Chapter 2. Updating the undercloud
You can use director to update the main packages on the undercloud node. To update the undercloud and its overcloud images to the latest Red Hat OpenStack Platform (RHOSP) 17.1 version, complete the following procedures:
Prerequisites
- Before you can update the undercloud to the latest RHOSP 17.1 version, ensure that you complete all the update preparation procedures. For more information, see Chapter 1, Preparing for a minor update
2.1. Validating RHOSP before the undercloud update
Before you update your Red Hat OpenStack Platform (RHOSP) environment, validate your undercloud with the tripleo-validations
playbooks.
For more information about validations, see Using the validation framework in Installing and managing Red Hat OpenStack Platform with director.
Procedure
-
Log in to the undercloud host as the
stack
user. Source the
stackrc
undercloud credentials file:$ source ~/stackrc
Install the packages for validation:
$ sudo dnf -y update openstack-tripleo-validations python3-validations-libs validations-common
Run the validation:
$ validation run -i ~/overcloud-deploy/<stack>/config-download/<stack>/tripleo-ansible-inventory.yaml --group pre-update
- Replace <stack> with the name of the stack.
Verification
- To view the results of the validation report, see Viewing validation history in Installing and managing Red Hat OpenStack Platform with director.
If a host is not found when you run a validation, the command reports the status as SKIPPED
. A status of SKIPPED
means that the validation is not executed, which is expected. Additionally, if a validation’s pass criteria is not met, the command reports the status as FAILED
. A FAILED
validation does not prevent you from using your updated RHOSP environment. However, a FAILED
validation can indicate an issue with your environment.
2.2. Validating your SSH key size
Starting with Red Hat Enterprise Linux (RHEL) 9.1, a minimum SSH key size of 2048 bits is required. If your current SSH key on Red Hat OpenStack Platform (RHOSP) director is less than 2048 bits, you can lose access to the overcloud. You must verify that your SSH key meets the required bit size.
Procedure
Validate your SSH key size:
ssh-keygen -l -f ~/.ssh/id_rsa.pub
Example output:
1024 SHA256:Xqz0Xz0/aJua6B3qRD7VsLr6n/V3zhmnGSkcFR6FlJw stack@director.example.local (RSA)
- If your SSH key is less than 2048 bits, you must rotate out the SSH key before continuing. For more information, see Updating SSH keys in your OpenStack environment in Hardening Red Hat OpenStack Platform.
2.3. Performing a minor update of a containerized undercloud
Director provides commands to update the main packages on the undercloud node. Use director to perform a minor update within the current version of your RHOSP environment.
Procedure
-
Log in to the undercloud host as the
stack
user. Source the
stackrc
undercloud credentials file:$ source ~/stackrc
Update the director main packages with the
dnf update
command:$ sudo dnf update -y python3-tripleoclient ansible-*
Update the undercloud environment:
$ openstack undercloud upgrade
- Wait until the undercloud update process completes.
Reboot the undercloud to update the operating system’s kernel and other system packages:
$ sudo reboot
- Wait until the node boots.
2.4. Updating the overcloud images
You must replace your current overcloud images with new versions to ensure that director can introspect and provision your nodes with the latest version of the RHOSP software.
Prerequisites
- You have updated the undercloud node to the latest version. For more information, see Section 2.3, “Performing a minor update of a containerized undercloud”.
-
You have installed the
rhosp-director-images-uefi-x86_64
package. For more information about installing packages, see Installing the overcloud images in the Installing and managing Red Hat OpenStack Platform with director.
Procedure
-
Log in to the undercloud host as the
stack
user. Source the
stackrc
undercloud credentials file:$ source ~/stackrc
Remove any existing images from the
images
directory on thestack
user’s home (/home/stack/images
):$ rm -rf ~/images/*
Extract the archives:
cd ~/images for i in /usr/share/rhosp-director-images/ironic-python-agent-latest-17.1.tar /usr/share/rhosp-director-images/overcloud-hardened-uefi-full-latest-17.1.tar; do tar -xvf $i; done cd ~
Import the latest images into the director:
$ openstack overcloud image upload --update-existing --image-path /home/stack/images/
Configure your nodes to use the new images:
$ openstack overcloud node configure $(openstack baremetal node list -c UUID -f value)
Verify the existence of the new images:
$ ls -l /var/lib/ironic/httpboot /var/lib/ironic/images
- When you deploy overcloud nodes, ensure that the overcloud image version corresponds to the respective heat template version. For example, use only the RHOSP 17.1 images with the RHOSP 17.1 heat templates.
-
If you deployed a connected environment that uses the Red Hat Customer Portal or Red Hat Satellite Server, the overcloud image and package repository versions might be out of sync. To ensure that the overcloud image and package repository versions match, you can use the
virt-customize
tool. For more information, see the Red Hat Knowledgebase solution Modifying the Red Hat Linux OpenStack Platform Overcloud Image with virt-customize. -
The new
overcloud-full
image replaces the oldovercloud-full
image. If you made changes to the old image, you must repeat the changes in the new image, especially if you want to deploy new nodes in the future.