Updates Howto

Samuel VERSCHELDE edited this page Sep 12, 2018 · 7 revisions

This page details how to keep your XCP-ng system updated (bug fixes and security fixes) between major upgrades.

Note that currently we stop releasing updates to the n-1 version when the n version is released (e.g. 7.4 when 7.5 was released). So to keep benefiting from bugfixes and security fixes, one has to upgrade.

Prerequisites

  • Your dom0 system must either have access to updates.xcp-ng.org, or to a local mirror. In the latter case, make sure to update the baseurl values in /etc/yum.repos.d/xcp-ng.repo to make them point at the local mirror, and keep the mirror up to date, of course.
  • If you have enabled third party repositories (CentOS, EPEL...) in the past, make sure to disable them before updating. Otherwise, core packages from your dom0 system can be overwritten with versions of packages that have not been tested in the context of XCP-ng, or lack specific patches. Set enabled=0 in the relevant files in /etc/yum.repos.d/. Warning: when added, the EPEL repository is automatically enabled. Make sure to disable it right away and use this syntax instead to install anything from it: yum install packagename --enablerepo='epel'.
  • Note: installing extra packages from outside the XCP-ng repositories can lead to various issues, including update or system upgrade problems, so make sure to:
    • install only packages that are known not to have any adverse effect on XCP-ng;
    • check the dependencies pulled by such packages: they must not overwrite existing packages in XCP-ng;
    • know you're doing it at your own risk and be prepared to fix any issues that would arise, especially unforeseen upgrade issues (we can't test upgrade scenarios if anything can be installed on your systems).

From command line

Simply run this on each server, starting with the pool master:

yum update

From Xen Orchestra

See this blog post.

When to reboot?

There is currently no way for XCP-ng to automatically tell you if a reboot is required.

The safest way is to reboot everytime an update is installed.

Else base your decision on an educated guess. Look at the list of the updated packages (yum update always tells you) and then decide:

  • Was there a kernel update? If so, reboot. Those are usually security fixes that require a reboot.
  • Were xen-hypervisor and/or other xen-* packages updated? Reboot too.
  • Other low-level packages may require a reboot too, for example glibc.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.