[edpm_update] Added edpm_update role and update playbook
#623
Conversation
|
Skipping CI for Draft Pull Request. |
rebtoor
changed the title
edpm_update role and added update.yml tasks file to impacted role.edpm_update role and and update playbook
There was a problem hiding this comment.
Thanks, this is what we discussed and looks good from that perspective.
However, it occurred to me that since openstack-operator will be providing the image url using sha256 instead of tags, that the simplest case of pull the image and restart the container won't work for that, we'll also need to use the tasks from run.yml.
roles/edpm_ovn/tasks/update.yml
Outdated
There was a problem hiding this comment.
for all the update.yml, I think this works for the simplest case when the image is using tags, such as :latest.
since we plan to use sha256 as well, we'll also need to run the task to render the container definition files since those contain the image. Then, we need to use the edpm_container_standalone role to restart the container since that will write out the updated container definition file (/var/lib/edpm-config/container-startup-config/ovn_controller/ovn_controller.json) which contains the image with sha256 (hardcoded).
This effectively what we already have in run.yml for roles such as these (edpm_ovn for example).
Do you think we should just use run.yml for both initial deploy and updates? Or use a dedicated update.yml, which will look pretty similar to run.yml?
There was a problem hiding this comment.
There is trade-off between having separate update playbook/service with a lot of repetition from run.yaml and using the same deployment playbooks/services for update too. From user experience point of view one playbook for starting update is better, but it might be hard to maintain run.yaml/update.yaml files in sync. I would favor to use run.yaml for update too and update.yaml tasks just for extra steps that need to happen during update. This would follow the same pattern we had in tripleo.
|
The update images and restart containers tasks repeat a lot with modest variation. Would it be possible to factor them out into their own role, and invoke that with proper arguments in the respective plays? |
rebtoor
changed the title
edpm_update role and and update playbookedpm_update role and update playbook
rebtoor
force-pushed
the
OSPRH-3890
branch
2 times, most recently
from
06ea57c to
f3e602a
Compare
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/b126122738884af880095a7c01fb3cec ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 08m 36s |
rebtoor
force-pushed
the
OSPRH-3890
branch
2 times, most recently
from
a9b435d to
b7aed71
Compare
rebtoor
changed the title
edpm_update role and update playbookedpm_update role and update playbook
| @@ -0,0 +1,10 @@ | |||
| --- | |||
|
|
|||
There was a problem hiding this comment.
Can we add the tasks to check for a running yum/dnf as done in https://github.com/openstack-archive/tripleo-ansible/blob/stable/wallaby/tripleo_ansible/roles/tripleo_packages/tasks/update.yml?
| @@ -0,0 +1,10 @@ | |||
| --- | |||
|
|
|||
| - name: Apply packages updates | |||
| @@ -0,0 +1,105 @@ | |||
| --- | |||
|
|
|||
| - name: Login to container registries if needed | |||
There was a problem hiding this comment.
i think all of these also need become:true
There was a problem hiding this comment.
actually you can't use become:true on include_role, so maybe just set it in the update.yml playbook. Either that or we'll need to go through and add it on every task that needs it.
There was a problem hiding this comment.
when I tested this, I used become:true in the playbook, so let's just go with that for now.
There was a problem hiding this comment.
Actually, we can!
- name: Login to container registries if needed
ansible.builtin.include_role:
name: osp.edpm.edpm_podman
tasks_from: login.yml
apply:
become: true
tags:
- edpm_podman
- edpm_update
The `edpm_update` role is added to allow the update of packages and containers on EDPM nodes. A file called `update.yml` has been added into all impacted roles. Jira: https://issues.redhat.com/browse/OSPRH-6219 Signed-off-by: Roberto Alfieri <[email protected]>
openvswitch requires special handling when updating. It should be excluded from the generic package update. Signed-off-by: James Slagle <[email protected]>
The edpm_update containers.yml tasks should only be executed when the respective services are actually installed on the node. Signed-off-by: James Slagle <[email protected]>
Signed-off-by: James Slagle <[email protected]>
In order to proper test the update of all the packages, a custom Containerfile without `dnf upgrade -y` task was provided. Signed-off-by: Roberto Alfieri <[email protected]>
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/481aba23b18e4b33ac9a3fa13ef48edc ❌ openstack-k8s-operators-content-provider FAILURE in 17m 26s |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fao89, rebtoor, slagle The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
recheck |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/d571b8a761c54062b77b811e777991ca ❌ openstack-k8s-operators-content-provider FAILURE in 9m 56s |
|
recheck |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/193c85b614fe40db9bcbf5b5f5bddc39 ❌ openstack-k8s-operators-content-provider FAILURE in 18m 37s |
|
recheck don't think the failure is related
|
openshift-merge-bot
bot
merged commit cf29422
into
openstack-k8s-operators:main
The
edpm_updaterole is added to allow the update of packages and containers on EDPM nodes.The related
update.ymlplaybook has been added.Jira: https://issues.redhat.com/browse/OSPRH-6219