更新时间:2024-08-28 GMT+08:00
准备工作
RPM包的更新方法有两种:使用osmt update命令更新和使用后台osmt-agent服务自动更新。此两种方法,都须先执行本节操作。
- 确认repo源配置正常。
请检查默认的/etc/yum.repos.d/hce.repo配置文件中参数是否正确,正确的配置如下。
[base] name=HCE $releasever base baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2 [updates] name=HCE $releasever updates baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/ ......
错误的配置内容可能会导致OSMT升级失败,或非预期的升级行为。
- 执行dnf update osmt -y命令更新OSMT升级工具。
- 配置/etc/osmt/osmt.conf文件。
OSMT根据配置文件osmt.conf的设置,对RPM包进行更新。请根据需要配置osmt.conf文件。
[auto] #if auto_upgrade is True, the osmt-agent will auto upgrade rpms use osmt.conf and reboot between time interval we specified #the value of cycle_time means the osmt-agent will check upgrade every cycle_time seconds, default 86400s(1 day) #When a configuration item has a line break, you need to leave a space or tab at the beginning of the line auto_upgrade = False cycle_time = 3600 minimal_interval = 3600 auto_upgrade_window = "22:00-05:00" auto_upgrade_interval = 1 [Package] # There are three rules of filters, all enabled by default. severity will be effect only when the types contain security, it is the subtype of security. # The following are the three rules: # 1. whitelist has the highest priority, if whitelist is configured then ignore other rules and filter out the whitelist packages from the full list of packages to be upgrade # 2. Filter the update range by types, when the types contain security, further filter the severity of security updates severity, only upgrade the severity level of security. # 3. Filter blacklist to remove packages in blacklist from types filter results, and packages which depend on packages in blacklist will also be removed. # filters must contain at least one types rule, if the types rule is empty, the -a option will not upgrade any packages (by default all 3 filters are enabled). filters = "types, blacklist" whitelist = "" # types include: security, bugfix, enhancement, newpackage, unknown # if types is empty, no package will be upgrade # types = security, bugfix, enhancement, newpackage, unknown types = "security" # severity is the subtype of security, include: low, moderate, important, critical severity = "important, critical" blacklist = "" # The rpm package that requires a system reboot to take effect after the upgrade need_reboot_rpms = "kernel,kernel-debug,kernel-debuginfo,kernel-debuginfo-common,kernel-devel,kernel-headers,kernel-ori,kernel-tools,kernel-tools-libs,glibc,glibc-utils,glibc-static,glibc-headers,glibc-devel,glibc-common,dbus,dbus-python,dbus-libs,dbus-glib-devel,dbus-glib,dbus-devel,systemd,systemd-devel,systemd-libs,systemd-python,systemd-sysv,grub2,grub2-efi,grub2-tools,openssl,openssl-devel,openssl-libs,gnutls,gnutls-dane,gnutls-devel,gnutls-utils,linux-firmware,openssh,openssh-server,openssh-clients,openssh-keycat,openssh-askpass,python-libs,python,grub2-pc,grub2-common,grub2-tools-minimal,grub2-pc-modules,grub2-tools-extra,grub2-efi-x64,grub2-efi-x64-cdboot,kernel-cross-headers,kernel-source,glibc-all-langpacks,dbus-common,dbus-daemon,dbus-tools,systemd-container,systemd-pam,systemd-udev,grub2-efi-aa64,grub2-efi-aa64-cdboot,grub2-efi-aa64-modules,openssl-perl,openssl-pkcs,kernel-tools-libs-devel,glibc-debugutils,glibc-locale-source,systemd-help,grub2-efi-ia32-modules,grub2-efi-x64-modules,grub2-tools-efi,grub2-help,openssl-pkcs11,grub2-efi-ia32-cdboot,osmt" preinstalled_only = False [backup] store_path = /var/log backup_dir = /etc,/usr,/boot,/var,/run exclude_dir = recover_service = #the minimum resources required(MB) [resource_needed] #min_req_boot_space = 100 #min_req_backup_space = 8192 #min_req_root_space = 1536 #min_req_memory = 512 [cmdline] cmdline_value = [conflict] #conflict_rpm = test1,test2 [strategy] timeout_action = "stop" timeout_action_before = 0 [check] daemon_whitelist = "sysstat-collect.service, sysstat-summary.service, systemd-tmpfiles-clean.service" check_systemd_running_jobs = True # the timeout of query systemd services query_timeout = 30 check_rpm_packages = True
表1 osmt.conf主要配置项 配置项
说明
[auto]
- auto_upgrade:指定更新RPM包更新方式。默认为False。
- True:使用osmt update命令更新和使用后台osmt-agent服务自动更新两种方式都支持。
- False:仅支持使用osmt update命令更新RPM包。
- auto_upgrade为True时,配套如下参数。
- cycle_time:检查是否有待更新软件包的周期,单位是秒。默认值为3600秒。
- minimal_interval:指定osmt update -b命令参数中开始时间和截止时间的最小时间间隔,单位是秒。默认值为3600秒。
- auto_upgrade_window:配置后台osmt-agent服务自动升级的时间窗,格式为"HH:MM-HH:MM",表示升级的开始时间和截止时间。
如果截止时间小于开始时间,则表示本次升级时间段跨越自然日。如“22:00-05:00”表示升级时间段为当日22:00到次日凌晨5:00。
- auto_upgrade_interval:指定两次自动升级之间的最小间隔(单位:天)。
- auto_upgrade为False时,仅配套如下参数,执行配置文件时[auto]配置项中其他参数不生效。
- cycle_time:检查是否有待更新软件包的周期,单位是秒。默认值为3600秒。
- minimal_interval:指定osmt update -b命令参数中开始时间和截止时间的最小时间间隔,单位是秒。默认值为3600秒。
- motd_setup: 设置登录提示是否开启。默认为True。
- True:开启登录提示。
- False:关闭登录提示,设置后会立刻删除登录提示,并且不会再次生成。如果重新开启,需要使用osmt update -s或任意升级命令重新触发生成。
[Package]
- filters:指定更新的范围,包括types、blacklist、whitelist。
- need_reboot_rpms:升级后要重启的RPM包。
后台osmt-agent服务自动升级时,不会更新need_reboot_rpms中的RPM包。若要更新need_reboot_rpms列表中的RPM包,必须使用osmt update --auto --reboot_config always或osmt update --auto --reboot_config “重启时间”命令更新。
- preinstalled_only:当设置成True时,只升级/etc/osmt/preinstalled.list中的RPM包。
[backup]
[cmdline]
cmdline_value:指定升级之后系统的启动项。请配置正确的启动项,确保系统能够正常启动。默认值为HCE的默认启动项。
[conflict]
conflict_rpm:指定升级过程中冲突的软件包,升级时系统将自动删除冲突的软件包。
[check]
- check_systemd_running_jobs:设置是否在升级前检查系统中有正在启动或正在停止的服务,默认为True。
- True:升级前检查系统中是否有正在启动或正在停止的服务。
- False:不检查系统中是否有正在启动或正在停止的服务。
- check_rpm_packages:设置是否在升级前检查系统中rpm包的状态,包括包的依赖是否缺失、是否存在重复的包。默认为True。
- True:升级前检查rpm包的状态。
- False:升级前不检查rpm包的状态。
- auto_upgrade:指定更新RPM包更新方式。默认为False。
父主题: 更新RPM包
