[ English | Indonesia | русский ]
Pemutakhirkan versi minor¶
Upgrades between minor versions of OpenStack-Ansible require updating the repository clone to the latest minor release tag, updating the Ansible roles, and then running playbooks against the target hosts. This section provides instructions for those tasks.
Prasyarat¶
To avoid issues and simplify troubleshooting during the upgrade, disable the
security hardening role by setting the apply_security_hardening
variable
to False
in the user_variables.yml
file, and
backup your OpenStack-Ansible installation.
Jalankan pemutakhiran versi kecil¶
Pemutakhiran minor biasanya membutuhkan langkah-langkah berikut:
Ubah direktori ke direktori root repositori kloning:
# cd /opt/openstack-ansible
Pastikan kode OpenStack-Ansible Anda ada di 2025.2 (Flamingo) terbaru rilis yang ditandai (tagged):
# git checkout master
Perbarui semua peran dependen ke versi terbaru:
# ./scripts/bootstrap-ansible.sh
Ubah ke direktori playbook:
# cd playbooks
Perbarui host:
# openstack-ansible openstack.osa.setup_hosts -e package_state=latest
Perbarui infrastruktur:
# openstack-ansible -e rabbitmq_upgrade=true \ openstack.osa.setup_infrastructure
Perbarui semua layanan OpenStack:
# openstack-ansible openstack.osa.setup_openstack -e package_state=latest
Catatan
Anda dapat membatasi pemutakhirkan pada komponen OpenStack tertentu. Lihat bagian berikut untuk detailnya.
Mutakhirkan komponen tertentu¶
Anda dapat membatasi pemutakhiran pada komponen OpenStack tertentu dengan menjalankan masing-masing playbook komponen terhadap grup.
Misalnya, Anda hanya dapat memperbarui host Compute dengan menjalankan perintah berikut:
# openstack-ansible openstack.osa.nova --limit nova_compute
Untuk memperbarui hanya satu host Compute, jalankan perintah berikut:
# openstack-ansible openstack.osa.nova --limit <node-name>
Catatan
Melewati tag nova-key
diperlukan sehingga kunci pada semua host Compute tidak terkumpul.
To see which hosts belong to which groups, use the openstack-ansible-inventory-manage
script to show all groups and their hosts. For example:
Ubah direktori ke direktori root clone repositori:
# cd /opt/openstack-ansible
Tunjukkan semua grup dan host mana yang menjadi milik mereka:
# openstack-ansible-inventory-manage -G
Tunjukkan semua host dan grup tempat mereka berada:
# openstack-ansible-inventory-manage -g
Untuk melihat host mana yang dijalankan oleh playbook, dan untuk melihat tugas mana yang dilakukan, jalankan perintah berikut (misalnya):
Lihat beberapa host di grup
nova_compute
dimana playbook bertentangan:# openstack-ansible openstack.osa.nova --limit nova_compute \ --list-hosts
Lihat tugas yang dijalankan pada host di grup
nova_compute
:# openstack-ansible openstack.osa.nova --limit nova_compute \ --skip-tags 'nova-key' \ --list-tasks
Upgrading a specific component within the same OpenStack-Ansible version¶
Sometimes you may need to apply the latest security patches or bug
fixes for a service while remaining on the same stable branch. This can
be done by overriding the Git installation branch for that service, which
instructs OpenStack-Ansible to pull the most recent code from the branch
you are already tracking.
But using branches directly as <service>_git_install_branch
is
highly discouraged. Every time the playbook is re-run, the service may
be upgraded to a newer commit, which can lead to inconsistent
versions between hosts (for example, when adding a new compute node
later).
So the recommended practice is to take the HEAD commit SHA of the
desired stable branch and set it explicitly. To find the latest SHA of the
stable/2025.1
branch, you can run (e.g. for Nova):
git ls-remote https://opendev.org/openstack/nova refs/heads/stable/2025.1
And use that SHA in your configuration to ensure consistent versions across
all hosts in your user_variables.yml
:
nova_git_install_branch: {{SHA}}
And run:
openstack-ansible openstack.osa.nova --tags nova-install
The playbook will fetch and install the code from the specified branch or commit SHA, applying the latest patches and fixes as defined. Using a pinned SHA ensures consistent versions across all hosts, while following the branch directly will always pull its current HEAD.
We can verify the version of the service before and after the upgrade (don't forget to load required environment variables):
$ ansible -m shell -a '/openstack/venvs/nova-{{ openstack_release }}/bin/pip3 freeze | grep nova' nova_all
infra1-nova-api-container-e5dbbe38 | CHANGED | rc=0 >>
nova==31.0.1.dev12
infra2-nova-api-container-0c5d0203 | CHANGED | rc=0 >>
nova==31.0.1.dev12
infra3-nova-api-container-d791a43e | CHANGED | rc=0 >>
nova==31.0.1.dev12
compute | CHANGED | rc=0 >>
nova==31.0.1.dev12
After the upgrade to the latest patches in the same branch:
$ ansible -m shell -a '/openstack/venvs/nova-{{ openstack_release }}/bin/pip3 freeze | grep nova' nova_all
infra1-nova-api-container-e5dbbe38 | CHANGED | rc=0 >>
nova==31.1.1.dev9
infra2-nova-api-container-0c5d0203 | CHANGED | rc=0 >>
nova==31.1.1.dev9
infra3-nova-api-container-d791a43e | CHANGED | rc=0 >>
nova==31.1.1.dev9
compute | CHANGED | rc=0 >>
nova==31.1.1.dev9
Catatan
This approach is not limited to Nova. You can apply the same method
to any other OpenStack service managed by OpenStack-Ansible by
overriding its corresponding <service>_git_install_branch
variable.
Always ensure that the branch is up-to-date and compatible with the rest of your deployment before proceeding.