...
The recommended order to upgrade the services are listed below:
Table of Contents |
---|
Keystone
This is the zero downtime approach
...
Before the upgrades can be started it is important that all data from previous nova-releases are migrated to wallaby xena release. This is done like so:
...
Code Block |
---|
ntnuopenstack::nova::endpoint::internal::id: '<NOVA INTERNAL ENDPOINT ID>' ntnuopenstack::nova::keystone::limits: true |
Heat
The rolling upgrade procedure for heat includes a step where you are supposed to create a new rabbit vhost. I don't want that. Therefore, this is the cold upgrade steps.
- Set
heat::api::enabled: false
andheat::engine::enabled: false
andheat::api_cfn::enabled: false
in hiera to stop all services - Do one of:
- Run puppet with yoga modules/tags, Run
apt-get update && apt-get dist-upgrade && apt-get autoremove
- Reinstall the nodes with yoga modules/tags
- Run puppet with yoga modules/tags, Run
- Run
heat-manage db_sync
on one of the api-nodes. - Remove the hiera keys that disabled the services and re-run puppet
Barbican
Barbican must be stopped for upgrades, and can thus be performed on all barbican hosts at the same time. It might be an idea to keep one set of hosts stopped at old code in case of the need for a sudden roll-back.
- Stop all barbican-services by adding the following keys to node-specific hiera, and then make sure to run puppet on the barbican hosts:
barbican::worker::enabled: false
apache::service_ensure: 'stopped'
Run puppet with the yoga modules/tags
Run
apt dist-upgrade && apt-get autoremove
Run
barbican-db-manage upgrade
Re-start barbican services by removing the keys added in step 1 and re-run puppet.
Magnum
Magnum must be stopped for upgrades, and can thus be performed on all magnum-hosts at the same time. It might be an idea to keep one set of hosts stopped at old code in case of the need for a sudden roll-back.
We can go back to Ubuntu for magnum-servers now. So, before you begin - reinstall VMs to Ubuntu 20.04.
In Ubuntu, this is needed in the node-specifig hiera:
Code Block |
---|
apache::mod::wsgi::package_name: 'libapache2-mod-wsgi-py3'
apache::mod::wsgi::mod_path: '/usr/lib/apache2/modules/mod_wsgi.so' |
- Stop all magnum-services by adding the following keys to node-specific hiera, and then make sure to run puppet on the magnum hosts:
magnum::conductor::enabled: false
apache::service_ensure: 'stopped'
Run puppet with the yoga modules/tags
Run
apt dist-upgrade && apt autoremove
Run
su -s /bin/sh -c "magnum-db-manage upgrade" magnum
Re-start magnum services by removing the keys added in step 1 and re-run puppet.
- Check if a new Fedora CoreOS image is required, and if new public cluster templates should be deployed. I.e to support a newer k8s version
- Hint: You need Fedora CoreOS 35 now =) And you need this specifc build!!!
Octavia
Octavia must be stopped for upgrades, and can thus be performed on all octavia-hosts at the same time. It might be an idea to keep one set of hosts stopped at old code in case of the need for a sudden roll-back.
- Stop all octavia-services by adding the following keys to hiera, and then make sure to run puppet on the octavia hosts:
octavia::housekeeping::enabled: false
octavia::health_manager::enabled: false
octavia::api::enabled: false
octavia::worker::enabled: false
Do one of:
- Reinstall the node with yoga modules/tags
Run puppet with the yoga modules/tags, Run
apt-get dist-upgrade && apt-get autoremove,
Run puppet
Run
octavia-db-manage upgrade head
Re-start octavia services by removing the keys added in step 1 and re-run puppet.
- Build a yoga-based octavia-image and upload to glance. Tag it and make octavia start to replace the amphora.
Horizon
- Run puppet with the yoga modules/tags
- run
dnf upgrade --allowerasing
- Yes this is weird: Login to all memcached servers, and run
systemctl restart memcached
- Run puppet again
- restart httpd
Compute-nodes
When all APIs etc. are upgraded, it is time to do the same on the compute-nodes. Compute nodes are simple to upgrade:
...
- Run
nova-manage db online_data_migrations
on a nova API node. Ensure that it reports that nothing more needs to be done. - Rotate octavia images.
- Remove old authtoken-related keys from hiera:
- barbican::keystone::authtoken::*
- cinder::keystone::authtoken::*
- heat::keystone::authtoken::*
- magnum::keystone::authtoken::*
- magnum::keystone::keystone_auth::*
- octavia::keystone::authtoken::*
- Remove old database-connection keys from hiera:
- barbican::db::database_connection
- magnum::db::database_connection
- nova::db::api_database_connection
- nova::db::database_connection
- octavia::db::database_connection
- Remove other keys which now have sane defaults that we do not need to override:
- barbican::api::max_allowed_secret_in_bytes
- barbican::api::max_allowed_request_size_in_bytes