OpenStack-Ansible

Security: Disable role during major version upgrades

Bug #1568029 reported by Major Hayden
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Wishlist
Jean-Philippe Evrard

Bug Description

Upgrading between major versions of OpenStack services, such as Kilo to Liberty, or Liberty to Mitaka, can be challenging. We should advise deployers to consider disabling the openstack-ansible-security role during an upgrade to reduce the domain of things to troubleshoot during an upgrade.

This should be in the docs, the upgrade scripts, or both.

Major Hayden (rackerhacker)
tags: added: security
Changed in openstack-ansible:
importance: Undecided → Wishlist
Revision history for this message
Jean-Philippe Evrard (jean-philippe-evrard) wrote :

I'll start with a doc change.

If this requires more work, feel free to add another commit to it.

Changed in openstack-ansible:
assignee: nobody → Jean-Philippe Evrard (jean-philippe-evrard)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/311202

Changed in openstack-ansible:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (liberty)

Fix proposed to branch: liberty
Review: https://review.openstack.org/311211

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible (master)

Fix proposed to branch: master
Review: https://review.openstack.org/311215

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/311215
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=51441fef44e69ef2e79926c86b9a8234214be6e2
Submitter: Jenkins
Branch: master

commit 51441fef44e69ef2e79926c86b9a8234214be6e2
Author: Jean-Philippe Evrard <email address hidden>
Date: Fri Apr 29 18:57:58 2016 +0100

    Disable security role during major upgrades

    This commit disables the security hardening role during major
    upgrades by creating a temporary file. It removes the file after
    a sucessful upgrade.

    Change-Id: Ib32e0e317a84a443fb7fc9d3a364a16bd469b6e3
    Closes-Bug: #1568029

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (liberty)

Reviewed: https://review.openstack.org/311211
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=11a270d99a7def6fb65047f2f6b08b8304d6200f
Submitter: Jenkins
Branch: liberty

commit 11a270d99a7def6fb65047f2f6b08b8304d6200f
Author: Jean-Philippe Evrard <email address hidden>
Date: Fri Apr 29 18:43:19 2016 +0100

    Doc: Notice to disable security role during major upgrades

    This commit explains the process to disable the security hardening role
    for the major upgrades.

    Change-Id: I26f956d670343f66d06aa0266bfa5c7256231e2f
    Closes-Bug: #1568029

tags: added: in-liberty
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible (master)

Reviewed: https://review.openstack.org/311202
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible/commit/?id=12f0c6898312544294e477979053fcafc631e6da
Submitter: Jenkins
Branch: master

commit 12f0c6898312544294e477979053fcafc631e6da
Author: Jean-Philippe Evrard <email address hidden>
Date: Fri Apr 29 18:18:58 2016 +0100

    Doc: Notice to disable security hardening role during minor upgrades

    Change-Id: I9d6adbe293543f953b0fd8b94b94cf21e914cc0b
    Closes-Bug: #1568029

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 12.0.13

This issue was fixed in the openstack/openstack-ansible 12.0.13 release.

Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/openstack-ansible 14.0.0.0b1

This issue was fixed in the openstack/openstack-ansible 14.0.0.0b1 development milestone.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/openstack-ansible 14.0.0.0b2

This issue was fixed in the openstack/openstack-ansible 14.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.