Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2007028

Summary: Ansible package not updated on osp16.1.3 to osp16.1.6 upgrades
Product: Red Hat OpenStack Reporter: Andrew Mercer <amercer>
Component: openstack-tripleoAssignee: Sofer Athlan-Guyot <sathlang>
Status: CLOSED WONTFIX QA Contact: Khomesh Thakre <kthakre>
Severity: medium Docs Contact:
Priority: medium    
Version: 16.1 (Train)CC: bdobreli, enothen, jlarriba, jpretori, jslagle, jstransk, mburns, sathlang, tarcher, tmicheli
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-04-03 12:21:01 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Andrew Mercer 2021-09-22 21:10:30 UTC 
Description of problem:

Upgrading RHOSP 16.1.3 to RHOSP 16.1.6, ansible package is not updated, but can be updated manually outside director. Need to know if this is by design and why.


Version-Release number of selected component (if applicable):

RHOSP 16.1.3 upgrading to RHOSO 16.1.6
Comment 4 Eric Nothen 2021-12-08 17:14:23 UTC 
Hello,

This missing update causes some pending security erratas on the overcloud nodes to be displayed on Satellite, therefore raising some questions on my customer's security department. They are asked to apply the missing update or otherwise provide a reason and plan for remediating the issue in the future.

Are we ok supporting a "dnf update ansible" as a workaround until this BZ can be resolved?

Thanks,
Eric
Comment 8 Sofer Athlan-Guyot 2022-04-04 12:35:12 UTC 
Hi,

so we currently exclude Ansible package explicitly from the update because Ansible had trouble updating itself.

https://opendev.org/openstack/tripleo-heat-templates/src/branch/stable/train/deployment/tripleo-packages/tripleo-packages-baremetal-puppet.yaml#L591-L598

Updating Ansible outside of tripleo is fine as long as the right stream are properly configured as mentioned there[1].

I'll keep that bugzilla opened until we either have a new entry in the documentation or we are able to confirm that updating Ansible with Ansible is fine.

Regards,

[1] https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.1/html-single/keeping_red_hat_openstack_platform_updated#updating-red-hat-openstack-platform-repositories_keeping-updated
Comment 9 Eric Nothen 2022-04-04 15:03:29 UTC 
(In reply to Sofer Athlan-Guyot from comment #8)
> Hi,
> 
> Updating Ansible outside of tripleo is fine as long as the right stream are
> properly configured as mentioned there[1].
> 

Just to be absolutely sure I'm not misinterpreting your comment: You are saying we can instruct customers  to run "yum -y update ansible" on overcloud nodes? (provided of course that the appropriate repositories were enabled in advance as part of an overcloud update)
Comment 10 Sofer Athlan-Guyot 2022-04-04 16:45:34 UTC 
Hi,


To answer your question, running "dnf upgrade -y ansible" on the overcloud should be fine provided the repo are corrects.

Now we need to document that and add it to the CI testing.

Another question raised by this bugzilla is the relevance of having ansible on the overcloud at all.
We may seek improvement here and may target a removal of Ansible on the overcloud. This need further discussion/testing though.
Comment 23 Sofer Athlan-Guyot 2023-04-03 12:21:01 UTC 
Going to close this one, as ansible cannot be removed from the images.