3 Prepare for Patching
Caution:
The granular appliance architecture with built-in redundancy allows administrators to upgrade or patch components without downtime. However, resource capacity and performance might be reduced while an upgrade or patch workflow is in progress.
We recommend that administrators responsible for upgrade or patching notify all Compute Enclave users in advance about such planned maintenance operations.
This is particularly important for users of the Oracle Container Engine for Kubernetes (OKE), because new cluster deployments are not allowed during the maintenance window, and some types of application clusters might experience service interruptions.
Before you start a patching procedure, ensure that you have the correct permissions, that you refresh the local data center mirror and the secondary management node mirror, and that you have downloaded the RPM packages to the appropriate locations. You should also run health checks and perform a system backup before you begin patching procedures.
-
Verify you have permissions to perform patching operations. Log in to the Service Enclave with an administrator account and enter
showcustomcmds patchRequest
to ensure you have the correct permissions to use the patching commands.PCA-ADMIN> showcustomcmds patchRequest patchCN patchIlom patchOCIImages patchSwitch patchZfssa patchHost patchKubernetes patchVault patchPlatform patchMySQL patchEtcd setUpstreamUlnMirror syncUpstreamUlnMirror getUpstreamUlnChannels getUpstreamUlnChannel addUpstreamUlnChannel removeUpstreamUlnChannel
Patching permissions are available to these groups: SuperAdmin, Admin, and DR Admin. For more information, see the Administrator Account Management chapter of the Oracle Private Cloud Appliance Administrator Guide.
-
Log in to the local mirror server and update the Oracle Private Cloud Appliance repositories by entering the following command:
# /usr/bin/uln-yum-mirror
Caution:
Keep the mirror repositories at a given version until all appliance components have been patched. Ensure that automatic synchronization is disabled.
If the mirror is synchronized between patch operations, components will be patched to different software levels. This leads to unreliable appliance operation and potential service disruption.
-
Ensure the patch RPM files are updated and in the location you expect, and note the path.
-
After you have updated the local mirror server, update the local repository used for compute node patches by running the
syncUpstreamUlnMirror
command:PCA-ADMIN> syncUpstreamUlnMirror Command: syncUpstreamUlnMirror Status: Success Time: 2022-01-04 15:52:07,120 UTC Data: Upstream mirror sync started. UpstreamMirror status = success
Note:
Alternatively, you can synchronize the appliance local repository from the Service Web UI. In the navigation menu, go to Maintenance and select ULN Mirrors. Click Sync ULN Mirror. However, this UI function is unavailable in software version 3.0.2-b892153.
Caution:
ULN channels only become available for subscription, and thus mirroring, when they contain updates. When a new channel is announced, you must repeat a part of the process described in Configure Your Environment for Patching: subscribe to the new channel, create the appropriate soft link, download packages to the mirror, and if necessary, sync the appliance internal repository.
-
View the status of the local repository update and confirm it completes successfully.
Alternatively, you can perform this step in the Service Web UI.
-
With appliance software 3.0.2-b852928 or earlier, use the
showUpstreamUlnMirror
command.PCA-ADMIN> showUpstreamUlnMirror Command: showUpstreamUlnMirror Status: Success Time: 2022-01-24 17:29:48,965 UTC Data: Mirror URI = https://host.example.com/yum
-
With appliance software newer than version 3.0.2-b892153 use the
getUpstreamUlnChannels
command. For more details, display the channel properties.PCA-ADMIN> getUpstreamUlnChannels Data: id lastSync syncStatus -- -------- ---------- pca302_x86_64_hypervisor 2023-06-22/09:46:01 success pca302_x86_64_mn 2023-06-22/09:46:04 success PCA-ADMIN> getUpstreamUlnChannel channel=pca302_x86_64_hypervisor Data: Type = UlnChannel Channel Name = pca302_x86_64_hypervisor Last Synced = 2023-06-22/09:46:01 Sync Status = success Message = upstream channel sync succeeded Mirror URI = http://host.example.com/yum/pca302_x86_64_hypervisor
Note:
In version 3.0.2-b892153 the command is
getUpstreamUlnMirror(s)
. It is functionally identical togetUpstreamUlnChannel(s)
.
-
-
Before starting any patching activities, create backups of these critical components: the MySQL database, the ZFS Storage Appliance and the Secret Service (Vault).
-
Start the three backup operations.
PCA-ADMIN> backup target=vault PCA-ADMIN> backup target=zfs PCA-ADMIN> backup target=mysql
-
Use the backup job ID to check the status of the backups. Make sure they have completed successfully before you proceed to the next step.
PCA-ADMIN> getBackupJobs [...] id displayName components -- ----------- ---------- ocid1.brs-job.PCA3X62D9C1.mypca.iew5tphpgr3h6mhliw2fai2ywvv386a0xc7isfo8kisj0wrcx114irnit6ot brs-job-1668419850-backup mysql ocid1.brs-job.PCA3X62D9C1.mypca.9oaeaa2kw5crqfcjkh8kyhbxcv8bwh0f4ud6n3lucf802oj15ss3k39874bc brs-job-1668419842-backup zfs ocid1.brs-job.PCA3X62D9C1.mypca.joopwuv9403uzbfrh4x9mprmoduh3ljais6ex233v1b21ccqywu4a3vqykgm brs-job-1668419778-backup vault PCA-ADMIN> getBackupJob backupJobId=ocid1.brs-job.PCA3X62D9C1.mypca.iew5tphpgr3h6mhliw2fai2ywvv386a0xc7isfo8kisj0wrcx114irnit6ot [...] Status = success Components = mysql
See the Backup and Restore chapter of the Oracle Private Cloud Appliance Administrator Guide.
-
Update the Local Packages Using the Service Web UI
-
In the navigation menu, click ULN Mirror.
-
In the top-right corner of the ULN Mirror page, click Update ULN Mirror.
The ULN Mirror window appears.
-
Click Sync ULN Mirror.
The ULN mirror is updated.
-
Ensure the system is in a ready state for patching, as described in the Service CLI steps above.
-
Create backups of the critical system components: MySQL database, ZFS Storage Appliance, Secret Service (Vault).
-
Prepare the patching environment to ensure that the latest patching functionality, RPM packages, and YUM configuration are in place.
-