Difference between revisions of "Installing updates: OS, CAs, Quattor, VL-e"

From PDP/Grid Wiki
Jump to navigationJump to search
Line 47: Line 47:
 
where <DATE> is (by convention) the date of generation, formatted as YYYYMMDD (e.g. 20100723).
 
where <DATE> is (by convention) the date of generation, formatted as YYYYMMDD (e.g. 20100723).
  
The generated template will contain only the last version of each package found in the update repository, except for the kernel packages. For the kernel packages, a ''comment line'' for the last version is added. The selection of the kernel now takes happens via the kernel version number and variant defined via variables KERNEL_VERSION_NUM and KERNEL_VARIANT, respectively. The ncm-spma component on the node will make sure that a new kernel version may be added, but the currently running kernel will '''not be un-installed''' to ensure stability of the running system.
+
The generated template will contain only the last version of each package found in the update repository, except for the kernel packages. For the kernel packages, a ''comment line'' for the last version is added. The kernels to be installed are selected somewhere else; see below for details.
  
By convention, we want Quattor only to keep the installation of the currently running kernel and the desired new kernel version. The other modules should thus be removed by hand or via the script $L/../bin/selectKernels.pl:
+
The selection of the kernel now takes happens via the kernel version number and variant defined via variables KERNEL_VERSION_NUM and KERNEL_VARIANT, respectively. The ncm-spma component on the node will make sure that a new kernel version may be added, but the currently running kernel will '''not be un-installed''' to ensure stability of the running system.
  selectKernels.pl -k 2.6.9-78.0.8.EL -k 2.6.9-78.0.13.EL -o /tmp/new-updates.tpl -v /tmp/updates.tpl
+
 
(which deletes all kernels from /tmp/updates.tpl, except for 2.6.9-78.0.8.EL and 2.6.9-78.0.13.EL, stores the output in /tmp/new-updates.tpl and produces verbose output).
+
The template sites/ndpf/site/os/errata-defaults.tpl defines the default errata versions to be deployed for a particular OS version:
 
+
  variable OS_ERRATA_TEMPLATE ?= nlist(
 +
  'centos54_x86_64',    'rpms/errata/20100723',
 +
  'centos48_x86_64',    'rpms/errata/20100118',
 +
  'centos48_i386',      'rpms/errata/20100118',
 +
);
 +
If needed, deviations from the defaults can be defined on a per-host basis in template sites/ndpf/site/os/version_db.tpl:
 +
variable NODE_OS_ERRATA_TEMPLATE ?= nlist(
 +
  escape('tbn13.nikhef.nl'),   'rpms/errata/20090101',
 +
);
 +
The definitions in NODE_OS_ERRATA_TEMPLATE take precedence over the defaults.
  
 
While editing the generated file, ensure that the template name is <tt>rpms/updates</tt>. Finally copy the edited file to <tt>$L/cfg/os/''<distribution>''/rpms/updates.tpl</tt>
 
While editing the generated file, ensure that the template name is <tt>rpms/updates</tt>. Finally copy the edited file to <tt>$L/cfg/os/''<distribution>''/rpms/updates.tpl</tt>

Revision as of 12:57, 19 August 2010

There are various kinds of packages that need to be updated frequently:

  • updates for the Operating System
  • updates for the gLite middleware
  • updates for the VL-e software
  • new versions of the CA packages
  • new Quattor releases

There is a lot of similarity in these updates. This article describes the procedures for the updates listed above, except for the gLite updates. Updating gLite packages is more complicated than the other updates; therefore, there is a dedicated article Updating Quattor-managed gLite servers.

Installing updates comprises the following steps:

  • Synchronization of the local mirror of the OS repository
  • Generation of Quattor update templates
  • Compilation and deployment

Synchronization of the local mirror

To synchronize the local mirror of the Operating System, execute the following script as user ndpfmgr at Quattor server stal:

mirror-centos

This will synchronize the local OS mirror at host stal with the OS mirror at spiegel.

To synchronize the local mirror of the CA mirror in /project/quattor/www/html/mirror/CA/, execute the following script as user ndpfmgr at Quattor server stal:

mirror_cas

To synchronize the local mirror of the Quattor software under /project/quattor/www/html/quattor/, execute the following script as user ndpfmgr at Quattor server stal:

mirror-quattor

To synchronize the local mirror of the VL-e PoC R3 mirror under /project/quattor/www/html/mirror/VL-e//R3/, execute the following script as user ndpfmgr at Quattor server stal:

mirror-vle

At the moment, the following distributions are mirrored:

  • CentOS 4.8 i386
  • CentOS 4.8 x86_64
  • CentOS 5.4 x86_64


Generation of the OS update template for Quattor

The current procedure for generating OS updates (now called errata) is similar to the description on OS Errata Management and Deployment


At host stal using your personal account, run rpmErrate.pl to generate an errate template from the available OS updates:

$L/../bin/rpmUpdates.pl /project/mirror/centos/5.4/updates/x86_64/RPMS/ > \
                        $L/cfg/os/centos54_x86_64/rpms/errata/<DATE>.tpl

where <DATE> is (by convention) the date of generation, formatted as YYYYMMDD (e.g. 20100723).

The generated template will contain only the last version of each package found in the update repository, except for the kernel packages. For the kernel packages, a comment line for the last version is added. The kernels to be installed are selected somewhere else; see below for details.

The selection of the kernel now takes happens via the kernel version number and variant defined via variables KERNEL_VERSION_NUM and KERNEL_VARIANT, respectively. The ncm-spma component on the node will make sure that a new kernel version may be added, but the currently running kernel will not be un-installed to ensure stability of the running system.

The template sites/ndpf/site/os/errata-defaults.tpl defines the default errata versions to be deployed for a particular OS version:

variable OS_ERRATA_TEMPLATE ?= nlist(
  'centos54_x86_64',    'rpms/errata/20100723',
  'centos48_x86_64',    'rpms/errata/20100118',
  'centos48_i386',      'rpms/errata/20100118',
);

If needed, deviations from the defaults can be defined on a per-host basis in template sites/ndpf/site/os/version_db.tpl:

variable NODE_OS_ERRATA_TEMPLATE ?= nlist(
  escape('tbn13.nikhef.nl'),    'rpms/errata/20090101',
);

The definitions in NODE_OS_ERRATA_TEMPLATE take precedence over the defaults.

While editing the generated file, ensure that the template name is rpms/updates. Finally copy the edited file to $L/cfg/os/<distribution>/rpms/updates.tpl

If the target kernel version has changed, the value of the Pan variable KERNEL_VERSION_NUMBER has to be changed accordingly in the template $L/cfg/os/<distribution>/config/os/kernel_version_arch.tpl:

variable KERNEL_VERSION_NUMBER ?= "2.6.9-78.0.8.EL";

Generation of other templates

Update templates for VL-e software can be generated using rpmUpdates.pl. The software update template is located under $L/cfg/grid/vle/<PoC-release>/rpms/<OS-version>/updates.tpl

The easiest way to deal with a set of new CAs, is to download the template from the CA site: [http://groep.web.cern.ch/groep/cadist/] (you need to go down into the directory corresponding to the new release and get the file pro_software_meta_lcg_CA.tpl). This file needs to be customized: the template's name should read common/security/lcg-CA and should eventually be saved as $L/cfg/grid/common/security/lcg-CA.tpl

To change the Quattor software that is installed, the new versions should be added by hand to the templates, to be found under $L/cfg/os/<distribution>/rpms/quattor.tpl

Compilation and Deployment

Perform a test compilation in your local environment and do not forget to refresh the repository templates:

makexprof -u -f itb

If this succeeds, commit the changes to SVN and follow the deployment procedure to install the updates.

Note: if a kernel update is installed, schedule a reboot of the node(s) to ensure that the desired kernel is loaded as soon as possible, to prevent surprises at a later stage.



[1]