From 77c46d847bd0f0a72bc1be527cad10825046dcbe Mon Sep 17 00:00:00 2001
From: Antony Messerli <amesserl@rackspace.com>
Date: Mon, 28 Jan 2019 13:03:55 -0600
Subject: [PATCH] Adds an Ansible playbook for user_rpco_upgrade.yml

Generates the user_rpco_upgrade.yml file used for the
upgrade process.  It includes variables needed for
optimation of the upgrade process and any particular
config values that might be necessary during the upgrade.

Upon completion of the upgrade, the file is removed and no
longer needed.
---
 incremental/incremental-upgrade.sh            |   3 +
 incremental/lib/functions.sh                  |  47 +++-----
 .../playbooks/rpco-upgrade-configs.yml        | 109 ++++++++++++++++++
 incremental/ubuntu16-upgrade-to-ocata.sh      |   3 -
 incremental/ubuntu16-upgrade-to-pike.sh       |   3 -
 incremental/ubuntu16-upgrade-to-queens.sh     |   2 -
 incremental/ubuntu16-upgrade-to-rocky.sh      |   2 -
 7 files changed, 125 insertions(+), 44 deletions(-)
 create mode 100644 incremental/playbooks/rpco-upgrade-configs.yml

diff --git a/incremental/incremental-upgrade.sh b/incremental/incremental-upgrade.sh
index f26e381c..9ea4adea 100755
--- a/incremental/incremental-upgrade.sh
+++ b/incremental/incremental-upgrade.sh
@@ -63,6 +63,7 @@ if ! echo ${TODO} | grep -w ${TARGET} > /dev/null; then
 fi
 
 check_user_variables
+generate_upgrade_config
 
 if [ "${SKIP_PREFLIGHT}" != "true" ]; then
   pre_flight
@@ -73,3 +74,5 @@ for RELEASE_TO_DO in ${TODO}; do
   echo "Starting upgrade to ${RELEASE_TO_DO^}"
   bash ubuntu16-upgrade-to-${RELEASE_TO_DO}.sh
 done
+
+cleanup
diff --git a/incremental/lib/functions.sh b/incremental/lib/functions.sh
index 5042ff93..87161392 100755
--- a/incremental/lib/functions.sh
+++ b/incremental/lib/functions.sh
@@ -153,40 +153,6 @@ function install_ansible_source {
   /opt/rpc-ansible/bin/pip install --isolated "ansible==${RPC_ANSIBLE_VERSION}"
 }
 
-function set_keystone_flush_memcache {
-  if [[ ! -f /etc/openstack_deploy/user_rpco_upgrade.yml ]]; then
-     echo "---" > /etc/openstack_deploy/user_rpco_upgrade.yml
-     echo "keystone_flush_memcache: yes" >> /etc/openstack_deploy/user_rpco_upgrade.yml
-  elif [[ -f /etc/openstack_deploy/user_rpco_upgrade.yml ]]; then
-    if ! grep -i "keystone_flush_memcache" /etc/openstack_deploy/user_rpco_upgrade.yml; then
-      echo "keystone_flush_memcache: yes" >> /etc/openstack_deploy/user_rpco_upgrade.yml
-    fi
-  fi
-}
-
-function disable_hardening {
-  if [[ ! -f /etc/openstack_deploy/user_rpco_upgrade.yml ]]; then
-     echo "---" > /etc/openstack_deploy/user_rpco_upgrade.yml
-     echo "apply_security_hardening: false" >> /etc/openstack_deploy/user_rpco_upgrade.yml
-  elif [[ -f /etc/openstack_deploy/user_rpco_upgrade.yml ]]; then
-    if ! grep -i "apply_security_hardening" /etc/openstack_deploy/user_rpco_upgrade.yml; then
-      echo "apply_security_hardening: false" >> /etc/openstack_deploy/user_rpco_upgrade.yml
-    fi
-  fi
-}
-
-function set_secrets_file {
-  if [ -f "/etc/openstack_deploy/user_secrets.yml" ]; then
-    if ! grep "^osa_secrets_file_name" /etc/openstack_deploy/user_rpco_upgrade.yml; then
-      echo 'osa_secrets_file_name: "user_secrets.yml"' >> /etc/openstack_deploy/user_rpco_upgrade.yml
-    fi
-  elif [ -f "/etc/openstack_deploy/user_osa_secrets.yml" ]; then
-    if ! grep "^osa_secrets_file_name" /etc/openstack_deploy/user_rpco_upgrade.yml; then
-      echo 'osa_secrets_file_name: "user_osa_secrets.yml"' >> /etc/openstack_deploy/user_rpco_upgrade.yml
-    fi
-  fi
-}
-
 function run_upgrade {
   pushd /opt/openstack-ansible
     export TERM=linux
@@ -205,6 +171,13 @@ function strip_install_steps {
   popd
 }
 
+function generate_upgrade_config {
+  # generate user_rpco_upgrade.yml
+  pushd /opt/rpc-upgrades/incremental/playbooks
+    openstack-ansible rpco-upgrade-configs.yml
+  popd
+}
+
 function prepare_ocata {
   if [[ ! -f "/etc/openstack_deploy/ocata_upgrade_prep.complete" ]]; then
     pushd /opt/rpc-upgrades/incremental/playbooks
@@ -241,3 +214,9 @@ function prepare_queens {
 function prepare_rocky {
   echo "Rocky prepare steps go here..."
 }
+
+function cleanup {
+  if [ -f "/etc/openstack_deploy/user_rpco_upgrade.yml" ]; then
+    rm /etc/openstack_deploy/user_rpco_upgrade.yml
+  fi
+}
diff --git a/incremental/playbooks/rpco-upgrade-configs.yml b/incremental/playbooks/rpco-upgrade-configs.yml
new file mode 100644
index 00000000..ebf9ef1c
--- /dev/null
+++ b/incremental/playbooks/rpco-upgrade-configs.yml
@@ -0,0 +1,109 @@
+---
+# Copyright 2019, Rackspace US, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Generate user_rpco_upgrade.yml for upgrade duration
+  hosts: localhost
+  user: root
+  vars:
+    upgrade_config_file: /etc/openstack_deploy/user_rpco_upgrade.yml
+  tasks:
+    - name: Ensure user_rpco_upgrade.yml exists
+      file:
+        path: "{{ upgrade_config_file }}"
+        state: touch
+
+    - name: Check if user_secrets exists
+      stat:
+        path: /etc/openstack_deploy/user_secrets.yml
+      register: user_secrets
+
+    - name: Check if user_osa_secrets exists
+      stat:
+        path: /etc/openstack_deploy/user_osa_secrets.yml
+      register: user_osa_secrets
+
+    - name: Set osa_secrets_file_name to user_secrets
+      lineinfile:
+        dest: "{{ upgrade_config_file }}"
+        regexp: "{{ item.regexp | default('^' + item.key) }}"
+        line: "{{ item.key }}: {{ item.value }}"
+        state: present
+      with_items:
+        - key: "osa_secrets_file_name"
+          value: "user_secrets.yml"
+      when: user_secrets.stat.exists
+
+    - name: Set osa_secrets_file_name to user_osa_secrets
+      lineinfile:
+        dest: "{{ upgrade_config_file }}"
+        regexp: "{{ item.regexp | default('^' + item.key) }}"
+        line: "{{ item.key }}: {{ item.value }}"
+        state: present
+      with_items:
+        - key: "osa_secrets_file_name"
+          value: "user_osa_secrets.yml"
+      when: user_osa_secrets.stat.exists
+
+    - name: Flush keystone memcache
+      lineinfile:
+        dest: "{{ upgrade_config_file }}"
+        regexp: "{{ item.regexp | default('^' + item.key) }}"
+        line: "{{ item.key }}: {{ item.value }}"
+        state: present
+      with_items:
+        - key: "keystone_flush_memcache"
+          value: "yes"
+
+    - name: Disable hardening for upgrade
+      lineinfile:
+        dest: "{{ upgrade_config_file }}"
+        regexp: "{{ item.regexp | default('^' + item.key) }}"
+        line: "{{ item.key }}: {{ item.value }}"
+        state: present
+      with_items:
+        - key: "apply_security_hardening"
+          value: "false"
+
+    - name: Remove serialization throttle for upgrade
+      lineinfile:
+        dest: "{{ upgrade_config_file }}"
+        regexp: "{{ item.regexp | default('^' + item.key) }}"
+        line: "{{ item.key }}: {{ item.value }}"
+        state: present
+      with_items:
+        - key: "nova_compute_serial"
+          value: "100%"
+        - key: "nova_conductor_serial"
+          value: "100%"
+        - key: "nova_console_serial"
+          value: "100%"
+        - key: "nova_scheduler_serial"
+          value: "100%"
+        - key: "nova_api_serial"
+          value: "100%"
+        - key: "neutron_agent_serial"
+          value: "100%"
+        - key: "neutron_server_serial"
+          value: "100%"
+        - key: "neutron_other_serial"
+          value: "100%"
+        - key: "cinder_backend_serial"
+          value: "100%"
+        - key: "cinder_scheduler_serial"
+          value: "100%"
+        - key: "glance_api_serial"
+          value: "100%"
+        - key: "glance_registry_rolling"
+          value: "100%"
diff --git a/incremental/ubuntu16-upgrade-to-ocata.sh b/incremental/ubuntu16-upgrade-to-ocata.sh
index e4d0e44c..28cecc2a 100755
--- a/incremental/ubuntu16-upgrade-to-ocata.sh
+++ b/incremental/ubuntu16-upgrade-to-ocata.sh
@@ -32,9 +32,6 @@ prepare_ocata
 
 checkout_rpc_openstack
 checkout_openstack_ansible
-set_secrets_file
-disable_hardening
-set_keystone_flush_memcache
 
 if [[ "$SKIP_INSTALL" == "yes" ]]; then
   exit 0
diff --git a/incremental/ubuntu16-upgrade-to-pike.sh b/incremental/ubuntu16-upgrade-to-pike.sh
index eea85706..37b583c1 100755
--- a/incremental/ubuntu16-upgrade-to-pike.sh
+++ b/incremental/ubuntu16-upgrade-to-pike.sh
@@ -30,9 +30,6 @@ echo "Starting Ocata to Pike Upgrade..."
 
 checkout_rpc_openstack
 configure_rpc_openstack
-set_secrets_file
-disable_hardening
-set_keystone_flush_memcache
 prepare_pike
 
 if [[ "$SKIP_INSTALL" == "yes" ]]; then
diff --git a/incremental/ubuntu16-upgrade-to-queens.sh b/incremental/ubuntu16-upgrade-to-queens.sh
index 72d38a42..e34005a8 100755
--- a/incremental/ubuntu16-upgrade-to-queens.sh
+++ b/incremental/ubuntu16-upgrade-to-queens.sh
@@ -30,8 +30,6 @@ echo "Starting Pike to Queens Upgrade..."
 
 checkout_rpc_openstack
 configure_rpc_openstack
-set_secrets_file
-disable_hardening
 prepare_queens
 run_upgrade
 
diff --git a/incremental/ubuntu16-upgrade-to-rocky.sh b/incremental/ubuntu16-upgrade-to-rocky.sh
index 356024de..dfcd793a 100755
--- a/incremental/ubuntu16-upgrade-to-rocky.sh
+++ b/incremental/ubuntu16-upgrade-to-rocky.sh
@@ -30,8 +30,6 @@ echo "Starting Queens to Rocky Upgrade..."
 
 checkout_rpc_openstack
 configure_rpc_openstack
-set_secrets_file
-disable_hardening
 prepare_rocky
 run_upgrade