40 lines
19 KiB
Markdown
40 lines
19 KiB
Markdown
# Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419
|
||
#### Helm upgrade procedure
|
||
|
||
<table><colgroup><col> <col> <col> <col> <col> <col></colgroup><tbody><tr><th></th><th>SEQ</th><th>Steps</th><th>Duration</th><th>Downtime</th><th></th></tr><tr><td rowspan="2"><h3>Prerequisites</h3></td><td>1</td><td><p>Make sure current suite is upgraded to version 24.2.fp1</p></td><td>1 min</td><td rowspan="2">NA</td><td></td></tr><tr><td>2</td><td><p>Run the following command to make sure that all the OMT and suite pods are ready</p></td><td>1 min</td><td><p>kubectl get pod --all-namespaces|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v 6/6|grep -v Completed</p></td></tr><tr><td rowspan="9"><h3>Preparation</h3></td><td>1</td><td><p>Download the ESM helm chart to bastion</p></td><td>2 mins</td><td rowspan="9">NA</td><td><p>Download helm chart (24.2.FP1) & Unzip & Verify the signature</p><p><a>s3://deploy-packages/artifacts/24.2/24.2.FP1-04-29-2024-Build-185/ESM_Helm_Chart-24.2.1.zip</a></p></td></tr><tr><td>2</td><td>Get environment variables</td><td>1 min</td><td><div><pre><code>NAMESPACE=`kubectl get namespace|grep itsma | cut -f1 -d " "`
|
||
SYSTEM_USER_ID=$(kubectl get configmap -o jsonpath='{.data.system_user_id}' itsma-common-configmap -n $NAMESPACE)
|
||
SYSTEM_GROUP_ID=$(kubectl get configmap -o jsonpath='{.data.system_group_id}' itsma-common-configmap -n $NAMESPACE)
|
||
SIZE=$(kubectl get configmap -o jsonpath='{.data.itom_suite_size}' itsma-common-configmap -n $NAMESPACE)
|
||
echo NAMESPACE: $NAMESPACE SYSTEM_USER_ID: ${SYSTEM_USER_ID}, SYSTEM_GROUP_ID: ${SYSTEM_GROUP_ID}, SIZE: ${SIZE}</code></pre><p>NOTE: If your bastion session is expired, run this get ENV variables again. If it expires after you delete the ns, replace the variables manually when executing the command</p></div></td></tr><tr><td>3</td><td>(Optional) Backup the <strong>suite external ingress</strong> and <strong>suite integration ingress</strong></td><td>2 mins</td><td><p><strong>For ESK ENV, you will create the ingresses (suite and integration) after helm installation.</strong></p><p><strong>If you don't have the backup files, please do the backup in advance. For example:</strong></p><p><strong>NOTE: The ingress names may vary across environments</strong></p><p>kubectl get ingress sma-ingress -n $NAMESPACE -o yaml > suite-ingress-backup.yaml</p><p>kubectl get ingress sma-int-ingress -n $NAMESPACE -o yaml > sma-int-ingress-backup.yaml</p><p>Note: After helm installation you have to re-create related ingress and alb.</p></td></tr><tr><td>4</td><td><p>Create additional volumes</p></td><td>1 min</td><td><p>For EKS:</p><p>Run the following commands on the bastion node.</p><p><strong>NOTE: Please replace the mount point with the actual value:</strong></p><p>sudo mkdir -p /mnt/efs/var/vols/itom/itsma/config-volume</p><p>sudo mkdir -p /mnt/efs/var/vols/itom/itsma/logging-volume</p><p>sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/config-volume<br>sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/logging-volume<br>sudo chmod g+w /mnt/efs/var/vols/itom/itsma/config-volume<br>sudo chmod g+w /mnt/efs/var/vols/itom/itsma/logging-volume<br>sudo chmod g+s /mnt/efs/var/vols/itom/itsma/config-volume<br>sudo chmod g+s /mnt/efs/var/vols/itom/itsma/logging-volume</p></td></tr><tr><td>5</td><td><p>Check folder permissions</p></td><td>5 mins</td><td><p><strong>Using the following command to check and change folder permission (Please replace the mount point with actual value:):</strong></p><p>Check folder permission:</p><p>sudo find /mnt/efs/var/vols/itom -type d -exec stat --format='%u:%g %A %n' '{}' \;| grep -v $SYSTEM_USER_ID:$SYSTEM_GROUP_ID</p><p>If the result doesn't include <code><SYSTEM_USER_ID>:<SYSTEM_GROUP_ID></code>, change the ownership of each directory or file that you created by using the <strong><code>chown -R <SYSTEM_USER_ID>:<SYSTEM_GROUP_ID> <MOUNT_POINT></code></strong> command.</p><p>For example (the command find and update the folders' permission exclude the log folder):</p><p>sudo find /mnt/efs/var/vols/itom -type d -not -path "/mnt/efs/var/vols/itom/itsma/global-volume/logs/*" -exec chown $SYSTEM_USER_ID:$SYSTEM_GROUP_ID {} +</p></td></tr><tr><td>6</td><td><p>Sync data to new Helm persistent volumes</p></td><td>6 mins</td><td><p>NOTE: You may want to clean up the tenant-import and tenant-export folders if the size of these 2 volumes are too large before sync.</p><p><strong>Sync data to new PV:</strong></p><p>cd ESM_Helm_Chart-2x.x/scripts/transformation<br>chmod u+x syncData.sh</p><p>Run sycnData command <strong>with your own path</strong>, for example:</p><p>sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume</p><p><u>NOTE: you need to press 'y' twice to complete the script</u></p><p><strong>Also you could use the following command to avoid bastion connection interruption during data sync</strong></p><p><strong>NOTE: Please replace the mount point to actual value you use:</strong></p><p>nohup sh -c "printf 'y\ny\ny\ny\n' | sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume" </dev/null >nohup.out 2>&1 &</p><p><strong>Watch the progress by below command:</strong></p><p>tail -f nohup.out</p><p>Gov Cloud ENV took 6 mins with below data size:</p><p>The 'global-volume' requires an additional 77 MB of free disk space.<br>The 'config-volume' requires an additional 70 MB of free disk space.</p></td></tr><tr><td rowspan="2">7</td><td rowspan="2"><p>Retrieve system configurations and generate values.yaml file</p><ul><li>Generate basic values.yaml</li><li><p>Generate customized values.yaml</p></li></ul></td><td rowspan="2">5 mins</td><td><p>Before you begin, ensure that the <strong>jq and yq</strong> tools are installed</p><p><strong>Generate basic values.yaml file based on the suite environment</strong></p><p>cd ESM_Helm_Chart-2x.x/scripts/transformation<br>chmod u+x generateBasicValuesYaml.sh<br>./generateBasicValuesYaml.sh</p><p><u>NOTE: you need to press 'y' twice to complete the script</u></p><p>Copy the <code>values.yaml</code> file to the ESM_Helm_Chart-2x.x/charts/ directory.</p><p>Save a copy of the <code>values.yaml</code> file in a secure location as backup.</p></td></tr><tr><td><p><strong>Generate customized values.yaml</strong></p><p>Go to the <code>ESM_Helm_Chart-2x.x/scripts/custom_settings</code> directory.Change the script file permission and run script:</p><p>cd ESM_Helm_Chart-2x.x/esm-1.0.0+2x.x-xxx/scripts/ <strong>custom_settings</strong></p><p>chmod u+x generateCustomSettings.sh</p><p>./generateCustomSettings.sh</p><p>The script generates a <code>customized_values.yaml</code> file in the current directory.</p><p>Copy the <code>customized_values.yaml</code> file to the ESM_Helm_Chart-2x.x/charts/ directory.</p><p>Save the <code>customized_values.yaml</code> file to a secure location as a backup copy.</p></td></tr><tr><td>7</td><td><p>Back up OMT and SMA</p></td><td>30 mins</td><td><p>Backup the whole SMAX (RDS/EFS/K8S)</p></td></tr><tr><td rowspan="12"><h3>Maintain Window</h3></td><td>1</td><td><p>Stop SMA and OMT</p></td><td>5 mins</td><td rowspan="11">45 mins</td><td><p><strong>1.Stop OMT & SMA:</strong></p><p>$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n $NAMESPACE<br>$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n core</p><p><strong>2.Check the pods of OMT & SMA are all stopped.</strong></p><p>kubectl get pod -n $NAMESPACE|grep -v -E 'throttling|opentelemetry|toolkit|Completed'<br>kubectl get pod -n core |grep -v Completed</p><p>NOTE: If your promethues pods are under core namespace, it takes time to shut down these pods</p></td></tr><tr><td>2</td><td><p>Clean up classic SMA resources</p></td><td>5 mins</td><td><p><strong>Use the below command to clean the SMA resource:</strong></p><p>kubectl delete ns $NAMESPACE</p><p><strong>NOTE: Deleting the ns will re-created the ingress and ALB. You will create new ingress and ALB for EKS in helm installation step. Then bound the newly created the ingress alb to FedRAMP domain</strong></p><p><strong>Verify the ns is deleted:</strong></p><p>kubectl get ns</p><p><strong>Use the following command to check what resources are being used:</strong></p><p>kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n $NAMESPACE</p><p><strong>Patch the ingress use the following command:</strong></p><p>kubectl patch <api-resource> <resource name> -n $NAMESPACE --type=json --patch='[{"op": "remove", "path": "/metadata/finalizers/0"}]'</p></td></tr><tr><td>3</td><td><p>Sync incremental data</p></td><td>2 mins</td><td><p><strong>Sync incremental data:</strong></p><p>Go to the <code>ESM_Helm_Chart-2x.x/scripts/transformation</code> directory and run below command again:</p><p>sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume</p><p>NOTE: to sync incremental data you only need to press y for one time</p><p>The incremental sync should not cost long time as the first sync, while still you can use the below command to avoid bastion connection interruption during sync data</p><p><strong>NOTE: Please replace the mount point with your actual environment:</strong></p><p>nohup sh -c "printf 'y\ny\ny\ny\n' | sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume" </dev/null >nohup.out 2>&1 &</p></td></tr><tr><td>4</td><td><p>Update the label for the core namespace</p></td><td>1 min</td><td><p><strong>Update the label for core:</strong></p><p>kubectl patch ns core -p '{"metadata":{"labels":{" <a>deployments.microfocus.com/deployment-name":"cdf</a> "}}}'</p></td></tr><tr><td>5</td><td>Create a deployment for the suite</td><td>1 min</td><td><p><strong>Create a deployment for suite:</strong></p><p>$CDF_HOME/bin/cdfctl deployment create -d $NAMESPACE<br>NOTE: This command creates a deployment with <strong>your original suite namespace</strong> as the deployment name.</p></td></tr><tr><td>6</td><td>Refine existing PVs</td><td>1 min</td><td><ol><li>Go to the <code>ESM_Helm_Chart-2x.x/scripts/transformation</code> directory.cd ESM_Helm_Chart-2x.x/esm-1.0.0+2x.x-xxx/scripts/transformation<br></li><li>Run the following commands:<p>chmod u+x refinePV.sh<br>./refinePV.sh $SIZE<br><u>NOTE: Press "y" after you see this message "Do you want to create pvs based on the same nfs server and nfs root path with the global-volume:? [y/n]"<br><br></u></p></li><li>Run the following command to verify the PV creation.<pre><code>kubectl get pv|grep -E "config-volume|logging-volume|data-volume"|grep itsma</code></pre></li><li>Run the following command to verify the PV status is Available (Below command is supposed to return no result)<br>kubectl get pv|grep itsma|grep -v -E "db-volume|global-volume|smartanalytics"|awk '{if ($5!="Available") print $0}'</li></ol></td></tr><tr><td rowspan="2">7</td><td rowspan="2">Restore vault data<ul><li>Copy vault data from core-volume to global-volume</li><li>Copy vault secrets to the suite namespace</li></ul></td><td rowspan="2">5 mins</td><td><p><strong>Copy vault data from core-volume to global-volume</strong><br>On bastion run below command:</p><p>sudo cp -R /mnt/efs/var/vols/itom/itsma/core/vault /mnt/efs/var/vols/itom/itsma/global-volume/<br>sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/global-volume/vault</p><p><strong>NOTE: Please replace the mount point with your actual environment</strong></p></td></tr><tr><td><strong>Copy vault secrets to the suite namespace</strong><ol><li>Create script "copyVaultCredentials.sh" > <a href="https://docs.microfocus.com/doc/SMAX/24.2/TransformSmaxToHelmBased#Restore_vault_data">Restore_vault_data</a></li><li>Run below command<br>chmod u+x copyVaultCredentials.sh<br>./copyVaultCredentials.sh $NAMESPACE <releaseName></li></ol><strong>NOTE: Replace <releaseName> with a unique release name that you want to specify for the suite deployment.</strong></td></tr><tr><td>8</td><td>Start OMT</td><td>5 mins</td><td><ol><li><strong>Start OMT:</strong><pre><code>$CDF_HOME/bin/cdfctl runlevel set -l UP -n core</code></pre></li><li><strong>Check that all the OMT pods are ready:</strong><pre><code>kubectl get pods -n core|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed</code></pre></li></ol></td></tr><tr><td>9</td><td>Install the ESM helm chartCreate ingress for the suite (EKS only)</td><td>15 mins</td><td><p>Login Bastion and change folder to the ESM_Helm_Chart-2x.x/charts/ directory.<br><strong>Run the helm install command:</strong></p><p>helm install <releaseName> esm-1.0.0+2x.x-xxx.tgz -n $NAMESPACE -f values.yaml -f customized_values.yaml --set global.nodeSelector.Worker=label</p><p><strong>N</strong> <strong>OTE: This release name is the one you gave in step 7</strong></p><p>During the helm installation, monitor the status of the itom-nginx-ingress service by running the below command:</p><p>kubectl get svc -n $NAMESPACE|grep itom-nginx-ingress-svc</p><p><strong>[EKS Only] Once the service is available, create the ingress for the suite & ingress for the SMAX integration.</strong></p><p>For example:</p><p>kubectl create -f sma-ingress.yaml<br>kubectl create -f sma-ingress-integration.yaml</p><p><strong>NOTE: The ingress yaml files are the ones you exported in Preparation - Step 3</strong></p><p><strong>Bound the newly created the ingress alb to FedRAMP domain</strong></p><p><strong>Add the newly created service port to the EKS worker's inbound security group</strong></p><p><strong>Reference:</strong></p><ul><li><ul><li>To create an ingress for the suite, see <a href="https://docs.microfocus.com/doc/SMAX/24.2/EKSDeploySuite#Create_an_Ingress_for_the_suite">Create an Ingress for the suite</a>.</li><li>For deployments with CMS integration, see <a href="https://docs.microfocus.com/doc/SMAX/24.2/IntegrationALBCms#Step_2/_Create_an_Ingress_for_SMAX_integration">Create a new CMS Ingress for SMAX integration</a>.</li></ul></li></ul></td></tr><tr><td>10</td><td>Enable helm autopass</td><td>3 mins</td><td><ol><li>Log in to the control plane node or bastion node.</li><li>Change to the <code>ESM_Helm_Chart-2x.x/scripts/transformation</code> directory.</li><li>Change the permission of the updateAutopassKey.sh file:<br>chmod u+x updateAutopassKey.sh</li><li>Run the script to sync the autopass key.<br>./updateAutopassKey.sh -n $NAMESPACE<br>It will restart the <code>itom-bo-license-deployment</code> and <code>autopass-lm-v2</code> pods.</li><li>After the above pods are up and running, enter the autopass page with the new URL: https://<EXTERNAL_ACCESS_HOST>/autopass</li></ol></td></tr><tr><td>11</td><td>Ensure all suite pods & job are ready</td><td>2 mins</td><td></td><td><p>Check helm install pod status</p><p>kubectl get pod -n $NAMESPACE|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed</p><p>kubectl get job -n $NAMESPACE</p><p><strong>Note: please run the following command t</strong> <strong>o delete the xruntime-upgrade-tenants job if it is 0/1:</strong></p><p>kubectl delete job -n $ns `kubectl get job -n $ns | grep xruntime-upgrade-tenants | awk '{print $1}'`</p></td></tr><tr><td rowspan="3"><h3>Post-tasks</h3></td><td>1</td><td>Clean up unused pods in the OMT namespace</td><td>1 mins</td><td rowspan="3">NA</td><td><div><p><strong>Clean up unused pods in the OMT namespace via below command:</strong></p><p>helm upgrade apphub $CDF_HOME/charts/apphub-1.2*.tgz --reuse-values --set global.services.suiteDeployment</p><p>NOTE: If you are going to restore a single namespace after running above command, please run below workaround to fix this issue</p><a href="https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/Fix+cdf+issue+no+found+clusterrolebinding+and+clusterrole">Fix OMT clusterrolebinding and clusterrole</a><p>After helm transformation, OMT 5443 portal will no longer be in use.</p></div></td></tr><tr><td>2</td><td>Delete unused PVs</td><td>1 mins</td><td><pre><code>kubectl delete pv $NAMESPACE-db-volume
|
||
kubectl delete pv $NAMESPACE-smartanalytics-volume
|
||
kubectl delete pv $NAMESPACE-global-volume</code></pre></td></tr><tr><td>3</td><td>Delete unused nfs folders</td><td>15 mins</td><td>Run the following command to clean unused nfs folder:<p>dbVolume=<dbVolumePath></p><p>globalVolume=<globalVolumePath></p><p>smartanalyticsVolume=<smartaVolumePath></p><p>Where: <code><dbVolumePath></code> <code><globalVolumePath></code> and <code><smartaVolumePath></code> are the NFS paths of db-volume, global-volume, and smartanalytics-volume, respectively.</p><p>For example:</p><p>dbVolume=/mnt/efs/var/vols/itom/itsma/db-volume</p><p>globalVolume=/mnt/efs/var/vols/itom/itsma/global-volume</p><p>smartanalyticsVolume=/mnt/efs/var/vols/itom/itsma/smartanalytics-volume</p><p><br>sudo rm -rf $dbVolume<br>sudo rm -rf $smartanalyticsVolume<br>sudo rm -rf $globalVolume/data<br>sudo rm -rf $globalVolume/image<br>sudo rm -rf $globalVolume/resources<br>sudo rm -rf $globalVolume/config<br>sudo rm -rf $globalVolume/certificate<br>sudo rm -rf $globalVolume/tenant-export<br>sudo rm -rf $globalVolume/tenant-import<br>sudo rm -rf $globalVolume/jdbc<br>sudo rm -rf $globalVolume/l10n<br>sudo rm -rf $globalVolume/va/configs<br>sudo rm -rf $globalVolume/va/stopwords<br>sudo rm -rf $globalVolume/di<br>sudo rm -rf $globalVolume/logs</p></td></tr><tr><td rowspan="4"><h3>Verification</h3></td><td>1</td><td>SMAX</td><td rowspan="4">30 mins</td><td rowspan="4">NA</td><td rowspan="4"></td></tr><tr><td>2</td><td>NSACM Sanity</td></tr><tr><td>3</td><td>Audit Sanity</td></tr><tr><td>4</td><td>Audit-Collector Sanity</td></tr></tbody></table>
|
||
|
||
#### Build Info:
|
||
|
||
| Product | Build/Chart |
|
||
| --- | --- |
|
||
| **OMT** | 24.2-159 |
|
||
| **SMAX/HCMX Metadata** | 24.2.FP1-b11 |
|
||
| **SMAX/HCMX Helm chart** | esm-1.0.1+24.2.1-38 |
|
||
|
||
#### Doc Link:
|
||
|
||
[Transform SMAX To Helm](https://docs.microfocus.com/doc/SMAX/24.2/TransformSmaxToHelmBased)
|
||
|
||
**Related pages**
|
||
|
||
- Page:
|
||
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
|
||
- Page:
|
||
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
|
||
- Page:
|
||
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
|
||
- Page:
|
||
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
|
||
- Page:
|
||
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
|
||
- Page:
|
||
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
|
||
- Page:
|
||
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)
|