xcat-core/xCAT-client/pods/man1/updatenode.1.pod

=head1 NAME

B<updatenode> - Update nodes in an xCAT cluster environment.

=head1 SYNOPSIS

B<updatenode> B<noderange> [B<-V>|B<--verbose>] [B<-F>|B<--sync>] [B<-f>|B<--snsync>] [B<-S>|B<--sw>]  [B<-l>  I<userID>]  [B<-P>|B<--scripts> [B<script1,script2...>]] [B<-s>|B<--sn>] [B<-A>|B<--updateallsw>] [B<-c>|B<--cmdlineonly>] [B<-d alt_source_dir>] [B<--fanout>] [B<-t timeout>} [B<attr=val> [B<attr=val...>]]

B<updatenode> B<noderange> [B<-k>|B<--security>] [B<-t timeout>]

B<updatenode> B<noderange> [B<-V>|B<--verbose>] [B<-t timeout>] [B<script1,script2...>]

B<updatenode> B<noderange> [B<-V>|B<--verbose>] [B<-f>|B<--snsync>]

B<updatenode> [B<-h>|B<--help>] [B<-v>|B<--version>]

=head1 DESCRIPTION

The updatenode command is run on the xCAT management node and can be used
to perform the following node updates:

=over 3

=item 1

Distribute and synchronize files.  

=item 2

Install or update software on diskfull nodes.

=item 3

Run postscripts.

=item 4

Update the ssh keys and host keys for the service nodes and compute nodes;
Update the ca and credentials for the service nodes.

=back

The default behavior of updatenode will be to attempt to perform the update 
which doing by "-S", "-P" and "-F" flags.
If you wish to limit updatenode to one or two specific 
actions you can use combinations of the "-S", "-P", and "-F" flags.

If more than one actions doing by "-S", "-P" and "-F" need to be performed,
the execution sequence is "-F", "-S" and then "-P".

For example, If you just want to synchronize configuration file you could
specify the "-F" flag.   If you want to synchronize files and update 
software you would specify the "-F" and "-S" flags. See the descriptions 
of these flags and examples below.

The flag "-k" (--security) can NOT be used together with "-S", "-P", and "-F"
flags.

Note: In a large cluster environment the updating of nodes in an ad hoc 
manner can quickly get out of hand, leaving the system administrator with 
a very confusing environment to deal with. The updatenode command is 
designed to encourage users to handle cluster updates in a manner that 
is recorded and easily repeatable.  

=head2 To distribute and synchronize files

The basic process for distributing and synchronizing nodes is:

=over 3

=item *

Create a synclist file.

=item *

Indicate the location of the synclist file.

=item *

Run the updatenode command to update the nodes.

=back

Files may be distributed and synchronized for both diskless and 
diskfull nodes.  Syncing files to statelite nodes is not supported. 

More information on using the  synchronization file function is in  
https://sourceforge.net/apps/mediawiki/xcat/index.php?title=Using_Updatenode.

=head3 Create the synclist file

The synclist file contains the configuration entries that specify 
where the files should be synced to. In the synclist file, each 
line is an entry which describes the location of the source files 
and the destination location for the files on the target node. 

For more information on creating your synclist files and where to put them, read:

http://sourceforge.net/apps/mediawiki/xcat/index.php?title=Sync-ing_Config_Files_to_Nodes


=head3 Run updatenode to synchronize the files
        
  updatenode <noderange> -F


=head2 To install or update software

updatenode can be use to install or update software on the nodes. See the following documentation for setting up otherpkgs:
https://sourceforge.net/apps/mediawiki/xcat/index.php?title=Install_Additional_Packages

To install/update the packages, run:

  updatenode <noderange> -S



B<For AIX systems:>

Note: The updatenode command is used to update AIX diskfull nodes only. For updating diskless AIX nodes refer to the xCAT for AIX update documentation and use the xCAT mknimimage command.
For information on updating software on AIX cluster:
For diskful installs, read:
https://sourceforge.net/apps/mediawiki/xcat/index.php?title=XCAT_AIX_RTE_Diskfull_Nodes
For diskless installs, read:
https://sourceforge.net/apps/mediawiki/xcat/index.php?title=XCAT_AIX_Diskless_Nodes

B<For Linux systems:>

It is equivalent to running the 
folloiwng command:

 updatenode noderange -P ospkgs,otherpkgs

It will update all the rpms specified in the .pkglist file and .otherpkgs.pkglist 
file. ospkgs postscript will normally remove all the existing rpm 
repositories before adding server:/install/<os>/<arch/ as the new repository. 
To preserve the existing repositories, you can run the following command instead:

updatenode noderange -P "ospkgs --keeprepo,otherpkgs"


=head2 To run postscripts

The scripts must be copied to the /install/postscripts 
directory on the xCAT management node. (Make sure they are 
executable.)

To run scripts on a node you must either specify them on the 
command line or you must add them to the "postscripts" attribute 
for the node.  

To set the postscripts attribute of the node (or group) 
definition you can use the xCAT chdef command. Set the value to 
be a comma separated list of the scripts that you want to be 
executed on the nodes. The order of the scripts in the list 
determines the order in which they will be run.  You could also set
the postscripts value by directly editing the xCAT "postscripts" 
database table using the xCAT tabedit command.

Scripts can  be run on both diskless and diskfull nodes.

To run all the customization scripts that have been designated 
for the nodes, (in the "postscripts and postbootscripts" attributes), type:

  updatenode <noderange> -P

To run the "syslog" script for the nodes, type:

  updatenode <noderange> -P syslog

To run a list of scripts, type:

  updatenode <noderange> -P "script1 p1 p2,script2"

where p1 p2 are the parameters for script1. 

The flag '-P' can be omitted when only scripts names  are
specified.

Note: script1,script2 may or may not be designated as scripts to 
automatically run on the node. However, if you want script1 and 
script2 to get invoked next time the nodes are deployed then make sure 
to add them to the "postscripts/postbootscripts" attribute in the database for the nodes. 

=head2 Update security

The basic functions of update security for nodes:

=over 3

=item *

Setup the ssh keys for the target nodes. It makes the management
node and service node access the target nodes without password.

=item *

Redeliver the host keys to the target nodes.

=item *

Redeliver the ca and certificates files to the service node.
These files are used to authenticate the ssl connection between
xcatd's of management node and service node.

=item *

Remove the entries of target nodes from known_hosts file.

=back

I<Set up the SSH keys>

A password for the user who is running this command is needed to setup
the ssh keys. This user must have the same uid and gid as
the userid on the target node where the keys will be setup.

If the current user is root, roots public ssh keys will be put in the
authorized_keys* files under roots .ssh directory on the node(s).
If the current user is non-root, the user must be in the policy table
and have credential to run the xdsh command.
The non-root users public ssh keys and root's public ssh keys will be put in
the authorized_keys* files under the non-root users .ssh directory on the node(s
).

I<Handle the hierarchical scenario>

When update security files for the node which is served by a service node,
the service node will be updated automatically first, and then the target
node.

The certificates files are needed for a service node to authenticate
the ssl connections between the xCAT client and xcatd on the service node,
and the xcatd's between service node and management node. The files in the
directories /etc/xcat/cert/ and ~/.xcat/ will be updated.

Since the certificates have the validity time, the ntp service is recommended 
to be set up between management node and service node.

Simply running following command to update the security keys:
	 B<updatenode> I<noderange> -k


=head1 PARAMETERS

=over 10

=item B<noderange>

A set of comma delimited xCAT node names
and/or group names. See the xCAT "noderange"
man page for details on additional supported 
formats.

=item B<script1,script2...>

A comma-separated list of script names. 
The scripts must be executable and copied 
to the /install/postscripts directory.
Each script can take zero or more parameters.
If parameters are spcified, the whole list needs to be quoted by double quotes. 
For example:

B<"script1 p1 p2,script2">

=item [B<attr=val> [B<attr=val...>]]

Specifies one or more "attribute equals value" pairs, separated by spaces.
Attr=val pairs must be specified last on the command line.  The currently
supported attributes are: "installp_bundle", "otherpkgs", "installp_flags", 
"emgr_flags" and "rpm_flags".  These attribute are only valid for AIX software
maintenance support.

=back

=head1 OPTIONS

=over 10

=item B<--fanout>=I<fanout_value>

Specifies a fanout value for the maximum number of  concur-
rently  executing  remote shell processes. Serial execution
can be specified by indicating a fanout value of B<1>.  If  B<--fanout>
is not specified, a default fanout value of B<64> is used.

=item B<-A|--updateallsw>

Install or update all software contained in the source directory. (AIX only)

=item B<-c|cmdlineonly>

Specifies that the updatenode command should only use software maintenance
information provided on the command line.  This flag is only valid when
using AIX software maintenance support.

=item B<-d alt_source_dir>

Used to specify a source directory other than the standard lpp_source directory specified in the xCAT osimage definition.  (AIX only)

=item B<-F|--sync>

Specifies that file synchronization should be
performed on the nodes.  rsync and ssh must
be installed and configured on the nodes. 
The function is not supported for statelite installations.
For statelite installations to sync files, you should use the
read-only option for files/directories listed in
litefile table with source location specified in the litetree table.


=item B<-f|--snsync>

Specifies that file synchronization should be
performed to the service nodes that service the
nodes in the noderange. This updates the service
nodes with the data to sync to the nodes. rsync and ssh must
be installed and configured on the service nodes.
For hierachy, this optionally can  be done before syncing the files
to the nodes with the -F flag.  If the -f flag is not used, then
the -F flag will sync the servicenodes before the nodes automatically.
When installing nodes in a hierarchical cluster, this flag should be
used to sync the service nodes before the install, since the files will
be sync'd from the service node by the syncfiles postscript during the
install.
The function is not supported for statelite installations.
For statelite installations to sync files, you should use the
read-only option for files/directories listed in
litefile table with source location specified in the litetree table.


=item B<-h|--help>

Display usage message.

=item B<-k|--security>

Update the ssh keys and host keys for the service nodes and compute nodes;
Update the ca and credentials to the service nodes.  Never run this command to the Management Node, it will take down xcatd. 

=item B<-l>|B<--user> I<user_ID>

Specifies a non-root user name to use for remote command execution. This option is only available when running postscripts (-P) for 
AIX and Linux and updating software (-S) for Linux only. 
The non-root userid  must be previously defined as an xCAT user. 
The userid sudo setup will have to be done by the admin on the node.
This is not supported in a hiearchical cluster, that is the node is serviced by a service node. 
See the document Granting_Users_xCAT_privileges for required xcat/sudo setup. 


=item B<-P|--scripts>

Specifies that postscripts and postbootscripts should be run on the nodes. 
updatenode -P syncfiles is not supported.  The syncfiles postscript can only
be run during install.  You should use updatenode <noderange> -F instead. 

=item B<-S|--sw>

Specifies that node software should be updated. 

=item B<-s|--sn>

Set the server information stored on the nodes.

=item B<-t timeout>

Specifies a timeout in seconds the command will wait for the remote targets to complete. If timeout is not specified
it will wait indefinitely. The exception is the updatenode -k option whose default timeout is 10 seconds.  

=item B<-v|--version>

Command Version.

=item B<-V|--verbose>

Verbose mode.

=back

=head1 RETURN VALUE

0  The command completed successfully.

1  An error has occurred.


=head1 EXAMPLES

=over 3

=item 1

To perform all updatenode features for the Linux nodes in the group
"compute":

B<updatenode compute>

The command will: run any scripts listed in the nodes "postscripts and postbootscripts" 
attribute, install or update any software indicated in the 
/install/custom/install/<ostype>/profile.otherpkgs.pkglist (refer to the 
B<To install or update software part>), synchronize any files indicated by 
the synclist files specified in the osimage "synclists" attribute.

=item 2

To run postscripts,postbootscripts and file synchronization only on the node
"clstrn01":

B<updatenode clstrn01 -F -P>

=item 3

Running updatenode -P with the syncfiles postscript is not supported. You should use updatenode -F instead. 

Do not run:

B<updatenode clstrno1 -P syncfiles>

Run:

B<updatenode clstrn01 -F>

=item 4

To run the postscripts and postbootscripts  indicated in the postscripts and postbootscripts attributes on 
the node "clstrn01":

B<updatenode clstrn01 -P>

=item 5

To run the postscripts script1 and script2 on the node "clstrn01":

B<cp script1,script2 /install/postscripts>

B<updatenode clstrn01 -P "script1 p1 p2,script2">

Since flag '-P' can be omitted when only script names are specified, 
the following command is equivalent:

B<updatenode clstrn01 "script1 p1 p2,script2">

p1 p2 are parameters for script1. 
 

=item 6

To synchronize the files on the node "clstrn01":  Prepare the synclist file. 
For AIX, set the full path of synclist in the osimage table synclists 
attribute. For Linux, put the synclist file into the location: 
/install/custom/<inst_type>/<distro>/<profile>.<os>.<arch>.synclist
Then:

B<updatenode clstrn01 -F>

=item 7

To perform the software update on the Linux node "clstrn01":  Copy the extra 
rpm into the /install/post/otherpkgs/<os>/<arch>/* and add the rpm names into 
the /install/custom/install/<ostype>/profile.otherpkgs.pkglist .  Then:

B<updatenode clstrn01 -S>

=item 8

To update the AIX node named "xcatn11" using the "installp_bundle" and/or
"otherpkgs" attribute values stored in the xCAT database.  Use the default installp, rpm and emgr flags.

B<updatenode xcatn11 -V -S>

Note: The xCAT "xcatn11" node definition points to an xCAT osimage definition 
which contains the "installp_bundle" and "otherpkgs" attributes as well as
the name of the NIM lpp_source resource.

=item 9

To update the AIX node "xcatn11" by installing the "bos.cpr" fileset using 
the "-agQXY" installp flags.  Also display the output of the installp command.

B<updatenode xcatn11 -V -S otherpkgs="I:bos.cpr" installp_flags="-agQXY">

Note:  The 'I:' prefix is optional but recommended for installp packages.

=item 10 

To uninstall the "bos.cpr" fileset that was installed in the previous example.

B<updatenode xcatn11 -V -S otherpkgs="I:bos.cpr" installp_flags="-u">

=item 11

To update the AIX nodes "xcatn11" and "xcatn12" with the "gpfs.base" fileset
and the "rsync" rpm using the installp flags "-agQXY" and the rpm flags "-i --nodeps".

B<updatenode xcatn11,xcatn12 -V -S otherpkgs="I:gpfs.base,R:rsync-2.6.2-1.aix5.1.ppc.rpm" installp_flags="-agQXY" rpm_flags="-i --nodeps">

Note: Using the "-V" flag with multiple nodes may result in a large amount of output.

=item 12

To uninstall the rsync rpm that was installed in the previous example.

B<updatenode xcatn11 -V -S otherpkgs="R:rsync-2.6.2-1" rpm_flags="-e">

=item 13

Update the AIX node "node01" using the software specified in the NIM "sslbnd" and "sshbnd" installp_bundle resources and the "-agQXY" installp flags.

B<updatenode node01 -V -S installp_bundle="sslbnd,sshbnd" installp_flags="-agQXY">

=item 14

To get a preview of what would happen if you tried to install the "rsct.base" fileset on AIX node "node42".  (You must use the "-V" option to get the full output from the installp command.)

B<updatenode node42 -V -S otherpkgs="I:rsct.base" installp_flags="-apXY">

=item 15

To check what rpm packages are installed on the AIX node "node09". (You must use the "-c" flag so updatenode does not get a list of packages from the database.)

B<updatenode node09 -V -c -S rpm_flags="-qa">

=item 16

To install all software updates contained in the /images directory.

B<updatenode node27 -V -S -A -d /images>

Note:  Make sure the directory is exportable and that the permissions are set
correctly for all the files.  (Including the .toc file in the case of
installp filesets.)

=item 17

Install the interim fix package located in the /efixes directory.

B<updatenode node29 -V -S -d /efixes otherpkgs=E:IZ38930TL0.120304.epkg.Z>

=item 18

To uninstall the interim fix that was installed in the previous example.

B<updatenode xcatsn11 -V -S -c emgr_flags="-r -L IZ38930TL0">

=item 19

To update the security keys for the node "node01"

B<updatenode node01 -k>

=item 20

To update the service nodes with the files to be synchronized to node group compute: 

B<updatenode compute -f>

=item 21 

To run updatenode with the non-root userid "user1" that has been setup as an xCAT userid  with sudo on node1  to run as root, do the following:
See  Granting_Users_xCAT_privileges for required sudo setup.

B<updatenode node1 -l user1 -P syslog>


=back

=head1 FILES

/opt/xcat/bin/updatenode