openstack/openstack-ansible
Code Issues Proposed changes

Move upgrade playbooks to collection

Browse Source 
This unifies the approach and location of playbooks. With that
we completely remove necessity to supply an explicit path to them.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible-plugins/+/956949
Change-Id: Iae4d7b4e2c8cd4657336054c3cd1d0217f77dd1a
Signed-off-by: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
This commit is contained in:
Dmitriy Rabotyagov
2025-08-08 20:07:10 +02:00
parent 455aa1fe72
commit d1db4d4c4a
6 changed files with 32 additions and 209 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/source/admin/upgrades/distribution-upgrades.rst
View File

@@ -354,6 +354,6 @@ Deploying Compute and Network Hosts
.. code:: console
openstack-ansible ../scripts/upgrade-utilities/nova-restore-compute-id.yml --limit reinstalled_host
openstack-ansible openstack.osa.tools.nova_restore_compute_id --limit reinstalled_host
.. _OPS repository: https://opendev.org/openstack/openstack-ansible-ops/src/branch/master/ansible_tools/playbooks/set-haproxy-backends-state.yml

31
doc/source/admin/upgrades/major-upgrades.rst
View File

@@ -89,20 +89,6 @@ Ensure that your OpenStack-Ansible code is on the latest
# git checkout |latest_tag|
Prepare the shell variables
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Define these variables to reduce typing when running the remaining upgrade
tasks. Because these environments variables are shortcuts, this step is
optional. If you prefer, you can reference the files directly during the
upgrade.
.. code-block:: console
# cd /opt/openstack-ansible
# export MAIN_PATH="$(pwd)"
# export SCRIPTS_PATH="${MAIN_PATH}/scripts"
Backup the existing OpenStack-Ansible configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -129,17 +115,8 @@ dependencies are in place before you run playbooks from the
.. code-block:: console
# ${SCRIPTS_PATH}/bootstrap-ansible.sh
Change to the playbooks directory
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Change to the playbooks directory to simplify the CLI commands from here on
in the procedure, given that most playbooks executed are in this directory.
.. code-block:: console
# cd playbooks
# cd /opt/openstack-ansible
# ./scripts/bootstrap-ansible.sh
Implement changes to OpenStack-Ansible configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -153,7 +130,7 @@ more information.
.. code-block:: console
# openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml"
# openstack-ansible openstack.osa.upgrade.deploy_config_changes
.. note::
@@ -228,7 +205,7 @@ ensuring that the containers are restarted in a controlled fashion.
.. code-block:: console
# openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/galera-cluster-rolling-restart.yml"
# openstack-ansible openstack.osa.tools.galera_cluster_rolling_restart
Upgrade OpenStack
~~~~~~~~~~~~~~~~~

10
releasenotes/notes/upgrade_playbooks_collection-f0c20a79ef280249.yaml Normal file
View File

@@ -0,0 +1,10 @@
---
other:
- |
In order to align approach on playbooks location and usage,
upgrade playbooks were moved from ``upgrade_utilities`` of
the integrated repository to ``openstack.osa`` collection:
* upgrade-utilities/deploy-config-changes.yml -> openstack.osa.upgrade.deploy_config_changes
* upgrade-utilities/galera-cluster-rolling-restart.yml -> openstack.osa.tools.galera_cluster_rolling_restart
* upgrade-utilities/nova-restore-compute-id.yml -> openstack.osa.tools.nova_restore_compute_id

87
scripts/upgrade-utilities/deploy-config-changes.yml
View File

@@ -11,88 +11,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Prepare environment and configuration for deploying the new release
hosts: localhost
connection: local
gather_facts: false
user: root
vars:
repo_root_dir: "{{ (playbook_dir ~ '/../../') | realpath }}"
tasks:
- name: Remove unnecessary env.d override files
shell: |
set -e
exit_code=0
if [[ -e {{ openstack_config_dir }}/env.d ]]; then
for f in $(diff --brief --report-identical-files {{ openstack_config_dir }}/env.d {{ openstack_clone_root }}/inventory/env.d | awk '/identical/ {print $2}' 2>/dev/null); do
echo "Deleting ${f} because it is identical to the defaults."
rm -f ${f}
exit_code=2
done
fi
exit ${exit_code}
args:
executable: /bin/bash
register: _envd_dir_cleanup
changed_when: _envd_dir_cleanup.rc == 2
failed_when: _envd_dir_cleanup.rc not in [0,2]
tags:
- identical-envd-file-cleanup
- name: Find any config files in the user-space env.d directory
find:
paths:
- "{{ openstack_config_dir }}/env.d"
patterns: '*.yml'
register: _envd_dir_contents
tags:
- custom-envd-file-check
- name: Halt the upgrade and warn the user to inspect the env.d files for changes
fail:
msg: |
There are files in /etc/openstack_deploy/env.d which override the default inventory
layout in {{ repo_root_dir }}/inventory/env.d. The difference between these files
should be carefully reviewed to understand whether the changes are still necessary
and applicable to the environment. If all the user-space env.d files are necessary,
then please export SKIP_CUSTOM_ENVD_CHECK=true and re-run the playbook or
run-upgrade.sh script.
when:
- _envd_dir_contents.matched > 0
- not(lookup('env', 'SKIP_CUSTOM_ENVD_CHECK') | bool)
tags:
- custom-envd-file-check
- name: Read example user secrets file
shell: "grep '^[a-zA-Z]' {{ repo_root_dir }}/etc/openstack_deploy/user_secrets.yml"
register: new_secrets
tags:
- update-secrets
- name: Read existing user secrets file
shell: "grep '^[a-zA-Z]' {{ openstack_config_dir }}/user_secrets.yml"
register: user_secrets
tags:
- update-secrets
- name: Add missing secrets
lineinfile:
dest: "{{ openstack_config_dir }}/user_secrets.yml"
line: "{{ item }}"
with_items: "{{ new_secrets.stdout_lines }}"
when:
- not (user_secrets.stdout | regex_search('((^|\n)' ~ item ~ ')'))
tags:
- update-secrets
- name: Generate new secrets
shell: "{{ repo_root_dir }}/scripts/pw-token-gen.py --file {{ openstack_config_dir }}/user_secrets.yml"
tags:
- update-secrets
- name: Remove fact cache to ensure a fresh one is built during the upgrade
file:
path: "{{ openstack_config_dir }}/ansible_facts"
state: absent
tags:
- remove-fact-cache
- name: Importing deploy_config_changes playbook
ansible.builtin.import_playbook: openstack.osa.upgrade.deploy_config_changes

55
scripts/upgrade-utilities/galera-cluster-rolling-restart.yml
View File

@@ -13,56 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Gracefully restart mariadb/galera cluster
hosts: galera_all
serial: 1
max_fail_percentage: 0
gather_facts: false
user: root
tasks:
- name: Stop mariadb
service:
name: mariadb
state: stopped
retries: 5
delay: 10
- name: Stop container
lxc_container:
name: "{{ inventory_hostname }}"
state: "stopped"
delegate_to: "{{ physical_host }}"
when: not hostvars[inventory_hostname]['is_metal']
- name: Start container
lxc_container:
name: "{{ inventory_hostname }}"
state: "started"
delegate_to: "{{ physical_host }}"
when: not hostvars[inventory_hostname]['is_metal']
- name: Start mariadb
service:
name: mariadb
state: started
retries: 5
delay: 10
when: hostvars[inventory_hostname]['is_metal']
post_tasks:
- name: Wait for mariadb port 3306 to be available
wait_for:
port: "3306"
host: "{{ management_address | default(ansible_ssh_host | default(inventory_hostname)) }}"
retries: 10
delay: 10
delegate_to: "{{ groups['utility_all'][0] }}"
- name: Check that WSREP is ready and Synced
shell: "/usr/bin/mariadb-admin extended-status | grep -E '(wsrep_local_state_comment)'"
register: mariadb_ready
until:
- mariadb_ready.rc == 0
- (mariadb_ready.stdout).find("Synced") != -1
retries: 60
delay: 1
- name: Importing galera_cluster_rolling_restart playbook
ansible.builtin.import_playbook: openstack.osa.tools.galera_cluster_rolling_restart

56
scripts/upgrade-utilities/nova-restore-compute-id.yml
View File

@@ -1,45 +1,15 @@
---
- name: Ensuring that compute node has UUID state defined
hosts: nova_compute
vars:
nova_compute_id_file: /var/lib/nova/compute_id
nova_hypervisor_fact_name: "{{ ansible_facts['fqdn'] }}"
handlers:
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Restart nova
ansible.builtin.service:
name: nova-compute
state: restarted
tasks:
- name: Checking if compute file exist
ansible.builtin.stat:
path: "{{ nova_compute_id_file }}"
register: _compute_id_status
- name: Get list of existing hypervisors # noqa: run-once[task]
ansible.builtin.command: openstack --os-cloud default hypervisor list -f json -c ID -c "Hypervisor Hostname"
run_once: true
delegate_to: "{{ groups['utility_all'][0] }}"
register: nova_hypervisors
changed_when: false
- name: Get node UUID if needed
when: not _compute_id_status.stat.exists
block:
- name: Register hypervisors fact
ansible.builtin.set_fact:
nova_hv: "{{ nova_hypervisors.stdout | from_json | selectattr('Hypervisor Hostname', 'eq', nova_hypervisor_fact_name) }}"
- name: Place node UUID to the expected location
ansible.builtin.copy:
dest: "{{ nova_compute_id_file }}"
content: >
{{ nova_hv[0]['ID'] }}
owner: nova
group: nova
mode: "0640"
when: nova_hv
notify: Restart nova
- name: Importing nova_restore_compute_id playbook
ansible.builtin.import_playbook: openstack.osa.tools.nova_restore_compute_id