online diff --git a/puppet/services/tripleo-packages.yaml b/puppet/services/tripleo-packages.yaml index 0dbdbf89..bfdac3e3 100644 --- a/puppet/services/tripleo-packages.yaml +++ b/puppet/services/tripleo-packages.yaml @@ -66,6 +66,13 @@ outputs: tags: step3 yum: name=* state=latest update_tasks: + - name: Check for existing yum.pid + stat: path=/var/run/yum.pid + register: yum_pid_file + when: step == "0" or step == "3" + - name: Exit if existing yum process + fail: msg="ERROR existing yum.pid detected - can't continue! Please ensure there is no other package update process for the duration of the minor update worfklow. Exiting." + when: (step == "0" or step == "3") and yum_pid_file.stat.exists - name: Update all packages - yum: name=* state=latest + yum: name=* state=latest update_cache=yes # cache for tripleo/+bug/1703830 when: step == "3" diff --git a/releasenotes/notes/add-option-remove-unused-packages-on-upgrade-5a469428a6948148.yaml b/releasenotes/notes/add-option-remove-unused-packages-on-upgrade-5a469428a6948148.yaml new file mode 100644 index 00000000..dbb7af1f --- /dev/null +++ b/releasenotes/notes/add-option-remove-unused-packages-on-upgrade-5a469428a6948148.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - Adds a new UpgradeRemoveUnusedPackages parameter (default False) and some + service upgrade_tasks that use this parameter to remove any unused + packages. "Unused" is those services that are being stopped and disabled + from starting on boot (because they are being containerized). Note that + ignore_errors is set on all the package removal ansible tasks so any + issues removing a given package will not fail the upgrade workflow. + + For clarity, setting UpgradeRemoveUnusedPackages to True in your deployment + environment file(s) will result in the REMOVAL of packages for stopped + and disabled services, during the upgrade. diff --git a/tools/yaml-validate.py b/tools/yaml-validate.py index de8ba806..c3229621 100755 --- a/tools/yaml-validate.py +++ b/tools/yaml-validate.py @@ -35,7 +35,8 @@ OPTIONAL_SECTIONS = ['workflow_tasks'] REQUIRED_DOCKER_SECTIONS = ['service_name', 'docker_config', 'puppet_config', 'config_settings', 'step_config'] OPTIONAL_DOCKER_SECTIONS = ['docker_puppet_tasks', 'upgrade_tasks', - 'post_upgrade_tasks', 'service_config_settings', + 'post_upgrade_tasks', 'update_tasks', + 'service_config_settings', 'host_prep_tasks', 'metadata_settings', 'kolla_config', 'logging_source', 'logging_groups'] REQUIRED_DOCKER_PUPPET_CONFIG_SECTIONS = ['config_volume', 'step_config', |