- block: - name: fix grub entries to have name start with GRUB_ replace: path: /etc/default/grub regexp: ^(TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS)(.*) replace: GRUB_\1\2 - name: fix grub entries in append statement replace: path: /etc/default/grub regexp: (.*){(TRIPLEO_HEAT_TEMPLATE_KERNEL_ARGS)}(.*) replace: \1{GRUB_\2}\3 name: upgrade prepare for leapp to align kernel arg shortcommings in leapp tags: - never - system_upgrade - system_upgrade_prepare when: - step|int == 3 - upgrade_leapp_enabled - name: Check for cinder_backup retag statefile register: cinder_backup_retag_state_file stat: path: /var/lib/tripleo/cinder_backup_needs_retag when: - step|int == 3 - block: - name: Disable the cinder_backup cluster resource before container upgrade step3 pacemaker_resource: resource: openstack-cinder-backup state: disable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - block: - block: - become: true name: Get cinder_backup image from pacemaker register: xmllint_pcmk_cinder_backup_image shell: xmllint --xpath "string(//bundle[@id='openstack-cinder-backup']/podman/@image)" /var/lib/pacemaker/cib/cib.xml - name: Get container cinder_backup image set_fact: cinder_backup_image: registry.redhat.io/rhosp-rhel9/openstack-cinder-backup:17.1 cinder_backup_image_latest: cluster.common.tag/cinder-backup:pcmklatest pcmk_cinder_backup_image: '{{xmllint_pcmk_cinder_backup_image.stdout}}' - block: - include_role: name: tripleo_container_tag name: Retag pcmklatest to latest cinder_backup image vars: container_image: '{{cinder_backup_image}}' container_image_latest: '{{cinder_backup_image_latest}}' name: Retag the pacemaker image if containerized - name: Enable the cinder_backup cluster resource pacemaker_resource: resource: openstack-cinder-backup state: enable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - file: path: /var/lib/tripleo/cinder_backup_needs_retag state: absent name: Remove cinder_backup retag statefile name: Retag the pacemaker image for cinder_backup when: - step|int == 3 - cinder_backup_retag_state_file.stat.exists|bool - name: Check for cinder_volume retag statefile register: cinder_volume_retag_state_file stat: path: /var/lib/tripleo/cinder_volume_needs_retag when: - step|int == 3 - block: - name: Disable the cinder_volume cluster resource before container upgrade pacemaker_resource: resource: openstack-cinder-volume state: disable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - block: - block: - become: true name: Get cinder_volume image from pacemaker register: xmllint_pcmk_cinder_volume_image shell: xmllint --xpath "string(//bundle[@id='openstack-cinder-volume']/podman/@image)" /var/lib/pacemaker/cib/cib.xml - name: Get container cinder_volume image set_fact: cinder_volume_image: registry.redhat.io/rhosp-rhel9/openstack-cinder-volume:17.1 cinder_volume_image_latest: cluster.common.tag/cinder-volume:pcmklatest pcmk_cinder_volume_image: '{{xmllint_pcmk_cinder_volume_image.stdout}}' - block: - include_role: name: tripleo_container_tag name: Retag pcmklatest to latest cinder_volume image vars: container_image: '{{cinder_volume_image}}' container_image_latest: '{{cinder_volume_image_latest}}' name: Retag the pacemaker image if containerized - name: Enable the cinder_volume cluster resource pacemaker_resource: resource: openstack-cinder-volume state: enable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - file: path: /var/lib/tripleo/cinder_volume_needs_retag state: absent name: Remove cinder_volume retag statefile name: Retag pacemaker cinder_volume when: - step|int == 3 - cinder_volume_retag_state_file.stat.exists|bool - block: - mount: fstype: nfs4 path: /var/lib/cinder_image_conversion state: absent name: Unmount cinder's image conversion NFS share vars: image_conversion_nfs_enabled: false image_conversion_nfs_options: _netdev,bg,intr,context=system_u:object_r:container_file_t:s0 image_conversion_nfs_share: '' when: image_conversion_nfs_enabled|bool name: cinder-volume pre system_upgrade tasks tags: - never - system_upgrade - system_upgrade_run - system_upgrade_nfsmounts when: - step|int == 3 - upgrade_leapp_enabled - include_role: name: tripleo_podman tasks_from: tripleo_podman_rsyslog_cleanup name: remove rsyslog configuration for podman healthcheck log - containers.podman.podman_image: force: true name: registry.redhat.io/rhosp-rhel9/openstack-collectd:17.1 name: Force pull image collectd tags: - never - system_upgrade - system_upgrade_run when: - step|int == 3 - block: - mount: fstype: nfs name: /var/lib/glance/images state: absent name: Unmount and remove NFS glance entry vars: glance_netapp_nfs_enabled: false nfs_backend_enabled: false when: nfs_backend_enabled or glance_netapp_nfs_enabled - mount: fstype: nfs name: '{{glance_node_staging_uri[7:]}}' state: absent name: Unmount and remove NFS glance-staging entry vars: glance_node_staging_uri: file:///var/lib/glance/staging glance_staging_nfs_share: '' when: glance_staging_nfs_share != '' name: glance-api pre system_upgrade tasks tags: - never - system_upgrade - system_upgrade_run - system_upgrade_nfsmounts when: - step|int == 3 - upgrade_leapp_enabled - block: - block: - become: true name: Get haproxy image from pacemaker register: xmllint_pcmk_haproxy_image shell: xmllint --xpath "string(//bundle[@id='haproxy-bundle']/podman/@image)" /var/lib/pacemaker/cib/cib.xml - name: Get container haproxy image set_fact: haproxy_image: registry.redhat.io/rhosp-rhel9/openstack-haproxy:17.1 haproxy_image_latest: cluster.common.tag/haproxy:pcmklatest pcmk_haproxy_image: '{{xmllint_pcmk_haproxy_image.stdout}}' - block: - include_role: name: tripleo_container_tag name: Retag pcmklatest to latest haproxy image vars: container_image: '{{haproxy_image}}' container_image_latest: '{{haproxy_image_latest}}' - name: Ensure config works for the new config shell: 'set -o pipefail awk -i inplace -v INPLACE_SUFFIX=.bak ''/ rsprep/ {print " http-response replace-header Location " $3" "$5; next;}; {print} '' /var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg' name: Retag the pacemaker image if containerized when: - step|int == 3 - name: Check for manila_share retag statefile register: manila_share_retag_state_file stat: path: /var/lib/tripleo/manila_share_needs_retag when: - step|int == 3 - block: - name: Disable the manila_share cluster resource before container upgrade pacemaker_resource: resource: openstack-manila-share state: disable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - block: - block: - become: true name: Get manila_share image from pacemaker register: xmllint_pcmk_manila_share_image shell: xmllint --xpath "string(//bundle[@id='openstack-manila-share']/podman/@image)" /var/lib/pacemaker/cib/cib.xml - name: Get container manila_share image set_fact: manila_share_image: registry.redhat.io/rhosp-rhel9/openstack-manila-share:17.1 manila_share_image_latest: cluster.common.tag/manila-share:pcmklatest pcmk_manila_share_image: '{{xmllint_pcmk_manila_share_image.stdout}}' - block: - include_role: name: tripleo_container_tag name: Retag pcmklatest to latest manila_share image vars: container_image: '{{manila_share_image}}' container_image_latest: '{{manila_share_image_latest}}' name: Retag the pacemaker image if containerized - name: Enable the manila_share cluster resource pacemaker_resource: resource: openstack-manila-share state: enable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - file: path: /var/lib/tripleo/manila_share_needs_retag state: absent name: Remove manila_share retag statefile name: Retag openstack-manila-share container image when: - step|int == 3 - block: - include_role: name: tripleo_persist tasks_from: persist.yml name: Persist mysql data vars: tripleo_persist_dir: /var/lib/mysql tags: - never - system_upgrade - system_upgrade_prepare vars: mysql_upgrade_persist: false when: - step|int == 3 - mysql_upgrade_persist - block: - name: Bind mounts for temporary container set_fact: mysql_upgrade_db_bind_mounts: - /etc/hosts:/etc/hosts:ro - /etc/localtime:/etc/localtime:ro - /etc/pki/ca-trust/extracted:/etc/pki/ca-trust/extracted:ro - /etc/pki/ca-trust/source/anchors:/etc/pki/ca-trust/source/anchors:ro - /etc/pki/tls/certs/ca-bundle.crt:/etc/pki/tls/certs/ca-bundle.crt:ro - /etc/pki/tls/certs/ca-bundle.trust.crt:/etc/pki/tls/certs/ca-bundle.trust.crt:ro - /etc/pki/tls/cert.pem:/etc/pki/tls/cert.pem:ro - /dev/log:/dev/log - /etc/ipa/ca.crt:/etc/ipa/ca.crt:ro - /etc/puppet:/etc/puppet:ro - /var/lib/kolla/config_files/mysql.json:/var/lib/kolla/config_files/config.json:rw,z - /var/lib/config-data/puppet-generated/mysql:/var/lib/kolla/config_files/src:ro,z - /var/lib/mysql:/var/lib/mysql:rw,z - /var/log/containers/mysql:/var/log/mysql:rw,z - /etc/pki/tls/certs/mysql.crt:/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt:ro - /etc/pki/tls/private/mysql.key:/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key:ro - environment: UPGRADE_SCRIPT: "kolla_set_configs\nupgraded_ver=$(cat /var/lib/mysql/mysql_upgrade_info\ \ 2>/dev/null || true)\nmysql_ver=$(mysql --version | awk -F'[ ,]*' '{print\ \ $5}')\nif [ \"${upgraded_ver}\" = \"${mysql_ver}\" ]; then\n echo \"\ mysql already upgraded\"\nelse\n echo \"${upgraded_ver} VS ${mysql_ver}\"\ \nfi\n" name: Check if Galera needs upgrade register: mysql_upgrade_needed shell: '{{ container_cli }} run --rm --log-driver=k8s-file --log-opt path=/var/log/containers/mysql/db-upgrade.log \ -u root --net=host -e "KOLLA_CONFIG_STRATEGY=COPY_ALWAYS" -v {{ mysql_upgrade_db_bind_mounts | join('' -v '')}} "cluster.common.tag/mariadb:pcmklatest" /bin/bash -ecx "$UPGRADE_SCRIPT"' - name: Set fact upgrade_mysql set_fact: upgrade_mysql: '{{ (mysql_upgrade_needed.stdout != "mysql already upgraded") | bool }}' - debug: msg: 'MYSQL check - {{ mysql_upgrade_needed.stdout }} - Upgrade needed: {{ upgrade_mysql }}' - name: Disable the galera cluster resource before container upgrade pacemaker_resource: resource: galera-bundle state: disable wait_for_resource: true register: output retries: 5 until: output.rc == 0 when: - upgrade_mysql|bool - block: - become: true name: Get galera image from pacemaker register: xmllint_pcmk_galera_image shell: xmllint --xpath "string(//bundle[@id='galera-bundle']/podman/@image)" /var/lib/pacemaker/cib/cib.xml - name: Get container galera image set_fact: galera_image: registry.redhat.io/rhosp-rhel9/openstack-mariadb:17.1 galera_image_latest: cluster.common.tag/mariadb:pcmklatest pcmk_galera_image: '{{xmllint_pcmk_galera_image.stdout}}' - name: Check for galera retag statefile register: galera_retag_state_file stat: path: /var/lib/tripleo/galera_needs_retag - block: - include_role: name: tripleo_container_tag name: Retag pcmklatest to latest galera image vars: container_image: '{{galera_image}}' container_image_latest: '{{galera_image_latest}}' name: Retag the pacemaker image if containerized when: - galera_retag_state_file.stat.exists|bool - file: path: /var/lib/tripleo/galera_needs_retag state: absent name: Remove galera retag statefile - name: Mysql upgrade script set_fact: mysql_upgrade_script: "kolla_set_configs\nif mysqladmin ping --silent; then\ \ exit 0; fi\nupgraded_ver=$(cat /var/lib/mysql/mysql_upgrade_info 2>/dev/null\ \ || true)\nmysql_ver=$(mysql --version | awk -F'[ ,]*' '{print $5}')\nif\ \ [ \"${upgraded_ver}\" = \"${mysql_ver}\" ]; then\n echo \"mysql already\ \ upgraded\"\n exit 0\nfi\nchown -R mysql:mysql /var/lib/mysql\nchown -R\ \ mysql:mysql /var/log/mysql\nmysqld_safe --user=mysql --wsrep-provider=none\ \ --skip-networking --wsrep-on=off --log-error=/var/log/mysql/mysqld-upgrade.log\ \ &\n\n#!/usr/bin/bash\n\nset -e\n\n# Wait until we know the mysql server\ \ is up and responding\ntimeout ${DB_MAX_TIMEOUT:-60} /bin/bash -c 'until\ \ mysqladmin -uroot ping 2>/dev/null; do sleep 1; done'\n\n# After an upgrade,\ \ make sure that the running mysql had a chance to\n# update its data table\ \ on disk.\nmysql_upgrade\n\n# Upgrade to 10.3: the default table row format\ \ changed from COMPACT\n# to DYNAMIC, so upgrade the existing tables.\ncompact_tables=$(mysql\ \ -se 'SELECT CONCAT(\"`\",TABLE_SCHEMA,\"`.`\",TABLE_NAME,\"`\") FROM information_schema.tables\ \ WHERE ENGINE = \"InnoDB\" and ROW_FORMAT = \"Compact\";');\nfor i in $compact_tables;\ \ do echo converting row format of table $i; mysql -e \"ALTER TABLE $i ROW_FORMAT=DYNAMIC;\"\ ; done;\n\nmysqladmin shutdown" when: - upgrade_mysql|bool - environment: UPGRADE_SCRIPT: '{{ mysql_upgrade_script }}' name: Upgrade Mysql database from a temporary container shell: '{{ container_cli }} run --rm --log-driver=k8s-file --log-opt path=/var/log/containers/mysql/db-upgrade.log \ -u root --net=host -e "KOLLA_CONFIG_STRATEGY=COPY_ALWAYS" -v {{ mysql_upgrade_db_bind_mounts | join('' -v '')}} "cluster.common.tag/mariadb:pcmklatest" /bin/bash -ecx "$UPGRADE_SCRIPT"' when: - upgrade_mysql|bool - name: Enable the galera cluster resource pacemaker_resource: resource: galera-bundle state: enable wait_for_resource: true register: output retries: 5 until: output.rc == 0 when: - upgrade_mysql|bool name: Upgrade galera in step3 when: - step|int == 3 - name: Check for rabbitmq_rpc retag statefile register: rabbitmq_rpc_retag_state_file stat: path: /var/lib/tripleo/rabbitmq_rpc_needs_retag when: - step|int == 3 - block: - name: Disable the rabbitmq cluster resource before container upgrade pacemaker_resource: resource: rabbitmq-bundle state: disable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - block: - block: - become: true name: Get rabbitmq image from pacemaker register: xmllint_pcmk_rabbitmq_rpc_image shell: xmllint --xpath "string(//bundle[@id='rabbitmq-bundle']/podman/@image)" /var/lib/pacemaker/cib/cib.xml - name: Get container rabbitmq image set_fact: pcmk_rabbitmq_rpc_image: '{{xmllint_pcmk_rabbitmq_rpc_image.stdout}}' rabbitmq_rpc_image: registry.redhat.io/rhosp-rhel9/openstack-rabbitmq:17.1 rabbitmq_rpc_image_latest: cluster.common.tag/rabbitmq:pcmklatest - block: - include_role: name: tripleo_container_tag name: Retag pcmklatest to latest rabbitmq image vars: container_image: '{{rabbitmq_rpc_image}}' container_image_latest: '{{rabbitmq_rpc_image_latest}}' name: Retag the pacemaker image if containerized - name: Enable the rabbitmq cluster resource pacemaker_resource: resource: rabbitmq-bundle state: enable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - file: path: /var/lib/tripleo/rabbitmq_rpc_needs_retag state: absent name: Remove rabbitmq_rpc retag statefile name: Retag rabbitmq-bundle container image when: - step|int == 3 - rabbitmq_rpc_retag_state_file.stat.exists|bool - name: Check for redis retag statefile register: redis_retag_state_file stat: path: /var/lib/tripleo/redis_needs_retag when: - step|int == 3 - block: - name: Disable the redis cluster resource before container upgrade pacemaker_resource: resource: redis-bundle state: disable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - block: - block: - become: true name: Get redis image from pacemaker register: xmllint_pcmk_redis_image shell: xmllint --xpath "string(//bundle[@id='redis-bundle']/podman/@image)" /var/lib/pacemaker/cib/cib.xml - name: Get container redis image set_fact: pcmk_redis_image: '{{xmllint_pcmk_redis_image.stdout}}' redis_image: registry.redhat.io/rhosp-rhel9/openstack-redis:17.1 redis_image_latest: cluster.common.tag/redis:pcmklatest - block: - include_role: name: tripleo_container_tag name: Retag pcmklatest to latest redis image vars: container_image: '{{redis_image}}' container_image_latest: '{{redis_image_latest}}' name: Retag the pacemaker image if containerized - name: Enable the redis-bundle cluster resource pacemaker_resource: resource: redis-bundle state: enable wait_for_resource: true register: output retries: 5 until: output.rc == 0 - file: path: /var/lib/tripleo/redis_needs_retag state: absent name: Remove redis retag statefile name: Retag redis-bundle container image when: - step|int == 3 - redis_retag_state_file.stat.exists|bool - block: - args: creates: /etc/sysconfig/ip6tables.n-o-upgrade name: blank ipv6 rule before activating ipv6 firewall. shell: cat /etc/sysconfig/ip6tables > /etc/sysconfig/ip6tables.n-o-upgrade; cat/etc/sysconfig/ip6tables - name: cleanup unmanaged rules pushed by iptables-services shell: "iptables -C INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT &>/dev/null\ \ && \\\n iptables -D INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n\ iptables -C INPUT -p icmp -j ACCEPT &>/dev/null && \\\n iptables -D INPUT -p\ \ icmp -j ACCEPT\niptables -C INPUT -i lo -j ACCEPT &>/dev/null && \\\n iptables\ \ -D INPUT -i lo -j ACCEPT\niptables -C INPUT -p tcp -m state --state NEW -m\ \ tcp --dport 22 -j ACCEPT &>/dev/null && \\\n iptables -D INPUT -p tcp -m\ \ state --state NEW -m tcp --dport 22 -j ACCEPT\niptables -C INPUT -j REJECT\ \ --reject-with icmp-host-prohibited &>/dev/null && \\\n iptables -D INPUT\ \ -j REJECT --reject-with icmp-host-prohibited\niptables -C FORWARD -j REJECT\ \ --reject-with icmp-host-prohibited &>/dev/null && \\\n iptables -D FORWARD\ \ -j REJECT --reject-with icmp-host-prohibited\n\nsed -i '/^-A INPUT -m state\ \ --state RELATED,ESTABLISHED -j ACCEPT$/d' /etc/sysconfig/iptables\nsed -i\ \ '/^-A INPUT -p icmp -j ACCEPT$/d' /etc/sysconfig/iptables\nsed -i '/^-A INPUT\ \ -i lo -j ACCEPT$/d' /etc/sysconfig/iptables\nsed -i '/^-A INPUT -p tcp -m\ \ state --state NEW -m tcp --dport 22 -j ACCEPT$/d' /etc/sysconfig/iptables\n\ sed -i '/^-A INPUT -j REJECT --reject-with icmp-host-prohibited$/d' /etc/sysconfig/iptables\n\ sed -i '/^-A FORWARD -j REJECT --reject-with icmp-host-prohibited$/d' /etc/sysconfig/iptables\n\ \nip6tables -C INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT &>/dev/null\ \ && \\\n ip6tables -D INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT\n\ ip6tables -C INPUT -p ipv6-icmp -j ACCEPT &>/dev/null && \\\n ip6tables -D\ \ INPUT -p ipv6-icmp -j ACCEPT\nip6tables -C INPUT -i lo -j ACCEPT &>/dev/null\ \ && \\\n ip6tables -D INPUT -i lo -j ACCEPT\nip6tables -C INPUT -p tcp -m\ \ state --state NEW -m tcp --dport 22 -j ACCEPT &>/dev/null && \\\n ip6tables\ \ -D INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT\nip6tables\ \ -C INPUT -d fe80::/64 -p udp -m udp --dport 546 -m state --state NEW -j ACCEPT\ \ &>/dev/null && \\\n ip6tables -D INPUT -d fe80::/64 -p udp -m udp --dport\ \ 546 -m state --state NEW -j ACCEPT\nip6tables -C INPUT -j REJECT --reject-with\ \ icmp6-adm-prohibited &>/dev/null && \\\n ip6tables -D INPUT -j REJECT --reject-with\ \ icmp6-adm-prohibited\nip6tables -C FORWARD -j REJECT --reject-with icmp6-adm-prohibited\ \ &>/dev/null && \\\n ip6tables -D FORWARD -j REJECT --reject-with icmp6-adm-prohibited\n\ \nsed -i '/^-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT$/d' /etc/sysconfig/ip6tables\n\ sed -i '/^-A INPUT -p ipv6-icmp -j ACCEPT$/d' /etc/sysconfig/ip6tables\nsed\ \ -i '/^-A INPUT -i lo -j ACCEPT$/d' /etc/sysconfig/ip6tables\nsed -i '/^-A\ \ INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT$/d' /etc/sysconfig/ip6tables\n\ sed -i '/^-A INPUT -d fe80::\\/64 -p udp -m udp --dport 546 -m state --state\ \ NEW -j ACCEPT$/d' /etc/sysconfig/ip6tables\nsed -i '/^-A INPUT -j REJECT --reject-with\ \ icmp6-adm-prohibited$/d' /etc/sysconfig/ip6tables\nsed -i '/^-A FORWARD -j\ \ REJECT --reject-with icmp6-adm-prohibited$/d' /etc/sysconfig/ip6tables" when: - (step | int) == 3 - name: Gather missing facts setup: gather_subset: - '!all' - '!min' - distribution tags: - always - name: Set leapp facts set_fact: upgrade_leapp_command_options: '' upgrade_leapp_debug: false upgrade_leapp_devel_skip: '' upgrade_leapp_enabled: "{{ _upgradeLeappEnabled | bool and\n ansible_facts['distribution']\ \ == 'RedHat' and\n ansible_facts['distribution_major_version'] is version('8',\ \ '==') }}" upgrade_leapp_post_reboot_delay: 120 upgrade_leapp_reboot_timeout: 3600 tags: - always vars: _upgradeLeappEnabled: false - block: - name: Run LeappRepoInitCommand shell: '#!/bin/bash ' - name: Remove firewalld bindings package: name: python3-firewall state: absent - name: install leapp package: name: leapp-repository-openstack state: latest - name: Run LeappInitCommand shell: '#!/bin/bash ' - name: Remove vdo package: name: vdo state: absent - lineinfile: line: '{{ item }}' path: /etc/leapp/transaction/to_remove loop: '{{ pkg_to_remove }}' name: add packages into Leapp's to_remove file vars: pkg_to_remove: [] - lineinfile: line: '{{ item }}' path: /etc/leapp/transaction/to_install loop: '{{ pkg_to_install }}' name: add packages into Leapp's to_install file vars: pkg_to_install: [] - name: check sshd_config file register: sshd_config_result stat: path: /etc/ssh/sshd_config - lineinfile: line: PermitRootLogin without-password path: /etc/ssh/sshd_config regexp: ^(# *)?PermitRootLogin name: add PermitRootLogin option for leapp - name: Remove paunch-services package: name: paunch-services state: absent - import_role: name: tripleo_container_manage tasks_from: shutdown.yml name: tripleo_container_manage reconfiguration name: system_upgrade_prepare step 3 tags: - never - system_upgrade - system_upgrade_prepare when: - step|int == 3 - upgrade_leapp_enabled - block: - name: Check for os-net-config upgrade register: os_net_config_need_upgrade shell: yum check-upgrade | awk '/os-net-config/{print}' - name: Check that os-net-config has legacy configuration register: stat_config_json stat: get_attributes: false get_checksum: false get_mime: false path: /etc/os-net-config/config.json - name: Check that os-net-config has new configuration register: stat_config_yaml stat: get_attributes: false get_checksum: false get_mime: false path: /etc/os-net-config/config.yaml - name: Slurp the os-net-config config.json register: os_config_json slurp: src: /etc/os-net-config/config.json when: - stat_config_json.stat.exists - not stat_config_yaml.stat.exists - copy: content: '{{ os_config_json.content | b64decode | from_json | to_yaml }}' dest: /etc/os-net-config/config.yaml name: Write updated /etc/os-net-config/config.yaml when: - stat_config_json.stat.exists - not stat_config_yaml.stat.exists - command: mv /etc/os-net-config/config.json /etc/os-net-config/deprecated_config.json name: Remove legacy os-net-config configuration when: - stat_config_json.stat.exists - block: - name: Upgrade os-net-config package: name=os-net-config state=latest - changed_when: os_net_config_upgrade.rc == 2 command: os-net-config --no-activate -c /etc/os-net-config/config.yaml -v --detailed-exit-codes failed_when: os_net_config_upgrade.rc not in [0,2] name: take new os-net-config parameters into account now register: os_net_config_upgrade when: - os_net_config_need_upgrade.stdout - stat_config_yaml.stat.exists or stat_config_json.stat.exists - name: Update all packages vars: skip_package_update: false when: - not skip_package_update|bool yum: exclude: ansible-core name: '*' state: latest - command: systemctl status openvswitch.service ignore_errors: true name: Check whether openvswitch exits register: ovs_service - name: Always ensure the openvswitch service is enabled and running after upgrades rhbz#2329821 service: enabled: true name: openvswitch state: started when: - ovs_service.stderr != "Unit openvswitch.service could not be found." name: Host packages setup step3 tags: setup_packages when: step|int == 3