- block: - name: fix grub entries to have name start with GRUB_ replace: path: /etc/default/grub regexp: ^(TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS)(.*) replace: GRUB_\1\2 - name: fix grub entries in append statement replace: path: /etc/default/grub regexp: (.*){(TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS)}(.*) replace: \1{GRUB_\2}\3 name: upgrade prepare for leapp to align kernel arg shortcommings in leapp tags: - never - system_upgrade - system_upgrade_prepare when: - step|int == 3 - upgrade_leapp_enabled - include_role: name: tripleo_podman tasks_from: tripleo_podman_rsyslog_cleanup name: remove rsyslog configuration for podman healthcheck log - containers.podman.podman_image: force: true name: registry.redhat.io/rhosp-rhel9/openstack-collectd:17.1 name: Force pull image collectd tags: - never - system_upgrade - system_upgrade_run when: - step|int == 3 - block: - name: Update collectd to UBI9 tripleo_container_manage: config_dir: /var/lib/tripleo-config/container-startup-config/step_3 config_id: - tripleo_step3 config_overrides: collectd: image: registry.redhat.io/rhosp-rhel9/openstack-collectd:17.1 config_patterns: collectd.json debug: '{{ enable_debug | bool }}' log_base_path: '{{ container_log_stdout_path }}' name: UBI8 to UBI9 switch of collectd tags: - never - system_upgrade - system_upgrade_run when: - step|int == 5 - failed_when: false name: Remove openstack-nova-compute and python-nova package during upgrade package: name: - openstack-nova-compute - python-nova state: removed when: step|int == 2 - block: - mount: fstype: nfs4 name: /var/lib/nova/instances state: absent name: Unmount Nova NFS Share vars: nfs_backend_enable: false when: nfs_backend_enable|bool name: nova_compute pre system_upgrade tasks tags: - never - system_upgrade - system_upgrade_run - system_upgrade_nfsmounts when: - step|int == 3 - upgrade_leapp_enabled - block: - mount: fstype: nfs4 name: /var/lib/nova/instances opts: _netdev,bg,{{nfs_options}},nfsvers={{nfs_vers}} src: '{{nfs_share}}' state: mounted name: Mount Nova NFS Share vars: nfs_backend_enable: false nfs_options: context=system_u:object_r:nfs_t:s0 nfs_share: '' nfs_vers: '4.2' when: nfs_backend_enable|bool name: nova_compute post system_upgrade tasks tags: - never - system_upgrade - system_upgrade_run - system_upgrade_nfsmounts when: - step|int == 5 - upgrade_leapp_enabled - fail: msg: Use of the Modular Libvirt deployment on RHEL8 results in loss of workloads. Use NovaLibvirtLegacy in roles data. name: Fail if we are on RHEL8 as this is monolithic libvirt deployment when: - step|int == 0 - '''system_upgrade'' not in ansible_run_tags' - ansible_facts['distribution_major_version'] is version('8', '==') - block: - file: path: /etc/tmpfiles.d/var-run-libvirt.conf state: absent name: Remove old tmpfiles.d config name: nova_libvirt_container_tmpfile_cleanup when: step|int == 1 - name: Get container virtlogd image set_fact: virtlogd_image: registry.redhat.io/rhosp-rhel9/openstack-nova-libvirt:17.1 tags: always when: step|int == 1 - containers.podman.podman_image: force: true name: '{{ virtlogd_image }}' name: Force pull image novalibvirt when: - step|int == 1 - args: executable: /bin/bash failed_when: false name: Diff OS release in container image and baremetal register: libvirt_ubi_diff shell: 'diff /etc/redhat-release <(podman run {{ virtlogd_image }} cat /etc/redhat-release) ' when: step|int == 1 - fail: msg: 'The host operating system versus container UBI does not match. {{ libvirt_ubi_diff.stdout }} Most likely container passed to NovaLibvirt was EL8 one. You have to pass the correct container for container-image-prepare. If you would continue all running workloads would get destroyed. ' name: Fail if UBI of the container does not match RHEL of running host when: - '''system_upgrade'' not in ansible_run_tags' - step|int == 1 - libvirt_ubi_diff.rc == 1 - block: - name: Get running image version register: old_virtlogd_image shell: 'podman ps --filter name=^nova_virtlogd$ --format "{% raw %}{{ .Image }}{% endraw %}" ' - name: Switch running image to new image in wrapper script shell: 'set -o pipefail sed -i -e ''s|{{ old_virtlogd_image.stdout }}|{{ virtlogd_image }}|'' /var/lib/container-config-scripts/virtlogd_wrapper ' when: - old_virtlogd_image.stdout != virtlogd_image - old_virtlogd_image.stdout != '' name: Switch virtlogd image before system upgrade tags: - never - system_upgrade when: step|int == 1 - block: - file: path: /etc/tmpfiles.d/var-run-libvirt.conf state: absent name: Remove old tmpfiles.d config name: nova_migration_target_tmpfile_cleanup when: step|int == 1 - file: path: /etc/cron.daily/containers-tmpwatch state: absent name: Ensure old cron.daily is absent when: step|int == 1 - block: - lineinfile: dest: /etc/hosts line: '{{ undercloud_hosts_entries | join('''') }}' state: present name: Make sure the Undercloud hostname is included in /etc/hosts when: - undercloud_hosts_entries is defined name: Configure Podman registry when: - step|int == 1 - block: - name: Set login facts no_log: true set_fact: container_default_pids_limit: 4096 container_events_logger_mechanism: journald container_registry_insecure_registries: [] container_registry_login: false container_registry_logins: {} container_registry_logins_json: {} - name: Convert logins json to dict no_log: true set_fact: container_registry_logins: '{{ container_registry_logins_json | from_json }}' when: - container_registry_logins_json is string - container_registry_login | bool - (container_registry_logins_json | length) > 0 - name: Set registry logins no_log: true set_fact: container_registry_logins: '{{ container_registry_logins_json }}' when: - container_registry_logins_json is mapping - container_registry_login | bool - (container_registry_logins_json | length) > 0 - include_role: name: tripleo_podman tasks_from: tripleo_podman_install.yml name: Run podman install vars: tripleo_container_default_pids_limit: '{{ container_default_pids_limit }}' tripleo_container_events_logger_mechanism: '{{ container_events_logger_mechanism }}' tripleo_container_registry_insecure_registries: '{{ container_registry_insecure_registries }}' - include_role: name: tripleo_podman tasks_from: tripleo_podman_login.yml name: Run podman login vars: tripleo_container_registry_login: '{{ container_registry_login | bool }}' tripleo_container_registry_logins: '{{ container_registry_logins }}' name: Run podman install tags: - system_upgrade - system_upgrade_run when: - step|int == 1 - block: - command: systemctl is-enabled --quiet snmpd failed_when: false name: Check if snmpd is enabled register: snmpd_enabled_result - name: Set fact snmpd_enabled set_fact: snmpd_enabled: '{{ snmpd_enabled_result.rc == 0 }}' when: step|int == 0 - name: Stop snmp service service: name=snmpd state=stopped when: - step|int == 1 - snmpd_enabled|bool - block: - failed_when: false name: Disable tripleo-iptables.service register: systemd_tripleo_iptables systemd: enabled: false name: tripleo-iptables.service state: stopped - file: path: /etc/systemd/system/tripleo-iptables.service state: absent name: Cleanup tripleo-iptables.services - failed_when: false name: Disable tripleo-ip6tables.service register: systemd_tripleo_ip6tables systemd: enabled: false name: tripleo-ip6tables.service state: stopped - file: path: /etc/systemd/system/tripleo-ip6tables.service state: absent name: Cleanup tripleo-ip6tables.services - name: Reload systemd systemd: daemon_reload: true when: - (systemd_tripleo_iptables is changed or systemd_tripleo_ip6tables is changed) name: Cleanup tripleo-iptables services when: - (step | int) == 1 - block: - args: creates: /etc/sysconfig/ip6tables.n-o-upgrade name: blank ipv6 rule before activating ipv6 firewall. shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat/etc/sysconfig/ip6tables - name: cleanup unmanaged rules pushed by iptables-services shell: "iptables -C INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT &>/dev/null\ \ && \\\n iptables -D INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n\ iptables -C INPUT -p icmp -j ACCEPT &>/dev/null && \\\n iptables -D INPUT -p\ \ icmp -j ACCEPT\niptables -C INPUT -i lo -j ACCEPT &>/dev/null && \\\n iptables\ \ -D INPUT -i lo -j ACCEPT\niptables -C INPUT -p tcp -m state --state NEW -m\ \ tcp --dport 22 -j ACCEPT &>/dev/null && \\\n iptables -D INPUT -p tcp -m\ \ state --state NEW -m tcp --dport 22 -j ACCEPT\niptables -C INPUT -j REJECT\ \ --reject-with icmp-host-prohibited &>/dev/null && \\\n iptables -D INPUT\ \ -j REJECT --reject-with icmp-host-prohibited\niptables -C FORWARD -j REJECT\ \ --reject-with icmp-host-prohibited &>/dev/null && \\\n iptables -D FORWARD\ \ -j REJECT --reject-with icmp-host-prohibited\n\nsed -i '/^-A INPUT -m state\ \ --state RELATED,ESTABLISHED -j ACCEPT$/d' /etc/sysconfig/iptables\nsed -i\ \ '/^-A INPUT -p icmp -j ACCEPT$/d' /etc/sysconfig/iptables\nsed -i '/^-A INPUT\ \ -i lo -j ACCEPT$/d' /etc/sysconfig/iptables\nsed -i '/^-A INPUT -p tcp -m\ \ state --state NEW -m tcp --dport 22 -j ACCEPT$/d' /etc/sysconfig/iptables\n\ sed -i '/^-A INPUT -j REJECT --reject-with icmp-host-prohibited$/d' /etc/sysconfig/iptables\n\ sed -i '/^-A FORWARD -j REJECT --reject-with icmp-host-prohibited$/d' /etc/sysconfig/iptables\n\ \nip6tables -C INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT &>/dev/null\ \ && \\\n ip6tables -D INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n\ ip6tables -C INPUT -p ipv6-icmp -j ACCEPT &>/dev/null && \\\n ip6tables -D\ \ INPUT -p ipv6-icmp -j ACCEPT\nip6tables -C INPUT -i lo -j ACCEPT &>/dev/null\ \ && \\\n ip6tables -D INPUT -i lo -j ACCEPT\nip6tables -C INPUT -p tcp -m\ \ state --state NEW -m tcp --dport 22 -j ACCEPT &>/dev/null && \\\n ip6tables\ \ -D INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT\nip6tables\ \ -C INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT\ \ &>/dev/null && \\\n ip6tables -D INPUT -d fe80::/64 -p udp -m udp --dport\ \ 546 -m state --state NEW -j ACCEPT\nip6tables -C INPUT -j REJECT --reject-with\ \ icmp6-adm-prohibited &>/dev/null && \\\n ip6tables -D INPUT -j REJECT --reject-with\ \ icmp6-adm-prohibited\nip6tables -C FORWARD -j REJECT --reject-with icmp6-adm-prohibited\ \ &>/dev/null && \\\n ip6tables -D FORWARD -j REJECT --reject-with icmp6-adm-prohibited\n\ \nsed -i '/^-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT$/d' /etc/sysconfig/ip6tables\n\ sed -i '/^-A INPUT -p ipv6-icmp -j ACCEPT$/d' /etc/sysconfig/ip6tables\nsed\ \ -i '/^-A INPUT -i lo -j ACCEPT$/d' /etc/sysconfig/ip6tables\nsed -i '/^-A\ \ INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT$/d' /etc/sysconfig/ip6tables\n\ sed -i '/^-A INPUT -d fe80::\\/64 -p udp -m udp --dport 546 -m state --state\ \ NEW -j ACCEPT$/d' /etc/sysconfig/ip6tables\nsed -i '/^-A INPUT -j REJECT --reject-with\ \ icmp6-adm-prohibited$/d' /etc/sysconfig/ip6tables\nsed -i '/^-A FORWARD -j\ \ REJECT --reject-with icmp6-adm-prohibited$/d' /etc/sysconfig/ip6tables" when: - (step | int) == 3 - name: Gather missing facts setup: gather_subset: - '!all' - '!min' - distribution tags: - always - name: Set leapp facts set_fact: upgrade_leapp_command_options: '' upgrade_leapp_debug: false upgrade_leapp_devel_skip: '' upgrade_leapp_enabled: "{{ _upgradeLeappEnabled | bool and\n ansible_facts['distribution']\ \ == 'RedHat' and\n ansible_facts['distribution_major_version'] is version('8',\ \ '==') }}" upgrade_leapp_post_reboot_delay: 120 upgrade_leapp_reboot_timeout: 3600 tags: - always vars: _upgradeLeappEnabled: false - block: - name: Run LeappRepoInitCommand shell: '#!/bin/bash ' - name: Remove firewalld bindings package: name: python3-firewall state: absent - name: install leapp package: name: leapp-repository-openstack state: latest - name: Run LeappInitCommand shell: '#!/bin/bash ' - name: Remove vdo package: name: vdo state: absent - lineinfile: line: '{{ item }}' path: /etc/leapp/transaction/to_remove loop: '{{ pkg_to_remove }}' name: add packages into Leapp's to_remove file vars: pkg_to_remove: [] - lineinfile: line: '{{ item }}' path: /etc/leapp/transaction/to_install loop: '{{ pkg_to_install }}' name: add packages into Leapp's to_install file vars: pkg_to_install: [] - name: check sshd_config file register: sshd_config_result stat: path: /etc/ssh/sshd_config - lineinfile: line: PermitRootLogin without-password path: /etc/ssh/sshd_config regexp: ^(# *)?PermitRootLogin name: add PermitRootLogin option for leapp - name: Remove paunch-services package: name: paunch-services state: absent - import_role: name: tripleo_container_manage tasks_from: shutdown.yml name: tripleo_container_manage reconfiguration name: system_upgrade_prepare step 3 tags: - never - system_upgrade - system_upgrade_prepare when: - step|int == 3 - upgrade_leapp_enabled - block: - loop: '{{ modules_to_unload }}' name: Delete the kernel modules in Leapp database (device_driver_deprecation_data.json) shell: 'set -o pipefail && jq ''. | del(.data[] | select(.driver_name == "{{ item }}"))'' /etc/leapp/files/device_driver_deprecation_data.json > /etc/leapp/files/device_driver_deprecation_data.json_modified && mv /etc/leapp/files/device_driver_deprecation_data.json_modified /etc/leapp/files/device_driver_deprecation_data.json ' vars: modules_to_unload: [] - command: cmd: find /usr/share/leapp-repository/repositories/ -name {{ item }} -type d -print -exec rm -rf "{}" + loop: '{{ actors_to_remove }}' name: Remove leapp actors to prevent them inhibiting the upgrade vars: actors_to_remove: [] - name: set leapp required answers shell: 'leapp answer --add --section check_vdo.confirm=True ' - import_role: name: tripleo_kernel tasks_from: efigrub.yml name: Replace EFI grub.cfg with redirect to /boot/grub2/grub.cfg - loop: '{{ nics_prefixes_to_keep|list }}' name: Keep nics with prefix in NICsPrefixesToUdev from renaming shell: "ip -j link show | \\ jq -r --arg prefix \"{{ item }}\" '.[] |\n select((.ifname\ \ | startswith($prefix)) and\n (.ifname | test(\"^.*v[0-9]*$\") | not) and\n\ \ (.ifname | test(\"^.*_[0-9]*$\") | not) and\n (.ifname | test(\"^.*\\\\\ ..*$\") | not)) |\n if .permaddr? then .address=.permaddr else . end |\n \"\ SUBSYSTEM==\\\"net\\\",ACTION==\\\"add\\\",DRIVERS==\\\"?*\\\",\" + \"NAME=\\\ \"\" + .ifname +\"\\\" ,ATTR{address}==\\\"\" + .address + \"\\\"\"' >> /etc/udev/rules.d/70-rhosp-persistent-net.rules\n" vars: nics_prefixes_to_keep: [] - name: run leapp upgrade (download packages) shell: '{% if upgrade_leapp_devel_skip|default(false) %}{{ upgrade_leapp_devel_skip }}{% endif %} leapp upgrade {% if upgrade_leapp_debug|default(true) %}--debug{% endif %} {% if upgrade_leapp_command_options|default(false) %}{{ upgrade_leapp_command_options }}{% endif %} ' when: upgrade_leapp_enabled name: system_upgrade_prepare step 4 tags: - never - system_upgrade - system_upgrade_prepare when: - step|int == 4 - upgrade_leapp_enabled - block: - name: Run LeappPreRebootCommand shell: '#!/bin/bash ' - name: Check that nova_libvirt is running register: is_virtlogd_image_running shell: 'podman ps --filter name=^nova_virtlogd$ --format "{% raw %}{{ .Image }}{% endraw %}" ' - file: path: /etc/systemd/system/{{ item }} state: absent name: Remove systemd files to disable them when: is_virtlogd_image_running.stdout != '' with_items: - tripleo_nova_libvirt.service - tripleo_nova_virtlogd_wrapper.service - tripleo_nova_libvirt.target - name: reboot to perform the upgrade reboot: post_reboot_delay: '{{ upgrade_leapp_post_reboot_delay }}' reboot_timeout: '{{upgrade_leapp_reboot_timeout}}' test_command: source /etc/os-release; [ "${VERSION_ID%.*}" -ge "8" ] && systemctl is-system-running | grep -qE "running|degraded" || exit 1 - name: Set selinux back to enforcing after leapp reboot selinux: policy: targeted state: enforcing - name: Run LeappPostRebootCommand shell: '#!/bin/bash ' name: system_upgrade_run step 4 tags: - never - system_upgrade - system_upgrade_run - system_upgrade_reboot when: - step|int == 4 - upgrade_leapp_enabled - '''Undercloud'' not in group_names' - block: - block: - name: Run UpgradeInitCommand shell: '#!/bin/bash if [[ -f /etc/resolv.conf.save ]] ; then rm /etc/resolv.conf.save; fi ' - name: Run UpgradeInitCommonCommand shell: '#!/bin/bash ' - dnf: name: '@{{ item.module }}:{{ item.stream }}/{{ item.profile|default(''common'') }}' state: present loop: '{{ dnf_module_list|list }}' name: Ensure DNF modules have the right stream vars: dnf_module_list: [] when: - dnf_module_list|length > 0 - item.distribution_version is defined - ansible_facts['distribution_major_version'] is version(item.distribution_version, '==') - name: Ensure TripleO prerequisite packages are installed package: name: - jq - lvm2 - openstack-selinux - os-net-config - puppet-tripleo - python3-heat-agent* - rsync state: present when: ansible_facts['distribution_major_version'] is version('8', '==') - name: Ensure TripleO prerequisite packages are installed and use role based heat variable to provide specific list of packages package: name: '{{ base_tripleo_packages }}' state: present vars: base_tripleo_packages: [] when: - ansible_facts['distribution_major_version'] is version('8', '==') - base_tripleo_packages|length > 0 - name: WA for 2240185 - If the image is schema 1 and lacks signatures than add empty signatures shell: "for manifest_file in `find /var/lib/containers/storage/overlay-images/\ \ -name 'manifest'`\ndo\n cat <<< $( jq 'if .schemaVersion == 1 then if\ \ has(\"signatures\") then . else .signatures=[] end else . end' $manifest_file\ \ ) > $manifest_file\ndone\n" when: ansible_facts['distribution_major_version'] is version('8', '==') name: Package and repo update tasks - check_mode: false command: /usr/bin/rpm -q libvirt-daemon failed_when: false name: check if libvirt is installed register: libvirt_installed - loop: - libvirtd.service - virtlogd.socket name: make sure libvirt services are disabled and masked service: daemon_reload: true enabled: false masked: true name: '{{ item }}' state: stopped when: - libvirt_installed.rc == 0 name: Host packages setup step0 tags: setup_packages when: step|int == 0 - block: - name: Special treatment for OpenvSwitch register: ovs_upgrade tripleo_ovs_upgrade: null - name: Always ensure the openvswitch service is enabled and running after upgrades service: enabled: true name: openvswitch state: started when: - ovs_upgrade.changed|bool name: Host packages setup step2 tags: setup_packages when: step|int == 2 - block: - name: Check for os-net-config upgrade register: os_net_config_need_upgrade shell: yum check-upgrade | awk '/os-net-config/{print}' - name: Check that os-net-config has legacy configuration register: stat_config_json stat: get_attributes: false get_checksum: false get_mime: false path: /etc/os-net-config/config.json - name: Check that os-net-config has new configuration register: stat_config_yaml stat: get_attributes: false get_checksum: false get_mime: false path: /etc/os-net-config/config.yaml - name: Slurp the os-net-config config.json register: os_config_json slurp: src: /etc/os-net-config/config.json when: - stat_config_json.stat.exists - not stat_config_yaml.stat.exists - copy: content: '{{ os_config_json.content | b64decode | from_json | to_yaml }}' dest: /etc/os-net-config/config.yaml name: Write updated /etc/os-net-config/config.yaml when: - stat_config_json.stat.exists - not stat_config_yaml.stat.exists - command: mv /etc/os-net-config/config.json /etc/os-net-config/deprecated_config.json name: Remove legacy os-net-config configuration when: - stat_config_json.stat.exists - block: - name: Upgrade os-net-config package: name=os-net-config state=latest - changed_when: os_net_config_upgrade.rc == 2 command: os-net-config --no-activate -c /etc/os-net-config/config.yaml -v --detailed-exit-codes failed_when: os_net_config_upgrade.rc not in [0,2] name: take new os-net-config parameters into account now register: os_net_config_upgrade when: - os_net_config_need_upgrade.stdout - stat_config_yaml.stat.exists or stat_config_json.stat.exists - name: Update all packages vars: skip_package_update: false when: - not skip_package_update|bool yum: exclude: ansible-core name: '*' state: latest - command: systemctl status openvswitch.service ignore_errors: true name: Check whether openvswitch exits register: ovs_service - name: Always ensure the openvswitch service is enabled and running after upgrades rhbz#2329821 service: enabled: true name: openvswitch state: started when: - ovs_service.stderr != "Unit openvswitch.service could not be found." name: Host packages setup step3 tags: setup_packages when: step|int == 3 - name: Fetch running ovn_controller image register: running_ovn_image shell: 'set -e podman inspect --format "{{''{{''}}.ImageName{{''}}''}}" ovn_controller ' tags: - ovn - ovn_image when: - step|int == 4 - block: - containers.podman.podman_image: force: true name: registry.redhat.io/rhosp-rhel9/openstack-ovn-controller:17.1 validate_certs: false name: Force pull image in case image name doesn't change. tags: - ovn - ovn_image when: step|int == 4 - name: Update OVN OVS related parameters before update. shell: 'set -e ovs-vsctl set Open_vSwitch . external_ids:ovn-ofctrl-wait-before-clear={{ timeout }} ovs-vsctl set Open_vSwitch . external_ids:ovn-monitor-all=true ovs-vsctl set Open_vSwitch . external_ids:ovn-match-northd-version=false ' tags: - ovn vars: timeout: 8000 when: - step|int == 4 - find: paths: /var/lib/tripleo-config/container-startup-config/ patterns: '*ovn_controller.json' recurse: true name: Find ovn_controller configs in container-startup-configs register: ovn_cont_17_0 tags: - ovn when: - step|int == 4 - name: get directory path from the ovn_cont_17_0 set_fact: ovn_config_path: '{{ ovn_cont_17_0.files.0.path | dirname }}' tags: ovn when: step|int == 4 - name: Get PIDfile used by systemd on each ovn node register: pidfile shell: 'set -e grep PID /etc/systemd/system/tripleo_ovn_controller.service | cut -d= -f2 ' tags: - ovn when: - step|int == 4 - name: Update ovn_controller. tags: ovn tripleo_container_manage: config_dir: '{{ ovn_config_path }}' config_id: - tripleo_step{{config_step}} config_overrides: .*ovn_controller: conmon_pidfile: '{{ pidfile.stdout }}' image: registry.redhat.io/rhosp-rhel9/openstack-ovn-controller:17.1 name: ovn_controller config_patterns: '*ovn_controller.json' debug: '{{ enable_debug | bool }}' log_base_path: '{{ container_log_stdout_path }}' vars: config_step: '{{ (''step_4'' in ovn_config_path) | ternary(''4'', ''3'')}}' when: step|int == 4 - name: Pause for 30s to give ovn_controllers time to reconnect to dbs tags: ovn wait_for: timeout: 30 when: - step|int == 4 name: Run ovn_controller upgrade tags: - ovn - ovn_image vars: ovn_controller_image: registry.redhat.io/rhosp-rhel9/openstack-ovn-controller:17.1 when: - step|int == 4 - running_ovn_image.stdout != ovn_controller_image