Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update_pgcluster.yml: Reboot node if it's required, e.g. kernel or security updates #510

Merged
merged 3 commits into from
Nov 19, 2023
Merged

update_pgcluster.yml: Reboot node if it's required, e.g. kernel or security updates #510

merged 3 commits into from
Nov 19, 2023

Conversation

chuegel
Copy link
Contributor

@chuegel chuegel commented Nov 19, 2023

Environments like PCIDSS require to apply kernel and security updates on a regular basis. Once those updates have been applied, a reboot of the host is needed.
This PR will reboot a host only if it's required (kernel updates, security updates etc.) when updating the PostgreSQL cluster with ansible-playbook update_pgcluster.yml -e target=system

@chuegel chuegel changed the title reboot node if its required, e.g. kernel or security updates reboot node if it's required, e.g. kernel or security updates Nov 19, 2023
@chuegel
Copy link
Contributor Author

chuegel commented Nov 19, 2023

The failing tests are expected as the docker containers die on reboot.
Not sure how to catch this test. Vagrant?

What worries me is, as I mentioned in the discussion the handler get called multiple times when notified.
This would need a thorough testing.

@vitabaks
Copy link
Owner

Thank you @chuegel for your contribution!

The failing tests are expected as the docker containers die on reboot.

You can exclude this task from containers

ansible_virtualization_type not in ['container', 'docker', 'lxc', 'podman']  # exclude for containers to prevent test failures in CI.

@vitabaks
Copy link
Owner

What worries me is, as I mentioned in the discussion the handler get called multiple times when notified.

perhaps it is necessary to move from "handler" to a simple task.

@vitabaks vitabaks added the enhancement Improvement of the current functionality label Nov 19, 2023
@vitabaks vitabaks changed the title reboot node if it's required, e.g. kernel or security updates update_pgcluster.yml: Reboot node if it's required, e.g. kernel or security updates Nov 19, 2023
@vitabaks
Copy link
Owner

vitabaks commented Nov 19, 2023
edited
Loading

perhaps it is necessary to move from "handler" to a simple task.

Example:

- name: Check if a reboot is required
  ansible.builtin.stat:
    path: /var/run/reboot-required
  register: reboot_required_debian
  changed_when: false
  when:
    - ansible_os_family == "Debian"
    - ansible_virtualization_type not in ['container', 'docker', 'lxc', 'podman']  # exclude for containers to prevent test failures in CI.

- name: Check if a reboot is required
  ansible.builtin.command: needs-restarting -r
  register: reboot_required_rhel
  failed_when: false
  changed_when: false
  when:
    - ansible_os_family == "RedHat"
    - ansible_virtualization_type not in ['container', 'docker', 'lxc', 'podman']  # exclude for containers to prevent test failures in CI.

- name: Rebooting host
  ansible.builtin.reboot:
    msg: "Reboot initiated by Ansible due to required system updates"
    reboot_timeout: 1800 # 30 minutes
    test_command: uptime
  when: (reboot_required_debian.stat.exists is defined and reboot_required_debian.stat.exists) or
        (reboot_required_rhel.rc is defined and reboot_required_rhel.rc != 0)

@chuegel
Copy link
Contributor Author

chuegel commented Nov 19, 2023

perhaps it is necessary to move from "handler" to a simple task.

Example:

- name: Check if a reboot is required
  ansible.builtin.stat:
    path: /var/run/reboot-required
  register: reboot_required_debian
  changed_when: false
  when:
    - ansible_os_family == "Debian"
    - ansible_virtualization_type not in ['container', 'docker', 'lxc', 'podman']  # exclude for containers to prevent test failures in CI.

- name: Check if a reboot is required
  ansible.builtin.command: needs-restarting -r
  register: reboot_required_rhel
  failed_when: false
  changed_when: false
  when:
    - ansible_os_family == "RedHat"
    - ansible_virtualization_type not in ['container', 'docker', 'lxc', 'podman']  # exclude for containers to prevent test failures in CI.

- name: Rebooting host
  ansible.builtin.reboot:
    msg: "Reboot initiated by Ansible due to required system updates"
    reboot_timeout: 1800 # 30 minutes
    test_command: uptime
  when: (reboot_required_debian.stat.exists is defined and reboot_required_debian.stat.exists) or
        (reboot_required_rhel.rc is defined and reboot_required_rhel.rc != 0)

Yeah, that looks good, thank you. I tested it with an 3 node Ubuntu 22.04 cluster and it works as expected.

@vitabaks vitabaks merged commit cc18794 into vitabaks:master Nov 19, 2023
17 checks passed
@chuegel chuegel deleted the system_upgrade_reboot branch December 3, 2023 07:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement Improvement of the current functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chuegel @vitabaks