3 Prepare for Patching

Caution:

The granular appliance architecture with built-in redundancy allows administrators to upgrade or patch components without downtime. However, resource capacity and performance might be reduced while an upgrade or patch workflow is in progress.

We recommend that administrators responsible for upgrade or patching notify all Compute Enclave users in advance about such planned maintenance operations.

This is particularly important for users of the Oracle Container Engine for Kubernetes (OKE), because new cluster deployments are not allowed during the maintenance window, and some types of application clusters might experience service interruptions.

Before you start a patching procedure, ensure that you have the correct permissions, that you refresh the local data center mirror and the secondary management node mirror, and that you have downloaded the RPM packages to the appropriate locations. You should also run health checks and perform a system backup before you begin patching procedures.

1. Verify you have permissions to perform patching operations. Log in to the Service Enclave with an administrator account and enter showcustomcmds patchRequest to ensure you have the correct permissions to use the patching commands.

   PCA-ADMIN> showcustomcmds patchRequest
       patchCN
       patchIlom
       patchOCIImages
       patchSwitch
       patchZfssa
       patchHost
       patchKubernetes
       patchVault
       patchPlatform
       patchMySQL
       patchEtcd
       setUpstreamUlnMirror
       syncUpstreamUlnMirror
       getUpstreamUlnChannels
       getUpstreamUlnChannel
       addUpstreamUlnChannel
       removeUpstreamUlnChannel

   Patching permissions are available to these groups: SuperAdmin, Admin, and DR Admin. For more information, see the Administrator Account Management chapter of the Oracle Private Cloud Appliance Administrator Guide.

2. Log in to the local mirror server and update the Oracle Private Cloud Appliance repositories by entering the following command:

   # /usr/bin/uln-yum-mirror

   Caution:

   Keep the mirror repositories at a given version until all appliance components have been patched. Ensure that automatic synchronization is disabled.

   If the mirror is synchronized between patch operations, components will be patched to different software levels. This leads to unreliable appliance operation and potential service disruption.

3. Ensure the patch RPM files are updated and in the location you expect, and note the path.

4. After you have updated the local mirror server, update the local repository used for compute node patches by running the syncUpstreamUlnMirror command:

   PCA-ADMIN> syncUpstreamUlnMirror
   Command: syncUpstreamUlnMirror
   Status: Success
   Time: 2022-01-04 15:52:07,120 UTC
   Data:
     Upstream mirror sync started. UpstreamMirror status = success

   Note:

   Alternatively, you can synchronize the appliance local repository from the Service Web UI. In the navigation menu, go to Maintenance and select ULN Mirrors. Click Sync ULN Mirror. However, this UI function is unavailable in software version 3.0.2-b892153.

   Caution:

   ULN channels only become available for subscription, and thus mirroring, when they contain updates. When a new channel is announced, you must repeat a part of the process described in Configure Your Environment for Patching: subscribe to the new channel, create the appropriate soft link, download packages to the mirror, and if necessary, sync the appliance internal repository.

5. View the status of the local repository update and confirm it completes successfully.

   Alternatively, you can perform this step in the Service Web UI.

   • With appliance software 3.0.2-b852928 or earlier, use the showUpstreamUlnMirror command.

     PCA-ADMIN> showUpstreamUlnMirror
     Command: showUpstreamUlnMirror
     Status: Success
     Time: 2022-01-24 17:29:48,965 UTC
     Data:
       Mirror URI = https://host.example.com/yum

   • With appliance software newer than version 3.0.2-b892153 use the getUpstreamUlnChannels command. For more details, display the channel properties.

     PCA-ADMIN> getUpstreamUlnChannels
     Data:
       id                         lastSync              syncStatus
       --                         --------              ----------
       pca302_x86_64_hypervisor   2023-06-22/09:46:01   success
       pca302_x86_64_mn           2023-06-22/09:46:04   success
     
     PCA-ADMIN> getUpstreamUlnChannel channel=pca302_x86_64_hypervisor
     Data:
       Type = UlnChannel
       Channel Name = pca302_x86_64_hypervisor
       Last Synced = 2023-06-22/09:46:01
       Sync Status = success
       Message = upstream channel sync succeeded
       Mirror URI = http://host.example.com/yum/pca302_x86_64_hypervisor

     Note:

     In version 3.0.2-b892153 the command is getUpstreamUlnMirror(s). It is functionally identical to getUpstreamUlnChannel(s).

6. Before starting any patching activities, create backups of these critical components: the MySQL database, the ZFS Storage Appliance and the Secret Service (Vault).

   1. Start the three backup operations.

      PCA-ADMIN> backup target=vault
      PCA-ADMIN> backup target=zfs
      PCA-ADMIN> backup target=mysql

   2. Use the backup job ID to check the status of the backups. Make sure they have completed successfully before you proceed to the next step.

      PCA-ADMIN> getBackupJobs
      [...]
        id                                                                                              displayName                 components
        --                                                                                              -----------                 ----------
        ocid1.brs-job.PCA3X62D9C1.mypca.iew5tphpgr3h6mhliw2fai2ywvv386a0xc7isfo8kisj0wrcx114irnit6ot   brs-job-1668419850-backup   mysql
        ocid1.brs-job.PCA3X62D9C1.mypca.9oaeaa2kw5crqfcjkh8kyhbxcv8bwh0f4ud6n3lucf802oj15ss3k39874bc   brs-job-1668419842-backup   zfs
        ocid1.brs-job.PCA3X62D9C1.mypca.joopwuv9403uzbfrh4x9mprmoduh3ljais6ex233v1b21ccqywu4a3vqykgm   brs-job-1668419778-backup   vault
      
      PCA-ADMIN> getBackupJob backupJobId=ocid1.brs-job.PCA3X62D9C1.mypca.iew5tphpgr3h6mhliw2fai2ywvv386a0xc7isfo8kisj0wrcx114irnit6ot
      [...]
        Status = success
        Components = mysql

   See the Backup and Restore chapter of the Oracle Private Cloud Appliance Administrator Guide.

Update the Local Packages Using the Service Web UI

1. In the navigation menu, click ULN Mirror.

2. In the top-right corner of the ULN Mirror page, click Update ULN Mirror.

   The ULN Mirror window appears.

3. Click Sync ULN Mirror.

   The ULN mirror is updated.

4. Ensure the system is in a ready state for patching, as described in the Service CLI steps above.

   1. Create backups of the critical system components: MySQL database, ZFS Storage Appliance, Secret Service (Vault).

   2. Prepare the patching environment to ensure that the latest patching functionality, RPM packages, and YUM configuration are in place.