openstack/openstack-ansible
Code Issues Proposed changes

Merge "Update upgrade instructions for Yoga release"

Browse Source
This commit is contained in:
Zuul 2022-09-05 11:48:58 +00:00 committed by Gerrit Code Review
commit 81d475cdd3
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
doc/source/admin/upgrades/major-upgrades.rst
View File

@ -151,6 +151,13 @@ Please review the contents of the playbook for more information.
# openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml" # openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml"
Update user_variables to set overrides for the location of any existing
Ocatavia certificates.
.. code-block:: console
# openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/define-octavia-certificate-vars.yml"
Upgrade hosts Upgrade hosts
~~~~~~~~~~~~~ ~~~~~~~~~~~~~
@ -161,14 +168,14 @@ Before installing the infrastructure and OpenStack, update the host machines.
Usage of non-trusted certificates for RabbitMQ is not possible Usage of non-trusted certificates for RabbitMQ is not possible
due to requirements of newer ``amqp`` versions. due to requirements of newer ``amqp`` versions.
The internal certificate authority must be updated for the upgraded The SSH certificate authority must be updated for the upgraded release
release version. This does not regenerate or alter any existing CA certificates. version. SSH certificates are used for nova live migration and keystone
New certificate chains may be generated at this stage to cover credential synchonrisation in the new release. This step ensures that
additional parts of the deployment secured using TLS in upgraded release. the required CA is generated and available for other playbooks.
.. code-block:: console .. code-block:: console
# openstack-ansible certificate-authority.yml # openstack-ansible certificate-ssh-authority.yml
Once CA is generated, we can proceed with standard OpenStack upgrade steps: Once CA is generated, we can proceed with standard OpenStack upgrade steps:

1
scripts/run-upgrade.sh
View File

@ -176,7 +176,6 @@ function main {
pushd ${MAIN_PATH}/playbooks pushd ${MAIN_PATH}/playbooks
RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml") RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml")
RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/define-octavia-certificate-vars.yml") RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/define-octavia-certificate-vars.yml")
RUN_TASKS+=("certificate-authority.yml")
RUN_TASKS+=("certificate-ssh-authority.yml") RUN_TASKS+=("certificate-ssh-authority.yml")
# we don't want to trigger container restarts for galera and rabbit # we don't want to trigger container restarts for galera and rabbit
# but as there will be no hosts available for metal deployments, # but as there will be no hosts available for metal deployments,