openstack-ansible/scripts/upgrade-utilities/deploy-config-changes.yml
Dmitriy Rabotyagov 973a65494b Add designate pool uuid to secrets
That UUID is supposed to be generated per deployment
instead of being hardcoded in role defaults

Change-Id: I452d23c650104b8dfe53f3477a3c3ef9c2c62b56
2021-01-21 19:18:52 +02:00

110 lines
4.0 KiB
YAML

---
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
- name: Prepare environment and configuration for deploying the new release
hosts: localhost
connection: local
gather_facts: false
user: root
vars:
repo_root_dir: "{{ (playbook_dir ~ '/../../') | realpath }}"
tasks:
- name: Remove unnecessary env.d override files
shell: |
set -e
exit_code=0
if [[ -e {{ openstack_config_dir }}/env.d ]]; then
for f in $(diff --brief --report-identical-files {{ openstack_config_dir }}/env.d {{ openstack_clone_root }}/inventory/env.d | awk '/identical/ {print $2}' 2>/dev/null); do
echo "Deleting ${f} because it is identical to the defaults."
rm -f ${f}
exit_code=2
done
fi
exit ${exit_code}
args:
executable: /bin/bash
register: _envd_dir_cleanup
changed_when: _envd_dir_cleanup.rc == 2
failed_when: _envd_dir_cleanup.rc not in [0,2]
tags:
- identical-envd-file-cleanup
- name: Find any config files in the user-space env.d directory
find:
paths:
- "{{ openstack_config_dir }}/env.d"
patterns: '*.yml'
register: _envd_dir_contents
tags:
- custom-envd-file-check
- name: Halt the upgrade and warn the user to inspect the env.d files for changes
fail:
msg: |
There are files in /etc/openstack_deploy/env.d which override the default inventory
layout in {{ repo_root_dir }}/inventory/env.d. The difference between these files
should be carefully reviewed to understand whether the changes are still necessary
and applicable to the environment. If all the user-space env.d files are necessary,
then please export SKIP_CUSTOM_ENVD_CHECK=true and re-run the playbook or
run-upgrade.sh script.
when:
- _envd_dir_contents.matched > 0
- not(lookup('env', 'SKIP_CUSTOM_ENVD_CHECK') | bool)
tags:
- custom-envd-file-check
- name: Read example user secrets file
shell: "grep '^[a-zA-Z]' {{ repo_root_dir }}/etc/openstack_deploy/user_secrets.yml"
register: new_secrets
tags:
- update-secrets
- name: Read existing user secrets file
shell: "grep '^[a-zA-Z]' {{ openstack_config_dir }}/user_secrets.yml"
register: user_secrets
tags:
- update-secrets
- name: Add missing secrets
lineinfile:
dest: "{{ openstack_config_dir }}/user_secrets.yml"
line: "{{ item }}"
with_items: "{{ new_secrets.stdout_lines }}"
when:
- not (user_secrets.stdout | regex_search('((^|\n)' ~ item ~ ')'))
tags:
- update-secrets
# TODO(noonedeadpunk): Remove after W cycle
- name: Define Designate pool id
lineinfile:
dest: "{{ openstack_config_dir }}/user_secrets.yml"
regexp: "^designate_pool_uuid"
line: "designate_pool_uuid: {{ designate_pool_uuid | default('794ccc2c-d751-44fe-b57f-8894c9f5c842') }}"
when:
- not (user_secrets.stdout | regex_search('((^|\n)designate_pool_uuid)'))
tags:
- update-secrets
- name: Generate new secrets
shell: "{{ repo_root_dir }}/scripts/pw-token-gen.py --file {{ openstack_config_dir }}/user_secrets.yml"
tags:
- update-secrets
- name: Remove fact cache to ensure a fresh one is built during the upgrade
file:
path: "{{ openstack_config_dir }}/ansible_facts"
state: absent
tags:
- remove-fact-cache