Upgrade strategy for clusters with TSX enabled

Solution Verified - Updated 13 Jun 2024

Environment

Upgrade of Red Hat Virtualization (RHV) 4.3 to 4.4
Cluster CPU model uses TSX instructions.

Issue

Upgrading a RHV cluster that uses a CPU model with TSX CPU instructions causes that the upgraded hosts become non operational and that the running VMs cannot live migrate.

Resolution

It is recommended to use the default mitigations for CVE-2019-11135 and therefore have TSX disabled in the affected CPUs. In that case, all VMs will need a power cycle to start using the updated cluster CPU model.

To perform the upgrade to 4.4 and have ample time to reboot all VMS, this approach can be be used:

Upgrade the manager to latest RHV-M 4.4.z.
Reinstall the hosts using the versions RHEL 8.2 or RHVH 4.4.2. These versions still have TSX enabled.
Raise compatibility level of the cluster and data center to 4.4.

Change the cluster CPU to the Secure model and verify that it uses the noTSX version by running this query in the manager:

#  /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "select name, cpu_name, cpu_flags, compatibility_version from cluster;"

Power off / power on all VMs in the cluster so they pick the new CPU model. You can consult the CPU model that the VMs are using with this query. The ones not using a noTSX CPU model will need to be power cycled:
```
#  /usr/share/ovirt-engine/dbscripts/engine-psql.sh -c "select vm_name, cluster_name, storage_pool_name, cpu_name from vms;"
```
When all VMs are rebooted, you can do the minor upgrade of the hosts to the latest 4.4.z.

SBR

Virtualization

Product(s)

Red Hat Virtualization

Category

Upgrade

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.