TRITON-1531: Ask to update FWRULE_VERSION during `sdcadm update`

Details

Issue Type:Bug
Priority:4 - Normal
Status:Open
Created at:2017-11-18T08:53:16.608Z
Updated at:2019-08-28T21:31:59.021Z

People

Created by:Former user
Reported by:Former user

Description

Newer versions of FWAPI support using Moray as a backend for storing firewall rules. In new installations, this is the default, but older installations need to migrate the existing rules out of UFDS first. This is triggered by bumping the FWRULE_VERSION to 3 once all associated components are also updated past:

sdcadm can check FWRULE_VERSION, and ask if it's okay to bump it if it's below 3. It should mention that this might be a slow task, and FWAPI will be offline the whole time. (A datacenter with ~100,000 rules will take around 10 minutes, for example.)

Comments

Comment by Former user
Created at 2017-11-20T16:36:53.852Z

Hrm... this is the kind of thing we'd talked about having explicit migration commands in `sdcadm` for. Currently we have nothing formal. In the past some services have required that a script be manually run. That's not really that acceptable anymore for operator UX. Another example is the data migrations that Julien recently did for some vmapi_vms bucket field changes. In that case VMAPI handles it transparently and maintains service while doing the migration.

Perhaps that (having FWAPI handle this itself and without downtime) is impossible for FWAPI here? It would be mean avoiding another hack/wart in `sdcadm ...` upgrade process.