Upgrading the OS to Fix Vulnerabilities for an MRS Cluster Node

Issue

This section describes how to upgrade the OS to fix vulnerabilities for an MRS cluster if EulerOS has vulnerabilities at the underlying layer.

Symptom

When security software is used to test the cluster, vulnerabilities are found at the underlying layer of EulerOS.

Cause Analysis

Services in the MRS cluster are deployed in EulerOS. Therefore, an OS upgrade is required to fix vulnerabilities.

Procedure

Before fixing the vulnerability, check whether Host Security Service (HSS) is enabled. If yes, disable HSS from monitoring the MRS cluster. After the vulnerability is fixed, enable HSS again.

1. Log in to the MRS console.
2. Click the cluster name. On the cluster details page, click the Nodes tab.
3. In the core node group, select a core node, click Node Operation, and select Stop All Roles.

   

4. Log in to the core node and configure the yum repository. For details, see How Can I Use an Automated Tool to Configure a HUAWEI CLOUD Image Source (x86_64 and Arm)?.
5. Run the uname -r or rpm -qa |grep kernel command to query and record the kernel version of the current node.
6. Run the yum update -y --skip-broken --setopt=protected_multilib=false command to update the patch.
7. After the update is complete, query the kernel version and run the rpm -e Old kernel version command to delete the old kernel version.
8. On the cluster details page, click the Nodes tab.
9. In the core node group, click the name of the core node whose patch has been updated. The ECS console is displayed.
10. In the upper right corner of the page, click Restart to restart the core node.
11. On the Nodes tab of the cluster details page, select the core node, click Node Operation, and select Start All Roles.
12. Repeat 1 to 11 to upgrade other core nodes.
13. After all core nodes are upgraded, upgrade the standby master node and then the active master node. For details, see 1 to 11.