Chapter 2. Preparing for a minor update

You must follow some preparation steps on the undercloud and overcloud before you begin the process to update Red Hat OpenStack Platform 16.1 to the latest minor release.

2.1. Locking the environment to a Red Hat Enterprise Linux release

Red Hat OpenStack Platform 16.1 is supported on Red Hat Enterprise Linux 8.2. Prior to performing the update, lock the undercloud and overcloud repositories to the Red Hat Enterprise Linux 8.2 release to avoid upgrading the operating system to a newer minor release.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
  3. Edit your overcloud subscription management environment file, which is the file that contains the RhsmVars parameter. The default name for this file is usually rhsm.yml.

  4. Check your subscription management configuration for the rhsm_release parameter. If this parameter is not set, add this parameter and set the parameter to 8.2: 

    parameter_defaults:
  RhsmVars:
    …​
    rhsm_username: "myusername"
    rhsm_password: "p@55w0rd!"
    rhsm_org_id: "1234567"
    rhsm_pool_ids: "1a85f9223e3d5e43013e3d6e8ff506fd"
    rhsm_method: "portal"
    rhsm_release: "8.2"
  5. Save the overcloud subscription management environment file.

  6. Create a static inventory file of your overcloud: 

    $ tripleo-ansible-inventory --ansible_ssh_user heat-admin --static-yaml-inventory ~/inventory.yaml

    If you use an overcloud name different to the default overcloud name of overcloud, set the name of your overcloud with the --plan option.

  7. Create a playbook that contains a task to lock the operating system version to Red Hat Enterprise Linux 8.2 on all nodes: 

    $ cat > ~/set_release.yaml <<'EOF'
- hosts: all
  gather_facts: false
  tasks:
    - name: set release to 8.2
      command: subscription-manager release --set=8.2
      become: true
EOF

  8. Run the set_release.yaml playbook: 

    $ ansible-playbook -i ~/inventory.yaml -f 25 ~/set_release.yaml --limit <undercloud>,<Controller>,<Compute>
    • Use the --limit option to apply the content to all RHOSP nodes. Replace <undercloud>, <Controller>, <Compute> with the Ansible groups in your environment that contain those nodes.
    • You cannot run this playbook against Ceph Storage nodes if you are using a different subscription for these nodes.
Note

To manually lock a node to a version, log in to the node and run the subscription-manager release command: 

$ sudo subscription-manager release --set=8.2

2.2. Changing from EUS repositories to TUS repositories

Your Red Hat OpenStack Platform subscription includes repositories for Red Hat Enterprise Linux 8.2 Extended Update Support (EUS). After April 30, 2022, you must enable the RHEL 8.2 Telecommunications Update Service (TUS) repositories for Maintenance Support. The TUS repositories include the latest security patches and bug fixes for Red Hat Enterprise Linux 8.2. Switch to the following repositories before performing an update.

EUS RepositoryTUS Repository

rhel-8-for-x86_64-baseos-eus-rpms

rhel-8-for-x86_64-baseos-tus-rpms

rhel-8-for-x86_64-appstream-eus-rpms

rhel-8-for-x86_64-appstream-tus-rpms

rhel-8-for-x86_64-highavailability-eus-rpms

rhel-8-for-x86_64-highavailability-tus-rpms

Important

You must use TUS repositories to retain compatibility with a specific version of Podman. Later versions of Podman are untested for the Red Hat Open Stack Platform 16.1 release and can cause unexpected results.

Prerequisites

  • RHOSP 16.1 EUS subscription

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
  3. Edit your overcloud subscription management environment file, which is the file that contains the RhsmVars parameter. The default name for this file is usually rhsm.yml.

  4. Check the rhsm_repos parameter in your subscription management configuration. If this parameter does not include the TUS repositories, change the relevant repositories to the TUS versions: 

    parameter_defaults:
  RhsmVars:
    rhsm_repos:
      - rhel-8-for-x86_64-baseos-tus-rpms
      - rhel-8-for-x86_64-appstream-tus-rpms
      - rhel-8-for-x86_64-highavailability-tus-rpms
      - ansible-2.9-for-rhel-8-x86_64-rpms
      - advanced-virt-for-rhel-8-x86_64-rpms
      - openstack-16.1-for-rhel-8-x86_64-rpms
      - rhceph-4-tools-for-rhel-8-x86_64-rpms
      - fast-datapath-for-rhel-8-x86_64-rpms
  5. Save the overcloud subscription management environment file.

  6. Create a static inventory file of your overcloud: 

    $ tripleo-ansible-inventory --ansible_ssh_user heat-admin --static-yaml-inventory ~/inventory.yaml

    If you use an overcloud name that is different from the default overcloud name of overcloud, set the name of your overcloud by using the --plan option.

  7. Create a playbook that contains a task to set the repositories to Red Hat Enterprise Linux 8.2 TUS on all nodes: 

    $ cat > ~/change_tus.yaml <<'EOF'
- hosts: all
  gather_facts: false
  tasks:
    - name: change to tus repos
      command: subscription-manager repos --disable=rhel-8-for-x86_64-baseos-eus-rpms --disable=rhel-8-for-x86_64-appstream-eus-rpms --disable=rhel-8-for-x86_64-highavailability-eus-rpms --enable=rhel-8-for-x86_64-baseos-tus-rpms --enable=rhel-8-for-x86_64-appstream-tus-rpms --enable=rhel-8-for-x86_64-highavailability-tus-rpms
      become: true
EOF

  8. Run the change_tus.yaml playbook: 

    $ ansible-playbook -i ~/inventory.yaml -f 25 ~/change_tus.yaml --limit <undercloud>,<Controller>,<Compute>
    • Use the --limit option to apply the content to all RHOSP nodes. Replace <undercloud>, <Controller>, <Compute> with the Ansible groups in your environment that contain those nodes.
    • You cannot run this playbook against Ceph Storage nodes if you are using a different subscription for these nodes.

2.3. Updating Red Hat Openstack Platform and Ansible repositories

Update your repositories to use Red Hat OpenStack Platform 16.1 and Ansible 2.9 packages.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
  3. Edit your overcloud subscription management environment file, which is the file that contains the RhsmVars parameter. The default name for this file is usually rhsm.yml.

  4. Check the rhsm_repos parameter in your subscription management configuration. If the rhsm_repos parameter is using the Red Hat OpenStack Platform 16.0 and Ansible 2.8 repositories, change the repository to the correct versions: 

    parameter_defaults:
  RhsmVars:
    rhsm_repos:
      - rhel-8-for-x86_64-baseos-tus-rpms
      - rhel-8-for-x86_64-appstream-tus-rpms
      - rhel-8-for-x86_64-highavailability-tus-rpms
      - ansible-2.9-for-rhel-8-x86_64-rpms
      - advanced-virt-for-rhel-8-x86_64-rpms
      - openstack-16.1-for-rhel-8-x86_64-rpms
      - fast-datapath-for-rhel-8-x86_64-rpms
  5. Save the overcloud subscription management environment file.

  6. Create a static inventory file of your overcloud: 

    $ tripleo-ansible-inventory --ansible_ssh_user heat-admin --static-yaml-inventory ~/inventory.yaml

    If you use an overcloud name that is different from the default overcloud name of overcloud, set the name of your overcloud by using the --plan option.

  7. Create a playbook that contains a task to set the repositories to Red Hat OpenStack Platform 16.1 on all nodes: 

    $ cat > ~/update_rhosp_repos.yaml <<'EOF'
- hosts: all
  gather_facts: false
  tasks:
    - name: change osp repos
      command: subscription-manager repos --disable=openstack-16-for-rhel-8-x86_64-rpms --enable=openstack-16.1-for-rhel-8-x86_64-rpms --disable=ansible-2.8-for-rhel-8-x86_64-rpms --enable=ansible-2.9-for-rhel-8-x86_64-rpms
      become: true
EOF

  8. Run the update_rhosp_repos.yaml playbook: 

    $ ansible-playbook -i ~/inventory.yaml -f 25 ~/update_rhosp_repos.yaml --limit <undercloud>,<Controller>,<Compute>
    • Use the --limit option to apply the content to all RHOSP nodes. Replace <undercloud>, <Controller>, <Compute> with the Ansible groups in your environment that contain those nodes.
    • You cannot run this playbook against Ceph Storage nodes if you are using a different subscription for these nodes.

  9. Create a playbook that contains a task to set the repositories to Red Hat OpenStack Platform 16.1 on all nodes: 

    $ cat > ~/update_ceph_repos.yaml <<'EOF'
- hosts: all
  gather_facts: false
  tasks:
    - name: change ceph repos
      command: subscription-manager repos --disable=openstack-16-deployment-tools-for-rhel-8-x86_64-rpms --enable=openstack-16.1-deployment-tools-for-rhel-8-x86_64-rpms --disable=ansible-2.8-for-rhel-8-x86_64-rpms --enable=ansible-2.9-for-rhel-8-x86_64-rpms
      become: true
EOF

  10. Run the update_ceph_repos.yaml playbook: 

    $ ansible-playbook -i ~/inventory.yaml -f 25 ~/update_ceph_repos.yaml --limit CephStorage

    Use the --limit option to apply the content to Ceph Storage nodes.

2.4. Setting the container-tools version

Set the container-tools module to version 2.0 to ensure you use the correct package versions on all nodes.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc

  3. Create a static inventory file of your overcloud: 

    $ tripleo-ansible-inventory --ansible_ssh_user heat-admin --static-yaml-inventory ~/inventory.yaml

    If you use an overcloud name different to the default overcloud name of overcloud, set the name of your overcloud with the --plan option.

  4. Create a playbook that contains a task to set the container-tools module to version 2.0 on all nodes: 

    $ cat > ~/container-tools.yaml <<'EOF'
- hosts: all
  gather_facts: false
  tasks:
    - name: disable default dnf module for container-tools
      command: dnf module reset -y container-tools
      become: true
    - name: set dnf module for container-tools:2.0
      command: dnf module enable -y container-tools:2.0
      become: true
EOF

  5. Run the container-tools.yaml playbook against all nodes: 

    $ ansible-playbook -i ~/inventory.yaml -f 25 ~/container-tools.yaml

2.5. Updating your container image preparation file

Your container preparation file is the file that contains the ContainerImagePrepare parameter. You use this file to define the rules for obtaining container images for the undercloud and overcloud. Before you update your environment, check the file to ensure you obtain the correct image versions.

Procedure

  1. Edit the container preparation file. The default name for this file is usually containers-prepare-parameter.yaml.

  2. Check the tag parameter is set to 16.1 for each rule set: 

    parameter_defaults:
  ContainerImagePrepare:
  - push_destination: true
    set:
      …​
      tag: '16.1'
    tag_from_label: '{version}-{release}'
Note

If you do not want to use a specific tag for the update, such as 16.1 or 16.1.2, remove the tag key-value pair and specify tag_from_label only. This will use the installed Red Hat OpenStack Platform version when determining the value for the tag to use as part of the update process.

  1. Save this file.

2.6. Updating your SSL/TLS configuration

Remove the NodeTLSData resource from the resource_registry to update your SSL/TLS configuration.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file: 

    $ source ~/stackrc
  3. Edit your custom overcloud SSL/TLS public endpoint file, which is usually named ~/templates/enable-tls.yaml.

  4. Remove the NodeTLSData resource from the `resource_registry: 

    resource_registry:
  OS::TripleO::NodeTLSData: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/tls/tls-cert-inject.yaml
  …​

    The overcloud deployment uses a new service in HAProxy to determine if SSL/TLS is enabled.

    Note

    If this is the only resource in the resource_registry section of the enable-tls.yaml file, remove the complete resource_registry section.

  5. Save the SSL/TLS public endpoint file file.

2.7. Disabling fencing in the overcloud

Before you update the overcloud, ensure that fencing is disabled.

If fencing is deployed in your environment during the Controller nodes update process, the overcloud might detect certain nodes as disabled and attempt fencing operations, which can cause unintended results.

If you have enabled fencing in the overcloud, you must temporarily disable fencing for the duration of the update to avoid any unintended results.

Procedure

  1. Log in to the undercloud as the stack user.

  2. Source the stackrc file. 

    $ source ~/stackrc

  3. Log in to a Controller node and run the Pacemaker command to disable fencing: 

    $ ssh heat-admin@CONTROLLER_IP "sudo pcs property set stonith-enabled=false"
  4. In the fencing.yaml environment file, set the EnableFencing parameter to false to ensure that fencing stays disabled during the update process.

Additional Resources