github.com/rvaralda/deis@v1.4.1/docs/managing_deis/upgrading-deis.rst

github.com/rvaralda/deis@v1.4.1/docs/managing_deis/upgrading-deis.rst (about)

     1  :title: Upgrading Deis
     2  :description: Guide to upgrading Deis to a new release.
     3  
     4  
     5  .. _upgrading-deis:
     6  
     7  Upgrading Deis
     8  ==============
     9  
    10  There are currently two strategies for upgrading a Deis cluster:
    11  
    12  * In-place Upgrade (recommended)
    13  * Migration Upgrade
    14  
    15  Before attempting an upgrade, it is strongly recommended to :ref:`backup your data <backing_up_data>`.
    16  
    17  In-place Upgrade
    18  ----------------
    19  
    20  An in-place upgrade swaps out platform containers for newer versions on the same set of hosts,
    21  leaving your applications and platform data intact.  This is the easiest and least disruptive upgrade strategy.
    22  The general approach is to use ``deisctl`` to uninstall all platform components, update the platform version
    23  and then reinstall platform components.
    24  
    25  .. important::
    26  
    27      Always use a version of ``deisctl`` that matches the Deis release.
    28      Verify this with ``deisctl --version``.
    29  
    30  Use the following steps to perform an in-place upgrade of your Deis cluster.
    31  
    32  First, use the current ``deisctl`` to stop and uninstall the Deis platform.
    33  
    34  .. code-block:: console
    35  
    36      $ deisctl --version  # should match the installed platform
    37      1.0.2
    38      $ deisctl stop platform && deisctl uninstall platform
    39  
    40  There are important security fixes since Deis 1.0.2 that require upgrading
    41  to CoreOS 494.1.0 or later, and configuring Docker to access deis-registry. See
    42  :ref:`upgrading-coreos` first, then open a shell to each node:
    43  
    44  .. code-block:: console
    45  
    46      $ ssh deis-1.example.com  # repeat these steps for each node
    47      $ sudo -i
    48      $ mkdir -p /etc/systemd/system/docker.service.d
    49      $ cat <<EOF > /etc/systemd/system/docker.service.d/50-insecure-registry.conf
    50      [Service]
    51      Environment="DOCKER_OPTS=--insecure-registry 10.0.0.0/8 --insecure-registry 172.16.0.0/12 --insecure-registry 192.168.0.0/16"
    52      EOF
    53      $ reboot  # one node at a time, to avoid etcd failures
    54  
    55  Finally, update ``deisctl`` to the new version and reinstall:
    56  
    57  .. code-block:: console
    58  
    59      $ curl -sSL http://deis.io/deisctl/install.sh | sh -s 1.4.1
    60      $ deisctl --version  # should match the desired platform
    61      1.4.1
    62      $ deisctl config platform set version=v1.4.1
    63      $ deisctl install platform
    64      $ deisctl start platform
    65  
    66  .. attention::
    67  
    68      In-place upgrades incur approximately 10-30 minutes of downtime for deployed applications, the router mesh
    69      and the platform control plane.  Please plan your maintenance windows accordingly.
    70  
    71  
    72  Migration Upgrade
    73  -----------------
    74  
    75  This upgrade method provisions a new cluster running in parallel to the old one. Applications are
    76  migrated to this new cluster one-by-one, and DNS records are updated to cut over traffic on a
    77  per-application basis. This results in a no-downtime controlled upgrade, but has the caveat that no
    78  data from the old cluster (users, releases, etc.) is retained. Future ``deisctl`` tooling will have
    79  facilities to export and import this platform data.
    80  
    81  .. note::
    82  
    83      Migration upgrades are useful for moving Deis to a new set of hosts,
    84      but should otherwise be avoided due to the amount of manual work involved.
    85  
    86  .. important::
    87  
    88      In order to migrate applications, your new cluster must have network access
    89      to the registry component on the old cluster
    90  
    91  Enumerate Existing Applications
    92  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    93  Each application will need to be deployed to the new cluster manually.
    94  Log in to the existing cluster as an admin user and use the ``deis`` client to
    95  gather information about your deployed applications.
    96  
    97  List all applications with:
    98  
    99  .. code-block:: console
   100  
   101      $ deis apps:list
   102  
   103  Gather each application's version with:
   104  
   105  .. code-block:: console
   106  
   107      $ deis apps:info -a <app-name>
   108  
   109  Provision servers
   110  ^^^^^^^^^^^^^^^^^
   111  Follow the Deis documentation to provision a new cluster using your desired target release.
   112  Be sure to use a new etcd discovery URL so that the new cluster doesn't interfere with the running one.
   113  
   114  Upgrade Deis clients
   115  ^^^^^^^^^^^^^^^^^^^^
   116  If changing versions, make sure you upgrade your ``deis`` and ``deisctl`` clients
   117  to match the cluster's release.
   118  
   119  Register and login to the new controller
   120  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   121  Register an account on the new controller and login.
   122  
   123  .. code-block:: console
   124  
   125      $ deis register http://deis.newcluster.example.org
   126      $ deis login http://deis.newcluster.example.org
   127  
   128  Migrate applications
   129  ^^^^^^^^^^^^^^^^^^^^
   130  The ``deis pull`` command makes it easy to migrate existing applications from
   131  one cluster to another.  However, you must have network access to the existing
   132  cluster's registry component.
   133  
   134  Migrate a single application with:
   135  
   136  .. code-block:: console
   137  
   138      $ deis create <app-name>
   139      $ deis pull registry.oldcluster.example.org:5000/<app-name>:<version>
   140  
   141  This will move the application's Docker image across clusters, ensuring the application
   142  is migrated bit-for-bit with an identical build and configuration.
   143  
   144  Now each application is running on the new cluster, but they are still running (and serving traffic)
   145  on the old cluster.  Use ``deis domains:add`` to tell Deis that this application can be accessed
   146  by its old name:
   147  
   148  .. code-block:: console
   149  
   150      $ deis domains:add oldappname.oldcluster.example.org
   151  
   152  Repeat for each application.
   153  
   154  Test applications
   155  ^^^^^^^^^^^^^^^^^
   156  Test to make sure applications work as expected on the new Deis cluster.
   157  
   158  Update DNS records
   159  ^^^^^^^^^^^^^^^^^^
   160  For each application, create CNAME records to point the old application names to the new. Note that
   161  once these records propagate, the new cluster is serving live traffic. You can perform cutover on a
   162  per-application basis and slowly retire the old cluster.
   163  
   164  If an application is named 'happy-bandit' on the old Deis cluster and 'jumping-cuddlefish' on the
   165  new cluster, you would create a DNS record that looks like the following:
   166  
   167  .. code-block:: console
   168  
   169      happy-bandit.oldcluster.example.org.        CNAME       jumping-cuddlefish.newcluster.example.org
   170  
   171  Retire the old cluster
   172  ^^^^^^^^^^^^^^^^^^^^^^
   173  Once all applications have been validated, the old cluster can be retired.
   174  
   175  
   176  .. _upgrading-coreos:
   177  
   178  Upgrading CoreOS
   179  ----------------
   180  
   181  By default, Deis disables CoreOS automatic updates. This is partially because in the case of a
   182  machine reboot, Deis components will be scheduled to a new host and will need a few minutes to start
   183  and restore to a running state. This results in a short downtime of the Deis control plane,
   184  which can be disruptive if unplanned.
   185  
   186  Additionally, because Deis customizes the CoreOS cloud-config file, upgrading the CoreOS host to
   187  a new version without accounting for changes in the cloud-config file could cause Deis to stop
   188  functioning properly.
   189  
   190  .. important::
   191  
   192    Enabling updates for CoreOS will result in the machine upgrading to the latest CoreOS release
   193    available in a particular channel. Sometimes, new CoreOS releases make changes that will break
   194    Deis. It is always recommended to provision a Deis release with the CoreOS version specified
   195    in that release's provision scripts or documentation.
   196  
   197  While typically not recommended, it is possible to trigger an update of a CoreOS machine. Some
   198  Deis releases may recommend a CoreOS upgrade - in these cases, the release notes for a Deis release
   199  will point to this documentation.
   200  
   201  To update CoreOS, run the following commands:
   202  
   203  .. code-block:: console
   204  
   205      $ ssh core@<server ip>
   206      $ sudo su
   207      $ echo GROUP=stable > /etc/coreos/update.conf
   208      $ systemctl unmask update-engine.service
   209      $ systemctl start update-engine.service
   210      $ update_engine_client -update
   211      $ systemctl stop update-engine.service
   212      $ systemctl mask update-engine.service
   213      $ reboot
   214  
   215  .. warning::
   216  
   217    You should only upgrade one host at a time. Removing multiple hosts from the cluster
   218    simultaneously can result in failure of the etcd cluster. Ensure the recently-rebooted host
   219    has returned to the cluster with ``fleetctl list-machines`` before moving on to the next host.
   220  
   221  You can check the CoreOS version by running the following command on the CoreOS machine:
   222  
   223  .. code-block:: console
   224  
   225      $ cat /etc/os-release
   226  
   227  Or from your local machine:
   228  
   229  .. code-block:: console
   230  
   231      $ ssh core@<server ip> 'cat /etc/os-release'