From 43b938e715d7fca0072d2e3c6f4f58649f5888ca Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Wed, 11 May 2022 14:06:55 +0000 Subject: [PATCH 01/16] Upgrade only to RHEL 8.4 --- .../playbooks/os/rhel/upgrade-release.yml | 42 ++----------------- 1 file changed, 4 insertions(+), 38 deletions(-) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index 27bc725f42..3bba6d2813 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -22,7 +22,7 @@ vars: versions: required: {major: '7', full: '7.9'} # minimal version from which upgrade is supported - target: {major: '8', full: '8.5'} + target: {major: '8', full: '8.4'} leapp_dependencies: packages: @@ -278,11 +278,11 @@ - *REFRESH_ANSIBLE_FACTS - - name: Assert major version + - name: Assert target version assert: that: - - ansible_distribution_version is version('8.4','=') - - ansible_kernel is version('4.18.0-305','>=') + - ansible_distribution_version is version(versions.target.full, '=') + - ansible_kernel is version('4.18.0-305', '>=') quiet: true - name: Verify subscription status for non_cloud machines @@ -523,37 +523,3 @@ command: subscription-manager release --unset register: result failed_when: result.rc > 1 # May return code 1 even when correctly subscribed if system purpose is not defined - - ### POST-UPGRADE -- UPDATE TO TARGET VERSION ### - - - name: Update release to 8.5 - block: - - name: Determine if 8.5 is the latest version - command: dnf --releasever 8.5 list kernel # will fail when 8.5 is not the latest minor release - register: is_8_5_latest_version_available - changed_when: false - failed_when: is_8_5_latest_version_available.rc > 1 - - - name: Unlock release to latest # mirrors will not point to 8.5 when it is the latest - when: is_8_5_latest_version_available.rc == 1 - file: - path: /etc/dnf/vars/releasever - state: absent - - - name: Set release to 8.5 - when: is_8_5_latest_version_available.rc == 0 # 8.5 is not the latest - copy: - content: '8.5' - dest: /etc/dnf/vars/releasever - mode: u=rw,go=r - - - *UPDATE_ALL_PACKAGES - - - *REBOOT_SYSTEM_AFTER_UPDATE # 8.5 brings a new kernel update - - - *REFRESH_ANSIBLE_FACTS - - - name: Assert update to 8.5 succeeded - assert: - that: ansible_distribution_version is version(versions.target.full, '=') - quiet: true From 7a176a41f102e1efdc59499cb8577a395a5ac3ed Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Thu, 12 May 2022 10:47:55 +0000 Subject: [PATCH 02/16] Disable legacy containerd plugin to avoid instance auto-recovery on AWS --- .../playbooks/os/rhel/upgrade-release.yml | 51 ++++++++++++++++++- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index 3bba6d2813..b13f3e3b85 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -13,8 +13,6 @@ # Limitations: # - Ansible connection as root is not supported (PermitRootLogin) -# TODO: -# Fix issue when running on AWS on repository host deployed with epicli 1.0.2 (instance auto-recovery) - name: In-place RHEL release upgrade hosts: "{{ target | default('all') }}" @@ -139,6 +137,55 @@ update_only: true name: "*" + # Disable legacy containerd plugin to avoid instance auto-recovery on AWS (modprobe: FATAL: Module aufs not found) + + - name: Check if /etc/containerd/config.toml file exists + stat: + path: /etc/containerd/config.toml + get_attributes: false + get_checksum: false + get_mime: false + register: stat_containerd_config + + - name: Disable aufs plugin + when: stat_containerd_config.stat.exists + block: + - name: Get disabled_plugins + command: grep -oPz '(?s)^disabled_plugins\s*=\s*\[.*?\]' /etc/containerd/config.toml # TOML allows line breaks inside arrays + changed_when: false + register: grep_disabled_plugins + failed_when: grep_disabled_plugins.rc > 1 + + - name: Set plugins to be disabled + set_fact: + plugins_to_disable: "{{ _disabled_plugins | union(['aufs']) }}" + vars: + _disabled_plugins: >- + {{ (grep_disabled_plugins.stdout | regex_replace('\s*=', ':') | from_yaml).disabled_plugins | default('[]') }} + + - name: Disable aufs plugin (update array) + replace: # handles multi-line array + path: /etc/containerd/config.toml + regexp: ^disabled_plugins\s*=\s*\[[^\]]*?\] + replace: disabled_plugins = {{ plugins_to_disable | string }} + backup: true + register: update_containerd_config_option + + - name: Disable aufs plugin (add array) + lineinfile: + path: /etc/containerd/config.toml + line: disabled_plugins = {{ plugins_to_disable | string }} + backup: true + register: add_containerd_config_option + when: grep_disabled_plugins.rc == 1 + + - name: Restart containerd service + systemd: + name: containerd.service + state: restarted + when: update_containerd_config_option.changed + or add_containerd_config_option.changed + - &UPDATE_ALL_PACKAGES name: Update all packages in current major version yum: From b045c69d22543f053ba9adb544ab45053a6c064b Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Thu, 12 May 2022 13:38:13 +0000 Subject: [PATCH 03/16] Reboot system after update only when needed --- ci/ansible/playbooks/os/rhel/upgrade-release.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index b13f3e3b85..d615970ac7 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -193,8 +193,14 @@ name: "*" state: latest # noqa: package-latest - - &REBOOT_SYSTEM_AFTER_UPDATE - name: Reboot system after update # to load kernel from latest minor version if any + - name: Check if reboot is needed + command: needs-restarting --reboothint # exit code 1 means reboot is required + changed_when: false + register: needs_restarting + failed_when: needs_restarting.rc > 1 + + - name: Reboot system after update # to load kernel from latest minor version if any + when: needs_restarting.rc == 1 reboot: msg: Reboot initiated by Ansible due to update connect_timeout: "{{ reboot.connect_timeout }}" From de9a5e3f036e86eec13724636a8a9fa3a62e8108 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Thu, 12 May 2022 13:47:13 +0000 Subject: [PATCH 04/16] Update Leapp metadata file --- ci/ansible/playbooks/os/rhel/upgrade-release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index d615970ac7..6a38c05add 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -5,7 +5,7 @@ # This play requires a Leapp metadata archive from the Red Hat portal which cannot be shared publicly. # Local path to this archive must be provided via 'leapp_archive' variable, for example: -# ansible-playbook -e leapp_archive=/absolute/path/leapp-data15.tar.gz +# ansible-playbook -e leapp_archive=/absolute/path/leapp-data16.tar.gz # Requirements: # - System attached to RHUI repositories or Red Hat subscription ('non_cloud' provider) @@ -227,12 +227,12 @@ - name: Copy leapp metadata archive copy: src: "{{ leapp_archive }}" - dest: /etc/leapp/files/leapp-data15.tar.gz + dest: /etc/leapp/files/{{ leapp_archive | basename }} mode: preserve - name: Unarchive leapp metadata unarchive: - src: /etc/leapp/files/leapp-data15.tar.gz + src: /etc/leapp/files/{{ leapp_archive | basename }} dest: /etc/leapp/files/ remote_src: true From 8a8b545213561ba3c0f7ff47c78d27494e045a49 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Thu, 12 May 2022 14:12:45 +0000 Subject: [PATCH 05/16] Enable yum repos after OS is updated --- .../playbooks/os/rhel/upgrade-release.yml | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index 6a38c05add..82da03330d 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -110,24 +110,6 @@ debug: var: provider - - name: Register SELinux state - set_fact: - pre_upgrade_selinux_facts: "{{ ansible_facts.selinux }}" - - - name: Register enabled repositories - command: yum repolist --quiet - register: pre_upgrade_enabled_repositories - changed_when: false - - - name: Ensure repositories that provide leapp utility are enabled - ini_file: - path: "{{ item.repo_file }}" - section: "{{ item.name }}" - option: enabled - value: 1 - mode: u=rw,go=r - loop: "{{ leapp_dependencies.repos[provider] }}" - - name: Update repository certificates when: provider == "azure" yum: @@ -137,6 +119,15 @@ update_only: true name: "*" + - name: Register SELinux state + set_fact: + pre_upgrade_selinux_facts: "{{ ansible_facts.selinux }}" + + - name: Register enabled repositories + command: yum repolist --quiet + register: pre_upgrade_enabled_repositories + changed_when: false + # Disable legacy containerd plugin to avoid instance auto-recovery on AWS (modprobe: FATAL: Module aufs not found) - name: Check if /etc/containerd/config.toml file exists @@ -219,6 +210,15 @@ that: ansible_distribution_version is version(versions.required.full, '>=') quiet: true + - name: Ensure repositories that provide leapp utility are enabled + community.general.ini_file: + path: "{{ item.repo_file }}" + section: "{{ item.name }}" + option: enabled + value: 1 + mode: u=rw,go=r + loop: "{{ leapp_dependencies.repos[provider] }}" + - name: Install packages that provide the leapp utility package: name: "{{ leapp_dependencies.packages[provider] }}" From 2c67e25d4d84305343f26fe0fa76862a21337230 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Thu, 12 May 2022 15:40:27 +0000 Subject: [PATCH 06/16] Use target option --- ci/ansible/playbooks/os/rhel/upgrade-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index 82da03330d..e82eb226bc 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -304,7 +304,7 @@ command: leapp answer --add --section remove_pam_pkcs11_module_check.confirm=True - name: Start leapp upgrade - command: leapp upgrade {{ '--no-rhsm' if provider != 'non_cloud' }} + command: leapp upgrade --target {{ versions.target.full }} {{ '--no-rhsm' if provider != 'non_cloud' }} - name: Reboot system to complete leapp upgrade procedure reboot: @@ -352,7 +352,7 @@ - name: Check that upgraded version remains correctly subscribed assert: that: - - subscription_version.stdout == "8.4" + - subscription_version.stdout == versions.target.full - subscription_status.stdout == "Subscribed" quiet: true From fafbf4f1013b2a6d9f7e93f4ccd76b824a696d01 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Fri, 13 May 2022 11:37:11 +0000 Subject: [PATCH 07/16] Handle PostgreSQL packages --- .../playbooks/os/rhel/upgrade-release.yml | 40 +++++++++++++++++-- 1 file changed, 37 insertions(+), 3 deletions(-) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index e82eb226bc..46874ca840 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -210,6 +210,10 @@ that: ansible_distribution_version is version(versions.required.full, '>=') quiet: true + - name: Get information on installed packages + package_facts: + manager: rpm + - name: Ensure repositories that provide leapp utility are enabled community.general.ini_file: path: "{{ item.repo_file }}" @@ -217,10 +221,11 @@ option: enabled value: 1 mode: u=rw,go=r + no_extra_spaces: true loop: "{{ leapp_dependencies.repos[provider] }}" - name: Install packages that provide the leapp utility - package: + yum: name: "{{ leapp_dependencies.packages[provider] }}" state: present @@ -298,13 +303,34 @@ name: "{{ installed_kernel_devel_packages[:-1] }}" # keep the last item state: absent + - name: Set PostgreSQL version + set_fact: + postgresql_version: >- + {{ '10' if ansible_facts.packages['postgresql10-server'] is defined else + '13' if ansible_facts.packages['postgresql13-server'] is defined else + 'null' }} + + - name: Add PostgreSQL repository + when: postgresql_version != 'null' + yum_repository: + name: pgdg{{ postgresql_version }} + file: pgdg{{ postgresql_version }}-rhel-{{ versions.target.full }} + description: PostgreSQL {{ postgresql_version }} for RHEL/CentOS {{ versions.target.full }} - $basearch + baseurl: https://download.postgresql.org/pub/repos/yum/{{ postgresql_version }}/redhat/rhel-{{ versions.target.full }}-$basearch + gpgkey: https://download.postgresql.org/pub/repos/yum/RPM-GPG-KEY-PGDG + enabled: false + gpgcheck: true + module_hotfixes: true + ### UPGRADE ### - name: Provide leapp answer about pam_pkcs11_module removal command: leapp answer --add --section remove_pam_pkcs11_module_check.confirm=True - name: Start leapp upgrade - command: leapp upgrade --target {{ versions.target.full }} {{ '--no-rhsm' if provider != 'non_cloud' }} + command: >- + leapp upgrade --target {{ versions.target.full }} {{ '--no-rhsm' if provider != 'non_cloud' }} + {{ '--enablerepo pgdg' ~ postgresql_version if postgresql_version != 'null' }} - name: Reboot system to complete leapp upgrade procedure reboot: @@ -359,12 +385,13 @@ ### POST-UPGRADE -- CLEANUP ### - name: Remove packages from the dnf exclude list # populated by leapp during upgrade - ini_file: + community.general.ini_file: path: /etc/dnf/dnf.conf section: main option: exclude value: '' mode: u=rw,go=r + no_extra_spaces: true ## Remove Leapp @@ -378,6 +405,13 @@ path: /etc/leapp state: absent + - name: Remove PostgreSQL repository + when: postgresql_version != 'null' + yum_repository: + name: pgdg{{ postgresql_version }} + file: pgdg{{ postgresql_version }}-rhel-{{ versions.target.full }} + state: absent + ## Remove RHEL 7 packages - name: Remove remaining RHEL 7 packages From 4fb43835568225b97bbb386fcc685e7fa838a35a Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Fri, 13 May 2022 15:34:20 +0000 Subject: [PATCH 08/16] Enable upgrade mode for RedHat OS family --- ansible/playbooks/roles/preflight/tasks/main.yml | 3 --- .../playbooks/roles/preflight/tasks/upgrade-pre-common.yml | 7 ------- 2 files changed, 10 deletions(-) delete mode 100644 ansible/playbooks/roles/preflight/tasks/upgrade-pre-common.yml diff --git a/ansible/playbooks/roles/preflight/tasks/main.yml b/ansible/playbooks/roles/preflight/tasks/main.yml index 7aba8eca42..beaaefae13 100644 --- a/ansible/playbooks/roles/preflight/tasks/main.yml +++ b/ansible/playbooks/roles/preflight/tasks/main.yml @@ -1,7 +1,4 @@ --- -- include_tasks: upgrade-pre-common.yml - when: is_upgrade_run - - include_tasks: common/main.yml - include_tasks: apply.yml diff --git a/ansible/playbooks/roles/preflight/tasks/upgrade-pre-common.yml b/ansible/playbooks/roles/preflight/tasks/upgrade-pre-common.yml deleted file mode 100644 index 8c3fbd6520..0000000000 --- a/ansible/playbooks/roles/preflight/tasks/upgrade-pre-common.yml +++ /dev/null @@ -1,7 +0,0 @@ -# In version 2.0.0 we switched from RHEL 7 to 8 but only 'epicli apply' is supported so far. -- name: Check whether OS family is supported - assert: - that: ansible_os_family != 'RedHat' - fail_msg: >- - In this version 'epicli upgrade' is supported only for Ubuntu - success_msg: OS family check passed From 3b062f2b8c6006a9c9760de1a13352dec2ecd8e8 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Sat, 14 May 2022 09:47:07 +0000 Subject: [PATCH 09/16] Add releasever parameter --- .../files/download-requirements/src/command/dnf.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/dnf.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/dnf.py index 45eaf1032c..5fbd0e8fe3 100644 --- a/ansible/playbooks/roles/repository/files/download-requirements/src/command/dnf.py +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/dnf.py @@ -12,16 +12,19 @@ class Dnf(Command): def __init__(self, retries: int): super().__init__('dnf', retries) - def update(self, enablerepo: str = None, - package: str = None, + def update(self, package: str = None, disablerepo: str = None, + enablerepo: str = None, + releasever: str = None, assume_yes: bool = True): + """ Interface for `dnf update` - :param enablerepo: :param package: :param disablerepo: + :param enablerepo: + :param releasever: :param assume_yes: if set to True, -y flag will be used """ update_parameters: List[str] = ['update'] @@ -38,6 +41,9 @@ def update(self, enablerepo: str = None, if enablerepo is not None: update_parameters.append(f'--enablerepo={enablerepo}') + if releasever is not None: + update_parameters.append(f'--releasever={releasever}') + proc = self.run(update_parameters) if 'error' in proc.stdout: From 2f22939539d2dac4661cf9784c2690d4967ff294 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Sat, 14 May 2022 11:34:07 +0000 Subject: [PATCH 10/16] Fix update of libmodulemd package --- .../src/command/dnf_config_manager.py | 17 +++++++++++++++++ .../files/download-requirements/src/error.py | 6 ++++++ .../src/mode/red_hat_family_mode.py | 3 ++- 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/command/dnf_config_manager.py b/ansible/playbooks/roles/repository/files/download-requirements/src/command/dnf_config_manager.py index 3926910c1f..e9ce7af3ea 100644 --- a/ansible/playbooks/roles/repository/files/download-requirements/src/command/dnf_config_manager.py +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/command/dnf_config_manager.py @@ -1,4 +1,5 @@ from src.command.command import Command +from src.error import DnfVariableNotfound class DnfConfigManager(Command): @@ -17,3 +18,19 @@ def disable_repo(self, repo: str): def enable_repo(self, repo: str): self.run(['config-manager', '--set-enabled', repo]) + + def get_variable(self, name: str) -> str: + process = self.run(['config-manager', '--dump-variables']) + variables = [x for x in process.stdout.splitlines() if '=' in x] + value = None + + for var in variables: + chunks = var.split('=', maxsplit=1) + if name == chunks[0].strip(): + value = chunks[1].strip() + break + + if not value: + raise DnfVariableNotfound(f'Variable not found: {name}') + + return value diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/error.py b/ansible/playbooks/roles/repository/files/download-requirements/src/error.py index 0c6db7cbf7..0e7b9482f7 100644 --- a/ansible/playbooks/roles/repository/files/download-requirements/src/error.py +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/error.py @@ -17,6 +17,12 @@ class CriticalError(DownloadRequirementsError): """ +class DnfVariableNotfound(CriticalError): + """ + Raised when DNF variable was not found. + """ + + class PackageNotfound(CriticalError): """ Raised when there was no package found by the query tool. diff --git a/ansible/playbooks/roles/repository/files/download-requirements/src/mode/red_hat_family_mode.py b/ansible/playbooks/roles/repository/files/download-requirements/src/mode/red_hat_family_mode.py index 7dcbe26deb..14d5fdb6b0 100644 --- a/ansible/playbooks/roles/repository/files/download-requirements/src/mode/red_hat_family_mode.py +++ b/ansible/playbooks/roles/repository/files/download-requirements/src/mode/red_hat_family_mode.py @@ -51,7 +51,8 @@ def _create_backup_repositories(self): def _install_base_packages(self): # Bug in RHEL 8.4 https://bugzilla.redhat.com/show_bug.cgi?id=2004853 - self._tools.dnf.update(package='libmodulemd') + releasever = '8' if self._tools.dnf_config_manager.get_variable('releasever') == '8.4' else None + self._tools.dnf.update(package='libmodulemd', releasever=releasever) # some packages are from EPEL repo # make sure that we reinstall it before proceeding From ab6afa8c4bf5614ba69701f2db30c55cd4ea67ec Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Sat, 14 May 2022 17:59:27 +0000 Subject: [PATCH 11/16] Remove releasever DNF variable --- ci/ansible/playbooks/os/rhel/upgrade-release.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index 46874ca840..79e4913c34 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -610,3 +610,9 @@ command: subscription-manager release --unset register: result failed_when: result.rc > 1 # May return code 1 even when correctly subscribed if system purpose is not defined + + # download-requirements.py fails if releasever = 8.4 (2ndQuadrant repo) + - name: Remove releasever DNF variable + file: + path: /etc/dnf/vars/releasever # file created by upgrade + state: absent From 91ad4794867c9a625bc44ea1de1c5c7ea1d5506a Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Tue, 17 May 2022 11:25:53 +0000 Subject: [PATCH 12/16] Suspend HealthCheck process on AWS --- .../playbooks/os/rhel/upgrade-release.yml | 143 +++++++++++++++++- 1 file changed, 137 insertions(+), 6 deletions(-) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index 79e4913c34..5ebeab3f29 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -2,13 +2,16 @@ # Based on https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/upgrading_from_rhel_7_to_rhel_8/index # and partially on https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/redhat/redhat-in-place-upgrade -# This play requires a Leapp metadata archive from the Red Hat portal which cannot be shared publicly. -# Local path to this archive must be provided via 'leapp_archive' variable, for example: +# Requirements: +# - Leapp metadata archive from the Red Hat portal which cannot be shared publicly. +# - Epiphany manifest with credentials (for 'aws' provider only). +# - System attached to RHUI repositories or Red Hat subscription (for 'non_cloud' provider only). -# ansible-playbook -e leapp_archive=/absolute/path/leapp-data16.tar.gz +# Usage: +# ansible-playbook -e leapp_archive=/absolute/path/leapp-data16.tar.gz -e epiphany_manifest=/shared/build/aws/manifest.yml -# Requirements: -# - System attached to RHUI repositories or Red Hat subscription ('non_cloud' provider) +# Note: +# For AWS, playbook creates/overwrites with backup '/root/.aws/credentials' file locally. # Limitations: # - Ansible connection as root is not supported (PermitRootLogin) @@ -128,7 +131,7 @@ register: pre_upgrade_enabled_repositories changed_when: false - # Disable legacy containerd plugin to avoid instance auto-recovery on AWS (modprobe: FATAL: Module aufs not found) + # Disable legacy containerd plugin to avoid error (modprobe: FATAL: Module aufs not found) - name: Check if /etc/containerd/config.toml file exists stat: @@ -177,6 +180,93 @@ when: update_containerd_config_option.changed or add_containerd_config_option.changed + # Suspend HealthCheck process on AWS (required for reboots) + + - name: Suspend HealthCheck process for auto scaling groups + when: provider == 'aws' + run_once: true + delegate_to: localhost + block: + - name: Load Epiphany manifest + slurp: + src: "{{ epiphany_manifest }}" + register: slurp_epiphany_manifest + + - name: Set cloud properties + vars: + _cluster_doc: >- + {{ slurp_epiphany_manifest['content'] | b64decode | from_yaml_all + | selectattr('kind', '==', 'epiphany-cluster') + | first }} + block: + - name: Set cloud facts + set_fact: + aws_region: "{{ _cluster_doc.specification.cloud.region }}" + cluster_name: "{{ _cluster_doc.specification.prefix }}-{{ _cluster_doc.specification.name }}" + + - name: Create AWS configuration directory + file: + path: "{{ '~root' | expanduser }}/.aws" + state: directory + mode: u=rwx,go= + + - name: Create credentials file + copy: + dest: "{{ '~root' | expanduser }}/.aws/credentials" + content: | + [default] + aws_access_key_id = {{ _cluster_doc.specification.cloud.credentials.key }} + aws_secret_access_key = {{ _cluster_doc.specification.cloud.credentials.secret }} + mode: u=rw,go= + backup: true + + - name: Find auto scaling groups + community.aws.ec2_asg_info: + name: "{{ cluster_name }}" + region: "{{ aws_region }}" + register: cluster_asgs + + - name: Reconfigure ASGs to suspend EC2 health check + when: cluster_asgs.results | count > 0 + block: + - name: Set facts on ASGs + set_fact: + asg_facts: "{{ cluster_asgs.results | json_query(_query) }}" + vars: + _query: '[].{name: auto_scaling_group_name, suspended_processes: suspended_processes}' + + - name: Set path to file with original configuration of ASGs + set_fact: + asg_config_file_path: "{{ playbook_dir }}/{{ cluster_name }}-asg-config.yml" + + - name: Check if file with original configuration of ASGs exists + stat: + path: "{{ asg_config_file_path }}" + get_attributes: false + get_checksum: false + get_mime: false + register: stat_asg_config_yml + + - name: Save original configuration of auto scaling groups + when: not stat_asg_config_yml.stat.exists + become: false + copy: + dest: "{{ asg_config_file_path }}" + mode: u=rw,g=r,o= + content: | + # This file is managed by Ansible and is needed to restore original configuration. DO NOT EDIT. + {{ asg_facts | to_nice_yaml }} + + - name: Suspend HealthCheck process + when: not 'HealthCheck' in (item.suspended_processes | map(attribute='process_name')) + community.aws.ec2_asg: + name: "{{ item.name }}" + suspend_processes: "{{ item.suspended_processes | union(['HealthCheck']) }}" + region: "{{ aws_region }}" + loop_control: + label: "{{ item.name }}" + loop: "{{ asg_facts }}" + - &UPDATE_ALL_PACKAGES name: Update all packages in current major version yum: @@ -616,3 +706,44 @@ file: path: /etc/dnf/vars/releasever # file created by upgrade state: absent + + # Resume HealthCheck process on AWS + + - name: Resume HealthCheck process for auto scaling groups + when: provider == 'aws' + run_once: true + delegate_to: localhost + block: + - name: Check if file with original configuration of ASGs exists + stat: + path: "{{ asg_config_file_path }}" + get_attributes: false + get_checksum: false + get_mime: false + register: stat_asg_config_yml + + - name: Restore original configuration + when: stat_asg_config_yml.stat.exists + block: + - name: Load original configuration from file + slurp: + src: "{{ asg_config_file_path }}" + register: slurp_asg_config_yml + + - name: Set ASG settings to restore + set_fact: + asgs_to_restore: "{{ slurp_asg_config_yml['content'] | b64decode | from_yaml }}" + + - name: Resume HealthCheck process + community.aws.ec2_asg: + name: "{{ item.name }}" + suspend_processes: "{{ item.suspended_processes }}" + region: "{{ aws_region }}" + loop_control: + label: "{{ item.name }}" + loop: "{{ asgs_to_restore }}" + + - name: Remove file with original configuration of ASGs + file: + path: "{{ asg_config_file_path }}" + state: absent From 7825c80c749c18420c700714e6a1d2f473e59e81 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Tue, 17 May 2022 17:01:51 +0000 Subject: [PATCH 13/16] Install python3-psycopg2 package also for RedHat family --- ansible/playbooks/upgrade.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ansible/playbooks/upgrade.yml b/ansible/playbooks/upgrade.yml index 4823d706e6..3c18ef5793 100644 --- a/ansible/playbooks/upgrade.yml +++ b/ansible/playbooks/upgrade.yml @@ -316,9 +316,7 @@ - include_role: name: postgresql tasks_from: upgrade/nodes/common/ensure-ansible-requirements - when: - - ansible_os_family == 'Debian' - - "'postgresql' in upgrade_components or upgrade_components|length == 0" + when: "'postgresql' in upgrade_components or upgrade_components|length == 0" # step 2: upgrade repmgr - include_role: From 9ff8775e83d573ffbcc638e49663092a6b775785 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Tue, 17 May 2022 19:29:09 +0000 Subject: [PATCH 14/16] Add ntsysv package for Azure --- .../requirements/x86_64/redhat/packages.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/redhat/packages.yml b/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/redhat/packages.yml index fa1f4cb13c..82195f01cb 100644 --- a/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/redhat/packages.yml +++ b/ansible/playbooks/roles/repository/files/download-requirements/requirements/x86_64/redhat/packages.yml @@ -69,6 +69,7 @@ packages: - 'nss' # for java-1.8.0-openjdk-headless - 'nss-softokn' # for nss # Open Distro for Elasticsearch plugins are installed individually to not download them twice in different versions (as dependencies of opendistroforelasticsearch package) + - 'ntsysv' # for python36 - 'opendistro-alerting-1.13.1.*' - 'opendistro-index-management-1.13.1.*' - 'opendistro-job-scheduler-1.13.0.*' From 1602d56ddf3143d689a916819609414ed64ce1d3 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Tue, 17 May 2022 22:58:11 +0000 Subject: [PATCH 15/16] Prevent auto-upgrade of repmgr10-4.0.6-1.el7 --- ci/ansible/playbooks/os/rhel/upgrade-release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/ansible/playbooks/os/rhel/upgrade-release.yml b/ci/ansible/playbooks/os/rhel/upgrade-release.yml index 5ebeab3f29..b618cff612 100644 --- a/ci/ansible/playbooks/os/rhel/upgrade-release.yml +++ b/ci/ansible/playbooks/os/rhel/upgrade-release.yml @@ -411,6 +411,9 @@ enabled: false gpgcheck: true module_hotfixes: true + exclude: # prevent auto-upgrade from 4.0.6-1.el7 + - repmgr10 + - repmgr_10 ### UPGRADE ### From a7d9521b3ac57ea8069169f45e1b65422c80c7d8 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Wed, 18 May 2022 08:43:33 +0000 Subject: [PATCH 16/16] Update changelog --- docs/changelogs/CHANGELOG-2.0.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/changelogs/CHANGELOG-2.0.md b/docs/changelogs/CHANGELOG-2.0.md index 9e0d740317..bc4d0436c1 100644 --- a/docs/changelogs/CHANGELOG-2.0.md +++ b/docs/changelogs/CHANGELOG-2.0.md @@ -2,6 +2,10 @@ ## [2.0.1] YYYY-MM-DD +### Added + +- [#2932](https://github.com/epiphany-platform/epiphany/issues/2932) - Support `epicli upgrade` for RHEL/AlmaLinux 8 + ### Updated - [#3080](https://github.com/epiphany-platform/epiphany/issues/3080) - update Filebeat to the latest compatible version with OpenSearch