It is a good idea to use the cluster for a while with the new level of IBM
Spectrum Scale installed, until you are sure that you are ready
to permanently upgrade the cluster to
the new level.
When you are ready to permanently upgrade the cluster, follow the steps in this topic to complete the upgrade. If you decide not
to complete the upgrade, you can revert to the previous level of IBM
Spectrum Scale. For more information, see Reverting to the previous level of IBM Spectrum Scale.
Before you begin this task, verify that you have upgraded all the nodes in the cluster to the
latest licensed version of IBM
Spectrum Scale.
When you run
mmchconfig release=LATEST
in Step 2 of these directions, you
can add other parameters and their values to the command
line:
mmchconfig release=LATEST,<parameterN=value>,<parameterN+1=value>...
The
following table describes the options and parameters that are referred to in this
topic.
Table 1. Other options and
parameters with mmchconfig
release=LATEST
Option/Parameter |
Purpose |
Comment |
--accept-empty-cipherlist-security |
You must specify this option if you want to continue running the cluster with the lowest
level of security for communications between nodes or with other clusters. That is, you want the
cipherList attribute to remain set to EMPTY or
undefined. For more information, see Security mode.
|
It is a good idea to have some level of security for cluster communications:
For more information, see Security mode.
|
--accept-no-compliance-to-nist-standards |
You must specify this option if you do not want to continue running the cluster with the
security transport that follows the NIST SP800-131A recommendations. For
more information, see NIST compliance.
|
It is recommended to run the security transport that follows the NIST SP800-131A recommendations:
|
mmfsLogTimeStampISO8601={yes | no} |
Setting this parameter to no allows the cluster to continue running
with the earlier log time stamp format. For more information, see Security mode.
|
|
Note: It is not recommended to use the
--accept-no-compliance-to-nist-standards option and this option might not
be available in the subsequent releases.
-
Verify that the SHA message digest and the cipherList configuration
variable are set to valid values.
Note:
- The SHA message digest is a hash result that is generated by a cryptographic hash function.
- The cipherList variable specifies the security mode for communications
among nodes in the cluster and with nodes in other clusters. For more
information, see mmchconfig command.
Follow these steps:
-
Display the current values by entering the following command. The listing shows both the
command and example output:
# mmauth show .
Cluster name:
zounds.cluster (this cluster) Cipher list: (none specified) SHA digest: (undefined)
File system access: (all rw)
-
If the value for the
SHA digest
is (undefined)
, follow these
steps:
- Enter the following command to generate a public/private key pair and an SHA message
digest:
mmauth genkey new
- Enter
mmauth show .
again and verify that the value for SHA
digest
is no longer (undefined)
.
-
If the value for cipherList is
(none specified)
or
EMPTY
, do one of the following actions:
- If you want a level of security in communications between nodes and with other clusters, follow
these steps:
- Set cipherList to AUTHONLY or to a supported
cipher:
mmauth update . -l AUTHONLY
- Enter
mmauth show .
again and verify that the value for
cipherList is no longer (none specified)
or
EMPTY
.
- If you do not want a level of security cluster communications, let
cipherList remain set to
(none specified)
or
EMPTY
.
-
Enter the following command to upgrade the cluster configuration
data and enable new functionality. You can add the parameters that
are described in Table 1 to the command
line:
mmchconfig release=LATEST
Note: Until you run the mmchconfig release=LATEST command, the management GUI
might not be fully operational at the new code level.
Important: If the mmchconfig command detects any nodes that
are not available or cannot be reached, it lists the names of those nodes. If any such nodes are
listed, correct the problem and run the command again until it verifies all the nodes and completes
successfully.
Note: If the
mmchconfig command fails with an error message that indicates
that
cipherlist is set to EMPTY, do one of the following actions:
-
If you have not already done so, assign an appropriate IBM
Spectrum Scale license to each of the nodes in the
cluster.
See
IBM Spectrum Scale license designation for a detailed
description of the
IBM
Spectrum Scale license types. To
see what the minimum required
IBM
Spectrum Scale license
is for each of the nodes in the cluster, enter the following command:
mmlslicense -L
To assign an
IBM
Spectrum Scale server license to the nodes that require it,
enter the following
command:
mmchlicense server -N NodeList
To assign an
IBM
Spectrum Scale client license to the nodes that
require it, enter:
mmchlicense client -N NodeList
-
Enable backward-compatible format changes or upgrade all file systems to the latest metadata format changes.
Attention: Before you continue with this step, it is important to understand the
differences between
mmchfs -V compat and
mmchfs -V
full:
To enable backward-compatible format changes, enter the following
command:
mmchfs FileSystem -V compat
To upgrade the desired file system to the latest metadata format changes, enter the following
command:
mmchfs FileSystem -V full
Certain new file system features might require more processing that cannot be handled by the
mmchfs -V command alone. To fully activate such features, in addition to
mmchfs -V, you must also run the mmmigratefs
command.
Note: The first mount of a file system after you run mmchfs -V might fail
with a no-disk-space error. This situation might occur if the file system is relatively low on
metadata disk space (10% or less free). If so, enter the command again. Typically the file system is
mounted without a problem after the initial failed mount.
After completing the upgrade, you might need to enable cluster
configuration repository (CCR) and fast extended attributes (fastea).
-
Enable cluster configuration repository (CCR) and fast extended attributes (fastea) as follows,
if required.
-
Enable the CCR in the cluster as follows.
-
Enable fastea in the cluster as follows.
- Check if fastea is
enabled.
mmlsfs FileSystemName --fastea
A
sample output is as follows.
flag value
description ------------------- ------------------------ -----------------------------------
--fastea Yes Fast external attributes enabled?
- If fastea is not enabled, issue the following command to enable
it.
mmmigratefs FileSystemName --fastea
For
more information, see mmmigratefs command.
Note: The following features are a few among several
IBM
Spectrum Scale features that require fast extended attributes
(fastea) to be enabled to work.
- Clones
- Independent filesets
- Encryption
- Active file management (AFM)
-
If you have file audit
logging or clustered watch
folder enabled on any file systems, follow the steps in Upgrade paths and commands for file audit logging and clustered watch folder.
Note: Ensure that you include the gpfs.librdkafka package as part of the
upgrade process if those packages are currently installed.