Story: 2010940 Task: 50151 Change-Id: If7ffcf0ffb81d0f7952cd92167b992550e7e191e Signed-off-by: Suzana Fernandes <Suzana.Fernandes@windriver.com>
9.3 KiB
Migrate an AIO-SX to an AIO-DX Subcloud
You can migrate an subcloud to an subcloud without reinstallation. This operation involves updating the system mode, adding the unit IP addresses of each controller, and installing the second controller.
A distributed cloud system is setup with at least a system controller and an subcloud. The subcloud must be online and managed by dcmanager. Both the management network and cluster-host network need to be configured and cannot be on the loopback interface.
Reconfigure the Cluster-Host Interface
If the cluster-host interface is on the loopback interface, use the following procedure to reconfigure the cluster-host interface on to a physical interface.
Lock the active controller.
~(keystone_admin)$ system host-lock controller-0
Change the class attribute to 'none' for the loopback interface.
~(keystone_admin)$ system host-if-modify controller-0 lo -c none
Delete the current cluster-host interface-network configuration
~(keystone_admin)$ IFNET_UUID=$(system interface-network-list controller-0 | awk '{if ($8 =="cluster-host") print $4;}') ~(keystone_admin)$ system interface-network-remove $IFNET_UUID
Assign the cluster-host network to the new interface. This example assumes the interface name is mgmt0.
~(keystone_admin)$ system interface-network-assign controller-0 mgmt0 cluster-host
Continue with the to subcloud migration, using one of the following procedures:
Use Ansible Playbook to Migrate a Subcloud from AIO-SX to AIO-DX, or Manually Migrate a Subcloud from AIO-SX to AIO-DX.
Use Ansible Playbook to Migrate a Subcloud from AIO-SX to AIO-DX
Use the following procedure to migrate a subcloud from to using the ansible playbook.
- the subcloud must be online and managed from the System Controller
- the subcloud's controller-0 may be locked or unlocked; the ansible playbook will lock the subcloud controller-0 as part of migrating the subcloud
Use the
ansible-vault create migrate-subcloud1-overrides-EXAMPLE.yml
command to securely specify the unit IP addresses and the ansible ssh password. The existing IP address of the system will be used as the floating IP address of the new system.In the following example, 10.10.10.13 and 10.10.10.14 are the new unit IP addresses for controller-0 and controller-1 respectively.
{ "ansible_ssh_pass": "St8rlingXCloud*", "external_oam_node_0_address": "10.10.10.13", "external_oam_node_1_address": "10.10.10.14", }
Use the
ansible-vault edit migrate-subcloud1-overrides-EXAMPLE.yml
command if the file needs to be edited after it is created.On the system controller, run the ansible playbook to migrate the subcloud to an .
Note
Run the following command on an system before changing to , as this does not apply to systems.
~(keystone_admin)$ system storage-backend-modify ceph-store replication=2
For example, if the subcloud name is 'subcloud1', enter:
~(keystone_admin)$ ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/migrate_sx_to_dx.yml -e @migrate-subcloud1-overrides-EXAMPLE.yml -i subcloud1, -v
The ansible playbook will lock the subcloud's controller-0, if it not already locked, apply the configuration changes to convert the subcloud to an system with a single controller, and unlock controller-0. Wait for the controller to reset and come back up to an operational state.
Software install and configure the second controller for the subcloud.
From the System Controller, reconfigure the subcloud, using dcmanager. Specify the sysadmin password and the deployment configuration file, using the
dcmanager subcloud deploy config
command.~(keystone_admin)$ dcmanager subcloud deploy config --sysadmin-password <sysadmin_password> --deploy-config deployment-config-subcloud1-duplex.yaml <subcloud1>
where <sysadmin_password> is assumed to be the login password and <subcloud1> is the name of the subcloud
Note
--deploy-config
must reference a deployment configuration file for a subcloud.For example, deployment-config-subcloud1-duplex.yaml should only include changes for controller-1 as changing fields for other nodes/ resources may cause them to go out of sync.
partner
Manually Migrate a Subcloud from AIO-SX to AIO-DX
As an alternative to using the Ansible playbook, use the following procedure to manually migrate a subcloud from to . Perform the following commands on the subcloud.
If not already locked, lock the active controller.
~(keystone_admin)$ system host-lock controller-0
Note
Run the following command on an system before changing to , as this does not apply to systems.
~(keystone_admin)$ system storage-backend-modify ceph-store replication=2
Change the system mode to 'duplex'.
~(keystone_admin)$ system modify --system_mode=duplex
Add the unit IP addresses of controller-0 and controller-1.
For example, the subnet is 10.10.10.0/24 and uses 10.10.10.13 and 10.10.10.14 for the unit IP addresses of controller-0 and controller-1 respectively. The existing IP address of the system will be used as the OAM floating IP address of the new system.
Note
Only specifying oam_c0_ip and oam_c1_ip is necessary to configure the OAM unit IPs to transition to Duplex. However, oam_c0_ip and oam_c1_ip cannot equal the current or specified value for oam_floating_ip.
~(keystone_admin)$ system oam-modify oam_subnet=10.10.10.0/24 oam_gateway_ip=10.10.10.1 oam_floating_ip=10.10.10.12 oam_c0_ip=10.10.10.13 oam_c1_ip=10.10.10.14
Unlock the controller.
~(keystone_admin)$ system host-unlock controller-0
Wait for the controller to reset and come back up to an operational state.
Config and enable IPsec on the controller.
~(keystone_admin)$ sudo ipsec-client pxecontroller
This is only needed on controller-0. The command should complete successfully as following:
~(keystone_admin)$ sudo ipsec-client pxecontroller 2024-08-07 20:43:28.622 182204 INFO sysinv.ipsec_auth.client.client [-] Connecting to pxecontroller port 64764 2024-08-07 20:43:28.630 182204 INFO sysinv.ipsec_auth.client.client [-] Sending IPSec Auth request 2024-08-07 20:43:36.521 182204 INFO sysinv.ipsec_auth.client.client [-] Received IPSec Auth response 2024-08-07 20:43:36.765 182204 INFO sysinv.ipsec_auth.client.client [-] Generate RSA Private Key (PRK2). 2024-08-07 20:43:37.029 182204 INFO sysinv.ipsec_auth.client.client [-] Generate AES Key (AK1). 2024-08-07 20:43:37.029 182204 INFO sysinv.ipsec_auth.client.client [-] Generate Certificate Signing Request (CSR). 2024-08-07 20:43:37.033 182204 INFO sysinv.ipsec_auth.client.client [-] Encrypt CSR w/ AK1. 2024-08-07 20:43:37.035 182204 INFO sysinv.ipsec_auth.client.client [-] Encrypt AK1 and IV w/ PUK1 2024-08-07 20:43:37.038 182204 INFO sysinv.ipsec_auth.client.client [-] Hash OTS Token, eAK1 and eCSR. 2024-08-07 20:43:37.041 182204 INFO sysinv.ipsec_auth.client.client [-] Sending IPSec Auth CSR request 2024-08-07 20:43:38.541 182204 INFO sysinv.ipsec_auth.client.client [-] Received IPSec Auth CSR response 2024-08-07 20:43:38.544 182204 INFO sysinv.ipsec_auth.client.client [-] Generating config files and restart ipsec 2024-08-07 20:43:53.141 182204 INFO sysinv.ipsec_auth.client.client [-] Shutting down
Software install and configure the second controller for the subcloud.
For instructions on installing and configuring controller-1 in an setup to continue with the migration, see .