Framework for upgrades (16.2 to 17.1)

Chapter 1. About the Red Hat OpenStack Platform framework for upgrades
Copy link

The Red Hat OpenStack Platform (RHOSP) framework for upgrades is a workflow to upgrade your RHOSP environment from one long life version to the next long life version. This workflow is an in-place solution and the upgrade occurs within your existing environment.

Important

Before you begin the upgrade, open a proactive support case at least 10 days before your planned maintenance window. Proactive support cases provide an opportunity for Red Hat Support to review your templates and process, and potentially avoid any issues during the upgrade. For more information about opening proactive support cases, see the Red Hat Knowledgebase article How to open a proactive case for a planned activity on Red Hat OpenStack Platform?.

1.1. High-level changes in Red Hat OpenStack Platform 17.1
Copy link

The following high-level changes occur during the upgrade to Red Hat OpenStack Platform (RHOSP) 17.1:

The RHOSP upgrade and the operating system upgrade are separated into two distinct phases. You upgrade RHOSP first, then you upgrade the operating system.
You can upgrade a portion of your Compute nodes to RHEL 9.2 while the rest of your Compute nodes remain on RHEL 8.4. This is called a Multi-RHEL environment.
With an upgrade to Red Hat Ceph Storage 5, cephadm now manages Red Hat Ceph Storage. Previous versions of Red Hat Ceph Storage were managed by ceph-ansible. You can upgrade your Red Hat Ceph Storage nodes from version 5 to version 6 after the upgrade to RHOSP 17.1 is complete. Otherwise, Red Hat Ceph Storage nodes can remain on version 5 with RHOSP 17.1 until the end of the Red Hat Ceph Storage 5 lifecycle. To upgrade from Red Hat Ceph Storage version 5 to version 6, begin with one of the following procedures for your environment:
- Director-deployed Red Hat Ceph Storage environments: Updating the cephadm client
- External Red Hat Ceph Storage cluster environments: Updating the Red Hat Ceph Storage container image
By default, the RHOSP overcloud uses Open Virtual Network (OVN) as the default ML2 mechanism driver in versions 16.2 and 17.1.
If your RHOSP 16.2 deployment uses the OVS mechanism driver, you must upgrade to 17.1 with the OVS mechanism driver. Do not attempt to change the mechanism driver during the upgrade. After the upgrade, you can migrate from the OVS to the OVN mechanism driver. See Migrating to the OVN mechanism driver.
In ML2/OVN deployments, you can enable egress minimum and maximum bandwidth policies for hardware offloaded ports.
For more information, see Configuring the Networking service for QoS policies in Configuring Red Hat OpenStack Platform networking.
The undercloud and overcloud both run on Red Hat Enterprise Linux 9.

1.2. Familiarize yourself with Red Hat OpenStack Platform 17.1
Copy link

Before you perform an upgrade, familiarize yourself with Red Hat OpenStack Platform 17.1 to help you understand the resulting environment and any potential version-to-version changes that might affect your upgrade. To familiarize yourself with Red Hat OpenStack Platform 17.1, follow these suggestions:

Read the release notes for all versions across the upgrade path and identify any potential aspects that require planning:
- Components that contain new features
- Known issues
Open the release notes for each version using these links:
- Red Hat OpenStack Platform 16.2, which is your source version
- Red Hat OpenStack Platform 17.1 which is your target version
Read the Installing and managing Red Hat OpenStack Platform with director guide for version 17.1 and familiarize yourself with any new requirements and processes in this guide.
Familiarize yourself with the structure and format of heat templates, and the architecture of custom roles and composable services.
- For more information about heat templates and roles, see the following chapters in Customizing your Red Hat OpenStack Platform deployment:
  - Composable services and custom roles
  - Understanding heat templates
- For more information about tuning the parameters in your heat templates for better deployment performance, see the following chapter in Installing and managing Red Hat OpenStack Platform with director:
  - Tuning deployment performance
Install a proof-of-concept Red Hat OpenStack Platform 17.1 undercloud and overcloud. Develop hands-on experience of the target OpenStack Platform version and investigate potential differences between the target version and your current version.

1.3. Changes in Red Hat Enterprise Linux 9
Copy link

The Red Hat OpenStack Platform (RHOSP) 17.1 uses Red Hat Enterprise Linux (RHEL) 9.2 as the base operating system. As a part of the upgrade process, you will upgrade the base operating system of nodes to RHEL 9.2.

Before beginning the upgrade, review the following information to familiarize yourself with RHEL 9:

If your system contains packages with RSA/SHA-1 signatures, you must remove them or contact the vendor to get packages with RSA/SHA-256 signatures before you upgrade to RHOSP 17.1. For more information, see SHA-1 deprecation in Red Hat Enterprise Linux 9.
For more information about the latest changes in RHEL 9, see the Red Hat Enterprise Linux 9.2 Release Notes.
For more information about the key differences between Red Hat Enterprise Linux 8 and 9, see Considerations in adopting RHEL 9.
For general information about Red Hat Enterprise Linux 9, see Product Documentation for Red Hat Enterprise Linux 9.
For more information about upgrading from RHEL 8 to RHEL 9, see Upgrading from RHEL 8 to RHEL 9.

1.4. Leapp upgrade usage in Red Hat OpenStack Platform
Copy link

The long-life Red Hat OpenStack Platform upgrade requires a base operating system upgrade from Red Hat Enterprise Linux (RHEL) 8.4 to RHEL 9.2. The upgrade process uses the Leapp utility to perform the upgrade to RHEL 9.2. However, some aspects of the Leapp upgrade are customized to ensure that you are upgrading specifically from RHEL 8.4 to RHEL 9.2. To upgrade your operating system to RHEL 9.2, see Performing the undercloud system upgrade.

Limitations

For information on potential limitations that might affect your upgrade, see the following sections from the Upgrading from RHEL 8 to RHEL 9 guide:

If any known limitations affect your environment, seek advice from the Red Hat Technical Support Team.

Troubleshooting

For information about troubleshooting potential Leapp issues, see Troubleshooting in Upgrading from RHEL 8 to RHEL 9.

1.5. Guidelines for planning the upgrade
Copy link

When planning to upgrade a Red Hat OpenStack Platform (RHOSP) environment from 16.2 to 17.1, consider the scope of the change. A RHOSP upgrade is similar in scope to a data center upgrade. Different firmware levels, hardware vendors, hardware profiles, networking interfaces, storage interfaces, and so on affect the upgrade process and can cause changes in behavior during the upgrade.

Review the following guidelines to adequately plan for the upgrade and increase the chance that you complete the upgrade successfully:

Important

All commands in the upgrade documentation are examples. Do not copy and paste the commands without understanding what the commands do.

Use the following documentation to identify any parameters in your templates that are deprecated. You must update these parameters in the templates you plan to use during the upgrade:
- Overcloud parameters
- Configuration reference
To minimize the risk of an upgrade failure, reduce the number of environmental differences between the staging environment and the production sites.
If the staging environment is not representative of the production sites or if a staging environment is not available, you must plan to include contingency time in case the upgrade fails.
Review your custom RHOSP service configuration at every major release.
- Every major release upgrades through multiple OpenStack releases.
- Each major release might deprecate configuration options or change the format of the configuration.
Prepare a Method of Procedure (MOP) that is specific to your environment to reduce the risk of variance or omitted steps when running the upgrade process.
You can use representative hardware in a staging environment to prepare a MOP and validate any content changes.
- Include a cross-section of firmware versions, additional interface or device hardware, and any additional software in the representative staging environment to ensure that it is broadly representative of the variety that is present in the production environments.
- Ensure that you validate any Red Hat Enterprise Linux update or upgrade in the representative staging environment.
Use Satellite for localized and version-pinned RPM content for your control plane and data plane.
In the production environment, use the content that you tested in the staging environment.

1.6. Upgrade framework for long life versions
Copy link

You can use the Red Hat OpenStack Platform (RHOSP) upgrade framework to perform an in-place upgrade path through multiple versions of the overcloud. The goal is to provide you with an opportunity to remain on certain OpenStack versions that are considered long life versions and upgrade when the next long life version is available.

The Red Hat OpenStack Platform upgrade process also upgrades the version of Red Hat Enterprise Linux (RHEL) on your nodes.

This guide provides an upgrade framework through the following versions:

Expand

Current Version	Target Version
Red Hat OpenStack Platform 16.2.4 and later	Red Hat OpenStack Platform 17.1 latest

For detailed support dates and information on the lifecycle support for Red Hat OpenStack Platform, see Red Hat OpenStack Platform Life Cycle.

Upgrade paths for long life releases

Familiarize yourself with the possible update and upgrade paths before you begin an upgrade. If you are using an environment that is earlier than RHOSP 16.2.4, before you upgrade from major version to major version, you must first update your existing environment to the latest minor release.

For example, if your current deployment is Red Hat OpenStack Platform (RHOSP) 16.2.1 on Red Hat Enterprise Linux (RHEL) 8.4, you must perform a minor update to the latest RHOSP 16.2 version before you upgrade to RHOSP 17.1.

Note

You can view your current RHOSP and RHEL versions in the /etc/rhosp-release and /etc/redhat-release files.

Expand

Table 1.1. Updates version path
Current version	Target version
RHOSP 16.2.x on RHEL 8.4	RHOSP 16.2 latest on RHEL 8.4 latest
RHOSP 17.0.x on RHEL 9.0	RHOSP 17.0 latest on RHEL 9.0 latest
RHOSP 17.0.x on RHEL 9.0	RHOSP 17.1 latest on RHEL 9.2 latest
RHOSP 17.1.x on RHEL 9.2	RHOSP 17.1 latest on RHEL 9.2 latest

For more information, see Performing a minor update of Red Hat OpenStack Platform.

Expand

Table 1.2. Upgrades version path
Current version	Target version
RHOSP 16.2 on RHEL 8.4	RHOSP 17.1 latest on RHEL 9.2 latest

Red Hat provides two options for upgrading your environment to the next long life release:

In-place upgrade: Perform an upgrade of the services in your existing environment. This guide primarily focuses on this option.
Parallel migration: Create a new RHOSP 17.1 environment and migrate your workloads from your current environment to the new environment. For more information about RHOSP parallel migration, contact Red Hat Global Professional Services.

1.7. Upgrade duration and impact
Copy link

The durations in the following table were recorded in a test environment that consisted of an overcloud with 200 nodes, and 9 Ceph Storage hosts with 17 object storage daemons (OSDs) each. The durations in the table might not apply to all production environments. For example, if your hardware has low specifications or an extended boot period, allow for more time with these durations. Durations also depend on network I/O to container and package content, and disk I/O on the host.

To accurately estimate the upgrade duration for each task, perform these procedures in a test environment with hardware that is similar to your production environment.

Expand

Table 1.3. Duration and impact of In-place upgrade
	Duration	Notes
Undercloud upgrade	30 minutes	No disruption to the overcloud.
Overcloud adoption and preparation	10 minutes for bare metal adoption 30 minutes for upgrade prepare	Duration scales based on the size of the overcloud. No disruption to the overcloud.
Red Hat Ceph Storage upgrade	Ceph upgrade ansible run: 90 minutes total, 10 minutes per node Ceph ansible run for cephadm adoption: 30 minutes total, 3 minutes per node Post ceph upgrade and adoption overcloud upgrade prepare: 20 minutes	Duration scales based on the number of Red Hat Ceph Storage hosts and OSDs. Storage performance is degraded.
Overcloud OpenStack upgrade	120 minutes	Duration scales based on the size of the overcloud. During this process, agents are restarted and API transactions might be lost. Disable client access to the OpenStack API during this stage. Workloads that are running in the overcloud remain active. The upgrade does not affect the following: Red Hat Ceph Storage OSDs (back-end storage for instances) Network connectivity (East-West, North-South) Undercloud
Undercloud system upgrade	40 minutes	Includes multiple reboots. Reboot times are hardware dependent. Includes SELinux relabeling. Hosts with large numbers of files take significantly longer. No disruption to the overcloud.
Overcloud non-Compute host system upgrade	30 minutes for upgrade prepare 40 minutes per host system upgrade	Includes multiple reboots. Reboot times are hardware dependent. Workloads that are running in the overcloud remain active. Includes SELinux relabeling. Hosts with large numbers of files take significantly longer. Performance is degraded.
Overcloud Compute host upgrade	40 minutes per batch of hosts 30 minutes for upgrade prepare	You run upgrade prepare on select batches of Compute nodes. The duration depends on the number of Compute nodes in each batch. There is no outage. Includes multiple reboots. Reboot times are hardware dependent. Includes SELinux relabeling. Hosts with large numbers of files take significantly longer. To prevent workload outages during the reboot, you can migrate the workloads to another host beforehand.

1.8. Known issues that might block an upgrade
Copy link

For more information about the known issues that might affect a successful upgrade, see Known issues that might block a RHOSP 17.1 upgrade.

Chapter 2. Planning for an in-place upgrade
Copy link

Before you conduct an in-place upgrade of your OpenStack Platform environment, create a plan for the upgrade, review the support requirements, and accommodate any potential obstacles that might block a successful upgrade.

2.1. Minor version update requirement
Copy link

To upgrade from Red Hat OpenStack Platform (RHOSP) 16.2 to 17.1, your environment must be running RHOSP version 16.2.4 or later. If you are using a version of RHOSP that is earlier than 16.2.4, update the environment to the latest minor version of your current release. For example, update your Red Hat OpenStack Platform 16.2.3 environment to the latest 16.2 version before upgrading to Red Hat OpenStack Platform 17.1.

For instructions on performing a minor version update for Red Hat OpenStack Platform 16.2, see Keeping Red Hat OpenStack Platform Updated.

2.2. Storage driver certification
Copy link

Before you upgrade, confirm deployed storage drivers are certified for use with Red Hat OpenStack Platform 17.1.

For information on software certified for use with Red Hat OpenStack Platform 17.1, see Software certified for Red Hat OpenStack Platform 17.

2.3. Supported upgrade scenarios
Copy link

Before proceeding with the upgrade, check that your overcloud is supported.

Note

If you are uncertain whether a particular scenario not mentioned in these lists is supported, seek advice from the Red Hat Technical Support Team.

Supported scenarios

The following in-place upgrade scenarios are tested and supported:

Standard environments with default role types: Controller, Compute, and Ceph Storage OSD
Split-Controller composable roles
Ceph Storage composable roles
Hyper-Converged Infrastructure: Compute and Ceph Storage OSD services on the same node
Environments with Network Functions Virtualization (NFV) technologies: Single-root input/output virtualization (SR-IOV) and Data Plane Development Kit (DPDK)
Environments with Instance HA enabled
Edge and Distributed Compute Node (DCN) scenarios
Note
During an upgrade procedure, nova live migrations are supported. However, evacuations initiated by Instance HA are not supported. When you upgrade a Compute node, the node is shut down cleanly and any workload running on the node is not evacuated by Instance HA automatically. Instead, you must perform live migration manually.

Unsupported scenarios

The following in-place upgrade scenarios are not supported:

Upgrades with a single Controller node

2.4. Red Hat Virtualization upgrade process
Copy link

If you are running your control plane on Red Hat Virtualization, there is no effect on the Red Hat OpenStack Platform (RHOSP) upgrade process. The RHOSP upgrade is the same regardless of whether or not an environment is running on Red Hat Virtualization.

2.5. Backup and restore
Copy link

Before you upgrade your Red Hat OpenStack Platform (RHOSP) 16.2 environment, back up the undercloud and overcloud control plane by using one of the following options:

Back up your nodes before you perform an upgrade. For more information about backing up nodes before you upgrade, see Red Hat OpenStack Platform 16.2 Backing up and restoring the undercloud and control plane nodes.
Back up the undercloud node after you perform the undercloud upgrade and before you perform the overcloud upgrade. For more information about backing up the undercloud, see Creating a backup of the undercloud node in the Red Hat OpenStack Platform 17.1 Backing up and restoring the undercloud and control plane nodes.
Use a third-party backup and recovery tool that suits your environment. For more information about certified backup and recovery tools, see the Red Hat Ecosystem catalog.

2.6. Predictable IP configuration
Copy link

Starting in Red Hat OpenStack Platform 17.1, you can no longer use the ips-from-pool.yaml file to assign predictable IPs to your nodes. You must use the fixed_ip property in your bare-metal definition files to specify the IP address for your network. For more information, see Bare-metal node provisioning attributes and Provisioning bare metal nodes for the overcloud in Installing and managing Red Hat OpenStack Platform with director.

2.7. Proxy configuration
Copy link

If you use a proxy with your Red Hat OpenStack Platform 16.2 environment, the proxy configuration in the /etc/environment file will persist past the operating system upgrade and the Red Hat OpenStack Platform 17.1 upgrade.

For more information about proxy configuration for Red Hat OpenStack Platform 16.2, see Considerations when running the undercloud with a proxy in Installing and managing Red Hat OpenStack Platform with director.
For more information about proxy configuration for Red Hat OpenStack Platform 17.1, see Considerations when running the undercloud with a proxy in Installing and managing Red Hat OpenStack Platform with director.

2.8. Planning for a Compute node upgrade
Copy link

After you upgrade your Compute nodes from Red Hat OpenStack Platform (RHOSP) 16.2 to RHOSP 17.1, you can choose one of the following options to upgrade the Compute host operating system:

Keep a portion of your Compute nodes on Red Hat Enterprise Linux (RHEL) 8.4, and upgrade the rest to RHEL 9.2. This is referred to as a Multi-RHEL environment.
Upgrade all Compute nodes to RHEL 9.2, and complete the upgrade of the environment.
Keep all Compute nodes on RHEL 8.4. The lifecycle of RHEL 8.4 applies.

Benefits of a Multi-RHEL environment

You must upgrade all of your Compute nodes to RHEL 9.2 to take advantage of any hardware-related features that are only supported in RHOSP 17.1, such as vTPM and Secure Boot. However, you might require that some or all of your Compute nodes remain on RHEL 8.4. For example, if you certified an application for RHEL 8, you can keep your Compute nodes running on RHEL 8.4 to support the application without blocking the entire upgrade.

The option to upgrade part of your Compute nodes to RHEL 9.2 gives you more control over your upgrade process. You can prioritize upgrading the RHOSP environment within a planned maintenance window and defer the operating system upgrade to another time. Less downtime is required, which minimizes the impact to end users.

Note

If you plan to upgrade from RHOSP 17.1 to RHOSP 18.0, you must upgrade all hosts to RHEL 9.2. If you continue to run RHEL 8.4 on your hosts beyond the Extended Life Cycle Support phase, you must obtain a TUS subscription.

Limitations of a Multi-RHEL environment

The following limitations apply in a Multi-RHEL environment:

Compute nodes running RHEL 8 cannot consume NVMe-over-TCP Cinder volumes.
You cannot use different paths for socket files on RHOSP 16.2 and 17.1 for collectd monitoring.
You cannot mix ML2/OVN and ML2/OVS mechanism drivers. For example, if your RHOSP 16.2 deployment included ML2/OVN, your Multi-RHEL environment must use ML2/OVN.
FIPS is not supported in a Multi-RHEL environment. FIPs deployment is a Day 1 operation. FIPS is not supported in RHOSP 16.2. As a result, when you upgrade from RHOSP 16.2 to 17.1, the 17.1 environment does not include FIPS.
Instance HA is not supported in a Multi-RHEL environment.
Edge topologies are currently not supported.
If you are upgrading to RHOSP 17.1.3 or earlier, before you start the system upgrade, you must clear the workloads from each Compute host that you plan to upgrade. Any workloads that are running go into an error state. To avoid this issue, either live migrate your workloads from the Compute host to another host, or shut the workloads down. For more information about live migration, see Live migrating an instance in Configuring the Compute service for instance creation.

Important

All HCI nodes in supported Hyperconverged Infrastructure environments must use the same version of Red Hat Enterprise Linux as the version used by the Red Hat OpenStack Platform controllers. If you wish to use multiple Red Hat Enterprise versions in a hybrid state on HCI nodes in the same Hyperconverged Infrastructure environment, contact the Red Hat Customer Experience and Engagement team to discuss a support exception.

Upgrading Compute nodes

Use one of the following options to upgrade your Compute nodes:

To perform a Multi-RHEL upgrade of your Compute nodes, see Upgrading Compute nodes to a Multi-RHEL environment.
To upgrade all Compute nodes to RHEL 9.2, see Upgrading Compute nodes to RHEL 9.2.
If you are keeping all of your Compute nodes on RHEL 8.4, no additional configuration is required.

Chapter 3. Performing pre-upgrade actions
Copy link

Perform pre-upgrade actions to ensure that your Red Hat OpenStack Platform environment is ready to be upgraded and to avoid potential issues during the upgrade.

For more information about additional pre-upgrade checks to perform on the undercloud, see the Pre-upgrade Checks section in the Red Hat Knowledgebase article FFU 16.2 - 17.1. Undercloud Upgrade Checks.

3.1. Checking the health of the OVN cluster
Copy link

Before you upgrade your environment, validate that the OVN cluster is healthy. If the output from the overcloud Controller node shows the ovndb_servers resource in Failed Resource Actions, you must resolve this issue to avoid a data plane failure during the upgrade.

Procedure

Check the status of the OVN cluster resources and fix any issues:
```
$ sudo pcs status
```
Note
If you need help resolving any issues, contact Red Hat Support before you proceed with the upgrade.

Check in the Failed Resource Actions section of the output of the OVN cluster resources status for the following error:

Failed Resource Actions:
  * ovndb_servers_monitor_30000 on ovn-dbs-bundle-1 'not running' (7): call=24, status='complete', exitreason='', last-rc-change='2025-08-08 09:21:30Z', queued=0ms, exec=159ms

If you see the error, check the status of the ovndb_servers resource on controller-0:
```
$ sudo podman exec <ovn-dbs container> ovs-appctl -t /var/run/openvswitch/ovnnb_db.ctl ovsdb-server/sync-status
```
- Replace <ovn-dbs container> with the name of the ovn-dbs container that you want to check.
If the output includes a reference to the IP address, 192.0.2.254, instead of the virtual IP address, you must restart the ovn-dbs-bundle on the overcloud Controller node:
```
$ sudo pcs resource restart ovn-dbs-bundle
```
192.0.2.254 is a fallback IP address. Its presence in the output indicates that there is an issue.

Verification

Check the status of the OVN cluster resources and confirm that the Failed Resource Actions error is gone:
```
$ sudo pcs status
$ sudo podman exec <ovn-dbs container> ovs-appctl -t /var/run/openvswitch/ovnnb_db.ctl ovsdb-server/sync-status
```
If the error is still there, contact Red Hat Support for assistance.

3.2. Network configuration file conversion
Copy link

If your network configuration templates include the following functions, you must manually convert your NIC templates to Jinja2 Ansible format before you upgrade the undercloud. The following functions are not supported with automatic conversion:

'get_file'
'get_resource'
'digest'
'repeat'
'resource_facade'
'str_replace'
'str_replace_strict'
'str_split'
'map_merge'
'map_replace'
'yaql'
'equals'
'if'
'not'
'and'
'or'
'filter'
'make_url'
'contains'

For more information about manually converting your NIC templates, see Manually converting NIC templates to Jinja2 Ansible format in Customizing your Red Hat OpenStack Platform deployment.

3.3. Deployment file configuration
Copy link

Before you run the undercloud upgrade, extract the following files and check that there are no issues. If there are issues, the files might not generate during the undercloud upgrade. For more information about extracting the files, see Files are not generated after undercloud upgrade during RHOSP upgrade from 16.2 to 17.1.

tripleo-<stack>-passwords.yaml
tripleo-<stack>-network-data.yaml
tripleo-<stack>-virtual-ips.yaml
tripleo-<stack>-baremetal-deployment.yaml

3.4. Setting bare-metal provisioned nodes to the active state
Copy link

Before you upgrade your environment, you must confirm that all of your bare-metal provisioned nodes are in the ACTIVE state. If any nodes are in the MAINTENANCE state, you must unset the MAINTENANCE state. If any nodes remain in the MAINTENANCE state, you cannot proceed with the upgrade.

Procedure

Confirm that all bare-metal provisioned nodes are in the ACTIVE state:
```
$ openstack baremetal node list
```
If any nodes are in the MAINTENANCE state, identify and troubleshoot the root cause of the nodes that are in MAINTENANCE by running the following command and checking the last_error field:
```
$ openstack baremetal node show <node_uuid>
```
- Replace <node_uuid> with the UUID of the node.
Unset the MAINTENANCE state:
```
 $ openstack baremetal node maintenance unset <node_uuid>
```
Wait three to five minutes to see if the node returns to the MAINTENANCE state.
Important
If you are unable to remove the nodes from MAINTENANCE, contact Red Hat Support.

3.5. Replacing the unsupported OVNDBS service
Copy link

Before you upgrade from Red Hat OpenStack Platform 16.2 to 17.1, replace the following unsupported service to avoid an upgrade failure:

OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-pacemaker-puppet.yaml

Procedure

Open the configuration file that includes the following service:

OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-pacemaker-puppet.yaml

Replace OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-pacemaker-puppet.yaml with the following service:
```
OS::TripleO::Services::OVNDBs: deployment/ovn/ovn-dbs-cluster-ansible.yaml
```
Save the file.

Next steps

The updated configuration is applied when you run the openstack overcloud upgrade prepare script, and then upgrade the overcloud. For more information about the upgrade preparation, see Performing the overcloud adoption and preparation. For more information about the overcloud upgrade, see Upgrading RHOSP on all nodes in each stack.

Chapter 4. Repositories
Copy link

This section contains the repositories for the undercloud and overcloud. Refer to this section when you need to enable repositories in certain situations:

Enabling repositories when registering to the Red Hat Customer Portal.
Enabling and synchronizing repositories to your Red Hat Satellite Server.
Enabling repositories when registering to your Red Hat Satellite Server.

4.1. Repository adjustments
Copy link

You must adjust which repositories you enabled based on the current phase of the Red Hat Enterprise Linux Life Cycle. You should select Enhanced Extended Update Service (EEUS) if it is available in your entitlements to minimize the need for future adjustments. If you do not have the EEUS repositories, then select the Extended Update Support (EUS) repositories. If your entitlements do not currently provide the right repositories, contact Red Hat support.

Depending on your Red Hat OpenStack Platform subscription entitlements, you have one of the following repository types:

RHEL 8 or Multi-RHEL environments:
- Telecommunications Update Service (TUS)
  - rhel-8-for-x86_64-baseos-tus-rpms
  - rhel-8-for-x86_64-appstream-tus-rpms
  - rhel-8-for-x86_64-highavailability-tus-rpms
- Advanced Update Stream (AUS)
  - rhel-8-for-x86_64-baseos-aus-rpms
  - rhel-8-for-x86_64-appstream-aus-rpms
  - rhel-8-for-x86_64-highavailability-aus-rpms
RHEL 9 environments:
- Extended Update Support (EUS)
  - rhel-9-for-x86_64-baseos-eus-rpms
  - rhel-9-for-x86_64-appstream-eus-rpms
  - rhel-9-for-x86_64-highavailability-eus-rpms
- Enhanced Extended Update Service (EEUS)
  - rhel-9-for-x86_64-baseos-e4s-rpms
  - rhel-9-for-x86_64-appstream-e4s-rpms
  - rhel-9-for-x86_64-highavailability-e4s-rpms
- Advanced Update Stream (AUS)
  - rhel-9-for-x86_64-baseos-aus-rpms
  - rhel-9-for-x86_64-appstream-aus-rpms
  - rhel-9-for-x86_64-highavailability-aus-rpms

To learn more about the repositories that are included with your subscription entitlement, see Red Hat Enterprise Linux Life Cycle.

4.2. Undercloud repositories
Copy link

You run Red Hat OpenStack Platform (RHOSP) 17.1 on Red Hat Enterprise Linux (RHEL) 9.2. RHEL 8.4 Compute nodes are also supported in a Multi-RHEL environment when upgrading from RHOSP 16.2.

Note

If you synchronize repositories with Red Hat Satellite, you can enable specific versions of the Red Hat Enterprise Linux repositories. However, the repository remains the same despite the version you choose. For example, you can enable the 9.2 version of the BaseOS repository, but the repository name is still rhel-9-for-x86_64-baseos-e4s-rpms despite the specific version you choose.

Warning

Any repositories except the ones specified here are not supported. Unless recommended, do not enable any other products or repositories except the ones listed in the following tables or else you might encounter package dependency issues. Do not enable Extra Packages for Enterprise Linux (EPEL).

Core repositories

The following table lists core repositories for installing the undercloud.

Expand

Name	Repository	Description of requirement
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) Enhanced Extended Update Service (EEUS)	`rhel-9-for-x86_64-baseos-e4s-rpms`	Base operating system repository for x86_64 systems.
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)	`rhel-9-for-x86_64-appstream-e4s-rpms`	Contains Red Hat OpenStack Platform dependencies.
Red Hat Enterprise Linux 9 for x86_64 - High Availability (RPMs) Enhanced Extended Update Service (EEUS)	`rhel-9-for-x86_64-highavailability-e4s-rpms`	High availability tools for Red Hat Enterprise Linux. Used for Controller node high availability.
Red Hat OpenStack Platform for RHEL 9 (RPMs)	`openstack-17.1-for-rhel-9-x86_64-rpms`	Core Red Hat OpenStack Platform repository, which contains packages for Red Hat OpenStack Platform director.
Red Hat Fast Datapath for RHEL 9 (RPMS)	`fast-datapath-for-rhel-9-x86_64-rpms`	Provides Open vSwitch (OVS) packages for OpenStack Platform.
Red Hat Enterprise Linux 8.4 for x86_64 - BaseOS (RPMs) Advanced Update Stream (AUS)	`rhel-8-for-x86_64-baseos-aus-rpms`	Base operating system repository for x86_64 systems.
Red Hat Enterprise Linux 8.4 for x86_64 - AppStream (RPMs)	`rhel-8-for-x86_64-appstream-aus-rpms`	Contains Red Hat OpenStack Platform dependencies.
Red Hat OpenStack Platform for RHEL 8 x86_64 (RPMs)	`openstack-17.1-for-rhel-8-x86_64-rpms`	Core Red Hat OpenStack Platform repository.

4.3. Overcloud repositories
Copy link

You run Red Hat OpenStack Platform (RHOSP) 17.1 on Red Hat Enterprise Linux (RHEL) 9.2. RHEL 8.4 Compute nodes are also supported in a Multi-RHEL environment when upgrading from RHOSP 16.2.

Note

If you synchronize repositories with Red Hat Satellite, you can enable specific versions of the Red Hat Enterprise Linux repositories. However, the repository remains the same despite the version you choose. For example, you can enable the 9.2 version of the BaseOS repository, but the repository name is still rhel-9-for-x86_64-baseos-e4s-rpms despite the specific version you choose.

Warning

Any repositories except the ones specified here are not supported. Unless recommended, do not enable any other products or repositories except the ones listed in the following tables or else you might encounter package dependency issues. Do not enable Extra Packages for Enterprise Linux (EPEL).

Controller node repositories

The following table lists core repositories for Controller nodes in the overcloud.

Expand

Name	Repository	Description of requirement
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) Enhanced Extended Update Service (EEUS)	`rhel-9-for-x86_64-baseos-e4s-rpms`	Base operating system repository for x86_64 systems.
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)	`rhel-9-for-x86_64-appstream-e4s-rpms`	Contains Red Hat OpenStack Platform dependencies.
Red Hat Enterprise Linux 9 for x86_64 - High Availability (RPMs) Enhanced Extended Update Service (EEUS)	`rhel-9-for-x86_64-highavailability-e4s-rpms`	High availability tools for Red Hat Enterprise Linux.
Red Hat OpenStack Platform for RHEL 9 x86_64 (RPMs)	`openstack-17.1-for-rhel-9-x86_64-rpms`	Core Red Hat OpenStack Platform repository.
Red Hat Fast Datapath for RHEL 9 (RPMS)	`fast-datapath-for-rhel-9-x86_64-rpms`	Provides Open vSwitch (OVS) packages for OpenStack Platform.
Red Hat Ceph Storage Tools 6 for RHEL 9 x86_64 (RPMs)	`rhceph-6-tools-for-rhel-9-x86_64-rpms`	Tools for Red Hat Ceph Storage 6 for Red Hat Enterprise Linux 9.
Red Hat Enterprise Linux 8.4 for x86_64 - BaseOS (RPMs) Advanced Update Stream (AUS)	`rhel-8-for-x86_64-baseos-aus-rpms`	Base operating system repository for x86_64 systems.
Red Hat Enterprise Linux 8.4 for x86_64 - AppStream (RPMs)	`rhel-8-for-x86_64-appstream-aus-rpms`	Contains Red Hat OpenStack Platform dependencies.
Red Hat Enterprise Linux 8 for x86_64 - High Availability (RPMs) Telecommunications Update Service (TUS)	`rhel-8-for-x86_64-highavailability-tus-rpms`	High availability tools for Red Hat Enterprise Linux.
Red Hat OpenStack Platform for RHEL 8 x86_64 (RPMs)	`openstack-17.1-for-rhel-8-x86_64-rpms`	Core Red Hat OpenStack Platform repository.

Compute and ComputeHCI node repositories

The following table lists core repositories for Compute and ComputeHCI nodes in the overcloud.

Expand

Name	Repository	Description of requirement
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) Enhanced Extended Update Service (EEUS)	`rhel-9-for-x86_64-baseos-e4s-rpms`	Base operating system repository for x86_64 systems.
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)	`rhel-9-for-x86_64-appstream-e4s-rpms`	Contains Red Hat OpenStack Platform dependencies.
Red Hat Enterprise Linux 9 for x86_64 - High Availability (RPMs) Enhanced Extended Update Service (EEUS)	`rhel-9-for-x86_64-highavailability-e4s-rpms`	High availability tools for Red Hat Enterprise Linux.
Red Hat OpenStack Platform for RHEL 9 x86_64 (RPMs)	`openstack-17.1-for-rhel-9-x86_64-rpms`	Core Red Hat OpenStack Platform repository.
Red Hat Fast Datapath for RHEL 9 (RPMS)	`fast-datapath-for-rhel-9-x86_64-rpms`	Provides Open vSwitch (OVS) packages for OpenStack Platform.
Red Hat Ceph Storage Tools 6 for RHEL 9 x86_64 (RPMs)	`rhceph-6-tools-for-rhel-9-x86_64-rpms`	Tools for Red Hat Ceph Storage 6 for Red Hat Enterprise Linux 9.
Red Hat Enterprise Linux 8.4 for x86_64 - BaseOS (RPMs) Advanced Update Stream (AUS)	`rhel-8-for-x86_64-baseos-aus-rpms`	Base operating system repository for x86_64 systems.
Red Hat Enterprise Linux 8.4 for x86_64 - AppStream (RPMs)	`rhel-8-for-x86_64-appstream-aus-rpms`	Contains Red Hat OpenStack Platform dependencies.
Red Hat OpenStack Platform for RHEL 8 x86_64 (RPMs)	`openstack-17.1-for-rhel-8-x86_64-rpms`	Core Red Hat OpenStack Platform repository.

Ceph Storage node repositories

The following table lists Ceph Storage related repositories for the overcloud.

Expand

Name	Repository	Description of requirement
Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)	`rhel-9-for-x86_64-baseos-rpms`	Base operating system repository for x86_64 systems.
Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)	`rhel-9-for-x86_64-appstream-rpms`	Contains Red Hat OpenStack Platform dependencies.
Red Hat OpenStack Platform Deployment Tools for RHEL 9 x86_64 (RPMs)	`openstack-17.1-deployment-tools-for-rhel-9-x86_64-rpms`	Packages to help director configure Ceph Storage nodes. This repository is included with standalone Ceph Storage subscriptions. If you use a combined OpenStack Platform and Ceph Storage subscription, use the `openstack-17.1-for-rhel-9-x86_64-rpms` repository.
Red Hat OpenStack Platform for RHEL 9 x86_64 (RPMs)	`openstack-17.1-for-rhel-9-x86_64-rpms`	Packages to help director configure Ceph Storage nodes. This repository is included with combined Red Hat OpenStack Platform and Red Hat Ceph Storage subscriptions. If you use a standalone Red Hat Ceph Storage subscription, use the `openstack-17.1-deployment-tools-for-rhel-9-x86_64-rpms` repository.
Red Hat Ceph Storage Tools 6 for RHEL 9 x86_64 (RPMs)	`rhceph-6-tools-for-rhel-9-x86_64-rpms`	Provides tools for nodes to communicate with the Ceph Storage cluster.
Red Hat Fast Datapath for RHEL 9 (RPMS)	`fast-datapath-for-rhel-9-x86_64-rpms`	Provides Open vSwitch (OVS) packages for OpenStack Platform. If you are using OVS on Ceph Storage nodes, add this repository to the network interface configuration (NIC) templates.

4.4. Red Hat Satellite Server 6 considerations
Copy link

If you use Red Hat Satellite Server 6 to host RPMs and container images for your Red Hat OpenStack Platform (RHOSP) environment and you plan to use Satellite 6 to deliver content during the RHOSP 17.1 upgrade, the following must be true:

Your Satellite Server hosts RHOSP 16.2 RPMs and container images.
Note
If the Red Hat Ceph Storage container image is hosted on a Satellite Server, then you must download a copy of the image to the undercloud before starting the Red Hat Ceph Storage upgrade. To copy this image, see Downloading Red Hat Ceph Storage containers to the undercloud from Satellite.
You have registered all nodes in your RHOSP 16.2 environment to your Satellite Server.
For example, you used an activation key linked to a RHOSP 16.2 content view to register nodes to RHOSP 16.2 content.

Note

If you are using an isolated environment where the undercloud does not have access to the internet, a known issue causes an upgrade from Red Hat OpenStack Platform 16.2 to 17.1 to fail. For a workaround, see the known issue for BZ2259891 in Known issues that might block an upgrade.

Recommendations for RHOSP upgrades

Enable and synchronize the necessary RPM repositories for both the RHOSP 16.2 undercloud and overcloud. This includes the necessary Red Hat Enterprise Linux (RHEL) 9.2 repositories.
Create custom products on your Satellite Server to host container images for RHOSP 17.1.
Create and promote a content view for RHOSP 17.1 upgrade and include the following content in the content view:
- RHEL 8 repositories:
  - Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
    
    rhel-8-for-x86_64-appstream-aus-rpms
  - Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
    
    rhel-8-for-x86_64-baseos-aus-rpms
  - Red Hat Enterprise Linux 8 for x86_64 - High Availability (RPMs)
    
    rhel-8-for-x86_64-highavailability-aus-rpms
  - Red Hat Fast Datapath for RHEL 8 (RPMs)
    
    fast-datapath-for-rhel-8-x86_64-rpms
- RHEL 9 repositories:
  - Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
    
    rhel-9-for-x86_64-appstream-e4s-rpms
  - Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)
    
    rhel-9-for-x86_64-baseos-e4s-rpms
  - Red Hat Satellite Client 6 for RHEL 9 x86_64 (RPMs)
    
    satellite-client-6-for-rhel-9-x86_64-rpms
- All undercloud and overcloud RPM repositories, including RHEL 9.2 repositories. To avoid issues enabling the RHEL repositories, ensure that you include the correct version of the RHEL repositories, which is 9.2.
- RHOSP 17.1 container images.
Associate an activation key with the RHOSP 17.1 content view that you have created for the RHOSP 17.1 upgrade.
Check that no node has the katello-host-tools-fact-plugin package installed. The Leapp upgrade does not upgrade this package. Leaving this package on a RHEL 9.2 system causes subscription-manager to report errors.
You can configure Satellite Server to host RHOSP 17.1 container images. To upgrade from RHOSP 16.2 to 17.1, you need the following container images:
- Container images that are hosted on the rhosp-rhel8 namespace:
  - rhosp-rhel8/openstack-collectd
  - rhosp-rhel8/openstack-nova-libvirt
- Container images that are hosted on the rhosp-rhel9 namespace. For information about configuring the rhosp-rhel9 namespace container images, see Preparing a Satellite server for container images in Customizing your Red Hat OpenStack Platform deployment.
If you use a Red Hat Ceph Storage subscription and have configured director to use the overcloud-minimal image for Red Hat Ceph Storage nodes, on your Satellite Server you must create a content view and add the following RHEL 9.2 repositories to it:
- Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
  rhel-9-for-x86_64-appstream-e4s-rpms
- Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)
  rhel-9-for-x86_64-baseos-e4s-rpms
  For more information, see Importing Content and Managing Content Views in the Red Hat Satellite Managing Content guide.

Chapter 5. Upgrading the undercloud
Copy link

Upgrade the undercloud to Red Hat OpenStack Platform 17.1. The undercloud upgrade uses the running Red Hat OpenStack Platform 16.2 undercloud. The upgrade process exports heat stacks to files, and converts heat to ephemeral heat while upgrading the rest of the services on your nodes.

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

5.1. Enabling repositories for the undercloud
Copy link

Enable the repositories that are required for the undercloud, and update the system packages to the latest versions.

Procedure

Log in to your undercloud as the stack user.

Disable all default repositories, and enable the required Red Hat Enterprise Linux (RHEL) repositories:

[stack@director ~]$ sudo subscription-manager repos --disable=*
[stack@director ~]$ sudo subscription-manager repos \
--enable=rhel-8-for-x86_64-baseos-aus-rpms \
--enable=rhel-8-for-x86_64-appstream-aus-rpms \
--enable=rhel-8-for-x86_64-highavailability-aus-rpms \
--enable=openstack-17.1-for-rhel-8-x86_64-rpms \
--enable=fast-datapath-for-rhel-8-x86_64-rpms

Switch the container-tools module version to RHEL 8 on all nodes:

[stack@director ~]$ sudo dnf -y module switch-to container-tools:rhel8

Install the command line tools for director installation and configuration:
```
[stack@director ~]$ sudo dnf install -y python3-tripleoclient
```

5.2. Validating RHOSP before the upgrade
Copy link

Before you upgrade to Red Hat OpenStack Platform (RHOSP) 17.1, validate your undercloud and overcloud with the tripleo-validations playbooks. In RHOSP 16.2, you run these playbooks through the OpenStack Workflow Service (mistral).

For more information about the validation framework, see Using the validation framework in Customizing your Red Hat OpenStack Platform deployment.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```

Confirm that you can ping the overcloud nodes:

$ tripleo-ansible-inventory --static-yaml-inventory ~/inventory.yaml --stack <stack> --ansible_ssh_user heat-admin
$ ansible -i ~/inventory.yaml all -m ping

Replace <stack> with the name of the stack.

Adjust the permissions of the /var/lib/mistral/.ssh directory:
```
$ sudo chmod +x /var/lib/mistral/.ssh/
```

Install the packages for validation:

$ sudo dnf -y update openstack-tripleo-validations python3-validations-libs validations-common

Copy the inventory from mistral:

$ sudo chown stack:stack /var/lib/mistral/.ssh/tripleo-admin-rsa
$ sudo cat /var/lib/mistral/<stack>/tripleo-ansible-inventory.yaml > inventory.yaml

Run the validation:

$ validation run -i inventory.yaml --group pre-upgrade

Review the script output to determine which validations succeed and fail:

=== Running validation: "check-ftype" ===

Success! The validation passed for all hosts:
* undercloud

Remove the inventory.yaml file:
```
$ rm inventory.yaml
```

5.3. Preparing container images
Copy link

The undercloud installation requires an environment file to determine where to obtain container images and how to store them. Generate and customize the environment file that you can use to prepare your container images.

Note

If you need to configure specific container image versions for your undercloud, you must pin the images to a specific version. For more information, see Pinning container images for the undercloud.

Procedure

Log in to the undercloud host as the stack user.

Optional: Back up the 16.2 containers-prepare-parameter.yaml file:

$ cp containers-prepare-parameter.yaml \
  containers-prepare-parameter.yaml.orig

Generate the default container image preparation file:
```
$ openstack tripleo container image prepare default \
  --local-push-destination \
  --output-env-file containers-prepare-parameter.yaml
```
This command includes the following additional options:
- --local-push-destination sets the registry on the undercloud as the location for container images. This means that director pulls the necessary images from the Red Hat Container Catalog and pushes them to the registry on the undercloud. Director uses this registry as the container image source. To pull directly from the Red Hat Container Catalog, omit this option.
- --output-env-file is an environment file name. The contents of this file include the parameters for preparing your container images. In this case, the name of the file is containers-prepare-parameter.yaml.
  Note
  You can use the same containers-prepare-parameter.yaml file to define a container image source for both the undercloud and the overcloud.
Modify the containers-prepare-parameter.yaml to suit your requirements. For more information about container image parameters, see Container image preparation parameters.
If your deployment includes Red Hat Ceph Storage, update the Red Hat Ceph Storage container image parameters in the containers-prepare-parameter.yaml file for the version of Red Hat Ceph Storage that your deployment uses:
```
ceph_namespace: registry.redhat.io/rhceph
ceph_image: <ceph_image_file>
ceph_tag: latest
ceph_grafana_image: <grafana_image_file>
ceph_grafana_namespace: registry.redhat.io/rhceph
ceph_grafana_tag: latest
```
- Replace <ceph_image_file> with the name of the image file for the version of Red Hat Ceph Storage that your deployment uses:
  - If you use director-deployed Red Hat Ceph Storage, replace <ceph_image_file> with rhceph-5-rhel8.
  - If you use external Red Hat Ceph Storage, replace <ceph_image_file> with the same Ceph image that your Red Hat Ceph Storage environment uses. For example, for a Red Hat Ceph Storage 6 image, use rhceph-6-rhel9.
- Replace <grafana_image_file> with the name of the image file for the version of Red Hat Ceph Storage that your deployment uses:
  - If you use director-deployed Red Hat Ceph Storage, replace <grafana_image_file> with rhceph-5-dashboard-rhel8.
  - If you use external Red Hat Ceph Storage, replace <grafana_image_file> with the same Ceph image that your Red Hat Ceph Storage environment uses. For example, for a Red Hat Ceph Storage 6 image, use rhceph-6-dashboard-rhel9.

5.4. Guidelines for container image tagging
Copy link

When you prepare image containers in your containers-prepare-parameter.yaml file, you use parameters to determine which container image director pulls when updating your environment, as described in Container image preparation parameters. The Red Hat Container Registry uses a specific version format to tag all Red Hat OpenStack Platform container images. This format follows the label metadata for each container, which is version-release:

version: Corresponds to a major and minor version of RHOSP. These versions act as streams that contain one or more releases.
release: Corresponds to a release of a specific container image version within a version stream.

For example, if the latest version of RHOSP is 17.1.0 and the release for the container image is 5.161, then the resulting tag for the container image is 17.1.0-5.161.

Major and minor `version` tags

The Red Hat Container Registry also uses a set of major and minor version tags that link to the latest release for that container image version. For example, both 17.1 and 17.1.0 link to the latest release in the 17.1.0 container stream. If a new minor release of 17.1 occurs, the 17.1 tag links to the latest release for the new minor release stream while the 17.1.0 tag continues to link to the latest release in the 17.1.0 stream.

Setting the `tag` and `tag_from_label` parameters

In your containers-prepare-parameter.yaml file, the ContainerImagePrepare parameter contains tag and tag_from_label sub-parameters. You can use tag or tag_from_label to determine which container image to download:

tag: director uses tag to pull an image only based on major or minor version tags, which the Red Hat Container Registry links to the latest image release within a version stream.
tag_from_label: director uses tag_from_label to perform a metadata inspection of each container image and generates a tag to pull the corresponding image.

The tag parameter always takes precedence over the tag_from_label parameter. To use tag_from_label, omit the tag parameter from your container preparation configuration.

Setting the `tag` parameter

The default value for tag is the major version for your RHOSP version, for example 17.1. This value always corresponds to the latest minor version and release.

parameter_defaults:
  ContainerImagePrepare:
  - set:
      ...
      tag: 17.1
      ...

To change to a specific minor version for RHOSP container images, set the tag to a minor version. For example, to change to 17.1.2, set tag to 17.1.2.

parameter_defaults:
  ContainerImagePrepare:
  - set:
      ...
      tag: 17.1.2
      ...

When you set tag, director always downloads the latest container image release for the version set in tag during installation and updates, including stack updates. For more information about keeping your container versions synced to the latest release, see the Red Hat Knowledgebase solutions Do not use common 17.1 tag for containers-prepare-parameter.yaml when using CDN and Minor update to sync z-release in Openstack 17.1.

Note

If you are doing a stack update, you might not want the latest container image but the container image that matches your environment. In this case, omit the tag parameter from your container preparation configuration and specify tag_from_label only. The tag_from_label parameter uses the installed RHOSP version to determine the value for the tag to use as part of the update process.

Setting the `tag_from_label` parameter

If you do not set tag, director uses the value of tag_from_label in conjunction with the latest major version.

parameter_defaults:
  ContainerImagePrepare:
  - set:
      ...
      # tag: 17.1
      ...
    tag_from_label: '{version}-{release}'

The tag_from_label parameter generates the tag from the label metadata of the latest container image release it inspects from the Red Hat Container Registry. For example, the labels for a certain container might use the following version and release metadata:

  "Labels": {
    "release": "5.161",
    "version": "17.1.0",
    ...
  }

The default value for tag_from_label is {version}-{release}, which corresponds to the version and release metadata labels for each container image. For example, if a container image has 17.1.0 set for version and 5.161 set for release, the resulting tag for the container image is 17.1.0-5.161.

5.5. Obtaining container images from private registries
Copy link

The registry.redhat.io registry requires authentication to access and pull images. To authenticate with registry.redhat.io and other private registries, include the ContainerImageRegistryCredentials and ContainerImageRegistryLogin parameters in your containers-prepare-parameter.yaml file.

ContainerImageRegistryCredentials

Some container image registries require authentication to access images. In this situation, use the ContainerImageRegistryCredentials parameter in your containers-prepare-parameter.yaml environment file. The ContainerImageRegistryCredentials parameter uses a set of keys based on the private registry URL. Each private registry URL uses its own key and value pair to define the username (key) and password (value). This provides a method to specify credentials for multiple private registries.

parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      namespace: registry.redhat.io/...
      ...
  ContainerImageRegistryCredentials:
    registry.redhat.io:
      my_username: my_password

In the example, replace my_username and my_password with your authentication credentials. Instead of using your individual user credentials, Red Hat recommends creating a registry service account and using those credentials to access registry.redhat.io content.

To specify authentication details for multiple registries, set multiple key-pair values for each registry in ContainerImageRegistryCredentials:

parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      namespace: registry.redhat.io/...
      ...
  - push_destination: true
    set:
      namespace: registry.internalsite.com/...
      ...
  ...
  ContainerImageRegistryCredentials:
    registry.redhat.io:
      myuser: 'p@55w0rd!'
    registry.internalsite.com:
      myuser2: '0th3rp@55w0rd!'
    '192.0.2.1:8787':
      myuser3: '@n0th3rp@55w0rd!'

Important

The default ContainerImagePrepare parameter pulls container images from registry.redhat.io, which requires authentication.

For more information, see Red Hat Container Registry Authentication.

ContainerImageRegistryLogin

The ContainerImageRegistryLogin parameter is used to control whether an overcloud node system needs to log in to the remote registry to fetch the container images. This situation occurs when you want the overcloud nodes to pull images directly, rather than use the undercloud to host images.

You must set ContainerImageRegistryLogin to true if push_destination is set to false or not used for a given strategy.

parameter_defaults:
  ContainerImagePrepare:
  - push_destination: false
    set:
      namespace: registry.redhat.io/...
      ...
  ...
  ContainerImageRegistryCredentials:
    registry.redhat.io:
      myuser: 'p@55w0rd!'
  ContainerImageRegistryLogin: true

However, if the overcloud nodes do not have network connectivity to the registry hosts defined in ContainerImageRegistryCredentials and you set ContainerImageRegistryLogin to true, the deployment might fail when trying to perform a login. If the overcloud nodes do not have network connectivity to the registry hosts defined in the ContainerImageRegistryCredentials, set push_destination to true and ContainerImageRegistryLogin to false so that the overcloud nodes pull images from the undercloud.

parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      namespace: registry.redhat.io/...
      ...
  ...
  ContainerImageRegistryCredentials:
    registry.redhat.io:
      myuser: 'p@55w0rd!'
  ContainerImageRegistryLogin: false

5.6. Updating the undercloud.conf file
Copy link

You can continue using the original undercloud.conf file from your Red Hat OpenStack Platform 16.2 environment, but you must modify the file to retain compatibility with Red Hat OpenStack Platform 17.1. For more information about parameters for configuring the undercloud.conf file, see Undercloud configuration parameters in Installing and managing Red Hat OpenStack Platform with director.

Note

If your original undercloud.conf file includes the CertmongerKerberosRealm parameter in the /home/stack/custom-kerberos-params.yaml file, you must replace the CertmongerKerberosRealm parameter with the HAProxyCertificatePrincipal parameter. The CertmongerKerberosRealm parameter causes the undercloud upgrade to fail.

Procedure

Log in to your undercloud host as the stack user.
Create a file called skip_rhel_release.yaml and set the SkipRhelEnforcement parameter to true:
```
parameter_defaults:
  SkipRhelEnforcement: true
```
Open the undercloud.conf file, and add the container_images_file parameter to the DEFAULT section in the file:
```
container_images_file = /home/stack/containers-prepare-parameter.yaml
```
- The container_images_file parameter defines the location of the containers-prepare-parameter.yaml environment file so that director pulls container images for the undercloud from the correct location.
Add the custom_env_files parameter to the DEFAULT section in the undercloud.conf file. The custom_env_files parameter defines the location of the skip_rhel_release.yaml file that is required for the upgrade:
```
custom_env_files = /home/stack/skip_rhel_release.yaml
```
- Add any additional custom environment files to the custom_env_files parameter, separated by a comma. Ensure that any existing files in the parameter are included in the list. For example:
  custom_env_files = /home/stack/custom-undercloud-params.yaml,/home/stack/skip_rhel_release.yaml
Check all other parameters in the file for any changes.
Save the file.

5.7. Running the director upgrade
Copy link

Upgrade director on the undercloud.

Prerequisites

Check the configuration of your deployment files for any issues. For more information, see Deployment file configuration.
If your network configuration templates include certain functions, ensure that you manually convert your NIC templates to Jinja2 Ansible format. For a list of those functions and a link to the manual procedure, see Network configuration file conversion.

Procedure

Confirm that the tripleo_mysql.service is running:

$ systemctl status tripleo_mysql

Sample output

The command shows the following output if the service is not running:

tripleo_mysql.service - mysql container
   Loaded: loaded (/etc/systemd/system/tripleo_mysql.service; enabled; vendor preset: disabled)
   Active: inactive (dead)

If the service is not running, start the service:
```
$ sudo systemctl start tripleo_mysql
```
Launch the director configuration script to upgrade director:
```
$ openstack undercloud upgrade
```
The director configuration script upgrades director packages and configures director services to match the settings in the undercloud.conf file. This script takes several minutes to complete.
Note
The director configuration script prompts for confirmation before proceeding. Bypass this confirmation by using the -y option:
$ openstack undercloud upgrade -y

Next steps

Check that the container version is 17.1 and that the adoption files were generated for all of your stacks. For more information, see the Post-Upgrade Checks section in the Red Hat Knowledgebase article Undercloud Upgrade Checks.

Chapter 6. Upgrading with external Ceph deployments
Copy link

If your Red Hat OpenStack Platform (RHOSP) deployment uses an externally deployed Red Hat Ceph Storage cluster, you might need to upgrade your Red Hat Ceph Storage cluster before continuing with your RHOSP upgrade.

If your Red Hat Ceph Storage cluster is currently on Release 4, perform the following tasks:

Upgrade the Red Hat Ceph Storage cluster from Release 4 to Release 5.
Upgrade your RHOSP deployment from Release 16.2 to Release 17.1.
Upgrade the Red Hat Ceph Storage cluster from Release 5 to Release 6.

If your Red Hat Ceph Storage cluster is currently on Release 5, perform the following tasks:

Upgrade your RHOSP deployment from Release 16.2 to Release 17.1.
Upgrade the Red Hat Ceph Storage cluster from Release 5 to Release 6.

For more information about upgrading your Red Hat Ceph Storage cluster, see the following guides:

After you upgrade your Red Hat Ceph Storage cluster, you must migrate from the ceph-ansible ceph-client role to the tripleo-ansible tripleo_ceph_client role.

6.1. Updating Ceph Client configuration for RHOSP 17.1
Copy link

Before Red Hat OpenStack Platform (RHOSP) 17.1, for external Red Hat Ceph Storage environments, OpenStack Ceph Clients were configured by the ceph-ansible ceph-client role. In RHOSP 17.1, OpenStack Ceph Clients are configured by the tripleo-ansible tripleo_ceph_client role. Before you run the overcloud upgrade in Performing the overcloud adoption and preparation, you must replace the tripleo-heat-templates environment file that is used to configure the OpenStack services with an external Ceph cluster.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
If you included the environments/ceph-ansible/ceph-ansible-external.yaml file in the following commands, you must replace the file with the environments/external-ceph.yaml file.
- openstack overcloud upgrade prepare
- openstack overcloud deploy
  For example, replace
  $ openstack overcloud deploy ... -e environments/ceph-ansible/ceph-ansible-external.yaml ...
  with
  $ openstack overcloud deploy ... -e environments/external-ceph.yaml ...
Create a file called ceph_params.yaml and include the following content:
```
parameter_defaults:
  CephClusterFSID: <fsid>
  CephClientKey: <key>
  CephExternalMonHost: <mon ip addresses>
  CephSpecFqdn: <true/false>
  CephConfigPath: "/etc/ceph"
  DeployedCeph: false
  GrafanaPlugins: []
```
- Replace <fsid> with the UUID of your Red Hat Ceph Storage cluster.
- Replace <key> with your Ceph client key.
- Replace <mon ip addresses> with a list of your Ceph Mon Host IPs.
- Replace <true/false> with the value that applies to your environment.
  Note
  If your Red Hat Ceph Storage deployment includes short names, you must set the CephSpecFqdn parameter to false. If set to true, the inventory generates with both the short names and domain names, causing the Red Hat Ceph Storage upgrade to fail.
Include the ceph_params.yaml file in the overcloud deployment command:
```
$ openstack overcloud deploy \
...
-e ~/environments/ceph_params.yaml \
```
Important
Do not remove the ceph_params.yaml file after the RHOSP upgrade is complete. This file must be present in external Red Hat Ceph Storage environments. Additionally, any time you run openstack overcloud deploy, you must include the ceph_params.yaml file, for example, -e ceph_params.yaml.

Next steps

You include the ceph_params.yaml file in the overcloud upgrade preparation script that you create when you perform the overcloud adoption and preparation procedure. For more information, see Performing the overcloud adoption and preparation.

Chapter 7. Preparing for an overcloud upgrade
Copy link

You must complete some initial steps to prepare for the overcloud upgrade.

7.1. Preparing for overcloud service downtime
Copy link

The overcloud upgrade process disables the main control plane services at key points. You cannot use any overcloud services to create new resources when these key points are reached.

It is important to plan a maintenance window to ensure that no users can access the overcloud services during the upgrade.

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

7.2. Disabling fencing in the overcloud
Copy link

Before you upgrade the overcloud, ensure that fencing is disabled.

When you upgrade the overcloud, you upgrade each Controller node individually to retain high availability functionality. If fencing is deployed in your environment, the overcloud might detect certain nodes as disabled and attempt fencing operations, which can cause unintended results.

If you have enabled fencing in the overcloud, you must temporarily disable fencing for the duration of the upgrade to avoid any unintended results.

Note

When you complete the upgrade of your Red Hat OpenStack Platform environment, you must re-enable fencing in the overcloud. For more information about re-enabling fencing, see Re-enabling fencing in the overcloud.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
For each Controller node, log in to the Controller node and run the Pacemaker command to disable fencing:
```
$ ssh tripleo-admin@<controller_ip> "sudo pcs property set stonith-enabled=false"
```
- Replace <controller_ip> with the IP address of a Controller node. You can find the IP addresses of your Controller nodes at /etc/hosts or /var/lib/mistral.
If you use SBD fencing, disable SBD fencing on the pacemaker_remote nodes:
```
# pcs property set stonith-watchdog-timeout=0
```
Note
Ensure that you take note of the original value of the watchdog timer device interval. You must reset the watchdog timer device interval to its original value after you upgrade the control plane nodes. For more information, see Re-enabling fencing in the overcloud.
In the fencing.yaml environment file, set the EnableFencing parameter to false to ensure that fencing stays disabled during the upgrade process.

Additional Resources

Fencing Controller nodes with STONITH

7.3. Undercloud node database backup
Copy link

You can use the openstack undercloud backup --db-only command to create a standalone database backup that runs on the undercloud node. You can also use that backup to recover the state of the database in the event that it becomes corrupted. For more information about backing up the undercloud database, see Creating a standalone database backup of the undercloud nodes in Red Hat OpenStack Platform 17.1 Backing up and restoring the undercloud and control plane nodes.

7.4. Updating composable services in custom roles_data files
Copy link

This section contains information about new and deprecated composable services.

All nodes

The following services have been deprecated for all nodes. Remove them from all roles.

Expand

Service	Reason
`OS::TripleO::Services::CinderBackendDellEMCXTREMIOISCSI` `OS::TripleO::Services::CinderBackendDellPs` `OS::TripleO::Services::CinderBackendVRTSHyperScale`	Deprecated services.
`OS::TripleO::Services::Ec2Api`	Deprecated service.
`OS::TripleO::Services::Fluentd`	Deprecated in favour of `OS::TripleO::Services::Rsyslog`.
`OS::TripleO::Services::FluentdAlt`	Deprecated service.
`OS::TripleO::Services::Keepalived`	Deprecated service.
`OS::TripleO::Services::MistralApi` `OS::TripleO::Services::MistralEngine` `OS::TripleO::Services::MistralEventEngine` `OS::TripleO::Services::MistralExecutor`	Deprecated services.
`OS::TripleO::Services::NeutronLbaasv2Agent` `OS::TripleO::Services::NeutronLbaasv2Api`	OpenStack Networking (neutron) Load Balancing as a Service deprecated in favour of Octavia.
`OS::TripleO::Services::NeutronML2FujitsuCfab` `OS::TripleO::Services::NeutronML2FujitsuFossw`	Deprecated services.
`OS::TripleO::Services::NeutronSriovHostConfig`	Deprecated service.
`OS::TripleO::Services::NovaConsoleauth`	This service is removed.
`OS::TripleO::Services::Ntp`	Deprecated in favor of `OS::TripleO::Services::Timesync`.
`OS::TripleO::Services::OpenDaylightApi` `OS::TripleO::Services::OpenDaylightOvs`	OpenDaylight is no longer supported.
`OS::TripleO::Services::OpenShift::GlusterFS` `OS::TripleO::Services::OpenShift::Infra` `OS::TripleO::Services::OpenShift::Master` `OS::TripleO::Services::OpenShift::Worker`	Deprecated services.
`OS::TripleO::Services::PankoApi`	The OpenStack Telemetry services are deprecated in favor of Service Telemetry Framework (STF) for metrics and monitoring. The legacy telemetry services are only available in RHOSP 17.1 to help facilitate the transition to STF and will be removed in a future version of RHOSP.
`OS::TripleO::Services::Rear`	Deprecated service.
`OS::TripleO::Services::SaharaApi` `OS::TripleO::Services::SaharaEngine`	Deprecated services.
`OS::TripleO::Services::SensuClient` `OS::TripleO::Services::SensuClientAlt`	Deprecated services.
`OS::TripleO::Services::SkydiveAgent` `OS::TripleO::Services::SkydiveAnalyzer`	Skydive is no longer supported.
`OS::TripleO::Services::Tacker`	Tacker is no longer supported.
`OS::TripleO::Services::TripleoUI`	Deprecated service.
`OS::TripleO::Services::UndercloudMinionMessaging` `OS::TripleO::Services::UndercloudUpgradeEphemeralHeat`	Deprecated services.
`OS::TripleO::Services::Zaqar`	Deprecated service.

Controller nodes

The following services are new for Controller nodes. Add them to your Controller role.

Expand

Service	Reason
`OS::TripleO::Services::GlanceApiInternal`	Service for the internal instance of the Image service (glance) API to provide location data to administrators and services that require it, such as the Block Storage service (cinder) and the Compute service (nova).

Compute nodes

By default, 17.1 Compute nodes run the OS::TripleO::Services::NovaLibvirt service. However, if you perform the RHOSP upgrade with the Compute nodes running the OS::TripleO::Services::NovaLibvirt service, the virtual machine instances appear as shut off. To prevent this issue, all Compute nodes that are on RHEL 8.4 must run the OS::TripleO::Services::NovaLibvirtLegacy service, and the container image must be based on UBI-8.

After the RHOSP upgrade, if you want to upgrade your Compute nodes to RHEL 9.2, your Compute nodes must run the OS::TripleO::Services::NovaLibvirt service and the container image must be based on UBI-9, or your virtual machine instances appear as shut off.

For more information about upgrading the operating system on Compute nodes, see Upgrading all Compute nodes to RHEL 9.2 and Upgrading Compute nodes to a Multi-RHEL environment.

7.5. Deprecated and removed filters for the NovaSchedulerDefaultFilters parameter
Copy link

If your environment uses a custom NovaSchedulerDefaultFilters parameter, edit the parameter to remove the following deprecated and removed filters:

Expand

Filter	Status
`AggregateCoreFilter`	Deprecated
`AggregateRamFilter`	Deprecated
`AggregateDiskFilter`	Deprecated
`ExactCoreFilter`	Removed
`ExactRamFilter`	Removed
`ExactDiskFilter`	Removed
`CoreFilter`	Removed
`RamFilter`	Removed
`DiskFilter`	Removed
`RetryFilter`	Deprecated

Important

Avoid using filters marked Deprecated. Red Hat OpenStack Platform 17.1 still includes deprecated filters but future versions of Red Hat OpenStack Platform will not include these filters.

7.6. Checking custom Puppet parameters
Copy link

If you use the ExtraConfig interfaces for customizations of Puppet parameters, Puppet might report duplicate declaration errors during the upgrade. This is due to changes in the interfaces provided by the puppet modules themselves.

This procedure shows how to check for any custom ExtraConfig hieradata parameters in your environment files.

Note

If your environment uses LDAP backends, remove the following deprecated parameters from the keystone_domain_specific_ldap_backend.yaml environment file to prevent overcloud upgrade failure:

user_allow_create
user_allow_update
user_allow_delete
group_allow_create
group_allow_update
group_allow_delete

For more information about removing these parameters, see the Red Hat Knowledgebase solution Overcloud upgrade to RHOSP 17.1 failed due to Keystone error when deprecated ldap related options are present in templates.

Procedure

Select an environment file and the check if it has an ExtraConfig parameter:
```
$ grep ExtraConfig ~/templates/custom-config.yaml
```
If the results show an ExtraConfig parameter for any role (e.g. ControllerExtraConfig) in the chosen file, check the full parameter structure in that file.
If the parameter contains any puppet Hierdata with a SECTION/parameter syntax followed by a value, it might have been been replaced with a parameter with an actual Puppet class. For example:
```
parameter_defaults:
  ExtraConfig:
    neutron::config::dhcp_agent_config:
      'DEFAULT/dnsmasq_local_resolv':
        value: 'true'
```
Check the director’s Puppet modules to see if the parameter now exists within a Puppet class. For example:
```
$ grep dnsmasq_local_resolv
```
If so, change to the new interface.

The following are examples to demonstrate the change in syntax:

Example 1:

parameter_defaults:
  ExtraConfig:
    neutron::config::dhcp_agent_config:
      'DEFAULT/dnsmasq_local_resolv':
        value: 'true'

Changes to:

parameter_defaults:
  ExtraConfig:
    neutron::agents::dhcp::dnsmasq_local_resolv: true

Example 2:

parameter_defaults:
  ExtraConfig:
    ceilometer::config::ceilometer_config:
      'oslo_messaging_rabbit/rabbit_qos_prefetch_count':
        value: '32'

Changes to:

parameter_defaults:
  ExtraConfig:
    oslo::messaging::rabbit::rabbit_qos_prefetch_count: '32'

7.7. Firewall rule change
Copy link

In Red Hat OpenStack Platform (RHOSP) 17.1.4, iptables rules were replaced with nftables rules. If your RHOSP templates include firewall rules, for example, tripleo::tripleo_firewall::firewall_rules, you must redefine them by using the ExtraFirewallRules parameter. For more information about using the ExtraFirewallRules parameter, see Adding services to the overcloud firewall in Hardening Red Hat OpenStack Platform.

7.8. Final review before upgrade
Copy link

Complete a final check of all preparation steps before you begin the upgrade.

7.8.1. Checking for orphaned service records
Copy link

If orphaned service records exist in the database, the Compute service (nova) might not start after the upgrade process completes. Before you start the upgrade, check for the existence of orphaned service records and remove them.

Procedure

Perform a search for services:

openstack --os-compute-api-version 2.53 compute service list

Remove any service where the Host column points to non-existent hosts and where the Updated At column indicates that the service was not active during the use of the last major version you are about to upgrade from:
```
openstack --os-compute-api-version 2.53 compute service delete <service_uuid>
```
Replace <service_uuid> with the UUID of the service record.

7.8.2. Upgrade command overview
Copy link

The upgrade process involves different commands that you run at certain stages of the process.

Important

This section only contains information about each command. You must run these commands in a specific order and provide options specific to your overcloud. Wait until you receive instructions to run these commands at the appropriate step.

7.8.2.1. openstack overcloud upgrade prepare
Copy link

This command performs the initial preparation steps for the overcloud upgrade, which includes replacing the current overcloud plan on the undercloud with the new OpenStack Platform 17.1 overcloud plan and your updated environment files. This command functions similar to the openstack overcloud deploy command and uses many of the same options.

Before you run the openstack overcloud upgrade prepare command, you must perform the overcloud adoption. For more information about overcloud adoption, see Performing the overcloud adoption and preparation.

7.8.2.2. openstack overcloud upgrade run
Copy link

This command performs the upgrade process. Director creates a set of Ansible playbooks based on the new OpenStack Platform 17.1 overcloud plan and runs the fast forward tasks on the entire overcloud. This includes running the upgrade process through each OpenStack Platform version from 16.2 to 17.1.

In addition to the standard upgrade process, this command can perform a Leapp upgrade of the operating system on overcloud nodes. Run these tasks using the --tags option.

Upgrade task tags for Leapp

system_upgrade: Task that combines tasks from system_upgrade_prepare, system_upgrade_run, and system_upgrade_reboot.
system_upgrade_prepare: Tasks to prepare for the operating system upgrade with Leapp.
system_upgrade_run: Tasks to run Leapp and upgrade the operating system.
system_upgrade_reboot: Tasks to reboot a system and complete the operating system upgrade.

7.8.2.3. openstack overcloud external-upgrade run
Copy link

This command performs upgrade tasks outside the standard upgrade process. Director creates a set of Ansible playbooks based on the new OpenStack Platform 17.1 overcloud plan and you run specific tasks using the --tags option.

External task tags for container management

container_image_prepare: Tasks for pulling container images to the undercloud registry and preparing the images for the overcloud to use.

7.8.3. Upgrade Parameters
Copy link

You can modify the behavior of the upgrade process with upgrade parameters.

Expand

Parameter	Description
`UpgradeInitCommand`	Command or script snippet to run on all overcloud nodes to initialize the upgrade process. For example, a repository switch.
`UpgradeInitCommonCommand`	Common commands required by the upgrades process. This should not normally be modified by the operator and is set and unset in the major-upgrade-composable-steps.yaml and major-upgrade-converge.yaml environment files.
`UpgradeLeappCommandOptions`	Additional command line options to append to the Leapp command.
`UpgradeLeappDebug`	Print debugging output when running Leapp. The default value is `false`.
`UpgradeLeappDevelSkip`	Skip Leapp checks by setting env variables when running Leapp in development/testing. For example, LEAPP_DEVEL_SKIP_RHSM=1.
`UpgradeLeappEnabled`	Use Leapp for operating system upgrade. The default value is `false`.
`UpgradeLeappPostRebootDelay`	Maximum (seconds) to wait for machine to reboot and respond to a test command. The default value is `120`.
`UpgradeLeappRebootTimeout`	Timeout (seconds) for the OS upgrade phase via Leapp. The default value is `3600`.
`UpgradeLeappToInstall`	List of packages to install after Leapp upgrade.
`UpgradeLeappToRemove`	List of packages to remove during Leapp upgrade.

7.8.4. Custom files to include in your deployment
Copy link

If any overcloud nodes in your deployment are dedicated Object Storage (swift) nodes, you must copy the default roles_data.yaml file and edit ObjectStorage to remove deprecated_server_resource_name: 'SwiftStorage'. Then use the --roles-file option to pass the file to the openstack overcloud upgrade prepare command.

7.8.5. New environment files to include with your deployment
Copy link

In addition to your regular overcloud environment files, you must include new environment files to facilitate the upgrade to Red Hat OpenStack Platform (RHOSP) 17.1.

Expand

File	Notes
`/home/stack/templates/upgrades-environment.yaml`	This file contains the parameters specific to the upgrade. This file is necessary only for the duration of the upgrade.
`/home/stack/containers-prepare-parameter.yaml`	The file that contains the source and preparation steps. This is the same file that you use with the undercloud upgrade.
`/home/stack/templates/ceph.yaml`	This file contains the parameters that Ceph Storage is required to override.

Add these files to the end of your environment file listing when you run the following commands:

openstack overcloud upgrade prepare
openstack overcloud deploy

7.8.6. Environment files to remove from your deployment
Copy link

Remove any environment files specific to your OpenStack Platform Red Hat OpenStack Platform 16.2:

Red Hat OpenStack Platform 16.2 container image list
Red Hat OpenStack Platform 16.2 Customer Portal or Satellite rhel-registration scripts

Remove these files from the list of environment files you include when you run the following commands:

openstack overcloud upgrade prepare
openstack overcloud deploy

7.8.7. Upgrading IPA services
Copy link

If TLS everywhere is enabled in your environment, add an additional permission to the Nova Host Manager role to allow the creation of DNS zone entries.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Check whether the Nova Host Management permission is included in your environment:
```
$ ipa privilege-show "Nova Host Management"
```

If you do not have the Nova Host Management permission, add it:

$ kinit admin
$ ipa privilege-add-permission 'Nova Host Management' --permission 'System: Modify Realm Domains'

Create an environment file called ipa_environment.yaml and include the following configuration:

resource_registry:
  OS::TripleO::Services::IpaClient: /usr/share/openstack-tripleo-heat-templates/deployment/ipa/ipaservices-baremetal-ansible.yaml

parameter_defaults:
  IdMServer: $IPA_FQDN
  IdMDomain: $IPA_DOMAIN
  IdMInstallClientPackages: False

Save the environment file.

7.8.8. Upgrade checklist
Copy link

Use the following checklist to determine your readiness to upgrade the overcloud:

Expand

Item	Complete
Validated a working overcloud.	Y / N
Performed a Relax-and-Recover (ReaR) backup of the overcloud control plane. For more information, see Red Hat OpenStack Platform 16.2 Backing up and restoring the undercloud and control plane nodes.	Y / N
Created a backup of the database that runs on the undercloud node. For more information, see Creating a backup of the undercloud node in Red Hat OpenStack Platform 17.1 Backing up and restoring the undercloud and control plane nodes.	Y / N
Updated your registration details to Red Hat OpenStack Platform 17.1 repositories and converted your environment file to use the Ansible-based method.	Y / N
Updated your network configuration templates.	Y / N
Updated any local copies of your environment files to match the content in the Red Hat OpenStack Platform 17.1 environment files.	Y / N
Updated your environment file list with new environment files for Red Hat OpenStack Platform 17.1.	Y / N
Optional: If your deployment includes dedicated Object Storage (swift) nodes: Copied the `roles_data.yaml` file, removed `deprecated_server_resource_name: 'SwiftStorage'`, and passed the file to the `openstack overcloud upgrade prepare` command.	Y / N
Removed old environment files only relevant to Red Hat OpenStack Platform 16.2, such as old Red Hat registration and container image location files.	Y / N

Chapter 8. Overcloud adoption and preparation
Copy link

Perform the overcloud adoption and upgrade preparation on each stack in your environment. To perform the overcloud adoption and upgrade preparation in a DCN environment, see Overcloud adoption and preparation in a DCN environment.

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

8.1. Performing the overcloud adoption and preparation
Copy link

You must perform the following tasks for overcloud adoption:

On each stack, adopt the network and host provisioning configuration exports into the overcloud.
Define new containers and additional compatibility configuration.

After adoption, you must run the upgrade preparation script, which performs the following tasks:

Updates the overcloud plan to OpenStack Platform 17.1
Prepares the nodes for the upgrade

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

Note

If your roles include a large number of nodes, you can accelerate the RHOSP upgrade by splitting existing roles and dividing the nodes between the roles. For more information, see the Red Hat Knowledgebase solution How to split roles during upgrade from RHOSP 16.2 to RHOSP 17.1.

Prerequisites

Confirm that all bare-metal provisioned nodes are in the ACTIVE state. If any nodes remain in the MAINTENANCE state, you cannot proceed with the upgrade. For more information about setting the nodes to ACTIVE, see Setting bare-metal provisioned nodes to the active state.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Verify that the following files that were exported during the undercloud upgrade contain the expected configuration for the overcloud upgrade. You can find the following files in the ~/overcloud-deploy/$(<stack>) directory:
- tripleo-<stack>-passwords.yaml
- tripleo-<stack>-network-data.yaml
- tripleo-<stack>-virtual-ips.yaml
- <stack>-network-environment.yaml
- tripleo-<stack>-baremetal-deployment.yaml
  - Replace <stack> with the name of your stack.
  - Check that the mappings between the baremetal node UUIDs, hostnames, and IP addresses in the tripleo-<stack>-baremetal-deployment.yaml file match your current overcloud. Correct the mappings if required.
  - If the tripleo-<stack>-passwords.yaml file does not exist, review the resolution in the Red Hat Knowledgebase article Create a missing overcloud password file.
Warning
You must address the issues in Jinja2 comments, and then remove all Jinja2 comment blocks, from each nic-config template that is created by automated conversion tools such as convert_v1_net_data.py or convert_heat_nic_config_to_ansible_j2.py during the undercloud upgrade. If you do not remove these comment blocks, scaled-out nodes fail to provision, or you can lose control plane networking if network_config_update is set to true.
{{# NOTE! Custom parameter {} was hard-coded in ' 'the converted template. To parameterize use the ' '{{role.name}}ExtraGroupVars THT interface and update the ' 'template to use an ansible var. +#}}
On the main stack, copy the passwords.yaml file to the ~/overcloud-deploy/$(<stack>) directory. Repeat this step on each stack in your environment:
```
$ cp ~/overcloud-deploy/<stack>/tripleo-<stack>-passwords.yaml ~/overcloud-deploy/<stack>/<stack>-passwords.yaml
```
On the main stack, copy the network-data.yaml file to the stack user’s home directory and deploy the networks. Repeat this step on each stack in your environment:
```
$ cp ~/overcloud-deploy/<stack>/tripleo-<stack>-network-data.yaml ~/
$ openstack overcloud network provision --debug \
--output /home/stack/templates/generated-networks-deployed.yaml tripleo-<stack>-network-data.yaml
```
For more information, see Provisioning and deploying your overcloud in Installing and managing Red Hat OpenStack Platform with director.
If your environment has pre-provisioned nodes, complete the following steps:
1. Make a backup copy of the tripleo-<stack>-virtual-ips.yaml file in the stack user’s home directory:
  $ cp ~/overcloud-deploy/<stack>/tripleo-<stack>-virtual-ips.yaml ~/ ~/overcloud-deploy/<stack>/tripleo-<stack>-virtual-ips.yaml.orig
2. Include the following configuration at the end of the tripleo-<stack>-virtual-ips.yaml file:
  dns_name: overcloud ip_address: <ctrlplane_virtual_ip>
  1
  name: control_virtual_ip
  2
  network: ctlplane subnet: ctlplane-subnet
  1
  Replace <ctrlplane_virtual_ip> with the VIP of the control plane.
  2
  The default name of the VIP.

On the main stack, copy the virtual-ips.yaml file to the stack user’s home directory and provision the network VIPs. Repeat this step on each stack in your environment:

$ cp ~/overcloud-deploy/<stack>/tripleo-<stack>-virtual-ips.yaml ~/
$ openstack overcloud network vip provision --debug \
--stack <stack> --output \
/home/stack/templates/generated-vip-deployed.yaml tripleo-<stack>-virtual-ips.yaml

On the main stack, copy the network-environment.yaml file to the stack user’s home directory. Repeat this step on each stack in your environment:
```
$ cp ~/overcloud-deploy/<stack>/<stack>-network-environment.yaml ~/templates/<stack>-network-environment.yaml
```
Note
Ensure that the NetworkConfigTemplate parameters point to the generated .j2 files and that you delete the resource_registry mappings in the overcloud-network-environment.yaml file. For more information, see Manually converting NIC templates to Jinja2 Ansible format in Customizing your Red Hat OpenStack Platform deployment.
On the main stack, copy the baremetal-deployment.yaml file to the stack user’s home directory and provision the overcloud nodes. Repeat this step on each stack in your environment:
```
$ cp ~/overcloud-deploy/<stack>/tripleo-<stack>-baremetal-deployment.yaml ~/
$ openstack overcloud node provision --debug --stack <stack> \
--output /home/stack/templates/baremetal-deployment.yaml \
tripleo-<stack>-baremetal-deployment.yaml
```
Note
This is the final step of the overcloud adoption. If your overcloud adoption takes longer than 10 minutes to complete, contact Red Hat Support.
Complete the following steps to prepare the containers:
1. Back up the containers-prepare-parameter.yaml file that you used for the undercloud upgrade:
  $ cp containers-prepare-parameter.yaml \ containers-prepare-parameter.yaml.orig
2. Define the following environment variables before you run the script to update the containers-prepare-parameter.yaml file:
  - NAMESPACE: The namespace for the UBI9 images. For example, NAMESPACE='"namespace":"example.redhat.com:5002",'
  - EL8_NAMESPACE: The namespace for the UBI8 images.
  - NEUTRON_DRIVER: The driver to use and determine which OpenStack Networking (neutron) container to use. Set to the type of containers you used to deploy the original stack. For example, set to NEUTRON_DRIVER='"neutron_driver":"ovn",' to use OVN-based containers.
  - EL8_TAGS: The tags of the UBI8 images, for example, EL8_TAGS='"tag":"17.1",'.
    Replace "17.1", with the tag that you use in your content view.
  - EL9_TAGS: The tags of the UBI9 images, for example, EL9_TAGS='"tag":"17.1",'.
    Replace "17.1", with the tag that you use in your content view.
    For more information about the tag parameter, see Container image preparation parameters in Customizing your Red Hat OpenStack Platform deployment.
  - CONTROL_PLANE_ROLES: The list of control plane roles using the --role option, for example, --role ControllerOpenstack, --role Database, --role Messaging, --role Networker, --role CephStorage. To view the list of control plane roles in your environment, run the following command:
    
    $ export STACK=<stack> \ $ sudo awk '/tripleo_role_name/ {print "--role " $2}' \ /var/lib/mistral/${STACK}/tripleo-ansible-inventory.yaml \ | grep -vi compute
    
    Replace <stack> with the name of your stack.
  - COMPUTE_ROLES: The list of Compute roles using the --role option, for example, --Compute-1. To view the list of Compute roles in your environment, run the following command:
    
    $ sudo awk '/tripleo_role_name/ {print "--role " $2}' \ /var/lib/mistral/${STACK}/tripleo-ansible-inventory.yaml \ | grep -i compute
  - CEPH_OVERRIDE: If you deployed Red Hat Ceph Storage, specify the Red Hat Ceph Storage 5 container images. For example:
    CEPH_OVERRIDE='"ceph_image":"rhceph-5-rhel8","ceph_tag":"<latest>",'
    Replace <latest> with the latest ceph_tag version, for example, 5-499.
    The following is an example of the containers-prepare-parameter.yaml file configuration:
    
    NAMESPACE='"namespace":"registry.redhat.io/rhosp-rhel9",' EL8_NAMESPACE='"namespace":"registry.redhat.io/rhosp-rhel8",' NEUTRON_DRIVER='"neutron_driver":"ovn",' EL8_TAGS='"tag":"17.1",' EL9_TAGS='"tag":"17.1",' CONTROL_PLANE_ROLES="--role Controller" COMPUTE_ROLES="--role Compute1 --role Compute2" CEPH_TAGS='"ceph_tag":"5",'
3. Run the following script to to update the containers-prepare-parameter.yaml file:
  Warning
  If you deployed Red Hat Ceph Storage, ensure that the CEPH_OVERRIDE environment variable is set to the correct values before executing the following command. Failure to do so results in issues when upgrading Red Hat Ceph Storage.
  $ python3 /usr/share/openstack-tripleo-heat-templates/tools/multi-rhel-container-image-prepare.py \ ${COMPUTE_ROLES} \ ${CONTROL_PLANE_ROLES} \ --enable-multi-rhel \ --excludes collectd \ --excludes nova-libvirt \ --minor-override "{${EL8_TAGS}${EL8_NAMESPACE}${CEPH_OVERRIDE}${NEUTRON_DRIVER}\"no_tag\":\"not_used\"}" \ --major-override "{${EL9_TAGS}${NAMESPACE}${CEPH_OVERRIDE}${NEUTRON_DRIVER}\"no_tag\":\"not_used\"}" \ --output-env-file \ /home/stack/containers-prepare-parameter.yaml
  The multi-rhel-container-image-prepare.py script supports the following parameters:
  --output-env-file
  Writes the environment file that contains the default ContainerImagePrepare value.
  --local-push-destination
  Triggers an upload to a local registry.
  --enable-registry-login
  Enables the flag that allows the system to attempt to log in to a remote registry prior to pulling the containers. Use this flag when --local-push-destination is not used and the target systems have network connectivity to remote registries. Do not use this flag for an overcloud that might not have network connectivity to a remote registry.
  --enable-multi-rhel
  Enables multi-rhel.
  --excludes
  Lists the services to exclude.
  --major-override
  Lists the override parameters for a major release.
  --minor-override
  Lists the override parameters for a minor release.
  --role
  The list of roles.
  --role-file
  The role_data.yaml file.
4. If you deployed Red Hat Ceph Storage, open the containers-prepare-parameter.yaml file to confirm that the Red Hat Ceph Storage 5 container images are specified and that there are no references to Red Hat Ceph Storage 6 container images.
If you have a director-deployed Red Hat Ceph Storage deployment, create a file called ceph_params.yaml and include the following content:
```
parameter_defaults:
  CephSpecFqdn: true
  CephConfigPath: "/etc/ceph"
  CephAnsibleRepo: "rhceph-5-tools-for-rhel-8-x86_64-rpms"
  DeployedCeph: true
  GrafanaPlugins: []
```
Important
Do not remove the ceph_params.yaml file after the RHOSP upgrade is complete. This file must be present in director-deployed Red Hat Ceph Storage environments. Additionally, any time you run openstack overcloud deploy, you must include the ceph_params.yaml file, for example, -e ceph_params.yaml.
Note
If your Red Hat Ceph Storage deployment includes short names, you must set the CephSpecFqdn parameter to false. If set to true, the inventory generates with both the short names and domain names, causing the Red Hat Ceph Storage upgrade to fail.

Create an environment file called upgrades-environment.yaml in your templates directory and include the following content:

parameter_defaults:
  ExtraConfig:
    nova::workarounds::disable_compute_service_check_for_ffu: true
  DnsServers: ["<dns_servers>"]
  DockerInsecureRegistryAddress: [<undercloud_FQDN>]
  UpgradeInitCommand: |
    sudo subscription-manager repos --disable=*
      if $( grep -q  9.2  /etc/os-release )
      then
        sudo subscription-manager repos --enable=rhel-9-for-x86_64-baseos-e4s-rpms --enable=rhel-9-for-x86_64-appstream-e4s-rpms --enable=rhel-9-for-x86_64-highavailability-e4s-rpms --enable=openstack-17.1-for-rhel-9-x86_64-rpms --enable=fast-datapath-for-rhel-9-x86_64-rpms
        sudo podman ps | grep -q ceph && subscription-manager repos --enable=rhceph-5-tools-for-rhel-9-x86_64-rpms
        sudo subscription-manager release --set=9.2
      else
        sudo subscription-manager repos --enable=rhel-8-for-x86_64-baseos-aus-rpms --enable=rhel-8-for-x86_64-appstream-aus-rpms --enable=rhel-8-for-x86_64-highavailability-aus-rpms --enable=openstack-17.1-for-rhel-8-x86_64-rpms --enable=fast-datapath-for-rhel-8-x86_64-rpms
        sudo podman ps | grep -q ceph && subscription-manager repos --enable=rhceph-5-tools-for-rhel-8-x86_64-rpms
        sudo subscription-manager release --set=8.4
      fi

      if $(sudo podman ps | grep -q ceph )
      then
        sudo dnf -y install cephadm
      fi

Replace <dns_servers> with a comma-separated list of your DNS server IP addresses, for example, ["10.0.0.36", "10.0.0.37"].
Replace <undercloud_FQDN> with the fully qualified domain name (FQDN) of the undercloud host, for example, ["undercloud-0.ctlplane.redhat.local:8787"].
For more information about the upgrade parameters that you can configure in the environment file, see Upgrade parameters.

On the undercloud, create a file called overcloud_upgrade_prepare.sh in your templates directory. You must create this file for each stack in your environment. This file includes the original content of your overcloud deploy file and the environment files that are relevant to your environment. For example:
```
#!/bin/bash
openstack overcloud upgrade prepare --yes \
  --timeout 460 \
  --templates /usr/share/openstack-tripleo-heat-templates \
  --ntp-server 192.168.24.1 \
  --stack <stack> \
  -r /home/stack/roles_data.yaml \
  -e /home/stack/templates/internal.yaml \
  -e /home/stack/templates/network/network-environment.yaml \
  -e /home/stack/templates/inject-trust-anchor.yaml \
  -e /home/stack/templates/hostnames.yml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \
  -e /home/stack/templates/nodes_data.yaml \
  -e /home/stack/templates/debug.yaml \
  -e /home/stack/templates/firstboot.yaml \
  -e /home/stack/templates/upgrades-environment.yaml \
  -e /home/stack/overcloud-params.yaml \
  -e /home/stack/templates/overcloud-network-environment.yaml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/nova-hw-machine-type-upgrade.yaml \
  -e /home/stack/skip_rhel_release.yaml \
  -e ~/containers-prepare-parameter.yaml \
  -e /home/stack/templates/baremetal-deployment.yaml \
  -e /home/stack/templates/generated-networks-deployed.yaml \
  -e /home/stack/templates/generated-vip-deployed.yaml
```
1. In the original network-environment.yaml file (/home/stack/templates/network/network-environment.yaml), remove all the resource_registry resources that point to OS::TripleO::*::Net::SoftwareConfig.
2. In the overcloud_upgrade_prepare.sh file, include the following options relevant to your environment:
  - The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
  - The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
  - The environment file (skip_rhel_release.yaml) with the release parameters (-e).
  - Any custom configuration environment files (-e) relevant to your deployment.
  - If applicable, your custom roles (roles_data) file by using --roles-file.
  - For Ceph deployments, the environment file (ceph_params.yaml) with the Ceph parameters (-e).
  - If applicable, the environment file (ipa-environment.yaml) with your IPA service (-e).
  - If you are using composable networks, the (network_data) file by using --network-file.
  - The files that were generated during overcloud adoption (networks-deployed.yaml, vip-deployed.yaml,baremetal-deployment.yaml) (-e). These files must be placed last in the overcloud upgrade prepare script.
  - If you use OVS, add the OVS environment files in the following order:
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-sriov.yaml
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs-dpdk.yaml
  - If you use OVN, add the OVN environment files in the following order:
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-dpdk.yaml
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-sriov.yaml
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-ha.yaml
    Note
    Do not include the network-isolation.yaml file in your overcloud deploy file or the overcloud_upgrade_prepare.sh file. Network isolation is defined in the network_data.yaml file.
  - If you use a custom stack name, pass the name with the --stack option.
    Note
    You must include the nova-hw-machine-type-upgrade.yaml file in your templates until all of your RHEL 8 Compute nodes are upgraded to RHEL 9 in the environment. If this file is excluded, an error appears in the nova_compute.log in the /var/log/containers/nova directory. After you upgrade all of your RHEL 8 Compute nodes to RHEL 9, you can remove this file from your configuration and update the stack.
3. In the director-deployed Red Hat Ceph Storage use case, if you enabled the Shared File Systems service (manila) with CephFS through NFS on the deployment that you are upgrading, you must specify an additional environment file at the end of the overcloud_upgrade_prepare.sh script file. You must add the environment file at the end of the script because it overrides another environment file that is specified earlier in the script:
  -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/manila-cephfsganesha-config.yaml
4. In the external Red Hat Ceph Storage use case, if you enabled the Shared File Systems service (manila) with CephFS through NFS on the deployment that you are upgrading, you must check that the associated environment file in the overcloud_upgrade_prepare.sh script points to the tripleo-based ceph-nfs role. If present, remove the following environment file:
  -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/manila-cephfsganesha-config.yaml
  And add the following environment file:
  -e /usr/share/openstack-tripleo-heat-templates/environments/manila-cephfsganesha-config.yaml

Run the upgrade preparation script for each stack in your environment:

$ source stackrc
$ chmod 755 /home/stack/overcloud_upgrade_prepare.sh
$ sh /home/stack/overcloud_upgrade_prepare.sh

Wait until the upgrade preparation completes.

Download the container images:

$ openstack overcloud external-upgrade run --stack <stack> --tags container_image_prepare

8.2. Performing the overcloud adoption and preparation for multi-cell environments
Copy link

You must perform the following tasks for overcloud adoption:

On each stack, adopt the network and host provisioning configuration exports into the overcloud. The following example shows how to adopt the virtual-ips.yaml file to each cell stack, starting with the overcloud stack:

Overcloud stack:

$ cp ~/overcloud-deploy/<overcloud>/tripleo-<overcloud>-virtual-ips.yaml ~/ \
$ cd ~/ \
$ openstack overcloud network vip provision \
--debug --stack <overcloud> \
--output /home/stack/templates/generated-<overcloud-stack>-vip-deployed.yaml \ tripleo-<overcloud-stack>-virtual-ips.yaml

Cell stack 1:

$ cp ~/overcloud-deploy/<stack1>/tripleo-<stack1>-virtual-ips.yaml ~/ \
$ cd ~/ \
$ openstack overcloud network vip provision \
--debug --stack <stack1> \
--output /home/stack/templates/generated-<stack1>-vip-deployed.yaml \ tripleo-<stack1>-virtual-ips.yaml

Cell stack 2:

$ cp ~/overcloud-deploy/<stack2>/tripleo-<stack2>-virtual-ips.yaml ~/ \
$ cd ~/ \
$ openstack overcloud network vip provision \
--debug --stack <stack2> \
--output /home/stack/templates/generated-<stack2>-vip-deployed.yaml \ tripleo-<stack2>-virtual-ips.yaml

Define new containers and additional compatibility configuration.

After adoption, you must run the upgrade preparation script on each cell stack, which performs the following tasks:

Updates the overcloud plan to OpenStack Platform 17.1
Prepares the nodes for the upgrade

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

Note

If your roles include a large number of nodes, you can accelerate the RHOSP upgrade by splitting existing roles and dividing the nodes between the roles. For more information, see the Red Hat Knowledgebase solution How to split roles during upgrade from RHOSP 16.2 to RHOSP 17.1.

Prerequisites

Confirm that all bare-metal provisioned nodes are in the ACTIVE state. If any nodes remain in the MAINTENANCE state, you cannot proceed with the upgrade. For more information about setting the nodes to ACTIVE, see Setting bare-metal provisioned nodes to the active state.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Verify that the following files that were exported during the undercloud upgrade contain the expected configuration for the overcloud upgrade. You can find the following files in the ~/overcloud-deploy/$(<stack>) directory:
- tripleo-<stack>-network-data.yaml
- tripleo-<stack>-virtual-ips.yaml
- tripleo-<stack>-baremetal-deployment.yaml
  - Replace <stack> with the name of your stack.
  - Check that the mappings between the baremetal node UUIDs, hostnames, and IP addresses in the tripleo-<stack>-baremetal-deployment.yaml file match your current overcloud. Correct the mappings if required.
Warning
You must address the issues in Jinja2 comments, and then remove all Jinja2 comment blocks, from each nic-config template that is created by automated conversion tools such as convert_v1_net_data.py or convert_heat_nic_config_to_ansible_j2.py during the undercloud upgrade. If you do not remove these comment blocks, scaled-out nodes fail to provision, or you can lose control plane networking if network_config_update is set to true.
{{# NOTE! Custom parameter {} was hard-coded in ' 'the converted template. To parameterize use the ' '{{role.name}}ExtraGroupVars THT interface and update the ' 'template to use an ansible var. +#}}
On the main stack, copy the network-data.yaml file to the stack user’s home directory and deploy the networks. Repeat this step on each cell stack in your environment:
Note
The network-data.yaml file is available only on the overcloud stack. You must copy the file from the overcloud stack to all the other cell stacks.
```
$ cp ~/overcloud-deploy/<overcloud-stack>/tripleo-<overcloud-stack>-network-data.yaml ~/
$ openstack overcloud network provision --debug \
--output /home/stack/templates/generated-<overcloud-stack>-networks-deployed.yaml tripleo-<overcloud-stack>-network-data.yaml
```
For more information, see Provisioning and deploying your overcloud in Installing and managing Red Hat OpenStack Platform with director.
If your environment has pre-provisioned nodes, complete the following steps in each stack in your environment, starting with the overcloud stack:
1. Make a backup copy of the tripleo-<overcloud-stack>-virtual-ips.yaml file in the stack user’s home directory:
  $ cp ~/overcloud-deploy/<overcloud-stack>/tripleo-<overcloud-stack>-virtual-ips.yaml ~/ ~/overcloud-deploy/<overcloud-stack>/tripleo-<overcloud-stack>-virtual-ips.yaml.orig
2. Include the following configuration at the end of the tripleo-<overcloud-stack>-virtual-ips.yaml file:
  dns_name: overcloud ip_address: <ctrlplane_virtual_ip>
  1
  name: control_virtual_ip
  2
  network: ctlplane subnet: ctlplane-subnet
  1
  Replace <ctrlplane_virtual_ip> with the VIP of the control plane.
  2
  The default name of the VIP.

On the overcloud stack, copy the virtual-ips.yaml file to the stack user’s home directory and provision the network VIPs. Repeat this step on each cell stack in your environment:

$ cp ~/overcloud-deploy/<overcloud-stack>/tripleo-<overcloud-stack>-virtual-ips.yaml ~/
$ openstack overcloud network vip provision --debug \
--stack <overcloud-stack> --output \
/home/stack/templates/generated-<overcloud-stack>-vip-deployed.yaml tripleo-<overcloud-stack>-virtual-ips.yaml

On the main stack, copy the baremetal-deployment.yaml file to the stack user’s home directory and provision the overcloud nodes. Repeat this step on each cell stack in your environment:
```
$ cp ~/overcloud-deploy/<overcloud-stack>/tripleo-<overcloud-stack>-baremetal-deployment.yaml ~/
$ openstack overcloud node provision --debug --stack <overcloud-stack> \
--output /home/stack/templates/baremetal-<overcloud-stack>-deployment.yaml \
tripleo-<overcloud-stack>-baremetal-deployment.yaml
```
Note
This is the final step of the overcloud adoption. If your overcloud adoption takes longer than 10 minutes to complete, contact Red Hat Support.
Complete the following steps to prepare the containers:
1. Back up the containers-prepare-parameter.yaml file that you used for the undercloud upgrade:
  $ cp containers-prepare-parameter.yaml \ containers-prepare-parameter.yaml.orig
2. Define the following environment variables before you run the script to update the containers-prepare-parameter.yaml file:
  - NAMESPACE: The namespace for the UBI9 images. For example, NAMESPACE='"namespace":"example.redhat.com:5002",'
  - EL8_NAMESPACE: The namespace for the UBI8 images.
  - NEUTRON_DRIVER: The driver to use and determine which OpenStack Networking (neutron) container to use. Set to the type of containers you used to deploy the original stack. For example, set to NEUTRON_DRIVER='"neutron_driver":"ovn",' to use OVN-based containers.
  - EL8_TAGS: The tags of the UBI8 images, for example, EL8_TAGS='"tag":"17.1",'.
    Replace "17.1", with the tag that you use in your content view.
  - EL9_TAGS: The tags of the UBI9 images, for example, EL9_TAGS='"tag":"17.1",'.
    Replace "17.1", with the tag that you use in your content view.
    For more information about the tag parameter, see Container image preparation parameters in Customizing your Red Hat OpenStack Platform deployment.
  - CONTROL_PLANE_ROLES: The list of control plane roles using the --role option, for example, --role ControllerOpenstack, --role Database, --role Messaging, --role Networker, --role CephStorage. To view the list of control plane roles in your environment, run the following command:
    
    $ export STACK=<stack> \ $ sudo awk '/tripleo_role_name/ {print "--role " $2}' \ /var/lib/mistral/${STACK}/tripleo-ansible-inventory.yaml \ | grep -vi compute
    
    Replace <stack> with the name of your stack.
  - COMPUTE_ROLES: The list of Compute roles using the --role option, for example, --Compute-1. To view the list of Compute roles in your environment, run the following command:
    
    $ sudo awk '/tripleo_role_name/ {print "--role " $2}' \ /var/lib/mistral/${STACK}/tripleo-ansible-inventory.yaml \ | grep -i compute
  - CEPH_OVERRIDE: If you deployed Red Hat Ceph Storage, specify the Red Hat Ceph Storage 5 container images. For example:
    CEPH_OVERRIDE='"ceph_image":"rhceph-5-rhel8","ceph_tag":"<latest>",'
    Replace <latest> with the latest ceph_tag version, for example, 5-499.
    The following is an example of the containers-prepare-parameter.yaml file configuration:
    
    NAMESPACE='"namespace":"registry.redhat.io/rhosp-rhel9",' EL8_NAMESPACE='"namespace":"registry.redhat.io/rhosp-rhel8",' NEUTRON_DRIVER='"neutron_driver":"ovn",' EL8_TAGS='"tag":"17.1",' EL9_TAGS='"tag":"17.1",' CONTROL_PLANE_ROLES="--role Controller" COMPUTE_ROLES="--role Compute1 --role Compute2" CEPH_TAGS='"ceph_tag":"5",'
3. Run the following script to to update the containers-prepare-parameter.yaml file:
  Warning
  If you deployed Red Hat Ceph Storage, ensure that the CEPH_OVERRIDE environment variable is set to the correct values before executing the following command. Failure to do so results in issues when upgrading Red Hat Ceph Storage.
  $ python3 /usr/share/openstack-tripleo-heat-templates/tools/multi-rhel-container-image-prepare.py \ ${COMPUTE_ROLES} \ ${CONTROL_PLANE_ROLES} \ --enable-multi-rhel \ --excludes collectd \ --excludes nova-libvirt \ --minor-override "{${EL8_TAGS}${EL8_NAMESPACE}${CEPH_OVERRIDE}${NEUTRON_DRIVER}\"no_tag\":\"not_used\"}" \ --major-override "{${EL9_TAGS}${NAMESPACE}${CEPH_OVERRIDE}${NEUTRON_DRIVER}\"no_tag\":\"not_used\"}" \ --output-env-file \ /home/stack/containers-prepare-parameter.yaml
  The multi-rhel-container-image-prepare.py script supports the following parameters:
  --output-env-file
  Writes the environment file that contains the default ContainerImagePrepare value.
  --local-push-destination
  Triggers an upload to a local registry.
  --enable-registry-login
  Enables the flag that allows the system to attempt to log in to a remote registry prior to pulling the containers. Use this flag when --local-push-destination is not used and the target systems have network connectivity to remote registries. Do not use this flag for an overcloud that might not have network connectivity to a remote registry.
  --enable-multi-rhel
  Enables multi-rhel.
  --excludes
  Lists the services to exclude.
  --major-override
  Lists the override parameters for a major release.
  --minor-override
  Lists the override parameters for a minor release.
  --role
  The list of roles.
  --role-file
  The role_data.yaml file.
4. If you deployed Red Hat Ceph Storage, open the containers-prepare-parameter.yaml file to confirm that the Red Hat Ceph Storage 5 container images are specified and that there are no references to Red Hat Ceph Storage 6 container images.
If you have a director-deployed Red Hat Ceph Storage deployment, create a file called ceph_params.yaml and include the following content:
```
parameter_defaults:
  CephSpecFqdn: true
  CephConfigPath: "/etc/ceph"
  CephAnsibleRepo: "rhceph-5-tools-for-rhel-8-x86_64-rpms"
  DeployedCeph: true
  GrafanaPlugins: []
```
Important
Do not remove the ceph_params.yaml file after the RHOSP upgrade is complete. This file must be present in director-deployed Red Hat Ceph Storage environments. Additionally, any time you run openstack overcloud deploy, you must include the ceph_params.yaml file, for example, -e ceph_params.yaml.
Note
If your Red Hat Ceph Storage deployment includes short names, you must set the CephSpecFqdn parameter to false. If set to true, the inventory generates with both the short names and domain names, causing the Red Hat Ceph Storage upgrade to fail.

Create an environment file called upgrades-environment.yaml in your templates directory and include the following content:

parameter_defaults:
  ExtraConfig:
    nova::workarounds::disable_compute_service_check_for_ffu: true
  DnsServers: ["<dns_servers>"]
  DockerInsecureRegistryAddress: [<undercloud_FQDN>]
  UpgradeInitCommand: |
    sudo subscription-manager repos --disable=*
      if $( grep -q  9.2  /etc/os-release )
      then
        sudo subscription-manager repos --enable=rhel-9-for-x86_64-baseos-e4s-rpms --enable=rhel-9-for-x86_64-appstream-e4s-rpms --enable=rhel-9-for-x86_64-highavailability-e4s-rpms --enable=openstack-17.1-for-rhel-9-x86_64-rpms --enable=fast-datapath-for-rhel-9-x86_64-rpms
        sudo podman ps | grep -q ceph && subscription-manager repos --enable=rhceph-5-tools-for-rhel-9-x86_64-rpms
        sudo subscription-manager release --set=9.2
      else
        sudo subscription-manager repos --enable=rhel-8-for-x86_64-baseos-aus-rpms --enable=rhel-8-for-x86_64-appstream-aus-rpms --enable=rhel-8-for-x86_64-highavailability-aus-rpms --enable=openstack-17.1-for-rhel-8-x86_64-rpms --enable=fast-datapath-for-rhel-8-x86_64-rpms
        sudo podman ps | grep -q ceph && subscription-manager repos --enable=rhceph-5-tools-for-rhel-8-x86_64-rpms
        sudo subscription-manager release --set=8.4
      fi

      if $(sudo podman ps | grep -q ceph )
      then
        sudo dnf -y install cephadm
      fi

Replace <dns_servers> with a comma-separated list of your DNS server IP addresses, for example, ["10.0.0.36", "10.0.0.37"].
Replace <undercloud_FQDN> with the fully qualified domain name (FQDN) of the undercloud host, for example, ["undercloud-0.ctlplane.redhat.local:8787"].
For more information about the upgrade parameters that you can configure in the environment file, see Upgrade parameters.

On the undercloud, create a file called overcloud_upgrade_prepare.sh in your templates directory. You must create this file for each stack in your environment, starting with the overcloud stack. This file includes the original content of your overcloud deploy file and the environment files that are relevant to each cell stack. For example:
```
#!/bin/bash
openstack overcloud upgrade prepare --yes \
  --timeout 460 \
  --templates /usr/share/openstack-tripleo-heat-templates \
  --ntp-server 192.168.24.1 \
  --stack <overcloud-stack> \
  -r /home/stack/roles_data.yaml \
  -e /home/stack/templates/internal.yaml \
  -e /home/stack/templates/network/network-environment.yaml \
  -e /home/stack/templates/inject-trust-anchor.yaml \
  -e /home/stack/templates/hostnames.yml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \
  -e /home/stack/templates/nodes_data.yaml \
  -e /home/stack/templates/debug.yaml \
  -e /home/stack/templates/firstboot.yaml \
  -e /home/stack/templates/upgrades-environment.yaml \
  -e /home/stack/overcloud-params.yaml \
  -e /usr/share/openstack-tripleo-heat-templates/environments/nova-hw-machine-type-upgrade.yaml \
  -e /home/stack/skip_rhel_release.yaml \
  -e ~/containers-prepare-parameter.yaml \
  -e /home/stack/templates/baremetal-<overcloud-stack>-deployment.yaml \
  -e /home/stack/templates/generated-<overcloud-stack>-networks-deployed.yaml \
  -e /home/stack/templates/generated-<overcloud-stack>-vip-deployed.yaml
```
1. In the original network-environment.yaml file (/home/stack/templates/network/network-environment.yaml), remove all the resource_registry resources that point to OS::TripleO::*::Net::SoftwareConfig.
2. In the overcloud_upgrade_prepare.sh file, include the following options relevant to your environment:
  - The environment file (upgrades-environment.yaml) with the upgrade-specific parameters (-e).
  - The environment file (containers-prepare-parameter.yaml) with your new container image locations (-e). In most cases, this is the same environment file that the undercloud uses.
  - The default_cell_export.yaml file that you exported from the default cell in the overcloud stack. You must add this file to all of the overcloud_upgrade_prepare.sh files for each cell stack, except for the overcloud stack.
  - The environment file (skip_rhel_release.yaml) with the release parameters (-e).
  - Any custom configuration environment files (-e) relevant to your deployment.
  - If applicable, your custom roles (roles_data) file by using --roles-file.
  - For Ceph deployments, the environment file (ceph_params.yaml) with the Ceph parameters (-e).
  - If applicable, the environment file (ipa-environment.yaml) with your IPA service (-e).
  - If you are using composable networks, the (network_data) file by using --network-file.
  - The files that were generated during overcloud adoption (networks-deployed.yaml, vip-deployed.yaml,baremetal-deployment.yaml) (-e). These files must be placed last in the overcloud upgrade prepare script.
  - If you use OVS, add the OVS environment files in the following order:
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-sriov.yaml
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs-dpdk.yaml
  - If you use OVN, add the OVN environment files in the following order:
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-dpdk.yaml
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-sriov.yaml
    /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-ha.yaml
    Note
    Do not include the network-isolation.yaml file in your overcloud deploy file or the overcloud_upgrade_prepare.sh file. Network isolation is defined in the network_data.yaml file.
  - If you use a custom stack name, pass the name with the --stack option.
    Note
    You must include the nova-hw-machine-type-upgrade.yaml file in your templates until all of your RHEL 8 Compute nodes are upgraded to RHEL 9 in the environment. If this file is excluded, an error appears in the nova_compute.log in the /var/log/containers/nova directory. After you upgrade all of your RHEL 8 Compute nodes to RHEL 9, you can remove this file from your configuration and update the stack.
3. In the director-deployed Red Hat Ceph Storage use case, if you enabled the Shared File Systems service (manila) with CephFS through NFS on the deployment that you are upgrading, you must specify an additional environment file at the end of the overcloud_upgrade_prepare.sh script file. You must add the environment file at the end of the script because it overrides another environment file that is specified earlier in the script:
  -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/manila-cephfsganesha-config.yaml
4. In the external Red Hat Ceph Storage use case, if you enabled the Shared File Systems service (manila) with CephFS through NFS on the deployment that you are upgrading, you must check that the associated environment file in the overcloud_upgrade_prepare.sh script points to the tripleo-based ceph-nfs role. If present, remove the following environment file:
  -e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/manila-cephfsganesha-config.yaml
  And add the following environment file:
  -e /usr/share/openstack-tripleo-heat-templates/environments/manila-cephfsganesha-config.yaml

Run the upgrade preparation script on the overcloud stack:

$ source stackrc
$ chmod 755 /home/stack/overcloud_upgrade_prepare.sh
$ sh /home/stack/overcloud_upgrade_prepare.sh

Wait until the upgrade preparation completes.

Export the cell configuration and password information from the default cell in the overcloud stack to a new common environment file for the multi-cell deployment. You must include the /home/stack/common/default_cell_export.yaml file and all of the environment files that are relevant to your environment in the script for each cell:
```
(undercloud) $ openstack overcloud cell export --control-plane-stack overcloud \
 -f --output-file common/default_cell_export.yaml \
 --working-dir /home/stack/overcloud-deploy/overcloud/
```
If you have a DCN environment, the generated cell_export.yaml file is incomplete. To get the correct file, complete the following steps:
1. Source the stackrc undercloud credentials file:
  $ source ~/stackrc
2. Force the necessary data to be generated into the stack’s overcloud-deploy directory:
  $ openstack overcloud upgrade run --yes --limit allovercloud,undercloud --stack overcloud --playbook overcloud/upgrade_steps_playbook.yaml --skip-tags upgrade_steps
3. Re-export the overcloud stack to to get the updated cell_export.yaml file to use in the overcloud upgrade prepare script:
  $ openstack overcloud cell export --control-plane-stack overcloud --force-overwrite --working-dir overcloud-deploy/overcloud --output-file overcloud-deploy/overcloud/overcloud-cell-export.yaml

Run the upgrade preparation script on each cell stack. For example:

$ source stackrc
$ chmod 755 /home/stack/<stack1>-overcloud_upgrade_prepare.sh
$ sh /home/stack/<stack1>-overcloud_upgrade_prepare.sh

Wait until the upgrade preparation completes.

Download the container images for each cell stack, starting with the overcloud stack:

$ openstack overcloud external-upgrade run --stack <stack> --tags container_image_prepare

Chapter 9. Upgrading an overcloud with director-deployed Ceph deployments
Copy link

If your environment includes director-deployed Red Hat Ceph Storage deployments with or without hyperconverged infrastructure (HCI) nodes, you must upgrade your deployments to Red Hat Ceph Storage 5. With an upgrade to version 5, cephadm now manages Red Hat Ceph Storage instead of ceph-ansible.

Note

If you are using the Red Hat Ceph Storage Object Gateway (RGW), ensure that all RGW pools have the application label rgw as described in Why are the RGW services crashing after running the cephadm adoption playbook?.

Implementing this configuration change addresses a common issue encountered when upgrading from Red Hat Ceph Storage Release 4 to 5.

9.1. Installing ceph-ansible
Copy link

If you deployed Red Hat Ceph Storage using director, you must complete this procedure. The ceph-ansible package is required to upgrade Red Hat Ceph Storage with Red Hat OpenStack Platform.

Procedure

Enable the Ceph 5 Tools repository:

[stack@director ~]$ sudo subscription-manager repos --enable=rhceph-5-tools-for-rhel-8-x86_64-rpms

Install the ceph-ansible package:

[stack@director ~]$ sudo dnf install -y ceph-ansible

9.2. Downloading Red Hat Ceph Storage containers to the undercloud from Satellite
Copy link

If the Red Hat Ceph Storage container image is hosted on a Red Hat Satellite Server, then you must download a copy of the image to the undercloud before starting the Red Hat Ceph Storage upgrade using Red Hat Satellite.

Prerequisite

The required Red Hat Ceph Storage container image is hosted on the Satellite Server.

Procedure

Log in to the undercloud node as the stack user.
Download the Red Hat Ceph Storage container image from the Satellite Server:
```
$ sudo podman pull <ceph_image_file>
```
- Replace <ceph_image_file> with the Red Hat Ceph Storage container image file hosted on the Satellite Server. The following is an example of this command:
  $ sudo podman pull satellite.example.com/container-images-osp-17_1-rhceph-5-rhel8:latest

9.3. Upgrading to Red Hat Ceph Storage 5
Copy link

Upgrade the following nodes from Red Hat Ceph Storage version 4 to version 5:

Red Hat Ceph Storage nodes
Hyperconverged infrastructure (HCI) nodes, which contain combined Compute and Ceph OSD services

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

Note

Red Hat Ceph Storage 5 uses Prometheus v4.10, which has the following known issue: If you enable Red Hat Ceph Storage dashboard, two data sources are configured on the dashboard. For more information about this known issue, see BZ#2054852.

Red Hat Ceph Storage 6 uses Prometheus v4.12, which does not include this known issue. Red Hat recommends upgrading from Red Hat Ceph Storage 5 to Red Hat Ceph Storage 6 after the upgrade from Red Hat OpenStack Platform (RHOSP) 16.2 to 17.1 is complete. To upgrade from Red Hat Ceph Storage version 5 to version 6, begin with one of the following procedures for your environment:

Director-deployed Red Hat Ceph Storage environments: Updating the cephadm client
External Red Hat Ceph Storage cluster environments: Updating the Red Hat Ceph Storage container image

Important

Back up your Red Hat Ceph Storage configuration file, for example, /etc/ceph/ceph.conf, in case the file is deleted during the upgrade. For more information about this issue, see BZ#2267114.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Run the Red Hat Ceph Storage external upgrade process with the ceph tag:
```
$ openstack overcloud external-upgrade run \
   --skip-tags "ceph_ansible_remote_tmp" \
   --stack <stack> \
   --tags ceph,facts 2>&1
```
- Replace <stack> with the name of your stack.
- If you are running this command at a DCN deployed site, add the value skip-tag cleanup_cephansible to the provided comma-separated list of values for the --skip-tags parameter.
Run the ceph versions command to confirm all Red Hat Ceph Storage daemons have been upgraded to version 5. This command is available in the ceph monitor container that is hosted by default on the Controller node.
Important
The command in the previous step runs the ceph-ansible rolling_update.yaml playbook to update the cluster from version 4 to 5. It is important to confirm all daemons have been updated before proceeding with this procedure.
The following example demonstrates the use and output of this command. As demonstrated in the example, all daemons in your deployment should show a package version of 16.2.* and the keyword pacific.
```
$ sudo podman exec ceph-mon-$(hostname -f) ceph versions
{
    "mon": {
        "ceph version 16.2.10-248.el8cp (0edb63afd9bd3edb333364f2e0031b77e62f4896) pacific (stable)": 3
    },
    "mgr": {
        "ceph version 16.2.10-248.el8cp (0edb63afd9bd3edb333364f2e0031b77e62f4896) pacific (stable)": 3
    },
    "osd": {
        "ceph version 16.2.10-248.el8cp (0edb63afd9bd3edb333364f2e0031b77e62f4896) pacific (stable)": 180
    },
    "mds": {},
    "rgw": {
        "ceph version 16.2.10-248.el8cp (0edb63afd9bd3edb333364f2e0031b77e62f4896) pacific (stable)": 3
    },
    "overall": {
        "ceph version 16.2.10-248.el8cp (0edb63afd9bd3edb333364f2e0031b77e62f4896) pacific (stable)": 189
    }
}
```
Note
The output of the command sudo podman ps | grep ceph on any server hosting Red Hat Ceph Storage should return a version 5 container.

Create the ceph-admin user and distribute the appropriate keyrings:

ANSIBLE_LOG_PATH=/home/stack/cephadm_enable_user_key.log \
ANSIBLE_HOST_KEY_CHECKING=false \
ansible-playbook -i /home/stack/overcloud-deploy/<stack>/config-download/<stack>/tripleo-ansible-inventory.yaml \
  -b -e ansible_python_interpreter=/usr/libexec/platform-python /usr/share/ansible/tripleo-playbooks/ceph-admin-user-playbook.yml \
 -e tripleo_admin_user=ceph-admin \
 -e distribute_private_key=true \
  --limit Undercloud,ceph_mon,ceph_mgr,ceph_rgw,ceph_mds,ceph_nfs,ceph_grafana,ceph_osd

Update the packages on the Red Hat Ceph Storage nodes:
```
$ openstack overcloud upgrade run \
    --stack <stack> \
    --skip-tags ceph_ansible_remote_tmp \
    --tags setup_packages --limit Undercloud,ceph_mon,ceph_mgr,ceph_rgw,ceph_mds,ceph_nfs,ceph_grafana,ceph_osd \
    --playbook /home/stack/overcloud-deploy/<stack>/config-download/<stack>/upgrade_steps_playbook.yaml 2>&1
```
- If you are running this command at a DCN deployed site, add the value skip-tag cleanup_cephansible to the provided comma-separated list of values for the --skip-tags parameter.
  Note
  By default, the Ceph Monitor service (CephMon) runs on the Controller nodes unless you have used the composable roles feature to host them elsewhere. This command includes the ceph_mon tag, which also updates the packages on the nodes hosting the Ceph Monitor service (the Controller nodes by default).
Configure the Red Hat Ceph Storage nodes to use cephadm:
```
$ openstack overcloud external-upgrade run \
    --skip-tags ceph_ansible_remote_tmp \
    --stack <stack> \
    --tags cephadm_adopt  2>&1
```
- If you are running this command at a DCN deployed site, add the value skip-tag cleanup_cephansible to the provided comma-separated list of values for the --skip-tags parameter.
  Note
  The adoption of cephadm can cause downtime in the RGW and Alertmanager services. For more information about these issues, see Restarting Red Hat Ceph Storage 5 services.
Run the ceph -s command to confirm all processes are now managed by Red Hat Ceph Storage orchestrator. This command is available in the ceph monitor container that is hosted by default on the Controller node.
Important
The command in the previous step runs the ceph-ansible cephadm-adopt.yaml playbook to move future management of the cluster from ceph-ansible to cephadm and the Red Hat Ceph Storage orchestrator. It is important to confirm all processes are now managed by the orcestrator before proceeding with this procedure.
The following example demonstrates the use and output of this command. As demonstrated in this example, there are 63 daemons that are not managed by cephadm. This indicates there was a problem with the running of the ceph-ansible cephadm-adopt.yml playbook. Contact Red Hat Ceph Storage support to troubleshoot these errors before proceeding with the upgrade. When the adoption process has been completed successfully, there should not be any warning about stray daemons not managed by cephadm.
```
$ sudo cephadm shell -- ceph -s
  cluster:
    id:     f5a40da5-6d88-4315-9bb3-6b16df51d765
    health: HEALTH_WARN
            63 stray daemon(s) not managed by cephadm
```
Modify the overcloud_upgrade_prepare.sh file to replace the ceph-ansible file with a cephadm heat environment file:
Important
Do not include ceph-ansible environment or deployment files, for example, environments/ceph-ansible/ceph-ansible.yaml or deployment/ceph-ansible/ceph-grafana.yaml, in openstack deployment commands such as openstack overcloud upgrade prepare and openstack overcloud deploy. For more information about replacing ceph-ansible environment and deployment files with cephadm files, see Implications of upgrading to Red Hat Ceph Storage 5.
```
#!/bin/bash
openstack overcloud upgrade prepare  --yes \
  --timeout 460 \
 --templates /usr/share/openstack-tripleo-heat-templates \
  --ntp-server 192.168.24.1 \
  --stack <stack> \
  -r /home/stack/roles_data.yaml \
  -e /home/stack/templates/internal.yaml \
  …
  -e <cephadm-file> \
  -e ~/containers-prepare-parameter.yaml
```
where:
<cephadm-file>
If you deployed RGW in a previous RHOSP version, or if you plan to deploy RGW, use environments/cephadm/cephadm.yaml.
If you plan to deploy RBD, use environments/cephadm/cephadm-rbd-only.yaml.
Modify the overcloud_upgrade_prepare.sh file to remove the following environment file if you added it earlier when you ran the overcloud upgrade preparation:
```
-e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/manila-cephfsganesha-config.yaml
```
Save the file.

Run the upgrade preparation command:

$ source stackrc
$ chmod 755 /home/stack/overcloud_upgrade_prepare.sh
sh /home/stack/overcloud_upgrade_prepare.sh

If your deployment includes HCI nodes, create a temporary hci.conf file in a cephadm container of a Controller node:
1. Log in to a Controller node:
  $ ssh cloud-admin@<controller_ip>
  - Replace <controller_ip> with the IP address of the Controller node.
2. Retrieve a cephadm shell from the Controller node:
  Example
  [cloud-admin@controller-0 ~]$ sudo cephadm shell
3. In the cephadm shell, create a temporary hci.conf file:
  Example
  [ceph: root@edpm-controller-0 /]# cat <<EOF > hci.conf [osd] osd_memory_target_autotune = true osd_numa_auto_affinity = true [mgr] mgr/cephadm/autotune_memory_target_ratio = 0.2 EOF …
4. Apply the configuration:
  Example
  [ceph: root@edpm-controller-0 /]# ceph config assimilate-conf -i hci.conf
  For more information about adjusting the configuration of your HCI deployment, see Ceph configuration overrides for HCI in Deploying a hyperconverged infrastructure.

Important

You must upgrade the operating system on all HCI nodes to RHEL 9. For more information on upgrading Compute and HCI nodes, see Upgrading Compute nodes to RHEL 9.2.

Important

If Red Hat Ceph Storage Rados Gateway (RGW) is used for object storage, complete the steps in Ceph config overrides set for the RGWs on the RHCS 4.x does not get reflected after the Upgrade to RHCS 5.x to ensure your Red Hat Ceph Storage 4 configuration is reflected completely in Red Hat Ceph Storage 5.

Important

If the Red Hat Ceph Storage Dashboard is installed, complete the steps in After FFU 16.2 to 17.1, Ceph Grafana dashboard failed to start due to incorrect dashboard configuration to ensure it is properly configured.

9.4. Restarting Red Hat Ceph Storage 5 services
Copy link

After the adoption from ceph-ansible to cephadm, the Alertmanager service (a component of the dashboard) or RGW might go offline. This is due to the following issues related to cephadm adoption in Red Hat Ceph Storage 5:

You can restart these services immediately by following the procedures in this section but doing so requires restarting the HAProxy service. Restarting the HAProxy service causes a brief service interruption of the Red Hat OpenStack Platform (RHOSP) control plane.

Do not perform the procedures in this section if any of the following statements are true:

You do not deploy Red Hat Ceph Storage Dashboard or RGW.
You do not immediately require the Alertmanager and RGW services.
You do not want the control plane downtime caused by restarting HAProxy.
You plan on upgrading to Red Hat Ceph Storage 6 before ending the maintenance window for the upgrade.

If any of these statements are true, proceed with the upgrade process as described in subsequent chapters and upgrade to Red Hat Ceph Storage 6 when you reach the section Upgrading Red Hat Ceph Storage 5 to 6. Complete all intervening steps in the upgrade process before attempting to upgrade to Release 6.

9.4.1. Restarting the Red Hat Ceph Storage 5 Object Gateway
Copy link

After migrating from ceph-ansible to cephadm, you might have to restart the Red Hat Ceph Storage Object Gateway (RGW) before continuing with the process if it has not already restarted. RGW starts automatically when HAProxy is offline. Once RGW is online, HAproxy can be started. This is because RGW currently checks if ports are open for all IPs instead of only the IPs in use. When BZ#2356354 is resolved, RGW will only check the ports for the IPs in use.

Warning

Restarting the HAProxy service introduces downtime to the Red Hat OpenStack Platform control plane. The downtime lasts as long as is required for the HAProxy service to restart.

Procedure

Log in to the OpenStack Controller node.
Note
Confirm that you are logged into a node that is hosting the Ceph Manager service. In default deployments, this is the OpenStack Controller node. You must be logged into a Controller node that is running the Ceph Manager service.
Determine the current health of the Red Hat Ceph Storage 5 deployment:
```
# sudo cephadm shell -- ceph health detail
```

Observe the command output.

If the output displays no issues with the deployment health, you do not have to complete this procedure. If the following error is displayed in the command output, you must proceed with restarting HAProxy to restart RGW:

HEALTH_WARN Failed to place 1 daemon(s); 3 failed cephadm daemon(s)
[WRN] CEPHADM_DAEMON_PLACE_FAIL: Failed to place 1 daemon(s)
    Failed while placing rgw.host42.host42.foo on host42: cephadm exited with an error code: 1, stderr:Non-zero exit code 125 from /bin/podman container inspect --format {{.State.Status}} ceph-5ffc7906-2722-4602-9478-e2fe6ad3ff49-rgw-host42-host42-foo
/bin/podman: stderr Error: error inspecting object: no such container ceph-5ffc7906-2722-4602-9478-e2fe6ad3ff49-rgw-host42-host42-foo
Non-zero exit code 125 from /bin/podman container inspect --format {{.State.Status}} ceph-5ffc7906-2722-4602-9478-e2fe6ad3ff49-rgw.host42.host42.foo
/bin/podman: stderr Error: error inspecting object: no such container ceph-5ffc7906-2722-4602-9478-e2fe6ad3ff49-rgw.host42.host42.foo
Deploy daemon rgw.host42.host42.foo ...
Verifying port 8080 ...
Cannot bind to IP 0.0.0.0 port 8080: [Errno 98] Address already in use
ERROR: TCP Port(s) '8080' required for rgw already in use

Stop the HAProxy service:
```
# pcs resource disable haproxy-bundle
```
Note
RGW should now restart automatically.
Confirm that RGW restarted:
```
# sudo cephadm shell -- ceph orch ps
```

Observe the command output.

The following is an example of the command output confirming that all services are running:

rgw.host42.host42.qfeedh  host42  10.0.42.20:8080  running (62s)    58s ago  62s    60.1M        -  16.2.10-275.el8cp  d7a74ab527fa  b60d550cdc91
rgw.host43.host43.ykpwef  host43  10.0.42.21:8080  running (65s)    58s ago  64s    58.9M        -  16.2.10-275.el8cp  d7a74ab527fa  ddea7b33bfc9
rgw.host44.host44.tsepgo  host44  10.0.42.22:8080  running (56s)    51s ago  55s    62.2M        -  16.2.10-275.el8cp  d7a74ab527fa  c1e87e8744ce

Start the HAProxy service:
```
# pcs resource enable haproxy-bundle
```
Note
When BZ#2356354 is resolved, this procedure will no longer be necessary. Upgrading to Red Hat Ceph Storage 6 using the procedures in Upgrading Red Hat Ceph Storage 5 to 6 will also correct this issue.

9.4.2. Restarting the Red Hat Ceph Storage 5 Alertmanager service
Copy link

After migrating from ceph-ansible to cephadm, you can restart the Alertmanager service before continuing with the process. Restarting the Alertmanager service requires restarting the HAProxy service as well.

Warning

Restarting the HAProxy service introduces downtime to the Red Hat OpenStack Platform control plane. The downtime lasts as long as is required for the HAProxy service to restart.

Procedure

Log in to the OpenStack Controller node.
Note
Confirm that you are logged into a node that is hosting the Ceph Manager service. In default deployments, this is the OpenStack Controller node. You must be logged into a Controller node that is running the Ceph Manager service.

View the current Alertmanager specification file:

$ sudo cephadm shell -- ceph orch ls --export alertmanager

Create a specification file for the Alertmanager service based on the output from the previous step.
The following is an example of a specification file:
```
service_type: alertmanager
service_name: alertmanager
placement:
  count: 3
  label: monitoring
networks:
- 10.10.10.0/24
- 10.10.11.0/24
```
Note
The IP addresses in the networks list should correspond with the Storage/Ceph public networks in your environment.
Save the specification file as /root/alertmanager.spec.
Stop the HAProxy service:
```
# pcs resource disable haproxy-bundle
```

Stop the Alertmanager service:

# cephadm shell -k /etc/ceph/<stack>.client.admin.keyring -- ceph orch rm alertmanager

Replace <stack> with the name of your stack.

Start the Alertmanager service:

# cephadm shell -k /etc/ceph/<stack>.client.admin.keyring -m /root/alertmanager.spec -- ceph orch apply -i /mnt/alertmanager.spec

Replace <stack> with the name of your stack.

Start the HAProxy service:
```
# pcs resource enable haproxy-bundle
```

Note

Perform this procedure again if the Alertmanager service does not restart, adding a port definition to the specification file. The following is the previous specification file example with a port definition added:

service_type: alertmanager
service_name: alertmanager
placement:
  count: 3
  label: monitoring
networks:
- 10.10.10.0/24
- 10.10.11.0/24
spec:
  port: 4200

1

1: Custom port definition. Use a port that corresponds to your deployment environment.

9.5. Implications of upgrading to Red Hat Ceph Storage 5
Copy link

The Red Hat Ceph Storage cluster is now upgraded to version 5. This has the following implications:

You no longer use ceph-ansible to manage Red Hat Ceph Storage. Instead, the Ceph Orchestrator manages the Red Hat Ceph Storage cluster. For more information about the Ceph Orchestrator, see The Ceph Operations Guide.
You no longer need to perform stack updates to make changes to the Red Hat Ceph Storage cluster in most cases. Instead, you can run day two Red Hat Ceph Storage operations directly on the cluster as described in The Ceph Operations Guide. You can also scale Red Hat Ceph Storage cluster nodes up or down as described in Scaling the Ceph Storage cluster in Deploying Red Hat Ceph Storage and Red Hat OpenStack Platform together with director.
You can inspect the Red Hat Ceph Storage cluster’s health. For more information about monitoring your cluster’s health, see Monitoring Red Hat Ceph Storage nodes in Deploying Red Hat Ceph Storage and Red Hat OpenStack Platform together with director.

Do not include environment files or deployment files, for example, environments/ceph-ansible/ceph-ansible.yaml or deployment/ceph-ansible/ceph-grafana.yaml, in openstack deployment commands such as openstack overcloud upgrade prepare and openstack overcloud deploy. If your deployment includes ceph-ansible environment or deployment files, replace them with one of the following options:

Expand

Red Hat Ceph Storage deployment	Original `ceph-ansible` file	`Cephadm` file replacement
Ceph RADOS Block Device (RBD) only	`environments/ceph-ansible/ceph-ansible.yaml`	`environments/cephadm/cephadm-rbd-only.yaml`
RBD and the Ceph Object Gateway (RGW)	`environments/ceph-ansible/ceph-rgw.yaml`	`environments/cephadm/cephadm.yaml`
Ceph Dashboard	`environments/ceph-ansible/ceph-dashboard.yaml`	Respective file in `environments/cephadm/`
Ceph MDS	`environments/ceph-ansible/ceph-mds.yaml`	Respective file in `environments/cephadm/`

Chapter 10. Preparing network functions virtualization (NFV)
Copy link

If you use network functions virtualization (NFV), you must complete some preparation for the overcloud upgrade.

10.1. Network functions virtualization (NFV) environment files
Copy link

In a typical NFV-based environment, you can enable services such as the following:

Single-root input/output virtualization (SR-IOV)
Data Plane Development Kit (DPDK)

You do not require any specific reconfiguration to these services to accommodate the upgrade to Red Hat OpenStack Platform 17.1. However, ensure that the environment files that enable your NFV functionality meet the following requirements:

The default environment files to enable NFV features are located in the environments/services directory of the Red Hat OpenStack Platform 17.1 openstack-tripleo-heat-templates collection. If you include the default NFV environment files from openstack-tripleo-heat-templates with your Red Hat OpenStack Platform 16.2 deployment, verify the correct environment file location for the respective feature in Red Hat OpenStack Platform 17.1:
- Open vSwitch (OVS) networking and SR-IOV: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-sriov.yaml
- Open vSwitch (OVS) networking and DPDK: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs-dpdk.yaml
- Open Virtual Network (OVN) networking and SR-IOV: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-sriov.yaml
- Open Virtual Network (OVN) networking and DPDK: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-dpdk.yaml
- Open Virtual Network (OVN) networking with non-DVR and HA OVN DB: /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-ha.yaml
To maintain OVS compatibility during the upgrade from Red Hat OpenStack Platform 16.2 to Red Hat OpenStack Platform 17.1, you must include the /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml environment file. When running deployment and upgrade commands that involve environment files, you must include any NFV-related environment files after the neutron-ovs.yaml file. For example, when running openstack overcloud upgrade prepare with OVS and NFV environment files, include the files in the following order:
The OVS environment file
The SR-IOV environment file

The DPDK environment file

$ openstack overcloud upgrade prepare \
    ...
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-sriov.yaml \
    -e /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovs-dpdk.yaml \
    ...

Note

There is a migration constraint for NFV workloads: you cannot live migrate instances from OVS-DPDK Compute nodes during an upgrade. Alternatively, you can cold migrate instances from OVS-DPDK Compute nodes during an upgrade.

Chapter 11. Upgrading the overcloud
Copy link

Upgrade Red Hat OpenStack Platform content across the whole overcloud on each stack in your environment.

11.1. Upgrading RHOSP on all nodes in each stack
Copy link

Upgrade all overcloud nodes to Red Hat OpenStack Platform (RHOSP) 17.1 for each stack, starting with the main stack.

Note

You must ensure that the pacemaker is running on all controllers before you upgrade the overcloud nodes.

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```

Run the overcloud upgrade. Choose one of the following upgrade methods based on your specific environment:

If you do not have a DCN or multi-cell deployment that includes ML2/OVN, upgrade RHOSP on all nodes in your main stack:
1. Upgrade RHOSP on all nodes in your main stack:
  $ openstack overcloud upgrade run --yes --stack <stack> --debug --limit allovercloud,undercloud --playbook all
  Important
  Do not modify the --limit option. You must upgrade all nodes in the stack at once to avoid workload disruption. For more information about the importance of upgrading all of your overcloud nodes at the same time, see The importance of upgrading Red Hat OpenStack Platform on all overcloud nodes at once.
  - Replace <stack> with the name of the overcloud stack that you want to upgrade the nodes on.
    Repeat this step for each stack in your RHOSP deployment.

If you have a DCN or multi-cell deployment that includes ML2/OVN, complete the following steps:

Upgrade the OVN containers and all host packages on each stack. For both DCN and multi-cell deployments, you must upgrade the central stack and control stack first, respectively:

$ openstack overcloud upgrade run --stack <stack> --tags setup_packages,ovn --limit allovercloud --yes

Replace <stack> with the name of the stack you are upgrading.

Important

After you run the RHOSP upgrade on the central or control stack, the OVN DBs are migrated from a Pacemaker deployment to an Ansible-controlled cluster. As a result, the endpoint that the OVN controllers connect to changes. This connection is updated during the RHOSP upgrade on each additional stack. Depending on the size of your environment, some stacks might be updated later, which can result in a data plane outage. To avoid this issue, update the connection to use the previous endpoint and new endpoint at the same time. The following example shows the workaround for a multi-cell environment. The workaround is the same for DCN environments that include OVN. Ensure that you export the overcloud-export.yaml file first:

$ cat <<'EOF' > ~/ovn_workaround.yaml
# Playbook
- become: true
  hosts: '{{ ovn_compute_role }}'
  strategy: tripleo_free
  name: OVN workaround playbook
  tasks:
   - name: Read ovn southbound port
     command: puppet lookup --facts /etc/puppet/hieradata/service_configs.json ovn::southbound::port --render-as s
     register: ovn_southbound_port
     failed_when: false
   - name: Read ovn vip
     command: puppet lookup --facts /etc/puppet/hieradata/all_nodes.json ovn_dbs_vip --render-as s
     register: ovn_dbs_vip
   - name: Create the new connection
     set_fact:
        new_ovn_connection: "ssl:{{ovn_dbs_vip.stdout}}:{{ovn_southbound_port.stdout}},ssl:{{parameter_defaults.AllNodesExtraMapData.ovn_dbs_node_ips[0]}}:{{ovn_southbound_port.stdout}},ssl:{{parameter_defaults.AllNodesExtraMapData.ovn_dbs_node_ips[1]}}:{{ovn_southbound_port.stdout}},ssl:{{parameter_defaults.AllNodesExtraMapData.ovn_dbs_node_ips[2]}}:{{ovn_southbound_port.stdout}}"
   - name: showing the new connection
     debug:
       msg: "the new connection is {{ new_ovn_connection }}"
     tags:
       - debug_msg
   - name: Get ovn connection
     command: ovs-vsctl get Open_vSwitch . external_ids:ovn-remote
     register: ovn_connection
   - set_fact:
       change_needed: "{{ ovn_connection.stdout.split(',') | length == 1 }}"
   - name: Reconfigure ovn connection
     when: change_needed|bool
     command: ovs-vsctl set Open_vSwitch . external_ids:ovn-remote="{{new_ovn_connection}}"
     tags:
       - apply_conf
   - name: Reconfigure ovn connection for metadata agents on computes
     when: change_needed|bool
     shell: |
       crudini --set /var/lib/config-data/puppet-generated/neutron/etc/neutron/plugins/networking-ovn/networking-ovn-metadata-agent.ini  ovn ovn_sb_connection "{{ new_ovn_connection }}"
       systemctl restart tripleo_ovn_metadata_agent
     tags:
       - apply_conf
EOF

$ ansible-playbook -i overcloud-deploy/$CELLSTACK/tripleo-ansible-inventory.yaml -e @~/overcloud-deploy/overcloud/overcloud-export.yaml -e ovn_compute_role=Compute ovn_workaround.yaml

Verify that the ovn-controller is updated on all overcloud nodes:

$ sudo podman ps | grep ovn_controller

Sample output

5ddc21ef9056  undercloud-0.ctlplane.redhat.local:8787/rh-osbs/rhosp17-openstack-ovn-controller:17.1_20230905.1
kolla_start  20 hours ago  Up 20 hours (healthy)  ovn_controller

Upgrade the service containers and update the host packages on each stack, starting with the central stack or control stack:
```
$ openstack overcloud upgrade run --stack <stack> --skip-tags ovn --limit allovercloud --yes
```
Note
To avoid a long maintenance window, you can run the upgrade only on the CellController role in your cell stack first, and then run the upgrade on all the nodes in the cell stack in the next maintenance window. For example:
First maintenance window:
$ openstack overcloud upgrade run --stack AZ2 --skip-tags ovn --limit CellController --yes
Second maintenance window:
$ openstack overcloud upgrade run --stack AZ2 --skip-tags ovn --limit allovercloud --yes

Chapter 12. Upgrading the undercloud operating system
Copy link

You must upgrade the undercloud operating system from Red Hat Enterprise Linux 8.4 to Red Hat Enterprise Linux 9.2. The system upgrade performs the following tasks:

Ensures that network interface naming remains consistent after the system upgrade
Uses Leapp to upgrade RHEL in-place
Reboots the undercloud

12.1. Setting the SSH root permission parameter on the undercloud
Copy link

The Leapp upgrade checks whether the PermitRootLogin parameter exists in the /etc/ssh/sshd_config file. You must explicitly set this parameter to either yes or no.

For security purposes, set this parameter to no to disable SSH access to the root user on the undercloud.

Procedure

Log in to the undercloud as the stack user.
Check the /etc/ssh/sshd_config file for the PermitRootLogin parameter:
```
$ sudo grep PermitRootLogin /etc/ssh/sshd_config
```
If the parameter is not in the /etc/ssh/sshd_config file, edit the file and set the PermitRootLogin parameter:
```
PermitRootLogin no
```
Save the file.

12.2. Validating your SSH key size
Copy link

Starting with Red Hat Enterprise Linux (RHEL) 9.1, a minimum SSH key size of 2048 bits is required. If your current SSH key on Red Hat OpenStack Platform (RHOSP) director is less than 2048 bits, you can lose access to the overcloud. You must verify that your SSH key meets the required bit size.

Procedure

Validate your SSH key size:

ssh-keygen -l -f /home/stack/overcloud-deploy/overcloud/ssh_private_key

Example output:

1024 SHA256:Xqz0Xz0/aJua6B3qRD7VsLr6n/V3zhmnGSkcFR6FlJw stack@director.example.local (RSA)

If your SSH key is less than 2048 bits, you must rotate out the SSH key before continuing. For more information, see Updating SSH keys in your OpenStack environment in Hardening Red Hat OpenStack Platform.

12.3. Performing the undercloud system upgrade
Copy link

Upgrade your undercloud operating system to Red Hat Enterprise Linux (RHEL) 9.2. As part of this upgrade, you create a file named system_upgrade.yaml, which you use to enable the appropriate repositories and required Red Hat OpenStack Platform options and content to install Leapp. You use this file to also upgrade your control plane nodes and Compute nodes.

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

Procedure

Log in to the undercloud as the stack user.

Create a file named system_upgrade.yaml in your templates directory and include the following content:

parameter_defaults:
  UpgradeLeappDevelSkip: "LEAPP_UNSUPPORTED=1 LEAPP_DEVEL_SKIP_CHECK_OS_RELEASE=1 LEAPP_NO_NETWORK_RENAMING=1 LEAPP_DEVEL_TARGET_RELEASE=9.2 LEAPP_TARGET_PRODUCT_CHANNEL=e4s"
  UpgradeLeappDebug: false
  UpgradeLeappEnabled: true
  LeappActorsToRemove: ['checkifcfg','persistentnetnamesdisable','checkinstalledkernels','biosdevname']
  LeappRepoInitCommand: |
     subscription-manager repos --disable=*
     subscription-manager repos --enable rhel-8-for-x86_64-baseos-aus-rpms --enable rhel-8-for-x86_64-appstream-aus-rpms --enable openstack-17.1-for-rhel-8-x86_64-rpms
     subscription-manager release --set=8.4
  UpgradeLeappCommandOptions: "--enablerepo=rhel-9-for-x86_64-baseos-e4s-rpms --enablerepo=rhel-9-for-x86_64-appstream-e4s-rpms --enablerepo=rhel-9-for-x86_64-highavailability-e4s-rpms --enablerepo=openstack-17.1-for-rhel-9-x86_64-rpms --enablerepo=fast-datapath-for-rhel-9-x86_64-rpms"

Note

If your deployment includes Red Hat Ceph Storage nodes, you must add the CephLeappRepoInitCommand parameter and specify the source OS version of your Red Hat Ceph Storage nodes. For example:

CephLeappRepoInitCommand:
...
  subscription-manager release --set=8.6

Add the LeappInitCommand parameter to your system_upgrade.yaml file to specify additional requirements applicable to your environment, for example, if you need to define role-based overrides:
```
  LeappInitCommand: |
    subscription-manager repos --disable=*
    subscription-manager release --unset
    subscription-manager repos --enable=rhel-9-for-x86_64-baseos-e4s-rpms --enable=rhel-9-for-x86_64-appstream-e4s-rpms --enable=rhel-9-for-x86_64-highavailability-e4s-rpms --enable=openstack-17.1-for-rhel-9-x86_64-rpms --enable=fast-datapath-for-rhel-9-x86_64-rpms
    leapp answer --add --section check_vdo.confirm=True

    dnf -y remove ruby-irb
```
Important
Removing the ruby-irb package is mandatory to avoid a conflict between the RHEL 8 ruby-irb directory and the RHEL 9 symlink. For more information, see the Red Hat Knowledgebase solution leapp upgrade RHEL8 to RHEL9 fails with error "rubygem-irb-1.3.5-160.el9_0.noarch conflicts with file from package ruby-irb-2.5.9-110.module+el8.6.0+15956+aa803fc1.noarch".
Note
If your environment previously ran RHOSP 13.0 or earlier, during the system upgrade, a known issue causes GRUB to contain RHEL 7 entries instead of RHEL 8 entries. For more information, including a workaround, see the Red Hat Knowledgebase solution Openstack 16 to 17 FFU - During LEAPP upgrade UEFI systems do not boot due to invalid /boot/grub2/grub.cfg.
If you are upgrading Red Hat Ceph Storage nodes that originated in RHOSP 16.1 and earlier, add the CephStorageLeappInitCommand parameter to remove fencing agents:
```
  LeappInitCommand: |
    ...

    dnf -y remove ruby-irb

  CephStorageLeappInitCommand: |
    ...

    dnf -y remove ruby-irb fence-agents-common
```
If you use kernel-based NIC names, add the following parameter to the system_upgrade.yaml file to ensure that the NIC names persist throughout the upgrade process:
```
parameter_defaults:
  NICsPrefixesToUdev: ['en']
...
```
Run the Leapp upgrade:
```
$ openstack undercloud upgrade --yes --system-upgrade \
/home/stack/system_upgrade.yaml
```
Note
If you need to run the Leapp upgrade again, you must first reset the repositories to RHEL 8.
Reboot the undercloud:
```
$ sudo reboot
```

Chapter 13. Upgrading the control plane operating system
Copy link

Upgrade the operating system on your control plane nodes. The upgrade includes the following tasks:

Running the overcloud upgrade prepare command with the system upgrade parameters
Running the overcloud system upgrade, which uses Leapp to upgrade RHEL in-place
Rebooting the nodes

Important

If you are using Red Hat Ceph Storage, before performing the Leapp upgrade verify if the ceph-common package is present on your control plane nodes. If the ceph-common package is present on a node, take the precautions described in Upgrading RHCS 5 hosts from RHEL 8 to RHEL 9 removes ceph-common package. Services fail to start. to ensure the Red Hat Ceph Storage services restart after the control plane node reboots after the Leapp upgrade.

13.1. Upgrading the control plane nodes
Copy link

To upgrade the control plane nodes in your environment to Red Hat Enterprise Linux 9.2, you must upgrade one-third of your control plane nodes at a time, starting with the bootstrap nodes.

You upgrade your control plane nodes by using the openstack overcloud upgrade run command. This command performs the following actions:

Performs a Leapp upgrade of the operating system.
Performs a reboot as a part of the Leapp upgrade.

Each node is rebooted during the system upgrade. The performance of the Pacemaker cluster and the Red Hat Ceph Storage cluster is degraded during this downtime, but there is no outage.

This example includes the following nodes with composable roles:

controller-0
controller-1
controller-2
database-0
database-1
database-2
networker-0
networker-1
networker-2
ceph-0
ceph-1
ceph-2

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

Prerequisites

If your environment includes Red Hat Ceph Storage nodes, check whether the nodes have a version lock. You must run the following commands on each Red Hat Ceph Storage node:
```
$ yum versionlock list
```
Clear any version locks that are listed:
```
$ yum versionlock clear
```

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```

Run the following script without the CONTROL_PLANE_ROLES parameter. Ensure that you include the variables that you used to prepare the containers in Running the overcloud upgrade preparation.

python3 \
/usr/share/openstack-tripleo-heat-templates/tools/multi-rhel-container-image-prepare.py \
     ${COMPUTE_ROLES} \
     --enable-multi-rhel \
     --excludes collectd \
     --excludes nova-libvirt \
     --minor-override \
"{${EL8_TAGS}${EL8_NAMESPACE}${CEPH_OVERRIDE}${NEUTRON_DRIVER}\"no_tag\":\"not_used\"}" \
     --major-override \
     "{${EL9_TAGS}${NAMESPACE}${CEPH_OVERRIDE}${NEUTRON_DRIVER}\"no_tag\":\"not_used\"}" \
     --output-env-file \
/home/stack/containers-prepare-parameter.yaml

Note

The CONTROL_PLANE_ROLES parameter defines the list of your control plane roles. Removing this parameter from the script prepares the control plane roles for an upgrade to RHEL 9.2. If the CONTROL_PLANE_ROLES parameter is included in the script, the control plane roles remain on RHEL 8.4.

In the skip_rhel_release.yaml file, set the SkipRhelEnforcement parameter to false:
```
parameter_defaults:
  SkipRhelEnforcement: false
```
Update the overcloud_upgrade_prepare.sh file:
```
$ openstack overcloud upgrade prepare --yes \
    ...
    -e /home/stack/system_upgrade.yaml \
    -e /home/stack/containers-prepare-parameter.yaml \
    -e /home/stack/skip_rhel_release.yaml \
    ...
```
- Include the system_upgrade.yaml file with the upgrade-specific parameters (-e).
- Include the containers-prepare-parameter.yaml file with the control plane roles removed (-e).
- Include the skip_rhel_release.yaml file with the release parameters (-e).

Run the overcloud_upgrade_prepare.sh script:

$ sh /home/stack/overcloud_upgrade_prepare.sh

Fetch any new or modified containers that you require for the system upgrade:

$ openstack overcloud external-upgrade run  \
     --stack <stack> \
     --tags container_image_prepare 2>&1

Upgrade the first one-third of the control plane nodes:
```
$ openstack overcloud upgrade run --yes \
     --stack <stack> \
     --tags system_upgrade \
     --limit <controller-0>,<database-0>,<messaging-0>,<networker-0>,<ceph-0>
```
- Replace <stack> with the name of your stack.
- Replace <controller-0>,<database-0>,<messaging-0>,<networker-0>,<ceph-0> with your own node names.
Log in to each upgraded node and verify that the cluster in each node is running:
```
$ sudo pcs status
```
Repeat this verification step after you upgrade the second one-third of your control plane nodes, and after you upgrade the last one-third of your control plane nodes.

Upgrade the second one-third of the control plane nodes:

$ openstack overcloud upgrade run --yes \
     --stack <stack> \
     --tags system_upgrade \
     --limit <controller-1>,<database-1>,<messaging-1>,<networker-1>,<ceph-1>

Replace <controller-1>,<database-1>,<messaging-1>,<networker-1>,<ceph-1> with your own node names.

Upgrade the last one-third of the control plane nodes:

$ openstack overcloud upgrade run --yes \
     --stack <stack> \
     --tags system_upgrade \
     --limit <controller-2>,<database-2>,<messaging-2>,<networker-2>,<ceph-2>

Replace <controller-2>,<database-2>,<messaging-2>,<networker-2>,<ceph-2> with your own node names.

If you enabled STF, you must update the collectd container on all nodes after the operating system upgrade:
1. Run the upgrade command with no tags:
  $ openstack overcloud upgrade run --yes \ --stack <stack> \ --limit <undercloud>,<controller-0>,<controller-1>,<controller-2>,<database-0>,<database-1>,<database-2>,<networker-0>,<networker-1>,<networker-2>,<ceph-0>,<ceph-1>,<ceph-2>
  - Replace <undercloud>,<controller-0>,<controller-1>,<controller-2>,<database-0>,<database-1>,<database-2>,<networker-0>,<networker-1>,<networker-2>,<ceph-0>,<ceph-1>,<ceph-2> with your own node names.
2. When the upgrade process is complete, check the status of the collectd container on each overcloud node:
  $ sudo podman ps | grep collectd
3. If the collectd container is not running on the overcloud nodes, then manually start the collectd container on all the overcloud nodes:
  $ ansible -i overcloud-deploy/overcloud/tripleo-ansible-inventory.yaml allovercloud -m shell -a "sudo podman restart collectd

Chapter 14. Upgrading the Compute node operating system
Copy link

You can upgrade the operating system on all of your Compute nodes to RHEL 9.2, or upgrade some Compute nodes while the rest remain on RHEL 8.4.

Important

If your deployment includes hyperconverged infrastructure (HCI) nodes, you must upgrade all HCI nodes to RHEL 9. For more information about upgrading to RHEL 9, see Upgrading Compute nodes to RHEL 9.2.

For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.

Prerequisites

Review Planning for a Compute node upgrade.

Important

If you are using Red Hat Ceph Storage, before performing the Leapp upgrade verify if the ceph-common package is present on your Compute nodes. If the ceph-common package is present on a node, take the precautions described in Upgrading RHCS 5 hosts from RHEL 8 to RHEL 9 removes ceph-common package. Services fail to start. to ensure the Red Hat Ceph Storage services restart after the Compute node reboots after the Leapp upgrade.

14.1. Selecting Compute nodes for upgrade testing
Copy link

The overcloud upgrade process allows you to either:

Upgrade all nodes in a role.
Upgrade individual nodes separately.

To ensure a smooth overcloud upgrade process, it is useful to test the upgrade on a few individual Compute nodes in your environment before upgrading all Compute nodes. This ensures no major issues occur during the upgrade while maintaining minimal downtime to your workloads.

Use the following recommendations to help choose test nodes for the upgrade:

Select two or three Compute nodes for upgrade testing.
Select nodes without any critical instances running.

If necessary, migrate critical instances from the selected test Compute nodes to other Compute nodes. Review which migration scenarios are supported:

Expand

Source Compute node RHEL version	Destination Compute node RHEL version	Supported/Not supported
RHEL 8	RHEL 8	Supported
RHEL 8	RHEL 9	Supported
RHEL 9	RHEL 9	Supported
RHEL 9	RHEL 8	Not supported

14.2. Upgrading all Compute nodes to RHEL 9.2
Copy link

Upgrade all your Compute nodes to RHEL 9.2 to take advantage of the latest features and to reduce downtime.

Prerequisites

If your deployment includes hyper-converged infrastructure (HCI) nodes, place hosts in maintenance mode to prepare the Red Hat Ceph Storage cluster on each HCI node for reboot. For more information, see Placing hosts in the maintenance mode using the Ceph Orchestrator in The Ceph Operations Guide.

Important

If you are using RHOSP version 17.1.3 or earlier, before you run the system upgrade, ensure that no guests are running on the Compute hosts. Any guests that are running go into an error state. To avoid this issue, either live migrate your workloads or shut them down. For more information about live migration, see Live migrating an instance in Configuring the Compute service for instance creation.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```

In the container-image-prepare.yaml file, ensure that only the tags specified in the ContainerImagePrepare parameter are included, and the MultiRhelRoleContainerImagePrepare parameter is removed. For example:

parameter_defaults:
  ContainerImagePrepare:
  - tag_from_label: "{version}-{release}"
    set:
      namespace:
      name_prefix:
      name_suffix:
      tag:
      rhel_containers: false
      neutron_driver: ovn
      ceph_namespace:
      ceph_image:
      ceph_tag:

In the roles_data.yaml file, replace the OS::TripleO::Services::NovaLibvirtLegacy service with the OS::TripleO::Services::NovaLibvirt service that is required for RHEL 9.2.
Include the -e system_upgrade.yaml argument and the other required -e environment file arguments in the overcloud_upgrade_prepare.sh script as shown in the following example:
```
$ openstack overcloud upgrade prepare --yes
…
-e /home/stack/system_upgrade.yaml
…
```
Run the overcloud_upgrade_prepare.sh script.
Upgrade the operating system on the Compute nodes to RHEL 9.2. Use the --limit option with a comma-separated list of nodes that you want to upgrade. The following example upgrades the compute-0, compute-1, and compute-2 nodes.
```
$ openstack overcloud upgrade run --yes --tags system_upgrade --stack <stack> --limit compute-0,compute-1,compute-2
```
- Replace <stack> with the name of your stack.
Upgrade the containers on the Compute nodes to RHEL 9.2. Use the --limit option with a comma-separated list of nodes that you want to upgrade. The following example upgrades the compute-0, compute-1, and compute-2 nodes.
```
$ openstack overcloud upgrade run --yes --stack <stack>  --limit compute-0,compute-1,compute-2
```

14.3. Upgrading Compute nodes to a Multi-RHEL environment
Copy link

You can upgrade a portion of your Compute nodes to RHEL 9.2 while the rest of your Compute nodes remain on RHEL 8.4. This upgrade process involves the following fundamental steps:

Plan which nodes you want to upgrade to RHEL 9.2, and which nodes you want to remain on RHEL 8.4. Choose a role name for each role that you are creating for each batch of nodes, for example, ComputeRHEL-9.2 and ComputeRHEL-8.4.
Create roles that store the nodes that you want to upgrade to RHEL 9.2, or the nodes that you want to stay on RHEL 8.4. These roles can remain empty until you are ready to move your Compute nodes to a new role. You can create as many roles as you need and divide nodes among them any way you decide. For example:
- If your environment uses a role called ComputeSRIOV and you need to run a canary test to upgrade to RHEL 9.2, you can create a new ComputeSRIOVRHEL9 role and move the canary node to the new role.
- If your environment uses a role called ComputeOffload and you want to upgrade most nodes in that role to RHEL 9.2, but keep a few nodes on RHEL 8.4, you can create a new ComputeOffloadRHEL8 role to store the RHEL 8.4 nodes. You can then select the nodes in the original ComputeOffload role to upgrade to RHEL 9.2.
Move the nodes from each Compute role to the new role.
Upgrade the operating system on specific Compute nodes to RHEL 9.2. You can upgrade nodes in batches from the same role or multiple roles.
Note
In a Multi-RHEL environment, the deployment should continue to use the pc-i440fx machine type. Do not update the default to Q35. Migrating to the Q35 machine type is a separate, post-upgrade procedure to follow after all Compute nodes are upgraded to RHEL 9.2. For more information about migrating the Q35 machine type, see Updating the default machine type for hosts after an upgrade to RHOSP 17.
Use the following procedures to upgrade Compute nodes to a Multi-RHEL environment:
- Creating roles for Multi-RHEL Compute nodes
- Upgrading the Compute node operating system

14.3.1. Creating roles for Multi-RHEL Compute nodes
Copy link

Create new roles to store the nodes that you are upgrading to RHEL 9.2 or that are staying on RHEL 8.4, and move the nodes into the new roles.

Procedure

Create the relevant roles for your environment. In the role_data.yaml file, copy the source Compute role to use for the new role.
Repeat this step for each additional role required. Roles can remain empty until you are ready to move your Compute nodes to the new roles.
- If you are creating a RHEL 8 role:
  name: <ComputeRHEL8> description: | Basic Compute Node role CountDefault: 1 rhsm_enforce_multios: 8.4 ... ServicesDefault: ... - OS::TripleO::Services::NovaLibvirtLegacy
  Note
  Roles that contain nodes remaining on RHEL 8.4 must include the NovaLibvirtLegacy service.
- Replace <ComputeRHEL8> with the name of your RHEL 8.4 role.
- If you are creating a RHEL 9 role:
  name: <ComputeRHEL9> description: | Basic Compute Node role CountDefault: 1 ... ServicesDefault: ... - OS::TripleO::Services::NovaLibvirt
  Note
  Roles that contain nodes being upgraded to RHEL 9.2 must include the NovaLibvirt service. Replace OS::TripleO::Services::NovaLibvirtLegacy with OS::TripleO::Services::NovaLibvirt.
- Replace <ComputeRHEL9> with the name of your RHEL 9.2 role.
Copy the overcloud_upgrade_prepare.sh file to the copy_role_Compute_param.sh file:
```
$ cp overcloud_upgrade_prepare.sh copy_role_Compute_param.sh
```

Edit the copy_role_Compute_param.sh file to include the copy_role_params.py script. This script generates the environment file that contains the additional parameters and resources for the new role. For example:

/usr/share/openstack-tripleo-heat-templates/tools/copy_role_params.py --rolename-src <Compute_source_role> --rolename-dst <Compute_destination_role> \
 -o <Compute_new_role_params.yaml> \

-e /home/stack/templates/internal.yaml \
-e /home/stack/templates/network/network-environment.yaml \
-e /home/stack/templates/inject-trust-anchor.yaml \
-e /home/stack/templates/hostnames.yml \
-e /usr/share/openstack-tripleo-heat-templates/environments/ceph-ansible/ceph-ansible.yaml \
-e /home/stack/templates/nodes_data.yaml \
-e /home/stack/templates/debug.yaml \
-e /home/stack/templates/firstboot.yaml \
   -e /home/stack/overcloud-params.yaml \
 -e /home/stack/overcloud-deploy/overcloud/overcloud-network-environment.yaml \
-e /home/stack/templates/baremetal-deployment.yaml \
-e /home/stack/templates/generated-networks-deployed.yaml \
-e /home/stack/templates/generated-vip-deployed.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/nova-hw-machine-type-upgrade.yaml \
-e ~/containers-prepare-parameter.yaml

Replace <Compute_source_role> with the name of your source Compute role that you are copying.
Replace <Compute_destination_role> with the name of your new role.
Use the -o option to define the name of the output file that includes all the non-default values of the source Compute role for the new role. Replace <Compute_new_role_params.yaml> with the name of your output file.

Run the copy_role_Compute_param.sh script:

$ sh /home/stack/copy_role_Compute_param.sh

Move the Compute nodes from the source role to the new role:
```
python3
/usr/share/openstack-tripleo-heat-templates/tools/baremetal_transition.py  --baremetal-deployment /home/stack/tripleo-<stack>-baremetal-deployment.yaml  --src-role <Compute_source_role>  --dst-role <Compute_destination_role> <Compute-0> <Compute-1> <Compute-2>
```
Note
This tool includes the original /home/stack/tripleo-<stack>-baremetal-deployment.yaml file that you exported during the undercloud upgrade. The tool copies and renames the source role definition in the /home/stack/tripleo-<stack>-baremetal-deployment.yaml file. Then, it changes the hostname_format to prevent a conflict with the newly created destination role. The tool then moves the node from the source role to the destination role and changes the count values.
- Replace <stack> with the name of your stack.
- Replace <Compute_source_role> with the name of the source Compute role that contains the nodes that you are moving to your new role.
- Replace <Compute_destination_role> with the name of your new role.
- Replace <Compute-0> <Compute-1> <Compute-2> with the names of the nodes that you are moving to your new role.
Reprovision the nodes to update the environment files in the stack with the new role location:
```
$ openstack overcloud node provision --stack <stack> --output /home/stack/templates/baremetal-deployment.yaml /home/stack/tripleo-<stack>-baremetal-deployment.yaml
```
Note
The output baremetal-deployment.yaml file is the same file that is used in the overcloud_upgrade_prepare.sh file during overcloud adoption.

Include any Compute roles that are remaining on RHEL 8.4 in the COMPUTE_ROLES parameter, and run the following script. For example, if you have a role called ComputeRHEL8 that contains the nodes that are remaining on RHEL 8.4, COMPUTE_ROLES = --role ComputeRHEL8.

python3
/usr/share/openstack-tripleo-heat-templates/tools/multi-rhel-container-image-prepare.py \
    ${COMPUTE_ROLES} \
    --enable-multi-rhel \
    --excludes collectd \
    --excludes nova-libvirt \
    --minor-override "{${EL8_TAGS}${EL8_NAMESPACE}${CEPH_OVERRIDE}${NEUTRON_DRIVER}\"no_tag\":\"not_used\"}" \
    --major-override "{${EL9_TAGS}${NAMESPACE}${CEPH_OVERRIDE}${NEUTRON_DRIVER}\"no_tag\":\"not_used\"}" \
    --output-env-file \
    /home/stack/containers-prepare-parameter.yaml

Repeat this procedure to create additional roles and to move additional Compute nodes to those new roles.

14.3.2. Upgrading the Compute node operating system
Copy link

Upgrade the operating system on selected Compute nodes to RHEL 9.2. You can upgrade multiple nodes from different roles at the same time.

Prerequisites

Ensure that you have created the necessary roles for your environment. For more information about creating roles for a Multi-RHEL environment, see Creating roles for Multi-RHEL Compute nodes.
If you plan to migrate your instances from your Compute nodes, review the supported migration scenarios. For more information, see Selecting Compute nodes for upgrade testing.

Important

If you are using RHOSP version 17.1.3 or earlier, before you run the system upgrade, ensure that no guests are running on the Compute hosts. Any guests that are running go into an error state. To avoid this issue, either live migrate your workloads or shut them down. For more information about live migration, see Live migrating an instance in Configuring the Compute service for instance creation.

Procedure

In the skip_rhel_release.yaml file, set the SkipRhelEnforcement parameter to false:
```
parameter_defaults:
  SkipRhelEnforcement: false
```
Include the -e system_upgrade.yaml argument and the other required -e environment file arguments in the overcloud_upgrade_prepare.sh script as shown in the following example:
```
$ openstack overcloud upgrade prepare --yes \
...
-e /home/stack/system_upgrade.yaml  \
-e /home/stack/<Compute_new_role_params.yaml> \
...
```
- Include the system_upgrade.yaml file with the upgrade-specific parameters (-e).
- Include the environment file that contains the parameters needed for the new role (-e). Replace <Compute_new_role_params.yaml> with the name of the environment file you created for your new role.
- If you are upgrading nodes from multiple roles at the same time, include the environment file for each new role that you created.
Optional: Migrate your instances. For more information on migration strategies, see Migrating virtual machines between Compute nodes and Preparing to migrate.
Run the overcloud_upgrade_prepare.sh script.
Upgrade the operating system on specific Compute nodes. Use the --limit option with a comma-separated list of nodes that you want to upgrade. The following example upgrades the computerhel9-0, computerhel9-1, computerhel9-2, and computesriov-42 nodes from the ComputeRHEL9 and ComputeSRIOV roles.
```
$ openstack overcloud upgrade run --yes --tags system_upgrade --stack <stack> --limit computerhel9-0,computerhel9-1,computerhel9-2,computesriov-42
```
- Replace <stack> with the name of your stack.
Upgrade the containers on the Compute nodes to RHEL 9.2. Use the --limit option with a comma-separated list of nodes that you want to upgrade. The following example upgrades the computerhel9-0, computerhel9-1, computerhel9-2, and computesriov-42 nodes from the ComputeRHEL9 and ComputeSRIOV roles.
```
$ openstack overcloud upgrade run --yes --stack <stack>  --limit computerhel9-0,computerhel9-1,computerhel9-2,computesriov-42
```

Chapter 15. Performing post-upgrade actions
Copy link

After you have completed the overcloud upgrade, you must perform some post-upgrade configuration to ensure that your environment is fully supported and ready for future operations.

Important

If you run additional overcloud commands after the upgrade from Red Hat OpenStack Platform 16.2 to 17.1, you must consider the following:

Overcloud commands that you run after the upgrade must include the YAML files that you created or updated during the upgrade process. For example, to provision overcloud nodes during a scale-up operation, use the /home/stack/tripleo-[stack]-baremetal-deployment.yaml file instead of the /home/stack/templates/overcloud-baremetal-deployed.yaml file.
Include all the options that you passed to the last run of the openstack overcloud upgrade prepare command, except for the system_upgrade.yaml file and the upgrades-environment.yaml file.

15.1. Performing post-upgrade tasks on the operating system
Copy link

If you upgraded the operating system on your hosts to Red Hat Enterprise Linux 9.2, you must perform post-upgrade tasks such as removing any remaining Leapp packages. For more information on these tasks, see Performing post-upgrade tasks in Upgrading from RHEL 8 to RHEL 9.

15.2. Upgrading the overcloud images
Copy link

You must replace your current overcloud images with new versions. The new images ensure that director can introspect and provision your nodes using the latest version of Red Hat OpenStack Platform (RHOSP) software.

Prerequisites

You have upgraded the undercloud to the latest version.

Note

You must use the new version of the overcloud images if you redeploy your overcloud. For more information on installing overcloud images, see Installing the overcloud images in Installing and managing Red Hat OpenStack Platform with director.

Procedure

Check the list of RPMs that you installed and ensure that there are no RHOSP 16.2 or legacy 17.1 images, for example, rhosp-director-images-x86_64-17.1:
```
$ rpm -qa | egrep "rhosp-director-images-*-16.2|rhosp-director-images-x86_64-17.1"
```
If the list displays these images, remove them by running the following command:
```
$ sudo dnf -y remove rhosp-director-images-*-16.2 rhosp-director-images-x86_64-17.1
```
Remove any existing images from the images directory on the stack user’s home (/home/stack/images):
```
$ rm -rf ~/images/*
```

Extract the archives:

$ cd ~/images
$ for i in /usr/share/rhosp-director-images/overcloud-hardened-uefi-full.tar /usr/share/rhosp-director-images/ironic-python-agent-latest-17.1.tar; do tar -xvf $i; done
$ cd ~

Import the images into director:
```
(undercloud) [stack@director images]$ openstack overcloud image upload --image-path /home/stack/images/ --update-existing
```
The command completes the following tasks:
- Converts the image format from QCOW to RAW.
- Provides status updates about the upload of the image.

15.3. Updating CPU pinning parameters
Copy link

You must migrate the CPU pinning configuration from the NovaVcpuPinSet parameter to the following parameters after completing the upgrade to Red Hat OpenStack Platform 17.1:

NovaComputeCpuDedicatedSet: Sets the dedicated (pinned) CPUs.
NovaComputeCpuSharedSet: Sets the shared (unpinned) CPUs.

Procedure

Log in to the undercloud as the stack user.
If your Compute nodes support simultaneous multithreading (SMT) but you created instances with the hw:cpu_thread_policy=isolated policy, you must perform one of the following options:
- Create a new flavor that does not set the hw:cpu_thread_policy thread policy and resize the instances with that flavor:
  1. Source your overcloud authentication file:
    
    $ source ~/overcloudrc
  2. Create a flavor with the default thread policy, prefer:
    
    (overcloud) $ openstack flavor create <flavor>
    
    Note
    When you resize an instance, you must use a new flavor. You cannot reuse the current flavor. For more information, see Resizing an instance in the Creating and managing instances guide.
  3. Convert the instances to use the new flavor:
    
    (overcloud) $ openstack server resize --flavor <flavor> <server> (overcloud) $ openstack server resize confirm <server>
  4. Repeat this step for all pinned instances that use the hw:cpu_thread_policy=isolated policy.
- Migrate instances from the Compute node and disable SMT on the Compute node:
  1. Source your overcloud authentication file:
    
    $ source ~/overcloudrc
  2. Disable the Compute node from accepting new virtual machines:
    
    (overcloud) $ openstack compute service list (overcloud) $ openstack compute service set <hostname> nova-compute --disable
  3. Migrate all instances from the Compute node. For more information on instance migration, see Migrating virtual machine instances between Compute nodes.
  4. Reboot the Compute node and disable SMT in the BIOS of the Compute node.
  5. Boot the Compute node.
  6. Re-enable the Compute node:
    
    (overcloud) $ openstack compute service set <hostname> nova-compute --enable
Source the stackrc file:
```
$ source ~/stackrc
```
Edit the environment file that contains the NovaVcpuPinSet parameter.
Migrate the CPU pinning configuration from the NovaVcpuPinSet parameter to NovaComputeCpuDedicatedSet and NovaComputeCpuSharedSet:
- Migrate the value of NovaVcpuPinSet to NovaComputeCpuDedicatedSet for hosts that were previously used for pinned instances.
- Migrate the value of NovaVcpuPinSet to NovaComputeCpuSharedSet for hosts that were previously used for unpinned instances.
- If there is no value set for NovaVcpuPinSet, then all Compute node cores should be assigned to either NovaComputeCpuDedicatedSet or NovaComputeCpuSharedSet, depending on the type of instances you intend to host on the nodes.
For example, your previous environment file might contain the following pinning configuration:
```
parameter_defaults:
  ...
  NovaVcpuPinSet: 1,2,3,5,6,7
  ...
```
To migrate the configuration to a pinned configuration, set the NovaComputeCpuDedicatedSet parameter and unset the NovaVcpuPinSet parameter:
```
parameter_defaults:
  ...
  NovaComputeCpuDedicatedSet: 1,2,3,5,6,7
  NovaVcpuPinSet: ""
  ...
```
To migrate the configuration to an unpinned configuration, set the NovaComputeCpuSharedSet parameter and unset the NovaVcpuPinSet parameter:
```
parameter_defaults:
  ...
  NovaComputeCpuSharedSet: 1,2,3,5,6,7
  NovaVcpuPinSet: ""
  ...
```
Important
Ensure the configuration of either NovaComputeCpuDedicatedSet or NovaComputeCpuSharedSet matches the configuration defined in NovaVcpuPinSet. To change the configuration for either of these, or to configure both NovaComputeCpuDedicatedSet or NovaComputeCpuSharedSet, ensure the Compute nodes with the pinning configuration are not running any instances before updating the configuration.
Save the file.

Run the deployment command to update the overcloud with the new CPU pinning parameters.

(undercloud) $ openstack overcloud deploy \
    --stack _STACK NAME_ \
    --templates \
    ...
    -e /home/stack/templates/<compute_environment_file>.yaml
    ...

Additional resources

Configuring CPU pinning on Compute nodes

15.4. Updating the machine type to Q35
Copy link

You must record a machine type for any instance that has no machine type recorded yet. If an instance is missing this value, update the metadata to reflect its current machine type. This might be pc, virt, q35, or whatever machine type was originally used when the instance was created. As an administrator, you can use a nova-manage command to update the machine type of individual instances to q35 after the upgrade is complete.

Note

Red Hat OpenStack Platform (RHOSP) 17 is based on RHEL 9. The pc-i440fx QEMU machine type is deprecated in RHEL 9, therefore the default machine type for x86_64 instances that run on RHEL 9 has changed from pc to q35. Based on this change in RHEL 9, the default value for machine type x86_64 has also changed from pc in RHOSP 16 to q35 in RHOSP 17.

Prerequisites

You have not changed the default [libvirt]hw_machine_type to q35. This avoids inadvertently changing the incompatible machine type to the new machine type automatically through a nova-compute restart or instance reboot.

Procedure

Identify the instances that have no machine type recorded in the database:
```
$nova-manage libvirt list_unset_machine_type
```
1. If you find instances that have no machine type, use the following command to record a machine type for each instance:
  $nova-manage libvirt update_machine_type <instance_uuid> <machine_type>
  - Replace <instance_uuid> with the UUID of the instance.
  - Replace <machine_type> with the machine type originally used when the instance was created.
For each instance, show the machine type of the instance so you know what needs to be updated:
```
$nova-manage libvirt get_machine_type <instance_uuid>
```
For each instance that needs to have its machine type changed to q35, complete the following steps:
1. Test that the OS within the instance is compatible with the new hardware:
  1. Create a test instance.
  2. Verify that the test instance has a machine type other than q35:
    
    $nova-manage libvirt get_machine_type <test_instance_uuid>
  3. Stop the test instance:
    
    $openstack server stop <test_instance_uuid>
  4. Update the machine type of the test instance to q35:
    
    $nova-manage libvirt update_machine_type <test_instance_uuid> q35 --force
  5. Start the test instance:
    
    $openstack server start <test_instance_uuid>
  6. Verify that you can log in to the test instance and ensure that it is working as expected.
2. In a test environment, verify that the OS within the instance can tolerate the change without re-creation:
  1. Stop the instance:
    
    $openstack server stop <instance_uuid>
  2. Update the machine type and use the --force value:
    
    $nova-manage libvirt update_machine_type <instance_uuid> q35 --force
  3. Update the disk controller bus and set hw_cdrom_bus to sata:
    
    $nova-manage image_property set <instance_uuid> --property hw_cdrom_bus=sata
  4. Start the instance:
    
    $openstack server start <instance_uuid>

15.5. Updating the default machine type for hosts after an upgrade to RHOSP 17
Copy link

The machine type of an instance is a virtual chipset that provides certain default devices, such as a PCIe graphics card or Ethernet controller. Cloud users can specify the machine type for their instances by using an image with the hw_machine_type metadata property that they require.

Cloud administrators can use the Compute parameter NovaHWMachineType to configure each Compute node architecture with a default machine type to apply to instances hosted on that architecture. If the hw_machine_type image property is not provided when launching the instance, the default machine type for the host architecture is applied to the instance. Red Hat OpenStack Platform (RHOSP) 17 is based on RHEL 9. The pc-i440fx QEMU machine type is deprecated in RHEL 9, therefore the default machine type for x86_64 instances that run on RHEL 9 has changed from pc to q35. Based on this change in RHEL 9, the default value for machine type x86_64 has also changed from pc in RHOSP 16 to q35 in RHOSP 17.

From RHOSP 16.2 and later, the Compute (nova) service records the instance machine type within the system metadata of the instance when it launches an instance. This means that it is now possible to change the NovaHWMachineType during the lifetime of a RHOSP deployment without affecting the machine type of existing instances.

The Compute service records the machine type of instances that are not in a SHELVED_OFFLOADED state. Therefore, after an upgrade to RHOSP 17 you must manually record the machine type of instances that are in SHELVED_OFFLOADED state, and verify that all instances within the environment or specific cell have had a machine type recorded. After you have updated the system metadata for each instance with the machine types, you can update the NovaHWMachineType parameter to the RHOSP 17 default, q35, without affecting the machine type of existing instances.

Note

From RHOSP OSP17.0 onwards, Q35 is the default machine type. The Q35 machine type uses PCIe ports. You can manage the number of PCIe port devices by configuring the heat parameter NovaLibvirtNumPciePorts. The number of devices that can attach to a PCIe port is fewer than instances running on previous versions. If you want to use more devices, you must use the hw_disk_bus=scsi or hw_scsi_model=virtio-scsi image property. For more information, see Metadata properties for virtual hardware.

Prerequisites

You have upgraded all Compute nodes to RHEL 9.2. For more information about upgrading Compute nodes, see Upgrading all Compute nodes to RHEL 9.2.
You have updated any image properties that specified IDE to SATA or SCSI because the IDE bus is not supported with q35. For more information about how to update the image properties, see Updating the machine type to q35.

Procedure

Log in to the undercloud as the stack user.
Source the stackrc file.
```
$ source ~/stackrc
```
Log in to a Controller node as the heat-admin user:
```
(undercloud)$ metalsmith list
$ ssh heat-admin@<controller_ip>
```
Replace <controller_ip> with the IP address of the Controller node.

Retrieve the list of instances that have no machine type set:

[heat-admin@<controller_ip> ~]$ sudo podman exec -i -u root nova_api \
  nova-manage libvirt list_unset_machine_type

Check the NovaHWMachineType parameter in the nova-hw-machine-type-upgrade.yaml file for the default machine type for the instance host. The default value for the NovaHWMachineType parameter in RHOSP 16.2 is as follows:
x86_64=pc-i440fx-rhel7.6.0,aarch64=virt-rhel7.6.0,ppc64=pseries-rhel7.6.0,ppc64le=pseries-rhel7.6.0
Update the system metadata of each instance with the default instance machine type:
```
[heat-admin@<controller_ip> ~]$ sudo podman exec -i -u root nova_api \
  nova-manage libvirt update_machine_type <instance_uuid> <machine_type>
```
- Replace <instance_uuid> with the UUID of the instance.
- Replace <machine_type> with the machine type to record for the instance.
  Warning
  If you set the machine type to something other than the machine type of the image on which the instance was booted, the existing instance might fail to boot.
Confirm that the machine type is recorded for all instances:
```
[heat-admin@<controller_ip> ~]$ sudo podman exec -i -u root nova_api \
  nova-status upgrade check
```
This command returns a warning if an instance is found without a machine type. If you get this warning, repeat this procedure from step 4.
Change the default value of NovaHWMachineType in a Compute environment file to x86_64=q35 and deploy the overcloud.

Verification

Create an instance that has the default machine type:
```
(overcloud)$ openstack server create --flavor <flavor> \
  --image <image> --network <network> \
  --wait defaultMachineTypeInstance
```
- Replace <flavor> with the name or ID of a flavor for the instance.
- Replace <image> with the name or ID of an image that does not set hw_machine_type.
- Replace <network> with the name or ID of the network to connect the instance to.

Verify that the instance machine type is set to the default value:

[heat-admin@<controller_ip> ~]$ sudo podman exec -i -u root nova_api \
  nova-manage libvirt get_machine_type <instance_uuid>

Replace <instance_uuid> with the UUID of the instance.

Hard reboot an instance with a machine type of x86_64=pc-i440fx:
```
(overcloud)$ openstack server reboot --hard <instance_uuid>
```
Replace <instance_uuid> with the UUID of the instance.

Verify that the instance machine type has not been changed:

[heat-admin@<controller_ip> ~]$ sudo podman exec -i -u root nova_api \
  nova-manage libvirt get_machine_type <instance_uuid>

Replace <instance_uuid> with the UUID of the instance.

15.6. Re-enabling fencing in the overcloud
Copy link

Before you upgraded the overcloud, you disabled fencing in Disabling fencing in the overcloud. After you upgrade your environment, re-enable fencing to protect your data if a node fails.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Log in to a Controller node and run the Pacemaker command to re-enable fencing:
```
$ ssh tripleo-admin@<controller_ip> "sudo pcs property set stonith-enabled=true"
```
- Replace <controller_ip> with the IP address of a Controller node. You can find the IP addresses of your Controller nodes with the openstack server list command.
If you use SBD fencing, reset the watchdog timer device interval to its original value before you disabled it:
```
# pcs property set stonith-watchdog-timeout=<interval>
```
- Replace <interval> with the original value of the watchdog timer device, for example, 10.
In the fencing.yaml environment file, set the EnableFencing parameter to true.

Additional Resources

Fencing Controller nodes with STONITH

15.7. Compressing Red Hat OpenStack Platform dashboard files
Copy link

After the Red Hat OpenStack Platform (RHOSP) upgrade, if your RHOSP dashboard (horizon) has errors that are similar to the following example, you must compress your files manually. Static file compression does not run automatically. You must repeat this procedure on every horizon container that you upgraded.

compressor.exceptions.OfflineGenerationError: You have offline compression enabled but key "dbf52fe9eafa4b50d57c151a16962bcb02dfc37de3ae4fde450231af213e84a9" is missing from offline manifest. You may need to run "python manage.py compress". Here is the original content:

Procedure

Enter the shell for the horizon container:
```
$ podman exec -it horizon /bin/bash
```
Navigate to the directory that contains the files to compress:
```
$ cd /usr/bin/
```
Run the compression:
```
$ python3 manage.py compress
```

Chapter 16. Upgrading Red Hat Ceph Storage 5 to 6
Copy link

You can upgrade the Red Hat Ceph Storage cluster from Release 5 to 6 after all other upgrade tasks are completed.

Prerequisites

The upgrade from Red Hat OpenStack Platform 16.2 to 17.1 is complete.
All Controller nodes and Red Hat Ceph Storage nodes are upgraded to Red Hat Enterprise Linux (RHEL) 9.2. For more information, see Upgrading the control plane operating system.
In HCI environments, all Compute nodes must also be upgraded to RHEL 9.2. For more information, see Upgrading the Compute node operating system.
The current Red Hat Ceph Storage 5 cluster is healthy.

16.1. Director-deployed Red Hat Ceph Storage environments
Copy link

Perform the following tasks if Red Hat Ceph Storage is director-deployed in your environment.

16.1.1. Updating the cephadm client
Copy link

Before you upgrade the Red Hat Ceph Storage cluster, you must update the cephadm package in the overcloud nodes to Release 6.

Prerequisites

Log in to a Controller node and confirm that the health status of the Red Hat Ceph Storage cluster is HEALTH_OK:
```
$ sudo cephadm shell -- ceph -s
```
If the status is not HEALTH_OK, correct any issues before continuing with this procedure. For more information about troubleshooting Red Hat Ceph Storage 5, see Troubleshooting Guide.

Procedure

Create a playbook to enable the Red Hat Ceph Storage (tool only) repositories in the Controller nodes. It should contain the following information:

- hosts: all
  gather_facts: false
  tasks:
    - name: Enable RHCS 6 tools repo
      ansible.builtin.command: |
          subscription-manager repos --disable=rhceph-5-tools-for-rhel-9-x86_64-rpms --enable=rhceph-6-tools-for-rhel-9-x86_64-rpms
      become: true
    - name: Update cephadm
      ansible.builtin.package:
        name: cephadm
        state: latest
      become: true

Run the playbook:
ansible-playbook -i ~/overcloud-deploy/<stack>/tripleo-ansible-inventory.yaml <playbook_file_name> --limit <controller_role>
- Replace <stack> with the name of your stack.
- Replace <playbook_file_name> with the name of the playbook created in the previous step.
- Replace <controller_role> with the role applied to Controller nodes.
- Use the --limit option to apply the content to Controller nodes only.
Log in to a Controller node.
Verify that the cephadm package is updated to Release 6:
$ sudo dnf info cephadm | grep -i version

16.1.2. Updating the Red Hat Ceph Storage container image
Copy link

The container-image-prepare.yaml file contains the ContainerImagePrepare parameter and defines the Red Hat Ceph Storage containers. This file is used by the tripleo-container-image prepare command to define the rules for obtaining container images for the undercloud and overcloud. Update this file with the correct image version before updating your environment.

Procedure

Locate your container preparation file. The default name of this file is containers-prepare-parameter.yaml.
Edit the container preparation file.
Locate the ceph_tag parameter. The current entry should be similar to the following example:
```
ceph_namespace: registry.redhat.io
ceph_image: rhceph-6-rhel9
ceph_tag: '5'
```

Update the ceph_tag parameter for Red Hat Ceph Storage 6:

ceph_namespace: registry.redhat.io
ceph_image: rhceph-6-rhel9
ceph_tag: '6'

Edit the containers-image-prepare.yaml file and replace the Red Hat Ceph monitoring stack container related parameters with the following content:

ceph_alertmanager_image: ose-prometheus-alertmanager
ceph_alertmanager_namespace: registry.redhat.io/openshift4
ceph_alertmanager_tag: v4.12
ceph_grafana_image: rhceph-6-dashboard-rhel9
ceph_grafana_namespace: registry.redhat.io/rhceph
ceph_grafana_tag: latest
ceph_node_exporter_image: ose-prometheus-node-exporter
ceph_node_exporter_namespace: registry.redhat.io/openshift4
ceph_node_exporter_tag: v4.12
ceph_prometheus_image: ose-prometheus
ceph_prometheus_namespace: registry.redhat.io/openshift4
ceph_prometheus_tag: v4.12

Save the file.

16.1.3. Running the container image prepare
Copy link

Complete the container image preparation process by running the director container preparation command. This prepares all container image configurations for the overcloud and retrieves the latest Red Hat Ceph Storage 6 container image.

Note

If you are using Red Hat Satellite Server to host RPMs and container images for your Red Hat OpenStack Platform (RHOSP) environment, do not perform this procedure. Update Satellite to include the Red Hat Ceph Storage 6 container image and update your containers-prepare-parameter.yaml file to reference the URL of the container image that is hosted on the Satellite server.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Run the container preparation command:
$ openstack tripleo container image prepare -e <container_preparation_file>
- Replace <container_preparation_file> with the name of your file. The default file is containers-prepare-parameter.yaml.
Verify that the new Red Hat Ceph Storage image is present in the undercloud registry:
$ openstack tripleo container image list -f value | awk -F '//' '/ceph/ {print $2}'
Verify that the new Red Hat Ceph Storage monitoring stack images are present in the undercloud registry:
$ openstack tripleo container image list -f value | awk -F '//' '/dashboard|grafana|prometheus|alertmanager|node-exporter/ {print $2}'

16.1.4. Configuring Ceph Manager with Red Hat Ceph Storage 6 monitoring stack images
Copy link

Procedure

Log in to a Controller node.
List the current images from the Ceph Manager configuration:
```
$ sudo cephadm shell -- ceph config dump | grep image
```

Update the Ceph Manager configuration for the monitoring stack services to use Red Hat Ceph Storage 6 images:

$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_alertmanager <alertmanager_image>
$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_grafana <grafana_image>
$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_node_exporter <node_exporter_image>
$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_prometheus <prometheus_image>

Replace <alertmanager_image> with the new alertmanager image.
Replace <grafana_image> with the new grafana image.
Replace <node_exporter_image> with the new node exporter image.

Replace <prometheus_image> with the new prometheus image.

The following is an example of the alert manager update command:

$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_alertmanager undercloud-0.ctlplane.redhat.local:8787/rh-osbs/openshift-ose-prometheus-alertmanager:v4.12

Verify that the new image references are updated in the Red Hat Ceph Storage cluster:
```
$ sudo cephadm shell -- ceph config dump | grep image
```

16.1.5. Upgrading to Red Hat Ceph Storage 6 with Orchestrator
Copy link

Upgrade to Red Hat Ceph Storage 6 by using the Orchestrator capabilities of the cephadm command.

Prerequisities

On a Monitor or Controller node that is running the ceph-mon service, confirm the Red Hat Ceph Storage cluster status:
```
$ sudo cephadm shell -- ceph status
```
This command returns one of three responses:
- HEALTH_OK - The cluster is healthy. Proceed with the cluster upgrade.
- HEALTH_WARN - The cluster is unhealthy. Do not proceed with the cluster upgrade before the blocking issues are resolved. For troubleshooting guidance, see Red Hat Ceph Storage 5 Troubleshooting Guide.
- HEALTH_ERR - The cluster is unhealthy. Do not proceed with the cluster upgrade before the blocking issues are resolved. For troubleshooting guidance, see Red Hat Ceph Storage 5 Troubleshooting Guide.

Procedure

Log in to a Controller node.
Upgrade the cluster to the latest Red Hat Ceph Storage version by using Upgrade a Red Hat Ceph Storage cluster using cephadm in the Red Hat Ceph Storage 6 Upgrade Guide.
Important
Steps 1 to 4 of the upgrade procedure presented in Upgrading the Red Hat Ceph Storage cluster are not necessary when upgrading a Red Hat Ceph Storage cluster deployed with Red Hat OpenStack by director. Start at step 5 of the procedure.
Wait until the Red Hat Ceph Storage container upgrade completes. Monitor the status of the upgrade by using the following command:
```
$ sudo cephadm shell -- ceph orch upgrade status
```

16.1.6. Upgrading NFS Ganesha when moving from Red Hat Ceph Storage 5 to 6
Copy link

When Red Hat Ceph Storage is upgraded from Release 4 to 5, NFS Ganesha is not adopted by the Orchestrator. This means it remains under director control and must be moved manually to Release 6.

Red Hat Ceph Storage 5 based NFS Ganesha with a Red Hat Ceph Storage 6 cluster is only supported during the upgrade period. Once you upgrade the Red Hat Ceph Storage cluster to 6, you must upgrade NFS Ganesha to use a Release 6 based container image.

Note

This procedure only applies to environments that are using the Shared File Systems service (manila) with CephFS NFS. Upgradng the Red Hat Ceph Storage container for NFS Ganesha is mandatory in these environments.

Procedure

Log in to a Controller node.
Inspect the ceph-nfs service:
$ sudo pcs status | grep ceph-nfs
Inspect the ceph-nfs systemd unit to confirm that it contains the Red Hat Ceph Storage 5 container image and tag:
```
$ cat /etc/systemd/system/ceph-nfs@.service | grep -i container_image
```
Create a file called /home/stack/ganesha_update_extravars.yaml with the following content:
```
tripleo_cephadm_container_image: <ceph_image_name>
tripleo_cephadm_container_ns: <ceph_image_namespace>
tripleo_cephadm_container_tag: <ceph_image_tag>
```
- Replace <ceph_image_name> with the name of the Red Hat Ceph Storage container image.
- Replace <ceph_image_namespace> with the name of the Red Hat Ceph Storage container namespace.
- Replace <ceph_image_tag> with the name of the Red Hat Ceph Storage container tag.
  For example, in a typical environment, this content would have the following values:
  tripleo_cephadm_container_image: rhceph-6-rhel9 tripleo_cephadm_container_ns: undercloud-0.ctlplane.redhat.local:8787 tripleo_cephadm_container_tag: '6'
Save the file.

Run the ceph-update-ganesha.yml playbook and provide the ganesha_update_extravars.yaml playbook for additional command parameters:

ansible-playbook -i $HOME/overcloud-deploy/<stack>/config-download/<stack>/tripleo-ansible-inventory.yaml \
    /usr/share/ansible/tripleo-playbooks/ceph-update-ganesha.yml \
     -e @$HOME/overcloud-deploy/<stack>/config-download/<stack>/global_vars.yaml \
     -e @$HOME/overcloud-deploy/<stack>/config-download/<stack>/cephadm/cephadm-extra-vars-heat.yml \
     -e @$HOME/ganesha_update_extravars.yaml

Replace <stack> with the name of the overcloud stack.

Verify that the ceph-nfs service is running:
$ sudo pcs status | grep ceph-nfs
Verify that the ceph-nfs systemd unit contains the Red Hat Ceph Storage 6 container image and tag:
$ cat /etc/systemd/system/ceph-nfs@.service | grep rhceph

16.1.7. Configuring Red Hat Ceph Storage Object Gateway to use Identity service (keystone) authentication
Copy link

When Red Hat Ceph Storage is upgraded from Release 4 to 5 to 6, more options must be set to configure the use of the Identity service than in older releases. For the procedure to set these options, see Configuring the Ceph Object Gateway to use Keystone authentication in the Object Gateway Guide.

16.2. External Red Hat Ceph Storage cluster environment
Copy link

Perform the following tasks if your Red Hat Ceph Storage cluster is external to your Red Hat OpenStack Platform deployment in your environment.

16.2.1. Updating the Red Hat Ceph Storage container image
Copy link

The container-image-prepare.yaml file contains the ContainerImagePrepare parameter and defines the Red Hat Ceph Storage containers. This file is used by the tripleo-container-image prepare command to define the rules for obtaining container images for the undercloud and overcloud. Update this file with the correct image version before updating your environment.

Procedure

Locate your container preparation file. The default name of this file is containers-prepare-parameter.yaml.
Edit the container preparation file.
Locate the ceph_tag parameter. The current entry should be similar to the following example:
```
ceph_namespace: registry.redhat.io
ceph_image: rhceph-6-rhel9
ceph_tag: '5'
```

Update the ceph_tag parameter for Red Hat Ceph Storage 6:

ceph_namespace: registry.redhat.io
ceph_image: rhceph-6-rhel9
ceph_tag: '6'

Edit the containers-image-prepare.yaml file and replace the Red Hat Ceph monitoring stack container related parameters with the following content:

ceph_alertmanager_image: ose-prometheus-alertmanager
ceph_alertmanager_namespace: registry.redhat.io/openshift4
ceph_alertmanager_tag: v4.12
ceph_grafana_image: rhceph-6-dashboard-rhel9
ceph_grafana_namespace: registry.redhat.io/rhceph
ceph_grafana_tag: latest
ceph_node_exporter_image: ose-prometheus-node-exporter
ceph_node_exporter_namespace: registry.redhat.io/openshift4
ceph_node_exporter_tag: v4.12
ceph_prometheus_image: ose-prometheus
ceph_prometheus_namespace: registry.redhat.io/openshift4
ceph_prometheus_tag: v4.12

Save the file.

16.2.2. Running the container image prepare
Copy link

Complete the container image preparation process by running the director container preparation command. This prepares all container image configurations for the overcloud and retrieves the latest Red Hat Ceph Storage 6 container image.

Note

If you are using Red Hat Satellite Server to host RPMs and container images for your Red Hat OpenStack Platform (RHOSP) environment, do not perform this procedure. Update Satellite to include the Red Hat Ceph Storage 6 container image and update your containers-prepare-parameter.yaml file to reference the URL of the container image that is hosted on the Satellite server.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Run the container preparation command:
$ openstack tripleo container image prepare -e <container_preparation_file>
- Replace <container_preparation_file> with the name of your file. The default file is containers-prepare-parameter.yaml.
Verify that the new Red Hat Ceph Storage image is present in the undercloud registry:
$ openstack tripleo container image list -f value | awk -F '//' '/ceph/ {print $2}'
Verify that the new Red Hat Ceph Storage monitoring stack images are present in the undercloud registry:
$ openstack tripleo container image list -f value | awk -F '//' '/dashboard|grafana|prometheus|alertmanager|node-exporter/ {print $2}'

16.2.3. Upgrading NFS Ganesha when moving from Red Hat Ceph Storage 5 to 6
Copy link

When Red Hat Ceph Storage is upgraded from Release 4 to 5, NFS Ganesha is not adopted by the Orchestrator. This means it remains under director control and must be moved manually to Release 6.

Red Hat Ceph Storage 5 based NFS Ganesha with a Red Hat Ceph Storage 6 cluster is only supported during the upgrade period. Once you upgrade the Red Hat Ceph Storage cluster to 6, you must upgrade NFS Ganesha to use a Release 6 based container image.

Note

This procedure only applies to environments that are using the Shared File Systems service (manila) with CephFS NFS. Upgradng the Red Hat Ceph Storage container for NFS Ganesha is mandatory in these environments.

Procedure

Log in to a Controller node.
Inspect the ceph-nfs service:
$ sudo pcs status | grep ceph-nfs
Inspect the ceph-nfs systemd unit to confirm that it contains the Red Hat Ceph Storage 5 container image and tag:
```
$ cat /etc/systemd/system/ceph-nfs@.service | grep -i container_image
```
Create a file called /home/stack/ganesha_update_extravars.yaml with the following content:
```
tripleo_cephadm_container_image: <ceph_image_name>
tripleo_cephadm_container_ns: <ceph_image_namespace>
tripleo_cephadm_container_tag: <ceph_image_tag>
```
- Replace <ceph_image_name> with the name of the Red Hat Ceph Storage container image.
- Replace <ceph_image_namespace> with the name of the Red Hat Ceph Storage container namespace.
- Replace <ceph_image_tag> with the name of the Red Hat Ceph Storage container tag.
  For example, in a typical environment, this content would have the following values:
  tripleo_cephadm_container_image: rhceph-6-rhel9 tripleo_cephadm_container_ns: undercloud-0.ctlplane.redhat.local:8787 tripleo_cephadm_container_tag: '6'
Save the file.

Run the ceph-update-ganesha.yml playbook and provide the ganesha_update_extravars.yaml playbook for additional command parameters:

ansible-playbook -i $HOME/overcloud-deploy/<stack>/config-download/<stack>/tripleo-ansible-inventory.yaml \
    /usr/share/ansible/tripleo-playbooks/ceph-update-ganesha.yml \
     -e @$HOME/overcloud-deploy/<stack>/config-download/<stack>/global_vars.yaml \
     -e @$HOME/overcloud-deploy/<stack>/config-download/<stack>/cephadm/cephadm-extra-vars-heat.yml \
     -e @$HOME/ganesha_update_extravars.yaml

Replace <stack> with the name of the overcloud stack.

Verify that the ceph-nfs service is running:
$ sudo pcs status | grep ceph-nfs
Verify that the ceph-nfs systemd unit contains the Red Hat Ceph Storage 6 container image and tag:
$ cat /etc/systemd/system/ceph-nfs@.service | grep rhceph

16.2.4. Configuring Red Hat Ceph Storage Object Gateway to use Identity service (keystone) authentication
Copy link

When Red Hat Ceph Storage is upgraded from Release 4 to 5 to 6, more options must be set to configure the use of the Identity service than in older releases. For the procedure to set these options, see Configuring the Ceph Object Gateway to use Keystone authentication in the Object Gateway Guide.

Chapter 17. Upgrading Red Hat Ceph Storage 6 to 7
Copy link

You can upgrade the Red Hat Ceph Storage cluster from Release 6 to 7 after all other upgrade tasks are completed.

Prerequisites

The upgrade from Red Hat OpenStack Platform 16.2 to 17.1 is complete.
All Controller nodes are upgraded to Red Hat Enterprise Linux 9. In HCI environments, all Compute nodes must also be upgraded to RHEL 9.
The current Red Hat Ceph Storage 6 cluster is healthy.

17.1. Director-deployed Red Hat Ceph Storage environments
Copy link

Perform the following tasks if Red Hat Ceph Storage is director-deployed in your environment.

17.1.1. Updating the cephadm client
Copy link

Before you upgrade the Red Hat Ceph Storage cluster, you must update the cephadm package in the overcloud nodes to Release 7.

Prerequisites

Log in to a Controller node and confirm that the health status of the Red Hat Ceph Storage cluster is HEALTH_OK:
```
$ sudo cephadm shell -- ceph -s
```
If the status is not HEALTH_OK, correct any issues before continuing with this procedure. For more information about troubleshooting Red Hat Ceph Storage 6, see Troubleshooting Guide.

Procedure

Create a playbook to enable the Red Hat Ceph Storage (tool only) repositories in the Controller nodes. It should contain the following information:

- hosts: all
  gather_facts: false
  tasks:
    - name: Enable RHCS 7 tools repo
      ansible.builtin.command: |
          subscription-manager repos --disable=rhceph-6-tools-for-rhel-9-x86_64-rpms --enable=rhceph-7-tools-for-rhel-9-x86_64-rpms
      become: true
    - name: Update cephadm
      ansible.builtin.package:
        name: cephadm
        state: latest
      become: true

Run the playbook:
ansible-playbook -i ~/overcloud-deploy/<stack>/tripleo-ansible-inventory.yaml <playbook_file_name> --limit <controller_role>
- Replace <stack> with the name of your stack.
- Replace <playbook_file_name> with the name of the playbook created in the previous step.
- Replace <controller_role> with the role applied to Controller nodes.
- Use the --limit option to apply the content to Controller nodes only.
Log in to a Controller node.
Verify that the cephadm package is updated to Release 7:
$ sudo dnf info cephadm | grep -i version

17.1.2. Updating the Red Hat Ceph Storage container image
Copy link

The container-image-prepare.yaml file contains the ContainerImagePrepare parameter and defines the Red Hat Ceph Storage containers. This file is used by the tripleo-container-image prepare command to define the rules for obtaining container images for the undercloud and overcloud. Update this file with the correct image version before updating your environment.

Procedure

Locate your container preparation file. The default name of this file is containers-prepare-parameter.yaml.
Edit the container preparation file.
Locate the ceph_tag parameter. The current entry should be similar to the following example:
```
ceph_namespace: registry.redhat.io
ceph_image: rhceph-6-rhel9
ceph_tag: '6'
```

Update the ceph_tag parameter for Red Hat Ceph Storage 7:

ceph_namespace: registry.redhat.io
ceph_image: rhceph-7-rhel9
ceph_tag: '7'

Edit the containers-image-prepare.yaml file and replace the Red Hat Ceph monitoring stack container related parameters with the following content:

ceph_alertmanager_image: ose-prometheus-alertmanager
ceph_alertmanager_namespace: registry.redhat.io/openshift4
ceph_alertmanager_tag: v4.15
ceph_grafana_image: grafana-rhel9
ceph_grafana_namespace: registry.redhat.io/rhceph
ceph_grafana_tag: latest
ceph_node_exporter_image: ose-prometheus-node-exporter
ceph_node_exporter_namespace: registry.redhat.io/openshift4
ceph_node_exporter_tag: v4.15
ceph_prometheus_image: ose-prometheus
ceph_prometheus_namespace: registry.redhat.io/openshift4
ceph_prometheus_tag: v4.15

Save the file.

17.1.3. Running the container image prepare
Copy link

Complete the container image preparation process by running the director container preparation command. This prepares all container image configurations for the overcloud and retrieves the latest Red Hat Ceph Storage 7 container image.

Note

If you are using Red Hat Satellite Server to host RPMs and container images for your Red Hat OpenStack Platform (RHOSP) environment, do not perform this procedure. Update Satellite to include the Red Hat Ceph Storage 7 container image and update your containers-prepare-parameter.yaml file to reference the URL of the container image that is hosted on the Satellite server.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Run the container preparation command:
$ openstack tripleo container image prepare -e <container_preparation_file>
- Replace <container_preparation_file> with the name of your file. The default file is containers-prepare-parameter.yaml.
Verify that the new Red Hat Ceph Storage image is present in the undercloud registry:
$ openstack tripleo container image list -f value | awk -F '//' '/ceph/ {print $2}'
If you have the Red Hat Ceph Storage Dashboard enabled, verify the new Red Hat monitoring stack images are present in the undercloud registry:
$ openstack tripleo container image list -f value | awk -F '//' '/dashboard|grafana|prometheus|alertmanager|node-exporter/ {print $2}'

17.1.4. Configuring Ceph Manager with Red Hat Ceph Storage 7 monitoring stack images
Copy link

Procedure

Log in to a Controller node.

List the current images from the Ceph Manager configuration:

$ sudo cephadm shell -- ceph config dump | grep image

The following is an example of the command output:

global  basic     container_image                                undercloud-0.ctlplane.redhat.local:8787/rh-osbs/rhceph:6-311                                  *
mgr     advanced  mgr/cephadm/container_image_alertmanager       undercloud-0.ctlplane.redhat.local:8787/rh-osbs/openshift-ose-prometheus-alertmanager:v4.12   *
mgr     advanced  mgr/cephadm/container_image_base               undercloud-0.ctlplane.redhat.local:8787/rh-osbs/rhceph
mgr     advanced  mgr/cephadm/container_image_grafana            undercloud-0.ctlplane.redhat.local:8787/rh-osbs/grafana:latest                                *
mgr     advanced  mgr/cephadm/container_image_node_exporter      undercloud-0.ctlplane.redhat.local:8787/rh-osbs/openshift-ose-prometheus-node-exporter:v4.12  *
mgr     advanced  mgr/cephadm/container_image_prometheus         undercloud-0.ctlplane.redhat.local:8787/rh-osbs/openshift-ose-prometheus:v4.12

Update the Ceph Manager configuration for the monitoring stack services to use Red Hat Ceph Storage 7 images:

$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_alertmanager <alertmanager_image>
$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_grafana <grafana_image>
$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_node_exporter <node_exporter_image>
$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_prometheus <prometheus_image>

Replace <alertmanager_image> with the new alertmanager image.
Replace <grafana_image> with the new grafana image.
Replace <node_exporter_image> with the new node exporter image.

Replace <prometheus_image> with the new prometheus image.

The following is an example of the alert manager update command:

$ sudo cephadm shell -- ceph config set mgr mgr/cephadm/container_image_alertmanager undercloud-0.ctlplane.redhat.local:8787/rh-osbs/openshift-ose-prometheus-alertmanager:v4.15

Verify that the new image references are updated in the Red Hat Ceph Storage cluster:
```
$ sudo cephadm shell -- ceph config dump | grep image
```

17.1.5. Upgrading to Red Hat Ceph Storage 7 with Orchestrator
Copy link

Upgrade to Red Hat Ceph Storage 7 by using the Orchestrator capabilities of the cephadm command.

Prerequisities

On a Monitor or Controller node that is running the ceph-mon service, confirm the Red Hat Ceph Storage cluster status:
```
$ sudo cephadm shell -- ceph status
```
This command returns one of three responses:
- HEALTH_OK - The cluster is healthy. Proceed with the cluster upgrade.
- HEALTH_WARN - The cluster is unhealthy. Do not proceed with the cluster upgrade before the blocking issues are resolved. For troubleshooting guidance, see Red Hat Ceph Storage 6 Troubleshooting Guide.
- HEALTH_ERR - The cluster is unhealthy. Do not proceed with the cluster upgrade before the blocking issues are resolved. For troubleshooting guidance, see Red Hat Ceph Storage 6 Troubleshooting Guide.

Procedure

Log in to a Controller node.
Upgrade the cluster to the latest Red Hat Ceph Storage version by using Upgrade a Red Hat Ceph Storage cluster using cephadm in the Red Hat Ceph Storage 7 Upgrade Guide.
Important
Steps 1 to 4 of the upgrade procedure presented in Upgrading the Red Hat Ceph Storage cluster are not necessary when upgrading a Red Hat Ceph Storage cluster deployed with Red Hat OpenStack by director. Start at step 5 of the procedure.
Wait until the Red Hat Ceph Storage container upgrade completes. Monitor the status of the upgrade by using the following command:
```
$ sudo cephadm shell -- ceph orch upgrade status
```

17.1.6. Upgrading NFS Ganesha when moving from Red Hat Ceph Storage 6 to 7
Copy link

When Red Hat Ceph Storage is upgraded from Release 5 to 6, NFS Ganesha is not adopted by the Orchestrator. This means it remains under director control and must be moved manually to Release 7.

Red Hat Ceph Storage 6 based NFS Ganesha with a Red Hat Ceph Storage 7 cluster is only supported during the upgrade period. Once you upgrade the Red Hat Ceph Storage cluster to 7, you must upgrade NFS Ganesha to use a Release 7 based container image.

Note

This procedure only applies to environments that are using the Shared File Systems service (manila) with CephFS NFS. Upgradng the Red Hat Ceph Storage container for NFS Ganesha is mandatory in these environments.

Procedure

Log in to a Controller node.
Inspect the ceph-nfs service:
$ sudo pcs status | grep ceph-nfs
Inspect the ceph-nfs systemd unit to confirm that it contains the Red Hat Ceph Storage 6 container image and tag:
```
$ cat /etc/systemd/system/ceph-nfs@.service | grep -i container_image
```
Create a file called /home/stack/ganesha_update_extravars.yaml with the following content:
```
tripleo_cephadm_container_image: <ceph_image_name>
tripleo_cephadm_container_ns: <ceph_image_namespace>
tripleo_cephadm_container_tag: <ceph_image_tag>
```
- Replace <ceph_image_name> with the name of the Red Hat Ceph Storage container image.
- Replace <ceph_image_namespace> with the name of the Red Hat Ceph Storage container namespace.
- Replace <ceph_image_tag> with the name of the Red Hat Ceph Storage container tag.
  For example, in a typical environment, this content would have the following values:
  tripleo_cephadm_container_image: rhceph-7-rhel9 tripleo_cephadm_container_ns: undercloud-0.ctlplane.redhat.local:8787 tripleo_cephadm_container_tag: '7'
Save the file.

Run the ceph-update-ganesha.yml playbook and provide the ganesha_update_extravars.yaml playbook for additional command parameters:

ansible-playbook -i $HOME/overcloud-deploy/<stack>/config-download/<stack>/tripleo-ansible-inventory.yaml \
    /usr/share/ansible/tripleo-playbooks/ceph-update-ganesha.yml \
     -e @$HOME/overcloud-deploy/<stack>/config-download/<stack>/global_vars.yaml \
     -e @$HOME/overcloud-deploy/<stack>/config-download/<stack>/cephadm/cephadm-extra-vars-heat.yml \
     -e @$HOME/ganesha_update_extravars.yaml

Replace <stack> with the name of the overcloud stack.

Verify that the ceph-nfs service is running:
$ sudo pcs status | grep ceph-nfs
Verify that the ceph-nfs systemd unit contains the Red Hat Ceph Storage 6 container image and tag:
$ cat /etc/systemd/system/ceph-nfs@.service | grep rhceph

17.2. External Red Hat Ceph Storage cluster environment
Copy link

Perform the following tasks if your Red Hat Ceph Storage cluster is external to your Red Hat OpenStack Platform deployment in your environment.

17.2.1. Updating the Red Hat Ceph Storage container image
Copy link

The container-image-prepare.yaml file contains the ContainerImagePrepare parameter and defines the Red Hat Ceph Storage containers. This file is used by the tripleo-container-image prepare command to define the rules for obtaining container images for the undercloud and overcloud. Update this file with the correct image version before updating your environment.

Procedure

Locate your container preparation file. The default name of this file is containers-prepare-parameter.yaml.
Edit the container preparation file.
Locate the ceph_tag parameter. The current entry should be similar to the following example:
```
ceph_namespace: registry.redhat.io
ceph_image: rhceph-6-rhel9
ceph_tag: '6'
```

Update the ceph_tag parameter for Red Hat Ceph Storage 7:

ceph_namespace: registry.redhat.io
ceph_image: rhceph-7-rhel9
ceph_tag: '7'

Edit the containers-image-prepare.yaml file and replace the Red Hat Ceph monitoring stack container related parameters with the following content:

ceph_alertmanager_image: ose-prometheus-alertmanager
ceph_alertmanager_namespace: registry.redhat.io/openshift4
ceph_alertmanager_tag: v4.15
ceph_grafana_image: grafana-rhel9
ceph_grafana_namespace: registry.redhat.io/rhceph
ceph_grafana_tag: latest
ceph_node_exporter_image: ose-prometheus-node-exporter
ceph_node_exporter_namespace: registry.redhat.io/openshift4
ceph_node_exporter_tag: v4.15
ceph_prometheus_image: ose-prometheus
ceph_prometheus_namespace: registry.redhat.io/openshift4
ceph_prometheus_tag: v4.15

Save the file.

17.2.2. Running the container image prepare
Copy link

Complete the container image preparation process by running the director container preparation command. This prepares all container image configurations for the overcloud and retrieves the latest Red Hat Ceph Storage 7 container image.

Note

If you are using Red Hat Satellite Server to host RPMs and container images for your Red Hat OpenStack Platform (RHOSP) environment, do not perform this procedure. Update Satellite to include the Red Hat Ceph Storage 7 container image and update your containers-prepare-parameter.yaml file to reference the URL of the container image that is hosted on the Satellite server.

Procedure

Log in to the undercloud host as the stack user.
Source the stackrc undercloud credentials file:
```
$ source ~/stackrc
```
Run the container preparation command:
$ openstack tripleo container image prepare -e <container_preparation_file>
- Replace <container_preparation_file> with the name of your file. The default file is containers-prepare-parameter.yaml.
Verify that the new Red Hat Ceph Storage image is present in the undercloud registry:
$ openstack tripleo container image list -f value | awk -F '//' '/ceph/ {print $2}'
If you have the Red Hat Ceph Storage Dashboard enabled, verify the new Red Hat monitoring stack images are present in the undercloud registry:
$ openstack tripleo container image list -f value | awk -F '//' '/dashboard|grafana|prometheus|alertmanager|node-exporter/ {print $2}'

17.2.3. Upgrading NFS Ganesha when moving from Red Hat Ceph Storage 6 to 7
Copy link

When Red Hat Ceph Storage is upgraded from Release 5 to 6, NFS Ganesha is not adopted by the Orchestrator. This means it remains under director control and must be moved manually to Release 7.

Red Hat Ceph Storage 6 based NFS Ganesha with a Red Hat Ceph Storage 7 cluster is only supported during the upgrade period. Once you upgrade the Red Hat Ceph Storage cluster to 7, you must upgrade NFS Ganesha to use a Release 7 based container image.

Note

This procedure only applies to environments that are using the Shared File Systems service (manila) with CephFS NFS. Upgradng the Red Hat Ceph Storage container for NFS Ganesha is mandatory in these environments.

Procedure

Log in to a Controller node.
Inspect the ceph-nfs service:
$ sudo pcs status | grep ceph-nfs
Inspect the ceph-nfs systemd unit to confirm that it contains the Red Hat Ceph Storage 6 container image and tag:
```
$ cat /etc/systemd/system/ceph-nfs@.service | grep -i container_image
```
Create a file called /home/stack/ganesha_update_extravars.yaml with the following content:
```
tripleo_cephadm_container_image: <ceph_image_name>
tripleo_cephadm_container_ns: <ceph_image_namespace>
tripleo_cephadm_container_tag: <ceph_image_tag>
```
- Replace <ceph_image_name> with the name of the Red Hat Ceph Storage container image.
- Replace <ceph_image_namespace> with the name of the Red Hat Ceph Storage container namespace.
- Replace <ceph_image_tag> with the name of the Red Hat Ceph Storage container tag.
  For example, in a typical environment, this content would have the following values:
  tripleo_cephadm_container_image: rhceph-7-rhel9 tripleo_cephadm_container_ns: undercloud-0.ctlplane.redhat.local:8787 tripleo_cephadm_container_tag: '7'
Save the file.

Run the ceph-update-ganesha.yml playbook and provide the ganesha_update_extravars.yaml playbook for additional command parameters:

ansible-playbook -i $HOME/overcloud-deploy/<stack>/config-download/<stack>/tripleo-ansible-inventory.yaml \
    /usr/share/ansible/tripleo-playbooks/ceph-update-ganesha.yml \
     -e @$HOME/overcloud-deploy/<stack>/config-download/<stack>/global_vars.yaml \
     -e @$HOME/overcloud-deploy/<stack>/config-download/<stack>/cephadm/cephadm-extra-vars-heat.yml \
     -e @$HOME/ganesha_update_extravars.yaml

Replace <stack> with the name of the overcloud stack.

Verify that the ceph-nfs service is running:
$ sudo pcs status | grep ceph-nfs
Verify that the ceph-nfs systemd unit contains the Red Hat Ceph Storage 6 container image and tag:
$ cat /etc/systemd/system/ceph-nfs@.service | grep rhceph

In-place upgrades from Red Hat OpenStack Platform 16.2 to 17.1

OpenStack Documentation Team

Providing feedback on Red Hat documentationCopy linkLink copied to clipboard!

Chapter 1. About the Red Hat OpenStack Platform framework for upgradesCopy linkLink copied to clipboard!

1.1. High-level changes in Red Hat OpenStack Platform 17.1Copy linkLink copied to clipboard!

1.2. Familiarize yourself with Red Hat OpenStack Platform 17.1Copy linkLink copied to clipboard!

1.3. Changes in Red Hat Enterprise Linux 9Copy linkLink copied to clipboard!

1.4. Leapp upgrade usage in Red Hat OpenStack PlatformCopy linkLink copied to clipboard!

1.5. Guidelines for planning the upgradeCopy linkLink copied to clipboard!

1.6. Upgrade framework for long life versionsCopy linkLink copied to clipboard!

1.7. Upgrade duration and impactCopy linkLink copied to clipboard!

1.8. Known issues that might block an upgradeCopy linkLink copied to clipboard!

Chapter 2. Planning for an in-place upgradeCopy linkLink copied to clipboard!

2.1. Minor version update requirementCopy linkLink copied to clipboard!

2.2. Storage driver certificationCopy linkLink copied to clipboard!

2.3. Supported upgrade scenariosCopy linkLink copied to clipboard!

2.4. Red Hat Virtualization upgrade processCopy linkLink copied to clipboard!

2.5. Backup and restoreCopy linkLink copied to clipboard!

2.6. Predictable IP configurationCopy linkLink copied to clipboard!

2.7. Proxy configurationCopy linkLink copied to clipboard!

2.8. Planning for a Compute node upgradeCopy linkLink copied to clipboard!

Chapter 3. Performing pre-upgrade actionsCopy linkLink copied to clipboard!

3.1. Checking the health of the OVN clusterCopy linkLink copied to clipboard!

3.2. Network configuration file conversionCopy linkLink copied to clipboard!

3.3. Deployment file configurationCopy linkLink copied to clipboard!

3.4. Setting bare-metal provisioned nodes to the active stateCopy linkLink copied to clipboard!

3.5. Replacing the unsupported OVNDBS serviceCopy linkLink copied to clipboard!

Chapter 4. RepositoriesCopy linkLink copied to clipboard!

4.1. Repository adjustmentsCopy linkLink copied to clipboard!

4.2. Undercloud repositoriesCopy linkLink copied to clipboard!

4.3. Overcloud repositoriesCopy linkLink copied to clipboard!

4.4. Red Hat Satellite Server 6 considerationsCopy linkLink copied to clipboard!

Chapter 5. Upgrading the undercloudCopy linkLink copied to clipboard!

5.1. Enabling repositories for the undercloudCopy linkLink copied to clipboard!

5.2. Validating RHOSP before the upgradeCopy linkLink copied to clipboard!

5.3. Preparing container imagesCopy linkLink copied to clipboard!

5.4. Guidelines for container image taggingCopy linkLink copied to clipboard!

Major and minor version tags

Setting the tag and tag_from_label parameters

Setting the tag parameter

Setting the tag_from_label parameter

5.5. Obtaining container images from private registriesCopy linkLink copied to clipboard!

5.6. Updating the undercloud.conf fileCopy linkLink copied to clipboard!

5.7. Running the director upgradeCopy linkLink copied to clipboard!

Chapter 6. Upgrading with external Ceph deploymentsCopy linkLink copied to clipboard!

6.1. Updating Ceph Client configuration for RHOSP 17.1Copy linkLink copied to clipboard!

Chapter 7. Preparing for an overcloud upgradeCopy linkLink copied to clipboard!

7.1. Preparing for overcloud service downtimeCopy linkLink copied to clipboard!

7.2. Disabling fencing in the overcloudCopy linkLink copied to clipboard!

7.3. Undercloud node database backupCopy linkLink copied to clipboard!

7.4. Updating composable services in custom roles_data filesCopy linkLink copied to clipboard!

7.5. Deprecated and removed filters for the NovaSchedulerDefaultFilters parameterCopy linkLink copied to clipboard!

7.6. Checking custom Puppet parametersCopy linkLink copied to clipboard!

7.7. Firewall rule changeCopy linkLink copied to clipboard!

7.8. Final review before upgradeCopy linkLink copied to clipboard!

7.8.1. Checking for orphaned service recordsCopy linkLink copied to clipboard!

7.8.2. Upgrade command overviewCopy linkLink copied to clipboard!

7.8.2.1. openstack overcloud upgrade prepareCopy linkLink copied to clipboard!

7.8.2.2. openstack overcloud upgrade runCopy linkLink copied to clipboard!

7.8.2.3. openstack overcloud external-upgrade runCopy linkLink copied to clipboard!

7.8.3. Upgrade ParametersCopy linkLink copied to clipboard!

7.8.4. Custom files to include in your deploymentCopy linkLink copied to clipboard!

7.8.5. New environment files to include with your deploymentCopy linkLink copied to clipboard!

7.8.6. Environment files to remove from your deploymentCopy linkLink copied to clipboard!

7.8.7. Upgrading IPA servicesCopy linkLink copied to clipboard!

7.8.8. Upgrade checklistCopy linkLink copied to clipboard!

Chapter 8. Overcloud adoption and preparationCopy linkLink copied to clipboard!

8.1. Performing the overcloud adoption and preparationCopy linkLink copied to clipboard!

8.2. Performing the overcloud adoption and preparation for multi-cell environmentsCopy linkLink copied to clipboard!

Chapter 9. Upgrading an overcloud with director-deployed Ceph deploymentsCopy linkLink copied to clipboard!

9.1. Installing ceph-ansibleCopy linkLink copied to clipboard!

9.2. Downloading Red Hat Ceph Storage containers to the undercloud from SatelliteCopy linkLink copied to clipboard!

9.3. Upgrading to Red Hat Ceph Storage 5Copy linkLink copied to clipboard!

9.4. Restarting Red Hat Ceph Storage 5 servicesCopy linkLink copied to clipboard!

9.4.1. Restarting the Red Hat Ceph Storage 5 Object GatewayCopy linkLink copied to clipboard!

9.4.2. Restarting the Red Hat Ceph Storage 5 Alertmanager serviceCopy linkLink copied to clipboard!

9.5. Implications of upgrading to Red Hat Ceph Storage 5Copy linkLink copied to clipboard!

Chapter 10. Preparing network functions virtualization (NFV)Copy linkLink copied to clipboard!

10.1. Network functions virtualization (NFV) environment filesCopy linkLink copied to clipboard!

Providing feedback on Red Hat documentation
Copy link

Chapter 1. About the Red Hat OpenStack Platform framework for upgrades
Copy link

1.1. High-level changes in Red Hat OpenStack Platform 17.1
Copy link

1.2. Familiarize yourself with Red Hat OpenStack Platform 17.1
Copy link

1.3. Changes in Red Hat Enterprise Linux 9
Copy link

1.4. Leapp upgrade usage in Red Hat OpenStack Platform
Copy link

1.5. Guidelines for planning the upgrade
Copy link

1.6. Upgrade framework for long life versions
Copy link

1.7. Upgrade duration and impact
Copy link

1.8. Known issues that might block an upgrade
Copy link

Chapter 2. Planning for an in-place upgrade
Copy link

2.1. Minor version update requirement
Copy link

2.2. Storage driver certification
Copy link

2.3. Supported upgrade scenarios
Copy link

2.4. Red Hat Virtualization upgrade process
Copy link

2.5. Backup and restore
Copy link

2.6. Predictable IP configuration
Copy link

2.7. Proxy configuration
Copy link

2.8. Planning for a Compute node upgrade
Copy link

Chapter 3. Performing pre-upgrade actions
Copy link

3.1. Checking the health of the OVN cluster
Copy link

3.2. Network configuration file conversion
Copy link

3.3. Deployment file configuration
Copy link

3.4. Setting bare-metal provisioned nodes to the active state
Copy link

3.5. Replacing the unsupported OVNDBS service
Copy link

Chapter 4. Repositories
Copy link

4.1. Repository adjustments
Copy link

4.2. Undercloud repositories
Copy link

4.3. Overcloud repositories
Copy link

4.4. Red Hat Satellite Server 6 considerations
Copy link

Chapter 5. Upgrading the undercloud
Copy link

5.1. Enabling repositories for the undercloud
Copy link

5.2. Validating RHOSP before the upgrade
Copy link

5.3. Preparing container images
Copy link

5.4. Guidelines for container image tagging
Copy link

Major and minor `version` tags

Setting the `tag` and `tag_from_label` parameters

Setting the `tag` parameter

Setting the `tag_from_label` parameter

5.5. Obtaining container images from private registries
Copy link

5.6. Updating the undercloud.conf file
Copy link

5.7. Running the director upgrade
Copy link

Chapter 6. Upgrading with external Ceph deployments
Copy link

6.1. Updating Ceph Client configuration for RHOSP 17.1
Copy link

Chapter 7. Preparing for an overcloud upgrade
Copy link

7.1. Preparing for overcloud service downtime
Copy link

7.2. Disabling fencing in the overcloud
Copy link

7.3. Undercloud node database backup
Copy link

7.4. Updating composable services in custom roles_data files
Copy link

7.5. Deprecated and removed filters for the NovaSchedulerDefaultFilters parameter
Copy link

7.6. Checking custom Puppet parameters
Copy link

7.7. Firewall rule change
Copy link

7.8. Final review before upgrade
Copy link

7.8.1. Checking for orphaned service records
Copy link

7.8.2. Upgrade command overview
Copy link

7.8.2.1. openstack overcloud upgrade prepare
Copy link

7.8.2.2. openstack overcloud upgrade run
Copy link

7.8.2.3. openstack overcloud external-upgrade run
Copy link

7.8.3. Upgrade Parameters
Copy link

7.8.4. Custom files to include in your deployment
Copy link

7.8.5. New environment files to include with your deployment
Copy link

7.8.6. Environment files to remove from your deployment
Copy link

7.8.7. Upgrading IPA services
Copy link

7.8.8. Upgrade checklist
Copy link

Chapter 8. Overcloud adoption and preparation
Copy link

8.1. Performing the overcloud adoption and preparation
Copy link

8.2. Performing the overcloud adoption and preparation for multi-cell environments
Copy link

Chapter 9. Upgrading an overcloud with director-deployed Ceph deployments
Copy link

9.1. Installing ceph-ansible
Copy link

9.2. Downloading Red Hat Ceph Storage containers to the undercloud from Satellite
Copy link

9.3. Upgrading to Red Hat Ceph Storage 5
Copy link

9.4. Restarting Red Hat Ceph Storage 5 services
Copy link

9.4.1. Restarting the Red Hat Ceph Storage 5 Object Gateway
Copy link

9.4.2. Restarting the Red Hat Ceph Storage 5 Alertmanager service
Copy link

9.5. Implications of upgrading to Red Hat Ceph Storage 5
Copy link

Chapter 10. Preparing network functions virtualization (NFV)
Copy link

10.1. Network functions virtualization (NFV) environment files
Copy link

Chapter 11. Upgrading the overcloud
Copy link

11.1. Upgrading RHOSP on all nodes in each stack
Copy link

Chapter 12. Upgrading the undercloud operating system
Copy link