Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: Update process should not depend on internet access from the cpu nor storage nodes. #1901

Open
dinosn opened this issue Oct 11, 2018 · 4 comments
Open

FR: Update process should not depend on internet access from the cpu nor storage nodes. #1901

dinosn opened this issue Oct 11, 2018 · 4 comments
Assignees
@ashraffouda
Labels
type_feature
Milestone
2.4.6

Comments

@dinosn
Copy link
Contributor

dinosn commented Oct 11, 2018

Hi,

As we are proceeding with more strict and isolated environments the direct access to the internet from the CPU nodes and storage nodes should not be considered requirement.

The upgrade process should be done in such case that one system eg, controller 1/2 or 3 will have access in the net and will perform the package delivery to all other nodes.

In that way we can work with flexibility in isolated environment and further enhance our network security.
@FastGeert
Copy link

This is solved in 2.4.6. All software is now issued via docker images. Installation / update procedure of OVC components all happens from the controller. Only OVS is still installed from the apt repositories of OVS. But we also could just serve them from the controller.

@FastGeert
Copy link

FastGeert commented Oct 23, 2018
edited
Loading

Create an apt repository docker image that clones the OVS apt repository + holds all ubuntu packages.

  • Adapt installation / update procedure to install from our own shipped docker image apt repository.
  • sources.list should only contain our own apt repository hosted locally on all our boxes (controllers / cpu nodes / storage)

See https://help.ubuntu.com/community/Repositories/Personal

@FastGeert FastGeert added this to the 2.4.6 milestone Oct 23, 2018
@dinosn
Copy link
Contributor Author

dinosn commented Oct 23, 2018

Seems a good solution !

@FastGeert
Copy link

FastGeert commented Oct 25, 2018
edited
Loading

  • Apt related
    • Add docker ce as part of the controller installer image. Also adapt installation docs.
    • Deploy the apt repository as part of the kubernetes install. Make it available to all nodes internally (not to the internet). Add it to the pxeboot pod. Publish a fixed domain name (eg apt.local) pointing to the floating ip of the pxeboot pod.
    • Fix the images (controller & node) to only point to the locally hosted apt repo (deb http://apt.local:3142 binary/)
    • Create an update script to fix all sources.list to only point to our local apt repository
  • OVS
    • Make the ovs image self contained. Should not have clone git repos / install packages during the installation process.
  • Docker related
    • Install / uprade from our own docker image repository

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ashraffouda ashraffouda

Labels
type_feature
Projects
None yet
Milestone
2.4.6
Development

No branches or pull requests
3 participants
@ashraffouda @dinosn @FastGeert