Prevent accidental downgrades of RabbitMQ

As version-check.yml is added to deploy.yml, we must make sure the
tasks are only run when the rabbitmq container exists.

Change-Id: Iaa31bae739110094affb5e402ed9ac40b153ac3d
This commit is contained in:
Matt Crees 2024-09-19 13:10:00 +01:00
parent 7a9b0db708
commit f5ad7829c3
3 changed files with 79 additions and 50 deletions

View File

@ -1,4 +1,6 @@
--- ---
- import_tasks: version-check.yml
- include_tasks: remove-ha-all-policy.yml - include_tasks: remove-ha-all-policy.yml
when: when:
- not om_enable_rabbitmq_high_availability | bool - not om_enable_rabbitmq_high_availability | bool

View File

@ -1,59 +1,81 @@
--- ---
- block: - block:
- name: Get current RabbitMQ version - name: Get container facts
vars:
service_name: "rabbitmq"
service: "{{ rabbitmq_services[service_name] }}"
become: true become: true
command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version" kolla_container_facts:
register: rabbitmq_version_current action: get_containers
changed_when: false container_engine: "{{ kolla_container_engine }}"
name:
- "{{ service.container_name }}"
register: container_facts
- name: Get new RabbitMQ version - block:
become: true - name: Get current RabbitMQ version
vars: become: true
rabbitmq_container: "{{ rabbitmq_services['rabbitmq'] }}" command: "{{ kolla_container_engine }} exec {{ service.container_name }} rabbitmqctl --version"
kolla_container: register: rabbitmq_version_current
action: "start_container" changed_when: false
command: "rabbitmqctl --version"
detach: false
environment:
KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
image: "{{ rabbitmq_container.image }}"
name: "rabbitmq_version_check"
restart_policy: oneshot
volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
register: rabbitmq_version_new
failed_when: false
check_mode: false
# As an example, when the new RabbitMQ version is 3.13.6: - name: Get new RabbitMQ version
# new_major_version = 3 become: true
# new_minor_version = 13 vars:
# new_version = 3.13 rabbitmq_container: "{{ rabbitmq_services['rabbitmq'] }}"
# And if the current RabbitMQ version is 3.11.28: kolla_container:
# upgrade_version = 3.12 action: "start_container"
- name: Check if running RabbitMQ is at most one version behind command: "rabbitmqctl --version"
vars: container_engine: "{{ kolla_container_engine }}"
current_version_major: "{{ rabbitmq_version_current.stdout | regex_search('^[0-9]+') }}" detach: false
current_version_minor: "{{ rabbitmq_version_current.stdout | regex_search('(?<=.)[^.].') }}" environment:
current_version: "{{ rabbitmq_version_current.stdout | regex_replace('.[^.]+$', '') }}" KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}"
new_version_major: "{{ rabbitmq_version_new.stdout | regex_search('^[0-9]+') }}" image: "{{ rabbitmq_container.image }}"
new_version_minor: "{{ rabbitmq_version_new.stdout | regex_search('(?<=.)[^.].') }}" name: "rabbitmq_version_check"
new_version: "{{ rabbitmq_version_new.stdout | regex_replace('.[^.]+$', '') }}" restart_policy: oneshot
# Note: this assumes 3.13 will be the last release before 4.0. volumes: "{{ rabbitmq_default_volumes + rabbitmq_extra_volumes }}"
upgrade_version: "{{ '4.0' if current_version == '3.13' else current_version_major + '.' + (current_version_minor | int + 1) | string }}" register: rabbitmq_version_new
assert: failed_when: false
that: (current_version_major == new_version_major and check_mode: false
new_version_minor | int - current_version_minor | int <= 1) or
(new_version | float == 4.0 and current_version | float == 3.13) # As an example, when the new RabbitMQ version is 3.13.6:
fail_msg: > # new_major_version = 3
Looks like you're trying to run a skip-release upgrade! # new_minor_version = 13
RabbitMQ must be at most one version behind the target release version ({{ rabbitmq_version_new.stdout | trim }}) to run this upgrade. # new_version = 3.13
You are running {{ rabbitmq_version_current.stdout }}. # And if the current RabbitMQ version is 3.11.28:
Please first upgrade to {{ upgrade_version }} with the command ``kolla-ansible rabbitmq-upgrade {{ upgrade_version }}``. # upgrade_version = 3.12
See these docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#slurp - name: Check if running RabbitMQ is at most one version behind
vars:
current_version_major: "{{ rabbitmq_version_current.stdout | regex_search('^[0-9]+') }}"
current_version_minor: "{{ rabbitmq_version_current.stdout | regex_search('(?<=.)[^.].') }}"
current_version: "{{ rabbitmq_version_current.stdout | regex_replace('.[^.]+$', '') }}"
new_version_major: "{{ rabbitmq_version_new.stdout | regex_search('^[0-9]+') }}"
new_version_minor: "{{ rabbitmq_version_new.stdout | regex_search('(?<=.)[^.].') }}"
new_version: "{{ rabbitmq_version_new.stdout | regex_replace('.[^.]+$', '') }}"
# Note: this assumes 3.13 will be the last release before 4.0.
upgrade_version: "{{ '4.0' if current_version == '3.13' else current_version_major + '.' + (current_version_minor | int + 1) | string }}"
assert:
that: (current_version_major == new_version_major and
new_version_minor | int - current_version_minor | int <= 1) or
(new_version | float == 4.0 and current_version | float == 3.13)
fail_msg: >
Looks like you're trying to run a skip-release upgrade!
RabbitMQ must be at most one version behind the target release version ({{ rabbitmq_version_new.stdout | trim }}) to run this upgrade.
You are running {{ rabbitmq_version_current.stdout }}.
Please first upgrade to {{ upgrade_version }} with the command ``kolla-ansible rabbitmq-upgrade {{ upgrade_version }}``.
See these docs for more details: https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#slurp
- name: Catch when RabbitMQ is being downgraded
assert:
that: rabbitmq_version_current.stdout is version(rabbitmq_version_new.stdout | trim, 'le', version_type='semver')
fail_msg: >
Looks like you're about to downgrade RabbitMQ from version {{ rabbitmq_version_current.stdout }} to version {{ rabbitmq_version_new.stdout | trim }}.
If you're absolutely certain you want to do this, please skip the tag `rabbitmq-version-check`.
Otherwise, see these docs for how to pin the version of RabbitMQ:
https://docs.openstack.org/kolla-ansible/latest/reference/message-queues/rabbitmq.html#rabbitmq-versions
when: container_facts[service.container_name] is defined
delegate_to: "{{ groups[role_rabbitmq_groups] | first }}" delegate_to: "{{ groups[role_rabbitmq_groups] | first }}"
run_once: true run_once: true
tags: rabbitmq-version-check tags: rabbitmq-version-check
vars:
service_name: "rabbitmq"
service: "{{ rabbitmq_services[service_name] }}"

View File

@ -0,0 +1,5 @@
---
fixes:
- |
Adds a check to stop deploying/upgrading the RabbitMQ containers if it
will result in downgrading the version of RabbitMQ running.