# Updating HVM OS Explains how to update HVM OS, the base operating system for HVM Hosts HVM OS is preconfigured with trusted `apt` update repositories, which are hosted by HPE. These repositories enabled customers to apply updates to HVM OS during scheduled maintenance or downtime windows. This ensures systems remain secure and up to date. The following repositories are configured by default: HPE Zion Private Repository - Types: deb - URIs: - Suites: pulp - Components: upload - Check-Valid-Until: False - Trusted: True - Signed-By: /etc/apt/keyrings/zion\_repo\_public.key This repository is used for HPE-provided, platform-specific packages required for the HVM OS environment. It may include custom components, integrations, or fixes validated by HPE. HPE Zion OS Updates Repository (Ubuntu 24.04 - Noble) - Types: deb - URIs: : - Suites: noble-updates - Components: main - Check-Valid-Until: False - Trusted: True - Signed-By: /etc/apt/keyrings/zion\_repo\_public.key This repository provides curated Ubuntu 24.04 (Noble) OS updates aligned with HPE validation and support requirements for HVM OS deployments. Update Process and Customer Responsibility Customers can use standard `apt` tooling to apply updates when newer OS packages are available (`apt update` and `apt upgrade`). Updates should be performed only during approved maintenance windows to minimize operational impact. Complete the update process on one host at a time. Hosts are placed into maintenance mode and the update is run only after confirming the host has successfully entered maintenance. Hosts are placed into maintenance by: 1. Navigating to the cluster detail page 2. Selecting the Hosts tab 3. Selecting an individual host 4. Selecting the ACTIONS menu 5. selecting "Enter Maintenance" Once the host has entered maintenance mode, run `sudo apt update` and `sudo apt upgrade`. After completing the update, bring the host back out of maintenance mode and continue to the next host only after confirming the prior host has successfully left maintenance. All repositories are: - Explicitly marked as trusted - Signed using the HPE Zion public repository key - Configured with "Check-Valid-Until: False" to avoid update interruptions caused by metadata expiration IMPORTANT Only packages obtained from the preconfigured HPE repositories are supported. Adding external or upstream Ubuntu repositories may lead to unsupported configurations. Offline HVM OS Updates For air-gapped environments where cluster hosts don't have access to the public Internet, use the following process to update the underlying base OS (HVM OS). This process should be completed on one host at a time to avoid any cluster downtime. 1. Download the offline upgrade bundle to your workstation from My HPE Software Center 2. Copy the offline upgrade bundle to the HVM Host. This can be done using `scp` or a similar tool like `WinSC` (ex. `scp hvm-upgrade-bundle.zip user@x.x.x.x:/home/user`) 3. Remotely access the HVM Host (ex. `ssh user@x.x.x.x`) 4. From the directory where you copied the offline upgrade bundle, unzip the bundle into its own new directory (ex. `unzip hvm-upgrade-bundle.zip -d hvm-upgrade-bundle/`) 5. Navigate into the new directory (ex. `cd hvm-upgrade-bundle/`) 6. The directory contains a tar bundle and a repository key. First, copy the repository key to `/etc/apt/keyrings/` (ex. `sudo cp zion_repo_public.key /etc/apt/keyrings/`) 7. Convert the key using `sudo gpg --dearmor -o /etc/apt/keyrings/zion_repo_public.gpg zion_repo_public.key` 8. Set permissions on the converted key using `sudo chmod 644 /etc/apt/keyrings/zion_repo_public.gpg` 9. The `.key` file can now be deleted using `sudo rm /etc/apt/keyrings/zion_repo_public.key` 10. Untar the bundle (ex. `tar xvzf hvm_upgrade_bundle_xxx.tar.gz`) 11. Move up one directory level (`cd ../`) 12. Move the extracted bundle to `/var/local` (ex. `sudo cp -a hvm-upgrade-bundle /var/local`) 13. Change the directory owner (ex. `sudo chown -R root:root /var/local/hvm-upgrade-bundle`) 14. Create a new file for a new addition to the local `apt` repository (ex. `sudo vi /etc/apt/sources.list.d/hpe-local-repo.sources`) 15. Within the text editor, add the following content to the new file. Then, save the file: ``` ``` Types: deb URIs: file:/var/local/hvm-upgrade-bundle/ubuntu2404-os-updates Suites: noble-updates Components: main Check-Valid-Until: False Signed-By: /etc/apt/keyrings/zion_repo_public.gpg ``` ``` 16. Within the HPE Morpheus Software UI, put the HVM Host we just worked with into Maintenance Mode. To do this, navigate to **Infrastructure > Clusters > Selected HVM Cluster > Hosts tab > Selected Host**. Once on the HVM Host detail page, click ACTIONS and then click "Enter Maintenance Mode." 17. Back on the HVM Host, validate that all VMs have stopped with `sudo virsh list --all`. This should show that there are no running VMs 18. Validate that Pacemaker has entered standby mode with `sudo pcs status`. Status should show standby 19. Stop Pacemaker with `sudo systemctl stop pacemaker` 20. Stop Corosync with `sudo systemctl stop corosync` 21. Update `apt` package data with `sudo apt update`. You will very likely see errors and should confirm these are for online repositories which cannot be reached in an offline environment. Once you've confirmed this is the source of the error, you may ignore the errors and proceed 22. Upgrade HVM OS with `sudo apt upgrade` 23. Reboot the system with `sudo reboot -f now` 24. Validate Pacemaker came back up as expected with `sudo systemctl status pacemaker` 25. Validate Corosync came back up as expected with `sudo systemctl status corosync` 26. Bring Corosync back from standby with `sudo pcs node unstandby` 27. Confirm the HVM Host came out of standby with `sudo pcs status` 28. Back in HPE Morpheus Software UI once again, take the HVM Host out of Maintenance Mode by navigating to the Host detail page as described previously. Click on the ACTIONS menu and select "Exit Maintenance Mode." 29. Once the HVM Host is confirmed back from Maintenance Mode, complete this process on all other HVM Hosts which make up the cluster