Preparations

RPM packages can be updated manually (using osmt update) or automatically (using the background osmt-agent service). You need to perform the following operations for both manual and automatic updates.

Confirm that the repository is configured correctly.

Check whether the parameters in the /etc/yum.repos.d/hce.repo file are configured correctly. The correct configuration is as follows:

[base]
name=HCE $releasever base
baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2

[updates]
name=HCE $releasever updates
baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/updates/RPM-GPG-KEY-HCE-2
 
[debuginfo]
name=HCE $releasever debuginfo
baseurl=https://repo.huaweicloud.com/hce/$releasever/debuginfo/$basearch/
enabled=0
gpgcheck=1
gpgkey=https://repo.huaweicloud.com/hce/$releasever/debuginfo/RPM-GPG-KEY-HCE-2

Incorrect configuration may result in OSMT upgrade failures or unexpected upgrades.

Run dnf update osmt -y to update OSMT.

Configure the /etc/osmt/osmt.conf file.

OSMT updates RPM packages based on the osmt.conf file. Configure the file as required.

[auto]
#if auto_upgrade is True, the osmt-agent will auto upgrade rpms use osmt.conf and reboot between time interval we specified
#the value of cycle_time means the  osmt-agent will check upgrade every cycle_time seconds, default 86400s(1 day)
#When a configuration item has a line break, you need to leave a space or tab at the beginning of the line
auto_upgrade = False
cycle_time = 3600
minimal_interval = 3600
auto_upgrade_window = "22:00-05:00"
auto_upgrade_interval = 1

[Package]
# There are three rules of filters, all enabled by default. severity will be effect only when the types contain security, it is the subtype of security.
# The following are the three rules:
#    1. white list has the highest priority, if whitelist is configured then ignore other rules and filter out the whitelist packages from the full list of packages to be upgrade
#    2. Filter the update range by types, when the types contain security, further filter the severity of security updates severity, only upgrade the severity level of security.
#    3. Filter blacklist to remove packages in blacklist from types filter results, and packages which depend on packages in blacklist will also be removed.
# filters must contain at least one types rule, if the types rule is empty, the -a option will not upgrade any packages (by default all 3 filters are enabled).

filters = "types, blacklist"
whitelist = ""

# types include: security, bugfix, enhancement, newpackage, unknown/other
# if types is empty, no package will be upgrade
types = "security"
# severity is the subtype of security, include: low, moderate, important, critical
severity = "important, critical"
blacklist = ""
# The rpm package that requires a system reboot to take effect after the upgrade
need_reboot_rpms = "kernel,kernel-debug,kernel-debuginfo,kernel-debuginfo-common,kernel-devel,kernel-headers,kernel-ori,kernel-tools,kernel-tools-libs,glibc,glibc-utils,glibc-static,glibc-headers,glibc-devel,glibc-common,dbus,dbus-python,dbus-libs,dbus-glib-devel,dbus-glib,dbus-devel,systemd,systemd-devel,systemd-libs,systemd-python,systemd-sysv,grub2,grub2-efi,grub2-tools,openssl,openssl-devel,openssl-libs,gnutls,gnutls-dane,gnutls-devel,gnutls-utils,linux-firmware,openssh,openssh-server,openssh-clients,openssh-keycat,openssh-askpass,python-libs,python,grub2-pc,grub2-common,grub2-tools-minimal,grub2-pc-modules,grub2-tools-extra,grub2-efi-x64,grub2-efi-x64-cdboot,kernel-cross-headers,kernel-source,glibc-all-langpacks,dbus-common,dbus-daemon,dbus-tools,systemd-container,systemd-pam,systemd-udev,grub2-efi-aa64,grub2-efi-aa64-cdboot,grub2-efi-aa64-modules,openssl-perl,openssl-pkcs,kernel-tools-libs-devel,glibc-debugutils,glibc-locale-source,systemd-help,grub2-efi-ia32-modules,grub2-efi-x64-modules,grub2-tools-efi,grub2-help,openssl-pkcs11,grub2-efi-ia32-cdboot,osmt"
preinstalled_only = False
# Due to security requirements, the following packages need to be uninstalled during the upgrade
need_uninstall_rpm_list = "elfutils-extra,gcc,make,tcpdump,binutils-extra,strace,gdb,gdb-headless,cpp,rpm-build,cups,ypserv,telnet,ypbind,libtool,appict,kmem_analyzer_tools,mcpp,flex,cmake,llvm,rpcgen,wireshark,netcat,nmap,ethereal"

[backup]
store_path = /var/log
backup_dir = /etc,/usr,/boot,/var,/run
exclude_dir =
recover_service =

#the minimum resources required(MB)
[resource_needed]
#min_req_boot_space = 100
#min_req_backup_space = 8192
#min_req_root_space = 1536
#min_req_memory = 512

[cmdline]
cmdline_value =
skip_swap = True

[conflict]
#conflict_rpm = test1,test2
# These rpms conflict with the upgrade and must be removed if installed.
conflict_rpms_list = "esc,initial-setup,python3-crypto,setroubleshoot,setroubleshoot-legacy,setroubleshoot-server,setroubleshoot-plugins,openresty-openssl111,openresty-openssl111-asan,openresty-openssl111-asan-devel,openresty-openssl111-debug,openresty-openssl111-debug-devel,openresty-openssl111-devel,openresty-zlib,openresty-zlib-asan,openresty-zlib-asan-devel,openresty-zlib-devel,dleyna-connector-dbus,dleyna-connector-dbus-devel,dleyna-core,dleyna-core-devel,dleyna-server,tracker,tracker-devel,tracker-miners,kabi-dw,sblim-sfcb,apull,elara,secpaver,ksh,python3-sssd,python3-editor,python3-Flask-SQLAlchemy,python3-bind"

[strategy]
timeout_action = "stop"
timeout_action_before = 0

[check]
daemon_whitelist = "sysstat-collect.service, sysstat-summary.service, man-db-cache-update.service, systemd-tmpfiles-clean.service"
check_systemd_running_jobs = True
# the timeout of query systemd services
query_timeout = 30
check_rpm_packages = True
check_file_attr = True

[chroot_config]
chroot_switch = False
chroot_path = "/root/sut_chroot"
rpm_tar_name = "hce-upgrade_pack"
sut_config_file = "/etc/sut/sut.conf"
web_link_tar =

**Table 1** Major configuration items in **osmt.conf**
Configuration Item	Description
[auto]	auto_upgrade: specifies the RPM package update method. The default value is False. True: RPM packages can be updated either manually or automatically. False: RPM packages can only be updated manually. If auto_upgrade is set to True, the following parameters are available: cycle_time: defines the interval of checking for available updates, in seconds. The default value is 3600. minimal_interval: defines the minimum interval (in seconds) between the start time and end time in osmt update -b. The default value is 3600. auto_upgrade_window: defines the start time and end time of automatic updates using the osmt-agent service. The value is in the format of "HH:MM-HH:MM". If the end time is smaller than the start time, the update period covers two dates. For example, 22:00-05:00 indicates an update period from 22:00 on the current day to 05:00 on the next day. auto_upgrade_interval: defines the minimum interval between two automatic updates, in days. If auto_upgrade is set to False, only the following parameters are available, and any other [auto] parameter configured will not take effect. cycle_time: defines the interval of checking for available updates, in seconds. The default value is 3600. minimal_interval: defines the minimum interval (in seconds) between the start time and end time in osmt update -b. The default value is 3600. motd_setup: specifies whether to enable the login prompt. The default value is True. True: Enable the login prompt. False: Disable the login prompt. After the setting, the login prompt is deleted immediately and will not be generated again. If the option is enabled again, you need to run the osmt update -s command or any upgrade command to trigger the generation again.
[Package]	filters: specifies the update scope. The value can be types, blacklist, or whitelist. For example, specifying blacklist will not update the RPM packages in the blacklist. types: the type of RPM packages to be updated. blacklist: the RPM package blacklist. Packages added to the blacklist will not be updated. If an RPM package depends on a package in the blacklist, this RPM package will also not be updated. whitelist: the RPM package whitelist. If the whitelist and blacklist are not configured, all RPM packages will be updated. The whitelist has a higher priority than the blacklist, meaning that if an RPM package is added to both lists, it will be updated. NOTE: The blacklist and whitelist specified in the command are applied, and those defined in the configuration file will not. need_reboot_rpms: lists the RPM packages that need an OS restart. Automatic updates using osmt-agent will not update packages in need_reboot_rpms. To update these packages during automatic updates, you must run osmt update --auto --reboot_config always or osmt update --auto --reboot_config "Restart time". preinstalled_only: If this parameter is set to True, only the RPM packages in /etc/osmt/preinstalled.list are required to be upgraded.
[backup]	store_path: the directory under which the backup directory is created. During the upgrade, OSMT creates the .osbak directory under store_path. If .osbak already exists, run the osmt remove command to delete it first. backup_dir: the directories that need to be backed up. Directories /etc, /usr, /boot, /var, and /run are backed up by default during an update and cannot be removed. The values must be different from those of exclude_dir. Otherwise, the upgrade tool will be terminated due to a conflict when processing these directories. exclude_dir: directories excluded from the backup. By default, this parameter is omitted. You are advised to set this parameter to service data directories. The values must be different from those of exclude_dir. Otherwise, the upgrade tool will be terminated due to a conflict when processing these directories. recover_service: OSMT checks whether the status of each service in the list is the same before and after the upgrade. If the status of a service is changed, OSMT will restore the service status. NOTE: The path in [backup] must be an absolute path.
[cmdline]	cmdline_value: determines the startup items after an upgrade. Configure correct startup items to ensure that the OS can be started properly. By default, the default startup items of HCE are used.
[conflict]	conflict_rpm: specifies the RPM packages that will be deleted if there is a conflict during the upgrade.
[check]	check_systemd_running_jobs: specifies whether to check for services that are being started or stopped in the system before the upgrade. True (default): Any services that are being started or stopped in the system will be checked before the upgrade. False: Any services that are being started or stopped in the system will not be checked before the upgrade. check_rpm_packages: specifies whether to check the status of RPM packages in the system before the upgrade, including missing package dependencies and whether duplicate packages. True (default): The status of the RPM packages will be checked before the upgrade. False: The status of the RPM packages will not be checked before the upgrade. check_file_attr: specifies whether to check if system files are read-only or not before an upgrade. The default value is True. True: Check if system files are read-only or not before an upgrade. False: Do not check if system files are read-only or not before an upgrade.
[chroot_config]	chroot_switch: specifies whether to enable upgrade in turbo mode. The default value is False. True: Upgrade in turbo mode is enabled. False: Upgrade in turbo mode is disabled. chroot_path: specifies the directory of the chroot environment for upgrade in turbo mode. rpm_tar_name: specifies the name of the pre-built tar package for upgrade in turbo mode. sut_config_file: specifies the path of the SUT configuration file. The default value is /etc/sut/sut.conf. web_link_tar: specifies the URL for downloading the pre-built tar package for upgrade in turbo mode. NOTE: All configurations in [chroot_config] only apply to HCE upgrades on the management plane. The turbo mode means that a pre-built tar package of the target version is used for upgrades using chroot in a specified directory.