chrony: allow to remove the container
The chrony container is deprecated in Wallaby, and disabled by default. This change allows to remove the container if chrony is disabled. Change-Id: I1c4436072c2d47a95625e64b731edb473384b395
This commit is contained in:
parent
008ada9062
commit
84ac7b3096
14
ansible/chrony-cleanup.yml
Normal file
14
ansible/chrony-cleanup.yml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
---
|
||||||
|
- name: Remove chrony container
|
||||||
|
gather_facts: false
|
||||||
|
hosts:
|
||||||
|
- chrony-server
|
||||||
|
- chrony
|
||||||
|
serial: '{{ kolla_serial|default("0") }}'
|
||||||
|
tags:
|
||||||
|
- chrony
|
||||||
|
tasks:
|
||||||
|
- import_role:
|
||||||
|
name: chrony
|
||||||
|
tasks_from: cleanup.yml
|
||||||
|
when: not enable_chrony | bool
|
12
ansible/roles/chrony/tasks/cleanup.yml
Normal file
12
ansible/roles/chrony/tasks/cleanup.yml
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
- name: Stop and remove chrony container
|
||||||
|
become: true
|
||||||
|
kolla_docker:
|
||||||
|
action: "stop_and_remove_container"
|
||||||
|
name: chrony
|
||||||
|
|
||||||
|
- name: Remove config for chrony
|
||||||
|
become: true
|
||||||
|
file:
|
||||||
|
path: "{{ node_config_directory }}/chrony"
|
||||||
|
state: "absent"
|
@ -1,3 +1,6 @@
|
|||||||
---
|
---
|
||||||
# Whether to enable checks for host OS distribution and release.
|
# Whether to enable checks for host OS distribution and release.
|
||||||
prechecks_enable_host_os_checks: true
|
prechecks_enable_host_os_checks: true
|
||||||
|
|
||||||
|
# Whether to enable checks for a host NTP daemon.
|
||||||
|
prechecks_enable_host_ntp_checks: true
|
||||||
|
@ -1,14 +1,71 @@
|
|||||||
---
|
---
|
||||||
- name: Checking timedatectl status
|
# TODO(mgoddard): Remove this check in the Y cycle after chrony has been
|
||||||
|
# dropped for a cycle.
|
||||||
|
- name: Get container facts
|
||||||
|
become: true
|
||||||
|
kolla_container_facts:
|
||||||
|
name:
|
||||||
|
- chrony
|
||||||
|
register: container_facts
|
||||||
|
|
||||||
|
- name: Fail if chrony container is running
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
A chrony container is running, but 'enable_chrony' is 'false'. The chrony
|
||||||
|
container is deprecated from the Wallaby release, and the default value
|
||||||
|
of 'enable_chrony' was changed to 'false'.
|
||||||
|
|
||||||
|
The chrony container may be cleaned up via 'kolla-ansible
|
||||||
|
chrony-cleanup'. You should then install and configure a suitable host
|
||||||
|
NTP daemon before running these prechecks again.
|
||||||
|
|
||||||
|
To continue running the chrony container, set 'enable_chrony' to 'true',
|
||||||
|
however note that this feature will be removed in the Xena release, so it
|
||||||
|
is not recommended for use.
|
||||||
|
when:
|
||||||
|
- "'chrony' in container_facts"
|
||||||
|
|
||||||
|
- block:
|
||||||
|
- name: Check for a running host NTP daemon # noqa command-instead-of-module
|
||||||
|
vars:
|
||||||
|
prechecks_host_ntp_daemons:
|
||||||
|
- chrony
|
||||||
|
- chronyd
|
||||||
|
- ntp
|
||||||
|
- ntpd
|
||||||
|
- systemd-timesyncd
|
||||||
|
become: true
|
||||||
|
command:
|
||||||
|
cmd: "systemctl is-active {{ prechecks_host_ntp_daemons | join(' ') }}"
|
||||||
|
register: systemctl_is_active
|
||||||
|
changed_when: false
|
||||||
|
failed_when: false
|
||||||
|
|
||||||
|
- name: Fail if a host NTP daemon is not running
|
||||||
|
fail:
|
||||||
|
msg: >-
|
||||||
|
No host NTP daemon is running, and the Kolla Ansible chrony container
|
||||||
|
is disabled. Please install and configure a host NTP daemon.
|
||||||
|
Alternatively, set 'prechecks_enable_host_ntp_checks' to 'false' to
|
||||||
|
disable this check if not using one of the following NTP daemons:
|
||||||
|
chrony, ntpd, systemd-timesyncd.
|
||||||
|
when:
|
||||||
|
- systemctl_is_active.rc != 0
|
||||||
|
|
||||||
|
- name: Checking timedatectl status
|
||||||
become: true
|
become: true
|
||||||
command: timedatectl status
|
command: timedatectl status
|
||||||
register: timedatectl_status
|
register: timedatectl_status
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Fail if the clock is not synchronized
|
- name: Fail if the clock is not synchronized
|
||||||
fail:
|
fail:
|
||||||
msg: >-
|
msg: >-
|
||||||
timedatectl sees the system clock as unsynchronized.
|
timedatectl sees the system clock as unsynchronized.
|
||||||
Please wait for synchronization.
|
Please wait for synchronization.
|
||||||
|
Alternatively, set 'prechecks_enable_host_ntp_checks' to 'false' to
|
||||||
|
disable this check if your NTP daemon is not recognised by
|
||||||
|
'timedatectl status'.
|
||||||
when:
|
when:
|
||||||
- "'synchronized: yes' not in timedatectl_status.stdout"
|
- "'synchronized: yes' not in timedatectl_status.stdout"
|
||||||
|
when: prechecks_enable_host_ntp_checks | bool
|
||||||
|
@ -2,8 +2,18 @@
|
|||||||
deprecations:
|
deprecations:
|
||||||
- |
|
- |
|
||||||
Support for deploying ``chrony`` is deprecated and will be removed in the
|
Support for deploying ``chrony`` is deprecated and will be removed in the
|
||||||
Xena cycle.
|
Xena cycle. The container is no longer enabled by default. To enable it,
|
||||||
|
set ``enable_chrony`` to ``true``.
|
||||||
upgrade:
|
upgrade:
|
||||||
- |
|
- |
|
||||||
Due to deprecation, ``chrony`` is no longer enabled by default.
|
Due to deprecation, ``chrony`` is no longer enabled by default. To enable
|
||||||
|
it, set ``enable_chrony`` to ``true``.
|
||||||
|
|
||||||
|
If disabled, the container and configuration may be removed by running
|
||||||
|
``kolla-ansible chrony-cleanup``.
|
||||||
|
|
||||||
|
The ``kolla-ansible prechecks`` command will fail if Chrony is disabled and
|
||||||
|
the container is running. It will also fail if Chrony is disabled and no
|
||||||
|
host NTP daemon is detected. This check may be disabled by setting
|
||||||
|
``prechecks_enable_host_ntp_checks`` to ``false`` if using an NTP daemon
|
||||||
|
other than chrony, ntpd or systemd-timesyncd.
|
||||||
|
@ -104,3 +104,31 @@
|
|||||||
until: "'synchronized: yes' in timedatectl_status.stdout"
|
until: "'synchronized: yes' in timedatectl_status.stdout"
|
||||||
retries: 90
|
retries: 90
|
||||||
delay: 10
|
delay: 10
|
||||||
|
|
||||||
|
# TODO(mgoddard): Remove this task in the Y cycle after chrony has been
|
||||||
|
# dropped for a cycle.
|
||||||
|
# NOTE(mgoddard): For upgrades, test the case where we are running
|
||||||
|
# a chrony container, but keep the default of disabled after the
|
||||||
|
# upgrade.
|
||||||
|
- block:
|
||||||
|
- name: Remove host NTP packages
|
||||||
|
become: true
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- chrony
|
||||||
|
- ntp
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
# NOTE(mgoddard): removing the systemd-timesyncd package fails, so stop
|
||||||
|
# and disable it instead.
|
||||||
|
- name: Stop systemd-timesyncd service
|
||||||
|
become: true
|
||||||
|
service:
|
||||||
|
name: systemd-timesyncd
|
||||||
|
enabled: no
|
||||||
|
state: stopped
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
when:
|
||||||
|
- is_upgrade
|
||||||
|
# cephadm gets grumpy without a host-level chrony.
|
||||||
|
- scenario != 'cephadm'
|
||||||
|
@ -33,12 +33,6 @@ enable_openstack_core: "{{ openstack_core_enabled }}"
|
|||||||
enable_horizon: "{{ dashboard_enabled }}"
|
enable_horizon: "{{ dashboard_enabled }}"
|
||||||
enable_heat: "{{ openstack_core_tested }}"
|
enable_heat: "{{ openstack_core_tested }}"
|
||||||
|
|
||||||
# TODO(yoctozepto): Remove this in the Xena cycle.
|
|
||||||
# We have to keep it for now for upgrades because dropping chronyd inbetween
|
|
||||||
# will make prechecks fail due to lack of proper host-level timesync (chronyd
|
|
||||||
# is containerized and the host-level client either removed or fought with).
|
|
||||||
enable_chrony: "no"
|
|
||||||
|
|
||||||
{% if scenario != 'bifrost' %}
|
{% if scenario != 'bifrost' %}
|
||||||
kolla_internal_vip_address: "{{ kolla_internal_vip_address }}"
|
kolla_internal_vip_address: "{{ kolla_internal_vip_address }}"
|
||||||
neutron_external_interface: "{{ neutron_external_interface_name }}"
|
neutron_external_interface: "{{ neutron_external_interface_name }}"
|
||||||
@ -128,6 +122,10 @@ glance_backend_ceph: "yes"
|
|||||||
cinder_backend_ceph: "yes"
|
cinder_backend_ceph: "yes"
|
||||||
nova_backend_ceph: "yes"
|
nova_backend_ceph: "yes"
|
||||||
ceph_nova_user: "cinder"
|
ceph_nova_user: "cinder"
|
||||||
|
|
||||||
|
# TODO(yoctozepto): Remove this in the Xena cycle.
|
||||||
|
# cephadm doesn't support chrony in a container (checks for chrony.service)
|
||||||
|
enable_chrony: "no"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if tls_enabled %}
|
{% if tls_enabled %}
|
||||||
|
@ -13,6 +13,20 @@ function upgrade {
|
|||||||
if [[ "$TLS_ENABLED" = "True" ]]; then
|
if [[ "$TLS_ENABLED" = "True" ]]; then
|
||||||
kolla-ansible -i ${RAW_INVENTORY} -vvv certificates > /tmp/logs/ansible/certificates
|
kolla-ansible -i ${RAW_INVENTORY} -vvv certificates > /tmp/logs/ansible/certificates
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# TODO(mgoddard): Remove this block in the Y cycle after chrony has been
|
||||||
|
# dropped for a cycle.
|
||||||
|
# NOTE(mgoddard): Remove the chrony container and install a host chrony
|
||||||
|
# daemon.
|
||||||
|
kolla-ansible -i ${RAW_INVENTORY} -vvv chrony-cleanup &> /tmp/logs/ansible/chrony-cleanup
|
||||||
|
if [[ $(source /etc/os-release && echo $ID) = "centos" ]]; then
|
||||||
|
chrony_service="chronyd"
|
||||||
|
else
|
||||||
|
chrony_service="chrony"
|
||||||
|
fi
|
||||||
|
ansible all -i $RAW_INVENTORY -m package -a 'name=chrony state=present' -b &> /tmp/logs/ansible/chrony-install
|
||||||
|
ansible all -i $RAW_INVENTORY -m service -a 'name='$chrony_service' state=started enabled=yes' -b &>> /tmp/logs/ansible/chrony-install
|
||||||
|
|
||||||
kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks &> /tmp/logs/ansible/upgrade-prechecks
|
kolla-ansible -i ${RAW_INVENTORY} -vvv prechecks &> /tmp/logs/ansible/upgrade-prechecks
|
||||||
kolla-ansible -i ${RAW_INVENTORY} -vvv pull &> /tmp/logs/ansible/pull-upgrade
|
kolla-ansible -i ${RAW_INVENTORY} -vvv pull &> /tmp/logs/ansible/pull-upgrade
|
||||||
kolla-ansible -i ${RAW_INVENTORY} -vvv upgrade &> /tmp/logs/ansible/upgrade
|
kolla-ansible -i ${RAW_INVENTORY} -vvv upgrade &> /tmp/logs/ansible/upgrade
|
||||||
|
@ -152,6 +152,7 @@ Commands:
|
|||||||
upgrade-bifrost Upgrades an existing bifrost container
|
upgrade-bifrost Upgrades an existing bifrost container
|
||||||
genconfig Generate configuration files for enabled OpenStack services
|
genconfig Generate configuration files for enabled OpenStack services
|
||||||
prune-images Prune orphaned Kolla images
|
prune-images Prune orphaned Kolla images
|
||||||
|
chrony-cleanup Clean up disabled chrony containers
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -466,6 +467,10 @@ EOF
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
(chrony-cleanup)
|
||||||
|
ACTION="Cleanup disabled chrony containers"
|
||||||
|
PLAYBOOK="${BASEDIR}/ansible/chrony-cleanup.yml"
|
||||||
|
;;
|
||||||
(bash-completion)
|
(bash-completion)
|
||||||
bash_completion
|
bash_completion
|
||||||
exit 0
|
exit 0
|
||||||
|
Loading…
Reference in New Issue
Block a user