红帽全球峰会6.2.3. 使用 cns-deploy 升级现有版本
6.2.3.1. 升级 cns-deploy 和 Heketi Server
必须在客户端计算机上执行以下命令。
执行以下命令来更新 heketi 客户端和 cns-deploy 软件包:
# yum update cns-deploy -y # yum update heketi-client -y备份 Heketi registry 数据库文件
# heketi-cli db dump > heketi-db-dump-$(date -I).json执行以下命令来删除 heketi 模板。
# oc delete templates heketi执行以下命令以获取当前的 HEKETI_ADMIN_KEY:
只要其基础架构不使用,OCS 管理员可以选择为用户密钥设置任何短语。它没有被任何 OCS 默认安装的资源使用。
# oc get secret <heketi-admin-secret-name> -o jsonpath='{.data.key}'|base64 -d;echo执行以下命令来安装 heketi 模板。
# oc create -f /usr/share/heketi/templates/heketi-template.yaml template "heketi" created执行以下命令,将 heketi 服务帐户授予必要的特权。
# oc policy add-role-to-user edit system:serviceaccount:<project_name>:heketi-service-account # oc adm policy add-scc-to-user privileged -z heketi-service-account例如,
# oc policy add-role-to-user edit system:serviceaccount:storage-project:heketi-service-account # oc adm policy add-scc-to-user privileged -z heketi-service-account注意heketi pod 中使用的服务帐户需要具有特权,因为 Heketi/rhgs-volmanager pod 将 heketidb 存储 Gluster 卷作为"glusterfs"卷类型而不是 PersistentVolume(PV)挂载。
根据 OpenShift 中的 security-context-constraints 法规,挂载类型不是 configMap、Downward、emptyDir、hostPath、nfs 和 persistentVolumeClaim 的卷,secret 只会被授予具有特权安全上下文约束(SCC)的帐户。执行以下命令来生成新的 heketi 配置文件。
# sed -e "s/\${HEKETI_EXECUTOR}/kubernetes/" -e "s#\${HEKETI_FSTAB}#/var/lib/heketi/fstab#" -e "s/\${SSH_PORT}/22/" -e "s/\${SSH_USER}/root/" -e "s/\${SSH_SUDO}/false/" -e "s/\${BLOCK_HOST_CREATE}/true/" -e "s/\${BLOCK_HOST_SIZE}/500/" "/usr/share/heketi/templates/heketi.json.template" > heketi.json-
BLOCK_HOST_SIZE参数控制自动创建的 Red Hat Gluster Storage 卷的大小(以 GB 为单位)用于托管 gluster-block 卷(更多信息,请参阅 https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/3.11/html-single/operations_guide/index#Block_Storage)。此默认配置将动态创建块托管大小为 500GB 的卷,因为需要更多空间。 或者,将 /usr/share/heketi/templates/heketi.json.template 文件复制到当前目录中的 heketi.json,并直接编辑新文件,将每个"${VARIABLE}" 字符串替换为所需参数。
注意JSON 格式严格是必需的(例如,没有结尾的空格、布尔值都为小写)。
-
执行以下命令,以创建用于存放配置文件的机密。
# oc create secret generic <heketi-registry-config-secret> --from-file=heketi.json注意如果 heketi-registry-config-secret 文件已经存在,则删除该文件并运行以下命令:
执行以下命令删除 heketi 的部署配置、服务和路由:
# oc delete deploymentconfig,service,route heketi-registry编辑 heketi 模板。
编辑 HEKETI_USER_KEY 和 HEKETI_ADMIN_KEY 参数。
# oc edit template heketi parameters: - description: Set secret for those creating volumes as type user displayName: Heketi User Secret name: HEKETI_USER_KEY value: <heketiuserkey> - description: Set secret for administration of the Heketi service as user admin displayName: Heketi Administrator Secret name: HEKETI_ADMIN_KEY value: <adminkey> - description: Set the executor type, kubernetes or ssh displayName: heketi executor type name: HEKETI_EXECUTOR value: kubernetes - description: Set the hostname for the route URL displayName: heketi route name name: HEKETI_ROUTE value: heketi-storage - displayName: heketi container image name name: IMAGE_NAME required: true value: registry.redhat.io/rhgs3/rhgs-volmanager-rhel7 - displayName: heketi container image version name: IMAGE_VERSION required: true value: v3.11.8 - description: A unique name to identify this heketi service, useful for running multiple heketi instances displayName: GlusterFS cluster name name: CLUSTER_NAME value: storage注意如果集群有超过 1000 个卷,请参阅 如何更改 Openshift Container Storage 的默认 PVS 限制 ,并在进行升级前添加必要的参数。
添加名为 HEKETI_LVM_WRAPPER 且值为
/usr/sbin/exec-on-host的 ENV。- description: Heketi can use a wrapper to execute LVM commands, i.e. run commands in the host namespace instead of in the Gluster container. displayName: Wrapper for executing LVM commands name: HEKETI_LVM_WRAPPER value: /usr/sbin/exec-on-host添加一个名为 HEKETI_DEBUG_UMOUNT_FAILURES,值为
true的 ENV。- description: When unmounting a brick fails, Heketi will not be able to cleanup the Gluster volume completely. The main causes for preventing to unmount a brick, seem to originate from Gluster processes. By enabling this option, the heketi.log will contain the output of 'lsof' to aid with debugging of the Gluster processes and help with identifying any files that may be left open. displayName: Capture more details in case brick unmounting fails name: HEKETI_DEBUG_UMOUNT_FAILURES required=true-
添加一个带有名为 HEKETI_CLI_USER,值为
admin的 ENV。 - 添加名为 HEKETI_CLI_KEY 以及为 ENV HEKETI_ADMIN_KEY 提供的相同值的 ENV。
根据您要升级到的版本,将
IMAGE_VERSION中的值替换为v3.11.5或v3.11.8。- displayName: heketi container image name name: IMAGE_NAME required: true value: registry.redhat.io/rhgs3/rhgs-volmanager-rhel7 - displayName: heketi container image version name: IMAGE_VERSION required: true value: v3.11.8
执行以下命令来部署用于为 OpenShift 创建持久性卷的 Heketi 服务、路由和部署配置:
# oc process heketi | oc create -f - service "heketi-registry" created route "heketi-registry" created deploymentconfig-registry "heketi" created注意建议为数据库工作负载调整
heketidbstorage卷。新安装的 Openshift Container Storage 部署会自动调整 heketidbstorage 卷。对于旧的部署,请按照 KCS 文章 规划在 Openshift Container Storage 上运行容器化 DB 或 nosql 工作负载? 并为卷heketidbstorage执行卷设置操作。执行以下命令来验证容器是否正在运行:
# oc get pods例如:
# oc get pods NAME READY STATUS RESTARTS AGE glusterblock-storage-provisioner-dc-1-ffgs5 1/1 Running 0 3m glusterfs-storage-5thpc 1/1 Running 0 9d glusterfs-storage-hfttr 1/1 Running 0 9d glusterfs-storage-n8rg5 1/1 Running 0 9d heketi-storage-4-9fnvz 2/2 Running 0 8d
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}