The security hardening playbook was not being executed. This change adds
the security hardning playbook to the defeault re-deployment process. If
a deployer wishes to opt-out of the default security hardening they can
disable it using the `apply_security_hardening` option.
Change-Id: I69baa1d2cb209cf3686ca2da00e698ed5dbf92f9
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
Previously if a redeploy failed during the process, if
you attempted to start it over, it would reprompt for the
version you were attempting to upgrade. At this point in
process, you are already on the latest version of the code,
so putting the original code version would actually break
the leap. This attempts to detect if a redeploy started
but didn't complete and asks the user if they would like
to reattempt the redeploy.
Change-Id: I7c2f734edc4ec3186be3d24a60ee41b43269d07b
run_ansible wrapper should work in the latest checkout of OA,
which should be in a REDEPLOY folder instead of just
a static "/opt/openstack-ansible"
Change-Id: I4d20fd7480f2f38e55d3f081c0c0f11726458583
The patch https://review.openstack.org/498167 added
hooks which failed due to the '-u' set in the script
which does not tolerate unset variables.
The script has been modified to use parameter
expansion to allow each hook to be detected properly
as being set without failing due to unset variables.
Change-Id: Ic7dd889a2f00de8a59239abb37b2d451e854ef63
It may be desired to execute additional playbooks during
the redeploy process.
This adds pre- and post- stage hooks before/after the
execution of the setup-hosts, setup-infrastructure and
setup-openstack stages. They will only be utilised
if the env vars are set to something. If they are
not then the leap process will continue as-is.
Change-Id: I60977648db784f038c67fe71ee6d2a01f4df7db2
HAProxy should not have an init that loads conf.d files, like it
was done on K, and removed in N, during the haproxy installation.
Else the installation of the package will fail, because it will
load the conf.d files.
Change-Id: I345089cc3493b90c1c4fbd2d47c51f83c65c94f4
In case of an included playbook fail (let's say the repo playbook),
a restart of the leap script will restart the whole upper level
playbook (because it hasn't been marked as successful yet), and
therefore will re-run all the included playbooks again.
This change will make sure the process restarts exactly where it
failed.
Change-Id: I5790f3bdb57d6f17ba32346a00d096ead15babf3
If a user is using a REDEPLOY_EXTRA_SCRIPT to migrate additional
variables before re-deploying, it's maybe best to re-run all the
playbooks that happen in a deploy. All the playbooks are already
there, excepted the openstack-hosts-setup, so we add it here.
Change-Id: I64bade46cb1ece6f21ed42c7622bd6e39f2420fe
Make sure the script is still going if REDEPLOY_EXTRA_SCRIPT is null
or not set, and will run extra script if it is not null.
Change-Id: Ic4b37ccc0ac6c23be892fee7ccd2c82f6f1d7da1
Instead of relying on "echo YES| " in gating, we should re-use
an environment variable that bypasses the user validation.
This commit also adds logging of the extra step that was added
previously.
Change-Id: If5e986daa6404470d9d260032a24eb8cc17aa161
The leapfrog is quite static, and a deployer can only run
scripts before and after the process.
By adding this, a deployer can alter the re-deploy behavior.
It can now run playbooks or shell scripts after the migrations,
and modify the re-deploy behavior (by adding more playbooks for
example).
Change-Id: Idde1e94d014fe4ca527568641a04c847a710d801
This change:
- discovers the current running version to know what
to leap from, because we can't assume Juno only.
At the same time it introduces a human verification
of the source branch.
- removes the useless "-v" of the runs that produced
an undesirable output, making the interface less
"user friendly".
Change-Id: I04e4780bf5f58638addbd992eab7152f288532ae
Co-Authored-By: Jean-Philippe Evrard <jean-philippe@evrard.me>
This change adds upgrade tooling that will take a Juno based
OpenStack-Ansible cloud and upgrade it to Newton. The tooling
will run a deployment through all of the needed steps upgrading
the environment and skipping all of the OpenStack releases in
between.
**This tooling should be considered experimental at this time**
Change-Id: I1880794717b9e47786ae255ea1afa57d805cde8e
Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>
