准备工作
RPM包的更新方法有两种:使用osmt update命令更新和使用后台osmt-agent服务自动更新。此两种方法,都须先执行本节操作。
- 确认repo源配置正常。
请检查默认的/etc/yum.repos.d/hce.repo配置文件中参数是否正确,正确的配置如下。
[base] name=HCE $releasever base baseurl=https://repo.huaweicloud.com/hce/$releasever/os/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/os/RPM-GPG-KEY-HCE-2 [updates] name=HCE $releasever updates baseurl=https://repo.huaweicloud.com/hce/$releasever/updates/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/updates/RPM-GPG-KEY-HCE-2 [debuginfo] name=HCE $releasever debuginfo baseurl=https://repo.huaweicloud.com/hce/$releasever/debuginfo/$basearch/ enabled=0 gpgcheck=1 gpgkey=https://repo.huaweicloud.com/hce/$releasever/debuginfo/RPM-GPG-KEY-HCE-2
- 错误的配置内容可能会导致OSMT升级失败或非预期的升级行为。
- 执行dnf update osmt -y命令更新OSMT升级工具。
- 配置/etc/osmt/osmt.conf文件。
OSMT根据配置文件osmt.conf的设置,对RPM包进行更新。请根据需要配置osmt.conf文件。
[auto] #if auto_upgrade is True, the osmt-agent will auto upgrade rpms use osmt.conf and reboot between time interval we specified #the value of cycle_time means the osmt-agent will check upgrade every cycle_time seconds, default 86400s(1 day) #When a configuration item has a line break, you need to leave a space or tab at the beginning of the line auto_upgrade = False cycle_time = 3600 minimal_interval = 3600 auto_upgrade_window = "22:00-05:00" auto_upgrade_interval = 1 [Package] # There are three rules of filters, all enabled by default. severity will be effect only when the types contain security, it is the subtype of security. # The following are the three rules: # 1. white list has the highest priority, if whitelist is configured then ignore other rules and filter out the whitelist packages from the full list of packages to be upgrade # 2. Filter the update range by types, when the types contain security, further filter the severity of security updates severity, only upgrade the severity level of security. # 3. Filter blacklist to remove packages in blacklist from types filter results, and packages which depend on packages in blacklist will also be removed. # filters must contain at least one types rule, if the types rule is empty, the -a option will not upgrade any packages (by default all 3 filters are enabled). filters = "types, blacklist" whitelist = "" # types include: security, bugfix, enhancement, newpackage, unknown/other # if types is empty, no package will be upgrade types = "security" # severity is the subtype of security, include: low, moderate, important, critical severity = "important, critical" blacklist = "" # The rpm package that requires a system reboot to take effect after the upgrade need_reboot_rpms = "kernel,kernel-debug,kernel-debuginfo,kernel-debuginfo-common,kernel-devel,kernel-headers,kernel-ori,kernel-tools,kernel-tools-libs,glibc,glibc-utils,glibc-static,glibc-headers,glibc-devel,glibc-common,dbus,dbus-python,dbus-libs,dbus-glib-devel,dbus-glib,dbus-devel,systemd,systemd-devel,systemd-libs,systemd-python,systemd-sysv,grub2,grub2-efi,grub2-tools,openssl,openssl-devel,openssl-libs,gnutls,gnutls-dane,gnutls-devel,gnutls-utils,linux-firmware,openssh,openssh-server,openssh-clients,openssh-keycat,openssh-askpass,python-libs,python,grub2-pc,grub2-common,grub2-tools-minimal,grub2-pc-modules,grub2-tools-extra,grub2-efi-x64,grub2-efi-x64-cdboot,kernel-cross-headers,kernel-source,glibc-all-langpacks,dbus-common,dbus-daemon,dbus-tools,systemd-container,systemd-pam,systemd-udev,grub2-efi-aa64,grub2-efi-aa64-cdboot,grub2-efi-aa64-modules,openssl-perl,openssl-pkcs,kernel-tools-libs-devel,glibc-debugutils,glibc-locale-source,systemd-help,grub2-efi-ia32-modules,grub2-efi-x64-modules,grub2-tools-efi,grub2-help,openssl-pkcs11,grub2-efi-ia32-cdboot,osmt" preinstalled_only = False # Due to security requirements, the following packages need to be uninstalled during the upgrade need_uninstall_rpm_list = "elfutils-extra,gcc,make,tcpdump,binutils-extra,strace,gdb,gdb-headless,cpp,rpm-build,cups,ypserv,telnet,ypbind,libtool,appict,kmem_analyzer_tools,mcpp,flex,cmake,llvm,rpcgen,wireshark,netcat,nmap,ethereal" [backup] store_path = /var/log backup_dir = /etc,/usr,/boot,/var,/run exclude_dir = recover_service = #the minimum resources required(MB) [resource_needed] #min_req_boot_space = 100 #min_req_backup_space = 8192 #min_req_root_space = 1536 #min_req_memory = 512 [cmdline] cmdline_value = skip_swap = True [conflict] #conflict_rpm = test1,test2 # These rpms conflict with the upgrade and must be removed if installed. conflict_rpms_list = "esc,initial-setup,python3-crypto,setroubleshoot,setroubleshoot-legacy,setroubleshoot-server,setroubleshoot-plugins,openresty-openssl111,openresty-openssl111-asan,openresty-openssl111-asan-devel,openresty-openssl111-debug,openresty-openssl111-debug-devel,openresty-openssl111-devel,openresty-zlib,openresty-zlib-asan,openresty-zlib-asan-devel,openresty-zlib-devel,dleyna-connector-dbus,dleyna-connector-dbus-devel,dleyna-core,dleyna-core-devel,dleyna-server,tracker,tracker-devel,tracker-miners,kabi-dw,sblim-sfcb,apull,elara,secpaver,ksh,python3-sssd,python3-editor,python3-Flask-SQLAlchemy,python3-bind" [strategy] timeout_action = "stop" timeout_action_before = 0 [check] daemon_whitelist = "sysstat-collect.service, sysstat-summary.service, man-db-cache-update.service, systemd-tmpfiles-clean.service" check_systemd_running_jobs = True # the timeout of query systemd services query_timeout = 30 check_rpm_packages = True check_file_attr = True [chroot_config] chroot_switch = False chroot_path = "/root/sut_chroot" rpm_tar_name = "hce-upgrade_pack" sut_config_file = "/etc/sut/sut.conf" web_link_tar =