Chapter 2. Preparing for a minor update
You must follow some preparation steps on the undercloud and overcloud before you begin the process to update Red Hat OpenStack Platform 16.1 to the latest minor release.
2.1. Locking the environment to a Red Hat Enterprise Linux release
Red Hat OpenStack Platform 16.1 is supported on Red Hat Enterprise Linux 8.2. Prior to performing the update, lock the undercloud and overcloud repositories to the Red Hat Enterprise Linux 8.2 release to avoid upgrading the operating system to a newer minor release.
Procedure
-
Log in to the undercloud as the
stack
user. Source the
stackrc
file:$ source ~/stackrc
-
Edit your overcloud subscription management environment file, which is the file that contains the
RhsmVars
parameter. The default name for this file is usuallyrhsm.yml
. Check your subscription management configuration for the
rhsm_release
parameter. If this parameter is not set, add this parameter and set the parameter to 8.2:parameter_defaults: RhsmVars: … rhsm_username: "myusername" rhsm_password: "p@55w0rd!" rhsm_org_id: "1234567" rhsm_pool_ids: "1a85f9223e3d5e43013e3d6e8ff506fd" rhsm_method: "portal" rhsm_release: "8.2"
- Save the overcloud subscription management environment file.
Create a static inventory file of your overcloud:
$ tripleo-ansible-inventory --ansible_ssh_user heat-admin --static-yaml-inventory ~/inventory.yaml
If you use an overcloud name different to the default overcloud name of
overcloud
, set the name of your overcloud with the--plan
option.Create a playbook that contains a task to lock the operating system version to Red Hat Enterprise Linux 8.2 on all nodes:
$ cat > ~/set_release.yaml <<'EOF' - hosts: all gather_facts: false tasks: - name: set release to 8.2 command: subscription-manager release --set=8.2 become: true EOF
Run the
set_release.yaml
playbook:$ ansible-playbook -i ~/inventory.yaml -f 25 ~/set_release.yaml --limit <undercloud>,<Controller>,<Compute>
-
Use the
--limit
option to apply the content to all RHOSP nodes. Replace<undercloud>
,<Controller>
,<Compute>
with the Ansible groups in your environment that contain those nodes. - You cannot run this playbook against Ceph Storage nodes if you are using a different subscription for these nodes.
-
Use the
To manually lock a node to a version, log in to the node and run the subscription-manager release
command:
$ sudo subscription-manager release --set=8.2
2.2. Changing from EUS repositories to TUS repositories
Your Red Hat OpenStack Platform subscription includes repositories for Red Hat Enterprise Linux 8.2 Extended Update Support (EUS). After April 30, 2022, you must enable the RHEL 8.2 Telecommunications Update Service (TUS) repositories for Maintenance Support. The TUS repositories include the latest security patches and bug fixes for Red Hat Enterprise Linux 8.2. Switch to the following repositories before performing an update.
EUS Repository | TUS Repository |
---|---|
rhel-8-for-x86_64-baseos-eus-rpms | rhel-8-for-x86_64-baseos-tus-rpms |
rhel-8-for-x86_64-appstream-eus-rpms | rhel-8-for-x86_64-appstream-tus-rpms |
rhel-8-for-x86_64-highavailability-eus-rpms | rhel-8-for-x86_64-highavailability-tus-rpms |
You must use TUS repositories to retain compatibility with a specific version of Podman. Later versions of Podman are untested for the Red Hat Open Stack Platform 16.1 release and can cause unexpected results.
Prerequisites
- RHOSP 16.1 EUS subscription
Procedure
-
Log in to the undercloud as the
stack
user. Source the
stackrc
file:$ source ~/stackrc
-
Edit your overcloud subscription management environment file, which is the file that contains the
RhsmVars
parameter. The default name for this file is usuallyrhsm.yml
. Check the
rhsm_repos
parameter in your subscription management configuration. If this parameter does not include the TUS repositories, change the relevant repositories to the TUS versions:parameter_defaults: RhsmVars: rhsm_repos: - rhel-8-for-x86_64-baseos-tus-rpms - rhel-8-for-x86_64-appstream-tus-rpms - rhel-8-for-x86_64-highavailability-tus-rpms - ansible-2.9-for-rhel-8-x86_64-rpms - advanced-virt-for-rhel-8-x86_64-rpms - openstack-16.1-for-rhel-8-x86_64-rpms - rhceph-4-tools-for-rhel-8-x86_64-rpms - fast-datapath-for-rhel-8-x86_64-rpms
- Save the overcloud subscription management environment file.
Create a static inventory file of your overcloud:
$ tripleo-ansible-inventory --ansible_ssh_user heat-admin --static-yaml-inventory ~/inventory.yaml
If you use an overcloud name that is different from the default overcloud name of
overcloud
, set the name of your overcloud by using the--plan
option.Create a playbook that contains a task to set the repositories to Red Hat Enterprise Linux 8.2 TUS on all nodes:
$ cat > ~/change_tus.yaml <<'EOF' - hosts: all gather_facts: false tasks: - name: change to tus repos command: subscription-manager repos --disable=rhel-8-for-x86_64-baseos-eus-rpms --disable=rhel-8-for-x86_64-appstream-eus-rpms --disable=rhel-8-for-x86_64-highavailability-eus-rpms --enable=rhel-8-for-x86_64-baseos-tus-rpms --enable=rhel-8-for-x86_64-appstream-tus-rpms --enable=rhel-8-for-x86_64-highavailability-tus-rpms become: true EOF
Run the
change_tus.yaml
playbook:$ ansible-playbook -i ~/inventory.yaml -f 25 ~/change_tus.yaml --limit <undercloud>,<Controller>,<Compute>
-
Use the
--limit
option to apply the content to all RHOSP nodes. Replace<undercloud>
,<Controller>
,<Compute>
with the Ansible groups in your environment that contain those nodes. - You cannot run this playbook against Ceph Storage nodes if you are using a different subscription for these nodes.
-
Use the
2.3. Updating Red Hat Openstack Platform and Ansible repositories
Update your repositories to use Red Hat OpenStack Platform 16.1 and Ansible 2.9 packages.
Procedure
-
Log in to the undercloud as the
stack
user. Source the
stackrc
file:$ source ~/stackrc
-
Edit your overcloud subscription management environment file, which is the file that contains the
RhsmVars
parameter. The default name for this file is usuallyrhsm.yml
. Check the
rhsm_repos
parameter in your subscription management configuration. If therhsm_repos
parameter is using the Red Hat OpenStack Platform 16.0 and Ansible 2.8 repositories, change the repository to the correct versions:parameter_defaults: RhsmVars: rhsm_repos: - rhel-8-for-x86_64-baseos-tus-rpms - rhel-8-for-x86_64-appstream-tus-rpms - rhel-8-for-x86_64-highavailability-tus-rpms - ansible-2.9-for-rhel-8-x86_64-rpms - advanced-virt-for-rhel-8-x86_64-rpms - openstack-16.1-for-rhel-8-x86_64-rpms - fast-datapath-for-rhel-8-x86_64-rpms
- Save the overcloud subscription management environment file.
Create a static inventory file of your overcloud:
$ tripleo-ansible-inventory --ansible_ssh_user heat-admin --static-yaml-inventory ~/inventory.yaml
If you use an overcloud name that is different from the default overcloud name of
overcloud
, set the name of your overcloud by using the--plan
option.Create a playbook that contains a task to set the repositories to Red Hat OpenStack Platform 16.1 on all nodes:
$ cat > ~/update_rhosp_repos.yaml <<'EOF' - hosts: all gather_facts: false tasks: - name: change osp repos command: subscription-manager repos --disable=openstack-16-for-rhel-8-x86_64-rpms --enable=openstack-16.1-for-rhel-8-x86_64-rpms --disable=ansible-2.8-for-rhel-8-x86_64-rpms --enable=ansible-2.9-for-rhel-8-x86_64-rpms become: true EOF
Run the
update_rhosp_repos.yaml
playbook:$ ansible-playbook -i ~/inventory.yaml -f 25 ~/update_rhosp_repos.yaml --limit <undercloud>,<Controller>,<Compute>
-
Use the
--limit
option to apply the content to all RHOSP nodes. Replace<undercloud>
,<Controller>
,<Compute>
with the Ansible groups in your environment that contain those nodes. - You cannot run this playbook against Ceph Storage nodes if you are using a different subscription for these nodes.
-
Use the
Create a playbook that contains a task to set the repositories to Red Hat OpenStack Platform 16.1 on all nodes:
$ cat > ~/update_ceph_repos.yaml <<'EOF' - hosts: all gather_facts: false tasks: - name: change ceph repos command: subscription-manager repos --disable=openstack-16-deployment-tools-for-rhel-8-x86_64-rpms --enable=openstack-16.1-deployment-tools-for-rhel-8-x86_64-rpms --disable=ansible-2.8-for-rhel-8-x86_64-rpms --enable=ansible-2.9-for-rhel-8-x86_64-rpms become: true EOF
Run the
update_ceph_repos.yaml
playbook:$ ansible-playbook -i ~/inventory.yaml -f 25 ~/update_ceph_repos.yaml --limit CephStorage
Use the
--limit
option to apply the content to Ceph Storage nodes.
2.4. Setting the container-tools version
Set the container-tools
module to version 2.0
to ensure you use the correct package versions on all nodes.
Procedure
-
Log in to the undercloud as the
stack
user. Source the
stackrc
file:$ source ~/stackrc
Create a static inventory file of your overcloud:
$ tripleo-ansible-inventory --ansible_ssh_user heat-admin --static-yaml-inventory ~/inventory.yaml
If you use an overcloud name different to the default overcloud name of
overcloud
, set the name of your overcloud with the--plan
option.Create a playbook that contains a task to set the
container-tools
module to version2.0
on all nodes:$ cat > ~/container-tools.yaml <<'EOF' - hosts: all gather_facts: false tasks: - name: disable default dnf module for container-tools command: dnf module reset -y container-tools become: true - name: set dnf module for container-tools:2.0 command: dnf module enable -y container-tools:2.0 become: true EOF
Run the
container-tools.yaml
playbook against all nodes:$ ansible-playbook -i ~/inventory.yaml -f 25 ~/container-tools.yaml
2.5. Updating your container image preparation file
Your container preparation file is the file that contains the ContainerImagePrepare
parameter. You use this file to define the rules for obtaining container images for the undercloud and overcloud. Before you update your environment, check the file to ensure you obtain the correct image versions.
Procedure
-
Edit the container preparation file. The default name for this file is usually
containers-prepare-parameter.yaml
. Check the
tag
parameter is set to16.1
for each rule set:parameter_defaults: ContainerImagePrepare: - push_destination: true set: … tag: '16.1' tag_from_label: '{version}-{release}'
If you do not want to use a specific tag for the update, such as 16.1
or 16.1.2
, remove the tag
key-value pair and specify tag_from_label
only. This will use the installed Red Hat OpenStack Platform version when determining the value for the tag to use as part of the update process.
- Save this file.
2.6. Updating your SSL/TLS configuration
Remove the NodeTLSData
resource from the resource_registry
to update your SSL/TLS configuration.
Procedure
-
Log in to the undercloud as the
stack
user. Source the
stackrc
file:$ source ~/stackrc
-
Edit your custom overcloud SSL/TLS public endpoint file, which is usually named
~/templates/enable-tls.yaml
. Remove the
NodeTLSData
resource from the `resource_registry:resource_registry: OS::TripleO::NodeTLSData: /usr/share/openstack-tripleo-heat-templates/puppet/extraconfig/tls/tls-cert-inject.yaml …
The overcloud deployment uses a new service in HAProxy to determine if SSL/TLS is enabled.
NoteIf this is the only resource in the
resource_registry
section of theenable-tls.yaml
file, remove the completeresource_registry
section.- Save the SSL/TLS public endpoint file file.
2.7. Disabling fencing in the overcloud
Before you update the overcloud, ensure that fencing is disabled.
If fencing is deployed in your environment during the Controller nodes update process, the overcloud might detect certain nodes as disabled and attempt fencing operations, which can cause unintended results.
If you have enabled fencing in the overcloud, you must temporarily disable fencing for the duration of the update to avoid any unintended results.
Procedure
-
Log in to the undercloud as the
stack
user. Source the
stackrc
file.$ source ~/stackrc
Log in to a Controller node and run the Pacemaker command to disable fencing:
$ ssh heat-admin@CONTROLLER_IP "sudo pcs property set stonith-enabled=false"
-
In the
fencing.yaml
environment file, set theEnableFencing
parameter tofalse
to ensure that fencing stays disabled during the update process.
Additional Resources