Statistics
| Branch: | Tag: | Revision:

root / docs / upgrade-0.13.rst @ e6df0da5

History | View | Annotate | Download (14.3 kB)

1
Upgrade to Synnefo v0.13
2
^^^^^^^^^^^^^^^^^^^^^^^^
3

    
4
The bulk of the upgrade to v0.13 is about user and quota migrations.
5
In summary, the migration process has 3 steps:
6

    
7
1. Run some commands and scripts to diagnose and extract some migration data
8
   while the OLD code is running, and BEFORE any changes are made.
9

    
10
2. Bring down services, upgrade packages, configure services, and perform
11
   django database migrations.  These migrations do not need any interaction
12
   between services.
13

    
14
3. Initialize the Astakos quota system and bring the Astakos service up, since
15
   it will be needed during a second-phase of UUID and quota migrations, that
16
   also uses data extracted from step 1.
17

    
18
.. warning::
19

    
20
    It is highly suggested that you keep separate database backups for each 
21
    service after the completion of each of step.
22

    
23

    
24
1. Bring all services down
25
==========================
26

    
27
All web services must be brought down so that the database maintains a 
28
predictable and consistent state as the migration is being executed.
29

    
30

    
31
2. Prepare astakos user migration to case insensitive emails
32
============================================================
33

    
34
It is possible that two or more users have been registered with emails that
35
differ only in the case of its letters.  There can only be one of those
36
accounts after the migration, so the rest must be deleted.
37

    
38
Note that even if the users are deleted in Astakos, there still are duplicate
39
entries in Cyclades and Pithos.  For each service we need to reduce those
40
multiple accounts into one, either merging them together, or deleting and
41
discarding data from all but one.
42

    
43
2.1 Find duplicate email entries in Astakos
44
-------------------------------------------
45
(script: ``find_astakos_users_with_conflicting_emails.py``)::
46

    
47
    astakos-host$ wget https://code.grnet.gr/projects/synnefo/repository/revisions/release-0.13/raw/contrib/upgrade-013/find_astakos_users_with_conflicting_emails.py
48
    astakos-host$ python ./find_astakos_users_with_conflicting_emails.py
49

    
50

    
51
.. _remove_astakos_duplicate:
52

    
53
2.1 Remove duplicate users in Astakos by their id
54
-------------------------------------------------
55
(script: ``delete_astakos_users.py``)::
56

    
57
    astakos-host$ wget https://code.grnet.gr/projects/synnefo/repository/revisions/release-0.13/raw/contrib/upgrade-013/delete_astakos_users.py
58
    astakos-host$ python ./delete_astakos_users.py 30 40
59

    
60
.. warning::
61

    
62
    After you finish with duplicate accounts cleanup using the 
63
    ``delete_astakos_users.py`` script, execute the 
64
    ``find_astakos_users_with_conflicting_emails.py`` once again and make sure 
65
    that it reports no such users and all duplicate email conflicts have been 
66
    resolved.
67

    
68

    
69
3. Upgrade Synnefo and configure settings
70
=========================================
71

    
72
3.1 Install the new versions of packages
73
----------------------------------------
74

    
75
::
76

    
77
    astakos.host$ apt-get install \
78
                            snf-common \
79
                            snf-webproject \
80
                            snf-quotaholder-app \
81
                            snf-astakos-app \
82
                            kamaki \
83

    
84

    
85
    cyclades.host$ apt-get install \
86
                            snf-common \
87
                            snf-webproject
88
                            snf-pithos-backend \
89
                            snf-cyclades-app \
90
                            kamaki \
91

    
92
                           
93
    pithos.host$ apt-get install \
94
                            snf-common \
95
                            snf-webproject
96
                            snf-pithos-backend \
97
                            snf-pithos-app \
98
                            snf-pithos-webclient \
99
                            kamaki \
100

    
101
.. note::
102

    
103
  If you get questioned about stale content types during the
104
  migration process, answer ``no`` and let the migration finish.
105

    
106

    
107
3.2 Sync and migrate Django DB
108
------------------------------
109

    
110
::
111

    
112
    astakos-host$ snf-manage syncdb
113
    astakos-host$ snf-manage migrate
114

    
115
    cyclades-host$ snf-manage syncdb
116
    cyclades-host$ snf-manage migrate
117

    
118
.. note::
119

    
120
    After the migration, Astakos has created uuids for all users,
121
    and has set the uuid as the public identifier of a user.
122
    This uuid is to be used both at other services (Cyclades, Pithos)
123
    and at the clientside (kamaki client settings).
124

    
125
    Duplicate-email users have been deleted earlier in
126
    :ref:`remove_astakos_duplicate`
127

    
128
3.3 Setup quota settings for all services
129
-----------------------------------------
130

    
131
::
132

    
133
    # Service       Setting                       Value
134
    # quotaholder:  QUOTAHOLDER_TOKEN          = <random string>
135

    
136
    # astakos:      ASTAKOS_QUOTAHOLDER_TOKEN  = <the same random string>
137
    # astakos:      ASTAKOS_QUOTAHOLDER_URL    = https://quotaholder.host/quotaholder/v
138

    
139
    # cyclades:     CYCLADES_QUOTAHOLDER_TOKEN = <the same random string>
140
    # cyclades:     CYCLADES_QUOTAHOLDER_URL   = http://quotaholder.host/quotaholder/v
141
    # cyclades:     CYCLADES_USE_QUOTAHOLDER   = True
142

    
143

    
144
    # pithos:       PITHOS_QUOTAHOLDER_TOKEN   = <the same random string>
145
    # pithos:       PITHOS_QUOTAHOLDER_URL     = http://quotaholder.host/quotaholder/v
146
    # All services must match the quotaholder token and url configured for quotaholder.
147

    
148
3.4 Setup astakos
149
-----------------
150

    
151
- **Remove** this redirection from astakos front-end web server::
152

    
153
        RewriteRule ^/login(.*) /im/login/redirect$1 [PT,NE]
154

    
155
    (see `<http://docs.dev.grnet.gr/synnefo/latest/quick-install-admin-guide.html#apache2-setup>`_)
156

    
157
- Enable users to change their contact email with the setting::
158

    
159
      # astakos:        ASTAKOS_EMAILCHANGE_ENABLED = True
160

    
161
3.6 Setup Cyclades
162
------------------
163

    
164
- Make sure this setting is set::
165

    
166
    # cyclades:     CYCLADES_ASTAKOS_SERVICE_TOKEN = 'secretstring'
167

    
168
  from the value in::
169

    
170
    astakos.host$ snf-manage service-list
171

    
172
- The Cyclades user interface needs to translate uuids to displaynames::
173

    
174
    # cyclades:     UI_USER_CATALOG_URL = 'https://astakos.host/user_catalogs/'
175

    
176
- Since version 0.13, Synnefo uses **VMAPI** in order to prevent sensitive data
177
  needed by 'snf-image' to be stored in Ganeti configuration (e.g. VM
178
  password). This is achieved by storing all sensitive information to a CACHE
179
  backend and exporting it via VMAPI. The cache entries are invalidated after
180
  the first request. Synnefo uses **memcached** as a django cache backend.
181
  To install::
182

    
183
        apt-get install memcached
184
        apt-get install python-memcache
185

    
186

    
187
  You will also need to configure Cyclades to use the memcached cache backend.
188
  Namely, you need to set IP address and port of the memcached daemon, and the
189
  default timeout (seconds tha value is stored in the cache)::
190

    
191
    VMAPI_CACHE_BACKEND = "memcached://127.0.0.1:11211/?timeout=3600"
192

    
193

    
194
  Finally, set the BASE_URL for the VMAPI, which is actually the base URL of
195
  Cyclades::
196

    
197
    VMAPI_BASE_URL = "https://cyclades.okeanos.grnet.gr/"
198

    
199
  .. note::
200

    
201
    - These settings are needed in all Cyclades workers.
202

    
203
    - VMAPI_CACHE_BACKEND just overrides django's CACHE_BACKEND setting
204

    
205
    - memcached must be reachable from all Cyclades workers.
206

    
207
    - For more information about configuring django to use memcached:
208
      https://docs.djangoproject.com/en/1.2/topics/cache
209

    
210
3.6 Setup Pithos
211
----------------
212

    
213
- Pithos forwards user catalog services to Astakos so that web clients may
214
  access them for uuid-displayname translations::
215

    
216
    # pithos:       PITHOS_USER_CATALOG_URL    = https://astakos.host/user_catalogs/
217
    # pithos:       PITHOS_USER_FEEDBACK_URL   = https://astakos.host/feedback/
218
    # pithos:       PITHOS_USER_LOGIN_URL      = https://astakos.host/login/
219
    # pithos:       #PITHOS_PROXY_USER_SERVICES = True # Set False if astakos & pithos are on the same host
220

    
221

    
222
4. Start astakos and quota services
223
===================================
224
E.g.::
225

    
226
    astakos.host$ service gunicorn restart
227

    
228

    
229
.. _astakos-load-resources:
230

    
231
5. Load resource definitions into Astakos
232
=========================================
233

    
234
Configure and load the available resources per service
235
and associated default limits into Astakos::
236

    
237
    astakos.host$ snf-manage astakos-init --load-service-resources
238

    
239
Example astakos settings (from `okeanos.io <https://okeanos.io/>`_)::
240

    
241
    # Set the cloud service properties
242
    ASTAKOS_SERVICES = {
243
        'cyclades': {
244
            #This can also be set from a management command
245
            'url': 'https://cyclades.host/ui/',
246
            'order': 0,
247
            'resources': [{
248
                'name':'disk',
249
                'group':'compute',
250
                'uplimit':300*1024*1024*1024,
251
                'unit':'bytes',
252
                'desc': 'Virtual machine disk size'
253
                },{
254
                'name':'cpu',
255
                'group':'compute',
256
                'uplimit':24,
257
                'desc': 'Number of virtual machine processors'
258
                },{
259
                'name':'ram',
260
                'group':'compute',
261
                'uplimit':40*1024*1024*1024,
262
                'unit':'bytes',
263
                'desc': 'Virtual machines'
264
                },{
265
                'name':'vm',
266
                'group':'compute',
267
                'uplimit':5,
268
                'desc': 'Number of virtual machines'
269
                },{
270
                'name':'network.private',
271
                'group':'network',
272
                'uplimit':5,
273
                'desc': 'Private networks'
274
                }
275
            ]
276
        },
277
        'pithos+': {
278
            'url': 'https://pithos.host/ui/',
279
            'order': 1,
280
            'resources':[{
281
                'name':'diskspace',
282
                'group':'storage',
283
                'uplimit':20 * 1024 * 1024 * 1024,
284
                'unit':'bytes',
285
                'desc': 'Pithos account diskspace'
286
                }]
287
        }
288
    }
289

    
290
.. note::
291

    
292
    Before v0.13, only `cyclades.vm`, `cyclades.network.private`,
293
    and `pithos+.diskspace` existed (not with this names, of course).
294
    However, limits to the new resources must also be set.
295

    
296
    If the intetion is to keep a resource unlimited, (counting on that VM
297
    creation will be limited by other resources' limit) it is best to calculate
298
    a value that is too large to be reached because of other limits (and
299
    available flavours), but not much larger than needed because this might
300
    confuse users who do not readily understand that multiple limits apply and
301
    flavors are limited.
302

    
303

    
304
6. Migrate Services user names to uuids
305
=======================================
306

    
307

    
308

    
309
6.1 Double-check cyclades before user case/uuid migration
310
---------------------------------------------------------
311

    
312
::
313

    
314
    cyclades.host$ snf-manage cyclades-astakos-migrate-013 --validate
315

    
316
Duplicate user found?
317

    
318
- either *merge* (merge will merge all resources to one user)::
319

    
320
    cyclades.host$ snf-manage cyclades-astakos-migrate-013 --merge-user=kpap@grnet.gr
321

    
322
- or *delete* ::
323

    
324
    cyclades.host$ snf-manage cyclades-astakos-migrate-013 --delete-user=KPap@grnet.gr
325
    # (only KPap will be deleted not kpap)
326

    
327
6.2 Migrate Cyclades users (email case/uuid)
328
--------------------------------------------
329

    
330
::
331

    
332
    cyclades.host$ snf-manage cyclades-astakos-migrate-013 --migrate-users
333

    
334
- if invalid usernames are found, verify that they do not exist in astakos::
335

    
336
    astakos.host$ snf-manage user-list
337

    
338
- if no user exists::
339

    
340
    cyclades.host$ snf-manage cyclades-astakos-migrate-013 --delete-user=<userid>
341

    
342
6.3 Migrate Pithos user names
343
-----------------------------
344

    
345
Check if alembic has not been initialized ::
346

    
347
    pithos.host$ pithos-migrate current
348

    
349
- If alembic current is None (e.g. okeanos.io) ::
350

    
351
    pithos.host$ pithos-migrate stamp 3dd56e750a3
352

    
353
Finally, migrate pithos account name to uuid::
354

    
355
    pithos.host$ pithos-migrate upgrade head
356

    
357
7. Migrate old quota limits
358
===========================
359

    
360
7.1 Migrate Pithos quota limits to Astakos
361
------------------------------------------
362

    
363
Migrate from pithos native to astakos/quotaholder.
364
This requires a file to be transfered from Cyclades to Astakos::
365

    
366
    pithos.host$ snf-manage pithos-export-quota --location=pithos-quota.txt
367
    pithos.host$ rsync -avP pithos-quota.txt astakos.host:
368
    astakos.host$ snf-manage user-set-initial-quota pithos-quota.txt
369

    
370
.. _export-quota-note:
371

    
372
.. note::
373

    
374
    `pithos-export-quota` will only export quotas that are not equal to the
375
    defaults in Pithos. Therefore, it is possible to both change or maintain
376
    the default quotas across the migration. To maintain quotas the new default
377
    pithos+.diskpace limit in Astakos must be equal to the (old) default quota
378
    limit in Pithos. Change either one of them make them equal.
379

    
380
    see :ref:`astakos-load-resources` on how to set the (new) default quotas in Astakos.
381

    
382
7.2 Migrate Cyclades quota limits to Astakos
383
--------------------------------------------
384

    
385
::
386

    
387
    cyclades.host$ snf-manage cyclades-export-quota --location=cyclades-quota.txt
388
    cyclades.host$ rsync -avP cyclades-quota.txt astakos.host:
389
    astakos.host$ snf-manage user-set-initial-quota cyclades-quota.txt
390

    
391
`cyclades-export-quota` will only export quotas that are not equal to the defaults.
392
See :ref:`note above <export-quota-note>`.
393

    
394
8. Enforce the new quota limits migrated to Astakos
395
===================================================
396
The following should report all users not having quota limits set
397
because the effective quota database has not been initialized yet. ::
398

    
399
    astakos.host$ snf-manage astakos-quota --verify
400

    
401
Initialize the effective quota database::
402

    
403
    astakos.host$ snf-manage astakos-quota --sync
404

    
405
This procedure may be used to verify and re-synchronize the effective quota
406
database with the quota limits that are derived from policies in Astakos
407
(initial quotas, project memberships, etc.)
408

    
409
9. Initialize resource usage
410
============================
411

    
412
The effective quota database (quotaholder) has just been initialized and knows
413
nothing of the current resource usage. Therefore, each service must send it in.
414

    
415
9.1 Initialize Pithos resource usage
416
------------------------------------
417

    
418
::
419

    
420
    cyclades.host$ snf-manage pithos-reset-usage
421

    
422
9.2 Initialize Cyclades resource usage
423
--------------------------------------
424

    
425
::
426

    
427
    cyclades.host$ snf-manage cyclades-reset-usage
428

    
429
10. Install periodic project maintainance checks
430
================================================
431
In order to detect and effect project expiration,
432
a management command has to be run periodically
433
(depending on the required granularity, e.g. once a day/hour)::
434

    
435
    astakos.host$ snf-manage project-control --terminate-expired
436

    
437
A list of expired projects can be extracted with::
438

    
439
    astakos.host$ snf-manage project-control --list-expired
440