...
- Run puppet with the rocky modules/tags
- Stop apache2 and puppet
- Purge the keystone package
- Run
apt dist-upgrade
- Run puppet again
- This will re-install keystone (ensure that apache2 does not start - should be ensured by puppet as of the enable: false flag in hiera)
- Run keystone-manage doctor and ensure nothing is wrong
- Run
keystone-manage db_sync --expand
- Returns nothing
- Run
keystone-manage db_sync --migrate
- Returns nothing
- At this point, you may restart apache2 on this node
- Upgrade keystone on the other nodes, one at a time
- Basically run step 1-5 on the other nodes
- When all nodes are upgraded, perform the final DB sync
keystone-manage db_sync --contract
- Remove the
keystone::enabled: false
and thekeystone::manage_service: false
hiera key from the first node, and re-run puppet - Remove the
keystone::sync_db: false
key from hiera
Glance
To upgrade glace without any downtime you would need to follow the following procedure:
- Set
glance::sync_db: false
in a global hiera-file - Select which glance-server to upgrade first.
- In the node-specific hiera for this host you should set:
glance::api::enable: false
followed by a puppet-run. This would stop the glance-api service on the host.
- In the node-specific hiera for this host you should set:
- Run puppet on the first host with the rocky modules/tags
- Run
apt dist-upgrade
- Run
glance-manage db_sync expand
- Run
glance-manage db_sync migrate
- Remove the
glance::api::enable: false
from the node-specific hiera, and run puppet again. This would re-start the glance api-server on this host.- Test that this api-server works.
- Upgrade the rest of the glance hosts (ie; step 3 + 4 for each of the remaining glance hosts)
- Run
glance-manage db_sync
contract