To apply a RHEL update to a CLM image-based OS
Purpose
| WARNING System Failure |
Attempting to apply the OS update described below on a station that is not described in this guide may result in a catastrophic failure.
You must perform the OS-update procedure only on a station whose deployment is described in the CLM Installation and Upgrade guide.
Perform this procedure to update a RHEL OS instance deployed using an RHEL OS disk image. Such an OS update may include RHEL patches or security enhancements, and is typically applied as part of a CLM system upgrade.
Note: The procedure applies only to a RHEL OS instance deployed using an RHEL OS disk image, and is not to be performed on a manually deployed OS.
Note: Upgrading CLM requires the latest available update for the installed RHEL version.
Applying an OS update
In order to apply an OS update, you must shut down either the deployer or cluster node, depending on which one you are updating. During an upgrade, you are directed to shut down a component before you apply an OS update.
|
CAUTION Network Visibility Loss |
Applying a RHEL OS update requires the shutdown of the entity receiving the update, and may cause a temporary loss of network visibility, depending on the deployment.
You must perform the procedure only during a scheduled maintenance period.
Steps
1 |
Log in as the root user on the station that hosts the OS. | ||
2 |
Open a console window. | ||
3 |
If the station is a CLM deployer host, correct the node_exporter user ID, if required.
| ||
4 |
In order to apply the OS update on a CLM deployer host or CLM cluster VM, the RHEL user named nsp requires user ID 1000; otherwise, the update fails. If ID 1000 is assigned to a user other than nsp, make the ID available to the nsp user, for example, by doing one of the following: | ||
5 |
Stop the CLM software on the CLM cluster, as required. | ||
6 |
Enter the following: # mkdir -p /opt/OSUpdate ↵ | ||
7 |
Download the following compressed file for the new CLM release to the /opt/OSUpdate directory: NSP_RHELn_OEM_UPDATE_yy_mm.tar.gz where n is the major release of the RHEL version that you are updating, for example, 8 yy_mm is the issue date of the OS update | ||
8 |
Enter the following: # cd /opt/OSUpdate ↵ | ||
9 |
Enter the following to expand the downloaded file: # tar -zxvf NSP_RHELn_OEM_UPDATE_yy_mm.tar.gz ↵ The update files are extracted to the following directory: /opt/OSUpdate/R_r-RHELV.v-yy.mm.dd where R_r is the CLM release that introduces the OS update V.v is the RHEL version, for example, 8.6 yy.mm.dd is the issue date of the OS update | ||
10 |
Enter the following: # cd R_r-RHELV.v-yy.mm.dd ↵ | ||
11 |
Enter the following to perform the OS update: # ./yum_update.sh ↵ | ||
12 |
If the station is a CLM deployer host and you have deleted the node_exporter user in Step 3, enter the following sequence of commands: # useradd -s /sbin/nologin -U node_exporter ↵ # systemctl start node_exporter.service ↵ | ||
13 |
Performing the procedure on a CLM station running CLM Release 22.11 or earlier may have undesirable effects that include restricted system access. You must perform the procedure only on a CLM Release 23.4 or later station. Optionally, to align with OS-hardening best practices, as defined by the Center for Information Security, or CIS, you can change the default login umask on a RHEL OS instance that hosts a CLM deployer host or CLM cluster node to restrict file and directory access for non-root users. To set the default RHEL login umask to 0027, perform the following steps.
| ||
14 |
Enter the following: # systemctl reboot ↵ The station reboots. | ||
15 |
Close the console window. End of steps |