OCP Upgrade from 3.6 to 3.7

Posted ericnie

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OCP Upgrade from 3.6 to 3.7相关的知识,希望对你有一定的参考价值。

有个好文档还是靠普很多,感谢同事的文档。升级步骤记录如下

1.检查现有环境

[[email protected] ~]# etcd --version
etcd Version: 3.2.22
Git SHA: 1674e68
Go Version: go1.9.2
Go OS/Arch: linux/amd64
[[email protected] ~]# etcdctl2 cluster-health
member a4e80e96ea75f7c8 is healthy: got healthy result from https://192.168.0.103:2379
cluster is healthy
[[email protected] ~]# etcdctl2 member list
a4e80e96ea75f7c8: name=master.example.com peerURLs=https://192.168.0.103:2380 clientURLs=https://192.168.0.103:2379 isLeader=true
[[email protected] ~]# oc get dc/router -n default
NAME      REVISION   DESIRED   CURRENT   TRIGGERED BY
router    4          2         2         config
[[email protected] ~]# oc get dc/docker-registry -n default
NAME              REVISION   DESIRED   CURRENT   TRIGGERED BY
docker-registry   1          1         1         config
[[email protected] ~]# oc get node --show-labels
NAME                 STATUS     AGE       VERSION             LABELS
master.example.com   Ready      14h       v1.6.1+5115d708d7   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=master.example.com,openshift-infra=apiserver,region=infra,router=true,zone=default
node1.example.com    Ready      14h       v1.6.1+5115d708d7   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node1.example.com,region=infra,router=true,zone=default
node2.example.com    NotReady   14h       v1.6.1+5115d708d7   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node2.example.com,region=infra,zone=default

[[email protected] ~]# oc get pv
No resources found.
[[email protected] ~]# oc get pvc
No resources found.

 

2.备份ansible脚本

cd /usr/share/ansible
cp -r plugins/ plugins-3.6.bak
cp -r openshift-ansible/ openshift-ansible-3.6.bak
ll
total 0
drwxr-xr-x. 5 root root 51 Jul 27 19:21 openshift-ansible
drwxr-xr-x. 5 root root 51 Jul 28 01:41 openshift-ansible-3.6.bak
drwxr-xr-x. 2 root root 50 Jul 27 19:21 plugins
drwxr-xr-x. 2 root root 50 Jul 28 01:40 plugins-3.6.bak
drwxr-xr-x. 2 root root  6 Jan 16  2018 roles

 

3.备份etcd数据

cp -r /etc/etcd /etc/etcd.bak
etcdctl2 backup --data-dir /var/lib/etcd --backup-dir /tmp/etcd-data
cp /var/lib/etcd/member/snap/db /tmp/etcd-data
ll /etc/etcd.bak
total 48
drwx------. 5 root root  212 Jul 28 01:47 ca
-rw-------. 1 root root 1895 Jul 28 01:47 ca.crt
-rw-r--r--. 1 root root 1526 Jul 28 01:47 etcd.conf
-rw-r--r--. 1 root root 1686 Jul 28 01:47 etcd.conf.32617.2018-07-28@00:22:18~
drwx------. 8 root root 4096 Jul 28 01:47 generated_certs
-rw-------. 1 root root 5916 Jul 28 01:47 peer.crt
-rw-r--r--. 1 root root 1005 Jul 28 01:47 peer.csr
-rw-------. 1 root root 1704 Jul 28 01:47 peer.key
-rw-------. 1 root root 5873 Jul 28 01:47 server.crt
-rw-r--r--. 1 root root 1005 Jul 28 01:47 server.csr
-rw-------. 1 root root 1704 Jul 28 01:47 server.key

ll /var/lib/etcd/member/snap/db /tmp/etcd-data
-rw-------. 1 etcd etcd 25952256 Jul 28 01:48 /var/lib/etcd/member/snap/db

/tmp/etcd-data:
total 16320
-rw-------. 1 root root 25952256 Jul 28 01:48 db
drwx------. 4 root root       29 Jul 28 01:47 member

 

4.备份配置文件

master节点

cp -r /etc/origin/master /etc/origin/master.bak
cp -r /etc/origin/node /etc/origin/node.bak
cp -r /etc/sysconfig/atomic-openshift-master-api /etc/sysconfig/atomic-openshift-master-api.bak
cp -r /etc/sysconfig/atomic-openshift-master-controllers  /etc/sysconfig/atomic-openshift-master-controller.bak
cp -r /etc/sysconfig/atomic-openshift-node /etc/sysconfig/atomic-openshift-node.bak

ll /etc/origin/master.bak
ll /etc/origin/node /etc/origin/node.bak
ll /etc/sysconfig/atomic-openshift-master-api.bak
ll /etc/sysconfig/atomic-openshift-master-controller.bak
ll /etc/sysconfig/atomic-openshift-node.bak

 

node节点

cp -r /etc/origin/node /etc/origin/node.bak
cp -r /etc/sysconfig/atomic-openshift-node /etc/sysconfig/atomic-openshift-node.bak

ll /etc/origin/node.bak
ll /etc/sysconfig/atomic-openshift-node.bak

 

备份yum repo文件

cp /etc/yum.repos.d/ocp.repo /etc/yum.repos.d/ocp.repo.bak

 

5.修改yum repository文件

当然先需要把Package导入

[[email protected] ~]# cat /etc/yum.repos.d/ocp.repo
[local-rhel-7-server-rpms]
name=rhel-7-server-rpms
baseurl=http://192.168.56.103:8080/repo/rhel-7-server-rpms
enabled=1
gpgcheck=0
[local-rhel-7-server-extras-rpms]
name=rhel-7-server-extras-rpms
baseurl=http://192.168.56.103:8080/repo/rhel-7-server-extras-rpms
enabled=1
gpgcheck=0
[local-rhel-7-fast-datapath-rpms]
name=rhel-7-fast-datapath-rpms
baseurl=http://192.168.56.103:8080/repo/rhel-7-fast-datapath-rpms
enabled=1
gpgcheck=0
[local-rhel-7-server-ose-3.7-rpms]
name=rhel-7-server-ose-3.7-rpms
baseurl=http://192.168.56.103:8080/repo/rhel-7-server-ose-3.7-rpms
enabled=1
gpgcheck=0

 

yum clean all
yum repolist

yum update -y

 

6.升级ansible

yum update atomic-openshift-utils ansible
rpm -qa | grep atomic-openshift-utils
atomic-openshift-utils-3.7.57-1.git.33.cf01e48.el7.noarch

 

7.备份模板

mv /usr/share/openshift/examples /usr/share/openshift/examples.3.6
mkdir -p /usr/share/openshift/examples
cp -R /usr/share/ansible/openshift-ansible/roles/openshift_examples/files/examples/v3.7/* /usr/share/openshift/examples/

 

8.导入镜像

导入镜像过程略,完成后需要对registry-console进行重新tag和push

docker tag registry.example.com/openshift3/registry-console:v3.7.64 registry.example.com/openshift3/registry-console:v3.7

docker push registry.example.com/openshift3/registry-console:v3.7

 

10.修改hosts文件

/etc/ansible/hosts文件

[OSEv3:children]
masters
nodes
etcd
nfs

[OSEv3:vars]
ansible_ssh_user=root
openshift_deployment_type=openshift-enterprise
openshift_release=v3.7

osm_use_cockpit=true
osm_cockpit_plugins=[cockpit-kubernetes]
openshift_cockpit_deployer_prefix=openshift3/
openshift_cockpit_deployer_version=v3.7.64

osm_cluster_network_cidr=10.128.0.0/14
openshift_portal_net=172.30.0.0/16
openshift_master_api_port=8443
openshift_master_console_port=8443


openshift_enable_service_catalog=true
openshift_service_catalog_image_prefix=registry.example.com/openshift3/ose-
openshift_service_catalog_image_version=v3.7.64
ansible_service_broker_image_prefix=registry.example.com/openshift3/ose-
ansible_service_broker_etcd_image_prefix=registry.example.com/rhel7/
template_service_broker_prefix=registry.example.com/openshift3/
oreg_url=registry.example.com/openshift3/ose-${component}:${version}
openshift_examples_modify_imagestreams=true
openshift_clock_enabled=true

openshift_metrics_storage_kind=nfs
openshift_metrics_install_metrics=true
openshift_metrics_storage_access_modes=[ReadWriteOnce]
openshift_metrics_storage_host=nfs.example.com
openshift_metrics_storage_nfs_directory=/exports
openshift_metrics_storage_volume_name=metrics
openshift_metrics_storage_volume_size=10Gi
openshift_metrics_hawkular_hostname=hawkular-metrics.apps.example.com
openshift_metrics_cassandra_storage_type=emptydir
openshift_metrics_image_prefix=registry.example.com/openshift3/
openshift_hosted_metrics_deploy=true
openshift_hosted_metrics_public_url=https://hawkular-metrics.apps.example.com/hawkular/metrics
openshift_metrics_image_prefix=registry.example.com/openshift3/
openshift_metrics_image_version=v3.7.64


openshift_template_service_broker_namespaces=[openshift]
template_service_broker_selector={"node": "true"}
openshift_master_identity_providers=[{name: htpasswd_auth, login: true, challenge: true, kind: HTPasswdPasswordIdentityProvider, filename: /etc/origin/master/htpasswd}]
# Default login account: admin / handhand
openshift_master_htpasswd_users={admin: $apr1$gfaL16Jf$c.5LAvg3xNDVQTkk6HpGB1}


#openshift_repos_enable_testing=true
openshift_disable_check=docker_image_availability,disk_availability,memory_availability,docker_storage
docker_selinux_enabled=false
openshift_docker_options=" --selinux-enabled --insecure-registry 172.30.0.0/16 --log-driver json-file --log-opt max-size=50M --log-opt max-file=3 --insecure-registry registry.example.com --add-registry registry.example.com"
openshift_docker_additional_registries=registry.example.com
openshift_docker_insecure_registries=registry.example.com
osm_etcd_image=rhel7/etcd
openshift_logging_image_prefix=registry.example.com/openshift3/

openshift_hosted_router_selector=region=infra,router=true
openshift_master_default_subdomain=app.example.com


# host group for masters
[masters]
master.example.com
# host group for etcd
[etcd]
master.example.com

# host group for nodes, includes region info
[nodes]
master.example.com openshift_node_labels="{‘region‘: ‘infra‘, ‘router‘: ‘true‘, ‘zone‘: ‘default‘}" openshift_schedulable=true
node1.example.com openshift_node_labels="{‘region‘: ‘infra‘, ‘router‘: ‘true‘, ‘zone‘: ‘default‘}" openshift_schedulable=true
node2.example.com openshift_node_labels="{‘region‘: ‘infra‘, ‘zone‘: ‘default‘}" openshift_schedulable=true

[nfs]
nfs.example.com

 

11.升级前的检查

ansible-playbook --tags pre_upgrade /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade.yml 

遇到一个问题说master,node1,node2的节点的Docker的版本需要1.12以上,但master,node1,node2的docker版本已经是1.13.1

解决办法,修改/etc/yum.conf文件,屏蔽下面这句话,跳过检查

#exclude= docker*1.20*  docker*1.19*  docker*1.18*  docker*1.17*  docker*1.16*  docker*1.15*  docker*1.14*  docker*1.13* 

 

12.升级

升级master节点

ansible-playbook -vv /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_control_plane.yml | tee /tmp/upgrade_control_plane_to_3_7.log;

升级完后显示

TASK [Warn if shared-resource-viewer could not be updated] **************************************************************************************************************
task path: /usr/share/ansible/openshift-ansible/playbooks/common/openshift-cluster/upgrades/post_control_plane.yml:134
skipping: [master.example.com] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers

PLAY RECAP **************************************************************************************************************************************************************
localhost                  : ok=26   changed=0    unreachable=0    failed=0   
master.example.com         : ok=410  changed=87   unreachable=0    failed=0   
nfs.example.com            : ok=33   changed=2    unreachable=0    failed=0   
node1.example.com          : ok=50   changed=2    unreachable=0    failed=0   
node2.example.com          : ok=50   changed=2    unreachable=0    failed=0   

检查

[[email protected] ansible]# oc get nodes
NAME                 STATUS    AGE       VERSION
master.example.com   Ready     3h        v1.7.6+a08f5eeb62
node1.example.com    Ready     3h        v1.6.1+5115d708d7
node2.example.com    Ready     3h        v1.6.1+5115d708d7


[[email protected] ansible]# oc get pods --all-namespaces
NAMESPACE              NAME                         READY     STATUS             RESTARTS   AGE
default                docker-registry-2-94zld      1/1       Running            0          6m
default                registry-console-2-lmhgx     1/1       Running            0          6m
default                router-2-8hnmz               1/1       Running            0          6m
default                router-2-g6tlm               1/1       Running            0          5m
kube-service-catalog   apiserver-z6nmz              1/1       Running            4          2h
kube-service-catalog   controller-manager-d2jgc     0/1       CrashLoopBackOff   9          2h
openshift-infra        hawkular-cassandra-1-gp4n9   1/1       Running            0          10m
openshift-infra        hawkular-metrics-4j828       1/1       Running            1          2h
openshift-infra        heapster-rgwrw               1/1       Running            6          3h


[[email protected] ansible]# oc version
oc v3.7.64
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth GSSAPI Kerberos SPNEGO

Server https://master.example.com:8443
openshift v3.7.64
kubernetes v1.7.6+a08f5eeb62

 

升级node节点

ansible-playbook -vv /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_7/upgrade_nodes.yml -e openshift_upgrade_nodes_serial=1 | tee /tmp/upgrade_node_to_3_7.log;

升级完成后提示

TASK [include] **********************************************************************************************************************************************************
task path: /usr/share/ansible/openshift-ansible/playbooks/common/openshift-cluster/upgrades/upgrade_nodes.yml:83
skipping: [node2.example.com] => {"changed": false, "skip_reason": "Conditional result was False"}
META: ran handlers

PLAY RECAP **************************************************************************************************************************************************************
localhost                  : ok=12   changed=0    unreachable=0    failed=0   
master.example.com         : ok=76   changed=4    unreachable=0    failed=0   
nfs.example.com            : ok=33   changed=2    unreachable=0    failed=0   
node1.example.com          : ok=174  changed=30   unreachable=0    failed=0   
node2.example.com          : ok=174  changed=30   unreachable=0    failed=0   

检查

[[email protected] ansible]# oc get nodes
NAME                 STATUS    AGE       VERSION
master.example.com   Ready     3h        v1.7.6+a08f5eeb62
node1.example.com    Ready     3h        v1.7.6+a08f5eeb62
node2.example.com    Ready     3h        v1.7.6+a08f5eeb62

[[email protected] ansible]# oc get pods --all-namespaces
NAMESPACE              NAME                         READY     STATUS    RESTARTS   AGE
default                docker-registry-2-x7sqf      1/1       Running   0          4m
default                registry-console-2-mslwb     1/1       Running   0          4m
default                router-2-79qjr               1/1       Running   0          8m
default                router-2-8hnmz               1/1       Running   0          20m
kube-service-catalog   apiserver-z6nmz              1/1       Running   4          3h
kube-service-catalog   controller-manager-d2jgc     0/1       Error     12         2h
openshift-infra        hawkular-cassandra-1-qg2bj   1/1       Running   0          8m
openshift-infra        hawkular-metrics-bqqm8       0/1       Running   0          4m
openshift-infra        heapster-zt87w               1/1       Running   0          8m

 

以上是关于OCP Upgrade from 3.6 to 3.7的主要内容,如果未能解决你的问题,请参考以下文章

Upgrade to Oracle Database 12c OCP 1z0-060 No.1

How To Upgrade ASM from 10.2 to 11.1 (RAC)

Docker - Upgrade from 1.12 to 1.13

Upgrade Oracle GI from 11.2 to 12C

Oracle 19c Database Upgrade From 12.2.0.1 to 19.2.0.0 Using DBU

Upgrade gnugk from 4.7 to 4.9 on ubuntu 16.04.4