Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Framework for Upgrades (13 to 16.1)

Red Hat OpenStack Platform 16.1

In-place upgrades from Red Hat OpenStack Platform 13 to 16.1

OpenStack Documentation Team

Abstract

This guide contains information on the framework for the in-place upgrades across long-life versions. This framework includes tools to upgrade your OpenStack Platform environment from one long life version to the next long life version. In this case, the guide focuses on upgrading from Red Hat OpenStack Platform 13 (Queens) to 16.1 (Train).

Making open source more inclusive
Copy link

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.

Providing feedback on Red Hat documentation
Copy link

We appreciate your input on our documentation. Tell us how we can make it better.

Using the Direct Documentation Feedback (DDF) function

Use the Add Feedback DDF function for direct comments on specific sentences, paragraphs, or code blocks.

  1. View the documentation in the Multi-page HTML format.
  2. Ensure that you see the Feedback button in the upper right corner of the document.
  3. Highlight the part of text that you want to comment on.
  4. Click Add Feedback.
  5. Complete the Add Feedback field with your comments.
  6. Optional: Add your email address so that the documentation team can contact you for clarification on your issue.
  7. Click Submit.

The Red Hat OpenStack Platform framework for upgrades is a workflow to upgrade your Red Hat OpenStack Platform environment from one long life version to the next long life version. This workflow is an in-place solution and the upgrade occurs within your existing environment.

1.1. Upgrade framework for long life versions
Copy link

You can use the Red Hat OpenStack Platform upgrade framework to perform an in-place upgrade path through multiple versions of the overcloud. The goal is to provide you with an opportunity to remain on certain OpenStack versions that are considered long life versions and upgrade when the next long life version is available.

Important

You can upgrade Red Hat OpenStack Platform 13 to Red Hat OpenStack Platform 16.1. However, to avail of full product support, only the Red Hat OpenStack Platform 13 to Red Hat OpenStack Platform 16.2 upgrade path is supported. If you want to upgrade from 13 to 16.1, you must obtain a Support Exception.

For more information about upgrading to Red Hat OpenStack Platform 16.2, see Framework for upgrades 13 to 16.2.

This guide provides an upgrade framework through the following versions:

Expand
Current VersionTarget Version

Red Hat OpenStack Platform 13

Red Hat OpenStack Platform 16.1

1.2. Lifecycle support for long life versions
Copy link

For detailed support dates and information on the lifecycle support for Red Hat OpenStack Platform, see Red Hat OpenStack Platform Life Cycle.

1.3. Upgrade paths for long life release
Copy link

Red Hat provides two options for upgrading your environment to the next long life release:

In-place upgrade
Perform an upgrade of the services in your existing environment. This guide primarily focuses on this option.
Parallel migration
Create a new Red Hat OpenStack Platform 16.1 environment and migrate your workloads from your current environment to the new environment. For more information about Red Hat OpenStack Platform parallel migration, contact Red Hat Global Professional Services.
Important

The durations in this table are minimal estimates based on internal testing and might not apply to all productions environments. For example, if your hardware has low specifications or an extended boot period, allow for more time with these durations. To accurately gauge the upgrade duration for each task, perform these procedures in a test environment with hardware similar to your production environment.

Expand
Table 1.1. Impact and duration of upgrade paths
 In-place upgradeParallel migration

Upgrade duration for undercloud

Estimated duration for each major action includes the following:

  • 30 minutes for Leapp upgrade command
  • 30 minutes for Leapp reboot
  • 40 minutes for director upgrade

None. You are creating a new undercloud in addition to your existing undercloud.

Upgrade duration for overcloud control plane

Estimates for each Controller node:

  • 60 minutes for Leapp upgrade and reboot
  • 60 minutes for service upgrade

None. You are creating a new control plane in addition to your existing control plane.

Outage duration for control plane

The duration of the service upgrade of the bootstrap Controller node, which is approximately 60 minutes.

None. Both overclouds are operational during the workload migration.

Consequences of control plane outage

You cannot perform OpenStack operations during the outage.

No outage.

Upgrade duration for overcloud data plane

Estimates for each Compute node and Ceph Storage node:

  • 60 minutes for Leapp upgrade and reboot
  • 30 minutes for service upgrade

None. You are creating a new data plane in addition to your existing data plane.

Outage duration for data plane

The outage is minimal due to workload migration from node to node.

The outage is minimal due to workload migration from overcloud to overcloud.

Additional hardware requirements

No additional hardware is required.

Additional hardware is required to create a new undercloud and overcloud.

Before you conduct an in-place upgrade of your OpenStack Platform environment, create a plan for the upgrade and accommodate any potential obstacles that might block a successful upgrade.

Before you perform an upgrade, familiarize yourself with Red Hat OpenStack Platform 16.1 to help you understand the resulting environment and any potential version-to-version changes that might affect your upgrade. To familiarize yourself with Red Hat OpenStack Platform 16.1, follow these suggestions:

The following high-level changes occur during the upgrade to Red Hat OpenStack Platform 16.1:

  • OpenStack Platform director 16.1 configures the overcloud using an Ansible-driven method called config-download. This replaces the standard heat-based configuration method. Director still uses heat to orchestrate provisioning operations.
  • The director installation uses the same method as the overcloud deployment. Therefore, the undercloud also uses openstack-tripleo-heat-templates as a blueprint for installing and configuring each service.
  • The undercloud runs OpenStack services in containers.
  • The undercloud pulls and stores container images through a new method. Instead of pulling container images before deploying the overcloud, the undercloud pulls all relevant container images during the deployment process.
  • The overcloud deployment process includes an Advanced Subscription Management method to register nodes. This method incorporates an Ansible role to register OpenStack Platform nodes. The new method also applies different subscriptions to different node roles if necessary.
  • The overcloud now uses Open Virtual Network (OVN) as the default ML2 mechanism driver. It is possible to migrate your Open vSwitch (OVS) service to OVN, which you perform after the completion of a successful upgrade.
  • The undercloud and overcloud both run on Red Hat Enterprise Linux 8.
  • openstack-tripleo-heat-templates includes a unified composable service template collection in the deployment directory. This directory now includes templates with merged content from both the containerized service and Puppet-based composable service templates.

  • The OpenStack Data Processing service (sahara) is no longer supported.

    Important

    If you have sahara enabled in your Red Hat OpenStack Platform 13 environment, do not continue with this upgrade and contact Red Hat Global Support Services.

  • The OpenStack Telemetry components are deprecated in favor of the Service Telemetry Framework (STF).

2.3. Changes in Red Hat Enterprise Linux 8
Copy link

The undercloud and overcloud both run on Red Hat Enterprise Linux 8. This includes new tools and functions relevant to the undercloud and overcloud:

  • The undercloud and overcloud use the Red Hat Container Toolkit. Instead of docker to build and control the container lifecycle, Red Hat Enterprise Linux 8 includes buildah to build new container images and podman for container management.
  • Red Hat Enterprise Linux 8 does not include the docker-distribution package. The undercloud now includes a private HTTP registry to provide container images to overcloud nodes.
  • The upgrade process from Red Hat Enterprise Linux 7 to 8 uses the leapp tool.
  • Red Hat Enterprise Linux 8 does not use the ntp service. Instead, Red Hat Enterprise Linux 8 uses chronyd.
  • Red Hat Enterprise Linux 8 includes new versions of high availability tools.

The Red Hat OpenStack Platform 16.1 uses Red Hat Enterprise Linux 8.2 as the base operating system. As a part of the upgrade process, you will upgrade the base operating system of nodes to Red Hat Enterprise Linux 8.2.

For more information about the key differences between Red Hat Enterprise Linux 7 and 8, see Considerations in adopting RHEL 8. For general information about Red Hat Enterprise linux 8, see Product Documentation for Red Hat Enterprise Linux 8.

The long-life Red Hat OpenStack Platform upgrade requires a base operating system upgrade from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8. Red Hat Enterprise Linux 7 uses the Leapp utility to perform the upgrade to Red Hat Enterprise Linux 8. To ensure that Leapp and its dependencies are available, verify that the following Red Hat Enterprise Linux 7 repositories are enabled:

  • Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server or Red Hat Enterprise Linux 7 Server RPMs x86_64 7.9 

    rhel-7-server-rpms
x86_64 7Server
or:
rhel-7-server-rpms
x86_64 7.9
    Copy to Clipboard Toggle word wrap

  • Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64 

    rhel-7-server-extras-rpms
x86_64
    Copy to Clipboard Toggle word wrap

For more information, see Preparing a RHEL 7 system for the upgrade.

The undercloud and overcloud use a separate process for performing the operating system upgrade.

Undercloud process

Run the leapp upgrade manually before you run the openstack undercloud upgrade command. The undercloud upgrade includes instructions for performing the leapp upgrade.

Overcloud process

The overcloud upgrade framework automatically runs the leapp upgrade.

Limitations

For information of potential limitations that might affect your upgrade, see the following sections from the Upgrading from RHEL 7 to RHEL 8 guide:

In particular, you cannot perform a Leapp upgrade on nodes that use encryption of the whole disk or a partition, such as LUKS encryption, or file-system encryption. This limitation affects Ceph OSD nodes that you have configured with the dmcrypt: true parameter.

If any known limitations affect your environment, seek advice from the Red Hat Technical Support Team.

Troubleshooting

For information about troubleshooting potential Leapp issues, see Troubleshooting in Upgrading from RHEL 7 to RHEL 8.

2.5. Supported upgrade scenarios
Copy link

Before proceeding with the upgrade, check that your overcloud is supported.

Note

If you are uncertain whether a particular scenario not mentioned in these lists is supported, seek advice from the Red Hat Technical Support Team.

Supported scenarios

The following in-place upgrade scenarios are tested and supported.

  • Standard environments with default role types: Controller, Compute, and Ceph Storage OSD
  • Split-Controller composable roles
  • Ceph Storage composable roles, including Ceph Storage custom configurations, such as CephConfigOverrides and CephAnsibleExtraConfig
  • Hyper-Converged Infrastructure: Compute and Ceph Storage OSD services on the same node
  • Environments with Network Functions Virtualization (NFV) technologies: Single-root input/output virtualization (SR-IOV) and Data Plane Development Kit (DPDK)

  • Environments with Instance HA enabled

    Note

    During an upgrade procedure, nova live migrations are supported. However, evacuations initiated by Instance HA are not supported. When you upgrade a Compute node, the node is shut down cleanly and any workload running on the node is not evacuated by Instance HA automatically. Instead, you must perform live migration manually.

Technology preview scenarios

The framework for upgrades is considered a Technology Preview when you use it in conjunction with these features, and therefore is not fully supported by Red Hat. You should only test this scenario in a proof-of-concept environment and not upgrade in a production environment. For more information about Technology Preview features, see Scope of Coverage Details.

  • Edge and Distributed Compute Node (DCN) scenarios

If you have deployed a Red Hat Ceph Storage system separately and then used director to deploy and configure OpenStack, you can use the Red Hat OpenStack Platform framework for upgrades to perform an in-place upgrade with external Ceph deployments. This scenario is different from upgrading a Ceph cluster that was deployed using director.

The differences that you must take into account when planning and preparing for an in-place upgrade with external Ceph deployments are the following:

  1. Before you can upgrade your Red Hat OpenStack Platform deployment from version 13 to version 16.1, you must upgrade your Red Hat Ceph Storage cluster from version 3 to version 4. For more information, see Upgrading a Red Hat Ceph Storage cluster in the Red Hat Ceph Storage 4 Installation Guide.
  2. After you upgrade your Red Hat Ceph Storage cluster from version 3 to version 4, Red Hat OpenStack Platform 13 might still run RHCSv3 client components, however these are compatible against the RHCSv4 cluster.
  3. You can follow the upgrade path described in the Framework For Upgrades (13 to 16.1) document, and where applicable, you must complete the conditional steps that support this particular scenario. A conditional step starts with the following statement: "If you are upgrading with external Ceph deployments".
  4. When you upgrade with external Ceph deployments, you install RHCSv4 ceph-ansible as part of the overcloud upgrade process. When you upgrade a Ceph cluster that was deployed using director, you install RHCSv4 ceph-ansible after the overcloud upgrade process is complete.
Important

When you upgrade a Red Hat Ceph Storage cluster from a previous supported version to version 4.2z2, the upgrade completes with the storage cluster in a HEALTH_WARN state with a warning message that states monitors are allowing insecure global_id reclaim. This is due to the patched CVE (CVE-2021-20288), see Ceph HEALTH_WARN with 'mons are allowing insecure global_id reclaim' after install/upgrade to RHCS 4.2z2 (or newer).

Because the HEALTH_WARN state is displayed due to the CVE, it is possible to mute health warnings temporarily. However, there is a risk that if you mute warnings you do not have visibility about potential older and unpatched clients connected to your cluster. For more information about muting health warnings, see Upgrading a Red Hat Ceph Storage cluster in the Red Hat Ceph Storage documentation.

Important

Do not disable global_id_reclaim manually until all clients are upgraded and patched otherwise they cannot connect. You can run the following command as the root user to view a list of unpatched clients that are connected to the cluster: 

# ceph health detail
Copy to Clipboard Toggle word wrap

2.7. Known issues that might block an upgrade
Copy link

Review the following known issues that might affect a successful upgrade.

BZ#1997351 - (13→16.1) Instance are inaccessible after bootstrap controller upgrade
When you upgrade a Red Hat OpenStack Platform (RHOSP) 13 environment that has been deployed with ML2-OVN, the upgrade process on your Controller nodes might fail. After the Leapp reboot, the ovn-dbs container might fail to start due to an SELinux permission denial. For more information about how to avoid bug BZ#1997351, see the Red Hat Knowledgebase solution OVN fails to configure after reboot during OSP-13 → OSP-16.1 FFU.
BZ#1902849 - osp13-osp16.1 ffu fails on clusters previously upgraded from osp8, osp10
Red Hat OpenStack Platform (RHOSP) environments that have been previously upgraded from version RHOSP 10, require the python-docker package to avoid BZ#1902849. For more information, see the Red Hat Knowledgebase solution osp13-osp16.1 ffu fails on older environments missing python-docker package.
BZ#1925078 - RHOSP13-16.1 FFU: Overcloud upgrade hangs in controller after failed attempt with reference to wrong ceph image

Systems that use UEFI boot and a UEFI bootloader in OSP13 might run into an UEFI issue that results in:

  • /etc/fstab not being updated
  • grub-install is incorrectly used on EFI system

For more information, see the Red Hat Knowledgebase solution FFU 13 to 16.1: Leapp fails to update the kernel on UEFI based systems and /etc/fstab does not contain the EFI partition.

If your systems use UEFI, contact Red Hat Technical Support.

BZ#1895887 - ovs+dpdk fail to attach device OvsDpdkHCI

After upgrading with the Leapp utility, the Compute node with OVS-DPDK workload does not function properly. To resolve this issue, perform one of the following steps:

Remove the /etc/modules-load.d/vfio-pci.conf file before you upgrade the Compute node.

or

Restart ovs-vswitchd service on the Compute node after you upgrade the Compute node.

This issue affects RHOSP 16.1.3. For more information, see the Red Hat Knowledgebase solution OVS-DPDK errors after Framework Upgrade from OSP 13 to 16.1 on HCI compute node.

BZ#1936419 - FFU 13-16.1 Upgrade: Leapp upgrade on ceph nodes failing as leap parameters try to enable the Fast datapath repo

If you use a Ceph subscription and have configured director to use the overcloud-minimal image for Ceph storage nodes, the upgrade of the operating system for Ceph storage nodes might fail due to a Leapp limitation. To avoid this issue, after the system_upgrade run step, you must log in to the Ceph node to unset the RHEL minor release version, update to the latest available RHEL minor release version, and reboot the node.

If you use Red Hat Satellite Server to host RPM content for the Leapp upgrade, you must add the following 8.2 repositories to the Content View that you use:

  • Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 

    rhel-8-for-x86_64-appstream-rpms
x86_64 8.2
    Copy to Clipboard Toggle word wrap

  • Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 

    rhel-8-for-x86_64-baseos-rpms
x86_64 8.2
    Copy to Clipboard Toggle word wrap

    This guide includes a workaround to avoid this issue.

BZ#2016144 - FFU 13-16.1: During Leapp upgrade reboot, openvswitch failed to start with error Starting ovsdb-server ovsdb-server: /var/run/openvswitch/ovsdb-server.pid.tmp: create failed (Permission denied)
Red Hat OpenStack Platform (RHOSP) environments that have been upgraded from previous versions might contain unnecessary files in /etc/systemd/system/ovs*. You must remove these files before you begin the overcloud upgrade process from RHOSP 13 to RHOSP 16.1.
BZ#2008976 - Python2 packages cleaning up after Leapp upgrade failing in Leapp dependencies

With Leapp version 5.0.8-100.202109241452Z.1332835, the automatic removal of python2 Leapp packages is unsuccessful because of a DNF exclude option that retains Leapp packages.

Include the UpgradeInitCommand parameter in an environment file and remove the DNF exclude statements: 

parameter defaults:
  UpgradeInitCommand: "sudo dnf config-manager --save --setopt exclude=''"
Copy to Clipboard Toggle word wrap

For more information, see Creating an upgrades environment file.

BZ#1978228 - OSP13→16.2 Leapp upgrade failed with TLSEverywhere
If you use TLS-Everywhere in your environment and want to migrate from authconfig to authselect, set the authselect_check.confirm parameter to True. Otherwise, set this value to False. For more information, see Creating an upgrades environment file.
BZ#2021525 - openstack overcloud upgrade run times out / HAProxy container fails to start
An upgrade from Red Hat OpenStack Platform (RHOSP) 13 to RHOSP 16.1 might fail during the deployment step because of invalid SELinux labels. For a resolution and more information, see the Red Hat Knowledgebase solution Pacemaker managed services might not restart during an OSP13 - OSP16.x FFU.
BZ#2015325 - FFU: upgrade failed during "Upgrade Mysql database from a temporary container" step
Red Hat Enterprise Linux includes an upgradable RPM for mariadb-server that interferes with the upgrade of containerized mariadb in Red Hat OpenStack Platform (RHOSP). Before you perform a RHOSP upgrade, remove the mariadb-server package from your Controller hosts. For more information, see Creating an upgrades environment file.
BZ#2024447 - Identity service (keystone) password for the placement user was overridden by NovaPassword during FFU RHOSP 13 to 16

During an upgrade from Red Hat OpenStack Platform 13 to 16.1, if you define a value for the NovaPassword parameter but not the PlacementPassword parameter, the NovaPassword parameter overrides the OpenStack Identity service (keystone) password for the placement user. To preserve the Identity service password, do not set the NovaPassword or the PlacementPassword in the parameter_defaults section.

If you set both passwords in the parameter_defaults section, the Compute nodes might not be able to communicate with the control plane until they are upgraded. For more information about upgrading Compute nodes, see Upgrading Compute nodes.

Additionally, if you deployed the overcloud on RHOSP 13 by using the NovaPassword, PlacementPassword, or both, you must remove those passwords from the template and run the openstack overcloud deploy command on RHOSP 13 before upgrading to RHOSP 16.1.

BZ#2164396 - FFU: Redhat satellite tools repository to be enabled for FFU (13 to 16.2)
If you are using Satellite version 6.7, the upgrade fails when you enable the Red Hat Satellite Tools for RHEL 8 Server RPMs x86_64 repository. The failure occurs because the appropriate packages cannot be installed. The Red Hat engineering team is investigating a solution to this issue.
BZ#2245602 - Upgrade (OSP16.2 →OSP17.1) controller-0 does not perform leapp upgrade due to packages missing ovn2.15 openvswitch2.15

If you upgrade from Red Hat OpenStack Platform (RHOSP) 13 to 16.1 or 16.2, or from RHOSP 16.2 to 17.1, do not include the system_upgrade.yaml file in the --answers-file answer-upgrade.yaml file. If the system_upgrade.yaml file is included in that file, the environments/lifecycle/upgrade-prepare.yaml file overwrites the parameters in the system_upgrade.yaml file. To avoid this issue, append the system_upgrade.yaml file to the openstack overcloud upgrade prepare command. For example: 

$ openstack overcloud upgrade prepare --answers-file answer-upgrade.yaml /
-r roles-data.yaml /
-n networking-data.yaml /
-e system_upgrade.yaml /
-e upgrade_environment.yaml /
Copy to Clipboard Toggle word wrap

With this workaround, the parameters that are configured in the system_upgrade.yaml file overwrite the default parameters in the environments/lifecycle/upgrade-prepare.yaml file.

Red Hat Ceph Storage Issues

BZ#1855813 - Ceph tools repository should be switched from RHCS3 to RHCS4 only after converge, before running external-upgrade
The ceph-ansible playbook collection on the undercloud deploys Red Hat Ceph Storage containers on the overcloud. To upgrade your environment, you must have Red Hat Ceph Storage 3 version of ceph-ansible to maintain Ceph Storage 3 containers through the upgrade. This guide includes instructions on how to retain ceph-ansible version 3 over the course of the upgrade until you are ready to upgrade to Ceph Storage 4. Before performing the 13 to 16.1 upgrade, you must perform a minor version update of your Red Hat OpenStack Platform 13 environment and ensure you have ceph-ansible version 3.2.46 or later.

2.8. Backup and restore
Copy link

Before you upgrade your Red Hat OpenStack Platform 13 environment, back up the undercloud and overcloud control plane. For more information about backing up nodes with the Relax-and-recover (ReaR) utility, see the Undercloud and Control Plane Back Up and Restore guide.

2.9. Minor version update
Copy link

Before you upgrade your Red Hat OpenStack Platform environment, update the environment to the latest minor version of your current release. For example, perform an update of your Red Hat OpenStack Platform 13 environment to the latest 13 before running the upgrade to Red Hat OpenStack Platform 16.1.

For instructions on performing a minor version update for Red Hat OpenStack Platform 13, see Keeping Red Hat OpenStack Platform Updated.

2.10. Proxy configuration
Copy link

If you use a proxy with your Red Hat OpenStack Platform 13 environment, the proxy configuration in the /etc/environment file will persist past the operating system upgrade and the Red Hat OpenStack Platform 16.1 upgrade.

Before you upgrade to Red Hat OpenStack Platform 16.1, validate your undercloud and overcloud with the tripleo-validations playbooks. In Red Hat OpenStack Platform 13, you run these playbooks through the OpenStack Workflow Service (mistral).

Note

If you use CDN or Satellite as repository sources, the validation fails. To resolve this issue, see the Red Hat Knowledgebase solution, repos validation fails because of SSL certificate error.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Create a bash script called pre-upgrade-validations.sh and include the following content in the script: 

    #!/bin/bash
for VALIDATION in $(openstack action execution run tripleo.validations.list_validations '{"groups": ["pre-upgrade"]}' | jq ".result[] | .id")
do
  echo "=== Running validation: $VALIDATION ==="
  STACK_NAME=$(openstack stack list -f value -c 'Stack Name')
  ID=$(openstack workflow execution create -f value -c ID tripleo.validations.v1.run_validation "{\"validation_name\": $VALIDATION, \"plan\": \"$STACK_NAME\"}")
  while [ $(openstack workflow execution show $ID -f value -c State) == "RUNNING" ]
  do
    sleep 1
  done
  echo ""
  openstack workflow execution output show $ID | jq -r ".stdout"
  echo ""
done
    Copy to Clipboard Toggle word wrap

  4. Add permission to run the script: 

    $ chmod +x pre-upgrade-validations.sh
    Copy to Clipboard Toggle word wrap

  5. Run the script: 

    $ ./pre-upgrade-validations.sh
    Copy to Clipboard Toggle word wrap

    Review the script output to determine which validations succeed and fail: 

    === Running validation: "check-ftype" ===

Success! The validation passed for all hosts:
* undercloud
    Copy to Clipboard Toggle word wrap

Chapter 3. Repositories
Copy link

This section contains the repositories for the undercloud and overcloud. Refer to this section when you need to enable repositories in certain situations:

  • Enabling repositories when registering to the Red Hat Customer Portal.
  • Enabling and synchronizing repositories to your Red Hat Satellite Server.
  • Enabling repositories when registering to your Red Hat Satellite Server.

3.1. Undercloud repositories
Copy link

Red Hat OpenStack Platform (RHOSP) 16.1 runs on Red Hat Enterprise Linux 8.2. As a result, you must lock the content from these repositories to the respective Red Hat Enterprise Linux version.

Note

If you synchronize repositories by using Red Hat Satellite, you can enable specific versions of the Red Hat Enterprise Linux repositories. However, the repository label remains the same despite the version you choose. For example, if you enable the 8.2 version of the BaseOS repository, the repository name includes the specific version that you enabled, but the repository label is still rhel-8-for-x86_64-baseos-tus-rpms.

Warning

Any repositories outside the ones specified here are not supported. Unless recommended, do not enable any other products or repositories outside the ones listed in the following tables or else you might encounter package dependency issues. Do not enable Extra Packages for Enterprise Linux (EPEL).

Core repositories

The following table lists core repositories for installing the undercloud.

Expand
NameRepositoryDescription of requirement

Red Hat Enterprise Linux 8.2 for x86_64 - BaseOS (RPMs) Telecommunications Update Service (TUS)

rhel-8-for-x86_64-baseos-tus-rpms

Base operating system repository for x86_64 systems.

Red Hat Enterprise Linux 8.2 for x86_64 - AppStream (RPMs)

rhel-8-for-x86_64-appstream-tus-rpms

Contains Red Hat OpenStack Platform dependencies.

Red Hat Enterprise Linux 8.2 for x86_64 - High Availability (RPMs) Telecommunications Update Service (TUS)

rhel-8-for-x86_64-highavailability-tus-rpms

High availability tools for Red Hat Enterprise Linux. Used for Controller node high availability.

Red Hat Ansible Engine 2.9 for RHEL 8 x86_64 (RPMs)

ansible-2.9-for-rhel-8-x86_64-rpms

Ansible Engine for Red Hat Enterprise Linux. Used to provide the latest version of Ansible.

Advanced Virtualization for RHEL 8 x86_64 (RPMs)

advanced-virt-for-rhel-8-x86_64-eus-rpms

Provides virtualization packages for OpenStack Platform.

Red Hat Satellite Tools for RHEL 8 Server RPMs x86_64

satellite-tools-6.5-for-rhel-8-x86_64-rpms

Tools for managing hosts with Red Hat Satellite 6.

Red Hat OpenStack Platform 16.1 for RHEL 8 (RPMs)

openstack-16.1-for-rhel-8-x86_64-rpms

Core Red Hat OpenStack Platform repository, which contains packages for Red Hat OpenStack Platform director.

Red Hat Fast Datapath for RHEL 8 (RPMS)

fast-datapath-for-rhel-8-x86_64-rpms

Provides Open vSwitch (OVS) packages for OpenStack Platform.

Ceph repositories

The following table lists Ceph Storage related repositories for the undercloud.

Expand
NameRepositoryDescription of Requirement

Red Hat Ceph Storage Tools 4 for RHEL 8 x86_64 (RPMs)

rhceph-4-tools-for-rhel-8-x86_64-rpms

Provides tools for nodes to communicate with the Ceph Storage cluster. The undercloud requires the ceph-ansible package from this repository if you plan to use Ceph Storage in your overcloud or if you want to integrate with an existing Ceph Storage cluster.

IBM POWER repositories

The following table contains a list of repositories for RHOSP on POWER PC architecture. Use these repositories in place of equivalents in the Core repositories.

Expand
NameRepositoryDescription of requirement

Red Hat Enterprise Linux for IBM Power, little endian - BaseOS (RPMs)

rhel-8-for-ppc64le-baseos-rpms

Base operating system repository for ppc64le systems.

Red Hat Enterprise Linux 8 for IBM Power, little endian - AppStream (RPMs)

rhel-8-for-ppc64le-appstream-rpms

Contains Red Hat OpenStack Platform dependencies.

Red Hat Enterprise Linux 8 for IBM Power, little endian - High Availability (RPMs)

rhel-8-for-ppc64le-highavailability-rpms

High availability tools for Red Hat Enterprise Linux. Used for Controller node high availability.

Red Hat Fast Datapath for RHEL 8 IBM Power, little endian (RPMS)

fast-datapath-for-rhel-8-ppc64le-rpms

Provides Open vSwitch (OVS) packages for OpenStack Platform.

Red Hat Ansible Engine 2.8 for RHEL 8 IBM Power, little endian (RPMs)

ansible-2.8-for-rhel-8-ppc64le-rpms

Ansible Engine for Red Hat Enterprise Linux. Provides the latest version of Ansible.

Red Hat OpenStack Platform 16.1 for RHEL 8 (RPMs)

openstack-16.1-for-rhel-8-ppc64le-rpms

Core Red Hat OpenStack Platform repository for ppc64le systems.

3.2. Overcloud repositories
Copy link

Red Hat OpenStack Platform (RHOSP) 16.1 runs on Red Hat Enterprise Linux 8.2. As a result, you must lock the content from these repositories to the respective Red Hat Enterprise Linux version.

Note

If you synchronize repositories by using Red Hat Satellite, you can enable specific versions of the Red Hat Enterprise Linux repositories. However, the repository label remains the same despite the version you choose. For example, if you enable the 8.2 version of the BaseOS repository, the repository name includes the specific version that you enabled, but the repository label is still rhel-8-for-x86_64-baseos-tus-rpms.

Warning

Any repositories outside the ones specified here are not supported. Unless recommended, do not enable any other products or repositories outside the ones listed in the following tables or else you might encounter package dependency issues. Do not enable Extra Packages for Enterprise Linux (EPEL).

Controller node repositories

The following table lists core repositories for Controller nodes in the overcloud.

Expand
NameRepositoryDescription of requirement

Red Hat Enterprise Linux 8.2 for x86_64 - BaseOS (RPMs) Telecommunications Update Service (TUS)

rhel-8-for-x86_64-baseos-tus-rpms

Base operating system repository for x86_64 systems.

Red Hat Enterprise Linux 8.2 for x86_64 - AppStream (RPMs)

rhel-8-for-x86_64-appstream-tus-rpms

Contains Red Hat OpenStack Platform dependencies.

Red Hat Enterprise Linux 8.2 for x86_64 - High Availability (RPMs) Telecommunications Update Service (TUS)

rhel-8-for-x86_64-highavailability-tus-rpms

High availability tools for Red Hat Enterprise Linux.

Red Hat Ansible Engine 2.9 for RHEL 8 x86_64 (RPMs)

ansible-2.9-for-rhel-8-x86_64-rpms

Ansible Engine for Red Hat Enterprise Linux. Used to provide the latest version of Ansible.

Advanced Virtualization for RHEL 8 x86_64 (RPMs)

advanced-virt-for-rhel-8-x86_64-eus-rpms

Provides virtualization packages for OpenStack Platform.

Red Hat OpenStack Platform 16.1 for RHEL 8 (RPMs)

openstack-16.1-for-rhel-8-x86_64-rpms

Core Red Hat OpenStack Platform repository.

Red Hat Fast Datapath for RHEL 8 (RPMS)

fast-datapath-for-rhel-8-x86_64-rpms

Provides Open vSwitch (OVS) packages for OpenStack Platform.

Red Hat Ceph Storage Tools 4 for RHEL 8 x86_64 (RPMs)

rhceph-4-tools-for-rhel-8-x86_64-rpms

Tools for Red Hat Ceph Storage 4 for Red Hat Enterprise Linux 8.

Red Hat Satellite Tools for RHEL 8 Server RPMs x86_64

satellite-tools-6.5-for-rhel-8-x86_64-rpms

Tools for managing hosts with Red Hat Satellite 6.

Compute and ComputeHCI node repositories

The following table lists core repositories for Compute and ComputeHCI nodes in the overcloud.

Expand
NameRepositoryDescription of requirement

Red Hat Enterprise Linux 8.2 for x86_64 - BaseOS (RPMs) Telecommunications Update Service (TUS)

rhel-8-for-x86_64-baseos-tus-rpms

Base operating system repository for x86_64 systems.

Red Hat Enterprise Linux 8.2 for x86_64 - AppStream (RPMs)

rhel-8-for-x86_64-appstream-tus-rpms

Contains Red Hat OpenStack Platform dependencies.

Red Hat Enterprise Linux 8.2 for x86_64 - High Availability (RPMs) Telecommunications Update Service (TUS)

rhel-8-for-x86_64-highavailability-tus-rpms

High availability tools for Red Hat Enterprise Linux.

Red Hat Ansible Engine 2.9 for RHEL 8 x86_64 (RPMs)

ansible-2.9-for-rhel-8-x86_64-rpms

Ansible Engine for Red Hat Enterprise Linux. Used to provide the latest version of Ansible.

Advanced Virtualization for RHEL 8 x86_64 (RPMs)

advanced-virt-for-rhel-8-x86_64-eus-rpms

Provides virtualization packages for OpenStack Platform.

Red Hat OpenStack Platform 16.1 for RHEL 8 (RPMs)

openstack-16.1-for-rhel-8-x86_64-rpms

Core Red Hat OpenStack Platform repository.

Red Hat Fast Datapath for RHEL 8 (RPMS)

fast-datapath-for-rhel-8-x86_64-rpms

Provides Open vSwitch (OVS) packages for OpenStack Platform.

Red Hat Ceph Storage Tools 4 for RHEL 8 x86_64 (RPMs)

rhceph-4-tools-for-rhel-8-x86_64-rpms

Tools for Red Hat Ceph Storage 4 for Red Hat Enterprise Linux 8.

Red Hat Satellite Tools for RHEL 8 Server RPMs x86_64

satellite-tools-6.5-for-rhel-8-x86_64-rpms

Tools for managing hosts with Red Hat Satellite 6.

Real Time Compute repositories

The following table lists repositories for Real Time Compute (RTC) functionality.

Expand
NameRepositoryDescription of requirement

Red Hat Enterprise Linux 8 for x86_64 - Real Time (RPMs)

rhel-8-for-x86_64-rt-rpms

Repository for Real Time KVM (RT-KVM). Contains packages to enable the real time kernel. Enable this repository for all Compute nodes targeted for RT-KVM. NOTE: You need a separate subscription to a Red Hat OpenStack Platform for Real Time SKU to access this repository.

Red Hat Enterprise Linux 8 for x86_64 - Real Time for NFV (RPMs)

rhel-8-for-x86_64-nfv-rpms

Repository for Real Time KVM (RT-KVM) for NFV. Contains packages to enable the real time kernel. Enable this repository for all NFV Compute nodes targeted for RT-KVM. NOTE: You need a separate subscription to a Red Hat OpenStack Platform for Real Time SKU to access this repository.

Ceph Storage node repositories

The following table lists Ceph Storage related repositories for the overcloud.

Expand
NameRepositoryDescription of requirement

Red Hat Enterprise Linux 8.2 for x86_64 - BaseOS (RPMs) Telecommunications Update Service (TUS)

rhel-8-for-x86_64-baseos-tus-rpms

Base operating system repository for x86_64 systems.

Red Hat Enterprise Linux 8.2 for x86_64 - AppStream (RPMs)

rhel-8-for-x86_64-appstream-tus-rpms

Contains Red Hat OpenStack Platform dependencies.

Red Hat Enterprise Linux 8.2 for x86_64 - High Availability (RPMs) Telecommunications Update Service (TUS)

rhel-8-for-x86_64-highavailability-tus-rpms

High availability tools for Red Hat Enterprise Linux. NOTE: If you used the overcloud-full image for your Ceph Storage role, you must enable this repository. Ceph Storage roles should use the overcloud-minimal image, which does not require this repository.

Red Hat Ansible Engine 2.9 for RHEL 8 x86_64 (RPMs)

ansible-2.9-for-rhel-8-x86_64-rpms

Ansible Engine for Red Hat Enterprise Linux. Used to provide the latest version of Ansible.

Red Hat OpenStack Platform 16.1 Director Deployment Tools for RHEL 8 x86_64 (RPMs)

openstack-16.1-deployment-tools-for-rhel-8-x86_64-rpms

Packages to help director configure Ceph Storage nodes. This repository is included with standalone Ceph Storage subscriptions. If you use a combined OpenStack Platform and Ceph Storage subscription, use the openstack-16.1-for-rhel-8-x86_64-rpms repository.

Red Hat OpenStack Platform 16.1 for RHEL 8 (RPMs)

openstack-16.1-for-rhel-8-x86_64-rpms

Packages to help director configure Ceph Storage nodes. This repository is included with combined OpenStack Platform and Ceph Storage subscriptions. If you use a standalone Ceph Storage subscription, use the openstack-16.1-deployment-tools-for-rhel-8-x86_64-rpms repository.

Red Hat Ceph Storage Tools 4 for RHEL 8 x86_64 (RPMs)

rhceph-4-tools-for-rhel-8-x86_64-rpms

Provides tools for nodes to communicate with the Ceph Storage cluster.

Red Hat Fast Datapath for RHEL 8 (RPMS)

fast-datapath-for-rhel-8-x86_64-rpms

Provides Open vSwitch (OVS) packages for OpenStack Platform. If you are using OVS on Ceph Storage nodes, add this repository to the network interface configuration (NIC) templates.

IBM POWER repositories

The following table lists repositories for RHOSP on POWER PC architecture. Use these repositories in place of equivalents in the Core repositories.

Expand
NameRepositoryDescription of requirement

Red Hat Enterprise Linux for IBM Power, little endian - BaseOS (RPMs)

rhel-8-for-ppc64le-baseos-rpms

Base operating system repository for ppc64le systems.

Red Hat Enterprise Linux 8 for IBM Power, little endian - AppStream (RPMs)

rhel-8-for-ppc64le-appstream-rpms

Contains Red Hat OpenStack Platform dependencies.

Red Hat Enterprise Linux 8 for IBM Power, little endian - High Availability (RPMs)

rhel-8-for-ppc64le-highavailability-rpms

High availability tools for Red Hat Enterprise Linux. Used for Controller node high availability.

Red Hat Fast Datapath for RHEL 8 IBM Power, little endian (RPMS)

fast-datapath-for-rhel-8-ppc64le-rpms

Provides Open vSwitch (OVS) packages for OpenStack Platform.

Red Hat Ansible Engine 2.8 for RHEL 8 IBM Power, little endian (RPMs)

ansible-2.8-for-rhel-8-ppc64le-rpms

Ansible Engine for Red Hat Enterprise Linux. Used to provide the latest version of Ansible.

Red Hat OpenStack Platform 16.1 for RHEL 8 (RPMs)

openstack-16.1-for-rhel-8-ppc64le-rpms

Core Red Hat OpenStack Platform repository for ppc64le systems.

3.3. Red Hat Satellite Server 6 considerations
Copy link

If you use Red Hat Satellite Server 6 to host RPMs and container images for your Red Hat OpenStack Platform environment, you must account for certain considerations when you use Satellite Server 6 to deliver content during the Red Hat OpenStack Platform 16.1 upgrade.

Assumptions about your current environment

  • Your Satellite Server already hosts Red Hat OpenStack Platform 13 RPMs and container images.
  • You have already registered all nodes in your Red Hat OpenStack Platform 13 environment to your Satellite Server. For example, you previously used an activation key linked to an Red Hat OpenStack Platform 13 content view to register nodes to OpenStack Platform 13 content.

Recommendations for Red Hat OpenStack Platform upgrades

  • Enable and synchronize the necessary RPM repositories for both the Red Hat OpenStack Platform 13 undercloud and overcloud. This includes the necessary Red Hat Enterprise Linux 8.2 repositories.

  • Create custom products on your Satellite Server to host container images for the following Red Hat OpenStack Platform versions:

    • Red Hat OpenStack Platform 16.1
    • Red Hat OpenStack Platform 15

  • Create and promote a content view for Red Hat OpenStack Platform 16.1 upgrade and include the following content in the content view:

    • The following Red Hat Enterprise Linux 7 repositories:

      • Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server or Red Hat Enterprise Linux 7 Server RPMs x86_64 7.9 

        rhel-7-server-rpms
x86_64 7Server
or:
rhel-7-server-rpms
x86_64 7.9
        Copy to Clipboard Toggle word wrap

      • Red Hat Enterprise Linux 7 Server - Extras RPMs x86_64 

        rhel-7-server-extras-rpms
x86_64
        Copy to Clipboard Toggle word wrap
    • All undercloud and overcloud RPM repositories, including Red Hat Enterprise Linux 8.2 repositories. Ensure that you include the correct version of the Red Hat Enterprise Linux repositories, which is 8.2. If you don’t include the correct version, you might run into issues with enabling RHEL 8 repositories. For more information, see the Red Hat Knowledgebase solution RHEL 7 to RHEL 8 LEAPP Upgrade Failing When Using Red Hat Satellite.
    • Red Hat OpenStack Platform 16.1 container images.
    • Red Hat OpenStack Platform 15 container images.
  • Associate an activation key with the Red Hat OpenStack Platform 16.1 content view that you have created for the Red Hat OpenStack Platform 16.1 upgrade.
  • Check that no node has the katello-host-tools-fact-plugin package installed. The Leapp upgrade does not upgrade this package and leaving this package on a Red Hat Enterprise Linux 8.2 system causes subscription-manager to report errors.
  • You can configure Satellite Server to host Red Hat OpenStack Platform 16.1 container images. For more information, see Preparing a Satellite server for container images in Director Installation and Usage.

  • If you use a Ceph subscription and have configured director to use the overcloud-minimal image for Ceph storage nodes, on your Satellite Server you must create a Content View and add the following Red Hat Enterprise Linux (RHEL) 8.2 repositories to it:

    • Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 

      rhel-8-for-x86_64-appstream-rpms
x86_64 8.2
      Copy to Clipboard Toggle word wrap

    • Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 

      rhel-8-for-x86_64-baseos-rpms
x86_64 8.2
      Copy to Clipboard Toggle word wrap

      For more information, see Importing Red Hat Content and Managing Content Views in the Red Hat Satellite Content Management Guide.

Chapter 4. Preparing for the undercloud upgrade
Copy link

Before you perform the undercloud upgrade, you must complete some preparation steps so that the undercloud upgrade runs successfully.

4.1. Upgrading with external Ceph prerequisite
Copy link

If you are upgrading with external Ceph deployments, before you can upgrade your Red Hat OpenStack Platform deployment, you must upgrade your Red Hat Ceph Storage cluster from version 3 to version 4. For more information, see Upgrading a Red Hat Ceph Storage cluster in the Red Hat Ceph Storage 4 Installation Guide .

4.2. New memory requirements
Copy link

In Red Hat OpenStack Platform 16.1, the undercloud has new memory requirements:

Expand
Red Hat OpenStack Platform 13Red Hat OpenStack Platform 16.1

16 GB RAM

24 GB RAM

Ensure that your undercloud meets these new requirements before you proceed with the upgrade.

Before you run the Leapp upgrade on the undercloud node, you must check for kernel-based NIC names, which usually contain an eth prefix. These NIC names are usually unpredictable in terms of NIC assignments.

You can run the playbook-nics.yaml playbook to rename NIC names to use the em NIC prefix. You can also set a different NIC prefix, by modifying the prefix variable when running the playbook. However, the NIC changes are only applied after the Leapp upgrade process completes and the node is rebooted.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Create an Ansible playbook named playbook-nics.yaml and copy the following content into the playbook: 

    ---
- name: Rename eth devices
  hosts: all
  become: yes
  vars:
    prefix: "em"
    undercloud_conf: "/home/stack/undercloud.conf"
    osnet_conf: "/etc/os-net-config/config.json"
  tasks:
    - set_fact:
        eth_interfaces: "{{ ansible_interfaces | select('match','eth.*') | list }}"
    - debug:
        msg: "{{ eth_interfaces }}"
    - name: Update udev rules
      lineinfile:
        line: "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"{{ ansible_facts[item]['perm_macaddress'] | default(ansible_facts[item]['macaddress']) }}\", NAME=\"{{ item|replace('eth',prefix) }}\""
        path: /etc/udev/rules.d/70-rhosp-persistent-net.rules
        create: True
      with_items: "{{ eth_interfaces }}"
    - name: Rename eth files
      block:
        - name: Check that eth files exists
          stat:
            path: /etc/sysconfig/network-scripts/ifcfg-{{ item }}
          register: nic_result
          with_items: "{{ eth_interfaces }}"
        - name: Copy nic files using the new prefix
          copy:
            remote_src: True
            src: "{{ item.stat.path }}"
            dest: "{{ item.stat.path|replace('eth',prefix) }}"
          with_items: "{{ nic_result.results }}"
          when: item.stat.exists
        - name: Edit NAME in new network-script files
          lineinfile:
            regexp: "^NAME=.*"
            line: "NAME={{ item.item|replace('eth',prefix) }}"
            path: "{{ item.stat.path|replace('eth',prefix) }}"
          with_items: "{{ nic_result.results }}"
          when: item.stat.exists
        - name: Edit DEVICE in new network-script files
          lineinfile:
            regexp: "^DEVICE=.*"
            line: "DEVICE={{ item.item|replace('eth',prefix) }}"
            path: "{{ item.stat.path|replace('eth',prefix) }}"
          with_items: "{{ nic_result.results }}"
          when: item.stat.exists
        - name: Backup old eth network-script files
          copy:
            remote_src: True
            src: "{{ item.stat.path }}"
            dest: "{{ item.stat.path }}.bak"
          with_items: "{{ nic_result.results }}"
          when: item.stat.exists
        - name: Remove old eth network-script files
          file:
            path: "{{ item.stat.path }}"
            state: absent
          with_items: "{{ nic_result.results }}"
          when: item.stat.exists
    - name: Rename route files
      block:
        - name: Check that route files exists
          stat:
            path: /etc/sysconfig/network-scripts/route-{{ item }}
          register: route_result
          with_items: "{{ eth_interfaces }}"
        - name: Copy route files using the new prefix
          copy:
            remote_src: True
            src: "{{ item.stat.path }}"
            dest: "{{ item.stat.path|replace('eth',prefix) }}"
          with_items: "{{ route_result.results }}"
          when: item.stat.exists
        - name: Update prefix in route files that use IP command arguments format
          replace:
            regexp: "eth"
            replace: "{{ prefix }}"
            path: "{{ item.stat.path|replace('eth',prefix) }}"
          with_items: "{{ route_result.results }}"
          when: item.stat.exists
        - name: Backup old route files
          copy:
            remote_src: True
            src: "{{ item.stat.path }}"
            dest: "{{ item.stat.path }}.bak"
          with_items: "{{ route_result.results }}"
          when: item.stat.exists
        - name: Remove old route files
          file:
            path: "{{ item.stat.path }}"
            state: absent
          with_items: "{{ route_result.results }}"
          when: item.stat.exists
    - name: Perform a final regex for any remaining eth prefixes in ifcfg files
      block:
        - name: Get a list of all ifcfg files
          find:
            paths: /etc/sysconfig/network-scripts/
            patterns: 'ifcfg-*'
            excludes: '*.bak'
          register: ifcfg_files
        - name: Perform final regex on ifcfg files
          replace:
            path: "{{ item[0].path }}"
            regexp: "{{ item[1] }}"
            replace: "{{ item[1]|replace('eth',prefix) }}"
          with_nested:
            - "{{ ifcfg_files.files }}"
            - "{{ eth_interfaces }}"
    - name: Replace interface name in files referencing old eth interface
      block:
        - name: Check if undercloud.conf exists
          stat:
            path: "{{ undercloud_conf }}"
          register: undercloud_conf_stat
        - name: Replace interface name in undercloud.conf
          replace:
            path: "{{ undercloud_conf }}"
            regexp: 'eth(\d+)'
            replace: "{{ prefix }}\\1"
          when: undercloud_conf_stat.stat.exists
        - name: Check if os-net-config's config.json exists
          stat:
            path: "{{ osnet_conf }}"
          register: osnet_conf_stat
        - name: Replace interface name in config.json
          replace:
            path: "{{ osnet_conf }}"
            regexp: 'eth(\d+)'
            replace: "{{ prefix }}\\1"
          when: osnet_conf_stat.stat.exists
    - name: Patch vlan devices
      block:
        - name: Check that vlan files exists
          stat:
            path: /etc/sysconfig/network-scripts/ifcfg-{{ item }}
          register: nic_result
          when: item.startswith("vlan")
          with_items: "{{ ansible_interfaces }}"
        - name: Backup old vlan network-script files
          copy:
            remote_src: True
            src: "{{ item.stat.path }}"
            dest: "{{ item.stat.path }}.bak"
          when: item.item.startswith("vlan") and item.stat.exists
          with_items: "{{ nic_result.results }}"
        - name: Edit PHYSDEV in new network-script files
          replace:
            path: "{{ item.stat.path }}"
            regexp: "^PHYSDEV=eth"
            replace: "PHYSDEV={{ prefix }}"
          when: item.item.startswith("vlan") and item.stat.exists
          with_items: "{{ nic_result.results }}"
    Copy to Clipboard Toggle word wrap
    Note

    You will use this playbook to rename the overcloud NICs at a later stage in the upgrade process.

  3. Run the playbook-nics.yaml playbook on the undercloud: 

    $ ansible-playbook -c local -i localhost, playbook-nics.yaml
    Copy to Clipboard Toggle word wrap

    The playbook sets the new NIC prefix to em. To set a different NIC prefix, set the prefix variable when running the playbook: 

    $ ansible-playbook -c local -i localhost, -e prefix="mynic" ~/playbook-nics.yaml
    Copy to Clipboard Toggle word wrap

    The NIC changes are only applied after the Leapp upgrade process completes and the node is rebooted.

Resources

The Leapp upgrade checks whether the PermitRootLogin parameter exists in the /etc/ssh/sshd_config file. You must explicitly set this parameter to either yes or no.

For security purposes, set this parameter to no to disable SSH access to the root user on the undercloud.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Check the /etc/ssh/sshd_config file for the PermitRootLogin parameter: 

    $ sudo grep PermitRootLogin /etc/ssh/sshd_config
    Copy to Clipboard Toggle word wrap

  3. If the parameter is not in the /etc/ssh/sshd_config file, edit the file and set the PermitRootLogin parameter: 

    PermitRootLogin no
    Copy to Clipboard Toggle word wrap
  4. Save the file.

Red Hat OpenStack Platform now uses next generation drivers, also known as hardware types, that replace older drivers.

The following table shows an analogous comparison between older drivers with their next generation hardware type equivalent:

Expand
Old DriverNew Hardware Type

pxe_ipmitool

ipmi

pxe_drac

idrac

pxe_ilo

ilo

pxe_irmc

irmc

VBMC (pxe_ipmitool)

ipmi

fake_pxe

fake-hardware

In OpenStack Platform 15, these older drivers have been removed and are no longer accessible. You must change to hardware types before upgrading to OpenStack Platform 16.1.

Procedure

  1. Check the current list of hardware types enabled: 

    $ source ~/stackrc
$ openstack baremetal driver list --type dynamic
    Copy to Clipboard Toggle word wrap

  2. If you use a hardware type driver that is not enabled, enable the driver using the enabled_hardware_types parameter in the undercloud.conf file: 

    enabled_hardware_types = ipmi,redfish,idrac
    Copy to Clipboard Toggle word wrap

  3. Save the file and refresh the undercloud: 

    $ openstack undercloud install
    Copy to Clipboard Toggle word wrap

  4. Run the following commands, substituting the OLDDRIVER and NEWDRIVER variables for your power management type: 

    $ source ~/stackrc
$ OLDDRIVER="pxe_ipmitool"
$ NEWDRIVER="ipmi"
$ for NODE in $(openstack baremetal node list --driver $OLDDRIVER -c UUID -f value) ; do openstack baremetal node set $NODE --driver $NEWDRIVER; done
    Copy to Clipboard Toggle word wrap

Before you upgrade director, you must upgrade the undercloud operating system from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8. As a part of this operating system upgrade, you must remove the Red Hat OpenStack Platform 13 packages and then run the Leapp utility to upgrade the system packages. This package removal and operating system upgrade does not affect the undercloud database. After you complete the operating system upgrade, reinstall the Red Hat OpenStack Platform 16.1 versions of the director packages.

Before you run the Leapp utility, remove the Red Hat OpenStack Platform 13 packages tied to Red Hat Enterprise Linux 7. These package names use a release suffix of el7ost. Some el7ost remain on the system as dependencies for subscription-manager and the Leapp utility.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Disable the main OpenStack services on the undercloud: 

    $ sudo systemctl stop 'openstack-*' httpd haproxy mariadb 'rabbitmq*' docker xinetd
    Copy to Clipboard Toggle word wrap

  3. Remove the main OpenStack services from the undercloud, except OpenvSwitch and certain Python 2 packages that are required for the upgrade: 

    $ sudo yum -y remove '*el7ost*' 'galera*' 'haproxy*' \
    httpd 'mysql*' 'pacemaker*' xinetd python-jsonpointer \
    qemu-kvm-common-rhev qemu-img-rhev 'rabbit*' \
    'redis*' \
    -- \
    -'*openvswitch*' -python-docker -python-PyMySQL \
    -python-pysocks -python2-asn1crypto -python2-babel \
    -python2-cffi -python2-cryptography -python2-dateutil \
    -python2-idna -python2-ipaddress -python2-jinja2 \
    -python2-jsonpatch -python2-markupsafe -python2-pyOpenSSL \
    -python2-requests -python2-six -python2-urllib3 \
    -python-httplib2 -python-passlib -python2-netaddr -ceph-ansible
    Copy to Clipboard Toggle word wrap

  4. Remove the content from the /etc/httpd and /var/lib/docker directories: 

    $ sudo rm -rf /etc/httpd /var/lib/docker
    Copy to Clipboard Toggle word wrap

5.2. Performing a Leapp upgrade on the undercloud
Copy link

Install and run the Leapp utility to upgrade the operating system to Red Hat Enterprise Linux (RHEL) 8.

Prerequisites

Procedure

  1. Log in to the undercloud as the stack user.

  2. Install the Leapp utility and jq: 

    $ sudo yum install leapp
$ sudo yum install jq
    Copy to Clipboard Toggle word wrap
  3. Download the additional required data files (RPM package changes and RPM repository mapping) attached to the Knowledge Base article Data required by the Leapp utility for an in-place upgrade from RHEL 7 to RHEL 8 and place these files in the /etc/leapp/files/ directory.

  4. Update your Red Hat subscription:

    • If your undercloud uses the Red Hat Customer Portal for registration, refresh your current subscription to obtain access to the Red Hat Enterprise Linux 8.2 content: 

      $ sudo subscription-manager refresh
      Copy to Clipboard Toggle word wrap

    • If your undercloud uses Red Hat Satellite Server for registration, re-register the undercloud to a content view associated with your Red Hat OpenStack Platform (RHOSP)16.1 activation key. 

      $ sudo subscription-manager register --force --org ORG --activationkey ACTIVATION_KEY
      Copy to Clipboard Toggle word wrap
      Note

      The content view that you create for Red Hat OpenStack Platform 16.1 must contain content for Red Hat Enterprise Linux 8.2.

  5. Red Hat OpenStack Platform 16.1 uses a newer version of Open vSwitch`. Substitute the Open vSwitch version through the to_remove and to_install transaction files: 

    $ echo 'openvswitch2.11' | sudo tee -a /etc/leapp/transaction/to_remove
$ echo 'openvswitch2.13' | sudo tee -a /etc/leapp/transaction/to_install
    Copy to Clipboard Toggle word wrap

  6. Retain the Red Hat Ceph Storage 3 version of ceph-ansible through the upgrade with the to_keep transaction file: 

    $ echo 'ceph-ansible' | sudo tee -a /etc/leapp/transaction/to_keep
    Copy to Clipboard Toggle word wrap

  7. Adjust the kernel modules that are no longer supported in RHEL 8: 

    $ if [ -f /usr/share/leapp-repository/repositories/system_upgrade/el7toel8/actors/kernel/checkkerneldrivers/files/removed_drivers.txt ]; then
    for module in pata_acpi floppy; do
        sudo sed -i "/^${module}$/d" /usr/share/leapp-repository/repositories/system_upgrade/el7toel8/actors/kernel/checkkerneldrivers/files/removed_drivers.txt
    done
else
    for module in pata_acpi floppy; do
        jq ". | del(.data[] | select(.driver_name == \"${module}\"))" /etc/leapp/files/device_driver_deprecation_data.json | sudo tee /etc/leapp/files/device_driver_deprecation_data.json_modified
        mv /etc/leapp/files/device_driver_deprecation_data.json_modified /etc/leapp/files/device_driver_deprecation_data.json
    done
fi
    Copy to Clipboard Toggle word wrap

  8. Run the leapp answer command and specify the Leapp answer to remove the pam_pkcs11 module: 

    $ sudo leapp answer --add --section remove_pam_pkcs11_module_check.confirm=True
    Copy to Clipboard Toggle word wrap

  9. Optional: If your environment is deployed with a TLS-Everywhere architecture and it uses the deprecated authconfig utility to configure authentication on your system, configure your RHEL 8 system with the authselect utility: 

    $ sudo leapp answer --add --section authselect_check.confirm=True
    Copy to Clipboard Toggle word wrap

    For more information about authentication configuration during the Leapp upgrade process, see Known issues in Upgrading from RHEL 7 to RHEL 8.

  10. Set the LEAPP_DEVEL_TARGET_RELEASE and LEAPP_UNSUPPORTED environment variables to specify the RHEL 8 minor version that you want to upgrade to. For RHOSP 16.1, you must set the RHEL 8 minor version to 8.2: 

    $ export LEAPP_UNSUPPORTED=1
$ export LEAPP_DEVEL_TARGET_RELEASE=8.2
    Copy to Clipboard Toggle word wrap

    You must use the LEAPP_UNSUPPORTED environment variable every time you use a environment variable with the LEAPP_DEVEL prefix.

  11. Remove the persistent network names actor from the Leapp process:

    Note

    If you do not rename the network interface names before you perform the Leapp upgrade process, the interface names might change after the upgrade to RHEL 8.2 is complete. For more information about renaming the network interface names, see Section 4.3, “Using predictable NIC names for the undercloud node”. 

    $ sudo rm -f /usr/share/leapp-repository/repositories/system_upgrade/el7toel8/actors/persistentnetnamesdisable/actor.py
    Copy to Clipboard Toggle word wrap

  12. Start the Leapp upgrade process: 

    $ sudo -E leapp upgrade --debug --enablerepo rhel-8-for-x86_64-baseos-tus-rpms --enablerepo rhel-8-for-x86_64-appstream-tus-rpms --enablerepo fast-datapath-for-rhel-8-x86_64-rpms --enablerepo ansible-2.9-for-rhel-8-x86_64-rpms
    Copy to Clipboard Toggle word wrap

    Use the --enablerepo option to set the repositories that you want to enable during the Leapp upgrade process. You must include these repositories to facilitate the Red Hat OpenStack Platform 16.1 transition, especially with the newer version of Open vSwitch.

  13. Wait for the leapp upgrade command to successfully complete.

  14. Create an empty .autorelabel file in your root directory: 

    $ sudo touch /.autorelabel
    Copy to Clipboard Toggle word wrap

    After a reboot, SELinux detects this file and automatically relabels the file system.

  15. Reboot the undercloud: 

    $ sudo reboot
    Copy to Clipboard Toggle word wrap

  16. Remove the Leapp packages from the transaction exclusion that is defined in the DNF configuration: 

    $ sudo dnf config-manager --save --setopt exclude=''
    Copy to Clipboard Toggle word wrap

Chapter 6. Upgrading director
Copy link

After you complete the undercloud operating system upgrade, upgrade director. The database from the previous Red Hat OpenStack Platform 13 undercloud remains on host after the operating system upgrade. Install the new Red Hat OpenStack Platform 16.1 packages and configure the new source for Red Hat OpenStack Platform 16.1 container images before you run the openstack undercloud upgrade command.

Red Hat OpenStack Platform 16.1 is supported on Red Hat Enterprise Linux 8.2. Before you perform the update, you must lock the undercloud repositories to the Red Hat Enterprise Linux 8.2 release to avoid upgrading the operating system to a newer minor release.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Lock the undercloud to a specific version with the subscription-manager release command: 

    $ sudo subscription-manager release --set=8.2
    Copy to Clipboard Toggle word wrap

6.2. Enabling repositories for the undercloud
Copy link

Enable the repositories that are required for the undercloud, and update the system packages to the latest versions.

Procedure

  1. Log in to your undercloud as the stack user.

  2. Disable all default repositories, and enable the required Red Hat Enterprise Linux repositories: 

    [stack@director ~]$ sudo subscription-manager repos --disable=*
[stack@director ~]$ sudo subscription-manager repos --enable=rhel-8-for-x86_64-baseos-tus-rpms --enable=rhel-8-for-x86_64-appstream-tus-rpms --enable=rhel-8-for-x86_64-highavailability-tus-rpms --enable=ansible-2.9-for-rhel-8-x86_64-rpms --enable=openstack-16.1-for-rhel-8-x86_64-rpms --enable=fast-datapath-for-rhel-8-x86_64-rpms --enable=advanced-virt-for-rhel-8-x86_64-eus-rpms
    Copy to Clipboard Toggle word wrap

    These repositories contain packages that the director installation requires.

  3. Set the container-tools repository module to version 2.0: 

    [stack@director ~]$ sudo dnf module reset container-tools
[stack@director ~]$ sudo dnf module enable -y container-tools:2.0
    Copy to Clipboard Toggle word wrap

  4. Synchronize the operating system to ensure that your system packages match the operating system version: 

    [stack@director ~]$ sudo dnf distro-sync -y
[stack@director ~]$ sudo reboot
    Copy to Clipboard Toggle word wrap

6.3. Installing director packages
Copy link

Install packages relevant to Red Hat OpenStack Platform director.

Procedure

  1. Install the command line tools for director installation and configuration: 

    [stack@director ~]$ sudo dnf install -y python3-tripleoclient
    Copy to Clipboard Toggle word wrap

6.4. Preparing container images
Copy link

The undercloud installation requires an environment file to determine where to obtain container images and how to store them. Generate and customize this environment file that you can use to prepare your container images.

Note

If you need to configure specific container image versions for your undercloud, you must pin the images to a specific version. For more information, see Pinning container images for the undercloud.

Procedure

  1. Log in to your undercloud host as the stack user.

  2. Generate the default container image preparation file: 

    $ sudo openstack tripleo container image prepare default \
  --local-push-destination \
  --output-env-file containers-prepare-parameter.yaml
    Copy to Clipboard Toggle word wrap

    This command includes the following additional options:

    • --local-push-destination sets the registry on the undercloud as the location for container images. This means that director pulls the necessary images from the Red Hat Container Catalog and pushes them to the registry on the undercloud. Director uses this registry as the container image source. To pull directly from the Red Hat Container Catalog, omit this option.

    • --output-env-file is an environment file name. The contents of this file include the parameters for preparing your container images. In this case, the name of the file is containers-prepare-parameter.yaml.

      Note

      You can use the same containers-prepare-parameter.yaml file to define a container image source for both the undercloud and the overcloud.

  3. Modify the containers-prepare-parameter.yaml to suit your requirements.

6.5. Container image preparation parameters
Copy link

The default file for preparing your containers (containers-prepare-parameter.yaml) contains the ContainerImagePrepare heat parameter. This parameter defines a list of strategies for preparing a set of images: 

parameter_defaults:
  ContainerImagePrepare:
  - (strategy one)
  - (strategy two)
  - (strategy three)
  ...
Copy to Clipboard Toggle word wrap

Each strategy accepts a set of sub-parameters that defines which images to use and what to do with the images. The following table contains information about the sub-parameters that you can use with each ContainerImagePrepare strategy:

Expand
ParameterDescription

excludes

List of regular expressions to exclude image names from a strategy.

includes

List of regular expressions to include in a strategy. At least one image name must match an existing image. All excludes are ignored if includes is specified.

modify_append_tag

String to append to the tag for the destination image. For example, if you pull an image with the tag 16.1.3-5.161 and set the modify_append_tag to -hotfix, the director tags the final image as 16.1.3-5.161-hotfix.

modify_only_with_labels

A dictionary of image labels that filter the images that you want to modify. If an image matches the labels defined, the director includes the image in the modification process.

modify_role

String of ansible role names to run during upload but before pushing the image to the destination registry.

modify_vars

Dictionary of variables to pass to modify_role.

push_destination

Defines the namespace of the registry that you want to push images to during the upload process.

  • If set to true, the push_destination is set to the undercloud registry namespace using the hostname, which is the recommended method.
  • If set to false, the push to a local registry does not occur and nodes pull images directly from the source.
  • If set to a custom value, director pushes images to an external local registry.

If you set this parameter to false in production environments while pulling images directly from Red Hat Container Catalog, all overcloud nodes will simultaneously pull the images from the Red Hat Container Catalog over your external connection, which can cause bandwidth issues. Only use false to pull directly from a Red Hat Satellite Server hosting the container images.

If the push_destination parameter is set to false or is not defined and the remote registry requires authentication, set the ContainerImageRegistryLogin parameter to true and include the credentials with the ContainerImageRegistryCredentials parameter.

pull_source

The source registry from where to pull the original container images.

set

A dictionary of key: value definitions that define where to obtain the initial images.

tag_from_label

Use the value of specified container image metadata labels to create a tag for every image and pull that tagged image. For example, if you set tag_from_label: {version}-{release}, director uses the version and release labels to construct a new tag. For one container, version might be set to 16.1.3 and release might be set to 5.161, which results in the tag 16.1.3-5.161. Director uses this parameter only if you have not defined tag in the set dictionary.

Important

When you push images to the undercloud, use push_destination: true instead of push_destination: UNDERCLOUD_IP:PORT. The push_destination: true method provides a level of consistency across both IPv4 and IPv6 addresses.

The set parameter accepts a set of key: value definitions:

Expand
KeyDescription

ceph_image

The name of the Ceph Storage container image.

ceph_namespace

The namespace of the Ceph Storage container image.

ceph_tag

The tag of the Ceph Storage container image.

ceph_alertmanager_image

ceph_alertmanager_namespace

ceph_alertmanager_tag

The name, namespace, and tag of the Ceph Storage Alert Manager container image.

ceph_grafana_image

ceph_grafana_namespace

ceph_grafana_tag

The name, namespace, and tag of the Ceph Storage Grafana container image.

ceph_node_exporter_image

ceph_node_exporter_namespace

ceph_node_exporter_tag

The name, namespace, and tag of the Ceph Storage Node Exporter container image.

ceph_prometheus_image

ceph_prometheus_namespace

ceph_prometheus_tag

The name, namespace, and tag of the Ceph Storage Prometheus container image.

name_prefix

A prefix for each OpenStack service image.

name_suffix

A suffix for each OpenStack service image.

namespace

The namespace for each OpenStack service image.

neutron_driver

The driver to use to determine which OpenStack Networking (neutron) container to use. Use a null value to set to the standard neutron-server container. Set to ovn to use OVN-based containers.

tag

Sets a specific tag for all images from the source. If not defined, director uses the Red Hat OpenStack Platform version number as the default value. This parameter takes precedence over the tag_from_label value.

Note

The container images use multi-stream tags based on the Red Hat OpenStack Platform version. This means that there is no longer a latest tag.

6.6. Guidelines for container image tagging
Copy link

The Red Hat Container Registry uses a specific version format to tag all Red Hat OpenStack Platform container images. This format follows the label metadata for each container, which is version-release.

version
Corresponds to a major and minor version of Red Hat OpenStack Platform. These versions act as streams that contain one or more releases.
release
Corresponds to a release of a specific container image version within a version stream.

For example, if the latest version of Red Hat OpenStack Platform is 16.1.3 and the release for the container image is 5.161, then the resulting tag for the container image is 16.1.3-5.161.

The Red Hat Container Registry also uses a set of major and minor version tags that link to the latest release for that container image version. For example, both 16.1 and 16.1.3 link to the latest release in the 16.1.3 container stream. If a new minor release of 16.1 occurs, the 16.1 tag links to the latest release for the new minor release stream while the 16.1.3 tag continues to link to the latest release within the 16.1.3 stream.

The ContainerImagePrepare parameter contains two sub-parameters that you can use to determine which container image to download. These sub-parameters are the tag parameter within the set dictionary, and the tag_from_label parameter. Use the following guidelines to determine whether to use tag or tag_from_label.

  • The default value for tag is the major version for your OpenStack Platform version. For this version it is 16.1. This always corresponds to the latest minor version and release. 

    parameter_defaults:
  ContainerImagePrepare:
  - set:
      ...
      tag: 16.1
      ...
    Copy to Clipboard Toggle word wrap

  • To change to a specific minor version for OpenStack Platform container images, set the tag to a minor version. For example, to change to 16.1.2, set tag to 16.1.2. 

    parameter_defaults:
  ContainerImagePrepare:
  - set:
      ...
      tag: 16.1.2
      ...
    Copy to Clipboard Toggle word wrap
  • When you set tag, director always downloads the latest container image release for the version set in tag during installation and updates.

  • If you do not set tag, director uses the value of tag_from_label in conjunction with the latest major version. 

    parameter_defaults:
  ContainerImagePrepare:
  - set:
      ...
      # tag: 16.1
      ...
    tag_from_label: '{version}-{release}'
    Copy to Clipboard Toggle word wrap

  • The tag_from_label parameter generates the tag from the label metadata of the latest container image release it inspects from the Red Hat Container Registry. For example, the labels for a certain container might use the following version and release metadata: 

      "Labels": {
    "release": "5.161",
    "version": "16.1.3",
    ...
  }
    Copy to Clipboard Toggle word wrap
  • The default value for tag_from_label is {version}-{release}, which corresponds to the version and release metadata labels for each container image. For example, if a container image has 16.1.3 set for version and 5.161 set for release, the resulting tag for the container image is 16.1.3-5.161.
  • The tag parameter always takes precedence over the tag_from_label parameter. To use tag_from_label, omit the tag parameter from your container preparation configuration.
  • A key difference between tag and tag_from_label is that director uses tag to pull an image only based on major or minor version tags, which the Red Hat Container Registry links to the latest image release within a version stream, while director uses tag_from_label to perform a metadata inspection of each container image so that director generates a tag and pulls the corresponding image.

The registry.redhat.io registry requires authentication to access and pull images. To authenticate with registry.redhat.io and other private registries, include the ContainerImageRegistryCredentials and ContainerImageRegistryLogin parameters in your containers-prepare-parameter.yaml file.

ContainerImageRegistryCredentials

Some container image registries require authentication to access images. In this situation, use the ContainerImageRegistryCredentials parameter in your containers-prepare-parameter.yaml environment file. The ContainerImageRegistryCredentials parameter uses a set of keys based on the private registry URL. Each private registry URL uses its own key and value pair to define the username (key) and password (value). This provides a method to specify credentials for multiple private registries. 

parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      namespace: registry.redhat.io/...
      ...
  ContainerImageRegistryCredentials:
    registry.redhat.io:
      my_username: my_password
Copy to Clipboard Toggle word wrap

In the example, replace my_username and my_password with your authentication credentials. Instead of using your individual user credentials, Red Hat recommends creating a registry service account and using those credentials to access registry.redhat.io content.

To specify authentication details for multiple registries, set multiple key-pair values for each registry in ContainerImageRegistryCredentials: 

parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      namespace: registry.redhat.io/...
      ...
  - push_destination: true
    set:
      namespace: registry.internalsite.com/...
      ...
  ...
  ContainerImageRegistryCredentials:
    registry.redhat.io:
      myuser: 'p@55w0rd!'
    registry.internalsite.com:
      myuser2: '0th3rp@55w0rd!'
    '192.0.2.1:8787':
      myuser3: '@n0th3rp@55w0rd!'
Copy to Clipboard Toggle word wrap
Important

The default ContainerImagePrepare parameter pulls container images from registry.redhat.io, which requires authentication.

For more information, see Red Hat Container Registry Authentication.

ContainerImageRegistryLogin

The ContainerImageRegistryLogin parameter is used to control whether an overcloud node system needs to log in to the remote registry to fetch the container images. This situation occurs when you want the overcloud nodes to pull images directly, rather than use the undercloud to host images.

You must set ContainerImageRegistryLogin to true if push_destination is set to false or not used for a given strategy. 

parameter_defaults:
  ContainerImagePrepare:
  - push_destination: false
    set:
      namespace: registry.redhat.io/...
      ...
  ...
  ContainerImageRegistryCredentials:
    registry.redhat.io:
      myuser: 'p@55w0rd!'
  ContainerImageRegistryLogin: true
Copy to Clipboard Toggle word wrap

However, if the overcloud nodes do not have network connectivity to the registry hosts defined in ContainerImageRegistryCredentials and you set ContainerImageRegistryLogin to true, the deployment might fail when trying to perform a login. If the overcloud nodes do not have network connectivity to the registry hosts defined in the ContainerImageRegistryCredentials, set push_destination to true and ContainerImageRegistryLogin to false so that the overcloud nodes pull images from the undercloud. 

parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      namespace: registry.redhat.io/...
      ...
  ...
  ContainerImageRegistryCredentials:
    registry.redhat.io:
      myuser: 'p@55w0rd!'
  ContainerImageRegistryLogin: false
Copy to Clipboard Toggle word wrap

The upgrade requires containers from previous versions of Red Hat OpenStack Platform and Red Hat Ceph Storage. These containers help transition to Red Hat OpenStack Platform 16.1.

Procedure

  1. Log in to your undercloud host as the stack user.
  2. Edit the containers-prepare-parameter.yaml file.

  3. Add the transitional container parameters to set in the ContainerImagePrepare parameter. Set the parameters in one of the following ways depending on your type of deployment.

    • If your deployment uses a Red Hat Ceph Storage cluster that was deployed using director, add the following parameters: 

      parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      ...
      name_prefix_stein: openstack-
      name_suffix_stein: ''
      namespace_stein: registry.redhat.io/rhosp15-rhel8
      tag_stein: 15.0
      ceph3_namespace: registry.redhat.io/rhceph
      ceph3_tag: latest
      ceph3_image: rhceph-3-rhel7
      ...
      Copy to Clipboard Toggle word wrap
      • The *_stein parameters define the container images for Red Hat OpenStack Platform 15, which the upgrade process uses for database migration.
      • The ceph3_* parameters define the current Red Hat Ceph Storage container images that the overcloud uses. The overcloud requires both the ceph3_* and ceph_* parameters for the transition from Red Hat Ceph Storage 3 to 4.
      • If you use Red Hat Satellite Server for container image storage, set the namespaces to the image locations on your Red Hat Satellite Server.

    • If your deployment uses an external Ceph Storage cluster, add the following parameters: 

      parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      ...
      name_prefix_stein: openstack-
      name_suffix_stein: ''
      namespace_stein: registry.redhat.io/rhosp15-rhel8
      tag_stein: 15.0
      ceph_namespace: registry.redhat.io/rhceph
      ceph_tag: latest
      ceph_image: rhceph-4-rhel8
      ...
      Copy to Clipboard Toggle word wrap
      • The *_stein parameters define the container images for Red Hat OpenStack Platform 15, which the upgrade process uses for database migration.
      • The ceph_* parameters define the current Red Hat Ceph Storage 4 container images that the overcloud uses.
      • If you use Red Hat Satellite Server for container image storage, set the namespaces to the image locations on your Red Hat Satellite Server.

  4. Change the neutron_driver parameter to openvswitch: 

    parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      ...
      neutron_driver: openvswitch
      ...
    Copy to Clipboard Toggle word wrap

    The upgrade retains Open vSwitch compatibility throughout the process. After you complete the upgrade to Red Hat OpenStack Platform 16.1, you migrate the overcloud from Open vSwitch to Open Virtual Network (OVN).

  5. Save the containers-prepare-parameter.yaml file.

6.9. Updating the undercloud.conf file
Copy link

You can continue using the original undercloud.conf file from your Red Hat OpenStack Platform 13 environment, but you must modify the file to retain compatibility with Red Hat OpenStack Platform 16.1.

Procedure

  1. Log in to your undercloud host as the stack user.
  2. Edit the undercloud.conf file.

  3. Add the following parameter to the DEFAULT section in the file: 

    container_images_file = /home/stack/containers-prepare-parameter.yaml
    Copy to Clipboard Toggle word wrap

    This parameter defines the location of the containers-prepare-parameter.yaml environment file so that director pulls container images for the undercloud from the correct location.

  4. Check the generate_service_certificate parameter. The default for this parameter changes from false to true, which enables SSL/TLS on your undercloud, during the upgrade.
  5. Check the local_interface parameter if you have migrated to a predictable NIC naming convention.
  6. If you set the masquerade_network parameter in Red Hat OpenStack Platform 13, remove this parameter and set masquerade = true for each subnet.
  7. Check all other parameters in the file for any changes.
  8. Save the file.

6.10. Director configuration parameters
Copy link

The following list contains information about parameters for configuring the undercloud.conf file. Keep all parameters within their relevant sections to avoid errors.

Important

At minimum, you must set the container_images_file parameter to the environment file that contains your container image configuration. Without this parameter properly set to the appropriate file, director cannot obtain your container image rule set from the ContainerImagePrepare parameter nor your container registry authentication details from the ContainerImageRegistryCredentials parameter.

Defaults

The following parameters are defined in the [DEFAULT] section of the undercloud.conf file:

additional_architectures
A list of additional (kernel) architectures that an overcloud supports. Currently the overcloud supports ppc64le architecture in addition to the default x86_64 architecture.
certificate_generation_ca
The certmonger nickname of the CA that signs the requested certificate. Use this option only if you have set the generate_service_certificate parameter. If you select the local CA, certmonger extracts the local CA certificate to /etc/pki/ca-trust/source/anchors/cm-local-ca.pem and adds the certificate to the trust chain.
clean_nodes
Defines whether to wipe the hard drive between deployments and after introspection.
cleanup
Delete temporary files. Set this to False to retain the temporary files used during deployment. The temporary files can help you debug the deployment if errors occur.
container_cli
The CLI tool for container management. Leave this parameter set to podman. Red Hat Enterprise Linux 8.2 only supports podman.
container_healthcheck_disabled
Disables containerized service health checks. Red Hat recommends that you enable health checks and leave this option set to false.
container_images_file

Heat environment file with container image information. This file can contain the following entries:

  • Parameters for all required container images
  • The ContainerImagePrepare parameter to drive the required image preparation. Usually the file that contains this parameter is named containers-prepare-parameter.yaml.
container_insecure_registries
A list of insecure registries for podman to use. Use this parameter if you want to pull images from another source, such as a private container registry. In most cases, podman has the certificates to pull container images from either the Red Hat Container Catalog or from your Satellite Server if the undercloud is registered to Satellite.
container_registry_mirror
An optional registry-mirror configured that podman uses.
custom_env_files
Additional environment files that you want to add to the undercloud installation.
deployment_user
The user who installs the undercloud. Leave this parameter unset to use the current default user stack.
discovery_default_driver
Sets the default driver for automatically enrolled nodes. Requires the enable_node_discovery parameter to be enabled and you must include the driver in the enabled_hardware_types list.
enable_ironic; enable_ironic_inspector; enable_mistral; enable_nova; enable_tempest; enable_validations; enable_zaqar
Defines the core services that you want to enable for director. Leave these parameters set to true.
enable_node_discovery
Automatically enroll any unknown node that PXE-boots the introspection ramdisk. New nodes use the fake driver as a default but you can set discovery_default_driver to override. You can also use introspection rules to specify driver information for newly enrolled nodes.
enable_novajoin
Defines whether to install the novajoin metadata service in the undercloud.
enable_routed_networks
Defines whether to enable support for routed control plane networks.
enable_swift_encryption
Defines whether to enable Swift encryption at-rest.
enable_telemetry
Defines whether to install OpenStack Telemetry services (gnocchi, aodh, panko) in the undercloud. Set the enable_telemetry parameter to true if you want to install and configure telemetry services automatically. The default value is false, which disables telemetry on the undercloud. This parameter is required if you use other products that consume metrics data, such as Red Hat CloudForms.
Warning

RBAC is not supported by every component. The Alarming service (aodh) and Gnocchi do not take secure RBAC rules into account.

enabled_hardware_types
A list of hardware types that you want to enable for the undercloud.
generate_service_certificate
Defines whether to generate an SSL/TLS certificate during the undercloud installation, which is used for the undercloud_service_certificate parameter. The undercloud installation saves the resulting certificate /etc/pki/tls/certs/undercloud-[undercloud_public_vip].pem. The CA defined in the certificate_generation_ca parameter signs this certificate.
heat_container_image
URL for the heat container image to use. Leave unset.
heat_native
Run host-based undercloud configuration using heat-all. Leave as true.
hieradata_override
Path to hieradata override file that configures Puppet hieradata on the director, providing custom configuration to services beyond the undercloud.conf parameters. If set, the undercloud installation copies this file to the /etc/puppet/hieradata directory and sets it as the first file in the hierarchy. For more information about using this feature, see Configuring hieradata on the undercloud.
inspection_extras
Defines whether to enable extra hardware collection during the inspection process. This parameter requires the python-hardware or python-hardware-detect packages on the introspection image.
inspection_interface
The bridge that director uses for node introspection. This is a custom bridge that the director configuration creates. The LOCAL_INTERFACE attaches to this bridge. Leave this as the default br-ctlplane.
inspection_runbench
Runs a set of benchmarks during node introspection. Set this parameter to true to enable the benchmarks. This option is necessary if you intend to perform benchmark analysis when inspecting the hardware of registered nodes.
ipa_otp
Defines the one-time password to register the undercloud node to an IPA server. This is required when enable_novajoin is enabled.
ipv6_address_mode

IPv6 address configuration mode for the undercloud provisioning network. The following list contains the possible values for this parameter:

  • dhcpv6-stateless - Address configuration using router advertisement (RA) and optional information using DHCPv6.
  • dhcpv6-stateful - Address configuration and optional information using DHCPv6.
ipxe_enabled
Defines whether to use iPXE or standard PXE. The default is true, which enables iPXE. Set this parameter to false to use standard PXE.
local_interface

The chosen interface for the director Provisioning NIC. This is also the device that director uses for DHCP and PXE boot services. Change this value to your chosen device. To see which device is connected, use the ip addr command. For example, this is the result of an ip addr command: 

2: em0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:75:24:09 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.178/24 brd 192.168.122.255 scope global dynamic em0
       valid_lft 3462sec preferred_lft 3462sec
    inet6 fe80::5054:ff:fe75:2409/64 scope link
       valid_lft forever preferred_lft forever
3: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noop state DOWN
    link/ether 42:0b:c2:a5:c1:26 brd ff:ff:ff:ff:ff:ff
Copy to Clipboard Toggle word wrap

In this example, the External NIC uses em0 and the Provisioning NIC uses em1, which is currently not configured. In this case, set the local_interface to em1. The configuration script attaches this interface to a custom bridge defined with the inspection_interface parameter.

local_ip

The IP address defined for the director Provisioning NIC. This is also the IP address that director uses for DHCP and PXE boot services. Leave this value as the default 192.168.24.1/24 unless you use a different subnet for the Provisioning network, for example, if this IP address conflicts with an existing IP address or subnet in your environment.

For IPv6, the local IP address prefix length must be /64 to support both stateful and stateless connections.

local_mtu
The maximum transmission unit (MTU) that you want to use for the local_interface. Do not exceed 1500 for the undercloud.
local_subnet
The local subnet that you want to use for PXE boot and DHCP interfaces. The local_ip address should reside in this subnet. The default is ctlplane-subnet.
net_config_override
Path to network configuration override template. If you set this parameter, the undercloud uses a JSON or YAML format template to configure the networking with os-net-config and ignores the network parameters set in undercloud.conf. Use this parameter when you want to configure bonding or add an option to the interface. For more information about customizing undercloud network interfaces, see Configuring undercloud network interfaces.
networks_file
Networks file to override for heat.
output_dir
Directory to output state, processed heat templates, and Ansible deployment files.
overcloud_domain_name

The DNS domain name that you want to use when you deploy the overcloud.

Note

When you configure the overcloud, you must set the CloudDomain parameter to a matching value. Set this parameter in an environment file when you configure your overcloud.

roles_file
The roles file that you want to use to override the default roles file for undercloud installation. It is highly recommended to leave this parameter unset so that the director installation uses the default roles file.
scheduler_max_attempts
The maximum number of times that the scheduler attempts to deploy an instance. This value must be greater or equal to the number of bare metal nodes that you expect to deploy at once to avoid potential race conditions when scheduling.
service_principal
The Kerberos principal for the service using the certificate. Use this parameter only if your CA requires a Kerberos principal, such as in FreeIPA.
subnets
List of routed network subnets for provisioning and introspection. The default value includes only the ctlplane-subnet subnet. For more information, see Subnets.
templates
Heat templates file to override.
undercloud_admin_host

The IP address or hostname defined for director Admin API endpoints over SSL/TLS. The director configuration attaches the IP address to the director software bridge as a routed IP address, which uses the /32 netmask.

If the undercloud_admin_host is not in the same IP network as the local_ip, you must set the ControlVirtualInterface parameter to the interface on which you want the admin APIs on the undercloud to listen. By default, the admin APIs listen on the br-ctlplane interface. Set the ControlVirtualInterface parameter in a custom environment file, and include the custom environment file in the undercloud.conf file by configuring the custom_env_files parameter.

For information about customizing undercloud network interfaces, see Configuring undercloud network interfaces.

undercloud_debug
Sets the log level of undercloud services to DEBUG. Set this value to true to enable DEBUG log level.
undercloud_enable_selinux
Enable or disable SELinux during the deployment. It is highly recommended to leave this value set to true unless you are debugging an issue.
undercloud_hostname
Defines the fully qualified host name for the undercloud. If set, the undercloud installation configures all system host name settings. If left unset, the undercloud uses the current host name, but you must configure all system host name settings appropriately.
undercloud_log_file
The path to a log file to store the undercloud install and upgrade logs. By default, the log file is install-undercloud.log in the home directory. For example, /home/stack/install-undercloud.log.
undercloud_nameservers
A list of DNS nameservers to use for the undercloud hostname resolution.
undercloud_ntp_servers
A list of network time protocol servers to help synchronize the undercloud date and time.
undercloud_public_host

The IP address or hostname defined for director Public API endpoints over SSL/TLS. The director configuration attaches the IP address to the director software bridge as a routed IP address, which uses the /32 netmask.

If the undercloud_public_host is not in the same IP network as the local_ip, you must set the PublicVirtualInterface parameter to the public-facing interface on which you want the public APIs on the undercloud to listen. By default, the public APIs listen on the br-ctlplane interface. Set the PublicVirtualInterface parameter in a custom environment file, and include the custom environment file in the undercloud.conf file by configuring the custom_env_files parameter.

For information about customizing undercloud network interfaces, see Configuring undercloud network interfaces.

undercloud_service_certificate
The location and filename of the certificate for OpenStack SSL/TLS communication. Ideally, you obtain this certificate from a trusted certificate authority. Otherwise, generate your own self-signed certificate.
undercloud_timezone
Host timezone for the undercloud. If you do not specify a timezone, director uses the existing timezone configuration.
undercloud_update_packages
Defines whether to update packages during the undercloud installation.

Subnets

Each provisioning subnet is a named section in the undercloud.conf file. For example, to create a subnet called ctlplane-subnet, use the following sample in your undercloud.conf file: 

[ctlplane-subnet]
cidr = 192.168.24.0/24
dhcp_start = 192.168.24.5
dhcp_end = 192.168.24.24
inspection_iprange = 192.168.24.100,192.168.24.120
gateway = 192.168.24.1
masquerade = true
Copy to Clipboard Toggle word wrap

You can specify as many provisioning networks as necessary to suit your environment.

Important

Director cannot change the IP addresses for a subnet after director creates the subnet.

cidr
The network that director uses to manage overcloud instances. This is the Provisioning network, which the undercloud neutron service manages. Leave this as the default 192.168.24.0/24 unless you use a different subnet for the Provisioning network.
masquerade

Defines whether to masquerade the network defined in the cidr for external access. This provides the Provisioning network with network address translation (NAT) so that the Provisioning network has external access through director.

Note

The director configuration also enables IP forwarding automatically using the relevant sysctl kernel parameter.

dhcp_start; dhcp_end
The start and end of the DHCP allocation range for overcloud nodes. Ensure that this range contains enough IP addresses to allocate your nodes.
dhcp_exclude
IP addresses to exclude in the DHCP allocation range.
dns_nameservers
DNS nameservers specific to the subnet. If no nameservers are defined for the subnet, the subnet uses nameservers defined in the undercloud_nameservers parameter.
gateway
The gateway for the overcloud instances. This is the undercloud host, which forwards traffic to the External network. Leave this as the default 192.168.24.1 unless you use a different IP address for director or want to use an external gateway directly.
host_routes
Host routes for the Neutron-managed subnet for the overcloud instances on this network. This also configures the host routes for the local_subnet on the undercloud.
inspection_iprange
Temporary IP range for nodes on this network to use during the inspection process. This range must not overlap with the range defined by dhcp_start and dhcp_end but must be in the same IP subnet.

6.11. Running the director upgrade
Copy link

Complete the following steps to upgrade the director.

Procedure

  1. Run the following command to upgrade the director on the undercloud: 

    $ openstack undercloud upgrade
    Copy to Clipboard Toggle word wrap

    This command launches the director configuration script. The director upgrades its packages and configures its services to suit the settings in the undercloud.conf. This script takes several minutes to complete.

    Note

    The director configuration script prompts for confirmation before proceeding. Bypass this confirmation using the -y option: 

    $ openstack undercloud upgrade -y
    Copy to Clipboard Toggle word wrap

  2. The script also starts all OpenStack Platform service containers on the undercloud automatically. You manage each service through a systemd resource. Check the systemd resources: 

    $ sudo systemctl list-units "tripleo_*"
    Copy to Clipboard Toggle word wrap

    Each systemd service controls a container. Check the enabled containers using the following command: 

    $ sudo podman ps
    Copy to Clipboard Toggle word wrap

  3. The script adds the stack user to the docker group to ensure that the stack user has access to container management commands. Refresh the stack user permissions with the following command: 

    $ exec su -l stack
    Copy to Clipboard Toggle word wrap

    The command prompts you to log in again. Enter the stack user password.

  4. To initialize the stack user to use the command line tools, run the following command: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

    The prompt now indicates OpenStack commands authenticate and execute against the undercloud; 

    (undercloud) $
    Copy to Clipboard Toggle word wrap

The director upgrade is complete.

You must complete some initial steps to prepare for the overcloud upgrade.

7.1. Preparing for overcloud service downtime
Copy link

The overcloud upgrade process disables the main control plane services at key points. You cannot use any overcloud services to create new resources when these key points are reached. Workloads that are running in the overcloud remain active during the upgrade process, which means instances continue to run during the upgrade of the control plane. During an upgrade of Compute nodes, these workloads can be live migrated to Compute nodes that are already upgraded.

It is important to plan a maintenance window to ensure that no users can access the overcloud services during the upgrade.

Affected by overcloud upgrade

  • OpenStack Platform services

Unaffected by overcloud upgrade

  • Instances running during the upgrade
  • Ceph Storage OSDs (backend storage for instances)
  • Linux networking
  • Open vSwitch networking
  • Undercloud

7.2. Selecting Compute nodes for upgrade testing
Copy link

The overcloud upgrade process allows you to either:

  • Upgrade all nodes in a role
  • Individual nodes separately

To ensure a smooth overcloud upgrade process, it is useful to test the upgrade on a few individual Compute nodes in your environment before upgrading all Compute nodes. This ensures no major issues occur during the upgrade while maintaining minimal downtime to your workloads.

Use the following recommendations to help choose test nodes for the upgrade:

  • Select two or three Compute nodes for upgrade testing
  • Select nodes without any critical instances running
  • If necessary, migrate critical instances from the selected test Compute nodes to other Compute nodes

7.3. Creating an overcloud inventory file
Copy link

Generate an Ansible inventory file of all nodes in your environment with the tripleo-ansible-inventory command.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file. 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Create a static inventory file of all nodes: 

    $ tripleo-ansible-inventory --static-yaml-inventory ~/inventory.yaml --stack STACK_NAME
    Copy to Clipboard Toggle word wrap

    If you are not using the default overcloud stack name, set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

  4. To execute Ansible playbooks on your environment, run the ansible-playbook command and include the full path of the dynamic inventory tool using the -i option. For example: 

    (undercloud) $ ansible-playbook -i ~/inventory.yaml PLAYBOOK
    Copy to Clipboard Toggle word wrap

7.4. Validating the pre-upgrade requirements
Copy link

Run the pre-upgrade validation group to check the pre-upgrade requirements.

For more information about the Red Hat OpenStack Platform (RHOSP) validation framework, see Using the validation framework in the Director Installation and Usage guide.

Procedure

  1. Source the stackrc file. 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the openstack tripleo validator run command with the --group pre-upgrade option and include the /usr/libexec/platform-python python runtime environment: 

    $ openstack tripleo validator run --group pre-upgrade --python-interpreter /usr/libexec/platform-python -i inventory.yaml
    Copy to Clipboard Toggle word wrap

  3. Review the results of the validation report. To view detailed output from a specific validation, run the openstack tripleo validator show run --full command against the UUID of the specific validation from the report: 

    $ openstack tripleo validator show run  --full <UUID>
    Copy to Clipboard Toggle word wrap
Important

A FAILED validation does not prevent you from deploying or running RHOSP. However, a FAILED validation can indicate a potential issue with a production environment.

7.5. Disabling fencing in the overcloud
Copy link

Before you upgrade the overcloud, ensure that fencing is disabled.

When you upgrade the overcloud, you upgrade each Controller node individually to retain high availability functionality. If fencing is deployed in your environment, the overcloud might detect certain nodes as disabled and attempt fencing operations, which can cause unintended results.

If you have enabled fencing in the overcloud, you must temporarily disable fencing for the duration of the upgrade to avoid any unintended results.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file. 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Log in to a Controller node and run the Pacemaker command to disable fencing: 

    $ ssh heat-admin@CONTROLLER_IP "sudo pcs property set stonith-enabled=false"
    Copy to Clipboard Toggle word wrap
  4. In the fencing.yaml environment file, set the EnableFencing parameter to false to ensure that fencing stays disabled during the upgrade process.

Additional Resources

7.6. Checking custom Puppet parameters
Copy link

If you use the ExtraConfig interfaces for customizations of Puppet parameters, Puppet might report duplicate declaration errors during the upgrade. This is due to changes in the interfaces provided by the puppet modules themselves.

This procedure shows how to check for any custom ExtraConfig hieradata parameters in your environment files.

Procedure

  1. Select an environment file and the check if it has an ExtraConfig parameter: 

    $ grep ExtraConfig ~/templates/custom-config.yaml
    Copy to Clipboard Toggle word wrap
  2. If the results show an ExtraConfig parameter for any role (e.g. ControllerExtraConfig) in the chosen file, check the full parameter structure in that file.

  3. If the parameter contains any puppet Hierdata with a SECTION/parameter syntax followed by a value, it might have been been replaced with a parameter with an actual Puppet class. For example: 

    parameter_defaults:
  ExtraConfig:
    neutron::config::dhcp_agent_config:
      'DEFAULT/dnsmasq_local_resolv':
        value: 'true'
    Copy to Clipboard Toggle word wrap

  4. Check the director’s Puppet modules to see if the parameter now exists within a Puppet class. For example: 

    $ grep dnsmasq_local_resolv
    Copy to Clipboard Toggle word wrap

    If so, change to the new interface.

  5. The following are examples to demonstrate the change in syntax:

    • Example 1: 

      parameter_defaults:
  ExtraConfig:
    neutron::config::dhcp_agent_config:
      'DEFAULT/dnsmasq_local_resolv':
        value: 'true'
      Copy to Clipboard Toggle word wrap

      Changes to: 

      parameter_defaults:
  ExtraConfig:
    neutron::agents::dhcp::dnsmasq_local_resolv: true
      Copy to Clipboard Toggle word wrap

    • Example 2: 

      parameter_defaults:
  ExtraConfig:
    ceilometer::config::ceilometer_config:
      'oslo_messaging_rabbit/rabbit_qos_prefetch_count':
        value: '32'
      Copy to Clipboard Toggle word wrap

      Changes to: 

      parameter_defaults:
  ExtraConfig:
    oslo::messaging::rabbit::rabbit_qos_prefetch_count: '32'
      Copy to Clipboard Toggle word wrap

7.7. Undercloud node database backup
Copy link

You can use the backup-and-restore Ansible role to create a backup of the database that runs on the undercloud node and use that backup to recover the state of the database in the event that it becomes corrupted. For more information about backing up the undercloud database, see Creating a database backup of the undercloud node in the Red Hat OpenStack Platform 16.1 Backing up and restoring the undercloud and control plane nodes guide.

The long-life Red Hat OpenStack Platform (RHOSP) upgrade requires a base operating system upgrade from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8. Red Hat Enterprise Linux 7 uses the Leapp utility to perform the upgrade to Red Hat Enterprise Linux 8. For more information about Leapp and its dependencies, see Preparing a RHEL 7 system for the upgrade.

The overcloud upgrade framework automatically runs the leapp upgrade. To ensure a successful RHOSP upgrade, it is recommended that you manually run a pre-upgrade report to identify and resolve any potential problems. Run pre-upgrade reports for at least one host of each of the Compute, Controller, and Ceph Storage roles. For more information about Leapp pre-upgrade reports, see Reviewing the pre-upgrade report.

8.1. Creating an upgrades environment file
Copy link

The upgrade process uses an environment file to enable the upgrade process and configure specific upgrade parameters.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Create an environment file called upgrades-environment.yaml in your templates directory: 

    $ touch templates/upgrades-environment.yaml
    Copy to Clipboard Toggle word wrap

  3. Edit the file and add the following mandatory content: 

    parameter_defaults:
  UpgradeLeappDevelSkip: "LEAPP_UNSUPPORTED=1 LEAPP_DEVEL_TARGET_RELEASE=8.2"
  LeappInitCommand: |
    for module in pata_acpi floppy; do sudo sed -i "/^${module}$/d" /usr/share/leapp-repository/repositories/system_upgrade/el7toel8/actors/kernel/checkkerneldrivers/files/removed_drivers.txt; done
    sudo rm -f /usr/share/leapp-repository/repositories/system_upgrade/el7toel8/actors/persistentnetnamesdisable/actor.py
    sudo yum -y remove mariadb-server* || true
  UpgradeInitCommand: "sudo dnf config-manager --save --setopt exclude=''"
    Copy to Clipboard Toggle word wrap
    • UpgradeLeappDevelSkip skips Leapp checks and sets environment variables when Leapp runs.
    • LeappInitCommand passes commands or script snippets that run on each of the overcloud nodes, and prepares the nodes for the Leapp upgrade.
    • UpgradeInitCommand passes commands or script snippets that run on each of the overcloud nodes. The dnf config-manager --save --setopt exclude='' command removes Leapp packages from DNF exclusion so that automatic removal of python2 packages is successful.

  4. Optional: If you use TLS-Everywhere in your environment and want to migrate from authconfig to authselect, set the authselect_check.confirm parameter to True to avoid bug BZ#1978228 - OSP13→16.2 Leapp upgrade failed with TLSEverywhere: 

    parameter_defaults:
  LeappInitCommand: |
    sudo leapp answer --section authselect_check.confirm=True --add
    Copy to Clipboard Toggle word wrap

    Otherwise, set the value to False.

    Note

    Use the | syntax to pass multiple commands to the LeappInitCommand parameter: 

    parameter-defaults:
  LeappInitCommand: |
    <command_1>
    <command_2>
    Copy to Clipboard Toggle word wrap
  5. Save the upgrades-environment.yaml file.

8.2. Upgrade parameters
Copy link

Expand
ParameterDescription

UpgradeInitCommand

Command or script snippet to run on all overcloud nodes to initialize the upgrade process. For example, a repository switch.

UpgradeInitCommonCommand

Common commands required by the upgrades process. This should not normally be modified by the operator and is set and unset in the major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files.

UpgradeLeappCommandOptions

Additional command line options to append to the Leapp command.

UpgradeLeappDebug

Print debugging output when running Leapp. The default value is True.

UpgradeLeappDevelSkip

Skip Leapp checks by setting env variables when running Leapp in development/testing. For example, LEAPP_DEVEL_SKIP_RHSM=1.

UpgradeLeappEnabled

Use Leapp for operating system upgrade. The default value is False.

UpgradeLeappPostRebootDelay

Maximum (seconds) to wait for machine to reboot and respond to a test command. The default value is 120.

UpgradeLeappRebootTimeout

Timeout (seconds) for the OS upgrade phase via Leapp. The default value is 3600.

UpgradeLeappToInstall

List of packages to install after Leapp upgrade.

UpgradeLeappToRemove

List of packages to remove during Leapp upgrade.

8.3. Copying the Leapp data on the overcloud nodes
Copy link

Each overcloud node requires Leapp data files. Copy the data files in the /etc/leapp/files directory on the undercloud to the same location on each overcloud node.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file. 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Create a static inventory file of all the nodes in your environment: 

    $ tripleo-ansible-inventory --static-yaml-inventory ~/inventory.yaml --stack STACK_NAME
    Copy to Clipboard Toggle word wrap

    If you are not using the default overcloud stack name, set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

  4. To copy the leapp data to the overcloud nodes, run the following synchronize Ansible command: 

    $ ansible -i ~/inventory.yaml --become -m synchronize -a "src=/etc/leapp/files dest=/etc/leapp/" overcloud
    Copy to Clipboard Toggle word wrap

Before you run the Leapp upgrade on overcloud nodes, you must check for kernel-based NIC names, which usually contain an eth prefix. These NIC names are usually unpredictable in terms of NIC assignments.

You can run the playbook-nics.yaml playbook to rename NIC names to use the em NIC prefix. You can also set a different NIC prefix, by modifying the prefix variable when running the playbook. However, the NIC changes are only applied after the Leapp upgrade process completes and the node is rebooted.

Prerequisites

  • The playbook-nics.yaml playbook created during the undercloud preparation process. The playbook-nics.yaml playbook accommodates most overcloud networking scenarios that use Ethernet devices, bridges, and Linux bonds. If your environment requires additional configuration beyond these device types, follow these recommendations before proceeding:

    • Test the playbook on a separate system with a similar networking configuration to your overcloud nodes
    • Modify the playbook to accommodate renaming the eth prefix within the configuration of other device types
    • Check the networking configuration of your overcloud nodes after you complete this procedure

Procedure

  1. Log in to the undercloud as the stack user.

  2. Run the playbook-nics.yaml playbook on all overcloud nodes: 

    $ ansible-playbook -i ~/inventory.yaml playbook-nics.yaml
    Copy to Clipboard Toggle word wrap

    The playbook sets the new NIC prefix to em. To set a different NIC prefix, set the prefix variable when running the playbook: 

    $ ansible-playbook -i ~/inventory.yaml -e prefix="mynic" playbook-nics.yaml
    Copy to Clipboard Toggle word wrap

    The NIC changes are only applied after the Leapp upgrade process completes and the node is rebooted.

Resources

You must complete some composable service configuration to prepare for the overcloud upgrade.

This section contains information about new and deprecated composable services.

  • If you use the default roles_data file, these services are included automatically.
  • If you use a custom roles_data file, add the new services and remove the deprecated services for each relevant role.
Important

If any overcloud nodes in your deployment are dedicated Object Storage (swift) nodes, you must copy the default roles_data.yaml file and edit ObjectStorage to remove the following line: deprecated_server_resource_name: 'SwiftStorage'

Controller nodes

The following services have been deprecated for Controller nodes. Remove them from your Controller role.

Expand
ServiceReason

OS::TripleO::Services::AodhApi

OS::TripleO::Services::AodhEvaluator

OS::TripleO::Services::AodhListener

OS::TripleO::Services::AodhNotifier

The OpenStack Telemetry services are deprecated in favour of Service Telemetry Framework (STF) for metrics and monitoring. The legacy telemetry services are only available in RHOSP 16.1 to help facilitate the transition to STF and will be removed in a future version of RHOSP.

Note

If you use auto scaling, do not remove these services from your Controller nodes.

OS::TripleO::Services::PankoApi

The OpenStack Telemetry services are deprecated in favour of Service Telemetry Framework (STF) for metrics and monitoring. The legacy telemetry services are only available in RHOSP 16.1 to help facilitate the transition to STF and will be removed in a future version of RHOSP.

Note

If you use CloudForms, do not remove these services from your Controller nodes.

OS::TripleO::Services::CeilometerApi

OS::TripleO::Services::CeilometerCollector

OS::TripleO::Services::CeilometerExpirer

OS::TripleO::Services::MongoDb

These services are no longer supported. Remove these services from your Controller nodes.

OS::TripleO::Services::Congress

Congress is no longer supported.

OS::TripleO::Services::GlanceRegistry

This service is no longer supported due to OpenStack Platform Image Service (glance) API v2.

OS::TripleO::Services::NeutronCorePluginPlumgrid

OS::TripleO::Services::NeutronCorePluginMidonet

Deprecated plug-ins for OpenStack Networking (neutron).

OS::TripleO::Services::NeutronLbaasv2Agent

OS::TripleO::Services::NeutronLbaasv2Api

OpenStack Networking (neutron) Load Balancing as a Service deprecated in favour of Octavia.

OS::TripleO::Services::NovaConsoleauth

This service is removed.

OS::TripleO::Services::NovaPlacement

Deprecated in favor of OS::TripleO::Services::PlacementApi.

OS::TripleO::Services::OpenDaylightApi

OS::TripleO::Services::OpenDaylightOvs

OpenDaylight is no longer supported.

OS::TripleO::Services::RabbitMQ

This service has been substituted for two new services:

OS::TripleO::Services::OsloMessagingRpc

OS::TripleO::Services::OsloMessagingNotify

OS::TripleO::Services::SkydiveAgent

OS::TripleO::Services::SkydiveAnalyzer

Skydive is no longer supported.

OS::TripleO::Services::Tacker

Tacker is no longer supported.

The following services are new for Controller nodes. Add them to your Controller role.

Expand
ServiceReason

OS::TripleO::Services::CephGrafana

Tasks to enable Ceph Dashboard service.

OS::TripleO::Services::CinderBackendDellEMCPowermax

OS::TripleO::Services::CinderBackendDellEMCSc

OS::TripleO::Services::CinderBackendNVMeOF

New backends for Block Storage (cinder).

OS::TripleO::Services::ContainerImagePrepare

Run the commands to automatically pull and prepare container images relevant to the services in your overcloud.

OS::TripleO::Services::DesignateApi

OS::TripleO::Services::DesignateCentral

OS::TripleO::Services::DesignateProducer

OS::TripleO::Services::DesignateWorker

OS::TripleO::Services::DesignateMDNS

OS::TripleO::Services::DesignateSink

Services for DNS-as-a-Service (designate).

OS::TripleO::Services::IronicInspector

Service for Bare Metal Introspection for the overcloud.

OS::TripleO::Services::IronicNeutronAgent

The networking agent for OpenStack Bare Metal (ironic).

OS::TripleO::Services::NeutronAgentsIBConfig

Service for OpenStack Networking (neutron) agent for Mellanox InfiniBand.

OS::TripleO::Services::OpenStackClients

Service for installing the Red Hat OpenStack Platform command line tools.

OS::TripleO::Services::OsloMessagingRpc

OS::TripleO::Services::OsloMessagingNotify

Replacement services for the OS::TripleO::Services::RabbitMQ service.

OS::TripleO::Services::PlacementApi

Service for the Placement API.

Compute Nodes

The following services have been deprecated for Compute nodes. Remove them from your Compute role.

Expand
ServiceReason

OS::TripleO::Services::OpenDaylightOvs

OpenDaylight is no longer supported.

OS::TripleO::Services::SkydiveAgent

Skydive is no longer supported.

The following services are new for Compute nodes. Add them to your Compute role.

Expand
ServiceReason

OS::TripleO::Services::NovaAZConfig

Service to configure host aggregate and availability zone in OpenStack Compute (nova).

All Nodes

The following services have been deprecated for all nodes. Remove them from all roles.

Expand
ServiceReason

OS::TripleO::Services::Docker

Replaced with Podman.

OS::TripleO::Services::Fluentd

Deprecated in favour of OS::TripleO::Services::Rsyslog.

OS::TripleO::Services::Ntp

Deprecated in favour of OS::TripleO::Services::Timesync.

OS::TripleO::Services::SensuClient

Deprecated service.

OS::TripleO::Services::Ptp

Deprecated in favour of OS::TripleO::Services::Timesync.

The following services are new for all nodes. Add them to all roles.

Expand
ServiceReason

OS::TripleO::Services::BootParams

Service to set Kernel arguments, Tuned profiles, and CPU isolation.

OS::TripleO::Services::Collectd

Service to configure Collectd.

OS::TripleO::Services::Multipathd

Provides a Multipathd service, which is disabled by default

OS::TripleO::Services::Podman

Service to install and enable Podman.

OS::TripleO::Services::Rear

Service to install and enable Relax-and-Recover (ReaR) backup and restore tools.

OS::TripleO::Services::Rsyslog

Service to configure centralized log collection.

OS::TripleO::Services::Timesync

Service to enable time synchronization method, which is Chronyd by default.

If you have any custom environment files with resource_registry sections, check the resource_registry sections for changes in composable service template mappings. The composable service files for Red Hat OpenStack Platform 16.1 reside in a new location within /usr/share/openstack-tripleo-heat-templates/:

Expand
Red Hat OpenStack Platform 13Red Hat OpenStack Platform 16.1

docker/services/

deployment

The deployment directory contains a set of sub-directories to group composable services. For example, the keystone sub-directory contains composable service templates for OpenStack Identity (keystone).

To remap composable services in custom environment files, check the template location for the current service mapping and edit the mapping to the new location. This procedure uses ceph-mgr.yaml as an example.

Important

This procedure acts as guidance only for remapping composable services. If you are unsure of any mapping, contact Red Hat and request advice on the correct mapping.

Procedure

  1. Search for custom environment files that use composable services. You usually store custom environment files in the /home/stack/templates directory: 

    $ cd ~/templates/
$ grep "OS::TripleO::Services" *
    Copy to Clipboard Toggle word wrap

    In this scenario, one of the files shows an outdated mapping: 

      OS::TripleO::Services::CephMgr: /usr/share/openstack-tripleo-heat-templates/docker/services/ceph-ansible/ceph-mgr.yaml
    Copy to Clipboard Toggle word wrap

  2. Identify the new ceph-mgr.yaml location in /usr/share/openstack-tripleo-heat-templates/. This file is now located in the `deployment/ceph-ansible' directory: 

    $ find /usr/share/openstack-tripleo-heat-templates/ -name ceph-mgr.yaml
/usr/share/openstack-tripleo-heat-templates/deployment/ceph-ansible/ceph-mgr.yaml
    Copy to Clipboard Toggle word wrap

  3. Edit the service in the custom environment file: 

    resource_registry:
  OS::TripleO::Services::CephMgr: /usr/share/openstack-tripleo-heat-templates/deployment/ceph-ansible/ceph-mgr.yaml
    Copy to Clipboard Toggle word wrap

    Save the file.

9.3. Configuring access to the undercloud registry
Copy link

To configure access to the undercloud registry, add the control plane host name of the undercloud and the IP address of the undercloud on the provisioning network to the DockerInsecureRegistryAddress parameter. Place this parameter in the containers-prepare-parameter.yaml file to ensure that the parameter is included in future overcloud deployments.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Obtain the control plane host name on the undercloud: 

    $ sudo hiera container_image_prepare_node_names
["undercloud.ctlplane.localdomain"]
    Copy to Clipboard Toggle word wrap

  3. Edit the containers-prepare-parameter.yaml file and add the DockerInsecureRegistryAddress parameter with a YAML list that contains the control plane host name of the undercloud and the IP address of the undercloud on the provisioning network: 

    parameter_defaults:
  DockerInsecureRegistryAddress:
  - undercloud.ctlplane.localdomain:8787
  - 192.168.24.1:8787
  ...
    Copy to Clipboard Toggle word wrap

    You must also append the port number of the overcloud registry to the host name and IP address values. The port number is 8787.

If your environment uses a custom NovaSchedulerDefaultFilters parameter, edit the parameter to remove the following deprecated and removed filters:

Expand
FilterStatus

AggregateCoreFilter

Deprecated

AggregateRamFilter

Deprecated

AggregateDiskFilter

Deprecated

ExactCoreFilter

Removed

ExactRamFilter

Removed

ExactDiskFilter

Removed

CoreFilter

Removed

RamFilter

Removed

DiskFilter

Removed

RetryFilter

Deprecated

Important

Avoid using filters marked Deprecated. Red Hat OpenStack Platform 16.1 still includes deprecated filters but future versions of Red Hat OpenStack Platform will not include these filters.

9.5. Setting the Compute name format
Copy link

Red Hat OpenStack Platform 13 uses %stackname%-compute-%index% as the default naming format for Compute nodes. Red Hat OpenStack Platform 16.1 uses %stackname%-novacompute-%index% as the default naming format for Compute nodes. Change the default naming format to retain the original Red Hat OpenStack Platform 13 naming format. If you do not use the original naming format, director configures new OpenStack Compute (nova) agents with the new naming format and keeps the existing OpenStack Compute (nova) agents with the old naming format as orphaned services.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Set the Compute naming format:

    • If you use a custom roles_data file, edit the custom roles_data file and set the HostnameFormatDefault parameter for the Compute role: 

      - name: Compute
  …​
  HostnameFormatDefault: '%stackname%-compute-%index%'
  …​
      Copy to Clipboard Toggle word wrap

      Save the custom roles_data file.

    • If you use the default roles_data file in openstack-tripleo-heat-templates, set the naming format in an environment file. Edit the environment file with your node counts and flavors, which is usually named node-info.yaml. Add the ComputeHostnameFormat parameter to the parameter_defaults section: 

      parameter_defaults:
  …​
  ComputeHostnameFormat: '%stackname%-compute-%index%'
  …​
      Copy to Clipboard Toggle word wrap

      Save the node-info.yaml file.

9.6. Configuring the instance serial number
Copy link

In Red Hat OpenStack Platform 13, the serial number for instances stored in the virtual BIOS of the host machine is based on the serial number of the host.

In Red Hat OpenStack Platform 16.1, the serial number for instances stored in the virtual BIOS of the host machine is based on the UUID of the instance by default.

If you want to retain the behaviour of your Red Hat OpenStack Platform 13 deployment when you upgrade to Red Hat OpenStack Platform 16.1, you must configure [libvirt]sysinfo_serial.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    [stack@director ~]$ source ~/stackrc
    Copy to Clipboard Toggle word wrap
  3. Open an environment file.

  4. Add the following configuration to your environment file to specify that the instance serial number is based on the serial number of the host: 

    parameter_defaults:
  <Role>ExtraConfig:
    nova::config::nova_config:
      libvirt/sysinfo_serial:
        value: auto
    Copy to Clipboard Toggle word wrap
  5. Save the updates to your environment file, and add the file to your overcloud upgrade and deployment commands.

9.7. Updating your SSL/TLS configuration
Copy link

Remove the NodeTLSData resource from the resource_registry to update your SSL/TLS configuration.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap
  3. Edit your custom overcloud SSL/TLS public endpoint file, which is usually named ~/templates/enable-tls.yaml.

  4. Remove the NodeTLSData resource from the `resource_registry: 

    resource_registry:
  OS::TripleO::NodeTLSData: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/tls/tls-cert-inject.yaml
  …​
    Copy to Clipboard Toggle word wrap

    The overcloud deployment uses a new service in HAProxy to determine if SSL/TLS is enabled.

    Note

    If this is the only resource in the resource_registry section of the enable-tls.yaml file, remove the complete resource_registry section.

  5. Save the SSL/TLS public endpoint file file.

9.8. Updating post configuration templates
Copy link

If you use the OS::TripleO::NodeExtraConfigPost resource to register and run a post-configuration template, you must add the EndpointMap parameter to the template.

Procedure

  1. Edit the post-configuration template.

  2. Under the parameters section, add the EndpointMap parameter and its sub-parameters: 

    parameters:
  servers:
    type: json
  nameserver_ip:
    type: string
  DeployIdentifier:
    type: string
  EndpointMap:
    default: {}
    type: json
    Copy to Clipboard Toggle word wrap
  3. Save the template.

In Red Hat OpenStack Platform (RHOSP) 16.1, the OpenStack Telemetry components are deprecated in favor of the Service Telemetry Framework (STF), therefore the legacy telemetry components are not enabled after the upgrade.

If you use auto scaling or CloudForms services, you must retain the legacy telemetry services.

To retain legacy RHOSP 13 telemetry services, include the /usr/share/openstack-tripleo-heat-templates/environments/enable-legacy-telemetry.yaml environment file when you run the openstack overcloud upgrade prepare and openstack overcloud upgrade converge commands.

You must also include the enable-legacy-telemetry.yaml environment file every time you update the overcloud after the upgrade.

The legacy telemetry services are only available to help facilitate the transition to STF and will be removed in a future version of RHOSP.

Red Hat OpenStack Platform 16.1 uses Ansible-based methods to register overcloud nodes to the Red Hat Customer Portal.

You can use the rhsm composable service to register overcloud nodes through Ansible. Each role in the default roles_data file contains a OS::TripleO::Services::Rhsm resource, which is disabled by default. To enable the service, register the resource to the rhsm composable service file: 

resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/deployment/rhsm/rhsm-baremetal-ansible.yaml
Copy to Clipboard Toggle word wrap

The rhsm composable service accepts a RhsmVars parameter, which you can use to define multiple sub-parameters relevant to your registration: 

parameter_defaults:
  RhsmVars:
    rhsm_repos:
      - rhel-8-for-x86_64-baseos-tus-rpms
      - rhel-8-for-x86_64-appstream-tus-rpms
      - rhel-8-for-x86_64-highavailability-tus-rpms
      …​
    rhsm_username: "myusername"
    rhsm_password: "p@55w0rd!"
    rhsm_org_id: "1234567"
    rhsm_release: 8.2
Copy to Clipboard Toggle word wrap

You can also use the RhsmVars parameter in combination with role-specific parameters, for example, ControllerParameters, to provide flexibility when enabling specific repositories for different nodes types.

10.2. RhsmVars sub-parameters
Copy link

Use the following sub-parameters as part of the RhsmVars parameter when you configure the rhsm composable service. For more information about the Ansible parameters that are available, see the role documentation.

Expand
rhsmDescription

rhsm_method

Choose the registration method. Either portal, satellite, or disable.

rhsm_org_id

The organization that you want to use for registration. To locate this ID, run sudo subscription-manager orgs from the undercloud node. Enter your Red Hat credentials at the prompt, and use the resulting Key value. For more information on your organization ID, see Understanding the Red Hat Subscription Management Organization ID.

rhsm_pool_ids

The subscription pool ID that you want to use. Use this parameter if you do not want to auto-attach subscriptions. To locate this ID, run sudo subscription-manager list --available --all --matches="Red Hat OpenStack" from the undercloud node, and use the resulting Pool ID value.

rhsm_activation_key

The activation key that you want to use for registration.

rhsm_autosubscribe

Use this parameter to attach compatible subscriptions to this system automatically. Set the value to true to enable this feature.

rhsm_baseurl

The base URL for obtaining content. The default URL is the Red Hat Content Delivery Network. If you use a Satellite server, change this value to the base URL of your Satellite server content repositories.

rhsm_server_hostname

The hostname of the subscription management service for registration. The default is the Red Hat Subscription Management hostname. If you use a Satellite server, change this value to your Satellite server hostname.

rhsm_repos

A list of repositories that you want to enable.

rhsm_username

The username for registration. If possible, use activation keys for registration.

rhsm_password

The password for registration. If possible, use activation keys for registration.

rhsm_release

Red Hat Enterprise Linux release for pinning the repositories. This is set to 8.2 for Red Hat OpenStack Platform

rhsm_rhsm_proxy_hostname

The hostname for the HTTP proxy. For example: proxy.example.com.

rhsm_rhsm_proxy_port

The port for HTTP proxy communication. For example: 8080.

rhsm_rhsm_proxy_user

The username to access the HTTP proxy.

rhsm_rhsm_proxy_password

The password to access the HTTP proxy.

Important

You can use rhsm_activation_key and rhsm_repos together only if rhsm_method is set to portal. If rhsm_method is set to 'satellite', you can only use either rhsm_activation_key or rhsm_repos.

10.3. Switching to the rhsm composable service
Copy link

The previous rhel-registration method runs a bash script to handle the overcloud registration. The scripts and environment files for this method are located in the core heat template collection at /usr/share/openstack-tripleo-heat-templates/extraconfig/pre_deploy/rhel-registration/.

Complete the following steps to switch from the rhel-registration method to the rhsm composable service.

Procedure

  1. Exclude the rhel-registration environment files from future deployments operations. In most cases, exclude the following files:

    • rhel-registration/environment-rhel-registration.yaml
    • rhel-registration/rhel-registration-resource-registry.yaml

  2. If you use a custom roles_data file, ensure that each role in your roles_data file contains the OS::TripleO::Services::Rhsm composable service. For example: 

    - name: Controller
  description: |
    Controller role that has all the controller services loaded and handles
    Database, Messaging and Network functions.
  CountDefault: 1
  ...
  ServicesDefault:
    ...
    - OS::TripleO::Services::Rhsm
    ...
    Copy to Clipboard Toggle word wrap
  3. Add the environment file for rhsm composable service parameters to future deployment operations.

This method replaces the rhel-registration parameters with the rhsm service parameters and changes the heat resource that enables the service from: 

resource_registry:
  OS::TripleO::NodeExtraConfig: rhel-registration.yaml
Copy to Clipboard Toggle word wrap

To: 

resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/deployment/rhsm/rhsm-baremetal-ansible.yaml
Copy to Clipboard Toggle word wrap

You can also include the /usr/share/openstack-tripleo-heat-templates/environments/rhsm.yaml environment file with your deployment to enable the service.

10.4. rhel-registration to rhsm mappings
Copy link

To help transition your details from the rhel-registration method to the rhsm method, use the following table to map your parameters and values.

Expand
rhel-registrationrhsm / RhsmVars

rhel_reg_method

rhsm_method

rhel_reg_org

rhsm_org_id

rhel_reg_pool_id

rhsm_pool_ids

rhel_reg_activation_key

rhsm_activation_key

rhel_reg_auto_attach

rhsm_autosubscribe

rhel_reg_sat_url

rhsm_satellite_url

rhel_reg_repos

rhsm_repos

rhel_reg_user

rhsm_username

rhel_reg_password

rhsm_password

rhel_reg_release

rhsm_release

rhel_reg_http_proxy_host

rhsm_rhsm_proxy_hostname

rhel_reg_http_proxy_port

rhsm_rhsm_proxy_port

rhel_reg_http_proxy_username

rhsm_rhsm_proxy_user

rhel_reg_http_proxy_password

rhsm_rhsm_proxy_password

Create an environment file that enables and configures the rhsm composable service. Director uses this environment file to register and subscribe your nodes.

Procedure

  1. Create an environment file named templates/rhsm.yml to store the configuration.

  2. Include your configuration in the environment file. For example: 

    resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/deployment/rhsm/rhsm-baremetal-ansible.yaml
parameter_defaults:
  RhsmVars:
    rhsm_repos:
      - rhel-8-for-x86_64-baseos-tus-rpms
      - rhel-8-for-x86_64-appstream-tus-rpms
      - rhel-8-for-x86_64-highavailability-tus-rpms
      …​
    rhsm_username: "myusername"
    rhsm_password: "p@55w0rd!"
    rhsm_org_id: "1234567"
    rhsm_pool_ids: "1a85f9223e3d5e43013e3d6e8ff506fd"
    rhsm_method: "portal"
    rhsm_release: 8.2
    Copy to Clipboard Toggle word wrap
    • The resource_registry section associates the rhsm composable service with the OS::TripleO::Services::Rhsm resource, which is available on each role.
    • The RhsmVars variable passes parameters to Ansible for configuring your Red Hat registration.
  3. Save the environment file.

You can apply the rhsm composable service on a per-role basis. For example, you can apply different sets of configurations to Controller nodes, Compute nodes, and Ceph Storage nodes.

Procedure

  1. Create an environment file named templates/rhsm.yml to store the configuration.

  2. Include your configuration in the environment file. For example: 

    resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/deployment/rhsm/rhsm-baremetal-ansible.yaml
parameter_defaults:
  ControllerParameters:
    RhsmVars:
      rhsm_repos:
        - rhel-8-for-x86_64-baseos-tus-rpms
        - rhel-8-for-x86_64-appstream-tus-rpms
        - rhel-8-for-x86_64-highavailability-tus-rpms
        - ansible-2.9-for-rhel-8-x86_64-rpms
        - advanced-virt-for-rhel-8-x86_64-eus-rpms
        - openstack-16.1-for-rhel-8-x86_64-rpms
        - fast-datapath-for-rhel-8-x86_64-rpms
      rhsm_username: "myusername"
      rhsm_password: "p@55w0rd!"
      rhsm_org_id: "1234567"
      rhsm_pool_ids: "55d251f1490556f3e75aa37e89e10ce5"
      rhsm_method: "portal"
      rhsm_release: 8.2
  ComputeParameters:
    RhsmVars:
      rhsm_repos:
        - rhel-8-for-x86_64-baseos-tus-rpms
        - rhel-8-for-x86_64-appstream-tus-rpms
        - rhel-8-for-x86_64-highavailability-tus-rpms
        - ansible-2.9-for-rhel-8-x86_64-rpms
        - advanced-virt-for-rhel-8-x86_64-eus-rpms
        - openstack-16.1-for-rhel-8-x86_64-rpms
        - fast-datapath-for-rhel-8-x86_64-rpms
      rhsm_username: "myusername"
      rhsm_password: "p@55w0rd!"
      rhsm_org_id: "1234567"
      rhsm_pool_ids: "55d251f1490556f3e75aa37e89e10ce5"
      rhsm_method: "portal"
      rhsm_release: 8.2
  CephStorageParameters:
    RhsmVars:
      rhsm_repos:
        - rhel-8-for-x86_64-baseos-tus-rpms
        - rhel-8-for-x86_64-appstream-tus-rpms
        - rhel-8-for-x86_64-highavailability-tus-rpms
        - ansible-2.9-for-rhel-8-x86_64-rpms
        - openstack-16.1-deployment-tools-for-rhel-8-x86_64-rpms
      rhsm_username: "myusername"
      rhsm_password: "p@55w0rd!"
      rhsm_org_id: "1234567"
      rhsm_pool_ids: "68790a7aa2dc9dc50a9bc39fabc55e0d"
      rhsm_method: "portal"
      rhsm_release: 8.2
    Copy to Clipboard Toggle word wrap

    The resource_registry associates the rhsm composable service with the OS::TripleO::Services::Rhsm resource, which is available on each role.

    The ControllerParameters, ComputeParameters, and CephStorageParameters parameters each use a separate RhsmVars parameter to pass subscription details to their respective roles.

    Note

    Set the RhsmVars parameter within the CephStorageParameters parameter to use a Red Hat Ceph Storage subscription and repositories specific to Ceph Storage. Ensure the rhsm_repos parameter contains the standard Red Hat Enterprise Linux repositories instead of the Extended Update Support (EUS) repositories that Controller and Compute nodes require.

  3. Save the environment file.

Red Hat OpenStack Platform 16.1 uses Ansible-based methods to register overcloud nodes to Red Hat Satellite Server 6.

You can use the rhsm composable service to register overcloud nodes through Ansible. Each role in the default roles_data file contains a OS::TripleO::Services::Rhsm resource, which is disabled by default. To enable the service, register the resource to the rhsm composable service file: 

resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/deployment/rhsm/rhsm-baremetal-ansible.yaml
Copy to Clipboard Toggle word wrap

The rhsm composable service accepts a RhsmVars parameter, which you can use to define multiple sub-parameters relevant to your registration: 

parameter_defaults:
  RhsmVars:
    rhsm_repos:
      - rhel-8-for-x86_64-baseos-tus-rpms
      - rhel-8-for-x86_64-appstream-tus-rpms
      - rhel-8-for-x86_64-highavailability-tus-rpms
      …​
    rhsm_username: "myusername"
    rhsm_password: "p@55w0rd!"
    rhsm_org_id: "1234567"
    rhsm_release: 8.2
Copy to Clipboard Toggle word wrap

You can also use the RhsmVars parameter in combination with role-specific parameters, for example, ControllerParameters, to provide flexibility when enabling specific repositories for different nodes types.

11.2. RhsmVars sub-parameters
Copy link

Use the following sub-parameters as part of the RhsmVars parameter when you configure the rhsm composable service. For more information about the Ansible parameters that are available, see the role documentation.

Expand
rhsmDescription

rhsm_method

Choose the registration method. Either portal, satellite, or disable.

rhsm_org_id

The organization that you want to use for registration. To locate this ID, run sudo subscription-manager orgs from the undercloud node. Enter your Red Hat credentials at the prompt, and use the resulting Key value. For more information on your organization ID, see Understanding the Red Hat Subscription Management Organization ID.

rhsm_pool_ids

The subscription pool ID that you want to use. Use this parameter if you do not want to auto-attach subscriptions. To locate this ID, run sudo subscription-manager list --available --all --matches="Red Hat OpenStack" from the undercloud node, and use the resulting Pool ID value.

rhsm_activation_key

The activation key that you want to use for registration.

rhsm_autosubscribe

Use this parameter to attach compatible subscriptions to this system automatically. Set the value to true to enable this feature.

rhsm_baseurl

The base URL for obtaining content. The default URL is the Red Hat Content Delivery Network. If you use a Satellite server, change this value to the base URL of your Satellite server content repositories.

rhsm_server_hostname

The hostname of the subscription management service for registration. The default is the Red Hat Subscription Management hostname. If you use a Satellite server, change this value to your Satellite server hostname.

rhsm_repos

A list of repositories that you want to enable.

rhsm_username

The username for registration. If possible, use activation keys for registration.

rhsm_password

The password for registration. If possible, use activation keys for registration.

rhsm_release

Red Hat Enterprise Linux release for pinning the repositories. This is set to 8.2 for Red Hat OpenStack Platform

rhsm_rhsm_proxy_hostname

The hostname for the HTTP proxy. For example: proxy.example.com.

rhsm_rhsm_proxy_port

The port for HTTP proxy communication. For example: 8080.

rhsm_rhsm_proxy_user

The username to access the HTTP proxy.

rhsm_rhsm_proxy_password

The password to access the HTTP proxy.

Important

You can use rhsm_activation_key and rhsm_repos together only if rhsm_method is set to portal. If rhsm_method is set to 'satellite', you can only use either rhsm_activation_key or rhsm_repos.

11.3. Switching to the rhsm composable service
Copy link

The previous rhel-registration method runs a bash script to handle the overcloud registration. The scripts and environment files for this method are located in the core heat template collection at /usr/share/openstack-tripleo-heat-templates/extraconfig/pre_deploy/rhel-registration/.

Complete the following steps to switch from the rhel-registration method to the rhsm composable service.

Procedure

  1. Exclude the rhel-registration environment files from future deployments operations. In most cases, exclude the following files:

    • rhel-registration/environment-rhel-registration.yaml
    • rhel-registration/rhel-registration-resource-registry.yaml

  2. If you use a custom roles_data file, ensure that each role in your roles_data file contains the OS::TripleO::Services::Rhsm composable service. For example: 

    - name: Controller
  description: |
    Controller role that has all the controller services loaded and handles
    Database, Messaging and Network functions.
  CountDefault: 1
  ...
  ServicesDefault:
    ...
    - OS::TripleO::Services::Rhsm
    ...
    Copy to Clipboard Toggle word wrap
  3. Add the environment file for rhsm composable service parameters to future deployment operations.

This method replaces the rhel-registration parameters with the rhsm service parameters and changes the heat resource that enables the service from: 

resource_registry:
  OS::TripleO::NodeExtraConfig: rhel-registration.yaml
Copy to Clipboard Toggle word wrap

To: 

resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/deployment/rhsm/rhsm-baremetal-ansible.yaml
Copy to Clipboard Toggle word wrap

You can also include the /usr/share/openstack-tripleo-heat-templates/environments/rhsm.yaml environment file with your deployment to enable the service.

11.4. rhel-registration to rhsm mappings
Copy link

To help transition your details from the rhel-registration method to the rhsm method, use the following table to map your parameters and values.

Expand
rhel-registrationrhsm / RhsmVars

rhel_reg_method

rhsm_method

rhel_reg_org

rhsm_org_id

rhel_reg_pool_id

rhsm_pool_ids

rhel_reg_activation_key

rhsm_activation_key

rhel_reg_auto_attach

rhsm_autosubscribe

rhel_reg_sat_url

rhsm_satellite_url

rhel_reg_repos

rhsm_repos

rhel_reg_user

rhsm_username

rhel_reg_password

rhsm_password

rhel_reg_release

rhsm_release

rhel_reg_http_proxy_host

rhsm_rhsm_proxy_hostname

rhel_reg_http_proxy_port

rhsm_rhsm_proxy_port

rhel_reg_http_proxy_username

rhsm_rhsm_proxy_user

rhel_reg_http_proxy_password

rhsm_rhsm_proxy_password

Create an environment file that enables and configures the rhsm composable service to register nodes to Red Hat Satellite instead of the Red Hat Customer Portal.

Procedure

  1. Create an environment file named templates/rhsm.yml to store the configuration.

  2. Include your configuration in the environment file. For example: 

    resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/deployment/rhsm/rhsm-baremetal-ansible.yaml
parameter_defaults:
  RhsmVars:
    rhsm_activation_key: "myactivationkey"
    rhsm_method: "satellite"
    rhsm_org_id: "ACME"
    rhsm_server_hostname: "satellite.example.com"
    rhsm_baseurl: "https://satellite.example.com/pulp/repos"
    rhsm_release: 8.2
    Copy to Clipboard Toggle word wrap

    The resource_registry associates the rhsm composable service with the OS::TripleO::Services::Rhsm resource, which is available on each role.

    The RhsmVars variable passes parameters to Ansible for configuring your Red Hat registration.

  3. Save the environment file.

11.6. Preparing Leapp to use Satellite Server
Copy link

If you use Satellite Server 6 to host RPM content, complete these preparation steps to ensure a successful Leapp upgrade with Satellite.

Prerequisites

  • Create a Satellite Server activation key that is linked to repositories for Red Hat OpenStack Platform 16.1 and Red Hat Enterprise Linux 8.2.
  • Generate an Ansible inventory file for your overcloud nodes.
  • On your Satellite Server, create and promote a content view for Red Hat OpenStack Platform 16.1 upgrade and include the repositories that required for the upgrade. For more information, see Red Hat Satellite Server 6 considerations.

  • If you use a Ceph subscription and have configured director to use the overcloud-minimal image for Ceph storage nodes, on your Satellite Server you must create a Content View and add the following Red Hat Enterprise Linux (RHEL) 8.2 repositories to it:

    • Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 

      rhel-8-for-x86_64-appstream-rpms
x86_64 8.2
      Copy to Clipboard Toggle word wrap

    • Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 

      rhel-8-for-x86_64-baseos-rpms
x86_64 8.2
      Copy to Clipboard Toggle word wrap

      For more information, see Importing Red Hat Content and Managing Content Views in the Red Hat Satellite Content Management Guide.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Create a file called playbook-satellite.yaml and paste the following content in the file: 

    - name: Pre-install leapp
  hosts: overcloud
  become: yes
  tasks:
    - name: Pre-install leapp
      yum:
        name:
          - leapp
          - leapp-repository
        state: installed
    - name: Remove katello-host-tools-fact-plugin
      yum:
        name:
          - katello-host-tools-fact-plugin
        state: removed
    - name: Register system
      redhat_subscription:
        activationkey: "osp16-key"
        org_id: "ACME"
        server_hostname: "satellite.example.com"
        rhsm_baseurl: "https://satellite.example.com/pulp/repos"
        force_register: True
    Copy to Clipboard Toggle word wrap

    Modify the redhat_subscription variables to suit your Satellite Server.

  3. Run the playbook: 

    $ ansible-playbook -i ~/inventory.yaml playbook-satellite.yaml
    Copy to Clipboard Toggle word wrap

If your deployment uses a director-deployed Red Hat Ceph Storage cluster, you must complete the procedures included in this section.

Important

RHOSP 16.1 is supported on RHEL 8.2. However, hosts that are mapped to the Ceph Storage role update to the latest major RHEL release. For more information, see Red Hat Ceph Storage: Supported configurations.

Note

If you are upgrading with external Ceph deployments, you must skip the procedures included in this section and continue to Chapter 13, Preparing for upgrading with external Ceph deployments.

The upgrade process maintains the use of Red Hat Ceph Storage 3 containerized services during the upgrade to Red Hat OpenStack Platform 16.1. After you complete the Red Hat OpenStack Platform 16.1 upgrade, you upgrade the Ceph Storage services to Red Hat Ceph Storage 4.

You cannot provision new shares with the Shared File Systems service (manila) until you complete both the Red Hat OpenStack Platform 16.1 upgrade and the Ceph Storage services upgrade to Red Hat Ceph Storage 4.

The director-deployed Ceph Storage nodes continue to use Red Hat Ceph Storage 3 containers during the overcloud upgrade process. To understand how Ceph Storage nodes and services are impacted during the upgrade process, read the following summaries for each aspect of the Ceph Storage upgrade process.

ceph-ansible

ceph-ansible is a collection of roles and playbooks that director uses to install, maintain, and upgrade Ceph Storage services. When you upgraded the undercloud, you ran certain commands that ensured ceph-ansible remained at the latest version 3 collection after the transition to Red Hat Enterprise Linux 8.2. Version 3 of ceph-ansible keeps the containerized Ceph Storage services on version 3 through the duration of the overcloud upgrade. After you complete the upgrade, you enable the Red Hat Ceph Storage update the Red Hat Ceph Storage Tools 4 for RHEL 8 repository and update ceph-ansible to version 4.

Migration to Podman

During the overcloud upgrade, you must run the openstack overcloud external-upgrade run --tags ceph_systemd command to change the systemd services that control Ceph Storage containerized services to use Podman instead of Docker. You run this command before performing the operating system upgrade on any node that contains Ceph Storage containerized services.

After you change the systemd services to use Podman on a node, you perform the operating system upgrade and the OpenStack Platform service upgrade. The Ceph Storage containers on that node will run again after the OpenStack Platform service upgrade.

Ceph Storage operating system upgrade

You follow the same workflow on Ceph Storage nodes as you do on overcloud nodes in general. When you run the openstack overcloud upgrade run --tags system_upgrade command against a Ceph Storage node, director runs Leapp on Ceph Storage node and upgrades the operating system to Red Hat Enterprise Linux 8.2. You then run the untagged openstack overcloud upgrade run command against the Ceph Storage node, which runs the following containers:

  • Red Hat Ceph Storage 3 containerized services
  • Red Hat OpenStack Platform 16.1 containerized services

Upgrading to Red Hat Ceph Storage 4

After you complete the Leapp upgrade and Red Hat OpenStack Platform upgrade, the Ceph Storage containerized services will still use version 3 containers. At this point, you must upgrade ceph-ansible to version 4 and then run the openstack overcloud external-upgrade run --tags ceph command that performs an upgrade of all Red Hat Ceph Storage services on all nodes to version 4.

Summary of the Ceph Storage workflow

The following list is a high level workflow for the Red Hat Ceph Storage upgrade. This workflow is integrated into the general Red Hat OpenStack Platform workflow and you run upgrade framework commands on the undercloud to perform the operations in this workflow.

  1. Upgrade the undercloud but retain version 3 of ceph-ansible
  2. Start the overcloud upgrade

  3. Perform the following tasks for each node that hosts Ceph Storage containerized services:

    1. Migrate the Ceph Storage containerized services to Podman
    2. Upgrade the operating system
    3. Upgrade the OpenStack Platform services, which relaunches Ceph Storage version 3 containerized services
  4. Complete the overcloud upgrade
  5. Upgrade ceph-ansible to version 4 on the undercloud
  6. Upgrade to Red Hat Ceph Storage 4 on the overcloud
Note

This list does not capture all steps in the complete Red Hat OpenStack Platform 16.1 upgrade process but focuses only on the aspects relevant to Red Hat Ceph Storage to describe what occurs to Ceph Storage services during the upgrade process.

12.2. Checking your ceph-ansible version
Copy link

During the undercloud upgrade, you retained the Ceph Storage 3 version of the ceph-ansible package. This helps maintain the compatibility of the Ceph Storage 3 containers on your Ceph Storage nodes. Verify that this package remains on your undercloud.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Run the dnf command to check the version of the ceph-ansible package: 

    $ sudo dnf info ceph-ansible
    Copy to Clipboard Toggle word wrap

    The command output shows version 3 of the ceph-ansible package: 

    Installed Packages
Name         : ceph-ansible
Version      : 3.xx.xx.xx
...
    Copy to Clipboard Toggle word wrap
Important

If the ceph-ansible package is missing or not a version 3 package, download the latest version 3 package from the Red Hat Package Browser and manually install the package on your undercloud. Note that the ceph-ansible version 3 package is only available from Red Hat Enterprise Linux 7 repositories and is not available in Red Hat Enterprise Linux 8 repositories. ceph-ansible version 3 is not supported on Red Hat Enterprise Linux 8 outside the context of the Red Hat OpenStack Platform framework for upgrades.

12.3. Setting the ceph-ansible repository
Copy link

The Red Hat OpenStack Platform 16.1 validation framework tests that ceph-ansible is installed correctly before director upgrades the overcloud to Red Hat Ceph Storage 4. The framework uses the CephAnsibleRepo parameter to check that you installed ceph-ansible from the correct repository. Director disables the test after you run the openstack overcloud upgrade prepare command and this test remains disabled through the duration of the Red Hat OpenStack Platform 16.1 overcloud upgrade. Director re-enables this test after running the openstack overcloud upgrade converge command. However, to prepare for this validation, you must set the CephAnsibleRepo parameter to the Red Hat Ceph Storage Tools 4 for RHEL 8 repository.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Edit the environment file that contains your overcloud Ceph Storage configuration. This file is usually named ceph-config.yaml and you can find it in your templates directory: 

    $ vi /home/stack/templates/ceph-config.yaml
    Copy to Clipboard Toggle word wrap

  3. Add the CephAnsibleRepo parameter to the parameter_defaults section: 

    parameter_defaults:
  ...
  CephAnsibleRepo: rhceph-4-tools-for-rhel-8-x86_64-rpms
  ...
    Copy to Clipboard Toggle word wrap

    CephAnsibleRepo sets the repository that includes ceph-ansible. The validation framework uses this parameter to check that you have installed ceph-ansible on the undercloud.

  4. Save the ceph-config.yaml file.

Before you can proceed with the overcloud upgrade, you must verify that the Ceph cluster is functioning as expected.

Procedure

  1. Log in to the node that is running the ceph-mon service. This node is usually a Controller node or a standalone Ceph Monitor node.

  2. Enter the following command to view the status of the Ceph cluster: 

    $ docker exec ceph-mon-$HOSTNAME ceph -s
    Copy to Clipboard Toggle word wrap
  3. Confirm that the health status of the cluster is HEALTH_OK and that all of the OSDs are up.

If you are upgrading with external Ceph deployments, you must complete the procedures included in this section.

Note

If your deployment does not use an external Ceph Storage cluster, you must skip the procedures included in this section and continue to the next section.

13.1. Installing ceph-ansible
Copy link

If you are upgrading with external Ceph deployments, you must complete this procedure.

The ceph-ansible package is required when you use Ceph Storage with Red Hat OpenStack Platform.

Procedure

  1. Enable the Ceph Tools repository: 

    [stack@director ~]$ sudo subscription-manager repos --enable=rhceph-4-tools-for-rhel-8-x86_64-rpms
    Copy to Clipboard Toggle word wrap

  2. Install the ceph-ansible package: 

    [stack@director ~]$ sudo dnf install -y ceph-ansible
    Copy to Clipboard Toggle word wrap

13.2. Setting the ceph-ansible repository
Copy link

The Red Hat OpenStack Platform 16.1 validation framework tests that ceph-ansible is installed correctly before director upgrades the overcloud to Red Hat Ceph Storage 4. The framework uses the CephAnsibleRepo parameter to check that you installed ceph-ansible from the correct repository. Director disables the test after you run the openstack overcloud upgrade prepare command and this test remains disabled through the duration of the Red Hat OpenStack Platform 16.1 overcloud upgrade. Director re-enables this test after running the openstack overcloud upgrade converge command. However, to prepare for this validation, you must set the CephAnsibleRepo parameter to the Red Hat Ceph Storage Tools 4 for RHEL 8 repository.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Edit the environment file that contains your overcloud Ceph Storage configuration. This file is usually named ceph-config.yaml and you can find it in your templates directory: 

    $ vi /home/stack/templates/ceph-config.yaml
    Copy to Clipboard Toggle word wrap

  3. Add the CephAnsibleRepo parameter to the parameter_defaults section: 

    parameter_defaults:
  ...
  CephAnsibleRepo: rhceph-4-tools-for-rhel-8-x86_64-rpms
  ...
    Copy to Clipboard Toggle word wrap

    CephAnsibleRepo sets the repository that includes ceph-ansible. The validation framework uses this parameter to check that you have installed ceph-ansible on the undercloud.

  4. Save the ceph-config.yaml file.

Chapter 14. Updating network configuration
Copy link

You must complete some network configuration to prepare for the overcloud upgrade.

14.1. Updating network interface templates
Copy link

Red Hat OpenStack Platform includes a script to automatically add the missing parameters to your NIC template files.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file. 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. On the undercloud, create a file called update-nic-templates.sh and include the following content in the file: 

    #!/bin/bash
STACK_NAME="overcloud"
ROLES_DATA="/usr/share/openstack-tripleo-heat-templates/roles_data.yaml"
NETWORK_DATA="/usr/share/openstack-tripleo-heat-templates/network_data.yaml"
NIC_CONFIG_LINES=$(openstack stack environment show $STACK_NAME | grep "::Net::SoftwareConfig" | sed -E 's/ *OS::TripleO::// ; s/::Net::SoftwareConfig:// ; s/ http.*user-files/ /')
echo "$NIC_CONFIG_LINES" | while read LINE; do
    ROLE=$(echo "$LINE" | awk '{print $1;}')
    NIC_CONFIG=$(echo "$LINE" | awk '{print $2;}')

    if [ -f "$NIC_CONFIG" ]; then
        echo "Updating template for $ROLE role."
        python3 /usr/share/openstack-tripleo-heat-templates/tools/merge-new-params-nic-config-script.py \
            --tht-dir /usr/share/openstack-tripleo-heat-templates \
            --roles-data $ROLES_DATA \
            --network-data $NETWORK_DATA \
            --role-name "$ROLE" \
            --discard-comments yes \
            --template "$NIC_CONFIG"
    else
        echo "No NIC template detected for $ROLE role. Skipping $ROLE role."
    fi
done
    Copy to Clipboard Toggle word wrap
    • If you use a custom overcloud name, Set the STACK_NAME variable to the name of your overcloud. The default name for an overcloud stack is overcloud.
    • If you use a custom roles_data file, set the ROLES_DATA variable to the location of the custom file. If you use the default roles_data file, leave the variable as /usr/share/openstack-tripleo-heat-templates/roles_data.yaml
    • If you use a custom network_data file, set the NETWORK_DATA variable to the location of the custom file. If you use the default network_data file, leave the variable as /usr/share/openstack-tripleo-heat-templates/network_data.yaml
    • Run /usr/share/openstack-tripleo-heat-templates/tools/merge-new-params-nic-config-script.py -h to see a list of options to add to the script.

  4. Add executable permissions to the script: 

    $ chmod +x update-nic-templates.sh
    Copy to Clipboard Toggle word wrap
  5. Optional: If you use a spine-leaf network topology for your RHOSP environment, check the roles_data.yaml file and ensure that it uses the correct role names for the NIC templates for your deployment. The script uses the value of the deprecated_nic_config_name parameter in the roles_data.yaml file.

  6. Run the script: 

    $ ./update-nic-templates.sh
    Copy to Clipboard Toggle word wrap

    The script saves a copy of each custom NIC template and updates each template with the missing parameters. The script also skips any roles that do not have a custom template: 

    No NIC template detected for BlockStorage role. Skipping BlockStorage role.
Updating template for CephStorage role.
The original template was saved as: /home/stack/templates/custom-nics/ceph-storage.yaml.20200903144835
The update template was saved as: /home/stack/templates/custom-nics/ceph-storage.yaml
Updating template for Compute role.
The original template was saved as: /home/stack/templates/custom-nics/compute.yaml.20200903144838
The update template was saved as: /home/stack/templates/custom-nics/compute.yaml
Updating template for Controller role.
The original template was saved as: /home/stack/templates/custom-nics/controller.yaml.20200903144841
The update template was saved as: /home/stack/templates/custom-nics/controller.yaml
No NIC template detected for ObjectStorage role. Skipping ObjectStorage role.
    Copy to Clipboard Toggle word wrap

Red Hat OpenStack Platform 13 uses Open vSwitch (OVS) as the default ML2 back end for OpenStack Networking (neutron). Newer versions of Red Hat OpenStack Platform use Open Virtual Network (OVN), which expands upon OVS capabilities. However, to ensure a stable upgrade, you must maintain OVS functionality during the duration of the upgrade and then migrate to OVN after you complete the upgrade.

To maintain OVS compatibility during the upgrade, include the following environment file as part of your environment file collection:

  • /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml

    NOTE
    When you include the neutron-ovs.yaml environment file, check if the neutron-ovs-dvr.yaml environment file is included in your environment file collection. You must include the neutron-ovs.yaml environment file before the neutron-ovs-dvr.yaml file, to avoid failures during the upgrade.

Treat this file as part of your deployment until you have completed the migration to OVN. Include the file with all overcloud upgrade and deployment commands:

  • openstack overcloud upgrade prepare
  • openstack overcloud upgrade converge
  • openstack overcloud deploy
  • openstack overcloud update prepare
  • openstack overcloud update converge
  • Any other command that uses environment files.

Troubleshooting OVS compatibility

If the upgrade process fails because the parameters defined in the neutron-ovs.yaml file are overwriting the parameters defined in the neutron-ovs-dvr.yaml, change the order in which you include these files and run the openstack overcloud upgrade prepare and openstack overcloud upgrade run again on the affected nodes. If one of the affected nodes is a Compute node, remove the openstack-neutron* packages from that node.

The network_data file format for Red Hat OpenStack Platform 16.1 includes new sections that you can use to define additional subnets and routes within a network. However, if you use a custom network_data file, you can still use the network_data file format from Red Hat OpenStack Platform 13.

  • When you upgrade from Red Hat OpenStack Platform 13 to 16.1, use the Red Hat OpenStack Platform 13 network_data file format during and after the upgrade. For more information about Red Hat OpenStack Platform 13 composable network syntax, see Custom composable networks.
  • When you create new overclouds on Red Hat OpenStack Platform 16.1, use the Red Hat OpenStack Platform 16.1 network_data file format. For more information about Red Hat OpenStack Platform 16.1 composable network syntax, see Custom composable networks.

If you use network functions virtualization (NFV), you must complete some preparation for the overcloud upgrade.

In a typical NFV-based environment, you can enable services such as the following:

  • Single-root input/output virtualization (SR-IOV)
  • Data Plane Development Kit (DPDK)

You do not require any specific reconfiguration to these services to accommodate the upgrade to Red Hat OpenStack Platform 16.1. However, ensure that the environment files that enable your NFV functionality meet the following requirements:

  • The default environment files to enable NFV features are located in the environments/services directory of the Red Hat OpenStack Platform 16.1 openstack-tripleo-heat-templates collection. If you include the default NFV environment files from openstack-tripleo-heat-templates with your Red Hat OpenStack Platform 13 deployment, verify the correct environment file location for the respective feature in Red Hat OpenStack Platform 16.1:

    • Open vSwitch (OVS) networking and SR-IOV: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-sriov.yaml
    • Open vSwitch (OVS) networking and DPDK: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs-dpdk.yaml
  • To maintain OVS compatibility during the upgrade from Red Hat OpenStack Platform 13 to Red Hat OpenStack Platform 16.1, you must include the /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml environment file. When running deployment and upgrade commands that involve environment files, you must include any NFV-related environment files after the neutron-ovs.yaml file. For example, when running openstack overcloud upgrade prepare with OVS and NFV environment files, include the files in the following order:
  • The OVS environment file
  • The SR-IOV environment file

  • The DPDK environment file 

    $ openstack overcloud upgrade prepare \
    ...
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-sriov.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs-dpdk.yaml \
    ...
    Copy to Clipboard Toggle word wrap
Note

During an upgrade, you can migrate instances between RHOSP 13 and RHOSP 16.1.x Compute nodes only when the RHOSP 13 Compute nodes are in the hybrid state. For more information, see Migration constraints in the Configuring the Compute Service for Instance Creation guide.

There is an additional migration constraint for NFV workloads: you cannot live migrate instances from OVS-DPDK Compute nodes during an upgrade. Alternatively, you can cold migrate instances from OVS-DPDK Compute nodes during an upgrade.

Chapter 16. Final review before upgrade
Copy link

Complete a final check of all preparation steps before you begin the upgrade.

16.1. Custom files to include in your deployment
Copy link

If any overcloud nodes in your deployment are dedicated Object Storage (swift) nodes, you must copy the default roles_data.yaml file and edit ObjectStorage to remove deprecated_server_resource_name: 'SwiftStorage'. Then use the --roles-file option to pass the file to the openstack overcloud upgrade prepare or the openstack overcloud upgrade converge command.

In addition to your regular overcloud environment files, you must include new environment files to facilitate the upgrade to Red Hat OpenStack Platform (RHOSP) 16.1.

Expand
FileNotes

/home/stack/templates/upgrades-environment.yaml

This file contains the parameters specific to the upgrade. This file is necessary only for the duration of the upgrade. Discard this file after you run openstack overcloud upgrade converge.

/home/stack/templates/rhsm.yaml

This file contains registration and subscription information for the overcloud. This file registers your systems either to the Red Hat Customer Portal or Red Hat Satellite Server.

/home/stack/containers-prepare-parameter.yaml

The file that contains the source and preparation steps. This is the same file that you use with the undercloud upgrade.

/usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml

OpenStack Platform 16.1 uses Open Virtual Network (OVN) as the default networking backend. However, OpenStack Platform 13 used Open vSwitch (OVS). Include this file to retain OVS compatibility during the upgrade. The OpenStack Platform 16.1 documentation includes instructions on migrating from OVS to OVN after the upgrade.

Add these files to the end of your environment file listing when you run the following commands:

  • openstack overcloud upgrade prepare
  • openstack overcloud upgrade converge
  • openstack overcloud deploy

Remove any environment files specific to your OpenStack Platform Red Hat OpenStack Platform 13:

  • Red Hat OpenStack Platform 13 container image list
  • Red Hat OpenStack Platform 13 Customer Portal or Satellite rhel-registration scripts

Remove these files from the list of environment files you include when you run the following commands:

  • openstack overcloud upgrade prepare
  • openstack overcloud upgrade converge
  • openstack overcloud deploy

16.4. Upgrade checklist
Copy link

Use the following checklist to determine your readiness to upgrade the overcloud:

Expand
ItemComplete

Validated a working overcloud.

Y / N

Performed a Relax-and-Recover (ReaR) backup of the overcloud control plane. For more information, see Red Hat OpenStack Platform 13 Undercloud and Control Plane Back Up and Restore.

Y / N

Created a backup of the database that runs on the undercloud node. For more information, see Creating a database backup of the undercloud node in the Red Hat OpenStack Platform 16.1 Backing up and restoring the undercloud and control plane nodes guide.

Y / N

Implemented all preparation for Leapp, including:

  • Leapp environment file
  • Leapp data copied to the overcloud nodes
  • All overcloud nodes are now using predictable NIC names.
  • All overcloud nodes have PermitRootLogin set

Y / N

Updated your registration details to Red Hat OpenStack Platform 16.1 repositories and covnerted your environment file to use the Ansible-based method.

Y / N

Updated your network configuration templates.

Y / N

Updated your environment file list with new environment files for Red Hat OpenStack Platform 16.1.

Y / N

Optional: If your deployment includes dedicated Object Storage (swift) nodes: Copied the roles_data.yaml file, removed deprecated_server_resource_name: 'SwiftStorage', and passed the file to the openstack overcloud upgrade prepare or the openstack overcloud upgrade converge command.

Y / N

Removed old environment files only relevant to Red Hat OpenStack Platform 13, such as old Red Hat registration and container image location files.

Y / N

Chapter 17. Upgrade command overview
Copy link

The upgrade process involves different commands that you run at certain stages of process.

Important

This section only contains information about each command. You must run these commands in a specific order and provide options specific to your overcloud. Wait until you receive instructions to run these commands at the appropriate step.

17.1. openstack overcloud upgrade prepare
Copy link

This command performs the initial preparation steps for the overcloud upgrade, which includes replacing the current overcloud plan on the undercloud with the new OpenStack Platform 16.1 overcloud plan and your updated environment files. This command functions similar to the openstack overcloud deploy command and uses many of the same options.

17.2. openstack overcloud upgrade run
Copy link

This command performs the upgrade process. Director creates a set of Ansible playbooks based on the new OpenStack Platform 16.1 overcloud plan and runs the fast forward tasks on the entire overcloud. This includes running the upgrade process through each OpenStack Platform version from 13 to 16.1.

In addition to the standard upgrade process, this command can perform a Leapp upgrade of the operating system on overcloud nodes. Run these tasks using the --tags option.

Upgrade task tags for Leapp

system_upgrade
Task that combines tasks from system_upgrade_prepare, system_upgrade_run, and system_upgrade_reboot.
system_upgrade_prepare
Tasks to prepare for the operating system upgrade with Leapp.
system_upgrade_run
Tasks to run Leapp and upgrade the operating system.
system_upgrade_reboot
Tasks to reboot a system and complete the operating system upgrade.

Upgrade task tags for workload migration

nova_hybrid_state
Task that sets up temporary OpenStack Platform 16.1 containers on Compute nodes to facilitate workload migration during the upgrade.

17.3. openstack overcloud external-upgrade run
Copy link

This command performs upgrade tasks outside the standard upgrade process. Director creates a set of Ansible playbooks based on the new OpenStack Platform 16.1 overcloud plan and you run specific tasks using the --tags option.

External task tags for container management

container_image_prepare
Tasks for pulling container images to the undercloud registry and preparing the images for the overcloud to use.

External task tags for Ceph Storage upgrades

  • If your deployment uses a Red Hat Ceph Storage cluster that was deployed using director, you can use the following tags:

    ceph
    Tasks to install Red Hat Ceph Storage using ceph-ansible playbooks.
    ceph_systemd
    Tasks to convert Red Hat Ceph Storage systemd unit files to use podman management.
  • If you are upgrading with external Ceph deployments, you can skip the tasks that use the ceph and ceph_systemd tags.

External task tags for database transfer

system_upgrade_cleanup
Tasks to clean storage directories related to system_upgrade_transfer_data tasks.
system_upgrade_stop_services
Tasks to shut down all services.
system_upgrade_transfer_data
Tasks to shut down all services and perform a database transfer to the bootstrap node.

17.4. openstack overcloud upgrade converge
Copy link

This command performs the final step in the overcloud upgrade. This final step synchronizes the overcloud heat stack with the OpenStack Platform 16.1 overcloud plan and your updated environment files. This process ensures that the resulting overcloud matches the configuration of a new OpenStack Platform 16.1 overcloud. This command is similar to the openstack overcloud deploy command and uses many of the same options.

17.5. Overcloud node upgrade workflow
Copy link

When you perform an upgrade on each overcloud node, you must consider the following aspects to determine the correct commands to run at the relevant stage in the upgrade:

Controller Services

  • Does the node contain Pacemaker services? You must first upgrade the bootstrap node in order to start a database transfer and launch temporary containers that facilitate migration during the transition from Red Hat OpenStack 13 to 16.1. During the bootstrap Controller node upgrade process, a new Pacemaker cluster is created and new Red Hat OpenStack 16.1 containers are started on the node, while the remaining Controller nodes are still running on Red Hat OpenStack 13. After upgrading the bootstrap node, you must upgrade each additional node with Pacemaker services and ensure that each node joins the new Pacemaker cluster started with the bootstrap node. The process for upgrading split-service Controller nodes without Pacemaker does not require these additional steps.

Compute Services

  • Is the node a Compute node? If the node does contain Compute services, you must migrate virtual machines from the node to ensure maximum availability. A Compute node in this situation includes any node designed to host virtual machines. This definition includes the follow Compute nodes types:

    • Regular Compute nodes
    • Compute nodes with Hyper-Converged Infrastructure (HCI)
    • Compute nodes with Network Function Virtualization technologies such as Data Plane Development Kit (DPDK) or Single Root Input/Output Virtualization (SR-IOV)
    • Real Time Compute nodes

Ceph Storage Services

  • Does the node contain any Ceph Storage services? You must convert the systemd unit files for any containerized Ceph Storage services on the node to use podman instead of docker. This applies to the following node types:

    • Ceph Storage OSD nodes
    • Controller nodes with Ceph MON services
    • Split-Controller Ceph MON nodes
    • Compute nodes with Hyper-Converged Infrastructure (HCI)

Workflow

Use the following workflow diagram to identify the correct update path for specific nodes:

Overcloud node upgrade workflow

Chapter 18. Upgrading a standard overcloud
Copy link

This scenario contains an example upgrade process for a standard overcloud environment, which includes the following node types:

  • Three Controller nodes
  • Three Ceph Storage nodes
  • Multiple Compute nodes

18.1. Running the overcloud upgrade preparation
Copy link

The upgrade requires running openstack overcloud upgrade prepare command, which performs the following tasks:

  • Updates the overcloud plan to OpenStack Platform 16.1
  • Prepares the nodes for the upgrade
Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the upgrade preparation command: 

    $ openstack overcloud upgrade prepare \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  3. Wait until the upgrade preparation completes.

  4. Download the container images: 

    $ openstack overcloud external-upgrade run --stack STACK NAME --tags container_image_prepare
    Copy to Clipboard Toggle word wrap

If your deployment uses a Red Hat Ceph Storage cluster that was deployed using director, you must complete this procedure.

To upgrade all the Controller nodes to OpenStack Platform 16.1, you must upgrade each Controller node starting with the bootstrap Controller node.

During the bootstrap Controller node upgrade process, a new Pacemaker cluster is created and new Red Hat OpenStack 16.1 containers are started on the node, while the remaining Controller nodes are still running on Red Hat OpenStack 13.

After upgrading the bootstrap node, you must upgrade each additional node with Pacemaker services and ensure that each node joins the new Pacemaker cluster started with the bootstrap node. For more information, see Overcloud node upgrade workflow.

In this example, the controller nodes are named using the default overcloud-controller-NODEID convention. This includes the following three controller nodes:

  • overcloud-controller-0
  • overcloud-controller-1
  • overcloud-controller-2

Substitute these values for your own node names where applicable.

Note

If you are not using the overcloud default stack name, set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Identify the bootstrap Controller node by running the following command on the undercloud node: 

    $ tripleo-ansible-inventory --list --stack overcloud |jq .overcloud_Controller.hosts[0]
    Copy to Clipboard Toggle word wrap

  3. Upgrade the bootstrap Controller node:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack <stack_name> --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      Replace <stack_name> with the name of your stack.

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected Controller node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.

      • Performs a reboot as a part of the Leapp upgrade.

        Important

        The next command causes an outage on the control plane. You cannot perform any standard operations on the overcloud during the next few steps.

    3. Run the external upgrade command with the system_upgrade_transfer_data tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags system_upgrade_transfer_data
      Copy to Clipboard Toggle word wrap

      This command copies the latest version of the database from an existing node to the bootstrap node.

    4. Run the upgrade command with the nova_hybrid_state tag and run only the upgrade_steps_playbook.yaml playbook: 

      $ openstack overcloud upgrade run --stack STACK NAME --playbook upgrade_steps_playbook.yaml --tags nova_hybrid_state --limit all
      Copy to Clipboard Toggle word wrap

      This command launches temporary 16.1 containers on Compute nodes to help facilitate workload migration when you upgrade Compute nodes at a later step.

    5. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade.

      Important

      The control plane becomes active when this command finishes. You can perform standard operations on the overcloud again.

    6. Verify that after the upgrade, the new Pacemaker cluster is started and that the control plane services such as galera, rabbit, haproxy, and redis are running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

  4. Upgrade the next Controller node:

    1. Verify that the old cluster is no longer running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

      An error similar to the following is displayed when the cluster is not running: 

      Error: cluster is not currently running on this node
      Copy to Clipboard Toggle word wrap

    2. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-1
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected Controller node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    3. Run the upgrade command with the system_upgrade tag on the next Controller node: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-1
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-controller-1
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. In addition to this node, include the previously upgraded bootstrap node in the --limit option.

  5. Upgrade the final Controller node:

    1. Verify that the old cluster is no longer running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

      An error similar to the following is displayed when the cluster is not running: 

      Error: cluster is not currently running on this node
      Copy to Clipboard Toggle word wrap

    2. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-2
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected Controller node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    3. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-2
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-controller-1,overcloud-controller-2
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. Include all Controller nodes in the --limit option.

If your deployment uses a Red Hat Ceph Storage cluster that was deployed using director, you must upgrade the operating system for each Ceph Storage nodes.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Select a Ceph Storage node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephstorage-0
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephstorage-0
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Optional: If you use a Ceph subscription and have configured director to use the overcloud-minimal image for Ceph storage nodes, you must complete the following steps:

      1. Log in to the node and unset the Red Hat Enterprise Linux (RHEL) minor release version: 

        $ sudo subscription-manager release --unset
        Copy to Clipboard Toggle word wrap

      2. On the node, perform a system update: 

        $ sudo dnf -y update
        Copy to Clipboard Toggle word wrap

      3. Reboot the node: 

        $ sudo reboot
        Copy to Clipboard Toggle word wrap

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephstorage-0
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph Storage node. This step does not upgrade the Ceph Storage nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

  3. Select the next Ceph Storage node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephstorage-1
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephstorage-1
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephstorage-1
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph Storage node. This step does not upgrade the Ceph Storage nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

  4. Select the final Ceph Storage node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephstorage-2
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephstorage-2
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephstorage-2
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph Storage node. This step does not upgrade the Ceph Storage nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

18.4. Upgrading Compute nodes
Copy link

Upgrade all the Compute nodes to OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap
  2. Migrate your instances. For more information on migration strategies, see Migrating virtual machines between Compute nodes.

  3. Run the upgrade command with the system_upgrade tag: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-compute-0
    Copy to Clipboard Toggle word wrap

    This command performs the following actions:

    • Performs a Leapp upgrade of the operating system.
    • Performs a reboot as a part of the Leapp upgrade.

  4. Run the upgrade command with no tags: 

    $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-compute-0
    Copy to Clipboard Toggle word wrap

    This command performs the Red Hat OpenStack Platform upgrade.

  5. To upgrade multiple Compute nodes in parallel, set the --limit option to a comma-separated list of nodes that you want to upgrade. First perform the system_upgrade task: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-compute-0,overcloud-compute-1,overcloud-compute-2
    Copy to Clipboard Toggle word wrap

    Then perform the standard OpenStack service upgrade: 

    $ openstack overcloud upgrade run --stack STACK NAME  --limit overcloud-compute-0,overcloud-compute-1,overcloud-compute-2
    Copy to Clipboard Toggle word wrap

18.5. Synchronizing the overcloud stack
Copy link

The upgrade requires an update the overcloud stack to ensure that the stack resource structure and parameters align with a fresh deployment of OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Edit the containers-prepare-parameter.yaml file and remove the following parameters and their values:

    • ceph3_namespace
    • ceph3_tag
    • ceph3_image
    • name_prefix_stein
    • name_suffix_stein
    • namespace_stein
    • tag_stein
  3. To re-enable fencing in your overcloud, set the EnableFencing parameter to true in the fencing.yaml environment file.

  4. Run the upgrade finalization command: 

    $ openstack overcloud upgrade converge \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (fencing.yaml) with the EnableFencing parameter set to true.
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  5. Wait until the stack synchronization completes.
Important

You do not need the upgrades-environment.yaml file for any further deployment operations.

This scenario contains an example upgrade process for an overcloud environment with external Ceph deployments, which includes the following node types:

  • Three Controller nodes
  • External Ceph Storage cluster
  • Multiple Compute nodes

19.1. Running the overcloud upgrade preparation
Copy link

The upgrade requires running openstack overcloud upgrade prepare command, which performs the following tasks:

  • Updates the overcloud plan to OpenStack Platform 16.1
  • Prepares the nodes for the upgrade
Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the upgrade preparation command: 

    $ openstack overcloud upgrade prepare \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  3. Wait until the upgrade preparation completes.

  4. Download the container images: 

    $ openstack overcloud external-upgrade run --stack STACK NAME --tags container_image_prepare
    Copy to Clipboard Toggle word wrap

If you are upgrading with external Ceph deployments, you must complete this procedure.

To upgrade all the Controller nodes to OpenStack Platform 16.1, you must upgrade each Controller node starting with the bootstrap Controller node.

During the bootstrap Controller node upgrade process, a new Pacemaker cluster is created and new Red Hat OpenStack 16.1 containers are started on the node, while the remaining Controller nodes are still running on Red Hat OpenStack 13.

After upgrading the bootstrap node, you must upgrade each additional node with Pacemaker services and ensure that each node joins the new Pacemaker cluster started with the bootstrap node. For more information, see Overcloud node upgrade workflow.

In this example, the controller nodes are named using the default overcloud-controller-NODEID convention. This includes the following three controller nodes:

  • overcloud-controller-0
  • overcloud-controller-1
  • overcloud-controller-2

Substitute these values for your own node names where applicable.

Note

If you are not using the overcloud default stack name, set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Identify the bootstrap Controller node by running the following command on the undercloud node: 

    $ tripleo-ansible-inventory --list --stack overcloud |jq .overcloud_Controller.hosts[0]
    Copy to Clipboard Toggle word wrap

  3. Upgrade the bootstrap Controller node:

    1. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.

      • Performs a reboot as a part of the Leapp upgrade.

        Important

        The next command causes an outage on the control plane. You cannot perform any standard operations on the overcloud during the next few steps.

    2. Run the external upgrade command with the system_upgrade_transfer_data tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags system_upgrade_transfer_data
      Copy to Clipboard Toggle word wrap

      This command copies the latest version of the database from an existing node to the bootstrap node.

    3. Run the upgrade command with the nova_hybrid_state tag and run only the upgrade_steps_playbook.yaml playbook: 

      $ openstack overcloud upgrade run --stack STACK NAME --playbook upgrade_steps_playbook.yaml --tags nova_hybrid_state --limit all
      Copy to Clipboard Toggle word wrap

      This command launches temporary 16.1 containers on Compute nodes to help facilitate workload migration when you upgrade Compute nodes at a later step.

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade.

      Important

      The control plane becomes active when this command finishes. You can perform standard operations on the overcloud again.

    5. Verify that after the upgrade, the new Pacemaker cluster is started and that the control plane services such as galera, rabbit, haproxy, and redis are running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

  4. Upgrade the next Controller node:

    1. Verify that the old cluster is no longer running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

      An error similar to the following is displayed when the cluster is not running: 

      Error: cluster is not currently running on this node
      Copy to Clipboard Toggle word wrap

    2. Run the upgrade command with the system_upgrade tag on the next Controller node: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-1
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-controller-1
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. In addition to this node, include the previously upgraded bootstrap node in the --limit option.

  5. Upgrade the final Controller node:

    1. Verify that the old cluster is no longer running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

      An error similar to the following is displayed when the cluster is not running: 

      Error: cluster is not currently running on this node
      Copy to Clipboard Toggle word wrap

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-2
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-controller-1,overcloud-controller-2
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. Include all Controller nodes in the --limit option.

19.3. Upgrading Compute nodes
Copy link

Upgrade all the Compute nodes to OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap
  2. Migrate your instances. For more information on migration strategies, see Migrating virtual machines between Compute nodes.

  3. Run the upgrade command with the system_upgrade tag: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-compute-0
    Copy to Clipboard Toggle word wrap

    This command performs the following actions:

    • Performs a Leapp upgrade of the operating system.
    • Performs a reboot as a part of the Leapp upgrade.

  4. Run the upgrade command with no tags: 

    $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-compute-0
    Copy to Clipboard Toggle word wrap

    This command performs the Red Hat OpenStack Platform upgrade.

  5. To upgrade multiple Compute nodes in parallel, set the --limit option to a comma-separated list of nodes that you want to upgrade. First perform the system_upgrade task: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-compute-0,overcloud-compute-1,overcloud-compute-2
    Copy to Clipboard Toggle word wrap

    Then perform the standard OpenStack service upgrade: 

    $ openstack overcloud upgrade run --stack STACK NAME  --limit overcloud-compute-0,overcloud-compute-1,overcloud-compute-2
    Copy to Clipboard Toggle word wrap

19.4. Synchronizing the overcloud stack
Copy link

The upgrade requires an update the overcloud stack to ensure that the stack resource structure and parameters align with a fresh deployment of OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Edit the containers-prepare-parameter.yaml file and remove the following parameters and their values:

    • ceph3_namespace
    • ceph3_tag
    • ceph3_image
    • name_prefix_stein
    • name_suffix_stein
    • namespace_stein
    • tag_stein
  3. To re-enable fencing in your overcloud, set the EnableFencing parameter to true in the fencing.yaml environment file.

  4. Run the upgrade finalization command: 

    $ openstack overcloud upgrade converge \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (fencing.yaml) with the EnableFencing parameter set to true.
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  5. Wait until the stack synchronization completes.
Important

You do not need the upgrades-environment.yaml file for any further deployment operations.

Chapter 20. Speeding up an overcloud upgrade
Copy link

To speed up the overcloud upgrade process, you can upgrade 1/3 of the control plane at a time, starting with the bootstrap nodes.

After the upgrade of first 1/3 of the control plane is complete, you can move your environment into mixed-mode where the control plane APIs are running and the cloud is operational. High availability operational performance can be resumed only after the entire control plane has been upgraded.

When you upgrade a large number of Compute nodes, to improve performance, you can run the openstack overcloud upgrade run command with the --limit Compute option in parallel on groups of 20 nodes. You can run multiple upgrade tasks in the background, where each task upgrades a separate group of 20 nodes.

This scenario contains an example upgrade process for an overcloud environment that includes the following node types with composable roles:

  • Three Controller nodes
  • Three Database nodes
  • Three Networker nodes
  • Three Ceph Storage nodes
  • Multiple Compute nodes

20.1. Running the overcloud upgrade preparation
Copy link

The upgrade requires running openstack overcloud upgrade prepare command, which performs the following tasks:

  • Updates the overcloud plan to OpenStack Platform 16.1
  • Prepares the nodes for the upgrade
Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the upgrade preparation command: 

    $ openstack overcloud upgrade prepare \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  3. Wait until the upgrade preparation completes.

  4. Download the container images: 

    $ openstack overcloud external-upgrade run --stack STACK NAME --tags container_image_prepare
    Copy to Clipboard Toggle word wrap

20.2. Upgrading the control plane nodes
Copy link

To upgrade the control plane nodes in your environment to OpenStack Platform 16.1, you must upgrade 1/3 of your control plane nodes at a time, starting with the bootstrap nodes.

During the bootstrap Controller node upgrade process, a new Pacemaker cluster is created and new Red Hat OpenStack 16.1 containers are started on the node, while the remaining Controller nodes continue to run on Red Hat OpenStack 13.

In this example, the control plane nodes are named using the default overcloud-ROLE-NODEID convention. This includes the following node types with composable roles:

  • overcloud-controller-0
  • overcloud-controller-1
  • overcloud-controller-2
  • overcloud-database-0
  • overcloud-database-1
  • overcloud-database-2
  • overcloud-networker-0
  • overcloud-networker-1
  • overcloud-networker-2
  • overcloud-ceph-0
  • overcloud-ceph-1
  • overcloud-ceph-2

Substitute these values for your own node names where applicable.

After you upgrade the overcloud-controller-0, overcloud-database-0, overcloud-networker-0, and overcloud-ceph-0 bootstrap nodes, which comprise the first 1/3 of your control plane nodes, you must upgrade each additional 1/3 of the nodes with Pacemaker services and ensure that each node joins the new Pacemaker cluster started with the bootstrap node. Therefore, you must upgrade overcloud-controller-1, overcloud-database-1, overcloud-networker-1, and overcloud-ceph-1 before you upgrade overcloud-controller-2, overcloud-database-2, overcloud-networker-2, and overcloud-ceph-2.

Note

If you are not using the default stack name overcloud, use the --stack STACK NAME option to set your stack name and replace STACK NAME with the name of your stack.

Procedure

  1. Log in to the undercloud host as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. On the undercloud node, run the following command to identify the bootstrap Controller node: 

    $ tripleo-ansible-inventory --list --stack overcloud |jq .overcloud_Controller.hosts[0]
    Copy to Clipboard Toggle word wrap

  4. Upgrade the overcloud-controller-0, overcloud-database-0, overcloud-networker-0, and overcloud-ceph-0 control plane nodes:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack <stack_name> --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-0,overcloud-database-0,overcloud-networker-0,overcloud-ceph-0
      Copy to Clipboard Toggle word wrap

      Replace <stack_name> with the name of your stack.

      This command performs the following actions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected nodes using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for the leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-0 &
$ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-database-0 &
$ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-networker-0 &
$ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-ceph-0 &
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.

      • Performs a reboot as a part of the Leapp upgrade.

        Important

        The next command causes an outage on the control plane. You cannot perform any standard operations on the overcloud during the next few steps.

    3. Run the external upgrade command with the system_upgrade_transfer_data tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags system_upgrade_transfer_data
      Copy to Clipboard Toggle word wrap

      This command copies the latest version of the database from an existing node to the bootstrap node.

    4. Run the upgrade command with the nova_hybrid_state tag and run only the upgrade_steps_playbook.yaml playbook: 

      $ openstack overcloud upgrade run --stack STACK NAME --playbook upgrade_steps_playbook.yaml --tags nova_hybrid_state --limit all
      Copy to Clipboard Toggle word wrap

      This command launches temporary 16.1 containers on Compute nodes to help facilitate workload migration when you upgrade Compute nodes at a later step.

    5. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-database-0,overcloud-networker-0,overcloud-ceph-0 --playbook all
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade.

      Important

      The control plane becomes active when this command finishes. You can perform standard operations on the overcloud again.

    6. Optional: On the bootstrap Contoller node, verify that after the upgrade, the new Pacemaker cluster is started and that the control plane services such as galera, rabbit, haproxy, and redis are running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

  5. Upgrade the overcloud-controller-1, overcloud-database-1, overcloud-networker-1, and overcloud-ceph-1 control plane nodes:

    1. Log in to the overcloud-controller-1 node and verify that the old cluster is no longer running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

      An error similar to the following is displayed when the cluster is not running: 

      Error: cluster is not currently running on this node
      Copy to Clipboard Toggle word wrap

    2. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-1,overcloud-database-1,overcloud-networker-1,overcloud-ceph-1
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected nodes using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    3. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-1,overcloud-database-1,overcloud-networker-1,overcloud-ceph-1
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-controller-1,overcloud-database-0,overcloud-database-1,overcloud-networker-0,overcloud-networker-1,overcloud-ceph-0,overcloud-ceph-1
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. In addition to this node, include the previously upgraded bootstrap nodes in the --limit option.

  6. Upgrade the overcloud-controller-2, overcloud-database-2, overcloud-networker-2, and overcloud-ceph-2 control plane nodes:

    1. Log in to the overcloud-controller-2 node and verify that the old cluster is no longer running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

      An error similar to the following is displayed when the cluster is not running: 

      Error: cluster is not currently running on this node
      Copy to Clipboard Toggle word wrap

    2. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-2,overcloud-database-2,overcloud-networker-2,overcloud-ceph-2
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected nodes using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    3. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-2,overcloud-database-2,overcloud-networker-2,overcloud-ceph-2
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-controller-1,overcloud-controller-2,overcloud-database-0,overcloud-database-1,overcloud-database-2,overcloud-networker-0,overcloud-networker-1,overcloud-networker-2,overcloud-ceph-0,overcloud-ceph-1,overcloud-ceph-2
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. Include all control plane nodes in the --limit option.

20.3. Upgrading Compute nodes in parallel
Copy link

To upgrade a large number of Compute nodes to OpenStack Platform 16.1, you can run the openstack overcloud upgrade run command with the --limit Compute option in parallel on groups of 20 nodes.

You can run multiple upgrade tasks in the background, where each task upgrades a separate group of 20 nodes. When you use this method to upgrade Compute nodes in parallel, you cannot select which nodes you upgrade. The selection of nodes is based on the inventory file that you generate when you run the tripleo-ansible-inventory command. For example, if you have 80 Compute nodes in your deployment, you can run the following commands to update the Compute nodes in parallel: 

$ openstack overcloud upgrade run -y --limit 'Compute[0:19]' > upgrade-compute-00-19.log 2>&1 &
$ openstack overcloud upgrade run -y --limit 'Compute[20:29]' > upgrade-compute-20-29.log 2>&1 &
$ openstack overcloud upgrade run -y --limit 'Compute[40:59]' > update-compute-40-59.log 2>&1 &
$ openstack overcloud upgrade run -y --limit 'Compute[60:79]' > update-compute-60-79.log 2>&1 &
Copy to Clipboard Toggle word wrap

To upgrade specific Compute nodes, use a comma-separated list of nodes: 

$ openstack overcloud upgrade run --limit <Compute0>,<Compute1>,<Compute2>,<Compute3>
Copy to Clipboard Toggle word wrap
Note

If you are not using the default stack name overcloud, use the --stack STACK NAME option and replace STACK NAME with name of your stack.

Procedure

  1. Log in to the undercloud host as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap
  3. Migrate your instances. For more information on migration strategies, see Migrating virtual machines between Compute nodes.

  4. Run the upgrade command with the system_upgrade tag: 

    $ openstack overcloud upgrade run -y --stack STACK NAME --tags system_upgrade --limit 'Compute[0:19]' > upgrade-compute-00-19.log 2>&1 &
$ openstack overcloud upgrade run -y --stack STACK NAME --tags system_upgrade --limit 'Compute[20:29]' > upgrade-compute-20-29.log 2>&1 &
$ openstack overcloud upgrade run -y --stack STACK NAME --tags system_upgrade --limit 'Compute[40:59]' > update-compute-40-59.log 2>&1 &
$ openstack overcloud upgrade run -y --stack STACK NAME --tags system_upgrade --limit 'Compute[60:79]' > update-compute-60-79.log 2>&1 &
    Copy to Clipboard Toggle word wrap

    This command performs the following actions:

    • Performs a Leapp upgrade of the operating system.
    • Performs a reboot as a part of the Leapp upgrade.

  5. Run the upgrade command with no tags: 

    $ openstack overcloud upgrade run -y --stack STACK NAME --limit 'Compute[0:19]' > upgrade-compute-00-19.log 2>&1 &
$ openstack overcloud upgrade run -y --stack STACK NAME --limit 'Compute[20:29]' > upgrade-compute-20-29.log 2>&1 &
$ openstack overcloud upgrade run -y --stack STACK NAME --limit 'Compute[40:59]' > update-compute-40-59.log 2>&1 &
$ openstack overcloud upgrade run -y --stack STACK NAME --limit 'Compute[60:79]' > update-compute-60-79.log 2>&1 &
    Copy to Clipboard Toggle word wrap

    This command performs the Red Hat OpenStack Platform upgrade.

  6. Optional: To upgrade selected Compute nodes, use the --limit option with a comma-separated list of nodes that you want to upgrade. The following example upgrades the overcloud-compute-0, overcloud-compute-1, overcloud-compute-2 nodes in parallel.

    1. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-compute-0,overcloud-compute-1,overcloud-compute-2
      Copy to Clipboard Toggle word wrap

    2. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME  --limit overcloud-compute-0,overcloud-compute-1,overcloud-compute-2
      Copy to Clipboard Toggle word wrap

20.4. Synchronizing the overcloud stack
Copy link

The upgrade requires an update the overcloud stack to ensure that the stack resource structure and parameters align with a fresh deployment of OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Edit the containers-prepare-parameter.yaml file and remove the following parameters and their values:

    • ceph3_namespace
    • ceph3_tag
    • ceph3_image
    • name_prefix_stein
    • name_suffix_stein
    • namespace_stein
    • tag_stein
  3. To re-enable fencing in your overcloud, set the EnableFencing parameter to true in the fencing.yaml environment file.

  4. Run the upgrade finalization command: 

    $ openstack overcloud upgrade converge \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (fencing.yaml) with the EnableFencing parameter set to true.
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  5. Wait until the stack synchronization completes.
Important

You do not need the upgrades-environment.yaml file for any further deployment operations.

This scenario contains an example upgrade process for an overcloud with Controller node services split on to multiple nodes. This includes the following node types:

  • Multiple split high availability services using Pacemaker
  • Multiple split Controller services
  • Three Ceph MON nodes
  • Three Ceph Storage nodes
  • Multiple Compute nodes

21.1. Running the overcloud upgrade preparation
Copy link

The upgrade requires running openstack overcloud upgrade prepare command, which performs the following tasks:

  • Updates the overcloud plan to OpenStack Platform 16.1
  • Prepares the nodes for the upgrade
Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the upgrade preparation command: 

    $ openstack overcloud upgrade prepare \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  3. Wait until the upgrade preparation completes.

  4. Download the container images: 

    $ openstack overcloud external-upgrade run --stack STACK NAME --tags container_image_prepare
    Copy to Clipboard Toggle word wrap

21.2. Upgrading Pacemaker-based nodes
Copy link

Upgrade all nodes that host Pacemaker services to OpenStack Platform 16.1. The following roles include Pacemaker-based services:

  • Controller
  • Database (MySQL, Galera)
  • Messaging (RabbitMQ)
  • Load Balancing (HAProxy)

  • Any other role that contains the following services:

    • OS::TripleO::Services::Pacemaker
    • OS::TripleO::Services::PacemakerRemote

This process involves upgrading each node starting with the bootstrap node.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Identify the bootstrap node by running the following command on the undercloud node: 

    $ tripleo-ansible-inventory --list --stack overcloud |jq .overcloud_Controller.hosts[0]
    Copy to Clipboard Toggle word wrap

  3. Upgrade the bootstrap node:

    1. If the node any contains Ceph Storage containers, run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack <stack_name> --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      Replace <stack_name> with the name of your stack.

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the external upgrade command with the system_upgrade_transfer_data tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags system_upgrade_transfer_data
      Copy to Clipboard Toggle word wrap

      This command copies the latest version of the database from an existing node to the bootstrap node.

    4. Run the upgrade command with the nova_hybrid_state tag and run only the upgrade_steps_playbook.yaml playbook: 

      $ openstack overcloud upgrade run --stack STACK NAME --playbook upgrade_steps_playbook.yaml --tags nova_hybrid_state --limit all
      Copy to Clipboard Toggle word wrap

      This command launches temporary 16.1 containers on Compute nodes to help facilitate workload migration when you upgrade Compute nodes at a later step.

    5. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade.

  4. Upgrade each Pacemaker-based node:

    1. If the node any contains Ceph Storage containers, run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-database-0
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag on the next node: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-database-0
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-database-0
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. In addition to this node, include any previously upgraded node in the --limit option.

  5. Repeat the upgrade process on each Pacemaker-based node until you have upgraded all Pacemaker-based node.

21.3. Upgrading non-Pacemaker Controller nodes
Copy link

Upgrade all nodes without Pacemaker-based services to OpenStack Platform 16.1. These nodes usually contain a specific OpenStack service. Examples of roles without Pacemaker-based services include the following:

  • Networker
  • Ironic Conductor
  • Object Storage
  • Any custom roles with services split or scaled from standard Controller nodes

Do not include the following nodes in this grouping:

  • Any Compute nodes
  • Any Ceph Storage nodes

This process involves upgrading each node.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the upgrade command with the system_upgrade tag: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-networker-0
    Copy to Clipboard Toggle word wrap

    This command performs the following actions:

    • Performs a Leapp upgrade of the operating system.
    • Performs a reboot as a part of the Leapp upgrade.

  3. Run the upgrade command with no tags: 

    $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-networker-0
    Copy to Clipboard Toggle word wrap

    This command performs the Red Hat OpenStack Platform upgrade.

  4. Repeat the upgrade process on each node until you have upgraded all Controller-based node.

Upgrade the operating system for each Ceph MON node. It is recommended to upgrade each Ceph MON node individually to maintain a quorum among the nodes.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Select a Ceph MON node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephmon-0
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephmon-0
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephmon-0
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph MON node. This step does not upgrade the Ceph MON nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

  3. Select the next Ceph MON node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephmon-1
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephmon-1
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephmon-1
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph MON node. This step does not upgrade the Ceph MON nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

  4. Select the final Ceph MON node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephmon-2
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephmon-2
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephmon-2
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph MON node. This step does not upgrade the Ceph MON nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

If your deployment uses a Red Hat Ceph Storage cluster that was deployed using director, you must upgrade the operating system for each Ceph Storage nodes.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Select a Ceph Storage node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephstorage-0
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephstorage-0
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Optional: If you use a Ceph subscription and have configured director to use the overcloud-minimal image for Ceph storage nodes, you must complete the following steps:

      1. Log in to the node and unset the Red Hat Enterprise Linux (RHEL) minor release version: 

        $ sudo subscription-manager release --unset
        Copy to Clipboard Toggle word wrap

      2. On the node, perform a system update: 

        $ sudo dnf -y update
        Copy to Clipboard Toggle word wrap

      3. Reboot the node: 

        $ sudo reboot
        Copy to Clipboard Toggle word wrap

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephstorage-0
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph Storage node. This step does not upgrade the Ceph Storage nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

  3. Select the next Ceph Storage node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephstorage-1
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephstorage-1
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephstorage-1
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph Storage node. This step does not upgrade the Ceph Storage nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

  4. Select the final Ceph Storage node and upgrade the operating system:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-cephstorage-2
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-cephstorage-2
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    3. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-cephstorage-2
      Copy to Clipboard Toggle word wrap

      This command runs the config-download playbooks and configures the composable services on the Ceph Storage node. This step does not upgrade the Ceph Storage nodes to Red Hat Ceph Storage 4. The Red Hat Ceph Storage 4 upgrade occurs in a later procedure.

21.6. Upgrading Compute nodes
Copy link

Upgrade all the Compute nodes to OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap
  2. Migrate your instances. For more information on migration strategies, see Migrating virtual machines between Compute nodes.

  3. Run the upgrade command with the system_upgrade tag: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-compute-0
    Copy to Clipboard Toggle word wrap

    This command performs the following actions:

    • Performs a Leapp upgrade of the operating system.
    • Performs a reboot as a part of the Leapp upgrade.

  4. Run the upgrade command with no tags: 

    $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-compute-0
    Copy to Clipboard Toggle word wrap

    This command performs the Red Hat OpenStack Platform upgrade.

  5. To upgrade multiple Compute nodes in parallel, set the --limit option to a comma-separated list of nodes that you want to upgrade. First perform the system_upgrade task: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-compute-0,overcloud-compute-1,overcloud-compute-2
    Copy to Clipboard Toggle word wrap

    Then perform the standard OpenStack service upgrade: 

    $ openstack overcloud upgrade run --stack STACK NAME  --limit overcloud-compute-0,overcloud-compute-1,overcloud-compute-2
    Copy to Clipboard Toggle word wrap

21.7. Synchronizing the overcloud stack
Copy link

The upgrade requires an update the overcloud stack to ensure that the stack resource structure and parameters align with a fresh deployment of OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Edit the containers-prepare-parameter.yaml file and remove the following parameters and their values:

    • ceph3_namespace
    • ceph3_tag
    • ceph3_image
    • name_prefix_stein
    • name_suffix_stein
    • namespace_stein
    • tag_stein
  3. To re-enable fencing in your overcloud, set the EnableFencing parameter to true in the fencing.yaml environment file.

  4. Run the upgrade finalization command: 

    $ openstack overcloud upgrade converge \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (fencing.yaml) with the EnableFencing parameter set to true.
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  5. Wait until the stack synchronization completes.
Important

You do not need the upgrades-environment.yaml file for any further deployment operations.

This scenario contains an example upgrade process for an overcloud with hyper-converged infrastructure (HCI), which includes the following node types:

  • Three Controller nodes
  • Multiple HCI Compute nodes, which contain combined Compute and Ceph OSD services

22.1. Running the overcloud upgrade preparation
Copy link

The upgrade requires running openstack overcloud upgrade prepare command, which performs the following tasks:

  • Updates the overcloud plan to OpenStack Platform 16.1
  • Prepares the nodes for the upgrade
Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the upgrade preparation command: 

    $ openstack overcloud upgrade prepare \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  3. Wait until the upgrade preparation completes.

  4. Download the container images: 

    $ openstack overcloud external-upgrade run --stack STACK NAME --tags container_image_prepare
    Copy to Clipboard Toggle word wrap

If your deployment uses a Red Hat Ceph Storage cluster that was deployed using director, you must complete this procedure.

To upgrade all the Controller nodes to OpenStack Platform 16.1, you must upgrade each Controller node starting with the bootstrap Controller node.

During the bootstrap Controller node upgrade process, a new Pacemaker cluster is created and new Red Hat OpenStack 16.1 containers are started on the node, while the remaining Controller nodes are still running on Red Hat OpenStack 13.

After upgrading the bootstrap node, you must upgrade each additional node with Pacemaker services and ensure that each node joins the new Pacemaker cluster started with the bootstrap node. For more information, see Overcloud node upgrade workflow.

In this example, the controller nodes are named using the default overcloud-controller-NODEID convention. This includes the following three controller nodes:

  • overcloud-controller-0
  • overcloud-controller-1
  • overcloud-controller-2

Substitute these values for your own node names where applicable.

Note

If you are not using the overcloud default stack name, set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Identify the bootstrap Controller node by running the following command on the undercloud node: 

    $ tripleo-ansible-inventory --list --stack overcloud |jq .overcloud_Controller.hosts[0]
    Copy to Clipboard Toggle word wrap

  3. Upgrade the bootstrap Controller node:

    1. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack <stack_name> --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      Replace <stack_name> with the name of your stack.

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected Controller node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    2. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.

      • Performs a reboot as a part of the Leapp upgrade.

        Important

        The next command causes an outage on the control plane. You cannot perform any standard operations on the overcloud during the next few steps.

    3. Run the external upgrade command with the system_upgrade_transfer_data tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags system_upgrade_transfer_data
      Copy to Clipboard Toggle word wrap

      This command copies the latest version of the database from an existing node to the bootstrap node.

    4. Run the upgrade command with the nova_hybrid_state tag and run only the upgrade_steps_playbook.yaml playbook: 

      $ openstack overcloud upgrade run --stack STACK NAME --playbook upgrade_steps_playbook.yaml --tags nova_hybrid_state --limit all
      Copy to Clipboard Toggle word wrap

      This command launches temporary 16.1 containers on Compute nodes to help facilitate workload migration when you upgrade Compute nodes at a later step.

    5. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade.

      Important

      The control plane becomes active when this command finishes. You can perform standard operations on the overcloud again.

    6. Verify that after the upgrade, the new Pacemaker cluster is started and that the control plane services such as galera, rabbit, haproxy, and redis are running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

  4. Upgrade the next Controller node:

    1. Verify that the old cluster is no longer running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

      An error similar to the following is displayed when the cluster is not running: 

      Error: cluster is not currently running on this node
      Copy to Clipboard Toggle word wrap

    2. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-1
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected Controller node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    3. Run the upgrade command with the system_upgrade tag on the next Controller node: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-1
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-controller-1
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. In addition to this node, include the previously upgraded bootstrap node in the --limit option.

  5. Upgrade the final Controller node:

    1. Verify that the old cluster is no longer running: 

      $ sudo pcs status
      Copy to Clipboard Toggle word wrap

      An error similar to the following is displayed when the cluster is not running: 

      Error: cluster is not currently running on this node
      Copy to Clipboard Toggle word wrap

    2. Run the external upgrade command with the ceph_systemd tag: 

      $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-controller-2
      Copy to Clipboard Toggle word wrap

      This command performs the following functions:

      • Changes the systemd units that control the Ceph Storage containers to use Podman management.
      • Limits actions to the selected Controller node using the ceph_ansible_limit variable.

      This step is a preliminary measure to prepare the Ceph Storage services for The leapp upgrade.

    3. Run the upgrade command with the system_upgrade tag: 

      $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-controller-2
      Copy to Clipboard Toggle word wrap

      This command performs the following actions:

      • Performs a Leapp upgrade of the operating system.
      • Performs a reboot as a part of the Leapp upgrade.

    4. Run the upgrade command with no tags: 

      $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-controller-0,overcloud-controller-1,overcloud-controller-2
      Copy to Clipboard Toggle word wrap

      This command performs the Red Hat OpenStack Platform upgrade. Include all Controller nodes in the --limit option.

Upgrade HCI Compute nodes to OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap
  2. Migrate your instances. For more information on migration strategies, see Migrating virtual machines between Compute nodes.
  3. Log out of the node with Ceph MON services and return to the undercloud.

  4. Run the external upgrade command with the ceph_systemd tag: 

    $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-computehci-0
    Copy to Clipboard Toggle word wrap

    This command performs the following functions:

    • Changes the systemd units that control the Ceph Storage containers to use Podman management.
    • Limits actions to the selected Ceph Storage node using the ceph_ansible_limit variable.

    This step is a preliminary measure to prepare the Ceph Storage services for the leapp upgrade.

  5. Run the upgrade command with the system_upgrade tag: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-computehci-0
    Copy to Clipboard Toggle word wrap

    This command performs the following actions:

    • Performs a Leapp upgrade of the operating system.
    • Performs a reboot as a part of the Leapp upgrade.

  6. Run the upgrade command with no tags: 

    $ openstack overcloud upgrade run --stack STACK NAME --limit overcloud-computehci-0
    Copy to Clipboard Toggle word wrap

    This command performs the Red Hat OpenStack Platform upgrade.

  7. To upgrade multiple Compute nodes in parallel, set the --limit option to a comma-separated list of nodes that you want to upgrade. First run the external upgrade command with the ceph_systemd tag: 

    $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph_systemd -e ceph_ansible_limit=overcloud-computehci-0,overcloud-computehci-1,overcloud-computehci-2
    Copy to Clipboard Toggle word wrap

    Then perform the system_upgrade task: 

    $ openstack overcloud upgrade run --stack STACK NAME --tags system_upgrade --limit overcloud-computehci-0,overcloud-computehci-1,overcloud-computehci-2
    Copy to Clipboard Toggle word wrap

    Then perform the standard OpenStack service upgrade: 

    $ openstack overcloud upgrade run --stack STACK NAME  --limit overcloud-computehci-0,overcloud-computehci-1,overcloud-computehci-2
    Copy to Clipboard Toggle word wrap

22.4. Synchronizing the overcloud stack
Copy link

The upgrade requires an update the overcloud stack to ensure that the stack resource structure and parameters align with a fresh deployment of OpenStack Platform 16.1.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Edit the containers-prepare-parameter.yaml file and remove the following parameters and their values:

    • ceph3_namespace
    • ceph3_tag
    • ceph3_image
    • name_prefix_stein
    • name_suffix_stein
    • namespace_stein
    • tag_stein
  3. To re-enable fencing in your overcloud, set the EnableFencing parameter to true in the fencing.yaml environment file.

  4. Run the upgrade finalization command: 

    $ openstack overcloud upgrade converge \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    -e /home/stack/templates/rhsm.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Include the following options relevant to your environment:

    • The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
    • The environment file (fencing.yaml) with the EnableFencing parameter set to true.
    • The environment file (rhsm.yaml) with the registration and subscription parameters (-e).
    • The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
    • The environment file (neutron-ovs.yaml) to maintain OVS compatibility.
    • Any custom configuration environment files (-e) relevant to your deployment.
    • If applicable, your custom roles (roles_data) file using --roles-file.
    • If applicable, your composable network (network_data) file using --networks-file.
    • If you use a custom stack name, pass the name with the --stack option.
  5. Wait until the stack synchronization completes.
Important

You do not need the upgrades-environment.yaml file for any further deployment operations.

If your deployment uses a Red Hat Ceph Storage cluster that was deployed using director, you must complete the procedures included in this section.

Important

When you upgrade a Red Hat Ceph Storage cluster from a previous supported version to version 4.2z2, the upgrade completes with the storage cluster in a HEALTH_WARN state with a warning message that states monitors are allowing insecure global_id reclaim. This is due to the patched CVE (CVE-2021-20288), see Ceph HEALTH_WARN with 'mons are allowing insecure global_id reclaim' after install/upgrade to RHCS 4.2z2 (or newer).

Because the HEALTH_WARN state is displayed due to the CVE, it is possible to mute health warnings temporarily. However, there is a risk that if you mute warnings you do not have visibility about potential older and unpatched clients connected to your cluster. For more information about muting health warnings, see Upgrading a Red Hat Ceph Storage cluster in the Red Hat Ceph Storage documentation.

Important

Do not disable global_id_reclaim manually until all clients are upgraded and patched otherwise they cannot connect. You can run the following command as the root user to view a list of unpatched clients that are connected to the cluster: 

# ceph health detail
Copy to Clipboard Toggle word wrap

After you upgrade the overcloud, upgrade your director-deployed Ceph Storage cluster to Red Hat Ceph Storage cluster to version 4.

23.1. Installing ceph-ansible
Copy link

If your deployment uses a Red Hat Ceph Storage cluster that was deployed using director, you must complete this procedure.

The ceph-ansible package is required when you use Ceph Storage with Red Hat OpenStack Platform.

Procedure

  1. Enable the Ceph Tools repository: 

    [stack@director ~]$ sudo subscription-manager repos --enable=rhceph-4-tools-for-rhel-8-x86_64-rpms
    Copy to Clipboard Toggle word wrap

  2. Install the ceph-ansible package: 

    [stack@director ~]$ sudo dnf install -y ceph-ansible
    Copy to Clipboard Toggle word wrap

23.2. Upgrading to Ceph Storage 4
Copy link

Upgrade the Ceph Storage nodes from version 3 to version 4.

Note

If you are not using the default stack name (overcloud), set your stack name with the --stack STACK NAME option replacing STACK NAME with the name of your stack.

Procedure

  1. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the Ceph Storage external upgrade process with the ceph tag: 

    $ openstack overcloud external-upgrade run --stack STACK NAME --tags ceph
    Copy to Clipboard Toggle word wrap
  3. Wait until the Ceph Storage upgrade completes.

After you complete and verify the upgrade process, you must migrate your FileStore OSDs to BlueStore. You must complete the migration one node at a time. The following procedure uses ceph-ansible to complete the migration. This procedure only applies if the Ceph cluster is deployed by director.

Procedure

  1. Log in as the heat-admin user on a node with Ceph MON containers, such as Controller nodes or standalone Ceph MON nodes. For example, in a standard overcloud deployment, overcloud-controller-1 uses Ceph MON containers.

  2. Query the Ceph cluster to see what driver is in use by the OSDs: 

    [heat-admin@overcloud-controller-1 ~]$ sudo -i
[root@overcloud-controller-1 ~]# podman exec -it ceph-mon-overcloud-controller-1 sh -c "ceph -f json osd metadata" | jq -c 'sort_by(.hostname) | .[] | ["host", .hostname, "osd_id", .id, "objectstore", .osd_objectstore]'
[root@overcloud-controller-1 ~]#
    Copy to Clipboard Toggle word wrap
  3. If any line returns "objectstore": "filestore", that node requires OSD migration.
Warning

The migration time can vary depending on the size of your cluster. If you have a very large cluster, the migration time is proportional to the number of OSDs in that cluster and the amount of data stored. Ensure that you complete the migration as soon as possible so that your environment is not in a mixed architecture scenario, which can impact performance.

Warning

Because managing FileStore-based OSDs with Red Hat Ceph Storage (RHCS) 4 versions of ceph-ansible is not supported, complete the migration before you run any stack updates.

24.2. Migrating OSDs from FileStore to BlueStore
Copy link

To migrate from FileStore to BlueStore, director uses Ansible to delete and recreate all OSDs on the node. Director performs a capacity check before the migration process. Finally, director redploys the OSDs with the BlueStore back end.

Prerequisites

  • A healthy and running Red Hat Ceph Storage (RHCS) 4 cluster. You can check the cluster by entering the following command in a ceph MON container on a Controller or Standalone Ceph MON node: 

    [root@overcloud-controller-1 ~]# podman exec -it ceph-mon-overcloud-controller-1 sh -c  "ceph  -s"
    Copy to Clipboard Toggle word wrap

Procedure

  1. Ensure that osd_objectstore in the CephAnsibleDisksConfig parameter does not default to filestore. If the osd_objectstore parameter is present in any of your custom heat environment files, you must define the value bluestore explicitly or remove it: 

    parameter_defaults:
  CephAnsibleDisksConfig:
    devices:
      - /dev/sdb
      - /dev/sdc
      - /dev/sdd
    osd_scenario: lvm
   osd_objectstore: bluestore
    Copy to Clipboard Toggle word wrap
    Note

    If you have any specific FileStore configuration with, for example, journals, ensure that you update the configuration accordingly. For more information about advanced configurations, see Mapping the Ceph Storage Node Disk Layout in the Deploying an overcloud with containerized Red Hat Ceph guide.

  2. Log in to the undercloud as the stack user.

  3. Enter the openstack overcloud external-upgrade run command with the ceph_fstobs tag. Replace <NODE_NAME> with the name of the Ceph OSD node you want to upgrade. You can use the openstack server list command to find the node name. 

    [stack@undercloud ~] $ openstack overcloud external-upgrade run --tags ceph_fstobs -e ceph_ansible_limit=<NODE_NAME> | tee oc-fstobs.log
    Copy to Clipboard Toggle word wrap

  4. Log in to a node that has Ceph MON services and query the Ceph cluster to check the status of the OSDs of the node you have upgraded. Before you can start the migration of the next OSD node, you must ensure that the one you have upgraded is successfully migrated: 

    [heat-admin@overcloud-controller-1 ~]$ sudo -i
[root@overcloud-controller-1 ~]# podman exec -it ceph-mon-overcloud-controller-1 sh -c "ceph -f json osd metadata" | jq -c '.[] | select(.hostname == "<NODE_NAME>") | ["host", .hostname, "osd_id", .id, "objectstore", .osd_objectstore]'
[root@overcloud-controller-1 ~]# exit
    Copy to Clipboard Toggle word wrap

    Replace <NODE_NAME> with the name of the node that was migrated. If the result shows that the OSDs use BlueStore, its migration is successful.

  5. Optional: To view additional details about a specific OSD, enter the following command: 

    [root@overcloud-controller-1 ~]# podman exec -it ceph-mon-overcloud-controller-1 sh -c "ceph osd metadata <ID>"
    Copy to Clipboard Toggle word wrap

    Replace <ID> with the ID of the OSD you want to query.

  6. Before you can start the migration process on the next node, you must wait for the cluster to synchronize. 

    [root@overcloud-controller-1 ~]# podman exec -it ceph-mon-overcloud-controller-1 sh -c  "ceph  -s"
    Copy to Clipboard Toggle word wrap 
    Review the command output and ensure that the health of the cluster is `HEALTH_OK` and the PGs are in the `active+clean` state.
    Copy to Clipboard Toggle word wrap

  7. Before you can start the migration process on the next node, you must wait for the cluster rebalancing process to complete. To follow the status, run the following command: 

    [heat-admin@overcloud-controller-0 ~]$ sudo podman exec ceph-mon-<NODE_NAME> ceph -w
    Copy to Clipboard Toggle word wrap

    Replace <NODE_NAME> with the name of the node that was migrated.

  8. Repeat the migration process for each node in the storage cluster.

For more information about migration from FileStore to BlueStore, see BlueStore in the Red Hat Ceph Storage Administration Guide.

You can check the status of an OSD to ensure that you have successfully completed the migration.

Procedure

  1. Log in as the heat-admin user to a ceph-mon container that is hosted on one of the Controller nodes.

  2. Query the Ceph cluster: 

    [heat-admin@overcloud-controller-1 ~]$ sudo -i
[root@overcloud-controller-1 ~]# podman exec -it ceph-mon-overcloud-controller-1 sh -c "ceph -f json osd metadata" | jq -c 'sort_by(.hostname) | .[] | ["host", .hostname, "osd_id", .id, "objectstore", .osd_objectstore]'
[root@overcloud-controller-1 ~]#
    Copy to Clipboard Toggle word wrap

If the configuration shows that all the OSDs across the cluster use BlueStore, the migration is successful.

Important

A recommended best practice is to run an idempotent stack update to ensure that the configuration definition and the actual configuration match. The stack update duration varies depending on the size of your system, so to reduce downtime you can plan to complete the migration during a maintenance window.

Chapter 25. Performing post-upgrade actions
Copy link

After you have completed the overcloud upgrade, you must perform some post-upgrade configuration to ensure that your environment is fully supported and ready for future operations.

After the Leapp upgrade, remove the unnecessary packages and directories that remain on the undercloud.

Procedure

  1. Remove the unnecessary packages 

    $ sudo dnf -y remove --exclude=python-pycadf-common python2*
    Copy to Clipboard Toggle word wrap

  2. Remove the content from the /httpboot and /tftpboot directories that includes old images used in Red Hat OpenStack 13: 

    $ sudo rm -rf /httpboot /tftpboot
    Copy to Clipboard Toggle word wrap

25.2. Validating the post-upgrade functionality
Copy link

Run the post-upgrade validation group to check the post-upgrade functionality.

Procedure

  1. Source the stackrc file. 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  2. Run the openstack tripleo validator run command with the --group post-upgrade option: 

    $ openstack tripleo validator run --group post-upgrade
    Copy to Clipboard Toggle word wrap

  3. Review the results of the validation report. To view detailed output from a specific validation, run the openstack tripleo validator show run --full command against the UUID of the specific validation from the report: 

    $ openstack tripleo validator show run --full <UUID>
    Copy to Clipboard Toggle word wrap
Important

A FAILED validation does not prevent you from deploying or running Red Hat OpenStack Platform. However, a FAILED validation can indicate a potential issue with a production environment.

25.3. Upgrading the overcloud images
Copy link

You must replace your current overcloud images with new versions. The new images ensure that the director can introspect and provision your nodes using the latest version of OpenStack Platform software.

Prerequisites

  • You have upgraded the undercloud to the latest version.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file. 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap

  3. Install the packages containing the overcloud QCOW2 archives: 

    $ sudo dnf install rhosp-director-images rhosp-director-images-ipa
    Copy to Clipboard Toggle word wrap

  4. Remove any existing images from the images directory on the stack user’s home (/home/stack/images): 

    $ rm -rf ~/images/*
    Copy to Clipboard Toggle word wrap

  5. Extract the archives: 

    $ cd ~/images
$ for i in /usr/share/rhosp-director-images/overcloud-full-latest-16.1.tar /usr/share/rhosp-director-images/ironic-python-agent-latest-16.1.tar; do tar -xvf $i; done
$ cd ~
    Copy to Clipboard Toggle word wrap

  6. Import the latest images into the director: 

    $ openstack overcloud image upload --update-existing --image-path /home/stack/images/
    Copy to Clipboard Toggle word wrap

  7. Configure your nodes to use the new images: 

    $ openstack overcloud node configure $(openstack baremetal node list -c UUID -f value)
    Copy to Clipboard Toggle word wrap
Important

When you deploy overcloud nodes, ensure that the overcloud image version corresponds to the respective heat template version. For example, use the OpenStack Platform 16.1 images only with the OpenStack Platform 16.1 heat templates.

Important

The new overcloud-full image replaces the old overcloud-full image. If you made changes to the old image, you must repeat the changes in the new image, especially if you want to deploy new nodes in the future.

25.4. Updating CPU pinning parameters
Copy link

Red Hat OpenStack Platform 16.1 uses new parameters for CPU pinning:

NovaComputeCpuDedicatedSet
Sets the dedicated (pinned) CPUs.
NovaComputeCpuSharedSet
Sets the shared (unpinned) CPUs.

You must migrate the CPU pinning configuration from the NovaVcpuPinSet parameter to the NovaComputeCpuDedicatedSet and NovaComputeCpuSharedSet parameters after completing the upgrade to Red Hat OpenStack Platform 16.1.

Procedure

  1. Log in to the undercloud as the stack user.

  2. If your Compute nodes support simultaneous multithreading (SMT) but you created instances with the hw:cpu_thread_policy=isolate policy, you must perform one of the following options:

    • Unset the hw:cpu_thread_policy thread policy and resize the instances:

      1. Source your overcloud authentication file: 

        $ source ~/overcloudrc
        Copy to Clipboard Toggle word wrap

      2. Unset the hw:cpu_thread_policy property of the flavor: 

        (overcloud) $ openstack flavor unset --property hw:cpu_thread_policy <flavor>
        Copy to Clipboard Toggle word wrap
        Note
        • Unsetting the hw:cpu_thread_policy attribute sets the policy to the default prefer policy, which sets the instance to use an SMT-enabled Compute node if available. You can also set the hw:cpu_thread_policy attribute to require, which sets a hard requirements for an SMT-enabled Compute node.
        • If the Compute node does not have an SMT architecture or enough CPU cores with available thread siblings, scheduling will fail. To prevent this, set hw:cpu_thread_policy to prefer instead of require. The default prefer policy ensures that thread siblings are used when available.
        • If you use hw:cpu_thread_policy=isolate, you must have SMT disabled or use a platform that does not support SMT.

      3. Convert the instances to use the new thread policy. 

        (overcloud) $ openstack server resize --flavor <flavor> <server>
(overcloud) $ openstack server resize confirm <server>
        Copy to Clipboard Toggle word wrap

        Repeat this step for all pinned instances using the hw:cpu_thread_policy=isolated policy.

    • Migrate instances from the Compute node and disable SMT on the Compute node:

      1. Source your overcloud authentication file: 

        $ source ~/overcloudrc
        Copy to Clipboard Toggle word wrap

      2. Disable the Compute node from accepting new virtual machines: 

        (overcloud) $ openstack compute service list
(overcloud) $ openstack compute service set <hostname> nova-compute --disable
        Copy to Clipboard Toggle word wrap
      3. Migrate all instances from the Compute node. For more information on instance migration, see Migrating virtual machine instances between Compute nodes.
      4. Reboot the Compute node and disable SMT in the BIOS of the Compute node.
      5. Boot the Compute node.

      6. Re-enable the Compute node: 

        (overcloud) $ openstack compute service set <hostname> nova-compute --enable
        Copy to Clipboard Toggle word wrap

  3. Source the stackrc file: 

    $ source ~/stackrc
    Copy to Clipboard Toggle word wrap
  4. Edit the environment file that contains the NovaVcpuPinSet parameter.

  5. Migrate the CPU pinning configuration from the NovaVcpuPinSet parameter to NovaComputeCpuDedicatedSet and NovaComputeCpuSharedSet:

    • Migrate the value of NovaVcpuPinSet to NovaComputeCpuDedicatedSet for hosts that were previously used for pinned instances.
    • Migrate the value of NovaVcpuPinSet to NovaComputeCpuSharedSet for hosts that were previously used for unpinned instances.
    • If there is no value set for NovaVcpuPinSet, then all Compute node cores should be assigned to either NovaComputeCpuDedicatedSet or NovaComputeCpuSharedSet, depending on the type of instances you intend to host on the nodes.

    For example, your previous environment file might contain the following pinning configuration: 

    parameter_defaults:
  ...
  NovaVcpuPinSet: 1,2,3,5,6,7
  ...
    Copy to Clipboard Toggle word wrap

    To migrate the configuration to a pinned configuration, set the NovaComputeCpuDedicatedSet parameter and unset the NovaVcpuPinSet parameter: 

    parameter_defaults:
  ...
  NovaComputeCpuDedicatedSet: 1,2,3,5,6,7
  NovaVcpuPinSet: ""
  ...
    Copy to Clipboard Toggle word wrap

    To migrate the configuration to an unpinned configuration, set the NovaComputeCpuSharedSet parameter and unset the NovaVcpuPinSet parameter: 

    parameter_defaults:
  ...
  NovaComputeCpuSharedSet: 1,2,3,5,6,7
  NovaVcpuPinSet: ""
  ...
    Copy to Clipboard Toggle word wrap
    Important

    Ensure the configuration of either NovaComputeCpuDedicatedSet or NovaComputeCpuSharedSet matches the configuration defined in NovaVcpuPinSet. To change the configuration for either of these, or to configure both NovaComputeCpuDedicatedSet or NovaComputeCpuSharedSet, ensure the Compute nodes with the pinning configuration are not running any instances before updating the configuration.

  6. Save the file.

  7. Run the deployment command to update the overcloud with the new CPU pinning parameters. 

    (undercloud) $ openstack overcloud deploy \
    --stack _STACK NAME_ \
    --templates \
    ...
    -e /home/stack/templates/<compute_environment_file>.yaml
    ...
    Copy to Clipboard Toggle word wrap

Additional resources

25.5. Migrating users to the member role
Copy link

In Red Hat OpenStack Platform 13, the default member role is called _member_.
In Red Hat OpenStack Platform 16.1, the default member role is called member.

When you complete the upgrade from Red Hat OpenStack Platform 13 to Red Hat OpenStack Platform 16.1, users that you assigned to the _member_ role still have that role. You can migrate all of the users to the member role by using the following steps.

Prerequisites

  • You have upgraded the overcloud to the latest version.

Procedure

  1. List all of the users on your cloud that have the _member_ role: 

    openstack role assignment list --names --role _member_ --sort-column project
    Copy to Clipboard Toggle word wrap

  2. For each user, remove the _member_ role, and apply the member role: 

    openstack role remove --user <user> --project <project>  _member_
openstack role add --user <user> --project <project>  member
    Copy to Clipboard Toggle word wrap

Chapter 26. Troubleshooting upgrade issues
Copy link

If you experience any issues with during the upgrade process, refer to the advice in this section.

26.1. Correcting environment files
Copy link

If you have made a mistake with any parameters in any custom environment files, you can correct the environment file and run the openstack overcloud upgrade prepare command at any time during the upgrade. This command uploads a new version of your overcloud plan to director, which will generate a new set of config-download playbooks.

This example contains a repository name mistake in the upgrades-environment.yaml file: 

parameter_defaults:
  UpgradeLeappEnabled: true
  UpgradeLeappCommandOptions: "--enablerepo rhel-7-for-x86_64-baseos-eus-rpms --enablerepo rhel-8-for-x86_64-appstream-eus-rpms --enablerepo fast-datapath-for-rhel-8-x86_64-rpms"
  CephAnsibleRepo: rhceph-4-tools-for-rhel-8-x86_64-rpms
Copy to Clipboard Toggle word wrap

This mistake causes an issue during the Leapp upgrade for the Controller node. To rectify this issue, correct the mistake and run the openstack overcloud upgrade prepare command.

Procedure

  1. Correct the mistake in the file: 

    parameter_defaults:
  UpgradeLeappEnabled: true
  UpgradeLeappCommandOptions: "--enablerepo rhel-8-for-x86_64-baseos-tus-rpms --enablerepo rhel-8-for-x86_64-appstream-tus-rpms --enablerepo fast-datapath-for-rhel-8-x86_64-rpms"
  CephAnsibleRepo: rhceph-4-tools-for-rhel-8-x86_64-rpms
    Copy to Clipboard Toggle word wrap

  2. Run the upgrade preparation command with the corrected file: 

    $ openstack overcloud upgrade prepare \
    --stack STACK NAME \
    --templates \
    -e ENVIRONMENT FILE
    …​
    -e /home/stack/templates/upgrades-environment.yaml \
    …​
    Copy to Clipboard Toggle word wrap

    Wait until the overcloud stack update completes.

  3. Continue with the upgrade operation step that failed.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat