Chapter 5. Updating Operating Systems

5.1. Purpose

Updating the operating system (OS) on a host, by either upgrading across major releases or updating the system software for a minor release, can impact the OpenShift Container Platform software running on those machines. In particular, these updates can affect the iptables rules or ovs flows that OpenShift Container Platform requires to operate.

5.2. Updating the Operating System on a Host

Use the following to safely upgrade the OS on a host:

  1. Ensure the host is unschedulable, meaning that no new pods will be placed onto the host: 

    $ oc adm manage-node <node_name> --schedulable=false

  2. Migrate the pods from the host: 

    $ oc adm drain <node_name> --force --delete-local-data --ignore-daemonsets

  3. In order to protect sensitive packages that do not need to be updated, apply the exclude rules to the host: 

    # atomic-openshift-docker-excluder exclude
# atomic-openshift-excluder exclude

  4. Update the host packages and reboot the host. A reboot ensures that the host is running the newest versions and means that the docker and OpenShift Container Platform processes have been restarted, which forces them to check that all of the rules in other services are correct. 

     # yum update
 # reboot

    However, instead of rebooting a node host, you can restart the services that are affected or preserve the iptables state. Both processes are described in the OpenShift Container Platform iptables topic. The ovs flow rules do not need to be saved, but restarting the OpenShift Container Platform node software fixes the flow rules.

  5. Configure the host to be schedulable again: 

    $ oc adm manage-node <node_name> --schedulable=true