$ oc adm manage-node <node_name> --schedulable=false
Updating the operating system (OS) on a host, by either upgrading across major
releases or updating the system software for a minor release, can impact the
OpenShift Origin software running on those machines. In particular, these updates
can affect the iptables rules or ovs flows that OpenShift Origin requires to
operate.
Use the following to safely upgrade the OS on a host:
Ensure the host is unschedulable, meaning that no new pods will be placed onto the host:
$ oc adm manage-node <node_name> --schedulable=false
Migrate the pods from the host:
$ oc adm drain <node_name> --force --delete-local-data --ignore-daemonsets
Update the host packages, and reboot the host. A reboot ensures that the host is
running the newest versions, and means that the docker and OpenShift Origin
processes have been restarted, which will force them to check that all of the
rules in other services are correct.
However, instead of rebooting a node host, you can restart the services that are
affected, or preserve the iptables state. Both processes are described in the
OpenShift Origin
iptables topic. The ovs flow rules do not need to be saved, but restarting
the OpenShift Origin node software will fix the flow rules.
Configure the host to be schedulable again:
$ oc adm manage-node <node_name> --schedulable=true