Dmitriy Rabotyagov 96fb295bbc Ensure that services that intended to stay disabled are not started
This mainly affects neutron-rpc-server service, which intended to stay
disabled/stopped.

While we've introduced logic in vars, which is respected by systemd role
it is not respected by the role handlers, which brings service back up
running unconditionally.

This actually breaks neutron behaviour after merging of [1], which relies
on neutron-rpc-server being disabled.

[1] https://review.opendev.org/c/openstack/openstack-ansible-os_neutron/+/927881

Change-Id: I28c928362ef009c1b49673005463b653d038faf9
2024-10-14 18:08:15 +00:00

146 lines
4.5 KiB
YAML

---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Stop services
service:
name: "{{ item.service_name }}"
state: "stopped"
daemon_reload: yes
with_items: "{{ filtered_neutron_services }}"
register: _stop
until: _stop is success
retries: 5
delay: 2
listen:
- "Restart neutron services"
- "venv changed"
- "systemd service changed"
- "cert installed"
# NOTE
# When restarting neutron-l3-agent, a non-default systemd KillMode of 'process' is used
# to prevent Keepalived from exiting and causing a data-plane outage. As a result of this
# some neutron processes remain running. In the case of an upgrade, these remaining
# processes will be running code from the previous version. This step ensures these
# orphaned processes are cleaned up correctly.
- name: Run neutron-l3-agent process cleanup
shell: |
cgroup_path=$(findmnt -t cgroup2 -r -n -f -o target)
for ns_pid in $(cat ${cgroup_path}/neutron.slice/neutron-l3-agent.service/cgroup.procs); do
echo $(readlink -f "/proc/$ns_pid/exe") | egrep -qv "keepalived|haproxy|ipsec"
if [ $? -eq 0 ] || [ "{{ neutron_l3_cleanup_on_shutdown | bool }}" = "True" ]; then
if kill -9 "$ns_pid"; then
logger -s "old neutron-l3-agent pid found and has been cleaned up on: \"$ns_pid\""
fi
fi
done
when: "'neutron-l3-agent' in (filtered_neutron_services | map(attribute='service_key') | list)"
changed_when: false
listen:
- "Restart neutron services"
- "venv changed"
- name: Restart openvswitch
service:
name: "{{ neutron_ovs_service_name }}"
state: restarted
listen:
- "Restart provider services"
when:
- neutron_needs_openvswitch | bool
- not _neutron_ovs_disabled
- name: Symlink neutron config directory
file:
# NOTE(cloudnull): The "src" path is relative. This ensures all files remain
# within the host/container confines when connecting to
# them using the connection plugin or the root filesystem.
src: "{{ neutron_conf_version_dir | regex_replace('^/', '../') }}"
dest: "{{ neutron_conf_dir }}"
state: link
force: true
when: neutron_install_method == 'source'
listen:
- "venv changed"
- name: Drop sudoers file
template:
src: "sudoers.j2"
dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers"
mode: "0440"
owner: "root"
group: "root"
listen:
- "Restart neutron services"
- "venv changed"
- name: Perform a DB contract
command: "{{ neutron_bin }}/neutron-db-manage upgrade --contract"
become: yes
become_user: "{{ neutron_system_user_name }}"
changed_when: false
when:
- "ansible_local['openstack_ansible']['neutron']['need_db_contract'] | bool"
- "_neutron_is_first_play_host"
listen:
- "Restart neutron services"
- "venv changed"
- name: Start services
service:
name: "{{ item.service_name }}"
enabled: "{{ item.enabled | default(True) }}"
state: "{{ item.state | default('started') }}"
daemon_reload: yes
with_items: "{{ filtered_neutron_services }}"
register: _start
until: _start is success
retries: 5
delay: 2
listen:
- "Restart neutron services"
- "venv changed"
- "systemd service changed"
- "cert installed"
- name: Start ovn service
service:
name: "{{ neutron_ovn_northd_service_name }}"
state: started
listen:
- start ovn service
# (NOTE) Restarting twice to cleanup some pid.
- name: Restart ovn northd
service:
name: "{{ neutron_ovn_northd_service_name }}"
state: restarted
when:
- neutron_services['neutron-ovn-northd']['group'] in group_names and neutron_plugin_type == 'ml2.ovn'
listen:
- restart ovn service
- ovn cert installed
- name: Restart ovn controller
service:
name: "{{ neutron_ovn_controller_service_name }}"
state: restarted
when:
- neutron_services['neutron-ovn-controller']['group'] in group_names and neutron_plugin_type == 'ml2.ovn'
listen:
- restart ovn service
- ovn cert installed