Thursday, July 18, 2024

KVM Upgrade issue : 4.4.10.22– 4.4.10.30

 






Intro

Virtualization has significantly transformed the IT industry by enhancing the efficient utilization of server resources. Despite the rapid adoption of cloud technology, many organizations hesitate to migrate their workloads to the cloud due to concerns regarding data sensitivity and operational challenges. For such businesses, virtualization continues to be the preferred solution, offering substantial cost savings in capital expenditure (CapEx) and a secure operational environment.

Ensuring the security of critical database workloads hosted in virtualized environments is paramount. Oracle Linux Virtualization Manager (OLVM) plays a crucial role in managing these virtual environments, and maintaining its updates is vital for safeguarding infrastructure integrity. Regular KVM upgrades are essential to uphold the security and reliability of these virtualized environments.

While upgrading our KVM hosts, we encountered several issues, particularly with hosts that previously utilized Gluster data domains.

In addressing these challenges, I referred to a helpful resource: Oracle's meta link note titled "OLVM: Updating KVM Hosts From the OLVM portal fails (Doc ID 2992369.1)".

In this article, I will detail how we successfully resolved KVM upgrade issues (ansible conflict).

Error :

We observed that our KVM updates, executed using an Ansible script, were failing due to issues with the Gluster package. Although we do not actively use Gluster, it is essential not to remove these packages from KVM, as doing so poses a significant risk of breaking the OLVM engine.

I have highlighted the error we encountered during the upgrade.

KVM ansible upgrade log output : 


"msg" : "Depsolve Error occured: \n Problem 1: package gluster-ansible-cluster-1.0-5.module+el8.8.0+90097+18e1d3b8.noarch 
requires ansible-core >= 2.12, but none of the providers can be installed\n - package ansible-2.9.27-2.el8.noarch 
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.12.2-3.1.el8.x86_64\n - package ansible-core-2.12.2-3.1.el8.x86_64 
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with 
ansible-core > 2.11.0 provided by ansible-core-2.12.2-4.el8_6.x86_64\n - package ansible-core-2.12.2-4.el8_6.x86_64 
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch 
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.13.3-1.el8.x86_64\n - package ansible-core-2.13.3-1.el8.x86_64 
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch 
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.13.3-2.el8_7.x86_64\n - package ansible-core-2.13.3-2.el8_7.x86_64 
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch 
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.14.2-3.el8.x86_64\n - package ansible-core-2.14.2-3.el8.x86_64 
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch 
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.15.3-1.el8.x86_64\n - package ansible-core-2.15.3-1.el8.x86_64 
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - cannot install the best update candidate for package 
gluster-ansible-cluster-1.0-2.1.module+el8.4.0+20194+c25df5f0.noarch\n - cannot install the best update candidate for 
package ansible-2.9.27-2.el8.noarch\n Problem 2: package gluster-ansible-roles-1.0.5-28.module+el8.8.0+90097+18e1d3b8.noarch 
requires ansible-core >= 2.12, but none of the providers can be installed\n - package ansible-core-2.12.2-3.1.el8.x86_64 conflicts 
with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch 
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.12.2-3.1.el8.x86_64\n - package ansible-core-2.12.2-4.el8_6.x86_64 
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core 
> 2.11.0 provided by ansible-core-2.12.2-4.el8_6.x86_64\n - package ansible-core-2.13.3-1.el8.x86_64 conflicts with ansible 
< 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core > 2.11.0 
provided by ansible-core-2.13.3-1.el8.x86_64\n - package ansible-core-2.13.3-2.el8_7.x86_64 conflicts with ansible < 2.10.0 
provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core > 2.11.0 
provided by ansible-core-2.13.3-2.el8_7.x86_64\n - package ansible-core-2.14.2-3.el8.x86_64 conflicts with ansible < 2.10.0 
provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core > 2.11.0 
provided by ansible-core-2.14.2-3.el8.x86_64\n - package ansible-core-2.15.3-1.el8.x86_64 conflicts with ansible < 2.10.0 
provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core > 2.11.0 
provided by ansible-core-2.15.3-1.el8.x86_64\n - package ovirt-ansible-collection-1.6.6-1.0.8.el8.noarch 
requires ansible >= 2.9.21, but none of the providers can be installed\n - cannot install the best update candidate for package 
gluster-ansible-roles-1.0.5-23.module+el8.4.0+20194+c25df5f0.noarch\n - 
cannot install the best update candidate for package ovirt-ansible-collection-1.6.6-1.0.7.el8.noarch\n Problem 3: 
package gluster-ansible-repositories-1.0.1-5.module+el8.8.0+90097+18e1d3b8.noarch 
requires ansible-core >= 2.12, but none of the providers can be installed\n - package ansible-core-2.12.2-3.1.el8.x86_64 conflicts with an

Install version lock in case it is not installed yet:

If the packages are not installed, you can lock their versions from the engine server.

[root@olvm-engine-01]# dnf install 'dnf-command(versionlock)'
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:07:38 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package python3-dnf-plugin-versionlock-4.0.21-23.0.1.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@olvm-engine-01]#

Version lock the below list

These are the packages we need to lock. 

dnf versionlock gluster-ansible-cluster-1.0-2.1*
dnf versionlock gluster-ansible-features-1.0.5-9*
dnf versionlock gluster-ansible-infra-1.0.4-18*
dnf versionlock gluster-ansible-maintenance-1.0.1-10*
dnf versionlock gluster-ansible-repositories-1.0.1-3*
dnf versionlock gluster-ansible-roles-1.0.5-23*

Expected output



[root@olvm-engine-01]# dnf versionlock gluster-ansible-cluster-1.0-2.1*
dnf versionlock gluster-ansible-features-1.0.5-9*
dnf versionlock gluster-ansible-infra-1.0.4-18*
dnf versionlock gluster-ansible-maintenance-1.0.1-10*
dnf versionlock gluster-ansible-repositories-1.0.1-3*
dnf versionlock gluster-ansible-roles-1.0.5-23*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:24 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-cluster-0:1.0-2.1.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-features-1.0.5-9*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:29 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-features-0:1.0.5-9.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-infra-1.0.4-18*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:35 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-infra-0:1.0.4-18.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-maintenance-1.0.1-10*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:40 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-maintenance-0:1.0.1-10.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-repositories-1.0.1-3*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:46 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-repositories-0:1.0.1-3.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-roles-1.0.5-23*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:51 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-roles-0:1.0.5-23.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]#

Update the Repository

Now, the next step is to update the repository. 


[root@olvm-engine-01 host-deploy]# dnf update
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:09:40 ago on Thu 09 May 2024 08:38:09 PM EDT.
Dependencies resolved.
Nothing to do.
Complete!
[root@sofe-olvm-01 host-deploy]#

Update the KVM repos with exclude settings.

We must ensure that only five repositories are visible on the KVM servers. Additionally, validate if there are any excluded parameters in the repository configuration files. 


[root@KVM101 ~]# cd /etc/yum.repos.d/
[root@KVM101 yum.repos.d]# ls -lrth
total 20K
-rw-r--r--. 1 root root  417 May  5  2022 oracle-ovirt-ol8.repo
-rw-r--r--. 1 root root  243 Sep  1  2022 virt-ol8.repo
-rw-r--r--. 1 root root  246 Sep  2  2022 oracle-gluster-ol8.repo
-rw-r--r--. 1 root root 3.6K May 16  2023 oracle-linux-ol8.repo
-rw-r--r--. 1 root root  941 May 16  2023 uek-ol8.repo
[root@KVM120 yum.repos.d]# grep -r exclude*

We need to exclude the Oracle Ansible package from /etc/yum.conf and oracle-linux-ol8.repo before performing the update.


[root@KVM101 yum.repos.d]# cat /etc/yum.conf
[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
#exclude="*.src"
exclude=ansible-core

Validate ansible is excluded


[root@KVM101 yum.repos.d]# grep -r exclude *
oracle-linux-ol8.repo:exclude=ansible-core

If everything looks good, you can proceed to update the oracle-ovirt-release-el8 repository. 


[root@KVM120 yum.repos.d]# dnf update oracle-ovirt-release-el8
Last metadata expiration check: 0:21:56 ago on Thu 09 May 2024 09:49:01 PM EDT.
Dependencies resolved.
=============================================================================================================================================================================================================
 Package                                                      Architecture                         Version                                             Repository                                       Size
=============================================================================================================================================================================================================
Upgrading:
 oracle-ovirt-release-el8                                     x86_64                               1.0-1.0.6.el8                                       ol8_baseos_latest                                23 k
Installing dependencies:
 python3-dnf-plugin-versionlock                               noarch                               4.0.21-19.0.1.el8_8                                 ol8_baseos_latest                                65 k

Transaction Summary
=============================================================================================================================================================================================================
Install  1 Package
Upgrade  1 Package

Total download size: 88 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64.rpm                                                                                                                      51 kB/s |  23 kB     00:00
(2/2): python3-dnf-plugin-versionlock-4.0.21-19.0.1.el8_8.noarch.rpm                                                                                                         126 kB/s |  65 kB     00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                        167 kB/s |  88 kB     00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                     1/1
  Installing       : python3-dnf-plugin-versionlock-4.0.21-19.0.1.el8_8.noarch                                                                                                                           1/3
  Running scriptlet: oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64                                                                                                                                       2/3
  Upgrading        : oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64                                                                                                                                       2/3
  Running scriptlet: oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64                                                                                                                                       2/3
  Cleanup          : oracle-ovirt-release-el8-1.0-1.0.3.el8.x86_64                                                                                                                                       3/3
  Running scriptlet: oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64                                                                                                                                       3/3
Enabling OLVM 4.4 required Yum Channels...
Enabling ol8_baseos_latest Yum Channel...
Enabling ol8_UEKR6 Yum Channel...
Enabling ol8_gluster_appstream Yum Channel...
Enabling ol8_kvm_appstream Yum Channel...
Disabling yum module virt:ol
Enabling yum module virt:kvm_utils2
Enabling module pki-deps
Enabling module postgresql:13
Enabling module nodejs:18
Exclude ansible-core updates from OL ol8_appstream
Required oVirt 4.4 Yum Channels enabled.
Done.

  Running scriptlet: oracle-ovirt-release-el8-1.0-1.0.3.el8.x86_64                                                                                                                                       3/3
  Verifying        : python3-dnf-plugin-versionlock-4.0.21-19.0.1.el8_8.noarch                                                                                                                           1/3
  Verifying        : oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64                                                                                                                                       2/3
  Verifying        : oracle-ovirt-release-el8-1.0-1.0.3.el8.x86_64                                                                                                                                       3/3

Upgraded:
  oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64
Installed:
  python3-dnf-plugin-versionlock-4.0.21-19.0.1.el8_8.noarch

Complete!

Once the repo update is complete, we can start the KVM update from the console.

Conclusion

KVM upgrades can be challenging due to potential package conflicts. To manage this effectively, consider creating a proactive Service Request (SR) with Oracle Support before starting the upgrade. This can help address any surprises that may arise during the process.
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Oracle world 2024 - AI

  Intro  The world is transitioning from the data era to the age of artificial intelligence. Many organizations are leveraging AI features t...