The config `default_bind_mount_logs` was being set in the leap tooling
which results in all containers not having a log bind mount. This change
removes the task that sets the offending config.
Change-Id: Ib85e77ed1f993bad44f1cb36ed11056f8a83dfc5
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
An operator might want to ensure Swift is available during
an upgrade and manually upgrade Swift on completion of the
maintenance.
The operator would need to set these vars before operation:
export SKIP_SWIFT_UPGRADE=yes
export CONTAINERS_TO_DESTROY=add_!swift_all_exclusion
This would prevent the swift containers from being torn
down during the upgrade and would skip all Swift upgrade
operations.
Change-Id: Ibf40499750751dd9f41e447b7b90bb77f592cc14
In order to reduce time to run and avoid complexities
from older environments that may have specific
requirements or devations from recommended practices,
disable the hardening play during the leap upgrades.
If security-hardening is desired, the recommendation for operators
is to run hardening after the upgrade has completed.
Change-Id: I85865a39e84e65ac211c1077f484bf008673c840
This was a provider specific command which can be
removed as it could remove unintended containers.
Change-Id: I179565f84fd8176cbcb79eacc8e63e0fef554223
With the more recent versions of ansible, we should now use
"is" instead of the "|" sign for the tests.
This should fix it.
Change-Id: I897b918785c34523688c450bec16661f0f6e496e
Avoids using setuptools 34.x as using it can hit this bug
when packages are being upgraded:
https://github.com/pypa/setuptools/issues/951
Pinning to setuptools==33.1.1 also aligns to the
global-requirement-pins.txt in newton-eol
Change-Id: Ib33b828751c5a36d61448d148c5941beb6827c73
Adds a few tweaks to get Mitaka to function as a
leapfrog source.
- Adds Mitaka as option
- Adjusts detection to include eol branches
- Creates file if user_variables.yml doesn't exist
- Checks if osa_secrets_file_name exists
Change-Id: Id0bce1441456bc545deca67710004b750901e81b
In situations where self signed certs are utilized for the API,
the addition of the insecure is necessary to make post-redeploy-cleanup
work.
Change-Id: Ie5d5b6248feba5c4479567d22e74c76065725fda
Removes the BOOTSTRAP_ANSIBLE_FOLDER variable because
the assumption was made that Ansible would always be
bootstrapped from /opt/openstack-ansible and setting
this would cause a noop when Ansible was bootstrapped.
Change-Id: I284ad62b6f14cc334ae949946e839a1e8ec6a1d8
Current leapupgrade would accidentally add extra period sign
between hostnames, this fix would remove the hardcoded sign.
Change-Id: I7705da00ec651909f9bef9d4be96478dff22b993
Because "newton" is the last release LEAP upgrades are compatible with
there's no need to build a migration venv for newton. All of the newton
specific migrations will be run during the redeployment phase so this
venv has no specific purpose and is simply prolonging an already long
maintenance.
Change-Id: I06f23ed3bfdca5f1d5d56cb9fabd53cab01b83b6
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Existing code assumes starting point of KILO_RELEASE.
This change allows other releases to be the starting
point before the migrations occur.
Change-Id: Idb7d2981b37e653c9e92a9e41e4bf54b17aef1f5
If you run the script manually and export the target release to another tag, it
might generate a broken link, this ensure the target exists.
Change-Id: Ia18bd7796f5f48c42ad9c23e917ddb37aa8103b3
Previously the operator could choose to leap from old
code once the code to leap to had been deployed. This
would cause things to break as it would attempt to
run the older version code on top of the newly deployed
leaped code.
This identifies those conditions, alerts the operator
and calls the resume_incompete_leap instead of asking
the operator to input the release to upgrade from
again.
Change-Id: I928bf7e6db88d46617af800692e9b76a6bcc1ba8
The security hardening playbook was not being executed. This change adds
the security hardning playbook to the defeault re-deployment process. If
a deployer wishes to opt-out of the default security hardening they can
disable it using the `apply_security_hardening` option.
Change-Id: I69baa1d2cb209cf3686ca2da00e698ed5dbf92f9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Cleans out old mariadb apt sources before
running redeploy to prevent issues during
leap frog with galera client.
Change-Id: Iba91de800d4f1ec66a062e2213344e61c392407b
The leap tooling was attempting to run `set_upgrade_vars` at point where
specific upgrade variables were already needed. Within this change that
function call is moved up a few lines so that it has the chance to set
the required values. Additionally the option to pre-define the variable
CODE_UPGRADE_FROM has been added giving the deployer the option to set
this variable before a leap upgrade is run.
Change-Id: I2c780eb46dd57e680fc8681824de2fe913824fd9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Leapfrogs currently only work with Juno/Kilo
releases as certain parts are hard coded.
This patch adds support for handling
multiple releases and attempts to remove some
duplicate code with loops.
Also adds a UPGRADES_TO_TODOLIST variable check on
migration.sh and upgrade.sh to ensure the list of
releases to be ugpraded to are set if the commands
are ran individually.
Change-Id: Ia56f073863533d4b6fa58b78b59b5086c7f9a331
Previously if a redeploy failed during the process, if
you attempted to start it over, it would reprompt for the
version you were attempting to upgrade. At this point in
process, you are already on the latest version of the code,
so putting the original code version would actually break
the leap. This attempts to detect if a redeploy started
but didn't complete and asks the user if they would like
to reattempt the redeploy.
Change-Id: I7c2f734edc4ec3186be3d24a60ee41b43269d07b
In case the scripts are run independently and not via run-stages.sh
some vars are not set for script execution and the deployer need to
export a new env var.
Change-Id: I4f24478d92563f5c00fefce269120f1b908aedcd
These containers store logs within them and it would be bad to lose
these logs.
Change-Id: I0b3b114dce89c6e55d54efb351788e0cfe85c3b4
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
We shouldn't allow any arbitrary secret file to be updated in the
leap process, but instead ensuring the file present in
J/K/L will be properly updated to the end of the process.
If you had set the variable in those playbooks, you would
naturally CREATE a new file, alongside the existing user_secrets,
with the risks of:
- Having different values
- Having precedence issues depending on the file name
Change-Id: I2873318e2f1fd34673e95f8eb77a0001d649df1e
run_ansible wrapper should work in the latest checkout of OA,
which should be in a REDEPLOY folder instead of just
a static "/opt/openstack-ansible"
Change-Id: I4d20fd7480f2f38e55d3f081c0c0f11726458583
Some providers may have a different bootstrapping script,
and probably want to use their own instead of always
bootstrapping the OSA one for the leap.
We should be able to give a script as env var, and use
that script for installing an ansible that works for leapfrog.
Change-Id: I034d3dace52ae092e04d4573c6299b464153084d
Previous change forgot to remove the NOT, this fixes that. We should
install libmariadbclient-dev if libmariadbclient is detected, not
libmysqlclient-dev.
Change-Id: Id261a2b0d3574ed8995c969320000a742e60f4da
