Merge "Change task ordering to perform smooth upgrades"

2021-06-18 15:51:06 +00:00 · 2021-06-18 15:51:06 +00:00 · 77f9b16967
commit 77f9b16967
parent c42711e1cf 5763885453
5 changed files with 52 additions and 46 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -70,6 +70,30 @@
    - "Restart neutron services"
    - "venv changed"

+- name: Symlink neutron config directory
+  file:
+    # NOTE(cloudnull): The "src" path is relative. This ensures all files remain
+    #                  within the host/container confines when connecting to
+    #                  them using the connection plugin or the root filesystem.
+    src: "{{ neutron_conf_version_dir | regex_replace('^/', '../') }}"
+    dest: "{{ neutron_conf_dir }}"
+    state: link
+    force: true
+  when: neutron_install_method == 'source'
+  listen:
+    - "venv changed"
+
+- name: Drop sudoers file
+  template:
+    src: "sudoers.j2"
+    dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers"
+    mode: "0440"
+    owner: "root"
+    group: "root"
+  listen:
+    - "Restart neutron services"
+    - "venv changed"
+
 - name: Perform a DB contract
  command: "{{ neutron_bin }}/neutron-db-manage upgrade --contract"
  become: yes
--- a/tasks/neutron_db_setup.yml
+++ b/tasks/neutron_db_setup.yml
@ -14,7 +14,7 @@
 # limitations under the License.

 - name: Perform a DB expand
-  command: "{{ neutron_bin }}/neutron-db-manage upgrade --expand"
+  command: "{{ neutron_bin }}/neutron-db-manage --config-file {{ neutron_conf_version_dir }}/neutron.conf upgrade --expand"
  become: yes
  become_user: "{{ neutron_system_user_name }}"
  when:
@ -29,7 +29,7 @@
    value: "False"

 - name: Check for available offline migrations
-  command: "{{ neutron_bin }}/neutron-db-manage has_offline_migrations"
+  command: "{{ neutron_bin }}/neutron-db-manage --config-file {{ neutron_conf_version_dir }}/neutron.conf has_offline_migrations"
  environment:
    LANGUAGE: en_US.UTF-8
  become: yes
--- a/tasks/neutron_post_install.yml
+++ b/tasks/neutron_post_install.yml
@ -21,11 +21,11 @@
    group: "{{ item.group|default(neutron_system_group_name) }}"
    mode: "{{ item.mode | default(omit) }}"
  with_items:
-    - path: "{{ neutron_conf_dir }}/plugins"
+    - path: "{{ neutron_conf_version_dir }}/plugins"
      mode: "0750"
-    - path: "{{ neutron_conf_dir }}/plugins/{{ neutron_plugin_type.split('.')[0] }}"
+    - path: "{{ neutron_conf_version_dir }}/plugins/{{ neutron_plugin_type.split('.')[0] }}"
      mode: "0750"
-    - path: "{{ neutron_conf_dir }}/rootwrap.d"
+    - path: "{{ neutron_conf_version_dir }}/rootwrap.d"
      owner: "root"
      group: "root"

@ -34,7 +34,7 @@
 - name: Copy extra neutron rootwrap filters
  copy:
    src: "{{ item }}"
-    dest: "{{ neutron_conf_dir }}/rootwrap.d/"
+    dest: "{{ neutron_conf_version_dir }}/rootwrap.d/"
    owner: "root"
    group: "root"
  with_fileglob:
@ -53,11 +53,11 @@
    config_type: "{{ item.config_type }}"
  with_items:
    - src: "neutron.conf.j2"
-      dest: "{{ neutron_conf_dir }}/neutron.conf"
+      dest: "{{ neutron_conf_version_dir }}/neutron.conf"
      config_overrides: "{{ neutron_neutron_conf_overrides }}"
      config_type: "ini"
    - src: "{{ neutron_plugins[neutron_plugin_type].plugin_ini }}.j2"
-      dest: "{{ neutron_conf_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
+      dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[neutron_plugin_type].plugin_ini }}"
      config_overrides: "{{ neutron_plugins[neutron_plugin_type].plugin_conf_ini_overrides }}"
      config_type: "ini"
  notify:
@ -66,7 +66,7 @@
 - name: Implement policy.yaml if there are overrides configured
  config_template:
    content: "{{ neutron_policy_overrides }}"
-    dest: "{{ neutron_conf_dir }}/policy.yaml"
+    dest: "{{ neutron_conf_version_dir }}/policy.yaml"
    owner: "root"
    group: "{{ neutron_system_group_name }}"
    mode: "0640"
@ -88,7 +88,7 @@
 - name: Place api-paste.ini to the correct path in RedHat
  file:
    src: "/usr/share/neutron/api-paste.ini"
-    dest: "{{ neutron_conf_dir }}/api-paste.ini"
+    dest: "{{ neutron_conf_version_dir }}/api-paste.ini"
    owner: "root"
    group: "{{ neutron_system_group_name }}"
    mode: "0640"
@ -141,7 +141,7 @@
 # NOTE(cloudnull): This will ensure strong permissions on all rootwrap files.
 - name: Set rootwrap.d permissions
  file:
-    path: "{{ neutron_conf_dir }}/rootwrap.d"
+    path: "{{ neutron_conf_version_dir }}/rootwrap.d"
    owner: "root"
    group: "root"
    mode: "0640"
@ -150,7 +150,7 @@
 - name: Copy neutron ml2 plugin config
  config_template:
    src: "{{ ('plugin_conf_bare' not in neutron_plugins[item]) | ternary(neutron_plugins[item].plugin_ini ~ '.j2', omit) }}"
-    dest: "{{ neutron_conf_dir }}/{{ neutron_plugins[item].plugin_ini }}"
+    dest: "{{ neutron_conf_version_dir }}/{{ neutron_plugins[item].plugin_ini }}"
    owner: "root"
    group: "{{ neutron_system_group_name }}"
    mode: "0640"
@ -161,7 +161,7 @@
 - name: Generate neutron dnsmasq Config
  template:
    src: "dnsmasq-neutron.conf.j2"
-    dest: "{{ neutron_conf_dir }}/dnsmasq-neutron.conf"
+    dest: "{{ neutron_conf_version_dir }}/dnsmasq-neutron.conf"
    owner: "root"
    group: "{{ neutron_system_group_name }}"
    mode: "0640"
@ -189,7 +189,7 @@
 - name: Generate neutron bgpvpn networking configuration
  template:
    src: "networking_bgpvpn.conf.j2"
-    dest: "{{ neutron_conf_dir }}/networking_bgpvpn.conf"
+    dest: "{{ neutron_conf_version_dir }}/networking_bgpvpn.conf"
    owner: "root"
    group: "{{ neutron_system_group_name }}"
    mode: "0640"
--- a/tasks/neutron_pre_install.yml
+++ b/tasks/neutron_pre_install.yml
@ -53,29 +53,18 @@
 - name: Create neutron dir
  file:
    path: "{{ item.path | default(omit) }}"
-    src: "{{ item.src | default(omit) }}"
-    dest: "{{ item.dest | default(omit) }}"
    state: "{{ item.state | default('directory') }}"
    owner: "{{ item.owner | default(neutron_system_user_name) }}"
    group: "{{ item.group | default(neutron_system_group_name) }}"
    mode: "{{ item.mode | default(omit) }}"
-    force: "{{ item.force | default(omit) }}"
  when:
    - (item.condition | default(true)) | bool
  with_items:
    - path: "/openstack"
      owner: "root"
      group: "root"
-    - path: "{{ (neutron_install_method == 'distro') | ternary(neutron_conf_dir, (neutron_bin | dirname) + '/etc/neutron') }}"
+    - path: "{{ neutron_conf_version_dir }}"
      mode: "0755"
-    # NOTE(cloudnull): The "src" path is relative. This ensures all files remain
-    #                  within the host/container confines when connecting to
-    #                  them using the connection plugin or the root filesystem.
-    - dest: "{{ neutron_conf_dir }}"
-      src: "{{ neutron_bin | dirname | regex_replace('^/', '../') }}/etc/neutron"
-      state: link
-      force: true
-      condition: "{{ neutron_install_method == 'source' }}"
    - path: "/etc/sudoers.d"
      mode: "0750"
      owner: "root"
@ -87,14 +76,6 @@
      mode: "0755"
    - path: "{{ neutron_system_home_folder }}/ha_confs"

- name: Drop sudoers file
-  template:
-    src: "sudoers.j2"
-    dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers"
-    mode: "0440"
-    owner: "root"
-    group: "root"
-
 - name: Add dependency repos for Neutron
  package:
    name: "{{ neutron_repos }}"
--- a/vars/main.yml
+++ b/vars/main.yml
@ -122,6 +122,7 @@ neutron_venv_packages: >-
 ###

 neutron_conf_dir: /etc/neutron
+neutron_conf_version_dir: "{{ (neutron_install_method == 'distro') | ternary(neutron_conf_dir, (neutron_bin | dirname) + '/etc/neutron') }}"
 neutron_lock_path: "/var/lock/neutron"
 neutron_system_user_name: neutron
 neutron_system_group_name: neutron
@ -348,7 +349,7 @@ neutron_services:
    group: neutron_dhcp_agent
    service_name: neutron-dhcp-agent
    service_en: "{{ neutron_dhcp | bool }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: dhcp_agent.ini
    service_rootwrap: rootwrap.d/dhcp.filters
    execstarts: "{{ neutron_bin }}/neutron-dhcp-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/dhcp_agent.ini"
@ -360,7 +361,7 @@ neutron_services:
    group: neutron_openvswitch_agent
    service_name: neutron-openvswitch-agent
    service_en: "{{ neutron_plugin_type in ['ml2.ovs', 'ml2.ovs.dvr'] }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: plugins/ml2/openvswitch_agent.ini
    service_rootwrap: rootwrap.d/openvswitch-plugin.filters
    execstarts: "{{ neutron_bin }}/neutron-openvswitch-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/openvswitch_agent.ini"
@ -372,7 +373,7 @@ neutron_services:
    group: neutron_linuxbridge_agent
    service_name: neutron-linuxbridge-agent
    service_en: "{{ neutron_plugin_type == 'ml2.lxb' }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: plugins/ml2/linuxbridge_agent.ini
    service_rootwrap: rootwrap.d/linuxbridge-plugin.filters
    execstarts: "{{ neutron_bin }}/neutron-linuxbridge-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/linuxbridge_agent.ini"
@ -384,7 +385,7 @@ neutron_services:
    group: neutron_metadata_agent
    service_name: neutron-metadata-agent
    service_en: "{{ neutron_metadata | bool }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: metadata_agent.ini
    execstarts: "{{ neutron_bin }}/neutron-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metadata_agent.ini"
    config_overrides: "{{ neutron_metadata_agent_ini_overrides }}"
@ -395,7 +396,7 @@ neutron_services:
    group: neutron_metering_agent
    service_name: neutron-metering-agent
    service_en: "{{ neutron_metering | bool }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: metering_agent.ini
    execstarts: "{{ neutron_bin }}/neutron-metering-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/metering_agent.ini"
    config_overrides: "{{ neutron_metering_agent_ini_overrides }}"
@ -407,7 +408,7 @@ neutron_services:
    group: neutron_l3_agent
    service_name: neutron-l3-agent
    service_en: "{{ neutron_l3 | bool }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: l3_agent.ini
    service_rootwrap: rootwrap.d/l3.filters
    environment:
@ -421,7 +422,7 @@ neutron_services:
    group: neutron_bgp_dragent
    service_name: neutron-bgp-dragent
    service_en: "{{ neutron_bgp | bool }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: bgp_dragent.ini
    execstarts: "{{ neutron_bin }}/neutron-bgp-dragent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/bgp_dragent.ini"
    config_overrides: "{{ neutron_bgp_dragent_ini_overrides }}"
@ -436,7 +437,7 @@ neutron_services:
    group: neutron_l3_agent
    service_name: neutron-vpn-agent
    service_en: false
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: vpnaas_agent.ini
    service_rootwrap: rootwrap.d/vpnaas.filters
    execstarts: "{{ neutron_bin }}/neutron-vpn-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/vpnaas_agent.ini"
@ -480,7 +481,7 @@ neutron_services:
    group: neutron_sriov_nic_agent
    service_name: neutron-sriov-nic-agent
    service_en: "{{ 'ml2.sriov' in neutron_plugin_types }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: plugins/ml2/sriov_nic_agent.ini
    execstarts: "{{ neutron_bin }}/neutron-sriov-nic-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/plugins/ml2/sriov_nic_agent.ini"
    config_overrides: "{{ neutron_sriov_nic_agent_ini_overrides }}"
@ -499,7 +500,7 @@ neutron_services:
    systemd_group_name: root
    service_name: neutron-ovn-metadata-agent
    service_en: "{{ neutron_plugin_type == 'ml2.ovn' }}"
-    service_conf_path: "{{ neutron_conf_dir }}"
+    service_conf_path: "{{ neutron_conf_version_dir }}"
    service_conf: neutron_ovn_metadata_agent.ini
    service_rootwrap: rootwrap.d/ovn-plugin.filters
    execstarts: "{{ neutron_bin }}/neutron-ovn-metadata-agent --config-file {{ neutron_conf_dir }}/neutron.conf --config-file {{ neutron_conf_dir }}/plugins/ml2/ml2_conf.ini --config-file {{ neutron_conf_dir }}/neutron_ovn_metadata_agent.ini"
@ -543,11 +544,11 @@ neutron_role_project_group: neutron_all

 neutron_core_files:
  - tmp_f: "/tmp/api-paste.ini.original"
-    target_f: "{{ neutron_conf_dir }}/api-paste.ini"
+    target_f: "{{ neutron_conf_version_dir }}/api-paste.ini"
    config_overrides: "{{ _neutron_api_paste_ini_overrides | combine(neutron_api_paste_ini_overrides, recursive=True) }}"
    config_type: "ini"
  - tmp_f: "/tmp/rootwrap.conf.original"
-    target_f: "{{ neutron_conf_dir }}/rootwrap.conf"
+    target_f: "{{ neutron_conf_version_dir }}/rootwrap.conf"
    config_overrides: "{{ _neutron_rootwrap_conf_overrides | combine(neutron_rootwrap_conf_overrides, recursive=True) }}"
    config_type: "ini"
    owner: "root"