Red Hat SummitThis documentation is for a release that is no longer maintained
See documentation for the latest supported version 3 or the latest supported version 4.Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 8. Downgrading OpenShift
8.1. Overview
Following an OpenShift Container Platform upgrade, it may be desirable in extreme cases to downgrade your cluster to a previous version. The following sections outline the required steps for each system in a cluster to perform such a downgrade for the OpenShift Container Platform 3.7 to 3.6 downgrade path.
These steps are currently only supported for RPM-based installations of OpenShift Container Platform and assumes downtime of the entire cluster.
8.2. Verifying Backups
The Ansible playbook used during the upgrade process should have created a backup of the master-config.yaml file and the etcd data directory. Ensure these exist on your masters and etcd members:
/etc/origin/master/master-config.yaml.<timestamp> /var/lib/etcd/openshift-backup-pre-upgrade-<timestamp>
/etc/origin/master/master-config.yaml.<timestamp>
/var/lib/etcd/openshift-backup-pre-upgrade-<timestamp>Also, back up the node-config.yaml file on each node (including masters, which have the node component on them) with a timestamp:
/etc/origin/node/node-config.yaml.<timestamp>
/etc/origin/node/node-config.yaml.<timestamp>If you are using an external etcd cluster (versus the single embedded etcd), the backup is likely created on all etcd members, though only one is required for the recovery process.
The RPM downgrade process in a later step should create .rpmsave backups of the following files, but it may be a good idea to keep a separate copy regardless:
/etc/sysconfig/atomic-openshift-master /etc/sysconfig/atomic-openshift-master-api /etc/sysconfig/atomic-openshift-master-controller /etc/etcd/etcd.conf
/etc/sysconfig/atomic-openshift-master
/etc/sysconfig/atomic-openshift-master-api
/etc/sysconfig/atomic-openshift-master-controller
/etc/etcd/etcd.conf - 1
- Only required if using external etcd.
8.3. Shutting Down the Cluster
On all masters, nodes, and etcd members (if using an external etcd cluster), ensure the relevant services are stopped.
systemctl stop atomic-openshift-master-api atomic-openshift-master-controllers
# systemctl stop atomic-openshift-master-api atomic-openshift-master-controllersOn all master and node hosts:
systemctl stop atomic-openshift-node
# systemctl stop atomic-openshift-nodeOn any external etcd hosts:
systemctl stop etcd
# systemctl stop etcd8.4. Removing RPMs
The *-excluder packages add entries to the exclude directive in the host’s /etc/yum.conf file when installed. Run the following command on each host to remove the
atomic-openshift-*anddockerpackages from the exclude list:atomic-openshift-excluder unexclude atomic-openshift-docker-excluder unexclude
# atomic-openshift-excluder unexclude # atomic-openshift-docker-excluder unexcludeCopy to Clipboard Copied! Toggle word wrap Toggle overflow On all masters, nodes, and etcd members (if using an external etcd cluster), remove the following packages:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow If you are using external etcd, also remove the etcd package:
yum remove etcd
# yum remove etcdCopy to Clipboard Copied! Toggle word wrap Toggle overflow If using the embedded etcd, leave the etcd package installed. It is required for running the
etcdctlcommand to issue operations in later steps.
8.5. Downgrading Docker
Both OpenShift Container Platform 3.6 and 3.7 require Docker 1.12, so Docker does not need to be downgraded.
8.6. Reinstalling RPMs
Disable the OpenShift Container Platform 3.7 repositories, and re-enable the 3.6 repositories:
subscription-manager repos \
--disable=rhel-7-server-ose-3.7-rpms \
--enable=rhel-7-server-ose-3.6-rpms
# subscription-manager repos \
--disable=rhel-7-server-ose-3.7-rpms \
--enable=rhel-7-server-ose-3.6-rpmsOn each master, install the following packages:
On each node, install the following packages:
If using an external etcd cluster, install the following package on each etcd member:
yum install etcd
# yum install etcd8.7. Restoring etcd
The restore procedure for etcd configuration files replaces the appropriate files, then restarts the service.
If an etcd host has become corrupted and the /etc/etcd/etcd.conf file is lost, restore it using:
ssh master-0 cp /backup/yesterday/master-0-files/etcd.conf /etc/etcd/etcd.conf restorecon -Rv /etc/etcd/etcd.conf systemctl restart etcd.service
$ ssh master-0
# cp /backup/yesterday/master-0-files/etcd.conf /etc/etcd/etcd.conf
# restorecon -Rv /etc/etcd/etcd.conf
# systemctl restart etcd.service
In this example, the backup file is stored in the /backup/yesterday/master-0-files/etcd.conf path where it can be used as an external NFS share, S3 bucket, or other storage solution.
8.7.1. Restoring etcd v2 & v3 data
The following process restores healthy data files and starts the etcd cluster as a single node, then adds the rest of the nodes if an etcd cluster is required.
Procedure
Stop all etcd services:
systemctl stop etcd.service
# systemctl stop etcd.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow To ensure the proper backup is restored, delete the etcd directories:
To back up the current etcd data before you delete the directory, run the following command:
mv /var/lib/etcd /var/lib/etcd.old mkdir /var/lib/etcd chown -R etcd.etcd /var/lib/etcd/ restorecon -Rv /var/lib/etcd/
# mv /var/lib/etcd /var/lib/etcd.old # mkdir /var/lib/etcd # chown -R etcd.etcd /var/lib/etcd/ # restorecon -Rv /var/lib/etcd/Copy to Clipboard Copied! Toggle word wrap Toggle overflow Or, to delete the directory and the etcd, data, run the following command:
rm -Rf /var/lib/etcd/*
# rm -Rf /var/lib/etcd/*Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteIn an all-in-one cluster, the etcd data directory is located in the
/var/lib/origin/openshift.local.etcddirectory.
Restore a healthy backup data file to each of the etcd nodes. Perform this step on all etcd hosts, including master hosts collocated with etcd.
cp -R /backup/etcd-xxx/* /var/lib/etcd/ mv /var/lib/etcd/db /var/lib/etcd/member/snap/db chcon -R --reference /backup/etcd-xxx/* /var/lib/etcd/ chown -R etcd:etcd /var/lib/etcd/R
# cp -R /backup/etcd-xxx/* /var/lib/etcd/ # mv /var/lib/etcd/db /var/lib/etcd/member/snap/db # chcon -R --reference /backup/etcd-xxx/* /var/lib/etcd/ # chown -R etcd:etcd /var/lib/etcd/RCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run the etcd service on each host, forcing a new cluster.
This creates a custom file for the etcd service, which overwrites the execution command adding the
--force-new-clusteroption:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check for error messages:
journalctl -fu etcd.service
$ journalctl -fu etcd.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Check for health status:
etcdctl2 cluster-health
# etcdctl2 cluster-health member 5ee217d17301 is healthy: got healthy result from https://192.168.55.8:2379 cluster is healthyCopy to Clipboard Copied! Toggle word wrap Toggle overflow Restart the etcd service in cluster mode:
rm -f /etc/systemd/system/etcd.service.d/temp.conf systemctl daemon-reload systemctl restart etcd
# rm -f /etc/systemd/system/etcd.service.d/temp.conf # systemctl daemon-reload # systemctl restart etcdCopy to Clipboard Copied! Toggle word wrap Toggle overflow Check for health status and member list:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - After the first instance is running, you can restore the rest of your etcd servers.
8.7.1.1. Fix the peerURLS parameter
After restoring the data and creating a new cluster, the peerURLs parameter shows localhost instead of the IP where etcd is listening for peer communication:
etcdctl2 member list
# etcdctl2 member list
5ee217d17301: name=master-0.example.com peerURLs=http://*localhost*:2380 clientURLs=https://192.168.55.8:2379 isLeader=true8.7.1.1.1. Procedure
Get the member ID using
etcdctl member list:`etcdctl member list`
`etcdctl member list`Copy to Clipboard Copied! Toggle word wrap Toggle overflow Get the IP where etcd listens for peer communication:
ss -l4n | grep 2380
$ ss -l4n | grep 2380Copy to Clipboard Copied! Toggle word wrap Toggle overflow Update the member information with that IP:
etcdctl2 member update 5ee217d17301 https://192.168.55.8:2380
# etcdctl2 member update 5ee217d17301 https://192.168.55.8:2380 Updated member with ID 5ee217d17301 in clusterCopy to Clipboard Copied! Toggle word wrap Toggle overflow To verify, check that the IP is in the member list:
etcdctl2 member list
$ etcdctl2 member list 5ee217d17301: name=master-0.example.com peerURLs=https://*192.168.55.8*:2380 clientURLs=https://192.168.55.8:2379 isLeader=trueCopy to Clipboard Copied! Toggle word wrap Toggle overflow
8.7.2. Restoring etcd for v3
The restore procedure for v3 data is similar to the restore procedure for the v2 data.
Snapshot integrity may be optionally verified at restore time. If the snapshot is taken with etcdctl snapshot save, it will have an integrity hash that is checked by etcdctl snapshot restore. If the snapshot is copied from the data directory, there is no integrity hash and it will only restore by using --skip-hash-check.
The procedure to restore only the v3 data must be performed on a single etcd host. You can then add the rest of the nodes to the cluster.
Procedure
Stop all etcd services:
systemctl stop etcd.service
# systemctl stop etcd.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow Clear all old data, because
etcdctlrecreates it in the node where the restore procedure is going to be performed:rm -Rf /var/lib/etcd
# rm -Rf /var/lib/etcdCopy to Clipboard Copied! Toggle word wrap Toggle overflow Run the
snapshot restorecommand, substituting the values from the/etc/etcd/etcd.conffile:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Restore permissions and
selinuxcontext to the restored files:chown -R etcd.etcd /var/lib/etcd/ restorecon -Rv /var/lib/etcd
# chown -R etcd.etcd /var/lib/etcd/ # restorecon -Rv /var/lib/etcdCopy to Clipboard Copied! Toggle word wrap Toggle overflow Start the etcd service:
systemctl start etcd
# systemctl start etcdCopy to Clipboard Copied! Toggle word wrap Toggle overflow Check for any error messages:
journalctl -fu etcd.service
$ journalctl -fu etcd.serviceCopy to Clipboard Copied! Toggle word wrap Toggle overflow
8.8. Bringing OpenShift Container Platform services back online
After you finish your changes, bring OpenShift Container Platform back online.
Procedure
On each OpenShift Container Platform master, restore your master and node configuration from backup and enable and restart all relevant services:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - On each OpenShift Container Platform node, restore your node-config.yaml file from backup and enable and restart the atomic-openshift-node service:
cp /etc/origin/node/node-config.yaml.<timestamp> /etc/origin/node/node-config.yaml systemctl enable atomic-openshift-node systemctl start atomic-openshift-node
# cp /etc/origin/node/node-config.yaml.<timestamp> /etc/origin/node/node-config.yaml
# systemctl enable atomic-openshift-node
# systemctl start atomic-openshift-node8.9. Verifying the Downgrade
To verify the downgrade, first check that all nodes are marked as Ready:
oc get nodes
# oc get nodes NAME STATUS AGE master.example.com Ready,SchedulingDisabled 165d node1.example.com Ready 165d node2.example.com Ready 165dCopy to Clipboard Copied! Toggle word wrap Toggle overflow Then, verify that you are running the expected versions of the docker-registry and router images, if deployed:
oc get -n default dc/docker-registry -o json | grep \"image\" oc get -n default dc/router -o json | grep \"image\"
# oc get -n default dc/docker-registry -o json | grep \"image\" "image": "openshift3/ose-docker-registry:v3.6.173.0.49", # oc get -n default dc/router -o json | grep \"image\" "image": "openshift3/ose-haproxy-router:v3.6.173.0.49",Copy to Clipboard Copied! Toggle word wrap Toggle overflow You can use the diagnostics tool on the master to look for common issues and provide suggestions:
oc adm diagnostics
# oc adm diagnostics ... [Note] Summary of diagnostics execution: [Note] Completed with no errors or warnings seen.Copy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}