Emilien Macchi 8b2fa8e7fc Fix a race when upgrading Neutron & Ironic on the undercloud
There is a race condition where Ironic Inspector upgrade removes the
service packages, which has in dependency Neutron as well so it will try
to remove Neutron at Step 2 while other Neutron services need to be
stopped by Ansible first, also at Step 2.
The packages removals happen at Step 3, so this patch moves these tasks
to it, like we do for other services.

Change-Id: Ic14f7837d8d11fd5260ba7c5236018c9a6226e5e
2018-07-25 01:40:52 +00:00

261 lines
11 KiB
YAML

heat_template_version: rocky
description: >
OpenStack containerized Ironic Inspector service (EXPERIMENTAL)
parameters:
DockerIronicInspectorImage:
description: image
type: string
DockerIronicInspectorConfigImage:
description: The container image to use for the ironic_inspector config_volume
type: string
EndpointMap:
default: {}
description: Mapping of service endpoint -> protocol. Typically set
via parameter_defaults in the resource registry.
type: json
ServiceNetMap:
default: {}
description: Mapping of service_name -> network name. Typically set
via parameter_defaults in the resource registry. This
mapping overrides those in ServiceNetMapDefaults.
type: json
ServiceData:
default: {}
description: Dictionary packing service data
type: json
DefaultPasswords:
default: {}
type: json
RoleName:
default: ''
description: Role name on which the service is applied
type: string
RoleParameters:
default: {}
description: Parameters specific to the role
type: json
IPAImageURLs:
default: []
description: IPA image URLs, the format should be ["http://path/to/kernel", "http://path/to/ramdisk"]
type: json
UpgradeRemoveUnusedPackages:
default: false
description: Remove package if the service is being disabled during upgrade
type: boolean
resources:
ContainersCommon:
type: ./containers-common.yaml
IronicInspectorBase:
type: ../../puppet/services/ironic-inspector.yaml
properties:
EndpointMap: {get_param: EndpointMap}
ServiceNetMap: {get_param: ServiceNetMap}
ServiceData: {get_param: ServiceData}
DefaultPasswords: {get_param: DefaultPasswords}
RoleName: {get_param: RoleName}
RoleParameters: {get_param: RoleParameters}
MySQLClient:
type: ../../puppet/services/database/mysql-client.yaml
conditions:
ipa_images: {not: {equals: [{get_param: IPAImageURLs}, []]}}
outputs:
role_data:
description: Role data for the Ironic Inspector role.
value:
service_name: ironic_inspector
config_settings:
map_merge:
- get_attr: [IronicInspectorBase, role_data, config_settings]
# Match what we do for Ironic containers
- ironic::inspector::tftp_root: /var/lib/ironic/tftpboot
- ironic::inspector::http_root: /var/lib/ironic/httpboot
service_config_settings: {get_attr: [IronicInspectorBase, role_data, service_config_settings]}
# BEGIN DOCKER SETTINGS
puppet_config:
config_volume: ironic_inspector
puppet_tags: ironic_inspector_config
step_config:
list_join:
- "\n"
- - {get_attr: [IronicInspectorBase, role_data, step_config]}
- {get_attr: [MySQLClient, role_data, step_config]}
config_image: {get_param: DockerIronicInspectorConfigImage}
volumes:
- /var/lib/ironic:/var/lib/ironic:shared
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
kolla_config:
/var/lib/kolla/config_files/ironic_inspector.json:
command: /usr/bin/ironic-inspector --config-file /etc/ironic-inspector/inspector-dist.conf --config-file /etc/ironic-inspector/inspector.conf
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
permissions:
- path: /var/log/ironic-inspector
owner: ironic-inspector:ironic-inspector
recurse: true
- path: /var/lib/ironic
owner: ironic:ironic
- path: /var/lib/ironic-inspector/dhcp-hostsdir
owner: ironic-inspector:ironic-inspector
recurse: true
/var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:
config_files:
- source: "/var/lib/kolla/config_files/src/*"
dest: "/"
merge: true
preserve_properties: true
command: /sbin/dnsmasq --conf-file=/etc/ironic-inspector/dnsmasq.conf -k --log-facility=/var/log/ironic-inspector/dnsmasq.log
docker_config:
step_3:
ironic_inspector_init_log:
start_order: 0
image: &ironic_inspector_image
get_param: DockerIronicInspectorImage
user: root
volumes:
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/log/ironic-inspector']
ironic_inspector_init_dnsmasq_dhcp_hostsdir:
start_order: 1
image: *ironic_inspector_image
user: root
volumes:
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
command: ['/bin/bash', '-c', 'chown -R ironic-inspector:ironic-inspector /var/lib/ironic-inspector/dhcp-hostsdir']
ironic_inspector_db_sync:
start_order: 2
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/ironic_inspector/etc/ironic-inspector:/etc/ironic-inspector:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command: "/usr/bin/bootstrap_host_exec ironic_inspector su ironic-inspector -s /bin/bash -c 'ironic-inspector-dbsync --config-file /etc/ironic-inspector/inspector.conf upgrade'"
ironic_inspector_get_ipa:
start_order: 2
image: *ironic_inspector_image
net: host
user: root
privileged: false
detach: false
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/ironic:/var/lib/ironic:shared
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
command:
if:
- ipa_images
- list_join:
- " "
- - "curl -g -o /var/lib/ironic/httpboot/agent.kernel"
- {get_param: [IPAImageURLs, 0]}
- "-o /var/lib/ironic/httpboot/agent.ramdisk"
- {get_param: [IPAImageURLs, 1]}
- 'true'
step_4:
ironic_inspector:
start_order: 92
image: *ironic_inspector_image
privileged: true
net: host
restart: always
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/lib/ironic:/var/lib/ironic:shared
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
ironic_inspector_dnsmasq:
start_order: 93
image: *ironic_inspector_image
privileged: true
net: host
restart: always
user: root
volumes:
list_concat:
- {get_attr: [ContainersCommon, volumes]}
-
- /var/lib/kolla/config_files/ironic_inspector_dnsmasq.json:/var/lib/kolla/config_files/config.json:ro
- /var/lib/config-data/puppet-generated/ironic_inspector/:/var/lib/kolla/config_files/src:ro
- /var/log/containers/ironic-inspector:/var/log/ironic-inspector
- /var/lib/ironic-inspector/dhcp-hostsdir:/var/lib/ironic-inspector/dhcp-hostsdir:shared
environment:
- KOLLA_CONFIG_STRATEGY=COPY_ALWAYS
host_prep_tasks:
- name: create persistent ironic-inspector logs directory
file:
path: /var/log/containers/ironic-inspector
state: directory
- name: ironic-inspector logs readme
copy:
dest: /var/log/ironic-inspector/readme.txt
content: |
Log files from ironic-inspector container can be found under
/var/log/containers/ironic-inspector.
ignore_errors: true
- name: create persistent ironic-inspector dnsmasq dhcp hostsdir
file:
path: /var/lib/ironic-inspector/dhcp-hostsdir
state: directory
upgrade_tasks:
- when: step|int == 0
tags: common
block:
- name: Check if ironic_inspector is deployed
command: systemctl is-enabled --quiet openstack-ironic-inspector
ignore_errors: True
register: ironic_inspector_enabled_result
- name: Set fact ironic_inspector_enabled
set_fact:
ironic_inspector_enabled: "{{ ironic_inspector_enabled_result.rc == 0 }}"
- name: "PreUpgrade step0,validation: Check service openstack-ironic-inspector is running"
command: systemctl is-active --quiet openstack-ironic-inspector
tags: validation
when: ironic_inspector_enabled|bool
- when: step|int == 2
block:
- name: Stop and disable ironic_inspector service
service: name=openstack-ironic-inspector state=stopped enabled=no
when: ironic_inspector_enabled|bool
- name: Stop and disable ironic_inspector dnsmasq service
service: name=openstack-ironic-inspector-dnsmasq state=stopped enabled=no
when: ironic_inspector_enabled|bool
- when: step|int == 3
block:
- name: Set fact for removal of openstack-ironic-inspector package
set_fact:
remove_ironic_inspector_package: {get_param: UpgradeRemoveUnusedPackages}
- name: Remove openstack-ironic-inspector package if operator requests it
package: name=openstack-ironic-inspector state=removed
ignore_errors: True
when: remove_ironic_inspector_package|bool