Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 9. Upgrading the undercloud operating system
You must upgrade the undercloud operating system from Red Hat Enterprise Linux 8.4 to Red Hat Enterprise Linux 9.2. The system upgrade performs the following tasks:
- Ensures that network interface naming remains consistent after the system upgrade
- Uses Leapp to upgrade RHEL in-place
- Reboots the undercloud
9.1. Setting the SSH root permission parameter on the undercloud
The Leapp upgrade checks whether the PermitRootLogin
parameter exists in the /etc/ssh/sshd_config
file. You must explicitly set this parameter to either yes
or no
.
For security purposes, set this parameter to no
to disable SSH access to the root user on the undercloud.
Procedure
-
Log in to the undercloud as the
stack
user. Check the
/etc/ssh/sshd_config
file for thePermitRootLogin
parameter:$ sudo grep PermitRootLogin /etc/ssh/sshd_config
If the parameter is not in the
/etc/ssh/sshd_config
file, edit the file and set thePermitRootLogin
parameter:PermitRootLogin no
- Save the file.
9.2. Validating your SSH key size
Starting with Red Hat Enterprise Linux (RHEL) 9.1, a minimum SSH key size of 2048 bits is required. If your current SSH key on Red Hat OpenStack Platform (RHOSP) director is less than 2048 bits, you can lose access to the overcloud. You must verify that your SSH key meets the required bit size.
Procedure
Validate your SSH key size:
ssh-keygen -l -f /home/stack/overcloud-deploy/overcloud/ssh_private_key
Example output:
1024 SHA256:Xqz0Xz0/aJua6B3qRD7VsLr6n/V3zhmnGSkcFR6FlJw stack@director.example.local (RSA)
- If your SSH key is less than 2048 bits, you must rotate out the SSH key before continuing. For more information, see Updating SSH keys in your OpenStack environment in Hardening Red Hat OpenStack Platform.
9.3. Performing the undercloud system upgrade
Upgrade your undercloud operating system to Red Hat Enterprise Linux (RHEL) 9.2. As part of this upgrade, you create a file named system_upgrade.yaml
, which you use to enable the appropriate repositories and required Red Hat OpenStack Platform options and content to install Leapp. You use this file to also upgrade your control plane nodes and Compute nodes.
For information about the duration and impact of this upgrade procedure, see Upgrade duration and impact.
Procedure
-
Log in to the undercloud as the
stack
user. Create a file named
system_upgrade.yaml
in your templates directory and include the following content:parameter_defaults: UpgradeLeappDevelSkip: "LEAPP_UNSUPPORTED=1 LEAPP_DEVEL_SKIP_CHECK_OS_RELEASE=1 LEAPP_NO_NETWORK_RENAMING=1 LEAPP_DEVEL_TARGET_RELEASE=9.2" UpgradeLeappDebug: false UpgradeLeappEnabled: true LeappActorsToRemove: ['checkifcfg','persistentnetnamesdisable','checkinstalledkernels','biosdevname'] LeappRepoInitCommand: | subscription-manager repos --disable=* subscription-manager repos --enable rhel-8-for-x86_64-baseos-tus-rpms --enable rhel-8-for-x86_64-appstream-tus-rpms --enable openstack-17.1-for-rhel-8-x86_64-rpms subscription-manager release --set=8.4 UpgradeLeappCommandOptions: "--enablerepo=rhel-9-for-x86_64-baseos-eus-rpms --enablerepo=rhel-9-for-x86_64-appstream-eus-rpms --enablerepo=rhel-9-for-x86_64-highavailability-eus-rpms --enablerepo=openstack-17.1-for-rhel-9-x86_64-rpms --enablerepo=fast-datapath-for-rhel-9-x86_64-rpms"
NoteIf your deployment includes Red Hat Ceph Storage nodes, you must add the
CephLeappRepoInitCommand
parameter and specify the source OS version of your Red Hat Ceph Storage nodes. For example:CephLeappRepoInitCommand: ... subscription-manager release --set=8.6
Add the
LeappInitCommand
parameter to yoursystem_upgrade.yaml
file to specify additional requirements applicable to your environment, for example, if you need to define role-based overrides:LeappInitCommand: | subscription-manager repos --disable=* subscription-manager release --unset subscription-manager repos --enable=rhel-9-for-x86_64-baseos-eus-rpms --enable=rhel-9-for-x86_64-appstream-eus-rpms --enable=rhel-9-for-x86_64-highavailability-eus-rpms --enable=openstack-17.1-for-rhel-9-x86_64-rpms --enable=fast-datapath-for-rhel-9-x86_64-rpms leapp answer --add --section check_vdo.confirm=True dnf -y remove irb
ImportantRemoving the
ruby-irb
package is mandatory to avoid a conflict between the RHEL 8 ruby-irb directory and the RHEL 9 symlink. For more information, see the Red Hat Knowledgebase solution leapp upgrade RHEL8 to RHEL9 fails with error "rubygem-irb-1.3.5-160.el9_0.noarch conflicts with file from package ruby-irb-2.5.9-110.module+el8.6.0+15956+aa803fc1.noarch".If you use kernel-based NIC names, add the following parameter to the
system_upgrade.yaml
file to ensure that the NIC names persist throughout the upgrade process:parameter_defaults: NICsPrefixesToUdev: ['en'] ...
Run the Leapp upgrade:
$ openstack undercloud upgrade --yes --system-upgrade \ /home/stack/system_upgrade.yaml
NoteIf you need to run the Leapp upgrade again, you must first reset the repositories to RHEL 8.
Reboot the undercloud:
$ sudo reboot