New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Satellite 6.9 #386
Conversation
satellite_installer_cmd: satellite-installer | ||
satellite_scenario: satellite | ||
capsule_puppet_module: foreman-proxy | ||
satellite_installer_options: "--foreman-ipa-authentication false --reset-puppet-server-ssl-chain-filepath --disable-system-checks" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why are these 2 options always passed in? (I understand disabling system checks, at least party)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
foreman-ipa-authentication false -> #268
I guess that makes sense.
reset-puppet-server-ssl-chain-filepath -> #349
Hah, just last Friday I was playing with this: theforeman/puppet-puppet@c05e0a9
That said, it very much feels like a 6.3 -> 6.4 change due to Puppet 3 -> 4. In current versions I don't think it would be needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hah, just last Friday I was playing with this: theforeman/puppet-puppet@c05e0a9
Beautiful coincidence!
That said, it very much feels like a 6.3 -> 6.4 change due to Puppet 3 -> 4. In current versions I don't think it would be needed.
Let's give it a whirl (about to start a test of this PR right now to see)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can do. I feel a utility such as this (expected to run on old, old versions of Satellite) warrants excessive commenting
New one for me here:
Which repo should ansible > 2.9 be coming from? Need to update the list to auto-enable it Is it |
Looks good to me, but I don't have time to test it. Feel free to merge after @ekohl acks it. |
Exactly this. |
roles/satellite-clone/tasks/main.yml
Outdated
@@ -60,6 +60,10 @@ | |||
register: enable_repos_result | |||
when: enable_repos | |||
|
|||
- name: Enable Ansible 2.9 repository | |||
command: subscription-manager repos --enable rhel-{{ ansible_distribution_major_version}}-server-ansible-2.9-rpms |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The el8 repo has a completely different name, so no need to template it here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But you could template the Ansible version, and put that into vars :)
roles/satellite-clone/tasks/main.yml
Outdated
@@ -60,6 +60,10 @@ | |||
register: enable_repos_result | |||
when: enable_repos | |||
|
|||
- name: Enable Ansible 2.9 repository | |||
command: subscription-manager repos --enable rhel-{{ ansible_distribution_major_version}}-server-ansible-2.9-rpms | |||
when: satellite_version in ["6.9"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can (and should) be done on 6.8 too, we just didn't have the more explicit dependency in the RPM that would trigger the error you posted in 6.8
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was testing this as-is and I ran into an error in the middle of execution and I think it had to with the fact that I started the playbook while running ansible 2.4 and ansible was upgraded from underneath:
TASK [satellite-clone : Install packages necessary to check DB status] ***************************************************************************************
Tuesday 08 June 2021 15:28:19 +0000 (0:07:30.279) 0:10:16.888 **********
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: AttributeError: 'Task' object has no attribute 'async_val'
fatal: [localhost]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}
msg: Unexpected failure during module execution.
This step completed successfully when I ran it a second time (with ansible 2.9 loaded from the start)
To me it seems that the initial steps in the doc should reflect the correct repo to enable to get the right ansible version installed before the clone process is started
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand where this issue comes from, but if using 2.9 fixes it, we should be good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interestingly, docs don't say to enable Ansible repos: https://access.redhat.com/documentation/en-us/red_hat_satellite/6.9/html/upgrading_and_updating_red_hat_satellite/cloning_satellite_server#sec-Cloning_to_Target
Overall this reads correctly. I still wonder which Ansible should be used for s-clone, but maybe @mccun934 can shed some light on it. Seems weird to have to enable the right ansible repo, and then s-clone does enable it again? |
It's a little wonky but the way it plays out is that it's just making sure that by the time everything is done with the clone process all of the repos are enabled as they would have been if one followed the installation docs, especially since Clone has a step to disable all repos fairly early on (likely to make sure packages are getting pulled from the expected locations). |
I'm hitting an issue at the end of the process where, after the restoration is performed via foreman-maintain, the installer is run to upgrade to the latest z-stream.
Will update to use foreman-maintain for 6.9 and later |
roles/satellite-clone/tasks/main.yml
Outdated
when: satellite_version is version("6.8", "<=") | ||
|
||
- name: Upgrade to latest z-version with satellite-maintain | ||
command: 'satellite-maintain upgrade run --target-version={{ satellite_version }}.z --assumeyes' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this work as far back as 6.5? If so I can remove the above equivalent which used satellite-installer
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @jturel , great question!
As you saw, --upgrade
was removed (with theforeman/foreman-installer@3c60c74 ). In fact, at that point it did nothing except print a notice that --upgrade
is deprecated since we automatically run any pending db migrations (since theforeman/foreman-installer@1cc2378 ) was included with Foreman 2.1 (corresponding to Satellite 6.8)
IMO, rather than making the change to use satellite-maintain here with 6.9 and later versions, because satellite-maintain introduces a lot of additional overhead (running various pre-upgrade checks, unlocking packages and updating them, etc) which is intended to simplify the user experience of upgrading for customers, but doesn't have much benefit in this specific context, I would simply make the change to remove --upgrade
from the task here, but include it in satellite_upgrade_options
only when: satellite_version is version("6.7", "<=")
In other words, logically just running the installer still makes sense at this point, we just need to no longer pass --upgrade
to it as that was deprecated in Satellite 6.8 and has been removed in Satellite 6.9.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Slightly different solution: why don't we add --upgrade
to satellite_upgrade_options
for 6.5,6.6,6.7 and leave it out in 6.8+? Removes the need for doing wild satellite_version
checks here in the playbook as we already satellite_upgrade_options
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From an Ansible perspective this looks good (I added one comment, but nothing major).
Does a clone run succeed with these changes?
roles/satellite-clone/tasks/main.yml
Outdated
# The location of this file changed in 6.9 | ||
- name: Remove cpdb_done file | ||
file: | ||
path: /var/lib/candlepin/.puppet-candlepin-cpdb-create-done |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could fold this and the legacy path into a list and do a with_items.
Or put the filepath as a variable as for each satellite version there is always just one matching.
Or you leave it like this, as it doesn't hurt ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like with_items - will do
Updated & squashed! |
yay! @jturel++ |
No description provided.