Last night, Pivotal announced new versions of PKS and Harbor, so I thought it’s time to simplify the upgrade process. Here is a concourse pipeline that essentially aggregates the upgrade-tile pipeline so that PKS and Harbor are upgraded in one go.
What it does:
- Runs on a schedule – you set the time and days it may run
- Downloads the latest version of PKS and Harbor from Pivnet- you set the major.minor version range
- Uploads the PKS and Harbor releases to your BOSH director
- Determines whether the new release is missing a stemcell, downloads it from PivNet and uploads it to BOSH director
- Stages the tiles/releases
- Applies changes
What you need:
- A working Concourse instance that is able to reach the Internet to pull down the binaries and repo
- The fly cli and credentials for your Concourse.
- A token from your PivNet account
- An instance of PKS 1.0.2 or 1.0.3 AND Harbor 1.4.x deployed on Ops Manager
- Credentials for your Ops Manager
- (optional) A token from your GitHub account
How to use the pipeline:
- Download params.yml and pipeline.yml from here.
- Edit the params.yml by replacing the values in double-parentheses with the actual value. Each line has a bit explaining what it’s expecting. For example, ((ops_mgr_host)) becomes opsmgr.pcf1.domain.local
- Remove the parens
- If you have a GitHub Token, pop that value in, otherwise remove ((github_token))
- The current pks_major_minor_version regex will get the latest 1.0.x. If you want to pin it to a specific version, or when PKS 1.1.x is available, you can make those changes here.
- The ops_mgr_usr and ops_mgr_pwd credentials are those you use to logon to Ops Manager itself. Typically set when the Ops Manager OVA is deployed.
- The schedule params should be adjusted to a convenient time to apply the upgrade. Remember that in addition to the PKS Service being offline (it’s a singleton) during the upgrade, your Kubernetes clusters may be affected if you have the “Upgrade all Clusters” errand set to run in the PKS configuration, so schedule wisely!
- Open your cli and login to concourse with fly
fly -t concourse login -c http://concourse.domain.local:8080 -u username -p password
- Set the new pipeline. Here, I’m naming the pipeline “PKS_Upgrade”. You’ll pass the pipeline.yml with the “-c” param and your edited params.yml with the “-l” param
fly -t concourse sp -p PKS_Upgrade -c pipeline.yml -l params.yml
Answer “y” to “Apply Configuration”…
- Unpause the pipeline so it can run when in the scheduled window
fly -t concourse up -p PKS_Upgrade
- Login to the Concourse web to see our shiny new pipeline!
If you don’t want to deal with the schedule and simply want it to upgrade on-demand, use the pipeline-nosched.yml instead of pipeline.yml, just be aware that when you unpause the pipeline, it’ll start doing its thing. YMMV, but for me, it took about 8 minutes to complete the upgrade.
Behind the scenes
It’s not immediately obvious how the pipeline does what it does. When I first started out, I found it frustrating that there just isn’t much to the pipeline itself. To that end, I tried making pipelines that were entirely self-contained. This was good in that you can read the pipeline and see everything it’s doing; plus it can be made to run in an air-gapped environment. The downside is that there is no separation, one error in any task and you’ll have to edit the whole pipeline file.
As I learned a little more and poked around in what others were doing, it made sense to split the “tasks” out, keep them in a GitHub public repo and pull it down to run on-demand.
Pipelines generally have two main sections; resources and jobs.
Resources are objects that are used by jobs. In this case, the binary installation files, a zip of the GitHub repo and the schedule are resources.
Jobs are (essentially) made up of plans and plans have tasks.
Each task in most pipelines uses another source yml. This task.yml will indicate which image concourse should build a container from and what it should do on that container (typically, run a script). All of these task components are in the GitHub repo, so when the pipeline job runs, it clones the repo and runs the appropriate task script in a container built on an image pulled from dockerhub.
More info
I’ve got a several pipelines in the repo. Some of them do what they’re supposed to. 🙂 Most of them are derived from others’ work, so many thanks to Pivotal Services and Sabha Parameswaran
Brian Ragazzi 