Bug 2007570

Summary: [RFE] Update nodes after scale out to the latest patch level
Product: Red Hat OpenStack Reporter: tmicheli
Component: openstack-tripleo-heat-templatesAssignee: OSP Team <rhos-maint>
Status: NEW --- QA Contact: Joe H. Rahme <jhakimra>
Severity: low Docs Contact:
Priority: low    
Version: 13.0 (Queens)CC: dhill, enothen, jjoyce, jlarriba, jpretori, jschluet, lbezdick, mburns, rhos-maint, shtiwari, slinaber, tvignaud
Target Milestone: ---Keywords: FutureFeature
Target Release: ---Flags: enothen: needinfo? (rhos-maint)
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description tmicheli 2021-09-24 09:52:49 UTC 
Description of problem:
Currently if a scale out is done,  TripleO uses the last image it has to deploy the new node and don't run any update. 
The last image usually misses all the async packages updates after images released.

I understand that from the containerized services the patch level is the same, but the underlying nodes do not have the latest patches installed. This could lead to a potential security risk if the latest ERRATA are not applied on OS level.

Currently this is only possible with doing a minor upgrade for the complete environment.

Version-Release number of selected component (if applicable):
16.y

How reproducible:


Steps to Reproduce:
1. Install an OpenStack cluster
2. Scale out
3.

Actual results:
The newly deployed compute nodes are not on the latest patch level.

Expected results:
All nodes are on the same patch level.

Additional info: