Updating Contrail Networking using the Zero Impact Upgrade Process in an Environment using Red Hat Openstack 16.1
This document provides the steps needed to update a Contrail Networking deployment that is using Red Hat Openstack 16.1 as it’s orchestration platform. The procedure provides a zero impact upgrade (ZIU) with minimal disruption to network operations.
If you are using Contrail Networking in an environment that is using a Red Hat Openstack 13-based release, see Updating Contrail Networking using the Zero Impact Upgrade Process in an Environment using Red Hat Openstack 13.
When to Use This Procedure
This procedure is used to upgrade Contrail Networking when it is running in environments using RHOSP version 16.1 (RHOSP16.1).
The procedure in this document has been validated for the following Contrail Networking upgrade scenarios:
Table 1: Contrail Networking with RHOSP16.1 Validated Upgrade Scenarios
Starting Contrail Networking Release
Target Upgraded Contrail Networking Release
2011.L1 or any later 2011.L release
2011.L2 or any later 2011.L release
2011.L1 or any later 2011.L release
Any 21.3 Release
A different procedure is followed for upgrading Contrail Networking in environments using Red Hat Openstack 13. See Updating Contrail Networking using the Zero Impact Upgrade Process in an Environment using Red Hat Openstack 13.
This document makes the following assumptions about your environment:
A Contrail Networking deployment using Red Hat Openstack version 16.1 (RHOSP16.1) as the orchestration platform is already operational.
The overcloud nodes in the RHOSP16.1 environment have an enabled Red Hat Enterprise Linux (RHEL) subscription.
Your environment is running Contrail Release 2011.L1 and upgrading to Contrail Release 2011.L2 or later.
If you are updating Red Hat Openstack simultaneously with Contrail Networking, we assume that the undercloud node is updated to the latest minor version and that new overcloud images are prepared for an upgrade. See the Upgrading the Undercloud section of the Keeping Red Hat OpenStack Platform Updated guide from Red Hat.
If the undercloud has been updated and a copy of the heat templates are used for the deployment, update the copy of the heat template from the Red Hat’s core heat template collection at /usr/share/openstack-tripleo-heat-templates. See the Understanding Heat Templates document from Red Hat for information on this process.
Before You Begin
We recommend performing these procedures before starting the update:
Backup your Contrail configuration database before starting this procedure. See How to Backup and Restore Contrail Databases in JSON Format in Openstack Environments Using the Openstack 16.1 Director Deployment.
Each compute node agent will go down during this procedure, causing some compute node downtime. The estimated downtime for a compute node varies by environment, but typically took between 12 and 15 minutes in our testing environments.
If you have compute nodes with workloads that cannot tolerate this downtime, consider migrating workloads or taking other steps to accommodate this downtime in your environment.
Updating Contrail Networking in an Environment using Red Hat Openstack 16.1
To update Contrail Networking in an environment that is using Red Hat Openstack 16.1 as the orchestration platform:
- Prepare your container registry. The registry is often included in the undercloud, but it can also be a separate node.
- Backup the Contrail TripleO Heat Templates. See Using the Contrail Heat Template.
- Get the Contrail TripleO Heat Templates (Stable/Train
branch) from https://github.com/Juniper/contrail-tripleo-heat-templates.
Prepare the new tripleo-heat-templates with latest available software from Openstack and Contrail Networking.
sudo cp -r /usr/share/openstack-tripleo-heat-templates/ tripleo-heat-templates sudo git clone https://github.com/tungstenfabric/tf-tripleo-heat-templates -b stable/train sudo cp -r tf-tripleo-heat-templates/* tripleo-heat-templates/
- Update the parameter ContrailImageTag to the new version.
The location of the ContrailImageTag variable varies by environment. In the most commonly-used environments, this variable is set in the contrail-services.yaml file.
You can obtain the ContrailImageTag parameter from the README Access to Contrail Registry 20XX
If you are using the undercloud as a registry, ensure the new contrail image is updated in undercloud before proceeding further.
- Update the overcloud by entering
the openstack overcloud update prepare command and include
the files that were updated during the previous steps with the overcloud
(undercloud) [stack@uc-train ~]$ cat deploy-ipu-prepare.sh python3 tripleo-heat-templates/tools/process-templates.py --clean \ -r roles_data_contrail_aio.yaml -p tripleo-heat-templates/ python3 tripleo-heat-templates/tools/process-templates.py \ -r roles_data_contrail_aio.yaml \ -p tripleo-heat-templates/ openstack overcloud update prepare --templates tripleo-heat-templates/ \ --stack overcloud --libvirt-type kvm \ --roles-file roles_data_contrail_aio.yaml \ -e ~/rhsm.yaml \ -e tripleo-heat-templates/environments/network-isolation.yaml \ -e tripleo-heat-templates/environments/contrail/contrail-services.yaml \ -e tripleo-heat-templates /environments/contrail/contrail-net.yaml \ -e tripleo-heat-templates /environments/contrail/contrail-plugins.yaml \ -e tripleo-heat-templates/environments/contrail/contrail-tls.yaml \ -e tripleo-heat-templates /environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e tripleo-heat-templates /environments/services/haproxy-public-tls-certmonger.yaml \ -e tripleo-heat-templates /environments/ssl/enable-internal-tls.yaml \ -e containers-prepare-parameter.yaml
- Prepare the overcloud nodes that include Contrail containers
for the update.
Pull the images in the repository onto the overcloud nodes.
There are multiple methods for performing this step. Commonly used methods for performing this operation include using the podman pull command for Docker containers and the openstack overcloud container image upload command for Openstack containers, or running the tripleo-heat-templates/upload.containers.sh and tools/contrail/update_contrail_preparation.sh scripts.
(Not required in all setups) Provide export variables for the script if the predefined values aren’t appropriate for your environment. The script location:
The following variables within the script are particularly significant for this upgrade:
CONTRAIL_NEW_IMAGE_TAG—The image tag of the target upgrade version of Contrail. The default value is latest.
If needed, you can obtain this parameter for a specific image from the README Access to Contrail Registry 20XX
Some older deployments use the CONTRAIL_IMAGE_TAG variable in place of the CONTRAIL_NEW_IMAGE_TAG variable. Both variables are recognized by the update_contrail_preparation.sh script and perform the same function.
SSH_USER—The SSH username for logging into overcloud nodes. The default value is heat-admin.
SSH_OPTIONS—Custom SSH option values.
The default SSH options for your environment are typically pre-defined. You are typically only changing this value if you want to customize your update.
STOP_CONTAINERS—The list of containers that must be stopped before the upgrade can proceed. The default value is contrail_config_api contrail_analytics_api.
Run the script:
Contrail services stop working when the script starts running.
- Update the Contrail Controller nodes:
Run the openstack overcloud update run command on the first Contrail controller and, if needed, on a Contrail Analytics node. The purpose of this step is to update one Contrail Controller and one Contrail Analytics node to support the environment so the other Contrail Controllers and analytics nodes can be updated without incurring additional downtime.
openstack overcloud update run --limit overcloud-contrailcontroller-0
Ensure that the contrail status is ok on overcloud-contrailcontroller-0 before proceeding.
If the analytics and the analyticsdb nodes are on separate nodes, you may have to update the nodes individually:
openstack overcloud update run --limit overcloud-contrailcontroller-0 openstack overcloud update run --roles ContrailAnalytics,ContrailAnalyticsDatabase
After the upgrade, check the docker container status and versions for the Contrail Controllers and the Contrail Analytics and AnalyticsDB nodes.
podman ps -a
Update the remaining Contrail Controller nodes:
openstack overcloud update run --limit overcloud-contrailcontroller-1 openstack overcloud update run --limit overcloud-contrailcontroller-2 openstack overcloud update run --limit overcloud-contrailcontroller-3 ...
- Update the Openstack Controllers using the openstack
overcloud update run commands:
openstack overcloud update run --limit overcloud-controller-0 openstack overcloud update run --limit overcloud-controller-1 openstack overcloud update run --limit overcloud-controller-2 ...
- Individually update the compute nodes.
The compute node agent will be down during this step. The estimated downtime varies by environment, but is typically between 1 and 5 minutes.
Consider migrating workloads that can’t tolerate this downtime before performing this step
openstack overcloud update run --limit overcloud-novacompute-1 openstack overcloud update run --limit overcloud-novacompute-2 openstack overcloud update run --limit overcloud-novacompute-3 ...
Reboot your compute node to complete the update.
A reboot is required to complete this procedure only if a kernel update is also needed. If you would like to avoid rebooting your compute node, check the log files in the /var/log/yum.log file to see if kernel packages were updated during the compute node update. A reboot is required only if kernel updates occurred as part of the compute node update procedure.
Use the contrail-status command to monitor upgrade status. Ensure all pods reach the running state and all services reach the active state.
This contrail-status command provides output after a successful upgrade:
Some output fields and data have been removed from this contrail-status command sample for readability.
Pod Service Original Name State analytics api contrail-analytics-api running analytics collector contrail-analytics-collector running analytics nodemgr contrail-nodemgr running analytics provisioner contrail-provisioner running analytics redis contrail-external-redis running analytics-alarm alarm-gen contrail-analytics-alarm-gen running analytics-alarm kafka contrail-external-kafka running analytics-alarm nodemgr contrail-nodemgr running analytics-alarm provisioner contrail-provisioner running analytics-alarm zookeeper contrail-external-zookeeper running analytics-snmp nodemgr contrail-nodemgr running analytics-snmp provisioner contrail-provisioner running analytics-snmp snmp-collector contrail-analytics-snmp-collector running analytics-snmp topology contrail-analytics-snmp-topology running config api contrail-controller-config-api running <trimmed> == Contrail control == control: active nodemgr: active named: active dns: active == Contrail analytics-alarm == nodemgr: active kafka: active alarm-gen: active == Contrail database == nodemgr: active query-engine: active cassandra: active == Contrail analytics == nodemgr: active api: active collector: active == Contrail config-database == nodemgr: active zookeeper: active rabbitmq: active cassandra: active == Contrail webui == web: active job: active == Contrail analytics-snmp == snmp-collector: active nodemgr: active topology: active == Contrail config == svc-monitor: active nodemgr: active device-manager: active api: active schema: active
- Enter the openstack overcloud update converge command to finalize the update.
The options used in the openstack overcloud update converge in this step will match the options used with the openstack overcloud update prepare command entered in 5.
(undercloud) [stack@uc-train ~]$ cat deploy-ipu-converge.sh python3 tripleo-heat-templates/tools/process-templates.py --clean \ -r roles_data_contrail_aio.yaml -p tripleo-heat-templates/ python3 tripleo-heat-templates/tools/process-templates.py \ -r roles_data_contrail_aio.yaml \ -p tripleo-heat-templates/ openstack overcloud update converge --templates tripleo-heat-templates/ \ --stack overcloud --libvirt-type kvm \ --roles-file roles_data_contrail_aio.yaml \ -e ~/rhsm.yaml \ -e tripleo-heat-templates/environments/network-isolation.yaml \ -e tripleo-heat-templates/environments/contrail/contrail-services.yaml \ -e tripleo-heat-templates /environments/contrail/contrail-net.yaml \ -e tripleo-heat-templates /environments/contrail/contrail-plugins.yaml \ -e tripleo-heat-templates/environments/contrail/contrail-tls.yaml \ -e tripleo-heat-templates /environments/ssl/tls-everywhere-endpoints-dns.yaml \ -e tripleo-heat-templates /environments/services/haproxy-public-tls-certmonger.yaml \ -e tripleo-heat-templates /environments/ssl/enable-internal-tls.yaml \ -e containers-prepare-parameter.yaml
Monitor screen messages indicating SUCCESS to confirm that the updates made in this step are successful.