To apply a RHEL update to an NSP image-based OS
Purpose
WARNING System Failure |
Attempting to apply the OS update described below on a station that is not described in this guide may result in a catastrophic failure.
You must perform the OS-update procedure only on a station whose deployment is described in the NSP Installation and Upgrade guide.
Perform this procedure to update an NSP RHEL OS instance deployed using an NSP RHEL OS disk image. Such an OS update may include RHEL patches or security enhancements, and is typically applied as part of an NSP system upgrade.
Note: The procedure applies only to a RHEL OS instance deployed using an NSP RHEL OS disk image, and is not to be performed on a manually deployed OS.
Note: An NSP component that you are upgrading requires the latest available update for the installed RHEL version.
Applying an OS update
In order to apply an OS update, you must shut down the NSP component hosted by the OS. During an upgrade, you are directed to shut down a component before you apply an OS update.
You must shut down and restart NSP components in a specific order. For information about performing a graceful shutdown and restart of components in a standalone or DR NSP deployment, see “Workflow: stop and start DR NSP clusters” in the NSP System Administrator Guide.
CAUTION Network Visibility Loss |
Applying an NSP RHEL OS update requires the shutdown of the component receiving the update, and may cause a temporary loss of network visibility, depending on the deployment.
You must perform the procedure only during a scheduled maintenance period.
Steps
1 |
Log in as the root user on the station that hosts the OS. | ||
2 |
Open a console window. | ||
3 |
If the station is an NSP deployer host, correct the node_exporter user ID, if required.
| ||
4 |
In order to apply the OS update on an NSP deployer host or NSP cluster VM, the NSP RHEL user named nsp requires user ID 1000; otherwise, the update fails. If ID 1000 is assigned to a user other than nsp, make the ID available to the nsp user, for example, by doing one of the following: | ||
5 |
Stop the NSP software on the component, which is one of the following, see the NSP System Administrator Guide for information, as required: | ||
6 |
Enter the following: # mkdir -p /opt/OSUpdate ↵ | ||
7 |
Download the following compressed file for the new NSP release to the /opt/OSUpdate directory: NSP_RHELn_OEM_UPDATE_yy_mm.tar.gz where n is the major release of the RHEL version that you are updating, for example, 8 yy_mm is the issue date of the OS update | ||
8 |
Enter the following: # cd /opt/OSUpdate ↵ | ||
9 |
Enter the following to expand the downloaded file: # tar -zxvf NSP_RHELn_OEM_UPDATE_yy_mm.tar.gz ↵ The update files are extracted to the following directory: /opt/OSUpdate/R_r-RHELV.v-yy.mm.dd where R_r is the NSP release that introduces the OS update V.v is the RHEL version, for example, 8.6 yy.mm.dd is the issue date of the OS update | ||
10 |
Enter the following: # cd R_r-RHELV.v-yy.mm.dd ↵ | ||
11 |
Enter the following to perform the OS update: # ./yum_update.sh ↵ | ||
12 |
If the station is an NSP deployer host and you have deleted the node_exporter user in Step 3, enter the following sequence of commands.: # useradd -s /sbin/nologin -U node_exporter ↵ # systemctl start node_exporter.service ↵ | ||
13 |
Performing the procedure on an NSP station running NSP Release 22.11 or earlier may have undesirable effects that include restricted system access. You must perform the procedure only on an NSP Release 23.4 or later station. Optionally, to align with OS-hardening best practices, as defined by the Center for Information Security, or CIS, you can change the default login umask on a RHEL OS instance that hosts an NSP deployer host, NSP cluster node, or NSP component deployed outside the NSP cluster, to restrict file and directory access for non-root users. To set the default RHEL login umask to 0027, perform the following steps.
| ||
14 |
Enter the following: # systemctl reboot ↵ The station reboots. | ||
15 |
Close the console window. End of steps |