agracey · May 8, 2025 02:03
diff --git a/os-upgrades.yaml b/os-upgrades.yaml
 # SUC Plan related to upgrading/migrating the operating system of control-plane nodes
 apiVersion: upgrade.cattle.io/v1
 kind: Plan
 metadata:
  name: os-upgrade-demo
  namespace: cattle-system
 spec:
  concurrency: 1
  # Override the default SUC set value of 900 with something that will
  # give the enough time to the control-plane plan to finish 
  jobActiveDeadlineSecs: 43200
  nodeSelector:
    matchExpressions:
      # will trigger upgrade for any node containing the 'node-role.kubernetes.io/control-plane' label
      - {key: node-role.kubernetes.io/control-plane, operator: In, values: ["true"]}
  tolerations:
  - key: "CriticalAddonsOnly"
    operator: "Equal"
    value: "true"
    effect: "NoExecute"
  - key: "node-role.kubernetes.io/control-plane"
    operator: "Equal"
    effect: "NoSchedule"
  - key: "node-role.kubernetes.io/etcd"
    operator: "Equal"
    effect: "NoExecute"
  serviceAccountName: system-upgrade-controller
  secrets:
    - name: os-upgrade-script
      path: /host/run/system-upgrade/secrets/os-upgrade-script
  cordon: false
  version: "3.2.3"
  upgrade:
    image: registry.opensuse.org/opensuse/bci/bci-minimal:20250505.0
    command: ["chroot", "/host"]
    args: ["sh", "/run/system-upgrade/secrets/os-upgrade-script/upgrade.sh"]

 ---
 # Secret containing the script that is used by the 
 # SUC Plans for operating system migration/upgrade
 apiVersion: v1
 kind: Secret
 metadata:
  name: os-upgrade-script
  namespace: cattle-system
 type: Opaque
 stringData:
  upgrade.sh: |
    #!/bin/sh
    
    OS_UPGRADED_PLACEHOLDER_PATH="/etc/os-upgrade-successful"

    if [ -f ${OS_UPGRADED_PLACEHOLDER_PATH} ]; then
        # Due to the nature of how SUC handles OS upgrades,
        # the OS upgrade pod will be restarted after an OS reboot.
        # Within the new Pod we only need to check whether the upgrade
        # has been done. This is done by checking for the '/run/os-upgrade-successful'
        # file which will only be present on the system if a successful upgrade
        # of the OS has taken place.
        echo "Upgrade has already been done. Exiting.."
        touch /etc/os-upgrade-demo-marker-2
        rm ${OS_UPGRADED_PLACEHOLDER_PATH}
        exit 0
    fi

    cleanupService(){
        rm ${1}
        systemctl daemon-reload
    }

    executeUpgrade(){
        EXEC_START="ExecStart=/usr/sbin/transactional-update cleanup up"
        SERVICE_NAME="os-pkg-update.service"

        UPDATE_SERVICE_PATH=/etc/systemd/system/${SERVICE_NAME}

        # Make sure that even after a non-zero exit of the script
        # we will do a cleanup of the service
        trap "cleanupService ${UPDATE_SERVICE_PATH}" EXIT
        
        touch /etc/os-upgrade-demo-marker-1
        echo "Creating ${SERVICE_NAME}..."
        cat <<EOF > ${UPDATE_SERVICE_PATH}
    [Unit]
    Description=SUSE Edge Upgrade Service
    ConditionACPower=true
    Wants=network.target
    After=network.target

    [Service]
    Type=oneshot
    IOSchedulingClass=best-effort
    IOSchedulingPriority=7
    ${EXEC_START}
    EOF

        echo "Starting ${SERVICE_NAME}..."
        systemctl start ${SERVICE_NAME} &

        BACKGROUND_PROC_PID=$!
        tail --pid ${BACKGROUND_PROC_PID} -f /var/log/transactional-update.log

        # Waits for the background process with pid to finish and propagates its exit code to '$?'
        wait ${BACKGROUND_PROC_PID}

        # Get exit code of backgroup process 
        BACKGROUND_PROC_EXIT=$?
        if [ ${BACKGROUND_PROC_EXIT} -ne 0 ]; then
            exit ${BACKGROUND_PROC_EXIT}
        fi

        # Check if reboot is needed.
        # Will only be needed when transactional-update has successfully
        # done any package upgrades/updates.
        if [ -f /run/reboot-needed ]; then
            # Create a placeholder indicating that the os upgrade
            # has finished succesfully
            touch ${OS_UPGRADED_PLACEHOLDER_PATH}
            /usr/sbin/reboot
        fi
    }

    executeUpgrade
	# SUC Plan related to upgrading/migrating the operating system of control-plane nodes
	apiVersion: upgrade.cattle.io/v1
	kind: Plan
	metadata:
	name: os-upgrade-demo
	namespace: cattle-system
	spec:
	concurrency: 1
	# Override the default SUC set value of 900 with something that will
	# give the enough time to the control-plane plan to finish
	jobActiveDeadlineSecs: 43200
	nodeSelector:
	matchExpressions:
	# will trigger upgrade for any node containing the 'node-role.kubernetes.io/control-plane' label
	- {key: node-role.kubernetes.io/control-plane, operator: In, values: ["true"]}
	tolerations:
	- key: "CriticalAddonsOnly"
	operator: "Equal"
	value: "true"
	effect: "NoExecute"
	- key: "node-role.kubernetes.io/control-plane"
	operator: "Equal"
	effect: "NoSchedule"
	- key: "node-role.kubernetes.io/etcd"
	operator: "Equal"
	effect: "NoExecute"
	serviceAccountName: system-upgrade-controller
	secrets:
	- name: os-upgrade-script
	path: /host/run/system-upgrade/secrets/os-upgrade-script
	cordon: false
	version: "3.2.3"
	upgrade:
	image: registry.opensuse.org/opensuse/bci/bci-minimal:20250505.0
	command: ["chroot", "/host"]
	args: ["sh", "/run/system-upgrade/secrets/os-upgrade-script/upgrade.sh"]

	---
	# Secret containing the script that is used by the
	# SUC Plans for operating system migration/upgrade
	apiVersion: v1
	kind: Secret
	metadata:
	name: os-upgrade-script
	namespace: cattle-system
	type: Opaque
	stringData:
	upgrade.sh: \|
	#!/bin/sh

	OS_UPGRADED_PLACEHOLDER_PATH="/etc/os-upgrade-successful"

	if [ -f ${OS_UPGRADED_PLACEHOLDER_PATH} ]; then
	# Due to the nature of how SUC handles OS upgrades,
	# the OS upgrade pod will be restarted after an OS reboot.
	# Within the new Pod we only need to check whether the upgrade
	# has been done. This is done by checking for the '/run/os-upgrade-successful'
	# file which will only be present on the system if a successful upgrade
	# of the OS has taken place.
	echo "Upgrade has already been done. Exiting.."
	touch /etc/os-upgrade-demo-marker-2
	rm ${OS_UPGRADED_PLACEHOLDER_PATH}
	exit 0
	fi

	cleanupService(){
	rm ${1}
	systemctl daemon-reload
	}

	executeUpgrade(){
	EXEC_START="ExecStart=/usr/sbin/transactional-update cleanup up"
	SERVICE_NAME="os-pkg-update.service"

	UPDATE_SERVICE_PATH=/etc/systemd/system/${SERVICE_NAME}

	# Make sure that even after a non-zero exit of the script
	# we will do a cleanup of the service
	trap "cleanupService ${UPDATE_SERVICE_PATH}" EXIT

	touch /etc/os-upgrade-demo-marker-1
	echo "Creating ${SERVICE_NAME}..."
	cat <<EOF > ${UPDATE_SERVICE_PATH}
	[Unit]
	Description=SUSE Edge Upgrade Service
	ConditionACPower=true
	Wants=network.target
	After=network.target

	[Service]
	Type=oneshot
	IOSchedulingClass=best-effort
	IOSchedulingPriority=7
	${EXEC_START}
	EOF

	echo "Starting ${SERVICE_NAME}..."
	systemctl start ${SERVICE_NAME} &

	BACKGROUND_PROC_PID=$!
	tail --pid ${BACKGROUND_PROC_PID} -f /var/log/transactional-update.log

	# Waits for the background process with pid to finish and propagates its exit code to '$?'
	wait ${BACKGROUND_PROC_PID}

	# Get exit code of backgroup process
	BACKGROUND_PROC_EXIT=$?
	if [ ${BACKGROUND_PROC_EXIT} -ne 0 ]; then
	exit ${BACKGROUND_PROC_EXIT}
	fi

	# Check if reboot is needed.
	# Will only be needed when transactional-update has successfully
	# done any package upgrades/updates.
	if [ -f /run/reboot-needed ]; then
	# Create a placeholder indicating that the os upgrade
	# has finished succesfully
	touch ${OS_UPGRADED_PLACEHOLDER_PATH}
	/usr/sbin/reboot
	fi
	}

	executeUpgrade