Skip to content

update_service: Add docs for the OpenShift Update Service #29630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bobfuru merged 1 commit into from
Jun 4, 2021
Merged

update_service: Add docs for the OpenShift Update Service #29630

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion _topic_map.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -393,8 +393,10 @@ Name: Updating clusters
Dir: updating
Distros: openshift-origin,openshift-enterprise
Topics:
- Name: Understanding the update service
- Name: Understanding the OpenShift Update Service
File: understanding-the-update-service
- Name: Installing and configuring the OpenShift Update Service
File: installing-update-service
- Name: Updating a cluster between minor versions
File: updating-cluster-between-minor
- Name: Updating a cluster within a minor version from the web console
Expand Down
9 changes: 8 additions & 1 deletion modules/update-restricted.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,13 @@

Update the restricted network cluster to the {product-title} version that you downloaded the release images for.

//TODO: Add xrefs in the following note when functionality is enabled.

[NOTE]
====
If you have a local OpenShift Update Service, you can update by using the connected web console or CLI instructions instead of this procedure.
====

.Prerequisites

* You mirrored the images for the new release to your registry.
Expand All @@ -28,5 +35,5 @@ If you use an `ImageContentSourcePolicy` for the mirror registry, you can use th
+
[NOTE]
====
You can only configure global pull secrets for clusters that have an `ImageContentSourcePolicy` object. You cannot add a pull secret to a project.
You can only configure global pull secrets for clusters that have an `ImageContentSourcePolicy` object. You cannot add a pull secret to a project.
====
42 changes: 42 additions & 0 deletions modules/update-service-configure-cvo.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
[id="update-service-configure-cvo"]
= Configuring the Cluster Version Operator (CVO)

After the OpenShift Update Service Operator has been installed and the OpenShift Update Service application created CVO can be updated to pull graph data from the locally installed OpenShift Update Service.

.Prerequisites

* The OpenShift Update Service Operator has been installed.
* The Openshift Update Service graph-data container image has been created and pushed to a repository accessible to the OpenShift Update Service.
* The current release and update target releases have been mirrored to a locally accessible registry.
* The OpenShift Update Service application has been created.

.Procedure

. Set the OpenShift Update Service target namespace, for example, `openshift-update-service`:
+
[source,terminal]
----
$ NAMESPACE=openshift-update-service
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not a big deal to do it this way, but setting these variables in individual steps seems like it's making the procedure a lot longer than it needs to be. Is there any reason to do it this way vs. showing a YAML code block and adding a replaceable value / callout to the lines that they need to set themselves? And then doing an oc create -f <file> after?

For example: https://docs.openshift.com/container-platform/4.7/operators/admin/olm-restricted-networks.html#olm-creating-catalog-from-index_olm-restricted-networks

Copy link
Contributor

@bobfuru bobfuru Jun 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't address this comment in the new PR, so calling it out in case you agree, @jottofar. If so, please open a new PR and we'll get this updated.

----

. Set the name of the OpenShift Update Service application, for example, `service`:
+
[source,terminal]
----
$ NAME=service
----

. Obtain the policy engine route:
+
[source,terminal]
----
$ POLICY_ENGINE_GRAPH_URI="$(oc -n "${NAMESPACE}" get -o jsonpath='{.status.policyEngineURI}/api/upgrades_info/v1/graph{"\n"}' updateservice "${NAME}")"
----

. Patch the CVO ClusterVersion to use the local OpenShift Update Service:
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ClusterVersion -> cluster version

+
[source,terminal]
----
$ PATCH="{\"spec\":{\"upstream\":\"${POLICY_ENGINE_GRAPH_URI}\"}}"
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only show one command in a code block at a time, can you separate these into separate code blocks/steps?

Copy link
Contributor

@bobfuru bobfuru Jun 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I split these out in the new PR. Hoping I got the added step wording close to right:

. Set the patch for the pull graph data:
+
[source,terminal]
----
$ PATCH="{\"spec\":{\"upstream\":\"${POLICY_ENGINE_GRAPH_URI}\"}}"
----
+
. Patch the CVO cluster version to use the local OpenShift Update Service:
+
[source,terminal]
----
$ oc patch clusterversion version -p $PATCH --type merge
----

$ oc patch clusterversion version -p $PATCH --type merge
----
82 changes: 82 additions & 0 deletions modules/update-service-create-service-cli.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
[id="update-service-create-service-cli_{context}"]
= Creating an OpenShift Update Service application by using the CLI

You can use the {product-title} CLI to create an OpenShift Update Service application.
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please replace all instances of "{product-title} CLI" with "OpenShift CLI (oc)" ?


.Prerequisites

* The OpenShift Update Service Operator has already been installed.
* The Openshift Update Service graph-data container image has already been created and pushed to a repository accessible to the OpenShift Update Service.
* The current release and update target releases have already been mirrored to a locally accessible registry.

.Procedure

To create an OpenShift Update Service application by using the {product-title} CLI:

. Configure the OpenShift Update Service target namespace, for example, `openshift-update-service`:
+
[source,terminal]
----
$ NAMESPACE=openshift-update-service
----
+
The namespace must match the `targetNamespaces` value from the OperatorGroup.
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OperatorGroup -> operator group


. Configure the name of the OpenShift Update Service application, for example, `service`:
+
[source,terminal]
----
$ NAME=service
----

. Configure the local registry and repository for the release images as configured in "Mirroring the {product-title} image repository", for example, `registry.example.com/ocp4/openshift4-release-images`:
//TODO: Add xref to the preceding step when allowed.
+
[source,terminal]
----
$ RELEASE_IMAGES=registry.example.com/ocp4/openshift4-release-images
----

. Set the local pullspec for the graph-data image to the graph-data container image created in "Creating the OpenShift Update Service graph data container image", for example, `registry.example.com/openshift/graph-data:latest`:
//TODO: Add xref to the preceding step when allowed.
+
[source,terminal]
----
$ GRAPH_DATA_IMAGE=registry.example.com/openshift/graph-data:latest
----

. Create an OpenShift Update Service application object:
+
[source,terminal]
----
$ oc -n "${NAMESPACE}" create -f - <<EOF
apiVersion: updateservice.operator.openshift.io/v1
kind: UpdateService
metadata:
name: ${NAME}
spec:
replicas: 2
releases: ${RELEASE_IMAGES}
graphDataImage: ${GRAPH_DATA_IMAGE}
EOF
----

. Verify the OpenShift Update Service application:

.. Use the following command to obtain a policy engine route:
+
[source,terminal]
----
$ while sleep 1; do POLICY_ENGINE_GRAPH_URI="$(oc -n "${NAMESPACE}" get -o jsonpath='{.status.policyEngineURI}/api/upgrades_info/v1/graph{"\n"}' updateservice "${NAME}")"; SCHEME="${POLICY_ENGINE_GRAPH_URI%%:*}"; if test "${SCHEME}" = http -o "${SCHEME}" = https; then break; fi; done
----
+
You might need to poll until the command succeeds.

.. Retrieve a graph from the policy engine. Be sure to specify a valid version for *channel*. For example, if running in {product-title} {product-version} use version {product-version}, e.g. *stable-{product-version}*:
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • channel and stable-{product-version} should be in backticks instead of bold/asterisks.
  • The second sentence has too many example/e.g. I'd shorten to:
For example, if running in {product-title} {product-version}, use `stable-{product-version}`:

+
[source,terminal]
----
$ while sleep 10; do HTTP_CODE="$(curl --header Accept:application/json --output /dev/stderr --write-out "%{http_code}" "${POLICY_ENGINE_GRAPH_URI}?channel=stable-4.6")"; if test "${HTTP_CODE}" -eq 200; then break; fi; echo "${HTTP_CODE}"; done
----
+
This polls until the graph request succeeds, although depending on which release images you have mirrored, the resulting graph might be empty.
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe: "This polls until the graph request succeeds; however, the resulting graph might be empty depending on which release images you have mirrored."

42 changes: 42 additions & 0 deletions modules/update-service-create-service-web-console.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
[id="update-service-create-service-web-console_{context}"]
= Creating an OpenShift Update Service application by using the web console

You can use the {product-title} web console to create an Update Service application by using the OpenShift Update Service Operator.
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update Service -> update service
Or Should it be "OpenShift Update Service application"?

Copy link
Contributor

@bobfuru bobfuru Jun 4, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Went with the latter.


.Prerequisites

* The OpenShift Update Service Operator has already been installed.
* The Openshift Update Service graph-data container image has already been created and pushed to a repository accessible to the OpenShift Update Service.
* The current release and update target releases have already been mirrored to a locally accessible registry.

.Procedure

To create an OpenShift Update Service application by using the {product-title} web console:
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can remove this since you already stated something similar a few lines up


. In the {product-title} web console, click *Operators* -> *Installed Operators*.

. Choose *OpenShift Update Service* from the list of installed Operators.

. Click the *Update Service* tab.

. Click *Create UpdateService*.

. Enter a name in the *Name* field, for example, `service`.

. Enter the local pullspec in the *Graph Data Image* field to the graph-data container image created in "Creating the OpenShift Update Service graph data container image", for example, `registry.example.com/openshift/graph-data:latest`.
//TODO: Add xref to preceding step when allowed.

. In the *Releases* field, enter the local registry and repository created to contain the release images in "Mirroring the OpenShift Container Platform image repository", for example, `registry.example.com/ocp4/openshift4-release-images`.
//TODO: Add xref to preceding step when allowed.

. Enter `2` in the *Replicas* field.

. Click *Create* to create the OpenShift Update Service application.

. Verify the OpenShift Update Service application:

** From the *UpdateServices* list in the *Update Service* tab, click the Update Service application just created.

** Click the *Resources* tab.

** Verify each application resource has status *Created*.
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

status *Created* -> a status of *Created*

35 changes: 35 additions & 0 deletions modules/update-service-delete-service-cli.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
[id="update-service-delete-service-cli_{context}"]
= Deleting an OpenShift Update Service application by using the CLI

You can use the {product-title} CLI to delete an OpenShift Update Service application.

.Procedure

To delete an OpenShift Update Service application by using the {product-title} CLI:
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be removed as it's redundant. I won't point out any more if you can check your other procedures too


. Get the OpenShift Update Service application name using the namespace the OpenShift Update Service application was created in, for example, `openshift-update-service`:
+
[source,terminal]
----
$ oc get updateservice -n openshift-update-service
----
+
.Example output
[source,terminal]
----
NAME AGE
service 6s
----

. Delete the OpenShift Update Service application using the `Name` value from the previous step and the namespace the OpenShift Update Service application was created in, for example, `openshift-update-service`:
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Name -> NAME (to be consistent with the above output

+
[source,terminal]
----
$ oc delete updateservice service -n openshift-update-service
----
+
.Example output
[source,terminal]
----
updateservice.updateservice.operator.openshift.io "service" deleted
----
22 changes: 22 additions & 0 deletions modules/update-service-delete-service-web-console.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
[id="update-service-delete-service-web-console_{context}"]
= Deleting an OpenShift Update Service application by using the web console

You can use the {product-title} web console to delete an OpenShift Update Service application by using the OpenShift Update Service Operator.

.Prerequisites

* The OpenShift Update Service Operator has already been installed.

.Procedure

To delete an OpenShift Update Service application by using the {product-title} web console:

. In the {product-title} web console, click *Operators* -> *Installed Operators*.

. Choose *OpenShift Update Service* from the list of installed Operators.

. Click the *Update Service* tab.

. From the list of installed OpenShift Update Service applications, select the menu icon at the far right of the application to be deleted and then click *Delete UpdateService*.

. From the *Delete UpdateService?* pop up click the *Delete* button to confirm the deletion.
Copy link
Contributor

@bergerhoffer bergerhoffer Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • pop up -> confirmation dialog,
  • click the *Delete* button -> click *Delete*

31 changes: 31 additions & 0 deletions modules/update-service-graph-data.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
[id="update-service-graph-data_{context}"]
= Creating the OpenShift Update Service graph data container image

The OpenShift Update Service requires a graph-data container image, from which the OpenShift Update Service retrieves information about channel membership and blocked update edges. Graph data is typically fetched directly from the upgrade graph data repository. In environments where an internet connection is unavailable, loading this information from an init container is another way to make the graph data available to the OpenShift Update Service. The role of the init container is to provide a local copy of the graph data, and during pod initialization, the init container copies the data to a volume accessible by the service.

.Procedure

. Create a Dockerfile, for example, `./Dockerfile`, containing the following:
+
[source,terminal]
----
FROM registry.access.redhat.com/ubi8/ubi:8.1

RUN curl -L -o cincinnati-graph-data.tar.gz https://github.com/openshift/cincinnati-graph-data/archive/master.tar.gz

CMD exec /bin/bash -c "tar xvzf cincinnati-graph-data.tar.gz -C /var/lib/cincinnati/graph-data/ --strip-components=1"
----

Copy link

@jiajliu jiajliu Mar 26, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Above Docker file seems not workable. I just have a test with above dockerfile to build a graph-data image, it failed to start as following:

# ./oc get po
NAME                                     READY   STATUS                  RESTARTS   AGE
update-68cc44f479-bm2pc                  0/2     Init:CrashLoopBackOff   7          11m
updateservice-operator-5685848f8-vm8bc   1/1     Running                 0          18m
  Normal   Pulled          <invalid> (x3 over <invalid>)  kubelet            Container image "jliu-46.mirror-registry.qe.gcp.devcluster.openshift.com:5000/openshift/graph-data:latest" already present on machine
  Normal   Created         <invalid> (x3 over <invalid>)  kubelet            Created container graph-data
  Normal   Started         <invalid> (x3 over <invalid>)  kubelet            Started container graph-data
  Warning  BackOff         <invalid> (x2 over <invalid>)  kubelet            Back-off restarting failed container

After I changed to another graph-data image built from dockerfile, it works correctly.

# ./oc get po
NAME                                     READY   STATUS    RESTARTS   AGE
update-75bcb6f7b6-7fhw5                  2/2     Running   0          3m52s
updateservice-operator-5685848f8-vm8bc   1/1     Running   0          38m

Copy link
Contributor Author

@jottofar jottofar Apr 1, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have not been able to successfully test this using any of the instructions but I may have an unrelated issue. I get the following error from the graph-builder container:

Error: ErrorMessage { msg: "empty key_prefix" }

Can you provide the log output from the graph-builder container when you try the "as written" instructions please e.g. oc logs pod/sample-6f5c65f856-lw9wl -c graph-builder -n openshift-update-service

Copy link

@jiajliu jiajliu Apr 2, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jottofar There seems not much more logs from the instance pod.

# ./oc logs update-68cc44f479-gf5rr -c graph-builder 
Error from server (BadRequest): container "graph-builder" in pod "update-68cc44f479-gf5rr" is waiting to start: PodInitializing

I pasted more info here https://privatebin-it-iso.int.open.paas.redhat.com/?70494bb9d993b659#9vPT8Wgqhb9RSnW2Gb9BCS4E5aBLQtTV9bwEz8CDPBek
And almost the same test steps with another graph-data image built from dockerfile, then it works. Please help confirm what's wrong here, thx!

Copy link

@jiajliu jiajliu Jun 3, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jottofar I had a check again today and found that it's my wrong dockerfile. The steps work well in this pr. So this issue should be no issue now.

CMD exec /bin/bash -c "tar xvzf /tmp/cincinnati-graph-data.tar.gz -C /var/lib/cincinnati/graph-data/ --strip-components=1"

. Use the docker file created in the above step to build a graph-data container image, for example, `registry.example.com/openshift/graph-data:latest`:
+
[source,terminal]
----
$ podman build -f ./Dockerfile -t registry.example.com/openshift/graph-data:latest
----

. Push the graph-data container image created in the above step to a repository accessible to the OpenShift Update Service, for example, `registry.example.com/openshift/graph-data:latest`:
+
[source,terminal]
----
$ podman push registry.example.com/openshift/graph-data:latest
----
Loading