This article summarizes the steps required to upgrade from the rocky release to the stein release of openstack.
Prerequisites:
- This documents expects that your cloud is deployed with the latest rocky tag(vR.n.n) of the ntnuopenstack repository.
- Your cloud is designed with one of the architecture:
- Each openstack project have their own VM(s) for their services
- You have a recent mysql backup in case things go south.
- If you want to do a rolling upgrade, the following key should be set in hiera long enough in advance that all hosts have had an puppet-run to apply it:
nova::upgrade_level_compute: 'auto'
The recommended order to upgrade the services are listed below:
Keystone
This is the zero downtime approach
Before you begin
- Set
apache::service_ensure: 'stopped'
in hiera for the node that you plan to run the rolling upgrade from - Login to a mysql node, start the mysql CLI, and run
set global log_bin_trust_function_creators=1;
Upgrade-steps (start with a single node):
- Add the following lines to the node-specific hiera:
apache::mod::wsgi::package_name: 'libapache2-mod-wsgi-py3'
apache::mod::wsgi::mod_path: '/usr/lib/apache2/modules/mod_wsgi.so'
- Run puppet with the rocky modules/tags
- Purge the keystone and apache2 package
- Run
apt dist-upgrade
&& apt-get autoremove
- Run puppet again
- This will re-install keystone (ensure that apache2 does not start - should be ensured by puppet as of the enable: false flag in hiera)
- Run
keystone-manage doctor
and ensure nothing is wrong - Run
keystone-manage db_sync --expand
- Returns nothing
- Run
keystone-manage db_sync --migrate
- Returns nothing
- At this point, you may restart apache2 on this node
- Remove the
apache::service_ensure: 'stopped'
previously set in hiera.
- Remove the
- Upgrade keystone on the other nodes, one at a time
- Basically run step 1-5 on the other nodes
- When all nodes are upgraded, perform the final DB sync
keystone-manage db_sync --contract
Glance
To upgrade glance without any downtime you would need to follow the following procedure:
- Select which glance-server to upgrade first.
- In the node-specific hiera for this host you should set:
glance::api::enabled: false
followed by a puppet-run. This would stop the glance-api service on the host.
- In the node-specific hiera for this host you should set:
- Run puppet on the first host with the stein modules/tags
- Run
apt dist-upgrade && apt-get autoremove
- Run
glance-manage db expand
- Run
glance-manage db migrate
- Remove the
glance::api::enable: false
from the node-specific hiera, and run puppet again. This would re-start the glance api-server on this host.- Test that this api-server works.
- Upgrade the rest of the glance hosts (ie; step 2 + 3 for each of the remaining glance hosts)
Cinder
To upgrade cinder without any downtime, follow this procedure
- Add the following three lines to the node-file of the first node you would like to upgrade:
apache::service_ensure: 'stopped'
cinder::scheduler::enabled: false
cinder::volume::enabled: false
- Add the following two lines to the node-specific hiera-file for the node you are upgrading
apache::mod::wsgi::package_name: 'libapache2-mod-wsgi-py3'
apache::mod::wsgi::mod_path: '/usr/lib/apache2/modules/mod_wsgi.so'
- Run puppet on the first host with rocky modules/tags
- Run
apt dist-upgrade
&& apt-get autoremove
- Run
cinder-manage db sync
- Remove the lines added at step 1, re-run puppet, and test that the upgraded cinder version works.
- Perfom step 2-4 for the rest of the cinder nodes
Neutron
To upgrade neutron with minimal downtime, follow this procedure
API-nodes
- Pick the first node, and run puppet with the rocky modules/tags
- Run
apt dist-upgrade && apt-get autoremove
- Run
neutron-db-manage upgrade --expand
- Rocky will upgrade to FWaaS V2, run
neutron-db-manage --subproject neutron-fwaas upgrade head
to prepare the database - Restart neutron-server.service and rerun puppet
- Upgrade the rest of the API-nodes (repeating step 1, 2, 5)
- Stop all neutron-server processes for a moment, and run:
neutron-db-manage upgrade --contract
- Re-start the neutron-server processes
Network-nodes
WARNING: Upgrading from queens→stein directly does not work automaticly, so if this is your upgrade-path you should expect the need for some 'apt-get purge neutron-* && apt-get autoremove' and then re-run puppet. Alternatively just simply reinstall the network-nodes.
- Run puppet with the rocky modules/tags
- Run
apt dist-upgrade
- Rerun puppet and restart the service
systemctl restart ovsdb-server
systemctl restart neutron-dhcp-agent.service neutron-l3-agent.service neutron-lbaasv2-agent.service neutron-metadata-agent.service neutron-openvswitch-agent.service neutron-ovs-cleanup.service