Red Hat SummitChapter 4. Updating operating systems
Updating the operating system (OS) on a host, by either upgrading across major releases or updating the system software for a minor release, can impact the OpenShift Container Platform software running on those machines. In particular, these updates can affect the iptables rules or ovs flows that OpenShift Container Platform requires to operate.
4.1. Updating the operating system on a host
To safely upgrade the OS on a host:
Drain the node in preparation for maintenance:
oc adm drain <node_name> --force --delete-local-data --ignore-daemonsets
$ oc adm drain <node_name> --force --delete-local-data --ignore-daemonsetsCopy to Clipboard Copied! In order to protect sensitive packages that do not need to be updated, apply the exclude rules to the host:
atomic-openshift-docker-excluder exclude atomic-openshift-excluder exclude
# atomic-openshift-docker-excluder exclude # atomic-openshift-excluder excludeCopy to Clipboard Copied! A reboot ensures that the host is running the newest versions and means that the
container engineand OpenShift Container Platform processes have been restarted, which forces them to check that all of the rules in other services are correct.yum update reboot
# yum update # rebootCopy to Clipboard Copied! However, instead of rebooting a node host, you can restart the services that are affected or preserve the
iptablesstate. Both processes are described in the OpenShift Container Platform iptables topic. Theovsflow rules do not need to be saved, but restarting the OpenShift Container Platform node software fixes the flow rules.Configure the host to be schedulable again:
oc adm uncordon <node_name>
$ oc adm uncordon <node_name>Copy to Clipboard Copied!
4.1.1. Upgrading Nodes Running OpenShift Container Storage
If using OpenShift Container Storage, upgrade the OpenShift Container Platform nodes running OpenShift Container Storage one at a time.
- To begin, recall the project in which OpenShift Container Storage was deployed.
Confirm the node and pod selectors configured on the service’s daemonset.
oc get daemonset -n <project_name> -o wide
$ oc get daemonset -n <project_name> -o wideCopy to Clipboard Copied! NoteUse
-o wideto include the pod selector in the output.These selectors are found under
NODE-SELECTORandSELECTOR, respectively. The example commands below will useglusterfs=storage-hostandglusterfs=storage-pod, respectively.Given the daemonset’s node selector, confirm which hosts have the label, and hence are running pods from the daemonset:
oc get nodes --selector=glusterfs=storage-host
$ oc get nodes --selector=glusterfs=storage-hostCopy to Clipboard Copied! Chose a node which will have its operating system upgraded.
Remove the daemonset label from the node:
oc label node <node_name> glusterfs-
$ oc label node <node_name> glusterfs-Copy to Clipboard Copied! This will cause the OpenShift Container Storage pod to terminate on that node.
The node can now have its OS upgraded as described above.
To restart an OpenShift Container Storage pod on the node, relabel the node with the daemonset label:
oc label node <node_name> glusterfs=storage-host
$ oc label node <node_name> glusterfs=storage-hostCopy to Clipboard Copied! - Wait for the OpenShift Container Storage pod to respawn and appear.
Given the daemonset’s pod selector, determine the name of the newly spawned pod by searching for a pod running on the node whose OS you upgraded:
oc get pod -n <project_name> --selector=glusterfs=storage-pod -o wide
$ oc get pod -n <project_name> --selector=glusterfs=storage-pod -o wideCopy to Clipboard Copied! NoteUse
-o wideto include which host the pod is running on in the output.oc rshinto the gluster pod to check the volume heal:oc rsh <pod_name> for vol in `gluster volume list`; do gluster volume heal $vol info; done exit
$ oc rsh <pod_name> $ for vol in `gluster volume list`; do gluster volume heal $vol info; done $ exitCopy to Clipboard Copied! Ensure all of the volumes are healed and there are no outstanding tasks. The
heal infocommand lists all pending entries for a given volume’s heal process. A volume is considered healed whenNumber of entriesfor that volume is0. Usegluster volume status <volume_name>for additional details about the volume. TheOnlinestate should be markedYfor all bricks.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}