Red Hat Summit Red Hat SummitSupportoConsoleSviluppatoriInizia una provaContatti

Questo contenuto non è disponibile nella lingua selezionata.

Chapter 6. Updating

6.1. Updating OpenShift Virtualization
Copia collegamento

Learn how to keep OpenShift Virtualization updated and compatible with OpenShift Container Platform.

6.1.1. About updating OpenShift Virtualization
Copia collegamento

When you install OpenShift Virtualization, you select an update channel and an approval strategy. The update channel determines the version that OpenShift Virtualization is updated to. The approval strategy setting determines whether updates occur automatically or require manual approval. Both settings can impact supportability.

6.1.1.2. What to expect
Copia collegamento

You can anticipate update behavior in OpenShift Virtualization, including duration, automation, and data preservation.

  • The amount of time an update takes to complete depends on your network connection. Most automatic updates complete within fifteen minutes.
  • Updating OpenShift Virtualization does not interrupt network connections.
  • Data volumes and their associated persistent volume claims are preserved during an update.
Important

If you have virtual machines running that use hostpath provisioner storage, they cannot be live migrated and might block an OpenShift Container Platform cluster update.

As a workaround, you can reconfigure the virtual machines so that they can be powered off automatically during a cluster update. Set the evictionStrategy field to None and the runStrategy field to Always.

6.1.1.3. How updates work
Copia collegamento

Learn how the OpenShift Virtualization Operator is updated through the Operator Lifecycle Manager (OLM) and how update channels and approval strategies affect upgrade behavior.

  • Operator Lifecycle Manager (OLM) manages the lifecycle of the OpenShift Virtualization Operator. The Marketplace Operator, which is deployed during OpenShift Container Platform installation, makes external Operators available to your cluster.
  • OLM provides z-stream and minor version updates for OpenShift Virtualization. Minor version updates become available when you update OpenShift Container Platform to the next minor version. You cannot update OpenShift Virtualization to the next minor version without first updating OpenShift Container Platform.

6.1.1.4. Changing update settings
Copia collegamento

You can control how and when updates are installed by changing the update channel and approval strategy for the OpenShift Virtualization Operator subscription.

Prerequisites

  • You have installed the OpenShift Virtualization Operator.
  • You have logged in to the OpenShift Container Platform web console as a cluster administrator.

Procedure

  1. Click Ecosystem Installed Operators.
  2. Select OpenShift Virtualization from the list.
  3. Click the Subscription tab.
  4. In the Subscription details section, click the setting that you want to change. For example, to change the approval strategy from Manual to Automatic, click Manual.
  5. In the window that opens, select the new update channel or approval strategy.
  6. Click Save.

6.1.1.5. Manual approval strategy
Copia collegamento

If you use the Manual approval strategy, you must manually approve every pending update. If OpenShift Container Platform and OpenShift Virtualization updates are out of sync, your cluster becomes unsupported.

To avoid risking the supportability and functionality of your cluster, use the Automatic approval strategy. If you must use the Manual approval strategy, maintain a supportable cluster by approving pending Operator updates as soon as they become available.

6.1.1.6. Manually approving a pending Operator update
Copia collegamento

If an installed Operator has the approval strategy in its subscription set to Manual, when new updates are released in its current update channel, the update must be manually approved before installation can begin.

Prerequisites

  • An Operator previously installed using Operator Lifecycle Manager (OLM).

Procedure

  1. In the OpenShift Container Platform web console, navigate to Ecosystem Installed Operators.
  2. Operators that have a pending update display a status with Upgrade available. Click the name of the Operator you want to update.
  3. Click the Subscription tab. Any updates requiring approval are displayed next to Upgrade status. For example, it might display 1 requires approval.
  4. Click 1 requires approval, then click Preview Install Plan.
  5. Review the resources that are listed as available for update. When satisfied, click Approve.
  6. Navigate back to the Ecosystem Installed Operators page to monitor the progress of the update. When complete, the status changes to Succeeded and Up to date.

6.1.2. Remove unused Operators and resources
Copia collegamento

As a cluster administrator who is updating OpenShift Virtualization from a previous version to version 4.21, you can remove certain Operators and resources that are no longer required. This can help you to reclaim space and resources on your cluster.

As of OpenShift Virtualization version 4.21, the Migration Toolkit for Containers (MTC) is no longer required to support live storage migration.

6.1.2.1. Uninstalling MTC and deleting resources
Copia collegamento

You can uninstall the Migration Toolkit for Containers (MTC) and delete its resources to clean up the cluster.

Note

Deleting the velero custom resource definitions (CRDs) removes Velero from the cluster.

Prerequisites

  • You have logged in to the OpenShift Container Platform cluster as a cluster administrator.

Procedure

  1. Delete the MigrationController custom resource (CR) on all clusters: 

    $ oc delete migrationcontroller <migration_controller>
  2. Uninstall the Migration Toolkit for Containers Operator on OpenShift Container Platform 4 by using the Operator Lifecycle Manager (OLM).

  3. Delete cluster-scoped resources on all clusters by running the following commands:

    • migration custom resource definitions (CRDs): 

      $ oc delete $(oc get crds -o name | grep 'migration.openshift.io')

    • velero CRDs: 

      $ oc delete $(oc get crds -o name | grep 'velero')

    • migration cluster roles: 

      $ oc delete $(oc get clusterroles -o name | grep 'migration.openshift.io')

    • migration-operator cluster role: 

      $ oc delete clusterrole migration-operator

    • velero cluster roles: 

      $ oc delete $(oc get clusterroles -o name | grep 'velero')

    • migration cluster role bindings: 

      $ oc delete $(oc get clusterrolebindings -o name | grep 'migration.openshift.io')

    • migration-operator cluster role bindings: 

      $ oc delete clusterrolebindings migration-operator

    • velero cluster role bindings: 

      $ oc delete $(oc get clusterrolebindings -o name | grep 'velero')

6.1.3. RHEL 9 compatibility
Copia collegamento

OpenShift Virtualization 4.21 is based on Red Hat Enterprise Linux (RHEL) 9.

6.1.3.1. RHEL 9 machine type
Copia collegamento

All VM templates that are included with OpenShift Virtualization now use the RHEL 9 machine type by default: machineType: pc-q35-rhel9.<y>.0, where <y> is a single digit corresponding to the latest minor version of RHEL 9. For example, the value pc-q35-rhel9.2.0 is used for RHEL 9.2.

Updating OpenShift Virtualization does not change the machineType value of any existing VMs. These VMs continue to function as they did before the update. You can optionally change a VM’s machine type so that it can benefit from RHEL 9 improvements.

Important

Before you change a VM’s machineType value, you must shut down the VM.

6.1.4. Monitoring update status
Copia collegamento

To monitor the status of a OpenShift Virtualization Operator update, watch the cluster service version (CSV) PHASE. You can also monitor the CSV conditions in the web console or by using the CLI.

Note

The PHASE and conditions values are approximations that are based on available information.

Prerequisites

  • You have logged in to the OpenShift Container Platform cluster as a cluster administrator.
  • You have installed the OpenShift CLI (oc).

Procedure

  1. Run the following command: 

    $ oc get csv -n openshift-cnv

  2. Review the output, checking the PHASE field. For example: 

    VERSION  REPLACES                                        PHASE
4.9.0    kubevirt-hyperconverged-operator.v4.8.2         Installing
4.9.0    kubevirt-hyperconverged-operator.v4.9.0         Replacing

  3. Optional: Monitor the aggregated status of all OpenShift Virtualization component conditions by running the following command: 

    $ oc get hyperconverged kubevirt-hyperconverged -n openshift-cnv \
  -o=jsonpath='{range .status.conditions[*]}{.type}{"\t"}{.status}{"\t"}{.message}{"\n"}{end}'

    A successful upgrade results in the following output: 

    ReconcileComplete  True  Reconcile completed successfully
Available          True  Reconcile completed successfully
Progressing        False Reconcile completed successfully
Degraded           False Reconcile completed successfully
Upgradeable        True  Reconcile completed successfully

6.1.5. VM workload updates
Copia collegamento

When you update OpenShift Virtualization, virtual machine workloads, including libvirt, virt-launcher, and qemu, update automatically if they support live migration.

Note

Each virtual machine has a virt-launcher pod that runs the virtual machine instance (VMI). The virt-launcher pod runs an instance of libvirt, which is used to manage the virtual machine (VM) process.

You can configure how workloads are updated by editing the spec.workloadUpdateStrategy stanza of the HyperConverged custom resource (CR). There are two available workload update methods: LiveMigrate and Evict.

Because the Evict method shuts down VMI pods, only the LiveMigrate update strategy is enabled by default.

When LiveMigrate is the only update strategy enabled:

  • VMIs that support live migration are migrated during the update process. The VM guest moves into a new pod with the updated components enabled.

  • VMIs that do not support live migration are not disrupted or updated.

    • If a VMI has the LiveMigrate eviction strategy but does not support live migration, it is not updated.

If you enable both LiveMigrate and Evict:

  • VMIs that support live migration use the LiveMigrate update strategy.
  • VMIs that do not support live migration use the Evict update strategy. If a VMI is controlled by a VirtualMachine object that has runStrategy: Always set, a new VMI is created in a new pod with updated components.

6.1.5.1. Migration attempts and timeouts
Copia collegamento

When updating workloads, live migration fails if a pod is in the Pending state for the following periods:

5 minutes
If the pod is pending because it is Unschedulable.
15 minutes
If the pod is stuck in the pending state for any reason.

When a VMI fails to migrate, the virt-controller tries to migrate it again. It repeats this process until all migratable VMIs are running on new virt-launcher pods. If a VMI is improperly configured, however, these attempts can repeat indefinitely.

Note

Each attempt corresponds to a migration object. Only the five most recent attempts are held in a buffer. This prevents migration objects from accumulating on the system while retaining information for debugging.

6.1.5.2. Configuring workload update methods
Copia collegamento

You can configure how virtual machine workloads are updated during cluster upgrades by editing the HyperConverged custom resource (CR).

Prerequisites

  • You have enabled live migration in the cluster.

    Note

    If a VirtualMachineInstance CR contains evictionStrategy: LiveMigrate and the virtual machine instance (VMI) does not support live migration, the VMI will not update.

  • You have installed the OpenShift CLI (oc).

Procedure

  1. To open the HyperConverged CR in your default editor, run the following command: 

    $ oc edit hyperconverged kubevirt-hyperconverged -n openshift-cnv

  2. Edit the workloadUpdateStrategy stanza of the HyperConverged CR. For example: 

    apiVersion: hco.kubevirt.io/v1beta1
kind: HyperConverged
metadata:
  name: kubevirt-hyperconverged
spec:
  workloadUpdateStrategy:
    workloadUpdateMethods:
    - LiveMigrate
    - Evict
    batchEvictionSize: 10
    batchEvictionInterval: "1m0s"
# ...

    • spec.workloadUpdateStrategy.workloadUpdateMethods defines the methods that can be used to perform automated workload updates. The available values are LiveMigrate and Evict. If you enable both options as shown in this example, updates use LiveMigrate for VMIs that support live migration and Evict for any VMIs that do not support live migration. To disable automatic workload updates, you can either remove the workloadUpdateStrategy stanza or set workloadUpdateMethods: [] to leave the array empty.

      • LiveMigrate is the least disruptive update method. VMIs that support live migration are updated by migrating the virtual machine (VM) guest into a new pod with the updated components enabled. If LiveMigrate is the only workload update method listed, VMIs that do not support live migration are not disrupted or updated.
      • Evict is a disruptive method that shuts down VMI pods during upgrade. Evict is the only update method available if live migration is not enabled in the cluster. If a VMI is controlled by a VirtualMachine object that has runStrategy: Always configured, a new VMI is created in a new pod with updated components.
    • spec.workloadUpdateStrategy.batchEvictionSize defines the number of VMIs that can be forced to be updated at a time by using the Evict method. This does not apply to the LiveMigrate method.

    • spec.workloadUpdateStrategy.batchEvictionInterval defines the interval to wait before evicting the next batch of workloads. This does not apply to the LiveMigrate method.

      Note

      You can configure live migration limits and timeouts by editing the spec.liveMigrationConfig stanza of the HyperConverged CR.

  3. To apply your changes, save and exit the editor.

6.1.5.3. Viewing outdated VM workloads
Copia collegamento

You can view a list of outdated virtual machine (VM) workloads by using the CLI.

Note

If there are outdated virtualization pods in your cluster, the OutdatedVirtualMachineInstanceWorkloads alert fires.

Prerequisites

  • You have installed the OpenShift CLI (oc).

Procedure

  • To view a list of outdated virtual machine instances (VMIs), run the following command: 

    $ oc get vmi -l kubevirt.io/outdatedLauncherImage --all-namespaces

6.1.6. Control Plane Only updates
Copia collegamento

A Control Plane Only update allows you to update between Extended Update Support (EUS) versions of OpenShift Container Platform while preventing virtual machine workloads from updating during the intermediate upgrade.

Every even-numbered minor version of OpenShift Container Platform is an Extended Update Support (EUS) version. However, Kubernetes requires minor version updates to occur sequentially. As a result, you cannot update directly from one EUS version to the next.

To move between EUS versions, you must first update OpenShift Virtualization to the latest z-stream release of the next odd-numbered minor version. After the cluster updates to the target EUS version of OpenShift Container Platform, the corresponding update for OpenShift Virtualization becomes available. You can then update OpenShift Virtualization to the target EUS version.

Note

You can directly update OpenShift Virtualization to the latest z-stream release of your current minor version without applying each intermediate z-stream update.

For more information about EUS versions, see the OpenShift Container Platform Life Cycle Policy.

6.1.6.1. Preventing workload updates during a Control Plane Only update
Copia collegamento

When you update from one Extended Update Support (EUS) version to the next, you must temporarily disable automatic workload updates to prevent OpenShift Virtualization from migrating or evicting virtual machines during the upgrade process.

Important

In OpenShift Container Platform 4.16, the underlying Red Hat Enterprise Linux CoreOS (RHCOS) upgraded to version 9.4 of Red Hat Enterprise Linux (RHEL). To operate correctly, all virt-launcher pods in the cluster must use the same version of RHEL.

After upgrading to OpenShift Container Platform 4.16 from an earlier version, re-enable workload updates in OpenShift Virtualization to allow virt-launcher pods to update. Before upgrading to the next OpenShift Container Platform version, verify that all VMIs use up-to-date workloads: 

$ oc get kv kubevirt-kubevirt-hyperconverged -o json -n openshift-cnv | jq .status.outdatedVirtualMachineInstanceWorkloads

If the previous command returns a value larger than 0, list all VMIs with outdated virt-launcher pods and start live migration to update them: 

$ oc get vmi -l kubevirt.io/outdatedLauncherImage --all-namespaces

For the list of supported OpenShift Container Platform releases and the RHEL versions they use, see RHEL Versions Utilized by RHCOS and OpenShift Container Platform.

Prerequisites

  • You have installed the OpenShift CLI (oc).
  • You are running an EUS version of OpenShift Container Platform and plan to update to the next EUS version.
  • You have not yet updated to the intermediate odd-numbered minor version.
  • You paused the worker nodes' machine config pools as described in the OpenShift Container Platform documentation.
  • It is recommended that you use the default Automatic approval strategy. If you use the Manual approval strategy, you must approve all pending updates in the web console. For more details, see "Manually approving a pending Operator update".

Procedure

  1. Run the following command and record the workloadUpdateMethods configuration: 

    $ oc get kv kubevirt-kubevirt-hyperconverged \
  -n openshift-cnv -o jsonpath='{.spec.workloadUpdateStrategy.workloadUpdateMethods}'

  2. Disable workload update methods by running the following command: 

    $ oc patch hyperconverged kubevirt-hyperconverged -n openshift-cnv \
  --type json -p '[{"op":"replace","path":"/spec/workloadUpdateStrategy/workloadUpdateMethods", "value":[]}]'

  3. Ensure that the HyperConverged Operator is Upgradeable before continuing: 

    $ oc get hyperconverged kubevirt-hyperconverged -n openshift-cnv -o json | jq ".status.conditions"

  4. Manually update your cluster from the source EUS version to the next minor version of OpenShift Container Platform: 

    $ oc adm upgrade

  5. Verify the current cluster version: 

    $ oc get clusterversion
    Note

    Updating OpenShift Container Platform to the next version is a prerequisite for updating OpenShift Virtualization. For more details, see the "Updating clusters" section of the OpenShift Container Platform documentation.

  6. Update OpenShift Virtualization.

    • With the default Automatic approval strategy, OpenShift Virtualization automatically updates after the OpenShift Container Platform update completes.
    • If you use the Manual approval strategy, approve the pending update in the web console.

  7. Monitor the OpenShift Virtualization update: 

    $ oc get csv -n openshift-cnv

  8. Confirm that OpenShift Virtualization updated to the latest z-stream release of the intermediate version: 

    $ oc get hyperconverged kubevirt-hyperconverged -n openshift-cnv -o json | jq ".status.versions"
  9. Wait until the HyperConverged Operator again reports the Upgradeable condition.
  10. Update OpenShift Container Platform to the target EUS version.

  11. Verify the cluster version: 

    $ oc get clusterversion

  12. Update OpenShift Virtualization to the target EUS version.

    • With the default Automatic approval strategy, OpenShift Virtualization updates automatically.
    • If you use the Manual approval strategy, approve the pending update in the web console.

  13. Monitor the update: 

    $ oc get csv -n openshift-cnv

    The update completes when the VERSION field matches the target EUS version and the PHASE field reads Succeeded.

  14. Restore the workloadUpdateMethods configuration recorded in step 1: 

    $ oc patch hyperconverged kubevirt-hyperconverged -n openshift-cnv --type json -p \
"[{\"op\":\"add\",\"path\":\"/spec/workloadUpdateStrategy/workloadUpdateMethods\", \"value\":{WorkloadUpdateMethodConfig}}]"

Verification

  • Check the status of VM migrations: 

    $ oc get vmim -A

Next steps

  • Unpause the machine config pools for each compute node.

6.1.7. Early access releases
Copia collegamento

You can gain access to builds in development by subscribing to the candidate update channel for your version of OpenShift Virtualization.

These releases have not been fully tested by Red Hat and are not supported, but you can use them on non-production clusters to test capabilities and bug fixes being developed for that version.

The stable channel, which matches the underlying OpenShift Container Platform version and is fully tested, is suitable for production systems. You can switch between the stable and candidate channels in OperatorHub. However, updating from a candidate channel release to a stable channel release is not tested by Red Hat.

Some candidate releases are promoted to the stable channel. However, releases present only in candidate channels might not contain all features that will be made generally available (GA), and some features in candidate builds might be removed before GA. Additionally, candidate releases might not offer update paths to later GA releases.

Important

The candidate channel is only suitable for testing purposes where destroying and recreating a cluster is acceptable.

Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2026 Red HatTorna in cima