path: root/docs/managment.txt

DOs and DONTs
=============
 Here we discuss things we should do and we should not do!
 
 - Scaling up cluster is normally problem-less. Both nodes & masters can be added
 fast and without much troubles afterwards. 

 - Upgrade procedure may cause the problems. The main trouble that many pods are 
 configured to use the 'latest' tag. And the latest versions has latest problems (some
 of the tags can be fixed to actual version, but finding that is broken and why takes
 a lot of effort)...
    * Currently, there is problems if 'kube-service-catalog' is updated  (see discussion
    in docs/upgrade.txt). While it seems nothing really changes, the connection between
    apiserver and etcd breaks down (at least for health checks). The intallation reamins
    pretty much usable, but not in healthy state. This particular update is blocked by
    setting. 
        openshift_enable_service_catalog: false
    Then, it is left in 'Error' state, but can be easily recovered by deteleting and 
    allowing system to re-create a new pod. 
    * On other hand, ksc completely breakes down if kept unchanged while upgrading from 
    3.7.1 to 3.7.2. Updating ksc fixes the problem, except the error mentioned above.
    * As the cause is unclear, it is possible that something else will break as time
    passes and new images are released. It is ADVISED to check upgrade in staging first.
    * During upgrade also other system pods may stuck in Error state (as explained
    in troubleshooting) and block the flow of upgrade. Just delete them and allow
    system to re-create to continue.
    * After upgrade, it is necessary to verify that all pods are operational and 
    restart ones in 'Error' states.

 - Re-running install will break on heketi. And it will DESTROY heketi topology!
 DON"T DO IT! Instead a separate components can be re-installed.
    * For instance to reinstall 'openshift-ansible-service-broker' use
         openshift-install-service-catalog.yml
    * There is a way to prevent plays from touching heketi, we need to define
        openshift_storage_glusterfs_is_missing: False
        openshift_storage_glusterfs_heketi_is_missing: False
    But I am not sure if it is only major issue.

 - Master/node configuration updates cause no problems. They are executed with:
    * playbooks/openshift-node/config.yml
    * playbooks/openshift-master/config.yml

 - Few administrative tools could cause troubles. Don't run
    * oc adm diagnostics

 - Old docker 1.12 has many problems. RedHat recommends updating. Don't do! OpenShift 3.7 is only supportingh
 docker 1.12 and will not work with 1.13 or later.


Failures / Immidiate
========
 - We need to remove the failed node from etcd cluster
    etcdctl3 --endpoints="192.168.213.1:2379" member list
    etcdctl3 --endpoints="192.168.213.1:2379" member remove <hexid>

 - Further, the following is required on all remaining nodes if the node is forever gone
    * Delete node 
        oc delete node
    * Remove it also from /etc/etcd.conf on all nodes ETCD_INITIAL_CLUSTER
    * Remove failed nodes from 'etcdClinetInfo' section in /etc/origin/master/master-config.yaml
        systemctl restart origin-master-api.service 
    
Scaling / Recovery
=======
 - One important point.
  * If we lost data on the storage node, it should be re-added with different name (otherwise
  the GlusterFS recovery would be significantly more complicated)
  * If Gluster bricks are preserved, we may keep the name. I have not tried, but according to
  documentation, it should be possible to reconnect it back and synchronize. Still it may be 
  easier to use a new name again to simplify procedure.
  * Simple OpenShift nodes may be re-added with the same name, no problem.

 - Next we need to perform all prepartion steps (the --limit should not be applied as we normally
 need to update CentOS on all nodes to synchronize software versions; list all nodes in /etc/hosts 
 files; etc).
    ./setup.sh -i staging prepare

 - The OpenShift scale is provided as several ansible plays (scale-masters, scale-nodes, scale-etcd).
  * Running 'masters' will also install configured 'nodes' and 'etcd' daemons
  * I guess running 'nodes' will also handle 'etcd' daemons, but I have not checked.

Problems
--------
 - There should be no problems if a simple node crashed, but things may go wrong if one of the 
 masters is crashed. And things definitively will go wrong if complete cluster will be cut from the power.
  * Some pods will be stuck polling images. This happens if node running docker-registry have crashed
  and the persistent storage was not used to back the registry. It can be fixed by re-schedulling build 
  and roling out the latest version from dc.
        oc -n adei start-build adei
        oc -n adei rollout latest mysql
    OpenShift will trigger rollout automatically in some time, but it will take a while. The builds 
    should be done manually it seems.
  * In case of long outtage some CronJobs will stop execute. The reason is some protection against
  excive loads and missing defaults. Fix is easy, just setup how much time the OpenShift scheduller
  allows to CronJob to start before considering it failed:
    oc -n adei patch cronjob/adei-autogen-update --patch '{ "spec": {"startingDeadlineSeconds": 10 }}'

 - if we forgot to remove old host from etcd cluster, the OpenShift node will be configured, but etcd
 will not be installed. We need, then, to remove the node as explained above and run scale of etcd
 cluster.
    * In multiple ocasions, the etcd daemon has failed after reboot and needed to be resarted manually.
    If half of the daemons is broken, the 'oc' will block.    

    

Storage / Recovery
=======
 - We have some manually provisioned resources which needs to be fixed.
    * GlusterFS endpoints should be pointing to new nodes.
    * If use use Gluster/Block storage all 'pv' refer iscsi 'portals'. They also has to be apdated to 
    new server names. I am not sure how this handled for auto-provisioned resources.
 - Furthermore, it is necessary to add glusterfs nodes on a new storage nodes. It is not performed 
 automatically by scale plays. The 'glusterfs' play should be executed with additional options
 specifying that we are just re-configuring nodes. We can check if all pods are serviced
    oc -n glusterfs get pods -o wide
 Both OpenShift and etcd clusters should be in proper state before running this play. Fixing and re-running
 should be not an issue.

 - More details:
    https://docs.openshift.com/container-platform/3.7/day_two_guide/host_level_tasks.html




Heketi
------
 - With heketi things are straighforward, we need to mark node broken. Then heketi will automatically move the
 bricks to other servers (as he thinks fit).
    * Accessing heketi
        heketi-cli -s http://heketi-storage-glusterfs.openshift.suren.me --user admin --secret "$(oc get secret heketi-storage-admin-secret -n glusterfs -o jsonpath='{.data.key}' | base64 -d)"  
    * Gettiing required ids
        heketi-cli topology info
    * Removing node
        heketi-cli node info <failed_node_id>
        heketi-cli node disable <failed_node_id>
        heketi-cli node remove <failed_node_id>
    * Thats it. A few self-healing daemons are running which should bring the volumes in order automatically.
    * The node will still persist in heketi topology as failed, but will not be used ('node delete' potentially could destroy it, but it is failin)

 - One problem with heketi, it may start volumes before bricks get ready. Consequently, it may run volumes with several bricks offline. It should be
 checked and fixed by restarting the volumes.
 
KaaS Volumes
------------
 There is two modes. 
 - If we migrated to a new server, we need to migrate bricks (force is required because
 the source break is dead and data can't be copied)
        gluster volume replace-brick <volume> <src_brick> <dst_brick>  commit force
    * There is healing daemons running and nothing else has to be done.
    * There play and scripts available to move all bricks automatically

 - If we kept the name and the data is still there, it should be also relatively easy
 to perform migration (not checked). We also should have backups of all this data.
    * Ensure Gluster is not running on the failed node
        oadm manage-node ipeshift2 --schedulable=false
        oadm manage-node ipeshift2 --evacuate
    * Verify the gluster pod is not active. It may be running, but not ready.
    Could be double checked with 'ps'.
        oadm manage-node ipeshift2 --list-pods
    * Get the original Peer UUID of the failed node (by running on healthy node)
        gluster peer status
    * And create '/var/lib/glusterd/glusterd.info' similar to the one on the 
    healthy nodes, but with the found UUID.
    * Copy peers from the healthy nodes to /var/lib/glusterd/peers. We need to
    copy from 2 nodes as node does not hold peer information on itself.
    * Create mount points and re-schedule gluster pod. See more details
        https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3/html/administration_guide/sect-replacing_hosts
    * Start healing
        gluster volume heal VOLNAME full

 - However, if data is lost, it is quite complecated to recover using the same server name. 
 We should rename the server and use first approach instead.
 
 
 
Scaling
=======
 - If we use container native routing, we need to add routes to new nodes on the Infiniband routes, 
 see docs:
    https://docs.openshift.com/container-platform/3.7/install_config/configuring_native_container_routing.html#install-config-configuring-native-container-routing
 Basically, the Infiniband switch should send packets destined to the network 11.11.<hostid>.0/24 to corresponding node, i.e. 192.168.13.<hostid>
    
We also have currently serveral assumptions which will probably not hold true for larger clusters
 - Gluster
    To simplify matters we just reference servers in the storage group manually
    Arbiter may work for several groups and we should define several brick path in this case