Versions Compared

Old Version 11

changes.mady.by.user Eigil Obrestad

Saved on

compared with

New Version Current

changes.mady.by.user Eigil Obrestad

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The recommended order to upgrade the services are listed below:

Table of Contents

Keystone

This is the zero downtime approach

...

Before the upgrades can be started it is important that all data from previous nova-releases are migrated to wallaby xena release. This is done like so:

...

Code Block
ntnuopenstack::nova::endpoint::internal::id: '<NOVA INTERNAL ENDPOINT ID>'
ntnuopenstack::nova::keystone::limits: true

Heat

The rolling upgrade procedure for heat includes a step where you are supposed to create a new rabbit vhost. I don't want that. Therefore, this is the cold upgrade steps.

  1. Set heat::api::enabled: false and heat::engine::enabled: false and heat::api_cfn::enabled: false in hiera to stop all services
  2. Do one of:
    1. Run puppet with yoga modules/tags, Run apt-get update && apt-get dist-upgrade && apt-get autoremove
    2. Reinstall the nodes with yoga modules/tags
  3. Run heat-manage db_sync on one of the api-nodes.
  4. Remove the hiera keys that disabled the services and re-run puppet

Barbican

Barbican must be stopped for upgrades, and can thus be performed on all barbican hosts at the same time. It might be an idea to keep one set of hosts stopped at old code in case of the need for a sudden roll-back.

  1. Stop all barbican-services by adding the following keys to node-specific hiera, and then make sure to run puppet on the barbican hosts:

    1. barbican::worker::enabled: false

    2. apache::service_ensure: 'stopped'

  2. Run puppet with the yoga modules/tags

  3. Run apt dist-upgrade && apt-get autoremove

  4. Run barbican-db-manage upgrade

  5. Re-start barbican services by removing the keys added in step 1 and re-run puppet.

Magnum

Magnum must be stopped for upgrades, and can thus be performed on all magnum-hosts at the same time. It might be an idea to keep one set of hosts stopped at old code in case of the need for a sudden roll-back.

We can go back to Ubuntu for magnum-servers now. So, before you begin - reinstall VMs to Ubuntu 20.04.

In Ubuntu, this is needed in the node-specifig hiera:

Code Block
apache::mod::wsgi::package_name: 'libapache2-mod-wsgi-py3'
apache::mod::wsgi::mod_path: '/usr/lib/apache2/modules/mod_wsgi.so'


  1. Stop all magnum-services by adding the following keys to node-specific hiera, and then make sure to run puppet on the magnum hosts:

    1. magnum::conductor::enabled: false

    2. apache::service_ensure: 'stopped'

  2. Run puppet with the yoga modules/tags

  3. Run apt dist-upgrade && apt autoremove

  4. Run su -s /bin/sh -c "magnum-db-manage upgrade" magnum

  5. Re-start magnum services by removing the keys added in step 1 and re-run puppet.

  6. Check if a new Fedora CoreOS image is required, and if new public cluster templates should be deployed. I.e to support a newer k8s version
    1. Hint: You need Fedora CoreOS 35 now =) And you need this specifc build!!!

Octavia

Octavia must be stopped for upgrades, and can thus be performed on all octavia-hosts at the same time. It might be an idea to keep one set of hosts stopped at old code in case of the need for a sudden roll-back.

  1. Stop all octavia-services by adding the following keys to hiera, and then make sure to run puppet on the octavia hosts:

    1. octavia::housekeeping::enabled: false

    2. octavia::health_manager::enabled: false

    3. octavia::api::enabled: false

    4. octavia::worker::enabled: false

  2. Do one of:

    1. Reinstall the node with yoga modules/tags

    2. Run puppet with the yoga modules/tags, Run apt-get dist-upgrade && apt-get autoremove, Run puppet

  3. Run octavia-db-manage upgrade head

  4. Re-start octavia services by removing the keys added in step 1 and re-run puppet.

  5. Build a yoga-based octavia-image and upload to glance. Tag it and make octavia start to replace the amphora.

Horizon

  1. Run puppet with the yoga modules/tags
  2. run dnf upgrade --allowerasing
  3. Yes this is weird: Login to all memcached servers, and run systemctl restart memcached
  4. Run puppet again
  5. restart httpd

Compute-nodes

When all APIs etc. are upgraded, it is time to do the same on the compute-nodes. Compute nodes are simple to upgrade:

...

  • Run nova-manage db online_data_migrations on a nova API node. Ensure that it reports that nothing more needs to be done.
  • Rotate octavia images.
  • Remove old authtoken-related keys from hiera:
    • barbican::keystone::authtoken::*
    • cinder::keystone::authtoken::*
    • heat::keystone::authtoken::*
    • magnum::keystone::authtoken::*
    • magnum::keystone::keystone_auth::*
    • octavia::keystone::authtoken::*
  • Remove old database-connection keys from hiera:
    • barbican::db::database_connection
    • magnum::db::database_connection
    • nova::db::api_database_connection
    • nova::db::database_connection
    • octavia::db::database_connection
  • Remove other keys which now have sane defaults that we do not need to override:
    • barbican::api::max_allowed_secret_in_bytes
    • barbican::api::max_allowed_request_size_in_bytes