To apply a RHEL update to a manually deployed OS

Purpose
WARNING 

WARNING

System Failure

Attempting to apply the OS update described below on a station that is not described in this guide may result in a catastrophic failure.

You must perform the OS-update procedure only on a station whose deployment is described in the NSP Installation and Upgrade guide.

Perform this procedure to update a manually deployed NSP RHEL OS instance. The OS update may include RHEL patches or security enhancements, and is typically applied as part of an NSP system upgrade.

Note: The procedure applies only to a RHEL OS instance deployed manually, and must not to be performed on an OS deployed using an NSP disk image.

Note: The Host Environment Compatibility Reference for NSP and CLM includes a support matrix for NSP and RHEL version compatibility. Use the support matrix to identify the supported RHEL versions for the NSP release. It is recommended that you update the RHEL OS to the latest version that the NSP supports.

Applying an OS update

In order to apply an OS update, you must shut down the NSP component hosted by the OS. During an upgrade, you are directed to shut down a component before you apply an OS update.

You must shut down and restart NSP components in a specific order. For information about performing a graceful shutdown and restart of components in a standalone or DR NSP deployment, see “Workflow: stop and start DR NSP clusters” in the NSP System Administrator Guide.

CAUTION 

CAUTION

Network Visibility Loss

Applying an NSP RHEL OS update requires the shutdown of the component receiving the update, and may cause a temporary loss of network visibility, depending on the deployment.

You must perform the procedure only during a scheduled maintenance period.

Steps
 

Log in as the root user on the station that hosts the OS.

Open a console window.

Stop the NSP software on the component, which is one of the following, see the NSP System Administrator Guide for information, as required:

  • NSP cluster

  • NSP auxiliary database

  • NFM-P main server

  • NFM-P main database

  • NFM-P auxiliary server

Download and install the latest update for your RHEL version from Red Hat.
CAUTION 

CAUTION

Misconfiguration Risk

Performing the procedure on an NSP station running NSP Release 22.11 or earlier may have undesirable effects that include restricted system access.

You must perform the procedure only on an NSP Release 23.4 or later station.

Optionally, to align with OS-hardening best practices, as defined by the Center for Information Security, or CIS, you can change the default login umask on a RHEL OS instance that hosts an NSP deployer host, NSP cluster node, or NSP component deployed outside the NSP cluster, to restrict file and directory access for non-root users.

To set the default RHEL login umask to 0027, perform the following steps.

  1. Back up the following files to a secure location on a station outside the management network for safekeeping:

    • /etc/bashrc

    • /etc/csh.cshrc

    • /etc/login.defs

    • /etc/profile

  2. Enter the following:

    sed -i 's/^\([[:space:]]*\)\(umask\|UMASK\)[[:space:]][[:space:]]*[0-9][0-9][0-9]/\1\2 027/' /etc/bashrc /etc/csh.cshrc /etc/login.defs /etc/profile ↵

  3. Log out.

  4. Log in as the root user.

  5. Enter the following:

    umask ↵

    The current umask value is displayed.

  6. Verify that the umask value is 0027.

Enter the following:

systemctl reboot ↵

The station reboots.

Perform To lock the RHEL OS version on the station to prevent the deployment of an unsupported RHEL OS version.

Close the console window.

End of steps