check: make key-value store check release-aware#2924
Merged
Conversation
The post-upgrade infrastructure sweep checked the key-value store with a
single hardcoded line that always spoke redis on 192.168.16.10:6379 with
the redis-era master password. Unlike the MariaDB and RabbitMQ checks in
the same file, it had no release conditional.
At OpenStack 2025.2 upstream kolla-ansible replaced redis with valkey.
The valkey role gets a distinct valkey_master_password, so after the
upgrade the check's hardcoded redis password fails AUTH and check_tcp
reports an unexpected response, failing the whole build on the only
non-conditional check in the file.
Select the active service the same way deploy/200 and upgrade/200 do, via
valkey_or_redis() from include.sh, and read the matching
${store}_master_password from secrets.yml instead of embedding a literal.
Reading the password from the single source of truth removes the
duplication that caused the drift, so the check follows the deployed
service instead of re-breaking the next time a password changes. The
port, host, and INFO replication expectations are unchanged; valkey
preserves the redis wire format and the testbed topology is the same.
Assisted-by: Claude:claude-opus-4-8
Signed-off-by: Roger Luethi <luethi@osism.tech>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Make the post-upgrade key-value store check in
scripts/check/200-infrastructure.shrelease-aware instead of hardcoding aredis-era check.
Why
The infrastructure check sweep validated the key-value store with a single
hardcoded line that always spoke redis on
192.168.16.10:6379using theredis-era master password. Unlike the MariaDB and RabbitMQ checks in the same
file, it had no release conditional.
At OpenStack 2025.2, upstream kolla-ansible replaced redis with valkey, and the
valkey role uses a distinct
valkey_master_password. After the upgrade thecheck's hardcoded redis password fails
AUTH,check_tcpreports an unexpectedresponse, and the whole build fails on the only non-conditional check in the
file.
First observed on
testbed-upgrade-stable-next-ubuntu-24.04(periodic-midnight)build
3c209b90— the first run in which the redis→valkey upgrade wall clearedand the check was ever exercised against valkey. Elasticsearch, MariaDB,
Prometheus, and RabbitMQ all passed; the redis check was the sole failure.
How
include.shand select the active service withvalkey_or_redis()—the same OpenStack-release signal
deploy/200andupgrade/200already use.${store}_master_passwordfromsecrets.ymlinstead ofembedding a literal. Using the single source of truth removes the duplication
that caused the drift, so the check follows the deployed service and won't
re-break the next time a password changes.
Port, host, and
INFO replicationexpectations are unchanged: valkey preservesthe redis wire format and the testbed topology is the same.
Verification
shellcheckclean;bash -nOK.secrets.yml:redisresolves to theexact value previously hardcoded (redis-era releases unaffected),
valkeyresolves to its distinct password.
check_tcpround-trip still needs atestbed-upgrade-stable-next-ubuntu-24.04run to exercise end-to-end — hencedraft.
🤖 Generated with Claude Code