ospdo db migration docs #715
Conversation
pinikomarov
force-pushed
the
ospdo_db_migration_docs
branch
from
aeb9876
to
3d92004
Compare
…rov/data-plane-adoption_pkomarov into ospdo_db_migration_docs
| @@ -6,6 +6,18 @@ ifdef::context[:parent-context: {context}] | |||
|
|
|||
| = Migrating databases to the control plane | |||
|
|
|||
| // Set OSPdO different values to be used in same commands | |||
There was a problem hiding this comment.
@pinikomarov Is this text a prerequisite that OSPdO customers need to do before migrating databases to the control plane?
And why is this text hidden?
There was a problem hiding this comment.
this was a comment just to explain the ifeval conditionals below it can be dropped, unless needed as an logic explanation
| @@ -16,9 +28,9 @@ include::../modules/proc_configuring-a-ceph-backend.adoc[leveloffset=+1] | |||
|
|
|||
| include::../modules/proc_stopping-openstack-services.adoc[leveloffset=+1] | |||
|
|
|||
| include::../modules/proc_migrating-databases-to-mariadb-instances.adoc[leveloffset=+1] | |||
| include::../modules/proc_migrating-databases-to-mariadb-instances.adoc[@, leveloffset=+1] | |||
There was a problem hiding this comment.
What is this symbol for?
Same question on the link below.
There was a problem hiding this comment.
an error on my part I thought it was needed, so the vars pass to the included files, I'll remove that
| @@ -126,6 +126,9 @@ endif::[] | |||
| ifeval::["{build}" == "downstream"] | |||
| $(cat <path_to_SSH_key> | base64 | sed \'s/^/ /') | |||
| endif::[] | |||
| ifeval::["{OpenStackPreviousInstaller}" == "director_operator"] | |||
| $(oc exec -n ${OSPDO_NAMESPACE} -t openstackclient openstackclient -- cat /home/cloud-admin/.ssh/id_rsa | base64 | sed 's/^/ /') | |||
There was a problem hiding this comment.
| $(oc exec -n ${OSPDO_NAMESPACE} -t openstackclient openstackclient -- cat /home/cloud-admin/.ssh/id_rsa | base64 | sed 's/^/ /') | |
| $(oc exec -n $<ospdo_namespace> -t openstackclient openstackclient -- cat /home/cloud-admin/.ssh/id_rsa | base64 | sed 's/^/ /') |
Customers will need to replace <ospdo_namespace> with their own namespace, right?
| $ oc rsh mariadb-copy-data << EOF | ||
| $ oc rsh -n {pod_ns} mariadb-copy-data << EOF |
There was a problem hiding this comment.
Is oc rsh -n {pod_ns} mariadb-copy-data << EOF supposed to be specific to OSPdO only? Shouldn't oc rsh mariadb-copy-data << EOF still remain for non-OSPdO deployments?
There was a problem hiding this comment.
the usage of -n namespace should not cause any difference in regular adoptions, since that's the default namespace users can use or omit that.
I'm adding and making the namespace a variables here to make as little changes as possible to the docs, so that when using ospdo it's explicit where we're running actions on.
| + | ||
| ifeval::["{OpenStackPreviousInstaller}" == "director_operator"] | ||
| get the ocp master holding the osp controller: | ||
| oc get vmi -n ${ospdo_namespace} -o jsonpath='{.items[0].metadata.labels.kubevirt\.io/nodeName}' | ||
| endif::[] |
There was a problem hiding this comment.
| + | |
| ifeval::["{OpenStackPreviousInstaller}" == "director_operator"] | |
| get the ocp master holding the osp controller: | |
| oc get vmi -n ${ospdo_namespace} -o jsonpath='{.items[0].metadata.labels.kubevirt\.io/nodeName}' | |
| endif::[] | |
| ifeval::["{OpenStackPreviousInstaller}" == "director_operator"] | |
| . Get the {OpenShiftShort} master node that contains the {OpenStackShort} Controller: | |
| + | |
| ---- | |
| $ oc get vmi -n $<ospdo_namespace> -o jsonpath='{.items[0].metadata.labels.kubevirt\.io/nodeName}' | |
| ---- | |
| + | |
| * Replace `<ospdo_namespace>` with your OSPdO namespace. | |
| endif::[] |
| @@ -44,7 +48,7 @@ apiVersion: cert-manager.io/v1 | |||
| kind: Certificate | |||
| metadata: | |||
| name: ovn-data-cert | |||
| namespace: openstack | |||
| namespace: {pod_ns} | |||
There was a problem hiding this comment.
pod_ns = pod namespace?
Is this an OSPdO-specific change, or one that applies to a typical deployment?
There was a problem hiding this comment.
the use of namespace is to be explcit in our actions , so that in ospdo adoption it's clear where (rhoso or ospdo) we're running the pods and commands against.
In regular adoption it can be used and it would make either no change from the default namespace used by rhoso, or explicitly define that the user is running in the rhoso namespace, so that param only adds specificity not error if used, as in rhoso the default namespace is used anyway whether the user specifies it or not
| k8s.v1.cni.cncf.io/networks: internalapi | ||
| endif::[] | ||
| ifeval::["{OpenStackPreviousInstaller}" == "director_operator"] | ||
| '[{"name": "internalapi-static", "namespace": ${OSPDO_NAMESPACE}, "ips": ["<internalapi-static-ips>"]}]' |
There was a problem hiding this comment.
| '[{"name": "internalapi-static", "namespace": ${OSPDO_NAMESPACE}, "ips": ["<internalapi-static-ips>"]}]' | |
| '[{"name": "internalapi-static", "namespace": $<ospdo_namespace>, "ips": ["<internalapi-static-ips>"]}]' |
| @@ -69,10 +74,19 @@ metadata: | |||
| name: ovn-copy-data | |||
| annotations: | |||
| openshift.io/scc: anyuid | |||
| ifeval::["{OpenStackPreviousInstaller}" != "director_operator"] | |||
| k8s.v1.cni.cncf.io/networks: internalapi | |||
There was a problem hiding this comment.
Line 78 only applies to OSPdO?
There was a problem hiding this comment.
yes, meaning that line:
'[{"name": "internalapi-static", "namespace": ${OSPDO_NAMESPACE}, "ips": [""]}]'
is only used when run in an OSPdO adoption scenario and is specific to access resources in ospdo env.
| @@ -103,7 +117,7 @@ EOF | |||
| . Wait for the pod to be ready: | |||
There was a problem hiding this comment.
| . Wait for the pod to be ready: | |
| ifeval::["{OpenStackPreviousInstaller}" == "director_operator"] | |
| + | |
| * Replace `<ocp_node_holding_controller>` with the {OpenStackShort} node that contains the Controller. | |
| endif::[] | |
| . Wait for the pod to be ready: |
| @@ -103,7 +117,7 @@ EOF | |||
| . Wait for the pod to be ready: | |||
| + | |||
| ---- | |||
| $ oc wait --for=condition=Ready pod/ovn-copy-data --timeout=30s | |||
| $ oc wait --for=condition=Ready -n{pod_ns} pod/ovn-copy-data --timeout=30s | |||
There was a problem hiding this comment.
| $ oc wait --for=condition=Ready -n{pod_ns} pod/ovn-copy-data --timeout=30s | |
| $ oc wait --for=condition=Ready -n {pod_ns} pod/ovn-copy-data --timeout=30s |
| $ oc exec -n ${RHOSO_NAMESPACE} ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_NB_IP:6641 < /backup/ovs-nb.db" | ||
| $ oc exec -n ${RHOSO_NAMESPACE} ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_SB_IP:6642 < /backup/ovs-sb.db" |
There was a problem hiding this comment.
| $ oc exec -n ${RHOSO_NAMESPACE} ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_NB_IP:6641 < /backup/ovs-nb.db" | |
| $ oc exec -n ${RHOSO_NAMESPACE} ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_SB_IP:6642 < /backup/ovs-sb.db" | |
| $ oc exec -n $<rhoso_namespace> ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_NB_IP:6641 < /backup/ovs-nb.db" | |
| $ oc exec -n $<rhoso_namespace> ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_SB_IP:6642 < /backup/ovs-sb.db" |
| $ oc exec ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_NB_IP:6641 < /backup/ovs-nb.db" | ||
| $ oc exec ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_SB_IP:6642 < /backup/ovs-sb.db" | ||
| $ oc exec -n ${RHOSO_NAMESPACE} ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_NB_IP:6641 < /backup/ovs-nb.db" | ||
| $ oc exec -n ${RHOSO_NAMESPACE} ovn-copy-data -- bash -c "ovsdb-client restore tcp:$PODIFIED_OVSDB_SB_IP:6642 < /backup/ovs-sb.db" | ||
| ---- | ||
|
|
There was a problem hiding this comment.
| + | |
| * Replace `<rhoso_namespace>` with the namespace of your {rhos_acro} deployment. |
| // Set OSPdO different values to be used in same commands | ||
| // When there is an OSPdO source env, some commands run on RHOSO namespace | ||
| // and some on the OSPdO namespace with some added, different parameteres |
There was a problem hiding this comment.
just an explanation about the logic below it , It can be removed
| @@ -42,26 +52,98 @@ $ sudo grep -rI 'listen mysql' -A10 /var/lib/config-data/puppet-generated/ | gre | |||
| . Export the shell variables for the following outputs and test the connection to the {OpenStackShort} database: | |||
| + | |||
| ---- | |||
| export PULL_OPENSTACK_CONFIGURATION_DATABASES=$(oc run mariadb-client ${MARIADB_CLIENT_ANNOTATIONS} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ | |||
| export PULL_OPENSTACK_CONFIGURATION_DATABASES=$(oc run mariadb-client {pod_annotations} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ | |||
There was a problem hiding this comment.
{pod_annotations} applies to all deployments, not just OSPdO?
There was a problem hiding this comment.
just to ospdo deployments , as the ifeval above states. the rhoso deployents should have this text(literal): ${MARIADB_CLIENT_ANNOTATIONS}
| CONTROLLER1_SSH="oc -n $OSPDO_NAMESPACE rsh -c openstackclient openstackclient ssh controller-0.ctlplane" | ||
| export CONTROLLER1_SSH | ||
| ---- | ||
| * With OSPdO, the mariadb-client needs to run on the same OCP node where the OSP Controller is running. In addition, the internalapi-static network needs to be attached to the pod. |
There was a problem hiding this comment.
| * With OSPdO, the mariadb-client needs to run on the same OCP node where the OSP Controller is running. In addition, the internalapi-static network needs to be attached to the pod. | |
| * With OSPdO, the `mariadb-client` needs to run on the same {rhocp_long} node where the {OpenStackShort} Controller node is running. In addition, the `internalapi-static` network needs to be attached to the pod. |
| . Get the passwords file | ||
| ---- | ||
| oc get secret tripleo-passwords -n $OSPDO_NAMESPACE -o json | jq -r '.data["tripleo-overcloud-passwords.yaml"]' | | ||
| base64 -d >"${PASSWORD_FILE}" |
There was a problem hiding this comment.
| . Get the passwords file | |
| ---- | |
| oc get secret tripleo-passwords -n $OSPDO_NAMESPACE -o json | jq -r '.data["tripleo-overcloud-passwords.yaml"]' | | |
| base64 -d >"${PASSWORD_FILE}" | |
| . Get the passwords file: | |
| + | |
| ---- | |
| $ oc get secret tripleo-passwords -n $OSPDO_NAMESPACE -o json | jq -r '.data["tripleo-overcloud-passwords.yaml"]' | | |
| base64 -d >"${PASSWORD_FILE}" |
| ---- | ||
| . Get the name of the OCP node where the OSP Controller VM is running | ||
| ---- | ||
| CONTROLLER_NODE=$(oc get vmi -ojson | jq -r '.items[0].status.nodeName') | ||
| export CONTROLLER_NODE | ||
| SOURCE_OVN_OVSDB_IP=172.17.0.160 # TODO - get this from the source OVN DB | ||
| export SOURCE_OVN_OVSDB_IP | ||
|
|
||
| SOURCE_DB_ROOT_PASSWORD=$(grep <"${PASSWORD_FILE}" ' MysqlRootPassword:' | awk -F ': ' '{ print $2; }') || { | ||
| echo "Failed to get the source DB root password" | ||
| exit 1 | ||
| } | ||
| export SOURCE_DB_ROOT_PASSWORD | ||
| ---- |
There was a problem hiding this comment.
| ---- | |
| . Get the name of the OCP node where the OSP Controller VM is running | |
| ---- | |
| CONTROLLER_NODE=$(oc get vmi -ojson | jq -r '.items[0].status.nodeName') | |
| export CONTROLLER_NODE | |
| SOURCE_OVN_OVSDB_IP=172.17.0.160 # TODO - get this from the source OVN DB | |
| export SOURCE_OVN_OVSDB_IP | |
| SOURCE_DB_ROOT_PASSWORD=$(grep <"${PASSWORD_FILE}" ' MysqlRootPassword:' | awk -F ': ' '{ print $2; }') || { | |
| echo "Failed to get the source DB root password" | |
| exit 1 | |
| } | |
| export SOURCE_DB_ROOT_PASSWORD | |
| ---- | |
| ---- | |
| . Get the name of the {OpenShiftShort} node where the {OpenStackShort} Controller virtual machine is running: | |
| + | |
| ---- | |
| $ CONTROLLER_NODE=$(oc get vmi -ojson | jq -r '.items[0].status.nodeName') | |
| export CONTROLLER_NODE | |
| SOURCE_OVN_OVSDB_IP=172.17.0.160 # TODO - get this from the source OVN DB | |
| export SOURCE_OVN_OVSDB_IP | |
| SOURCE_DB_ROOT_PASSWORD=$(grep <"${PASSWORD_FILE}" ' MysqlRootPassword:' | awk -F ': ' '{ print $2; }') || { | |
| echo "Failed to get the source DB root password" | |
| exit 1 | |
| } | |
| export SOURCE_DB_ROOT_PASSWORD | |
| ---- |
| . In OSPdO, the mysql service iP can be found in the tripleo-exports-default ConfigMap, section ctlplane-export.yaml | ||
| ---- | ||
| cpexport=$(oc -n "${OSPDO_NAMESPACE}" get cm tripleo-exports-default -o json | jq -r '.data["ctlplane-export.yaml"]') |
There was a problem hiding this comment.
| . In OSPdO, the mysql service iP can be found in the tripleo-exports-default ConfigMap, section ctlplane-export.yaml | |
| ---- | |
| cpexport=$(oc -n "${OSPDO_NAMESPACE}" get cm tripleo-exports-default -o json | jq -r '.data["ctlplane-export.yaml"]') | |
| . Find the mysql service IP in the `ctlplane-export.yaml` section of the `tripleo-exports-default` ConfigMap: | |
| + | |
| ---- | |
| $ cpexport=$(oc -n "${OSPDO_NAMESPACE}" get cm tripleo-exports-default -o json | jq -r '.data["ctlplane-export.yaml"]') |
| . Export the shell variables for the following outputs and test the connection to the {OpenStackShort} database: | ||
| + | ||
| ---- | ||
| PULL_OPENSTACK_CONFIGURATION_DATABASES="$(oc run mariadb-client -q --image "${MARIADB_IMAGE}" \ |
There was a problem hiding this comment.
Should the "$" precede "PULL_OPENSTACK_CONFIGURATION_DATABASES..."?
add db migration mysql client setup diffs
Related patches :
#708
Jira: https://issues.redhat.com/browse/OSPRH-6618