Merge pull request #56592 from jboxman-rh/OSDOCS-4933

OSDOCS-4933: Add migration to OpenShift SDN

Author: jab-rh

_topic_maps/_topic_map.yml

@@ -1298,6 +1298,10 @@ Topics:
   Topics:
   - Name: About the OpenShift SDN network plugin
     File: about-openshift-sdn
+  - Name: Migrating to the OpenShift SDN network plugin
+    File: migrate-to-openshift-sdn
+  - Name: Rolling back to the OpenShift SDN network plugin
+    File: rollback-to-ovn-kubernetes
   - Name: Configuring egress IPs for a project
     File: assigning-egress-ips
     Distros: openshift-origin,openshift-enterprise

modules/nw-network-plugin-migration-process.adoc

@@ -0,0 +1,99 @@
+// Module included in the following assemblies:
+//
+// * networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
+// * networking/openshift_sdn/migrate-to-openshift-sdn.adoc
+
+ifeval::["{context}" == "migrate-to-openshift-sdn"]
+:sdn: OpenShift SDN
+:previous-sdn: OVN-Kubernetes
+:type: OpenShiftSDN
+endif::[]
+ifeval::["{context}" == "migrate-from-openshift-sdn"]
+:sdn: OVN-Kubernetes
+:previous-sdn: OpenShift SDN
+:type: OVNKubernetes
+endif::[]
+
+[id="how-the-migration-process-works_{context}"]
+= How the migration process works
+
+The following table summarizes the migration process by segmenting between the user-initiated steps in the process and the actions that the migration performs in response.
+
+.Migrating to {sdn} from {previous-sdn}
+[cols="1,1a",options="header"]
+|===
+
+|User-initiated steps|Migration activity
+
+|
+Set the `migration` field of the `Network.operator.openshift.io` custom resource (CR) named `cluster` to `{type}`. Make sure the `migration` field is `null` before setting it to a value.
+|
+Cluster Network Operator (CNO):: Updates the status of the `Network.config.openshift.io` CR named `cluster` accordingly.
+Machine Config Operator (MCO):: Rolls out an update to the systemd configuration necessary for {sdn}; the MCO updates a single machine per pool at a time by default, causing the total time the migration takes to increase with the size of the cluster.
+
+|Update the `networkType` field of the `Network.config.openshift.io` CR.
+|
+CNO:: Performs the following actions:
++
+--
+* Destroys the {previous-sdn} control plane pods.
+* Deploys the {sdn} control plane pods.
+* Updates the Multus objects to reflect the new network plugin.
+--
+
+|
+Reboot each node in the cluster.
+|
+Cluster:: As nodes reboot, the cluster assigns IP addresses to pods on the {sdn} cluster network.
+
+|===
+
+ifeval::["{context}" == "migrate-from-openshift-sdn"]
+If a rollback to OpenShift SDN is required, the following table describes the process.
+
+.Performing a rollback to OpenShift SDN
+[cols="1,1a",options="header"]
+|===
+
+|User-initiated steps|Migration activity
+
+|Suspend the MCO to ensure that it does not interrupt the migration.
+|The MCO stops.
+
+|
+Set the `migration` field of the `Network.operator.openshift.io` custom resource (CR) named `cluster` to `OpenShiftSDN`. Make sure the `migration` field is `null` before setting it to a value.
+|
+CNO:: Updates the status of the `Network.config.openshift.io` CR named `cluster` accordingly.
+
+|Update the `networkType` field.
+|
+CNO:: Performs the following actions:
++
+--
+* Destroys the OVN-Kubernetes control plane pods.
+* Deploys the OpenShift SDN control plane pods.
+* Updates the Multus objects to reflect the new network plugin.
+--
+
+|
+Reboot each node in the cluster.
+|
+Cluster:: As nodes reboot, the cluster assigns IP addresses to pods on the OpenShift-SDN network.
+
+|
+Enable the MCO after all nodes in the cluster reboot.
+|
+MCO:: Rolls out an update to the systemd configuration necessary for OpenShift SDN; the MCO updates a single machine per pool at a time by default, so the total time the migration takes increases with the size of the cluster.
+
+|===
+endif::[]
+
+ifdef::sdn[]
+:!sdn:
+endif::[]
+ifdef::previous-sdn[]
+:!previous-sdn:
+endif::[]
+ifdef::type[]
+:!type:
+endif::[]

modules/nw-ovn-kubernetes-migration-about.adoc

@@ -138,75 +138,3 @@ For more information on using multicast in OVN-Kubernetes, see "Enabling multica
 === Network policies
 
 OVN-Kubernetes fully supports the Kubernetes `NetworkPolicy` API in the `networking.k8s.io/v1` API group. No changes are necessary in your network policies when migrating from OpenShift SDN.
-
-[id="how-the-migration-process-works_{context}"]
-== How the migration process works
-
-The following table summarizes the migration process by segmenting between the user-initiated steps in the process and the actions that the migration performs in response.
-
-.Migrating to OVN-Kubernetes from OpenShift SDN
-[cols="1,1a",options="header"]
-|===
-
-|User-initiated steps|Migration activity
-
-|
-Set the `migration` field of the `Network.operator.openshift.io` custom resource (CR) named `cluster` to `OVNKubernetes`. Make sure the `migration` field is `null` before setting it to a value.
-|
-Cluster Network Operator (CNO):: Updates the status of the `Network.config.openshift.io` CR named `cluster` accordingly.
-Machine Config Operator (MCO):: Rolls out an update to the systemd configuration necessary for OVN-Kubernetes; The MCO updates a single machine per pool at a time by default, causing the total time the migration takes to increase with the size of the cluster.
-
-|Update the `networkType` field of the `Network.config.openshift.io` CR.
-|
-CNO:: Performs the following actions:
-+
---
-* Destroys the OpenShift SDN control plane pods.
-* Deploys the OVN-Kubernetes control plane pods.
-* Updates the Multus objects to reflect the new network plugin.
---
-
-|
-Reboot each node in the cluster.
-|
-Cluster:: As nodes reboot, the cluster assigns IP addresses to pods on the OVN-Kubernetes cluster network.
-
-|===
-
-If a rollback to OpenShift SDN is required, the following table describes the process.
-
-.Performing a rollback to OpenShift SDN
-[cols="1,1a",options="header"]
-|===
-
-|User-initiated steps|Migration activity
-
-|Suspend the MCO to ensure that it does not interrupt the migration.
-|The MCO stops.
-
-|
-Set the `migration` field of the `Network.operator.openshift.io` custom resource (CR) named `cluster` to `OpenShiftSDN`. Make sure the `migration` field is `null` before setting it to a value.
-|
-CNO:: Updates the status of the `Network.config.openshift.io` CR named `cluster` accordingly.
-
-|Update the `networkType` field.
-|
-CNO:: Performs the following actions:
-+
---
-* Destroys the OVN-Kubernetes control plane pods.
-* Deploys the OpenShift SDN control plane pods.
-* Updates the Multus objects to reflect the new network plugin.
---
-
-|
-Reboot each node in the cluster.
-|
-Cluster:: As nodes reboot, the cluster assigns IP addresses to pods on the OpenShift-SDN network.
-
-|
-Enable the MCO after all nodes in the cluster reboot.
-|
-MCO:: Rolls out an update to the systemd configuration necessary for OpenShift SDN; The MCO updates a single machine per pool at a time by default, so the total time the migration takes increases with the size of the cluster.
-
-|===

modules/nw-ovn-kubernetes-migration.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc
+// * networking/openshift_sdn/rollback-to-ovn-kubernetes.adoc
 
 :_content-type: PROCEDURE
 [id="nw-ovn-kubernetes-migration_{context}"]
@@ -277,7 +278,26 @@ Waiting for daemon set "multus" rollout to finish: 5 of 6 updated pods are avail
 daemon set "multus" successfully rolled out
 ----
 
-. To complete the migration, reboot each node in your cluster. For example, you can use a bash script similar to the following example. The script assumes that you can connect to each host by using `ssh` and that you have configured `sudo` to not prompt for a password.
+. To complete changing the network plugin, reboot each node in your cluster. You can reboot the nodes in your cluster with either of the following approaches:
+
+** With the `oc rsh` command, you can use a bash script similar to the following:
++
+[source,bash]
+----
+#!/bin/bash
+readarray -t POD_NODES <<< "$(oc get pod -n openshift-machine-config-operator -o wide| grep daemon|awk '{print $1" "$7}')"
+
+for i in "${POD_NODES[@]}"
+do
+  read -r POD NODE <<< "$i"
+  until oc rsh -n openshift-machine-config-operator "$POD" chroot /rootfs shutdown -r +1
+    do
+      echo "cannot reboot node $NODE, retry" && sleep 3
+    done
+done
+----
+
+** With the `ssh` command, you can use a bash script similar to the following. The script assumes that you have configured sudo to not prompt for a password.
 +
 [source,bash]
 ----
@@ -289,8 +309,6 @@ do
    ssh -o StrictHostKeyChecking=no core@$ip sudo shutdown -r -t 3
 done
 ----
-+
-If ssh access is not available, you might be able to reboot each node through the management portal for your infrastructure provider.
 
 . Confirm that the migration succeeded:
 

modules/nw-ovn-kubernetes-rollback.adoc

@@ -1,24 +1,31 @@
 // Module included in the following assemblies:
 //
 // * networking/ovn_kubernetes_network_provider/rollback-to-openshift-sdn.adoc
+// * networking/openshift_sdn/migrate-to-openshift-sdn.adoc
 
+// This procedure applies to both a roll back and a migration
 :_content-type: PROCEDURE
 [id="nw-ovn-kubernetes-rollback_{context}"]
-= Rolling back the network plugin to OpenShift SDN
+= Migrating to the OpenShift SDN network plugin
 
-As a cluster administrator, you can rollback your cluster to the OpenShift SDN Container Network Interface (CNI) network plugin.
-During the rollback, you must reboot every node in your cluster.
+As a cluster administrator, you can migrate to the OpenShift SDN Container Network Interface (CNI) network plugin.
+During the migration you must reboot every node in your cluster.
 
+ifeval::["{context}" == "rollback-to-openshift-sdn"]
 [IMPORTANT]
 ====
 Only rollback to OpenShift SDN if the migration to OVN-Kubernetes fails.
 ====
+endif::[]
 
 .Prerequisites
 
 * Install the OpenShift CLI (`oc`).
 * Access to the cluster as a user with the `cluster-admin` role.
 * A cluster installed on infrastructure configured with the OVN-Kubernetes network plugin.
+* A recent backup of the etcd database is available.
+* A reboot can be triggered manually for each node.
+* The cluster is in a known good state, without any errors.
 
 .Procedure
 
@@ -37,7 +44,15 @@ $ oc patch MachineConfigPool master --type='merge' --patch \
 [source,terminal]
 ----
 $ oc patch MachineConfigPool worker --type='merge' --patch \
-  '{ "spec":{ "paused" :true } }'
+  '{ "spec":{ "paused": true } }'
+----
+
+. To prepare for the migration, set the migration field to `null` by entering the following command:
++
+[source,terminal]
+----
+$ oc patch Network.operator.openshift.io cluster --type='merge' \
+  --patch '{ "spec": { "migration": null } }'
 ----
 
 . To start the migration, set the network plugin back to OpenShift SDN by entering the following commands:
@@ -142,7 +157,26 @@ Waiting for daemon set "multus" rollout to finish: 5 of 6 updated pods are avail
 daemon set "multus" successfully rolled out
 ----
 
-. To complete the rollback, reboot each node in your cluster. For example, you could use a bash script similar to the following. The script assumes that you can connect to each host by using `ssh` and that you have configured `sudo` to not prompt for a password.
+. To complete changing the network plugin, reboot each node in your cluster. You can reboot the nodes in your cluster with either of the following approaches:
+
+** With the `oc rsh` command, you can use a bash script similar to the following:
++
+[source,bash]
+----
+#!/bin/bash
+readarray -t POD_NODES <<< "$(oc get pod -n openshift-machine-config-operator -o wide| grep daemon|awk '{print $1" "$7}')"
+
+for i in "${POD_NODES[@]}"
+do
+  read -r POD NODE <<< "$i"
+  until oc rsh -n openshift-machine-config-operator "$POD" chroot /rootfs shutdown -r +1
+    do
+      echo "cannot reboot node $NODE, retry" && sleep 3
+    done
+done
+----
+
+** With the `ssh` command, you can use a bash script similar to the following. The script assumes that you have configured sudo to not prompt for a password.
 +
 [source,bash]
 ----
@@ -154,8 +188,6 @@ do
    ssh -o StrictHostKeyChecking=no core@$ip sudo shutdown -r -t 3
 done
 ----
-+
-If ssh access is not available, you might be able to reboot each node through the management portal for your infrastructure provider.
 
 . After the nodes in your cluster have rebooted, start all of the machine configuration pools:
 +

networking/openshift_sdn/migrate-to-openshift-sdn.adoc

@@ -0,0 +1,27 @@
+:_content-type: ASSEMBLY
+[id="migrate-to-openshift-sdn"]
+= Migrating to the OpenShift SDN network plugin
+include::_attributes/common-attributes.adoc[]
+:context: migrate-to-openshift-sdn
+
+toc::[]
+
+As a cluster administrator, you can migrate to the OpenShift SDN network plugin from the OVN-Kubernetes network plugin.
+
+To learn more about OpenShift SDN, read xref:../../networking/openshift_sdn/about-openshift-sdn.adoc#about-openshift-sdn[About the OpenShift SDN network plugin].
+
+include::modules/nw-network-plugin-migration-process.adoc[leveloffset=+1]
+include::modules/nw-ovn-kubernetes-rollback.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="migrate-to-openshift-sdn-additional-resources"]
+== Additional resources
+
+* xref:../../networking/cluster-network-operator.adoc#nw-operator-configuration-parameters-for-openshift-sdn_cluster-network-operator[Configuration parameters for the OpenShift SDN network plugin]
+* xref:../../backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc#backup-etcd[Backing up etcd]
+* xref:../../networking/network_policy/about-network-policy.adoc#about-network-policy[About network policy]
+* OpenShift SDN capabilities
+- xref:../../networking/openshift_sdn/assigning-egress-ips.adoc#assigning-egress-ips[Configuring egress IPs for a project]
+- xref:../../networking/openshift_sdn/configuring-egress-firewall.adoc#configuring-egress-firewall[Configuring an egress firewall for a project]
+- xref:../../networking/openshift_sdn/enabling-multicast.adoc#enabling-multicast[Enabling multicast for a project]
+* xref:../../rest_api/operator_apis/network-operator-openshift-io-v1.adoc#network-operator-openshift-io-v1[Network [operator.openshift.io/v1]]

networking/openshift_sdn/rollback-to-ovn-kubernetes.adoc

@@ -0,0 +1,13 @@
+:_content-type: ASSEMBLY
+[id="roll-back-to-ovn-kubernetes"]
+= Rolling back to the OVN-Kubernetes network plugin
+include::_attributes/common-attributes.adoc[]
+:context: roll-back-to-ovn-kubernetes
+
+toc::[]
+
+As a cluster administrator, you can rollback to the OVN-Kubernetes network plugin from the OpenShift SDN network plugin if the migration to OpenShift SDN is unsuccessful.
+
+To learn more about OVN-Kubernetes, read xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[About the OVN-Kubernetes network plugin].
+
+include::modules/nw-ovn-kubernetes-migration.adoc[leveloffset=+1]

networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc

@@ -11,6 +11,7 @@ As a cluster administrator, you can migrate to the OVN-Kubernetes network plugin
 To learn more about OVN-Kubernetes, read xref:../../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes#about-ovn-kubernetes[About the OVN-Kubernetes network plugin].
 
 include::modules/nw-ovn-kubernetes-migration-about.adoc[leveloffset=+1]
+include::modules/nw-network-plugin-migration-process.adoc[leveloffset=+2]
 
 include::modules/nw-ovn-kubernetes-migration.adoc[leveloffset=+1]