Kolla-Ansible/Kayobe version enforcement (#1551)

* Check Kayobe version playbook

* Fix pipefail

* Ignore linter

* Include tag option

* Hook for overcloud host upgrade

* Check on control host upgrade

* Include remaining hooks

* Clarify fail message for unexpected current versions

* Kolla-Ansible version check playbook

* Add pip 24 precheck

* Kolla-Ansible check hooks

* service upgrade hook

* s/latest/expected/g

* Fixup Reno

* Add hook for host configure

* Include option to skip in config

* Make linter happy

* Ensure commit hash is not empty

* Update links

* Fix playbook lint

* Apply suggestions from code review

Co-authored-by: Alex-Welsh <[email protected]>

---------

Co-authored-by: Alex-Welsh <[email protected]>

Author: assumptionsandg

.ansible-lint-ignore

@@ -5,3 +5,5 @@ etc/kayobe/ansible/vault-generate-internal-tls.yml fqcn[action-core]
 etc/kayobe/ansible/vault-generate-test-external-tls.yml fqcn[action-core]
 etc/kayobe/ansible/rabbitmq-reset.yml command-instead-of-module
 etc/kayobe/ansible/ubuntu-upgrade.yml syntax-check[missing-file]
+etc/kayobe/ansible/check-kayobe-version.yml command-instead-of-module
+etc/kayobe/ansible/check-kolla-ansible-version.yml command-instead-of-module

etc/kayobe/ansible/check-kayobe-version.yml

@@ -0,0 +1,61 @@
+---
+- name: Check Kayobe version
+  tags: kayobe-version-check
+  hosts: localhost
+  gather_facts: false
+  vars:
+    requirements_path: "{{ kayobe_config_path }}/../../requirements.txt"
+  tasks:
+    - name: Check version
+      when: stackhpc_enable_kayobe_check
+      block:
+        - name: Get package info
+          community.general.pip_package_info:
+          register: packages
+
+        - name: Check if pip is version 24.0 or newer
+          ansible.builtin.assert:
+            that: "{{ packages.packages.pip.pip[0].version is version('24.0', '>=') }}"
+            fail_msg: |
+              Pip must be 24.0 or newer to run this check. Upgrade pip by running
+              pip install -U pip and reinstall Kayobe by running:
+              pip install --force-reinstall -r {{ requirements_path }}
+
+        - name: Get installed Kayobe commit
+          ansible.builtin.shell:
+            cmd: set -o pipefail && pip freeze | grep kayobe | cut -d @ -f 3
+            executable: /usr/bin/bash
+          register: kayobe_git_commit
+          failed_when: kayobe_git_commit.stdout == ""
+
+        - name: Clone Kayobe
+          ansible.builtin.git:
+            repo: https://github.com/stackhpc/kayobe.git
+            dest: /tmp/kayobe-git
+            version: stackhpc/{{ openstack_release }}
+
+        - name: Get tag from Kayobe commit
+          ansible.builtin.command:
+            cmd: git describe --tags {{ kayobe_git_commit.stdout }}
+            chdir: /tmp/kayobe-git
+          register: kayobe_current_version
+
+        - name: Get latest Kayobe version
+          ansible.builtin.shell:
+            cmd: set -o pipefail && grep -o kayobe@stackhpc\/.*$ {{ requirements_path }} | cut -d @ -f 2
+            executable: /usr/bin/bash
+          register: kayobe_latest_version
+
+        - name: Check installed Kayobe version is the latest
+          ansible.builtin.assert:
+            that: "kayobe_latest_version.stdout in kayobe_current_version.stdout"
+            fail_msg: |
+              Kayobe must use the expected version before continuing.
+
+              Current Kayobe version: {{ kayobe_current_version.stdout }}
+              Expected Kayobe version: {{ kayobe_latest_version.stdout }}
+
+              Recreate the Kayobe environment, or install the expected version
+              by running: pip install --force-reinstall -r {{ requirements_path }}
+            success_msg: |
+              Kayobe running at version: {{ kayobe_current_version.stdout }}

etc/kayobe/ansible/check-kolla-ansible-version.yml

@@ -0,0 +1,27 @@
+---
+- name: Check Kolla-Ansible version
+  tags: kolla-ansible-version-check
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Check version
+      when: stackhpc_enable_kolla_ansible_check
+      block:
+        - name: Get current Kolla-Ansible tag
+          ansible.builtin.command:
+            cmd: git describe --tags
+            chdir: "{{ lookup('ansible.builtin.env', 'KOLLA_SOURCE_PATH') }}"
+          register: kolla_ansible_current_version
+
+        - name: Check installed Kolla-Ansible version is the expected version
+          ansible.builtin.assert:
+            that: "stackhpc_kolla_ansible_source_version in kolla_ansible_current_version.stdout"
+            fail_msg: |
+              Kolla-Ansible must use the expected version before continuing.
+
+              Current Kolla-Ansible version: {{ kolla_ansible_current_version.stdout }}
+              Expected Kolla-Ansible version: {{ stackhpc_kolla_ansible_source_version }}
+
+              Upgrade Kolla-Ansible by running: kayobe control host upgrade
+            success_msg: |
+              Kolla-Ansible running at version: {{ kolla_ansible_current_version.stdout }}

etc/kayobe/hooks/control-host-bootstrap/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/control-host-upgrade/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/infra-vm-host-configure/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/infra-vm-service-deploy/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/overcloud-host-configure/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/overcloud-host-upgrade/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/overcloud-service-deploy/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/overcloud-service-reconfigure/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/overcloud-service-upgrade/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/seed-host-configure/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/seed-host-configure/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/seed-hypervisor-host-configure/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/hooks/seed-service-deploy/pre.d/check-kayobe-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kayobe-version.yml

etc/kayobe/hooks/seed-service-deploy/pre.d/check-kolla-ansible-version.yml

@@ -0,0 +1 @@
+../../../ansible/check-kolla-ansible-version.yml

etc/kayobe/stackhpc.yml

@@ -187,6 +187,14 @@ stackhpc_docker_registry_password: "{{ pulp_password }}"
 # Whether or not to run CIS benchmark hardening playbooks. Default is false.
 #stackhpc_enable_cis_benchmark_hardening_hook:
 
+# Whether or not to check the installed Kayobe version when running Kayobe commands.
+# Default is true.
+stackhpc_enable_kayobe_check: true
+
+# Whether or not to check the installed Kolla-Ansible version when running Kayobe commands.
+# Default is true.
+stackhpc_enable_kolla_ansible_check: true
+
 ###############################################################################
 # Octavia Amphora image
 

releasenotes/notes/kolla-kayobe-version-check-f44d43c9c34d1b89.yaml

@@ -0,0 +1,13 @@
+---
+features:
+  - |
+    Added playbooks to check the installed Kayobe/Kolla-Ansible versions
+    against the expected versions in Kayobe configuration. These checks
+    will run on Kayobe bootstrap, host and service operations.
+upgrade:
+  - |
+    Kolla Ansible and Kayobe version checks are enabled by default which
+    may fail on existing deployments using custom forks or branches for
+    Kayobe and Kolla-Ansible. To disable version checks in configuration
+    set ``stackhpc_enable_kayobe_check`` and
+    ``stackhpc_enable_kolla_ansible_check`` to false.