红帽全球峰会附录 D. 升级后 playbook
本节提供了一个 Ansible Playbook,如果您无法在迁移后访问所有自动化控制器节点上的自动化控制器 UI,则应该运行它。这解决了 SELinux 上下文以及 第 4 章 基础架构迁移 部分中描述的证书不匹配问题。
复制以下 Ansible Playbook 内容,并将其放在 untarred installer 目录中的名为 post_upgrade_playbook.yml 的文件中。
注意
此目录由安装程序清单文件组成,此 playbook 使用安装程序清单对自动化控制器节点进行一些更改。
post_upgrade_playbook.yml
---
- name: Play to apply workaround to known issues in upgrade
hosts: automationcontroller
become: true
tasks:
- block:
- name: Remove certs from all the controllers
file:
name: "{{ item }}"
state: absent
loop:
- /etc/tower/tower.cert
- /etc/tower/tower.key
- name: Role to create new certs and copy to all controllers
include_role:
name: ansible.automation_platform_installer.nginx
when:
- automation_platform_version is version('2.1.1', '<=')
- name: Add to targeted policy and apply selinux policy to controller dirs
ansible.builtin.command: "{{ item }}"
loop:
- semodule -s targeted -i /usr/share/selinux/targeted/automation-controller.pp
- /sbin/restorecon -R /var/lib/awx/venv /var/lib/awx/job_status /var/run/tower
- name: Restart the controller service
service:
name: automation-controller
state: restarted
运行 命令,在控制器节点上执行 playbook。
$ ansible-playbook -i inventory.new.ini post_upgrade_playbook.yml
