Contents

1   Introduction

This document describes the procedures for updating and upgrading the SW in an existing Cloud Execution Environment (CEE) Atlas server.

1.1   Prerequisites

Before starting this procedure, ensure that the following conditions are met:

• An Atlas artifacts file, in tar format, is available with the software.
• Two ranges of IP addresses for two subnets, according to the local network plan, must be available for Atlas.
• The vCIC must be operational.
• At least 4 GB must be available on the vCIC destination path for the Atlas image. Use the command df -h <destination-path> to determine if the sufficient disk space is available.

2   Preparing to Upgrade Atlas SW

This section describes the preparations needed before the Atlas server is upgraded.

The Atlas image file has the following ID syntax:
ecs-atlas-x86_64-${TARGET_ATLAS_VERSION}-${BUILD_NUMBER}.qcow2

The Atlas image file is delivered in an archive, including checksum files and the Atlas installation script.

Throughout the document, the Atlas image ID is referred to as Atlas_image and the archive artifact name as ${TARGET_ATLAS_VERSION}.tar.gz.

To prepare for the upgrade, do the following:

1. Download the ${TARGET_ATLAS_VERSION}.tar.gz to the Fuel node.
2. Logon to vCIC and create artifacts directory, then log out

   [root@fuel ~]# ssh cic-1

   root@cic-1:~# mkdir -p artifacts

   root@cic-1:~# exit

3. Copy the Atlas archive to the vCIC (any of the three vCICs can be used):

   Note:  

   In case of non-CEE environment, copy Atlas artifacts to controller node instead of vCIC.

   
   

   [root@fuel ~]# scp ${TARGET_ATLAS_VERSION}.tar.gz <cic-hostname>:/root/artifacts/

   Note:  

   Ensure that the destination, for example /root/artifacts/, is present and has at least 4 GB free space. Use the command df -h <destination-path> to determine if the sufficient disk space is available.

   
   
4. Unpack the archive file:

   root@cic-1:~# cd artifacts

   root@cic-1:~/artifacts# tar -xzvf ${TARGET_ATLAS_VERSION}.tar.gz

   Note:  

   During the unpack sequence, all files in the archive are listed.

   
   
5. Backup the currently executing Atlas configuration files and folders, according to Atlas Backup.
6. Log on to the vCIC:

   [root@fuel ~]# ssh root@<Controller IP>

3   Upgrade Atlas SW

This section describes how to upgrade the Atlas server.

An Atlas upgrade is effectively a reinstallation of Atlas, using a new image. The parameters must be reconfigured, even though they were configured during the previous installation.

Note:  

In this procedure, the currently active and running Atlas is referred to as the old version. The version to replace the active and running Atlas is referred to as the new version.

To upgrade Atlas, do the following:

1. In /etc/atlasrc, the following environment variables are set with appropriate values:

   OS_CACERT	Environment variable for certificate file
   CERT_FILE	Environment variable for certificate file
   CA_CERT_FILE	Environment variable for certificate file
   neutron_extreme	Enable neutron_extreme, when extreme neutron configuration is used. Default is true.
   WATCHMEN_PASSWORD	OpenStack password for watchmen service
   TIMEZONE	Time zone as defined in config.yaml
   SSLCipherSuite, SSLProtocol	SSL Cipher suite and protocol as define in config.yaml
   NTP_SERVER_1, NTP_SERVER_2	NTP server IP address as defined in config.yaml
   CIDR_PUBLIC	Public (cee_om_sp) Subnet range as defined in config.yaml
   MGMT_IP	OpenStack management IP address
   CIDR_NBI, CIDR_SBI	Atlas NBI_IP and SBI _IP as defined in config.yaml
   NBI_IP, SBI_IP	Atlas NBI_IP and SBI _IP as defined in config.yaml
   START_ADDR_NBI, START_ADDR_SBI	NBI and SBI subnet allocation start address as defined in config.yaml
   END_ADDR_NBI, END_ADDR_SBI	NBI and SBI subnet allocation end address as defined in config.yaml
   GATEWAY_NBI, GATEWAY_SBI	NBI and SBI gateway IP as defined in config.yaml
   SEGID_NBI, SEGID_SBI	VLAN tag for NBI and SBI as defined in config.yaml
   NETWORK_NBI, NETWORK_SBI	Network name of NBI and SBI as defined in config.yaml
   SDNC_NBI_IP	SDN controller northbound IP as defined in config.yaml
   SDNC_USERNAME	SDN controller admin username as defined in config.yaml
   SDNC_PASSWORD	SDN controller admin password as defined in config.yaml
   VPN_NAME	Name of VPN network as defined in config.yaml
   ROUTE DISTINGUISHER	An 8-octet field prefixed to the IPv4 of the customer to make IPv4 prefixes globally unique as defined in config.yaml
   EXPORT_RT	Routing Engine uses active routes from the routing table to send a protocol advertisement in export route table as defined in config.yaml
   IMPORT_RT	Routing Engine places the routes of a routing protocol into the import route table as defined in config.yaml
   VPN_ID	Randomly generated UUID
   NETWORK_TYPE	Network type can be vlan or vxlan as defined in config.yaml. The default value is vlan.
   KEYSTONE_HOST	Public IP of the keystone identity service
   KEYSTONE_PORT	Keystone Port
   OS_USERNAME	Keystone admin user
   OS_PASSWORD	Keystone admin password
   OS_TENANT_NAME	Keystone admin tenant name
   OS_AUTH_URL	Keystone service internal URLv2
   ENABLE_ROUTER	Router menu displayed in Atlas (True or False)
   DNS_SERVER	Set to the IP address of the DNS server, in order to assign DNS server to Atlas
   ATLAS_HOSTNAME	Atlas host name used in the SSL certificate (SAN), keystone endpoints
   CONTROLLER_HOSTNAME	CIC host name used in SSL certificate (SAN), keystone
   BOOT_FROM_VOLUME	Boot either from image or volume

   Note:  

   All variables are filled during CEE installation when config.yaml has Atlas details specified. This file is maintained by ansible, and should not be modified manually.

   
   
2. Change directory to artifacts:

   root@cic-1:~# cd artifacts/

3. Provide executable permissions to Atlas installation script:

   root@cic-1:~/artifacts# chmod +x <atlas_install.sh path>

   Note:  

   An example of the command is:

   chmod +x atlas_install.sh

   
   
4. In localrc, ensure that following variables have the appropriate values:

   PASSWORD	Password for user atlasadm. Default is qwqwqw. New password should be of 12 or more characters with minimum three special, numeric, lower and upper case characters.
   SERVICE_CINDER_VOLUME	Set to true or false, based on Cinder service availability. Default is false
   ASSIGN_ATLAS_IP	Set to true for assigning NBI_IP and SBI_IP to atlas. Default is true.
   DATA_IMAGE_SIZE	Size of Data volume or ephemeral disk. Default is 120GB
   BOOT_IMAGE_SIZE	Size of bootable volume. Default is 10GB
   NET_ID	ID of the network on which the VM needs to be launched (for non-CEE environment)
   DISK	Disk size for Flavor in GB. Default is 10GB
   RAM	Memory for Flavor in MB. Default is 4096MB
   VCPU	Number of CPUs. Default is 2
   FLAVOR	Existing flavor-id or name. When the FLAVOR variable is specified, DISK, RAM, VCPU and EXTRA_SPECS information is overwritten.
   EXTRA_SPECS	Set extra specs for flavor Default is: hw:mem_page_size=1048576 hw:cpu_policy=dedicated for cpu pinning.
   USER_DATA	Path to store generated user-data file. Default is /tmp/user-data
   name	Name of the atlas vm
   image_name	Atlas Image file name to be used
   ARTIFACT	Path of artifacts
   deployment_env	Set deployment environment. Can have only values: CEE, VBOX, RHEL, UBUNTU, MOS. Default is CEE

   Note:  

   All variables have default values. Correct variables as needed, since they are site-dependent. More information is available within the localrc script itself.

   For non-CEE environment, update following variables in localrc: DATA_IMAGE_SIZE DISK RAM VCPU EXTRA_SPECS USER_DATA name image_name ARTIFACT deployment_env NET_ID

   
   
5. Execute atlas_install.sh script to deploy Atlas, using the following command:

   root@cic-1:~/artifacts# ./atlas_install.sh

6. Log on to Atlas.
7. Display the exact version of the currently executing Atlas Virtual Machine (VM):
   atlasadm@atlas:~ $ sudo atlas --version
8. Restore the required Atlas configuration files and folders according to Atlas Restore.

Note:  

When upgrading from 15B to R6 Atlas, perform the following steps before and after performing restore:

• Before restore, save these two lines from the file /etc/puppet/hieradata/passwords.yaml:
  • role::atlas::keystone_heat_pass: *********
  • role::atlas::keystone_ovft_pass: *********
  • role::atlas::keystone_mistral_pass: *********
• Comment the following lines in /opt/atlas/lib/restore:
  • /usr/local/sbin/apply-conf
  • /opt/atlas/bin/atlas user-init
• After restore and reboot, copy these lines:
  • role::atlas::keystone_heat_pass: *********
  • role::atlas::keystone_ovft_pass: *********
  • role::atlas::keystone_mistral_pass: *********
• Insert the copied lines in step_copylines into the following file:

  /etc/puppet/hieradata/passwords.yaml

• Execute the following commands:

  atlasadm@atlas:~$ sudo apply-conf
  atlasadm@atlas:~$ sudo atlas user-init

4   Post-Upgrade Activities

This section describes the post-upgrade activities needed for the new version of the Atlas server.

4.1   Verify Installation

To verify the installation of Atlas, do the following:

1. List active servers:

   root@cic1:~# nova list

   ID	Name	Status	Task State	Power State	Networks
   d8b0528c-9892-4c39-b015-5dd6253aa621	ecs-atlas	ACTIVE	None	Running	tenant_3582=<ip_address>;tenant_3583=<ip_address>

2. Start an available browser and enter the following URL:

   https://<ip_address>

3. Log on to Atlas from outside the CLI using NBI IP (<nbi_ip_address>):

   <user@laptop>:~# ssh atlasadm@<nbi_ip_address>

4. Log on to Atlas from the vCIC CLI using SBI IP (<sbi_ip_address>):

   root@cic1:~# ssh atlasadm@<sbi_ip_address>

5. Execute ovft capp-list.

   Note:  

   In case of rollback, execute ovft package-list.

   
   

4.2   SSL Certificate Installation

TLS certificates are not part of the Atlas backup. To ensure secure TLS communication, the certificates have to be reinstalled.

For more information on TLS certificate installation, refer to the "Conditions" section of the documents SW Installation in Multi-Server Deployment and SW Installation in Single Server Deployment.

4.3   Change Password for Atlas Users

This section describes how to change password for the Atlas users.

For more information about user management in a system hardening context, refer to the System Hardening Guideline.

Note:  

New passwords must be of 12 or more characters, with at least three special, numeric, lowercase and uppercase characters.

4.3.1   User atlasadm

To change the password for the user atlasadm, use the command:

atlasadm@atlas:~$ passwd

Changing password for atlasadm.
(current) UNIX password:
New password:
Retype new password:
passwd: password updated successfully

atlasadm@atlas:~$

4.3.2   User root

To change the password for the user root, use the command:

atlasadm@atlas:~$ sudo -i

[sudo] password for atlasadm:
root@atlas:~# passwd

 
New password:
Retype new password:
passwd: password updated successfully

root@atlas:~#

5   Rollback

In Atlas the procedure for a rollback is identical to an upgrade. The only difference is that the reference to the new version is a previous version, confirmed to have been working.

To do a rollback, perform the following steps:

1. Download an older version of the Atlas image and the installation script.
2. Perform steps 1 to 4 in Section 2, then continue with the next step below.
3. Rollback Atlas to an older version by performing the steps in Section 3.
4. Verify the rollback by performing the steps in Section 4.
5. Restore the latest backup of Atlas that was taken before the upgrade in Step 5 in Section 2.