To apply a RHEL update to an NSP image-based OS

Purpose

WARNING

System Failure

You must not attempt to apply the OS update on a system that is not deployed as described in this guide, or catastrophic NSP system failure may result. For example, applying the OS update on an NSP appliance host or NSP Server host results in the uninstallation of virsh and virt-manager, and causes all VMs to be removed.

You must perform the procedure only on a system deployed as described in this guide.

Perform this procedure to update an NSP RHEL OS instance deployed using an NSP RHEL OS disk image. Such an OS update may include RHEL patches or security enhancements, and is typically applied as part of an NSP system upgrade.

Note: The procedure applies only to a RHEL OS instance deployed using an NSP RHEL OS disk image, and is not to be performed on a manually deployed OS.

Note: An NSP component that you are upgrading requires the latest available update for the installed RHEL version.

Applying an OS update

In order to apply an OS update, you must shut down the NSP component hosted by the OS. During an upgrade, you are directed to shut down a component before you apply an OS update.

You must shut down and restart NSP components in a specific order. For information about performing a graceful shutdown and restart of components in a standalone or DR NSP deployment, see “Workflow: stop and start DR NSP clusters” in the NSP System Administrator Guide.

CAUTION

Network Visibility Loss

Applying an NSP RHEL OS update requires the shutdown of the component receiving the update, and may cause a temporary loss of network visibility, depending on the deployment.

You must perform the procedure only during a scheduled maintenance period.

Steps

Open a console window.

Stop the NSP software on the component, see the NSP System Administrator Guide for information, as required:

NSP cluster
NSP Flow Collector / Flow Collector Controller
NSP auxiliary database
NFM-P main server
NFM-P main database
NFM-P auxiliary server

Enter the following:

# mkdir -p /opt/OSUpdate ↵

Download the following compressed file for the new NSP release to the /opt/OSUpdate directory:

NSP_RHELn_OEM_UPDATE_yy_mm.tar.gz

where

n is the major release of the RHEL version that you are updating, for example, 8

yy_mm is the issue date of the OS update

Enter the following:

# cd /opt/OSUpdate ↵

Enter the following to expand the downloaded file:

# tar -zxvf NSP_RHELn_OEM_UPDATE_yy_mm.tar.gz ↵

The update files are extracted to the following directory:

/opt/OSUpdate/R_r-RHELV.v-yy.mm.dd

where

R_r is the NSP release that introduces the OS update

V.v is the RHEL version, for example, 8.6

yy.mm.dd is the issue date of the OS update

Enter the following:

# cd R_r-RHELV.v-yy.mm.dd ↵

Enter the following to perform the OS update:

# ./yum_update.sh ↵

CAUTION

Misconfiguration Risk

Performing this step on a RHEL OS that hosts NSP Release 22.11 or earlier software may have undesirable effects that include degraded system performance and restricted system access.

You must perform the step only on a RHEL OS instance that nosts Release 23.4 or later NSP software.

Optionally, to align with OS-hardening best practices, as defined by the Center for Information Security, or CIS, you can change the default login umask on a RHEL OS instance that hosts an NSP deployer host, NSP cluster node, or NSP component deployed outside the NSP cluster, to restrict file and directory access for non-root users.

To set the default RHEL login umask to 0027, perform the following steps.

Back up the following files to a secure location on a station outside the management network for safekeeping:
- /etc/bashrc
- /etc/profile
- /etc/login.defs
Enter the following:

# sed -i 's/^\([[:space:]]*\)\(umask\|UMASK\)[[:space:]][[:space:]]*[0-9][0-9][0-9]/\1\2 027/' /etc/bashrc /etc/profile /etc/login.defs ↵
Log out.
Log in as the root user.
Enter the following:

# umask ↵

The current umask value is displayed.
Verify that the umask value is 0027.

Enter the following:

# systemctl reboot ↵

The station reboots.

Close the console window.

End of steps