---
tags:
  - work
  - ovn
  - upgrade
---
https://docs.ovn.org/en/latest/intro/install/ovn-upgrades.html

**Fail-safe upgrade procedure**
The ansible playbook does **NOT** encode the fail-safe procedure in such a way that it prevents us from skipping versions. It is **mandatory** that we ourselves correctly decide the version to upgrade to.

**Is the issue resolved with group.one- prefixes on unit files and /etc/default?**
https://gitlab.group.one/groupvps/ovn-builder/-/merge_requests/11/diffs 

It seems to have been fixed using overrides in debian/rules that move stuff to the expected places after building.

*After testing it looks like this is all done correctly now*


**Ansible playbook**
https://gitlab.group.one/groupvps/ansible/-/merge_requests/56/diffs 

- Makes a backup of OVN db's on networking nodes
	- Creates files on the local system under /tmp
	- Creates files on the remote system under /var/.ovn-backups
- Pins the controller version on both compute and networking nodes
	- `ovs-vsctl set open_vswitch . external_ids:ovn-match-northd-version=true`
- Upgrades ovn-central, ovn-common and ovn-host on network nodes
	- Installs packages
	- restarts ovn-controller, ovn-northd, ovn-ovsdb-server-sb/nb
	- Checks ovsdb-server is running
	- Checks the socket file for existence
- Upgrades ovn controller on compute nodes
	- Installs package
	- restart ovn-controller

**Invocation**
```
ansible-playbook playbooks/failsafe_install_ovn.yml --limit vps_testpod --extra-vars "ovn_search_version=22.03.8+20250403.1251.35813e0b.systems.jammy1"
```