Skip to content

Commit

Permalink
Stop/start octavia services and update docs
Browse files Browse the repository at this point in the history
Updates for adoption of octavia.
Move Octavia adoption steps to the
"Adopting the data plane" section, as it fits better there.
  • Loading branch information
weinimo committed Nov 27, 2024
1 parent 36b4b13 commit ebe6304
Show file tree
Hide file tree
Showing 8 changed files with 282 additions and 23 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,6 @@ include::../assemblies/assembly_adopting-the-bare-metal-provisioning-service.ado

include::../modules/proc_adopting-the-orchestration-service.adoc[leveloffset=+1]

include::../modules/proc_adopting-the-loadbalancer-service.adoc[leveloffset=+1]

include::../modules/proc_adopting-telemetry-services.adoc[leveloffset=+1]

include::../modules/proc_adopting-autoscaling.adoc[leveloffset=+1]
Expand Down
2 changes: 2 additions & 0 deletions docs_user/assemblies/assembly_adopting-the-data-plane.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -24,5 +24,7 @@ include::../modules/proc_performing-a-fast-forward-upgrade-on-compute-services.a

include::../modules/proc_adopting-networker-services-to-the-data-plane.adoc[leveloffset=+1]

include::../modules/proc_adopting-the-loadbalancer-service.adoc[leveloffset=+1]

ifdef::parent-context[:context: {parent-context}]
ifndef::parent-context[:!context:]
2 changes: 1 addition & 1 deletion docs_user/modules/proc_adopting-the-identity-service.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ control plane, excluding the {identity_service} and its endpoints:
----
$ openstack endpoint list | grep keystone | awk '/admin/{ print $2; }' | xargs ${BASH_ALIASES[openstack]} endpoint delete || true
for service in aodh heat heat-cfn barbican cinderv3 glance gnocchi manila manilav2 neutron nova placement swift ironic-inspector ironic; do
for service in aodh heat heat-cfn barbican cinderv3 glance gnocchi manila manilav2 neutron nova placement swift ironic-inspector ironic octavia; do
openstack service list | awk "/ $service /{ print \$2; }" | xargs -r ${BASH_ALIASES[openstack]} service delete || true
done
----
Expand Down
271 changes: 253 additions & 18 deletions docs_user/modules/proc_adopting-the-loadbalancer-service.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -5,39 +5,274 @@
During the adoption process the {loadbalancer_first_ref} service
must stay disabled in the new control plane.

== Certificates
Before running the script below the shell variables `CONTROLLER1_SSH` and
`CONTROLLER1_SCP` must be set to contain the command to log into one of the
controllers using `ssh` and `scp` respectively as root user as shown below.
== Data plane adoption steps

. Create an alias for the `openstack` command
+
[source,bash]
----
$ CONTROLLER1_SSH="ssh -i <path to the ssh key> [email protected]"
$ CONTROLLER1_SCP="scp -i <path to the ssh key> [email protected]"
$ alias openstack="oc exec -t openstackclient -- openstack"
----

Make sure to replace `<path to the ssh key>` with the correct path to the ssh
key for connecting to the controller.

. Certificates
+
Before running the script below set the
`CONTROLLER1_SCP` shell variable based on the value of the
existing `CONTROLLER1_SSH` variable:
+
[source,bash]
----
$ CONTROLLER1_SCP=$(echo "$CONTROLLER1_SSH" | sed 's/^ssh/scp/g')
----
+
Then run the following set of commands in order to regenerate the
keys and certificates and install the data in OpenShift. These
commands convert the existing single CA configuration into a
dual CA configuration.
+
[source,bash]
----
include::../../tests/roles/dataplane_adoption/tasks/octavia_certs.yaml[lines="7..83",indent=0]
----

These commands convert the existing single CA configuration into a dual CA configuration.

// == TODO: Other things
// TODO
. Add the octavia interfaces to each NodeNetworkConfigurationPolicy.
+
The following command adds the network interface that is being
used as the VLAN base interface for the management network
(in this example `enp6s0`) for network isolation on the OpenShift nodes.
Please replace `enp6s0` with the name of the network interface in your
OpenShift setup.
+
[source,bash]
----
oc get -n openstack --no-headers nncp | cut -f 1 -d ' ' | while read ; do
oc patch -n openstack nncp $REPLY --type=merge --patch '
spec:
desiredState:
interfaces:
- description: Octavia vlan host interface
name: enp6s0.24
state: up
type: vlan
vlan:
base-iface: enp6s0
id: 24
- bridge:
options:
stp:
enabled: false
port:
- name: enp6s0.24
description: Configuring bridge octbr
mtu: 1500
name: octbr
state: up
type: linux-bridge
'
done
----

== Enabling the {loadbalancer_service} in OpenShift
Run the following command in order to enable the {loadbalancer_service} CR.
. Configure the network attachment definition
+
The `octavia` network attachment is needed to connect pods
that manage amphorae
and the OpenvSwitch pods (managed by the OVN operator):
+
[source,bash]
----
$ cat >> octavia-nad.yaml << EOF_CAT
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
labels:
osp/net: octavia
name: octavia
namespace: openstack
spec:
config: |
{
"cniVersion": "0.3.1",
"name": "octavia",
"type": "bridge",
"bridge": "octbr",
"ipam": {
"type": "whereabouts",
"range": "172.23.0.0/24",
"range_start": "172.23.0.30",
"range_end": "172.23.0.70",
"routes": [
{
"dst": "172.24.0.0/16",
"gw" : "172.23.0.150"
}
]
}
}
EOF_CAT
$ oc apply -n openstack -f octavia-nad.yaml
----

. Enable the {loadbalancer_service} service in OpenShift
+
[source,bash]
----
$ oc patch openstackcontrolplane openstack --type=merge --patch '
$ oc patch openstackcontrolplane openstack -n openstack --type=merge --patch '
spec:
ovn:
template:
ovnController:
nicMappings:
octavia: octbr
octavia:
enabled: true
template: {}
template:
apacheContainerImage: registry.redhat.io/rhel8/httpd-24:latest
amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image
databaseInstance: openstack
octaviaHousekeeping:
networkAttachments:
- octavia
octaviaHealthManager:
networkAttachments:
- octavia
octaviaWorker:
networkAttachments:
- octavia
'
----

. Wait for the {loadbalancer_service} control plane services CRs to become ready
+
[source,bash]
----
$ oc wait --for condition=Ready --timeout=300s octavia.octavia.openstack.org octavia
----
+

. Ensure the {loadbalancer_service} service is registered in the {identity_service}:
+
[source,bash]
----
$ openstack service list | grep load-balancer
| bd078ca6f90c4b86a48801f45eb6f0d7 | octavia | load-balancer |
$ openstack endpoint list | grep load-balancer
| f1ae7756b6164baf9cb82a1a670067a2 | regionOne | octavia | load-balancer | True | public | https://octavia-public-openstack.apps-crc.testing |
| ff3222b4621843669e89843395213049 | regionOne | octavia | load-balancer | True | internal | http://octavia-internal.openstack.svc:9876 |
----

== Clean up old resources

. Delete old flavors that have been migrated
+
[source,bash]
----
$ openstack flavor list --all | grep octavia
| 484c351a-57ca-4a4b-8e6e-93d31596fec5 | octavia-amphora-4vcpus | 4096 | 3 | 0 | 4 | False |
| 65 | octavia_65 | 1024 | 3 | 0 | 1 | False |
| amphora-mvcpu-ha | octavia_amphora-mvcpu-ha | 4096 | 3 | 0 | 4 | False |
| cf9d1d80-5680-4ed8-a051-e8ec4c5871e0 | octavia-amphora | 1024 | 3 | 0 | 1 | False |
$ openstack flavor delete octavia_65
$ openstack flavor delete octavia_amphora-mvcpu-ha
$ openstack flavor list --all | grep octavia
| 484c351a-57ca-4a4b-8e6e-93d31596fec5 | octavia-amphora-4vcpus | 4096 | 3 | 0 | 4 | False |
| cf9d1d80-5680-4ed8-a051-e8ec4c5871e0 | octavia-amphora | 1024 | 3 | 0 | 1 | False |
----

. Delete old octavia flavors that have been migrated
+
[source,bash]
----
$ openstack loadbalancer flavor list
+--------------------------------------+--------------------------+--------------------------------------+---------+
| id | name | flavor_profile_id | enabled |
+--------------------------------------+--------------------------+--------------------------------------+---------+
| 5db54d9b-ba08-4b51-a859-0a81533604aa | octavia_amphora-mvcpu-ha | 4fa6a793-4c20-4480-be4f-806912840511 | True |
| 6d649fd5-6322-4265-b5f3-c3277fc29ec8 | amphora-4vcpus | d9764a80-99f5-4f22-bbe0-3ddbdc5c485c | True |
| 93f34308-24a7-42de-9065-959a3b36e7f6 | amphora | e75e50c8-7786-4623-abcf-bccbea59d213 | True |
+--------------------------------------+--------------------------+--------------------------------------+---------+
$ openstack loadbalancer flavor delete octavia_amphora-mvcpu-ha
$ openstack loadbalancer flavor list
+--------------------------------------+----------------+--------------------------------------+---------+
| id | name | flavor_profile_id | enabled |
+--------------------------------------+----------------+--------------------------------------+---------+
| 6d649fd5-6322-4265-b5f3-c3277fc29ec8 | amphora-4vcpus | d9764a80-99f5-4f22-bbe0-3ddbdc5c485c | True |
| 93f34308-24a7-42de-9065-959a3b36e7f6 | amphora | e75e50c8-7786-4623-abcf-bccbea59d213 | True |
+--------------------------------------+----------------+--------------------------------------+---------+
----

. Delete old flavorprofile that have been migrated
+
[source,bash]
----
$ openstack loadbalancer flavorprofile list
+--------------------------------------+----------------------------------+---------------+
| id | name | provider_name |
+--------------------------------------+----------------------------------+---------------+
| 4fa6a793-4c20-4480-be4f-806912840511 | octavia_amphora-mvcpu-ha_profile | amphora |
| d9764a80-99f5-4f22-bbe0-3ddbdc5c485c | amphora-4vcpus | amphora |
| e75e50c8-7786-4623-abcf-bccbea59d213 | amphora | amphora |
+--------------------------------------+----------------------------------+---------------+
$ openstack loadbalancer flavorprofile delete octavia_amphora-mvcpu-ha_profile
$ openstack loadbalancer flavorprofile list
+--------------------------------------+----------------+---------------+
| id | name | provider_name |
+--------------------------------------+----------------+---------------+
| d9764a80-99f5-4f22-bbe0-3ddbdc5c485c | amphora-4vcpus | amphora |
| e75e50c8-7786-4623-abcf-bccbea59d213 | amphora | amphora |
+--------------------------------------+----------------+---------------+
----

. Delete the old management network ports
+
The first command stores the network ID of the old management network in the
variable WALLABY_LB_MGMT_NET_ID for later use. Then the
respective subnet id get stored in the variable WALLABY_LB_MGMT_SUBNET_ID.
Finally, all ports that are used in the network get deleted.
+
[source,bash]
----
$ for net_id in $(openstack network list -f value -c ID --name lb-mgmt-net); do desc=$(openstack network show "$net_id" -f value -c description); [ -z "$desc" ] && WALLABY_LB_MGMT_NET_ID="$net_id" ; done
$ echo $WALLABY_LB_MGMT_NET_ID
1e21f9c1-7485-4104-a2f3-eed098ab9cad
$ for id in $(openstack port list --network "$WALLABY_LB_MGMT_NET_ID" -f value -c ID) ; do openstack port delete "$id" ; done
----

. Delete the old management network
+
[source,bash]
----
$ openstack network delete "$WALLABY_LB_MGMT_NET_ID"
----

. Verify only one lb-mgmt-net and one lb-mgmt-subnet exists
+
[source,bash]
----
$ openstack network list | grep lb-mgmt-net
| fe470c29-0482-4809-9996-6d636e3feea3 | lb-mgmt-net | 6a881091-097d-441c-937b-5a23f4f243b7 |
$ openstack subnet list | grep lb-mgmt-subnet
| 6a881091-097d-441c-937b-5a23f4f243b7 | lb-mgmt-subnet | fe470c29-0482-4809-9996-6d636e3feea3 | 172.24.0.0/16 |
----

== Failover load balancers in ERROR state

As the management network configuration and the controller IP has changed
in the new control plane the amphora load balancers will show up in ERROR
state after adoption.

[source,bash]
----
$ openstack loadbalancer list
+--------------------------------------+------+----------------------------------+--------------+---------------------+------------------+----------+
| id | name | project_id | vip_address | provisioning_status | operating_status | provider |
+--------------------------------------+------+----------------------------------+--------------+---------------------+------------------+----------+
| 5dabaa20-d9df-42a7-b74e-8533ac99b152 | lb1 | c388c1dbd3ff40009a523726e009b4cf | 172.24.4.250 | ERROR | ONLINE | amphora |
+--------------------------------------+------+----------------------------------+--------------+---------------------+------------------+----------+
----

A failover is necessary to configure the loadbalancers for the new environment and to
upgrade them to use the new amphora image.

[source,bash]
----
$ openstack loadbalancer failover --wait 5dabaa20-d9df-42a7-b74e-8533ac99b152
----
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,13 @@ ServicesToStart=("tripleo_horizon.service"
"tripleo_ceilometer_agent_notification.service"
"tripleo_ovn_cluster_north_db_server.service"
"tripleo_ovn_cluster_south_db_server.service"
"tripleo_ovn_cluster_northd.service")
"tripleo_ovn_cluster_northd.service"
"tripleo_octavia_api.service"
"tripleo_octavia_health_manager.service"
"tripleo_octavia_rsyslog.service"
"tripleo_octavia_driver_agent.service"
"tripleo_octavia_housekeeping.service"
"tripleo_octavia_worker.service")
PacemakerResourcesToStart=("galera-bundle"
"haproxy-bundle"
Expand Down
6 changes: 6 additions & 0 deletions docs_user/modules/proc_stopping-openstack-services.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,12 @@ ServicesToStop=("tripleo_aodh_api.service"
"tripleo_aodh_notifier.service"
"tripleo_ceilometer_agent_central.service"
"tripleo_ceilometer_agent_notification.service"
"tripleo_octavia_api.service"
"tripleo_octavia_health_manager.service"
"tripleo_octavia_rsyslog.service"
"tripleo_octavia_driver_agent.service"
"tripleo_octavia_housekeeping.service"
"tripleo_octavia_worker.service"
"tripleo_horizon.service"
"tripleo_keystone.service"
"tripleo_barbican_api.service"
Expand Down
8 changes: 7 additions & 1 deletion tests/roles/control_plane_rollback/tasks/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,13 @@
"tripleo_ceilometer_agent_notification.service"
"tripleo_ovn_cluster_north_db_server.service"
"tripleo_ovn_cluster_south_db_server.service"
"tripleo_ovn_cluster_northd.service")
"tripleo_ovn_cluster_northd.service"
"tripleo_octavia_api.service"
"tripleo_octavia_health_manager.service"
"tripleo_octavia_rsyslog.service"
"tripleo_octavia_driver_agent.service"
"tripleo_octavia_housekeeping.service"
"tripleo_octavia_worker.service")
PacemakerResourcesToStart=("galera-bundle"
"haproxy-bundle"
Expand Down
6 changes: 6 additions & 0 deletions tests/roles/stop_openstack_services/tasks/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@
"tripleo_aodh_notifier.service"
"tripleo_ceilometer_agent_central.service"
"tripleo_ceilometer_agent_notification.service"
"tripleo_octavia_api.service"
"tripleo_octavia_health_manager.service"
"tripleo_octavia_rsyslog.service"
"tripleo_octavia_driver_agent.service"
"tripleo_octavia_housekeeping.service"
"tripleo_octavia_worker.service"
"tripleo_horizon.service"
"tripleo_keystone.service"
"tripleo_barbican_api.service"
Expand Down

0 comments on commit ebe6304

Please sign in to comment.