Red Hat Training
A Red Hat training course is available for Red Hat Virtualization
Upgrade Guide
Update and upgrade tasks for Red Hat Virtualization
Abstract
Chapter 1. Updating the Red Hat Virtualization Environment
1.1. Update Overview
- Subscribe to the appropriate entitlements
- Update the system
- Run
engine-setup
- Remove repositories that are no longer required
Hosts can be upgraded directly from the Red Hat Virtualization Manager, which checks for and notifies you of available host updates.
engine-setup
, which provides an interactive interface. While the upgrade is in progress, virtualization hosts and the virtual machines running on those virtualization hosts continue to operate independently. When the upgrade is complete, you can then upgrade your hosts to the latest versions of Red Hat Enterprise Linux or Red Hat Virtualization Host.
Chapter 2. Updates between Minor Releases
2.1. Updating the Red Hat Virtualization Manager
Procedure 2.1. Updating Red Hat Virtualization Manager
- On the Red Hat Virtualization Manager machine, check if updated packages are available:
# engine-upgrade-check
- If there are no updates are available, the command will output the text
No upgrade
:# engine-upgrade-check VERB: queue package ovirt-engine-setup for update VERB: package ovirt-engine-setup queued VERB: Building transaction VERB: Empty transaction VERB: Transaction Summary: No upgrade
Note
If updates are expected, but not available, ensure that the required repositories are enabled. See Subscribing to the Required Entitlements in the Installation Guide. - If updates are available, the command will list the packages to be updated:
# engine-upgrade-check VERB: queue package ovirt-engine-setup for update VERB: package ovirt-engine-setup queued VERB: Building transaction VERB: Transaction built VERB: Transaction Summary: VERB: updated - ovirt-engine-lib-3.3.2-0.50.el6ev.noarch VERB: update - ovirt-engine-lib-3.4.0-0.13.el6ev.noarch VERB: updated - ovirt-engine-setup-3.3.2-0.50.el6ev.noarch VERB: update - ovirt-engine-setup-3.4.0-0.13.el6ev.noarch VERB: install - ovirt-engine-setup-base-3.4.0-0.13.el6ev.noarch VERB: install - ovirt-engine-setup-plugin-ovirt-engine-3.4.0-0.13.el6ev.noarch VERB: updated - ovirt-engine-setup-plugins-3.3.1-1.el6ev.noarch VERB: update - ovirt-engine-setup-plugins-3.4.0-0.5.el6ev.noarch Upgrade available Upgrade available
- Update the setup packages:
# yum update ovirt\*setup\*
- Update the Red Hat Virtualization Manager. By running
engine-setup
, the script will prompt you with some configuration questions like updating the firewall rules, updating PKI certificates, and backing up the Data Warehouse database. The script will then go through the process of stopping theovirt-engine
service, downloading and installing the updated packages, backing up and updating the database, performing post-installation configuration, and starting theovirt-engine
service.Note
Theengine-setup
script is also used during the Red Hat Virtualization Manager installation process, and it stores the configuration values that were supplied. During an update, the stored values are displayed when previewing the configuration, and may not be up to date ifengine-config
was used to update configuration after installation. For example, ifengine-config
was used to updateSANWipeAfterDelete
totrue
after installation,engine-setup
will output "Default SAN wipe after delete: False" in the configuration preview. However, the updated values will not be overwritten byengine-setup
.# engine-setup
Important
The update process may take some time; allow time for the update process to complete and do not stop the process once initiated. - Update the base operating system and any optional packages installed on the Manager:
# yum update
Important
If any kernel packages were updated, reboot the system to complete the update.
2.2. Updating Hosts
Note
UserPackageNamesForCheckUpdate
. Run the engine-config
command on the Manager machine. For example:
# engine-config -m UserPackageNamesForCheckUpdate=vdsm-hook-ethtool-options
Warning
yum update
as shown in Section 2.3, “Manually Updating Hosts”.
yum check-update
to automatically check for updates to the RHVH image, provided that you registered the host and enabled the Red Hat Virtualization Host 7
repository when installing the host. This repository contains the redhat-virtualization-host-image-update
package, which is responsible for updating the image. See Installing Red Hat Virtualization Host in the Installation Guide for more details.
yum update
for other packages is not necessary. Modified content in only the /etc
and /var
directories is preserved during an update. Modified data in other paths is completely replaced during an update.
HostPackagesUpdateTimeInHours
configuration value. Run the engine-config
command on the Manager machine. For example:
# engine-config -s HostPackagesUpdateTimeInHours=48
HostPackagesUpdateTimeInHours
configuration value. Automatic upgrade checks are not always needed, for example, when managing the hosts with Satellite. Run the engine-config
command on the Manager machine:
# engine-config -s HostPackagesUpdateTimeInHours=0
Important
Important
# subscription-manager repos --disable=rhel-7-server-rhevh-rpms # subscription-manager repos --enable=rhel-7-server-rhvh-4-rpms
Procedure 2.2. Updating Red Hat Enterprise Linux hosts and Red Hat Virtualization Host
- Click the Hosts tab and select the host to be updated.
- If the host requires updating, an alert message under Action Items and an icon next to the host's name indicate that a new version is available.
- If the host does not require updating, no alert message or icon is displayed and no further action is required.
- Click Installation → Check for Upgrade to open the Upgrade Host confirmation window.
- Click OK to begin the upgrade check.
- If you want to upgrade the host, click Installation → Upgrade to open the Upgrade Host confirmation window.
- Click OK to update the host. The details of the host are updated in the Hosts tab, and the status will transition through these stages:
- Maintenance
- Installing
- Up
Note
2.3. Manually Updating Hosts
yum
command in the same way as regular Red Hat Enterprise Linux systems. Red Hat Virtualization Host (RHVH) can use the yum
command for updates, and to install additional packages and have them persist after an upgrade. It is highly recommended that you use yum
to update your systems regularly, to ensure timely application of security and bug fixes. Updating a host includes stopping and restarting the host. If migration is enabled at cluster level, virtual machines are automatically migrated to another host in the cluster; as a result, it is recommended that host updates are performed at a time when the host's usage is relatively low.
Important
Important
# subscription-manager repos --disable=rhel-7-server-rhevh-rpms # subscription-manager repos --enable=rhel-7-server-rhvh-4-rpms
Procedure 2.3. Manually Updating Hosts
- From the Administration Portal, click the Hosts tab and select the host to be updated.
- Click Management → Maintenance to place the host into maintenance mode.
- On a Red Hat Enterprise Linux host, log in to the host machine and run the following command:
# yum update
- On a Red Hat Virtualization Host, log in to the Cockpit user interface, click Terminal, and run the following command:
# yum update
- Restart the host to ensure all updates are correctly applied.
Note
Check the imgbased logs to see if any additional package updates have failed for a Red Hat Virtualization Host. If some packages were not successfully reinstalled after the update, check that the packages are listed in/var/imgbased/persisted-rpms
. Add any missing packages then runrpm -Uvh /var/imgbased/persisted-rpms/*
.
2.4. Recovering from Failed NIST-800 Upgrade
/
, /tmp
, /home
, /var
, and /var/log/audit
.
Procedure 2.4. Removing NIST-800 Partitions
- Back up the logs located in
/var/log
and/var/log/audit
. - Remove the following logical volumes manually:
/tmp
/home
/var
/var/log/audit
. Thelvm lvs
command may show this logical volume asrhvh_var_log_audit
.
See Removing Logical Volumes in the Logical Volume Manager Administration for details.
2.5. Updating the Self-Hosted Engine Manager
Chapter 3. Upgrading to Red Hat Virtualization 4.1
3.1. Upgrade Considerations
Important
- Upgrading Red Hat Virtualization Manager to version 4.1 can only be performed from version 4.0
- To upgrade the Manager from a version earlier than 4.0 to 4.1, you must sequentially upgrade to later versions of the Manager before upgrading to the latest version. In other words, the Manager upgrades must be stepped. For example, if you are using 3.6, you must upgrade to the next version (4.0) first. See Upgrading to Red Hat Virtualization 4.0 in the Upgrade Guide for Red Hat Virtualization 4.0 for instructions to upgrade 3.6 to 4.0.If you are using 4.0, you must update your installation to the latest 4.0 minor release, before upgrading to 4.1. See Updates between Minor Releases for instructions to update to the latest 4.0 minor version.The host upgrade procedure does not need to be stepped.
- Downgrading is not possible after changing the data center compatibility version to 4.1
- When you upgrade the data center compatibility version to 4.1, the data domain storage format changes from version 3 to version 4 and cannot be downgraded. Therefore, you cannot attach a data domain from a 4.1 data center to an older data center. However, you can attach a data domain from an older data center to a 4.1 data center, but the storage format will also be upgraded and cannot be reversed.
3.2. Upgrading to Red Hat Virtualization Manager 4.1
Important
engine-setup
command will attempt to roll your Red Hat Virtualization Manager installation back to its previous state. For this reason, the repositories required by Red Hat Virtualization 4.0 must not be removed until after the upgrade is complete. If the upgrade fails, detailed instructions display that explain how to restore your installation.
Important
engine-upgrade-check
. See Section 2.1, “Updating the Red Hat Virtualization Manager” for more information.
Procedure 3.1. Upgrading to Red Hat Virtualization Manager 4.1
- Enable the Red Hat Virtualization Manager 4.1 and Red Hat Virtualization Tools repositories:
# subscription-manager repos --enable=rhel-7-server-rhv-4.1-rpms \ --enable=rhel-7-server-rhv-4-tools-rpms \ --enable=jb-eap-7.1-for-rhel-7-server-rpms
- Update the setup packages:
# yum update ovirt\*setup\*
- Run the following command and follow the prompts to upgrade the Red Hat Virtualization Manager:
# engine-setup
- Remove or disable the Red Hat Virtualization Manager 4.0 repository to ensure the system does not use any Red Hat Virtualization Manager 4.0 packages:
# subscription-manager repos --disable=rhel-7-server-rhv-4.0-rpms --enable=jb-eap-7.0-for-rhel-7-server-rpms
- Update the base operating system:
# yum update
Important
If any kernel packages were updated, reboot the system to complete the update.
3.3. Upgrading to RHVH While Preserving Local Storage
Important
3.4. Upgrading the Self-Hosted Engine
Chapter 4. Post-Upgrade Tasks
4.1. Changing the Cluster Compatibility Version
Important
Procedure 4.1. Changing the Cluster Compatibility Version
- From the Administration Portal, click the Clusters tab.
- Select the cluster to change from the list displayed.
- Click Edit.
- Change the Compatibility Version to the desired value.
- Click OK to open the Change Cluster Compatibility Version confirmation window.
- Click OK to confirm.
Important
An error message may warn that some virtual machines and templates are incorrectly configured. To fix this error, edit each virtual machine manually. The Edit Virtual Machine window provides additional validations and warnings that show what to correct. Sometimes the issue is automatically corrected and the virtual machine's configuration just needs to be saved again. After editing each virtual machine, you will be able to change the cluster compatibility version.
4.2. Changing the Data Center Compatibility Version
Important
Procedure 4.2. Changing the Data Center Compatibility Version
- From the Administration Portal, click the Data Centers tab.
- Select the data center to change from the list displayed.
- Click Edit.
- Change the Compatibility Version to the desired value.
- Click OK to open the Change Data Center Compatibility Version confirmation window.
- Click OK to confirm.
4.3. Replacing SHA-1 Certificates with SHA-256 Certificates
- Option 1: Prevent warning messages from appearing in your browser when connecting to the Administration Portal. These warnings may either appear as pop-up windows or in the browser's Web Console window. This option is not required if you already replaced the Red Hat Virtualization Manager's Apache SSL certificate after the upgrade. However, if the certificate was signed with SHA-1, you should replace it with an SHA-256 certificate. For more details see Replacing the Red Hat Virtualization Manager SSL Certificate in the Administration Guide.
- Option 2: Replace the SHA-1 certificates throughout the system with SHA-256 certificates.
Procedure 4.3. Preventing Warning Messages from Appearing in the Browser
- Log in to the Manager machine as the root user.
- Check whether
/etc/pki/ovirt-engine/openssl.conf
includes the linedefault_md = sha256
:# cat /etc/pki/ovirt-engine/openssl.conf
If it still includesdefault_md = sha1
, back up the existing configuration and change the default tosha256
:# cp -p /etc/pki/ovirt-engine/openssl.conf /etc/pki/ovirt-engine/openssl.conf."$(date +"%Y%m%d%H%M%S")" # sed -i 's/^default_md = sha1/default_md = sha256/' /etc/pki/ovirt-engine/openssl.conf
- Define the certificate that should be re-signed:
# names="apache"
- For self-hosted engine environments, log in to one of the self-hosted engine nodes and enable global maintenance:
# hosted-engine --set-maintenance --mode=global
- On the Manager, re-sign the Apache certificate:
for name in $names; do subject="$( openssl \ x509 \ -in /etc/pki/ovirt-engine/certs/"${name}".cer \ -noout \ -subject \ | sed \ 's;subject= \(.*\);\1;' \ )" /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh \ --name="${name}" \ --password=mypass \ --subject="${subject}" \ --keep-key done
- Restart the
httpd
service:# systemctl restart httpd
- For self-hosted engine environments, log in to one of the self-hosted engine nodes and disable global maintenance:
# hosted-engine --set-maintenance --mode=none
- Connect to the Administration Portal to confirm that the warning no longer appears.
- If you previously imported a CA or https certificate into the browser, find the certificate(s), remove them from the browser, and reimport the new CA certificate. Install the certificate authority according to the instructions provided by your browser. To get the certificate authority's certificate, navigate to
http://your-manager-fqdn/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
, replacing your-manager-fqdn with the fully qualified domain name (FQDN).
Procedure 4.4. Replacing All Signed Certificates with SHA-256
- Log in to the Manager machine as the root user.
- Check whether
/etc/pki/ovirt-engine/openssl.conf
includes the linedefault_md = sha256
:# cat /etc/pki/ovirt-engine/openssl.conf
If it still includesdefault_md = sha1
, back up the existing configuration and change the default tosha256
:# cp -p /etc/pki/ovirt-engine/openssl.conf /etc/pki/ovirt-engine/openssl.conf."$(date +"%Y%m%d%H%M%S")" # sed -i 's/^default_md = sha1/default_md = sha256/' /etc/pki/ovirt-engine/openssl.conf
- Re-sign the CA certificate by backing it up and creating a new certificate in
ca.pem.new
:# cp -p /etc/pki/ovirt-engine/private/ca.pem /etc/pki/ovirt-engine/private/ca.pem."$(date +"%Y%m%d%H%M%S")" # openssl x509 -signkey /etc/pki/ovirt-engine/private/ca.pem -in /etc/pki/ovirt-engine/ca.pem -out /etc/pki/ovirt-engine/ca.pem.new -days 3650 -sha256
- Replace the existing certificate with the new certificate:
# mv /etc/pki/ovirt-engine/ca.pem.new /etc/pki/ovirt-engine/ca.pem
- Define the certificates that should be re-signed:
# names="engine apache websocket-proxy jboss imageio-proxy"
If you replaced the Red Hat Virtualization Manager SSL Certificate after the upgrade, run the following instead:# names="engine websocket-proxy jboss imageio-proxy"
For more details see Replacing the Red Hat Virtualization Manager SSL Certificate in the Administration Guide. - For self-hosted engine environments, log in to one of the self-hosted engine nodes and enable global maintenance:
# hosted-engine --set-maintenance --mode=global
- On the Manager, re-sign the certificates:
for name in $names; do subject="$( openssl \ x509 \ -in /etc/pki/ovirt-engine/certs/"${name}".cer \ -noout \ -subject \ | sed \ 's;subject= \(.*\);\1;' \ )" /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh \ --name="${name}" \ --password=mypass \ --subject="${subject}" \ --keep-key done
- Restart the following services:
# systemctl restart httpd # systemctl restart ovirt-engine # systemctl restart ovirt-websocket-proxy # systemctl restart ovirt-imageio-proxy
- For self-hosted engine environments, log in to one of the self-hosted engine nodes and disable global maintenance:
# hosted-engine --set-maintenance --mode=none
- Connect to the Administration Portal to confirm that the warning no longer appears.
- If you previously imported a CA or https certificate into the browser, find the certificate(s), remove them from the browser, and reimport the new CA certificate. Install the certificate authority according to the instructions provided by your browser. To get the certificate authority's certificate, navigate to
http://your-manager-fqdn/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
, replacing your-manager-fqdn with the fully qualified domain name (FQDN). - Enroll the certificates on the hosts. Repeat the following procedure for each host.
- In the Administration Portal, click the Hosts tab.
- Select the host, and click Management → Maintenance.
- Once the host is in maintenance mode, click Installation → Enroll Certificate.
- Click Management → Activate.
Appendix A. Updating an Offline Red Hat Virtualization Manager
A.1. Updating the Local Repository for an Offline Red Hat Virtualization Manager Installation
- On the system hosting the repository, synchronize the repository to download the most recent version of each available package:
# reposync -l --newest-only /var/ftp/pub/rhevrepo
This command may download a large number of packages, and take a long time to complete. - Ensure that the repository is available on the Manager system, and then update or upgrade the Manager system. See Section 2.1, “Updating the Red Hat Virtualization Manager” for information on updating the Manager between minor versions. See Section 1.1, “Update Overview” for information on upgrading between major versions.