Are unattended updates of hypervisor or OS that runs openstack possible?

asked 2019-04-16 09:16:53 -0500

sampsont gravatar image

updated 2019-04-16 15:18:05 -0500

OpenStack is very dynamic and flexible but it seems to assume that there is a hypervisor or OS initially running. When it is time to update the hypervisor or OS that is running OpenStack, can that be done with automation without any physical presence at the computer?

It's my experience that dist-upgrades for Ubuntu might not always work. Is it possible to automatically install a fresh OS without a physical presence?

Maybe I should explain the reason for my question. Our customers may have dozens or even a hundred or so of our systems on their network. It is a burden for us to keep our systems up to date with security, application and OS updates. I don't know much about OpenStack but I'm wondering if our systems on our customer's network could be an OpenStack cloud that could be managed dynamically instead of needing to manually keep everything up to date. If so, it seems like you would still have the problem of keeping whatever OpenStack needs to run on updated. Is that a totally separate task? Ansible or equiv could do dist-upgrades but in my experience, you can't always count on an incremental OS upgrade. You need to be able to do a fresh OS installation. Usually, you need to visit the remote host with a USB drive to do a fresh installation. What does everybody else do?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2019-04-18 19:07:52 -0500

This is hard to do. An OS update often involves rebooting the server. Rebooting an OpenStack controller or compute node requires careful planning and a strict protocol, which im my opinion would require sophisticated automation.

Examples of the challenges you face:

  • Before rebooting a compute node, the instances that run on it need to be taken care of. Usually, you would live-migrate them. Since live-migration can fail, you need to do something about errors, which may require human decision-making.
  • Controllers in a production environment run in an active-active HA configuration, but not all OpenStack services can be run active/active (specifically, cinder-volume and nova-consoleauth). You will first have to move them to a different controller before rebooting.

Study the documentation of your favorite OpenStack distro for more information, for example the Planned Maintenance section in SUSE's OpenStack Cloud ops guide.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2019-04-16 09:16:53 -0500

Seen: 85 times

Last updated: Apr 18 '19