Merge "Update upgrade instructions for Yoga release"
This commit is contained in:
Zuul
Gerrit Code Review
commit
81d475cdd3
|
|
@ -151,6 +151,13 @@ Please review the contents of the playbook for more information.
|
||||||
|
|
||||||
# openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml"
|
# openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml"
|
||||||
|
|
||||||
|
Update user_variables to set overrides for the location of any existing
|
||||||
|
Ocatavia certificates.
|
||||||
|
|
||||||
|
.. code-block:: console
|
||||||
|
|
||||||
|
# openstack-ansible "${SCRIPTS_PATH}/upgrade-utilities/define-octavia-certificate-vars.yml"
|
||||||
|
|
||||||
Upgrade hosts
|
Upgrade hosts
|
||||||
~~~~~~~~~~~~~
|
~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
|
@ -161,14 +168,14 @@ Before installing the infrastructure and OpenStack, update the host machines.
|
||||||
Usage of non-trusted certificates for RabbitMQ is not possible
|
Usage of non-trusted certificates for RabbitMQ is not possible
|
||||||
due to requirements of newer ``amqp`` versions.
|
due to requirements of newer ``amqp`` versions.
|
||||||
|
|
||||||
The internal certificate authority must be updated for the upgraded
|
The SSH certificate authority must be updated for the upgraded release
|
||||||
release version. This does not regenerate or alter any existing CA certificates.
|
version. SSH certificates are used for nova live migration and keystone
|
||||||
New certificate chains may be generated at this stage to cover
|
credential synchonrisation in the new release. This step ensures that
|
||||||
additional parts of the deployment secured using TLS in upgraded release.
|
the required CA is generated and available for other playbooks.
|
||||||
|
|
||||||
.. code-block:: console
|
.. code-block:: console
|
||||||
|
|
||||||
# openstack-ansible certificate-authority.yml
|
# openstack-ansible certificate-ssh-authority.yml
|
||||||
|
|
||||||
Once CA is generated, we can proceed with standard OpenStack upgrade steps:
|
Once CA is generated, we can proceed with standard OpenStack upgrade steps:
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -176,7 +176,6 @@ function main {
|
||||||
pushd ${MAIN_PATH}/playbooks
|
pushd ${MAIN_PATH}/playbooks
|
||||||
RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml")
|
RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/deploy-config-changes.yml")
|
||||||
RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/define-octavia-certificate-vars.yml")
|
RUN_TASKS+=("${SCRIPTS_PATH}/upgrade-utilities/define-octavia-certificate-vars.yml")
|
||||||
RUN_TASKS+=("certificate-authority.yml")
|
|
||||||
RUN_TASKS+=("certificate-ssh-authority.yml")
|
RUN_TASKS+=("certificate-ssh-authority.yml")
|
||||||
# we don't want to trigger container restarts for galera and rabbit
|
# we don't want to trigger container restarts for galera and rabbit
|
||||||
# but as there will be no hosts available for metal deployments,
|
# but as there will be no hosts available for metal deployments,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue