.. tsr1590164474201 .. _firmware-update-orchestration-using-the-cli: =========================================== Firmware Update Orchestration Using the CLI =========================================== You can configure the *Firmware Update Orchestration Strategy* using the **sw-manager** |CLI|. --------------- About this task --------------- .. note:: You require administrator privileges to use **sw-manager**. You must log in to the active controller as **user sysadmin** and source the script by using the command, source /etc/platform/openrc to obtain administrator privileges. Do not use sudo. .. note:: Management-affecting alarms cannot be ignored at the indicated severity level or higher by using relaxed alarm rules during an orchestrated firmware update operation. For a list of management-affecting alarms, see |prod| Fault Management: :ref:`Alarm Messages <100-series-alarm-messages>`. To display management-affecting active alarms, use the following command: .. code-block:: none ~(keystone_admin)$ fm alarm-list --mgmt_affecting During an orchestrated firmware update operation, the following alarms are ignored even when strict restrictions are selected: .. _tsr1590164474201-ul-hq4-nkt-tlb: - 200.001: Maintenance host lock alarm - 280.002: Subcloud resource out-of-sync - 700.004: VM stopped - 900.301: Firmware update auto apply in progress You can use 'help' for the overall commands and also for each sub-command. For example: .. code-block:: none ~(keystone_admin)$ sw-manager fw-update-strategy –help usage: sw-manager fw-update-strategy [-h] ... optional arguments: -h, --help show this help message and exit Firmware Update Commands: create Create a strategy delete Delete a strategy apply Apply a strategy abort Abort a strategy show Show a strategy .. _tsr1590164474201-section-edz-4p5-tlb: --------------------------------------------- Firmware update orchestration strategy create --------------------------------------------- The :command:`create` strategy subcommand with no options specified creates a firmware update strategy with default settings. A firmware update strategy can be created with override worker apply type concurrency with a max host parallelism, instance action, and alarm restrictions. **--controller-apply-type, and --storage-apply-type** These options cannot be changed from '**ignore**' because firmware update is only supported for worker hosts. .. note:: Firmware update is currently only supported for hosts with worker function. Any attempt to modify the controller or storage apply type is rejected. **--worker-apply-type** This option specifies the host concurrency of the firmware update strategy: - serial \(default\): worker hosts will be patched one at a time - parallel: worker hosts will be updated in parallel - At most, **parallel** will be updated at the same time - At most, half of the hosts in a host aggregate will be updated at the same time - ignore: worker hosts will not be updated; strategy create will fail Worker hosts with no instances are updated before worker hosts with instances. **--max-parallel-worker-hosts** This option applies to the parallel worker apply type selection to specify the maximum worker hosts to update in parallel \(minimum: 2, maximum: 10\). **–instance-action** This option only has significance when the stx-openstack application is loaded and there are instances running on worker hosts. It specifies how the strategy deals with worker host instances over the strategy execution. **stop-start \(default\)** Instances will be stopped before the host lock operation following the update and then started again following the host unlock. .. warning:: Using the **stop-start** option will result in an outage for each instance, as it is stopped while the worker host is locked/unlocked. In order to ensure this does not impact service, instances MUST be grouped into anti-affinity \(or anti-affinity best effort\) server groups, which will ensure that only a single instance in each server group is stopped at a time. **migrate** Instances will be migrated off a host before it is patched \(this applies to reboot patching only\). **--alarm-restrictions** This option sets how the how the firmware update orchestration behaves when alarms are present. To display management-affecting active alarms, use the following command: .. code-block:: none ~(keystone_admin)$ fm alarm-list --mgmt_affecting **strict \(default\)** The default strict option will result in patch orchestration failing if there are any alarms present in the system \(except for a small list of alarms\). **relaxed** This option allows orchestration to proceed if alarms are present, as long as none of these alarms are management affecting. .. code-block:: none ~(keystone_admin)]$ sw-manager fw-update-strategy create --help usage:sw-manager fw-update-strategy create [-h] [--controller-apply-type {ignore}] [--storage-apply-type {ignore}] [--worker-apply-type {serial,parallel,ignore}] [--max-parallel-worker-hosts {2,3,4,5,6,7,8,9,10}] [--instance-action {migrate,stop-start}] [--alarm-restrictions {strict,relaxed}] optional arguments: -h, --help show this help message and exit --controller-apply-type {ignore} defaults to ignore --storage-apply-type {ignore} defaults to ignore --worker-apply-type {serial,parallel,ignore} defaults to serial --max-parallel-worker-hosts {2,3,4,5,6,7,8,9,10} maximum worker hosts to update in parallel --instance-action {migrate,stop-start} defaults to stop-start --alarm-restrictions {strict,relaxed} defaults to strict .. _tsr1590164474201-section-l3x-wr5-tlb: ------------------------------------------- Firmware update orchestration strategy show ------------------------------------------- The :command:`show` strategy subcommand displays a summary of the current state of the strategy. A complete view of the strategy can be shown using the **--details** option. .. code-block:: none ~(keystone_admin)]$ sw-manager fw-update-strategy show --help usage: sw-manager fw-update-strategy show [-h] [--details] optional arguments: -h, --help show this help message and exit --details show strategy details .. _tsr1590164474201-section-ecp-2s5-tlb: -------------------------------------------- Firmware update orchestration strategy apply -------------------------------------------- The :command:`apply` strategy subcommand with no options executes the firmware update strategy from current state to the end. The apply strategy operation can be called with the **stage-id** option to execute the next stage of the strategy. The **stage-id** option cannot be used to execute the strategy out of order. .. code-block:: none ~(keystone_admin)]$ sw-manager fw-update-strategy apply --help usage: sw-manager fw-update-strategy apply [-h] [--stage-id STAGE_ID] optional arguments: -h, --help show this help message and exit --stage-id STAGE_ID stage identifier to apply .. _tsr1590164474201-section-lmp-ks5-tlb: -------------------------------------------- Firmware update orchestration strategy abort -------------------------------------------- The **abort** strategy subcommand with no options sets the strategy to abort after the current applying stage is complete. The abort strategy operation can be called with the **stage-id** option to specify that the strategy abort before executing the next stage of the strategy. The **stage-id** option cannot be used to execute the strategy out of order. .. code-block:: none ~(keystone_admin)]$ sw-manager fw-update-strategy abort --help usage: sw-manager fw-update-strategy abort [-h] [--stage-id STAGE_ID] optional arguments: -h, --help show this help message and exit --stage-id STAGE_ID stage identifier to abort .. _tsr1590164474201-section-z5b-qs5-tlb: --------------------------------------------- Firmware update orchestration strategy delete --------------------------------------------- The **delete** strategy subcommand with no options deletes a strategy. .. code-block:: none ~(keystone_admin)]$sw-manager fw-update-strategy delete --help usage: sw-manager fw-update-strategy delete [-h] optional arguments: -h, --help show this help message and exit