Introduction

Red Hat support

For customers using the RHEL OS image for guest VMs, support for the RHEL instance is available directly from Nokia, not Red Hat. For all other RHEL installations, Red Hat support must be purchased for all platforms running the RHEL server with CLM. It is strongly recommended to purchase a support package from Red Hat that provides 24x7 support.

The RHEL OS image can only be used as a guest VM hosting CLM, and not for the deployment of any other Nokia or third-party product.

RHEL version support

The Nokia-provided RHEL OS image is based on RHEL 8.10 and must only be used for the deployment of CLM software, and not for the deployment of any other Nokia or third-party product. VMs created from the RHEL OS image can only be updated with the Nokia-provided RHEL OS update.

Consider the following:

The CLM product team does not support the configuration of OS services, that is, not enabled by default in the RHEL OS image.

With the exception of documented operating system parameter changes for CLM, all other settings must be left at the RHEL default configuration.

Third-party applications

Applications that are not sanctioned by Nokia must not be running on any virtual instance running CLM. Nokia reserves the right to remove any applications that are suspected of causing issues from stations running CLM.

OS deployment methods
CAUTION 

CAUTION

System Support Violation

You must ensure that the CLM supports each update that you apply to a RHEL OS in a CLM deployment. An automated update by a subscription manager may deploy an unsupported RHEL version that you must subsequently roll back.

In order to avoid the accidental deployment of an unsupported RHEL version on a CLM station, it is strongly recommended that you lock the supported release in your RHEL subscription manager. See To lock the RHEL OS version for information.

Before you attempt to deploy the RHEL OS in a CLM system, you must review the NSP and CLM Host Environment Compatibility Reference for information about the RHEL OS support by product release and for the latest compatibility information.

Note: It is strongly recommended to install any driver or firmware update that your hardware vendor advises for RHEL.

You can install the required RHEL OS instance for CLM by:

Note: Deploying a CLM disk image is the recommended method.

Note: Before you deploy any CLM software in a VMware VM, you must install the latest VMware Tools software.

Note: It is strongly recommended that you verify the message digest of each image file or software bundle that you download from the Nokia Support portal. The download page includes the MD5, SHA256, and SHA512 checksums for comparison with the output of the RHEL md5sum, sha256sum, or sha512sum command. See the associated RHEL man page for command usage information.

Note: The Bash shell is the supported command shell for RHEL CLI operations.

Time synchronization requirement
CAUTION 

CAUTION

Service Degradation

Some entities, for example, members of an etcd cluster, fail to trust data integrity in the presence of a time difference. Failing to closely synchronize the system clocks among components complicates troubleshooting and may cause a service outage.

Ensure that you use only the time service described in this section to synchronize the CLM components.

The system clocks of the CLM must always be closely synchronized. The RHEL chronyd service is the mandatory time-synchronization mechanism that you must engage on each CLM component during deployment.

Note: Only one time-synchronization mechanism can be active in a CLM system. Before you enable chronyd on CLM, you must ensure that no other time-synchronization mechanism, for example, the VMware Tools synchronization utility, is enabled.

OS security

The CLM includes various security mechanisms and system hardening options. The following topics describe established or configurable during RHEL OS installation.

RHEL 8 crypto-policy setting

The CLM provides system-wide support for a RHEL 8 crypto-policy setting of FUTURE. The setting is enabled and preconfigured on an OS instance deployed using a RHEL OS OEM image.

A manually deployed OS instance, however, requires the creation of a custom sub-policy, as described in To enable the CLM crypto-policy function on a manually installed RHEL OS.

SELinux

CLM supports deployment on a RHEL OS that has SELinux enabled in permissive or enforcing mode.

You cannot upgrade CLM on which SELinux is enabled in enforcing mode, so must switch to permissive mode before the upgrade. Switching to SELinux enforcing mode is done only after an installation or upgrade.

Note: A RHEL disk image has SELinux enabled in permissive mode by default.

See “What is SELinux?” in the NSP System Administrator Guide for information about enabling and troubleshooting SELinux on the deployer host and cluster VMs, and about switching between SELinux permissive mode and enforcing mode.

Removing executable world permissions

Optionally, you can remove the world permissions from RHEL compiler executable files, as described in Resetting GCC-compiler file permissions.

Applying OS updates
WARNING 

WARNING

System Failure

Attempting to apply the OS update described below on a station that is not described in this guide may result in a catastrophic failure.

You must perform the OS-update procedure only on a station whose deployment is described in the CLM Installation and Upgrade guide.

If you are upgrading the CLM in a VM created using a RHEL OS disk image, you must apply a RHEL update to the OS before you can upgrade the CLM deployer host or CLM cluster, as described in To apply a RHEL update to a CLM image-based OS.

Note: If the upgrade includes a migration to a new RHEL OS version, the update is included in the new OS image that you deploy, so you do not need to perform the procedure.