Skip to main content

🚀 Update from AtomOS 0.7.x/0.8.x to 1.9.1

Update CLI

Fetch the newer version of the CLI using this command:

curl https://repo.elemento.cloud/get-atomos.sh | sudo bash

:::warning Starting from AtomOS 0.9.0 the CLI tool has been renamed from nucleus to atomos-cli :::

Update AtomOS

Using the newly updated CLI start the update process:

sudo atomos-cli --update

:::warning Be mindful about your licenses and VMs :::

After the update

Coming in this AtomOS update there are some things that the update process does not cover, especially:

  • the new AtomOS-GUI service
  • HTTPS

Certificates and HTTPS

:::info Note that during a new install the procedure will automatically prompt the creation of the certificate and is not needed to execute the generation (as long as the generated certificate is valid) :::

Generate Certificate

Starting from AtomOS 0.9.0 all API calls directed to the AtomOS' services use https as protocol. Generate the certificate needed using this command and following the given instructions:


sudo atomos-cli --generate-cert
# note that the following ips are just an example

══ TLS Certificate Generation
  ▸ Certificate duration [Nd / Nm / Ny] (default: 90d): 1y
  ▸ Country code [2 letters] (default: XX): IT
  ▸ State / Province: Cuneo
  ▸ City / Locality (default: Default City): Cuneo
  ▸ Organization name (default: Default Company Ltd): Elemento Modular Cloud SRL
  ▸ Organizational unit: DEV
  ▸ Common name (hostname or your name): cluster-1
  i  Add Subject Alternative Names (SAN):
  ▸ Record type [DNS|IP]: IP
  ▸ IP address: 10.0.0.11
  ▸ Add another SAN entry? [yes/no]: yes
  ▸ Record type [DNS|IP]: IP
  ▸ IP address: 10.0.0.12
  ▸ Add another SAN entry? [yes/no]: yes
  ▸ Record type [DNS|IP]: IP
  ▸ IP address: 10.0.0.13
  ▸ Add another SAN entry? [yes/no]: no
-----
  ^  Certificate generated at /etc/elemento/certs/atomos.crt

Restart all AtomOS services to make them use the certificate:

sudo atomos-cli -ra

Now the newly generated certificate that is dedicated to a specific host has to be trusted from other machines and from Electros.

Trust Certificate from Electros

Starting from Electros v3.1.6 it will be possibile to trust an host using the dedicated trust host icon that will be present inside the Cloud Targets page if you already have some targets present.

this will show a popup with the fingerprint: Check if the shown fingerprint is matching the one shown from the AtomOS host, the fingerprint can be shown using this command:

sudo atomos-cli --show-fingerprint 

══ Certificate Fingerprint
  8F:1A:5A:E8:8A:AF:D8:99:6D:96:DC:05:3F:A4:91:6C:F2:94:F5:2F:57:3A:EC:44:36:E5:3A:89:16:D6:A9:31

Once trusted Electros and AtomOS can interact with each other normally.

If you add a new target ex-novo Electros will automatically show you the dialog where it's possible to trust the server fingerprint.

Trust Certificate from another AtomOS host

Starting from AtomOS 0.9.0, every host that needs to communicate with another host must have its certificate mutually trusted. You can achieve this following these steps:

on the machine that has to be trusted:

sudo atomos-cli --show-fingerprint 

══ Certificate Fingerprint
  8F:1A:5A:E8:8A:AF:D8:99:6D:96:DC:05:3F:A4:91:6C:F2:94:F5:2F:57:3A:EC:44:36:E5:3A:89:16:D6:A9:31

on the machine that has to trust the other host:

# it is possible to use compute or storage as target to this operation dependently on what kind of node
# has to be trusted, in this example we are using the computeserver as the target

# mind that the IPs are random
sudo atomos-cli --get-certificate 10.0.0.11 compute

══ Retrieve Remote Certificate
  >  Fetching certificate from 10.0.0.11:7777 (compute)...

══ Certificate Details
subject=C=IT, ST=Cuneo, L=Cuneo, O=Elemento Modular Cloud SRL, OU=DEV, CN=cluster-1
issuer=C=IT, ST=Cuneo, L=Cuneo, O=Elemento Modular Cloud SRL, OU=DEV, CN=cluster-1
notBefore=Apr 28 08:37:10 2026 GMT
notAfter=Apr 28 08:37:10 2027 GMT

  SHA256 Fingerprint:  sha256 Fingerprint=8F:1A:5A:E8:8A:AF:D8:99:6D:96:DC:05:3F:A4:91:6C:F2:94:F5:2F:57:3A:EC:44:36:E5:3A:89:16:D6:A9:31

  ▸ Save this certificate to /etc/elemento/certs/10.0.0.11.crt? [yes/no]: yes
  ^  Certificate saved.

:::info Note that if the AtomOS hosts have to communicate with each other using more than one IP, the trust process should be done for all of them :::

AtomOS GUI Service

Starting from AtomOS 0.9.0 a new service will be present, which (if active) will allow each AtomOS server to have its own Electros-like instance present directly on the host. The update procedure done via the atomos-cli is not able to update a package the wasn't already present before the update, therefore to include the new package (and related service) it is possibile to use the following command:

sudo dnf install atomos-atomosgui

After the installation of the new service, a restart of the host is highly suggested.

:::info Note that this new service will be included automatically during a new full installation

sudo atomos-cli --install full <on-prem/cloud>

:::

No comments to display

Back to top