- block:
  - name: Get docker Cinder-Volume image
    set_fact:
      docker_image: docker.io/tripleorocky/centos-binary-cinder-volume:current-tripleo
      docker_image_latest: docker.io/tripleorocky/centos-binary-cinder-volume:pcmklatest
  - name: Get previous Cinder-Volume image id
    register: cinder_volume_image_id
    shell: docker images | awk '/cinder-volume.* pcmklatest/{print $3}' | uniq
  - block:
    - name: Get a list of container using Cinder-Volume image
      register: cinder_volume_containers_to_destroy
      shell: docker ps -a -q -f 'ancestor={{cinder_volume_image_id.stdout}}'
    - name: Remove any container using the same Cinder-Volume image
      shell: docker rm -fv {{item}}
      with_items: '{{ cinder_volume_containers_to_destroy.stdout_lines }}'
    - name: Remove previous Cinder-Volume images
      shell: docker rmi -f {{cinder_volume_image_id.stdout}}
    when:
    - cinder_volume_image_id.stdout != ''
  - command: docker pull {{docker_image}}
    name: Pull latest Cinder-Volume images
  - name: Retag pcmklatest to latest Cinder-Volume image
    shell: docker tag {{docker_image}} {{docker_image_latest}}
  name: Cinder-Volume fetch and retag container image for pacemaker
  when: step|int == 2
- block:
  - set_fact:
      container_registry_additional_sockets:
      - /var/lib/openstack/docker.sock
      container_registry_debug: false
      container_registry_deployment_user: ''
      container_registry_docker_options: --log-driver=journald --signature-verification=false
        --iptables=false --live-restore
      container_registry_insecure_registries: []
      container_registry_mirror: ''
      container_registry_network_options: --bip=172.31.0.1/24
      container_registry_skip_reconfiguration: false
  - include_role:
      name: container-registry
      tasks_from: docker-update
  name: Restart Docker when needed
  when: step|int == 2
- block:
  - name: Check for haproxy Kolla configuration
    register: haproxy_kolla_config
    stat:
      path: /var/lib/config-data/puppet-generated/haproxy
  - name: Check if haproxy is already containerized
    set_fact:
      haproxy_containerized: '{{haproxy_kolla_config.stat.isdir | default(false)}}'
  - command: hiera -c /etc/puppet/hiera.yaml bootstrap_nodeid
    name: get bootstrap nodeid
    register: bootstrap_node
    tags: common
  - name: set is_bootstrap_node fact
    set_fact: is_bootstrap_node={{bootstrap_node.stdout|lower == ansible_hostname|lower}}
    tags: common
  name: Set HAProxy upgrade facts
- block:
  - command: cibadmin --query --xpath "//storage-mapping[@id='haproxy-cert']"
    ignore_errors: true
    name: Check haproxy public certificate configuration in pacemaker
    register: haproxy_cert_mounted
  - name: Disable the haproxy cluster resource
    pacemaker_resource:
      resource: haproxy-bundle
      state: disable
      wait_for_resource: true
    register: output
    retries: 5
    until: output.rc == 0
    when: haproxy_cert_mounted.rc == 6
  - name: Set HAProxy public cert volume mount fact
    set_fact:
      haproxy_public_cert_path: /etc/pki/tls/private/overcloud_endpoint.pem
      haproxy_public_tls_enabled: false
  - command: pcs resource bundle update haproxy-bundle storage-map add id=haproxy-cert
      source-dir={{ haproxy_public_cert_path }} target-dir=/var/lib/kolla/config_files/src-tls/{{
      haproxy_public_cert_path }} options=ro
    name: Add a bind mount for public certificate in the haproxy bundle
    when: haproxy_cert_mounted.rc == 6 and haproxy_public_tls_enabled|bool
  - name: Enable the haproxy cluster resource
    pacemaker_resource:
      resource: haproxy-bundle
      state: enable
      wait_for_resource: true
    register: output
    retries: 5
    until: output.rc == 0
    when: haproxy_cert_mounted.rc == 6
  name: Mount TLS cert if needed
  when:
  - step|int == 1
  - haproxy_containerized|bool
  - is_bootstrap_node
- block:
  - name: Get docker Haproxy image
    set_fact:
      docker_image: docker.io/tripleorocky/centos-binary-haproxy:current-tripleo
      docker_image_latest: docker.io/tripleorocky/centos-binary-haproxy:pcmklatest
  - name: Get previous Haproxy image id
    register: haproxy_image_id
    shell: docker images | awk '/haproxy.* pcmklatest/{print $3}' | uniq
  - block:
    - name: Get a list of container using Haproxy image
      register: haproxy_containers_to_destroy
      shell: docker ps -a -q -f 'ancestor={{haproxy_image_id.stdout}}'
    - name: Remove any container using the same Haproxy image
      shell: docker rm -fv {{item}}
      with_items: '{{ haproxy_containers_to_destroy.stdout_lines }}'
    - name: Remove previous Haproxy images
      shell: docker rmi -f {{haproxy_image_id.stdout}}
    when:
    - haproxy_image_id.stdout != ''
  - command: docker pull {{docker_image}}
    name: Pull latest Haproxy images
  - name: Retag pcmklatest to latest Haproxy image
    shell: docker tag {{docker_image}} {{docker_image_latest}}
  name: Haproxy fetch and retag container image for pacemaker
  when: step|int == 2
- block:
  - name: Get docker Mariadb image
    set_fact:
      docker_image: docker.io/tripleorocky/centos-binary-mariadb:current-tripleo
      docker_image_latest: docker.io/tripleorocky/centos-binary-mariadb:pcmklatest
  - name: Get previous Mariadb image id
    register: mariadb_image_id
    shell: docker images | awk '/mariadb.* pcmklatest/{print $3}' | uniq
  - block:
    - name: Get a list of container using Mariadb image
      register: mariadb_containers_to_destroy
      shell: docker ps -a -q -f 'ancestor={{mariadb_image_id.stdout}}'
    - name: Remove any container using the same Mariadb image
      shell: docker rm -fv {{item}}
      with_items: '{{ mariadb_containers_to_destroy.stdout_lines }}'
    - name: Remove previous Mariadb images
      shell: docker rmi -f {{mariadb_image_id.stdout}}
    when:
    - mariadb_image_id.stdout != ''
  - command: docker pull {{docker_image}}
    name: Pull latest Mariadb images
  - name: Retag pcmklatest to latest Mariadb image
    shell: docker tag {{docker_image}} {{docker_image_latest}}
  name: Mariadb fetch and retag container image for pacemaker
  when: step|int == 2
- lineinfile: dest=/etc/sysconfig/iptables regexp=".*neutron-" state=absent
  name: Remove IPv4 iptables rules created by Neutron that are persistent
  when: step|int == 5
- lineinfile: dest=/etc/sysconfig/ip6tables regexp=".*neutron-" state=absent
  name: Remove IPv6 iptables rules created by Neutron that are persistent
  when: step|int == 5
- docker:
    name: octavia_api_tls_proxy
    state: absent
  name: remove TLS proxy if configured and running
  when:
  - step|int == 2
  - internal_tls_enabled|bool
- async: 30
  name: Check pacemaker cluster running before the minor update
  pacemaker_cluster: state=online check_and_fail=true
  poll: 4
  when: step|int == 0
- name: Move virtual IPs to another node before stopping pacemaker
  shell: "CLUSTER_NODE=$(crm_node -n)\necho \"Retrieving all the VIPs which are hosted\
    \ on this node\"\nVIPS_TO_MOVE=$(crm_mon --as-xml | xmllint --xpath '//resource[@resource_agent\
    \ = \"ocf::heartbeat:IPaddr2\" and @role = \"Started\" and @managed = \"true\"\
    \ and ./node[@name = \"'${CLUSTER_NODE}'\"]]/@id' - | sed -e 's/id=//g' -e 's/\"\
    //g')\nfor v in ${VIPS_TO_MOVE}; do\n    echo \"Moving VIP $v on another node\"\
    \n    pcs resource move $v --wait=300\ndone\necho \"Removing the location constraints\
    \ that were created to move the VIPs\"\nfor v in ${VIPS_TO_MOVE}; do\n    echo\
    \ \"Removing location ban for VIP $v\"\n    ban_id=$(cibadmin --query | xmllint\
    \ --xpath 'string(//rsc_location[@rsc=\"'${v}'\" and @node=\"'${CLUSTER_NODE}'\"\
    \ and @score=\"-INFINITY\"]/@id)' -)\n    if [ -n \"$ban_id\" ]; then\n      \
    \  pcs constraint remove ${ban_id}\n    else\n        echo \"Could not retrieve\
    \ and clear location constraint for VIP $v\" 2>&1\n    fi\ndone\n"
  when: step|int == 1
- name: Stop pacemaker cluster
  pacemaker_cluster: state=offline
  when: step|int == 1
- name: Start pacemaker cluster
  pacemaker_cluster: state=online
  when: step|int == 4
- block:
  - name: Get docker Rabbitmq image
    set_fact:
      docker_image: docker.io/tripleorocky/centos-binary-rabbitmq:current-tripleo
      docker_image_latest: docker.io/tripleorocky/centos-binary-rabbitmq:pcmklatest
  - name: Get previous Rabbitmq image id
    register: rabbitmq_image_id
    shell: docker images | awk '/rabbitmq.* pcmklatest/{print $3}' | uniq
  - block:
    - name: Get a list of container using Rabbitmq image
      register: rabbitmq_containers_to_destroy
      shell: docker ps -a -q -f 'ancestor={{rabbitmq_image_id.stdout}}'
    - name: Remove any container using the same Rabbitmq image
      shell: docker rm -fv {{item}}
      with_items: '{{ rabbitmq_containers_to_destroy.stdout_lines }}'
    - name: Remove previous Rabbitmq images
      shell: docker rmi -f {{rabbitmq_image_id.stdout}}
    when:
    - rabbitmq_image_id.stdout != ''
  - command: docker pull {{docker_image}}
    name: Pull latest Rabbitmq images
  - name: Retag pcmklatest to latest Rabbitmq image
    shell: docker tag {{docker_image}} {{docker_image_latest}}
  name: Rabbit fetch and retag container image for pacemaker
  when: step|int == 2
- block:
  - name: Get docker Redis image
    set_fact:
      docker_image: docker.io/tripleorocky/centos-binary-redis:current-tripleo
      docker_image_latest: docker.io/tripleorocky/centos-binary-redis:pcmklatest
  - name: Get previous Redis image id
    register: redis_image_id
    shell: docker images | awk '/redis.* pcmklatest/{print $3}' | uniq
  - block:
    - name: Get a list of container using Redis image
      register: redis_containers_to_destroy
      shell: docker ps -a -q -f 'ancestor={{redis_image_id.stdout}}'
    - name: Remove any container using the same Redis image
      shell: docker rm -fv {{item}}
      with_items: '{{ redis_containers_to_destroy.stdout_lines }}'
    - name: Remove previous Redis images
      shell: docker rmi -f {{redis_image_id.stdout}}
    when:
    - redis_image_id.stdout != ''
  - command: docker pull {{docker_image}}
    name: Pull latest Redis images
  - name: Retag pcmklatest to latest Redis image
    shell: docker tag {{docker_image}} {{docker_image_latest}}
  name: Redis fetch and retag container image for pacemaker
  when: step|int == 2
- name: Check swift containers log folder/symlink exists
  register: swift_log_link
  stat:
    path: /var/log/containers/swift
- file:
    path: /var/log/containers/swift
    state: absent
  name: Delete if symlink
  when: swift_log_link.stat.islnk is defined and swift_log_link.stat.islnk
- file:
    path: /var/run/rsyncd.pid
    state: absent
  name: Ensure rsyncd pid file is absent
- name: Check for existing yum.pid
  register: yum_pid_file
  stat: path=/var/run/yum.pid
  when: step|int == 0 or step|int == 3
- fail: msg="ERROR existing yum.pid detected - can't continue! Please ensure there
    is no other package update process for the duration of the minor update worfklow.
    Exiting."
  name: Exit if existing yum process
  when: (step|int == 0 or step|int == 3) and yum_pid_file.stat.exists
- name: Update all packages
  package: name=* state=latest
  when: step == "3"
- name: Ensure openvswitch is running after update
  service:
    enabled: true
    name: openvswitch
    state: started
  when: step|int == 3