How Do I Upgrade EulerOS to Fix Vulnerabilities in an MRS Cluster?
Issue
EulerOS has vulnerabilities at the underlying layer. This section describes how to upgrade the OS to fix vulnerabilities for an MRS cluster.
Symptom
When the NSFOCUS software is used to test the cluster, vulnerabilities are found at the underlying layer in the EulerOS.
Cause Analysis
When the NSFOCUS software is used to test the cluster, it is found that vulnerabilities exist at the underlying layer in the EulerOS. The MRS service is deployed in the EulerOS. Therefore, the system needs to be upgraded to fix the vulnerabilities.
Procedure
Before fixing the vulnerability, check whether Host Security Service (HSS) is enabled. If yes, disable HSS from monitoring the MRS cluster. After the vulnerability is fixed, enable HSS again.
- Log in to the MRS console.
- Click the cluster name. On the cluster details page, click the Nodes tab.
- In the core node group, select a core node, click Node Operation, and select Stop All Roles.
- Remotely log in to the core node and configure the yum repository.
- Run the uname –r or rpm –qa |grep kernel command to query and record the kernel version of the current node.
- Run the yum update –y --skip-broken --setopt=protected_multilib=false command to update the patch.
- After the update is complete, query the kernel version and run the rpm -e Old kernel version command to delete the old kernel version.
- On the cluster details page, click the Nodes tab.
- In the core node group, click the name of the core node whose patch has been updated. The ECS console is displayed.
- In the upper right corner of the page, click Restart to restart the core node.
- On the Nodes tab of the cluster details page, select the core node, click Node Operation, and select Start All Roles.
- Repeat 1 to 11 to upgrade other core nodes.
- After all core nodes are upgraded, upgrade the standby master node and then the active master node. For details, see 1 to 11.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.