StarlingX中如何創(chuàng)建補(bǔ)丁與應(yīng)用補(bǔ)丁

如何在補(bǔ)丁StarlingX中如何創(chuàng)建補(bǔ)丁與應(yīng)用補(bǔ)??？這篇文章主要講解補(bǔ)丁的修復(fù)，即創(chuàng)建補(bǔ)丁和應(yīng)用補(bǔ)丁，閱讀完整文相信大家對(duì)創(chuàng)建補(bǔ)丁與應(yīng)用補(bǔ)丁有了一定的認(rèn)識(shí)。

創(chuàng)新互聯(lián)-云計(jì)算及IDC服務(wù)提供商，涵蓋公有云、IDC機(jī)房租用、溫江服務(wù)器租用、等保安全、私有云建設(shè)等企業(yè)級(jí)互聯(lián)網(wǎng)基礎(chǔ)服務(wù)，聯(lián)系電話：13518219792

創(chuàng)建補(bǔ)丁

一個(gè)StarlingX補(bǔ)丁包括一個(gè)或多個(gè)系統(tǒng)升級(jí)所需要的rpm包。在開(kāi)始創(chuàng)建補(bǔ)丁之前需要驗(yàn)證rpm包已經(jīng)在已部署的StarlingX上安裝了。以下步驟可以幫助我們確認(rèn)。

確定已部署系統(tǒng)的軟件版本，有兩種方式
? 在horizon界面上 Admin -> Platform
-> System Configuration -> Systems
? 使用命令行 system show
controller-0:~$ . /etc/platform/openrc
[sysadmin@controller-0 ~(keystone_admin)]$ system show
+----------------------+--------------------------------------+
| Property | Value |
+----------------------+--------------------------------------+
| contact | None |
| created_at | 2019-10-14T03:10:50.862114+00:00 |
| description | None |
| https_enabled | False |
| location | None |
| name | 608dfe48-9a05-4b21-afc1-ea122574caa7 |
| region_name | RegionOne |
| sdn_enabled | False |
| security_feature | spectre_meltdown_v1 |
| service_project_name | services |
| software_version | 19.09 |
| system_mode | duplex |
| system_type | All-in-one |
| timezone | UTC |
| updated_at | 2019-10-14T03:12:41.983029+00:00 |
| uuid | 2639ad15-08a7-4f1b-a372-f927a5e4ab31 |
| vswitch_type | none |
+----------------------+--------------------------------------+
檢查最新構(gòu)建，找到針對(duì)這個(gè)版本需要升級(jí)的rpm包，選擇需要的rpm生成補(bǔ)丁
一旦確定需要升級(jí)/安裝的rpm包，下一步就是準(zhǔn)備補(bǔ)丁構(gòu)建環(huán)境。作為StarlingX開(kāi)發(fā)人員，最簡(jiǎn)單的辦法是使用StarlingX Building 容器，我們只需要對(duì)容器進(jìn)行小小的修改就可以了。StarlingX Building 容器可以使用構(gòu)建教程生成。

現(xiàn)在假設(shè)StarlingX的源碼已經(jīng)下載好了，需要升級(jí)安裝的rpm包也準(zhǔn)備好了，現(xiàn)在我們開(kāi)始構(gòu)造補(bǔ)丁構(gòu)建環(huán)境。再次聲明，這個(gè)教程主要針對(duì)開(kāi)發(fā)人員，而不是產(chǎn)品。

安裝2個(gè)cgcs-patch依賴(lài)包，crypto和pycrypto
sudo pip install crypto pycrypto
使用腳本$MY_REPO/stx/stx-update/extras/scripts/patch_build.sh創(chuàng)建補(bǔ)丁。

在這個(gè)腳本中，它從release-info.inc 文件中獲取PLATFORM_RELEASE參數(shù)，并把PYTHONPATH指向repo中的cgcs-patch包，避免了安裝cgcs-patch和手動(dòng)指定PLATFORM_RELEASE參數(shù)。可以使用下面命令查看構(gòu)建腳本的使用說(shuō)明。

$ $MY_REPO/stx/stx-update/cgcs-patch/bin/patch_build --help
Usage: patch_build [ <args> ] ... <rpm list>
Options:
    --id <id>                   Patch ID
    --release <version>         Platform release version
    --status <status>           Patch Status Code (ie. O, R, V)
    --unremovable               Marks patch as unremovable
    --reboot-required <Y|N>     Marks patch as reboot-required (default=Y)
    --summary <summary>         Patch Summary
    --desc <description>        Patch Description
    --warn <warnings>           Patch Warnings
    --inst <instructions>       Patch Install Instructions
    --req <patch_id>            Required Patch
    --controller <rpm>          New package for controller
    --worker <rpm>              New package for worker node
    --worker-lowlatency <rpm>   New package for worker-lowlatency node
    --storage <rpm>             New package for storage node
    --controller-worker <rpm>   New package for combined node
    --controller-worker-lowlatency <rpm>   New package for lowlatency
                                combined node
    --all-nodes <rpm>           New package for all node types

使用這個(gè)腳本可以指定patch id、reboot required、depended patches、rpm list等等，如果系統(tǒng)上沒(méi)有的，需要新安裝的包需要指定節(jié)點(diǎn)，比如 --controller 指定是在控制節(jié)點(diǎn)上新裝包。腳本執(zhí)行完后，可以得到名字為“<patch-id>.patch”的文件。

下面深入研究下這個(gè)補(bǔ)丁文件。

首先，這個(gè)補(bǔ)丁文件是個(gè)gzip壓縮包。我們可以通過(guò)file命令去檢查下。
$ file 001.patch
001.patch: gzip compressed data, was "001.patch", last modified:
Fri Aug 16 05:56:59 2019, max compression
解壓出來(lái)后，可以看到以下文件
$ tar -xf 001.patch
$ tree
├── 001.patch
├── metadata.tar
├── signature
├── signature.v2
└── software.tar
解壓 software.tar，可以發(fā)現(xiàn)它包含了所有需要安裝的rpm包。注意：所有的rpm包在補(bǔ)丁構(gòu)建時(shí)用下面的key進(jìn)行簽名。

$MY_REPO/build-tools/signing/ima_signing_key.priv

在metadata.tar中只有一個(gè)文件metadata.xml，包含補(bǔ)丁構(gòu)建的所有信息。StarlingX集群系統(tǒng)會(huì)讀取這個(gè)文件信息。
signature文件包含software.tar和metadata.tar的MD5的組合。
signature.v2是為software.tar和metadata.tar的簽名文件，在當(dāng)前環(huán)境中，它由$MY_REPO/build-tools/signing/dev-private-key.pemkey文件生成。

安裝補(bǔ)丁

補(bǔ)丁生成后，可以手動(dòng)安裝補(bǔ)丁到指定的StarlingX系統(tǒng)，同時(shí)支持界面和命令行安裝操作。補(bǔ)丁的生命周期包括四個(gè)狀態(tài)： Available,Partial-Apply, Applied 和 Partial-Remove.

? Available：表示補(bǔ)丁已經(jīng)上傳到補(bǔ)丁存儲(chǔ)庫(kù)里了，但是還沒(méi)有到軟件升級(jí)的倉(cāng)庫(kù)，同樣也沒(méi)有在任何主機(jī)上安裝。

? Partial-Apply：表示補(bǔ)丁升級(jí)程序已經(jīng)被觸發(fā)（sw-patch apply），已經(jīng)在部分主機(jī)上安裝，但是還沒(méi)有在所有需要安裝的主機(jī)上安裝。

? Applied：表示已經(jīng)在所有需要安裝的主機(jī)上安裝完成。

? Partial-Remove：表示補(bǔ)丁正在被移除，通過(guò)命令觸發(fā)(sw-patch remove),正在移除，但是還沒(méi)完全移除。

如果需要用命令行安裝補(bǔ)丁，需要把補(bǔ)丁拷貝到active的控制節(jié)點(diǎn)上。StarlingX集群提供客戶(hù)端命令sw-patch。補(bǔ)丁操作都是通過(guò)這個(gè)命令完成，這個(gè)命令提供了很多功能，包括upload, apply, query,host-install, delete, remove等等。

controller-0:~$ sw-patch --help
usage: sw-patch [--debug]
                  <subcommand> ...
Subcomands:
    upload:         Upload one or more patches to the patching system.
    upload-dir:     Upload patches from one or more directories to the
                    patching system.
    apply:          Apply one or more patches. This adds the specified
                    patches to the repository, making the update(s)
                    available to the hosts in the system. Use --all to
                    apply all available patches.
                    Patches are specified as a space-separated list of
                    patch IDs.
    remove:         Remove one or more patches. This removes the specified
                    patches from the repository.
                    Patches are specified as a space-separated list of
                    patch IDs.
    delete:         Delete one or more patches from the patching system.
                    Patches are specified as a space-separated list of
                    patch IDs.
    query:          Query system patches. Optionally, specify 'query
                    applied' to query only those patches that are applied,
                    or 'query available' to query those that are not.
    show:           Show details for specified patches.
    what-requires:  List patches that require the specified patches.
    query-hosts:    Query patch states for hosts in the system.
    host-install:   Trigger patch install/remove on specified host. To
                    force install on unlocked node, use the --force option.
    host-install-async: Trigger patch install/remove on specified host. To
                    force install on unlocked node, use the --force option.
                    Note: This command returns immediately upon dispatching
                    installation request.
    install-local:  Trigger patch install/remove on the local host. This
                    command can only be used for patch installation prior
                    to initial configuration.
    drop-host:      Drop specified host from table.
    query-dependencies: List dependencies for specified patch. Use
                    --recursive for recursive query.
    is-applied:     Query Applied state for list of patches. Returns True
                    if all are Applied, False otherwise.
    report-app-dependencies: Report application patch dependencies,
                    specifying application name with --app option, plus a
                    list of patches. Reported dependencies can be dropped
                    by specifying app with no patch list.
    query-app-dependencies: Display set of reported application patch
                    dependencies.
    commit:         Commit patches to free disk space. WARNING: This
                    action is irreversible!
    --os-region-name: Send the request to a specified region

下面演示如何使用這個(gè)命令去安裝補(bǔ)丁。演示用的補(bǔ)丁是需要安裝在所有主機(jī)上的In-Service補(bǔ)丁，需要升級(jí)的StarlingX環(huán)境是 2+2+2的標(biāo)準(zhǔn)環(huán)境。

上傳補(bǔ)丁文件
controller-0:~$ sudo sw-patch upload 001.patch
001 is now available
檢查補(bǔ)丁狀態(tài)
controller-0:~$ sudo sw-patch query
Patch ID RR Release Patch State
======== == ======= ===========
001 N 19.09 Available
檢查所有主機(jī)的的升級(jí)狀態(tài)
controller-0:/$ sudo sw-patch query-hosts
Hostname IP Address Patch Current Reboot Required Release State
============ ============== ============= =============== ====== =====
compute-0 192.178.204.7 Yes No 19.09 idle
compute-1 192.178.204.9 Yes No 19.09 idle
controller-0 192.178.204.3 Yes No 19.09 idle
controller-1 192.178.204.4 Yes No 19.09 idle
storage-0 192.178.204.12 Yes No 19.09 idle
storage-1 192.178.204.11 Yes No 19.09 idle

Patch Current 表示當(dāng)前主機(jī)是否有補(bǔ)丁安裝，Yes表示沒(méi)有安裝補(bǔ)丁，No表示至少有一個(gè)補(bǔ)丁在安裝

當(dāng)補(bǔ)丁狀態(tài)available后，可以觸發(fā)補(bǔ)丁安裝
controller-0:/$ sudo sw-patch apply 001
001 is now in the repo
檢查補(bǔ)丁狀態(tài)
controller-0:~$ sudo sw-patch query
Patch ID RR Release Patch State
======== == ======= =============
001 N 19.09 Partial-Apply
檢查節(jié)點(diǎn)狀態(tài)
controller-0:~$ sudo sw-patch query-hosts
Hostname IP Address Patch Current Reboot Required Release State
============ ============== ============= =============== ====== =====
compute-0 192.178.204.7 No No 19.09 idle
compute-1 192.178.204.9 No No 19.09 idle
controller-0 192.178.204.3 No No 19.09 idle
controller-1 192.178.204.4 No No 19.09 idle
storage-0 192.178.204.12 No No 19.09 idle
storage-1 192.178.204.11 No No 19.09 idle
在每個(gè)節(jié)點(diǎn)上安裝補(bǔ)丁，由于是in-service 補(bǔ)丁，所以不需要執(zhí)行l(wèi)ock操作。
controller-0:~$ sudo sw-patch host-install controller-0
...
Installation was successful.
檢查主機(jī)升級(jí)狀態(tài)
controller-0:~$ sudo sw-patch query-hosts
Hostname IP Address Patch Current Reboot Required Release State
============ ============== ============= =============== ====== =====
compute-0 192.178.204.7 No No 19.09 idle
compute-1 192.178.204.9 No No 19.09 idle
controller-0 192.178.204.3 Yes No 19.09 idle
controller-1 192.178.204.4 No No 19.09 idle
storage-0 192.178.204.12 No No 19.09 idle
storage-1 192.178.204.11 No No 19.09 idle
在所有節(jié)點(diǎn)上安裝補(bǔ)丁，需要為每個(gè)節(jié)點(diǎn)執(zhí)行命令
controller-0:~$ sudo sw-patch host-install controller-1
....
Installation was successful.
controller-0:~$ sudo sw-patch host-install compute-0
....
Installation was successful.
controller-0:~$ sudo sw-patch host-install compute-1
....
Installation was successful.
controller-0:~$ sudo sw-patch host-install storage-0
...
Installation was successful.
controller-0:~$ sudo sw-patch host-install storage-1
...
Installation was successful.
所有節(jié)點(diǎn)按照完畢后，可以看到下面狀態(tài)
controller-0:~$ sudo sw-patch query
Patch ID RR Release Patch State
======== == ======= ===========
001 N 19.09 Applied
controller-0:~$ sudo sw-patch query-hosts
Hostname IP Address Patch Current Reboot Required Release State
============ ============== ============ =============== ======= =====
compute-0 192.178.204.7 Yes No 19.09 idle
compute-1 192.178.204.9 Yes No 19.09 idle
controller-0 192.178.204.3 Yes No 19.09 idle
controller-1 192.178.204.4 Yes No 19.09 idle
storage-0 192.178.204.12 Yes No 19.09 idle
storage-1 192.178.204.11 Yes No 19.09 idle
此時(shí)補(bǔ)丁升級(jí)程序完成

除了補(bǔ)丁升級(jí)，StarlingX還支持補(bǔ)丁回退和刪除，通過(guò)下面兩個(gè)命令實(shí)現(xiàn)sw-patch remove和sw-patch host-install，和補(bǔ)丁安裝有點(diǎn)類(lèi)似。

補(bǔ)丁編排

在上面的例子中，演示了在集群中補(bǔ)丁升級(jí)的功能。但是在大規(guī)模集群中，整個(gè)升級(jí)過(guò)程會(huì)持續(xù)很長(zhǎng)的時(shí)間。特別是reboot-required補(bǔ)丁，這個(gè)方案會(huì)很糟糕，效率很低而且給管理員帶來(lái)很多工作。因此StarlingX提供了另一個(gè)高級(jí)特性“補(bǔ)丁編排”。它支持集群通過(guò)一些簡(jiǎn)單的操作達(dá)到升級(jí)的目的，極大減少管理員的工作負(fù)擔(dān)和較少出錯(cuò)。這個(gè)功能有三種方式使用，客戶(hù)端CLI、界面Horizon和VIM Restful API。

客戶(hù)端CLI。StarlingX提供客戶(hù)端工具sw-manager，可以用于補(bǔ)丁編排。如下所示，可以通過(guò)創(chuàng)建和應(yīng)用補(bǔ)丁策略來(lái)升級(jí)整個(gè)集群
controller-0:~$ sw-manager patch-strategy -h
usage: sw-manager patch-strategy [-h] ...
optional arguments:
-h, --help show this help message and exit
Software Patch Commands:
create Create a strategy
delete Delete a strategy
apply Apply a strategy
abort Abort a strategy
show Show a strategy
controller-0:~$ sw-manager patch-strategy create -h
usage: sw-manager patch-strategy create [-h]
[--controller-apply-type {serial,ignore}]
[--storage-apply-type {serial,parallel,ignore}]
[--worker-apply-type {serial,parallel,ignore}]
[--max-parallel-worker-hosts {2,3,4,5,6,7,8,9,10,
11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,
28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,
45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,
62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,
79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,
96,97,98,99,100}]
[--instance-action {migrate,stop-start}]
[--alarm-restrictions {strict,relaxed}]
optional arguments:
-h, --help show this help message and exit
--controller-apply-type {serial,ignore}
defaults to serial
--storage-apply-type {serial,parallel,ignore}
defaults to serial
--worker-apply-type {serial,parallel,ignore}
defaults to serial
--max-parallel-worker-hosts {2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,
17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,
37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,
57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,
77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,
97,98,99,100}
maximum worker hosts to patch in parallel
--instance-action {migrate,stop-start}
defaults to stop-start
--alarm-restrictions {strict,relaxed}
defaults to strict
界面Horizon。打開(kāi)Admin -> Platform
-> Software Management -> Patch Orchestration 標(biāo)簽
VIM API。<http://<oam_ip>:4545>
+--------+---------------------------------------+----------------------------+
| Method | URI | Description |
+========+=======================================+============================+
| Post | /api/orchestration/sw-update/strategy | Create a patch strategy |
+--------+---------------------------------------+----------------------------+
| Delete | /api/orchestration/sw-update/strategy | Delete current patch |
| | | strategy |
+--------+---------------------------------------+----------------------------+
| Get | /api/orchestration/sw-update/strategy | Get detailed information of|
| | | current patch strategy |
+--------+---------------------------------------+----------------------------+
| Post | /api/orchestration/sw-update/strategy/| Apply or abort a patch |
| | actions | strategy |
+--------+---------------------------------------+----------------------------+

在補(bǔ)丁安裝時(shí)，補(bǔ)丁編排要求集群處于一個(gè)良好的狀態(tài)。
? 所有主機(jī)必須處于unlocked-enabled-available狀態(tài)
? 系統(tǒng)沒(méi)有告警
? 足夠的空間用于VM遷移

當(dāng)前開(kāi)發(fā)狀態(tài)

? 所有的源碼都在StarlingX倉(cāng)庫(kù)里開(kāi)源，包括“update”和“nfv”
? in-service補(bǔ)丁和reboot-required補(bǔ)丁的生成和安裝已經(jīng)經(jīng)過(guò)驗(yàn)證
? 補(bǔ)丁編排還沒(méi)經(jīng)過(guò)驗(yàn)證

看完這篇文章，你們學(xué)會(huì)創(chuàng)建補(bǔ)丁與應(yīng)用補(bǔ)丁了嗎？如果還想學(xué)到更多技能或想了解更多相關(guān)內(nèi)容，歡迎關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道，感謝各位的閱讀。

當(dāng)前題目：StarlingX中如何創(chuàng)建補(bǔ)丁與應(yīng)用補(bǔ)丁
網(wǎng)站路徑：http://muchs.cn/article8/ghshop.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供網(wǎng)頁(yè)設(shè)計(jì)公司、軟件開(kāi)發(fā)、微信小程序、小程序開(kāi)發(fā)、品牌網(wǎng)站設(shè)計(jì)、虛擬主機(jī)

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶(hù)投稿、用戶(hù)轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來(lái)源：創(chuàng)新互聯(lián)

猜你還喜歡下面的內(nèi)容