Virtualization has significantly transformed the IT industry by enhancing the efficient utilization of server resources. Despite the rapid adoption of cloud technology, many organizations hesitate to migrate their workloads to the cloud due to concerns regarding data sensitivity and operational challenges. For such businesses, virtualization continues to be the preferred solution, offering substantial cost savings in capital expenditure (CapEx) and a secure operational environment.
Ensuring the security of critical database workloads hosted in virtualized environments is paramount. Oracle Linux Virtualization Manager (OLVM) plays a crucial role in managing these virtual environments, and maintaining its updates is vital for safeguarding infrastructure integrity. Regular KVM upgrades are essential to uphold the security and reliability of these virtualized environments.
While upgrading our KVM hosts, we encountered several issues, particularly with hosts that previously utilized Gluster data domains.
In addressing these challenges, I referred to a helpful resource: Oracle’s meta link note titled “OLVM: Updating KVM Hosts From the OLVM portal fails (Doc ID 2992369.1)”.
In this article, I will detail how we successfully resolved KVM upgrade issues (ansible conflict).
We observed that our KVM updates, executed using an Ansible script, were failing due to issues with the Gluster package. Although we do not actively use Gluster, it is essential not to remove these packages from KVM, as doing so poses a significant risk of breaking the OLVM engine.
I have highlighted the error we encountered during the upgrade.
"msg" : "Depsolve Error occured: \n Problem 1: package gluster-ansible-cluster-1.0-5.module+el8.8.0+90097+18e1d3b8.noarch
requires ansible-core >= 2.12, but none of the providers can be installed\n - package ansible-2.9.27-2.el8.noarch
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.12.2-3.1.el8.x86_64\n - package ansible-core-2.12.2-3.1.el8.x86_64
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with
ansible-core > 2.11.0 provided by ansible-core-2.12.2-4.el8_6.x86_64\n - package ansible-core-2.12.2-4.el8_6.x86_64
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.13.3-1.el8.x86_64\n - package ansible-core-2.13.3-1.el8.x86_64
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.13.3-2.el8_7.x86_64\n - package ansible-core-2.13.3-2.el8_7.x86_64
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.14.2-3.el8.x86_64\n - package ansible-core-2.14.2-3.el8.x86_64
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.15.3-1.el8.x86_64\n - package ansible-core-2.15.3-1.el8.x86_64
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - cannot install the best update candidate for package
gluster-ansible-cluster-1.0-2.1.module+el8.4.0+20194+c25df5f0.noarch\n - cannot install the best update candidate for
package ansible-2.9.27-2.el8.noarch\n Problem 2: package gluster-ansible-roles-1.0.5-28.module+el8.8.0+90097+18e1d3b8.noarch
requires ansible-core >= 2.12, but none of the providers can be installed\n - package ansible-core-2.12.2-3.1.el8.x86_64 conflicts
with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch
conflicts with ansible-core > 2.11.0 provided by ansible-core-2.12.2-3.1.el8.x86_64\n - package ansible-core-2.12.2-4.el8_6.x86_64
conflicts with ansible < 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core
> 2.11.0 provided by ansible-core-2.12.2-4.el8_6.x86_64\n - package ansible-core-2.13.3-1.el8.x86_64 conflicts with ansible
< 2.10.0 provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core > 2.11.0
provided by ansible-core-2.13.3-1.el8.x86_64\n - package ansible-core-2.13.3-2.el8_7.x86_64 conflicts with ansible < 2.10.0
provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core > 2.11.0
provided by ansible-core-2.13.3-2.el8_7.x86_64\n - package ansible-core-2.14.2-3.el8.x86_64 conflicts with ansible < 2.10.0
provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core > 2.11.0
provided by ansible-core-2.14.2-3.el8.x86_64\n - package ansible-core-2.15.3-1.el8.x86_64 conflicts with ansible < 2.10.0
provided by ansible-2.9.27-2.el8.noarch\n - package ansible-2.9.27-2.el8.noarch conflicts with ansible-core > 2.11.0
provided by ansible-core-2.15.3-1.el8.x86_64\n - package ovirt-ansible-collection-1.6.6-1.0.8.el8.noarch
requires ansible >= 2.9.21, but none of the providers can be installed\n - cannot install the best update candidate for package
gluster-ansible-roles-1.0.5-23.module+el8.4.0+20194+c25df5f0.noarch\n -
cannot install the best update candidate for package ovirt-ansible-collection-1.6.6-1.0.7.el8.noarch\n Problem 3:
package gluster-ansible-repositories-1.0.1-5.module+el8.8.0+90097+18e1d3b8.noarch
requires ansible-core >= 2.12, but none of the providers can be installed\n - package ansible-core-2.12.2-3.1.el8.x86_64 conflicts with an
If the packages are not installed, you can lock their versions from the engine server.
[root@olvm-engine-01]# dnf install 'dnf-command(versionlock)'
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:07:38 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package python3-dnf-plugin-versionlock-4.0.21-23.0.1.el8.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@olvm-engine-01]#
These are the packages we need to lock.
dnf versionlock gluster-ansible-cluster-1.0-2.1*
dnf versionlock gluster-ansible-features-1.0.5-9*
dnf versionlock gluster-ansible-infra-1.0.4-18*
dnf versionlock gluster-ansible-maintenance-1.0.1-10*
dnf versionlock gluster-ansible-repositories-1.0.1-3*
dnf versionlock gluster-ansible-roles-1.0.5-23*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-cluster-1.0-2.1*
dnf versionlock gluster-ansible-features-1.0.5-9*
dnf versionlock gluster-ansible-infra-1.0.4-18*
dnf versionlock gluster-ansible-maintenance-1.0.1-10*
dnf versionlock gluster-ansible-repositories-1.0.1-3*
dnf versionlock gluster-ansible-roles-1.0.5-23*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:24 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-cluster-0:1.0-2.1.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-features-1.0.5-9*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:29 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-features-0:1.0.5-9.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-infra-1.0.4-18*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:35 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-infra-0:1.0.4-18.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-maintenance-1.0.1-10*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:40 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-maintenance-0:1.0.1-10.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-repositories-1.0.1-3*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:46 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-repositories-0:1.0.1-3.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]# dnf versionlock gluster-ansible-roles-1.0.5-23*
This system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:08:51 ago on Thu 09 May 2024 08:38:09 PM EDT.
Package already locked in equivalent form: gluster-ansible-roles-0:1.0.5-23.module+el8.4.0+20194+c25df5f0.*
[root@olvm-engine-01]#
Now, the next step is to update the repository.
[root@olvm-engine-01 host-deploy]# dnf updateThis system is receiving updates from Unbreakable Linux Network or Spacewalk.
Last metadata expiration check: 1:09:40 ago on Thu 09 May 2024 08:38:09 PM EDT.
Dependencies resolved.
Nothing to do.
Complete!
[root@sofe-olvm-01 host-deploy]#
We must ensure that only five repositories are visible on the KVM servers. Additionally, validate if there are any excluded parameters in the repository configuration files.
[root@KVM101 ~]# cd /etc/yum.repos.d/
[root@KVM101 yum.repos.d]# ls -lrth
total 20K
-rw-r--r--. 1 root root 417 May 5 2022 oracle-ovirt-ol8.repo
-rw-r--r--. 1 root root 243 Sep 1 2022 virt-ol8.repo
-rw-r--r--. 1 root root 246 Sep 2 2022 oracle-gluster-ol8.repo
-rw-r--r--. 1 root root 3.6K May 16 2023 oracle-linux-ol8.repo
-rw-r--r--. 1 root root 941 May 16 2023 uek-ol8.repo
[root@KVM120 yum.repos.d]# grep -r exclude*
We need to exclude the Oracle Ansible package from /etc/yum.conf and oracle-linux-ol8.repo before performing the update.
[root@KVM101 yum.repos.d]# cat /etc/yum.conf
[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
#exclude="*.src"
exclude=ansible-core
[root@KVM101 yum.repos.d]# grep -r exclude *
oracle-linux-ol8.repo:exclude=ansible-core
If everything looks good, you can proceed to update the oracle-ovirt-release-el8 repository.
[root@KVM120 yum.repos.d]# dnf update oracle-ovirt-release-el8
Last metadata expiration check: 0:21:56 ago on Thu 09 May 2024 09:49:01 PM EDT.
Dependencies resolved.
=============================================================================================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================================================================================
Upgrading:
oracle-ovirt-release-el8 x86_64 1.0-1.0.6.el8 ol8_baseos_latest 23 k
Installing dependencies:
python3-dnf-plugin-versionlock noarch 4.0.21-19.0.1.el8_8 ol8_baseos_latest 65 k
Transaction Summary
=============================================================================================================================================================================================================
Install 1 Package
Upgrade 1 Package
Total download size: 88 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64.rpm 51 kB/s | 23 kB 00:00
(2/2): python3-dnf-plugin-versionlock-4.0.21-19.0.1.el8_8.noarch.rpm 126 kB/s | 65 kB 00:00
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 167 kB/s | 88 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : python3-dnf-plugin-versionlock-4.0.21-19.0.1.el8_8.noarch 1/3
Running scriptlet: oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64 2/3
Upgrading : oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64 2/3
Running scriptlet: oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64 2/3
Cleanup : oracle-ovirt-release-el8-1.0-1.0.3.el8.x86_64 3/3
Running scriptlet: oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64 3/3
Enabling OLVM 4.4 required Yum Channels...
Enabling ol8_baseos_latest Yum Channel...
Enabling ol8_UEKR6 Yum Channel...
Enabling ol8_gluster_appstream Yum Channel...
Enabling ol8_kvm_appstream Yum Channel...
Disabling yum module virt:ol
Enabling yum module virt:kvm_utils2
Enabling module pki-deps
Enabling module postgresql:13
Enabling module nodejs:18
Exclude ansible-core updates from OL ol8_appstream
Required oVirt 4.4 Yum Channels enabled.
Done.
Running scriptlet: oracle-ovirt-release-el8-1.0-1.0.3.el8.x86_64 3/3
Verifying : python3-dnf-plugin-versionlock-4.0.21-19.0.1.el8_8.noarch 1/3
Verifying : oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64 2/3
Verifying : oracle-ovirt-release-el8-1.0-1.0.3.el8.x86_64 3/3
Upgraded:
oracle-ovirt-release-el8-1.0-1.0.6.el8.x86_64
Installed:
python3-dnf-plugin-versionlock-4.0.21-19.0.1.el8_8.noarch
Complete!
Once the repo update is complete, we can start the KVM update from the console.
KVM upgrades can be challenging due to potential package conflicts. To manage this effectively, consider creating a proactive Service Request (SR) with Oracle Support before starting the upgrade. This can help address any surprises that may arise during the process.