Playbook #4
/home/zuul/src/opendev.org/openstack/openstack-ansible/playbooks/setup-openstack.yml
Execution
Date 14 Dec 2025 10:21:40 +0000
Duration 00:43:55.98
Controller aio1.openstack.local
User root
Versions
Ansible 2.18.6
ara 1.7.4 / 1.7.4
Python 3.13.5
Summary
13 Hosts
2438 Tasks
2413 Results
107 Plays
511 Files
0 Records
check:False tags:all

File: /home/zuul/src/opendev.org/openstack/openstack-ansible-os_neutron/handlers/main.yml

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
---
# Copyright 2014, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Reload apparmor
  ansible.builtin.service:
    name: apparmor
    state: reloaded

- name: Stop services
  ansible.builtin.service:
    name: "{{ item.service_name }}"
    state: "stopped"
    daemon_reload: true
  with_items: "{{ filtered_neutron_services }}"
  register: _stop
  until: _stop is success
  retries: 5
  delay: 2
  listen:
    - "Restart neutron services"
    - "venv changed"
    - "systemd service changed"
    - "cert installed"

# NOTE
# When restarting neutron-l3-agent, a non-default systemd KillMode of 'process' is used
# to prevent Keepalived from exiting and causing a data-plane outage. As a result of this
# some neutron processes remain running. In the case of an upgrade, these remaining
# processes will be running code from the previous version. This step ensures these
# orphaned processes are cleaned up correctly.
- name: Run neutron-l3-agent process cleanup
  ansible.builtin.shell: |
    cgroup_path=$(findmnt -t cgroup2 -r -n -f -o target)
    for ns_pid in $(cat ${cgroup_path}/neutron.slice/neutron-l3-agent.service/cgroup.procs); do
      echo $(readlink -f "/proc/$ns_pid/exe") | egrep -qv "keepalived|haproxy|ipsec"
      if [ $? -eq 0 ] || [ "{{ neutron_l3_cleanup_on_shutdown | bool }}" = "True" ]; then
        if kill -9 "$ns_pid"; then
          logger -s "old neutron-l3-agent pid found and has been cleaned up on: \"$ns_pid\""
        fi
      fi
    done
  when: "'neutron-l3-agent' in (filtered_neutron_services | map(attribute='service_key') | list)"
  changed_when: false
  listen:
    - "Restart neutron services"
    - "venv changed"

- name: Restart openvswitch
  ansible.builtin.service:
    name: "{{ neutron_ovs_service_name }}"
    state: restarted
  listen:
    - "Restart provider services"
  when:
    - neutron_needs_openvswitch | bool
    - not _neutron_ovs_disabled

- name: Symlink neutron config directory
  ansible.builtin.file:
    # NOTE(cloudnull): The "src" path is relative. This ensures all files remain
    #                  within the host/container confines when connecting to
    #                  them using the connection plugin or the root filesystem.
    src: "{{ neutron_conf_version_dir | regex_replace('^/', '../') }}"
    dest: "{{ neutron_conf_dir }}"
    state: link
    force: true
  when: neutron_install_method == 'source'
  listen:
    - "venv changed"

- name: Drop sudoers file
  ansible.builtin.template:
    src: "sudoers.j2"
    dest: "/etc/sudoers.d/{{ neutron_system_user_name }}_sudoers"
    mode: "0440"
    owner: "root"
    group: "root"
  listen:
    - "Restart neutron services"
    - "venv changed"

- name: Perform a DB contract
  ansible.builtin.command: "{{ neutron_bin }}/neutron-db-manage upgrade --contract"
  become: true
  become_user: "{{ neutron_system_user_name }}"
  changed_when: false
  when:
    - "ansible_local['openstack_ansible']['neutron']['need_db_contract'] | bool"
    - "_neutron_is_first_play_host"
  listen:
    - "Restart neutron services"
    - "venv changed"

- name: Start services
  ansible.builtin.service:
    name: "{{ item.service_name }}"
    enabled: "{{ item.enabled | default(True) }}"
    state: "{{ item.state | default('started') }}"
    daemon_reload: true
  with_items: "{{ filtered_neutron_services }}"
  register: _start
  until: _start is success
  retries: 5
  delay: 2
  listen:
    - "Restart neutron services"
    - "venv changed"
    - "systemd service changed"
    - "cert installed"

- name: Start ovn service
  ansible.builtin.service:
    name: "{{ neutron_ovn_northd_service_name }}"
    state: started
  listen:
    - start ovn service

# (NOTE) Restarting twice to cleanup some pid.
- name: Restart ovn northd
  ansible.builtin.service:
    name: "{{ neutron_ovn_northd_service_name }}"
    state: restarted
  when:
    - neutron_services['neutron-ovn-northd']['group'] in group_names and neutron_plugin_type == 'ml2.ovn'
  listen:
    - restart ovn service
    - ovn cert installed

- name: Restart ovn controller
  ansible.builtin.service:
    name: "{{ neutron_ovn_controller_service_name }}"
    state: restarted
  when:
    - neutron_services['neutron-ovn-controller']['group'] in group_names and neutron_plugin_type == 'ml2.ovn'
  listen:
    - restart ovn service
    - ovn cert installed