CeonOS7toRedHat8
事前準備
mariadb
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
vim /etc/yum.repos.d/mariadb.repo
# to 10.4
yum -y install MariaDB-server MariaDB-client
nodejs
yum install https://rpm.nodesource.com/pub_12.x/el/7/x86_64/nodesource-release-el7-1.noarch.rpm
yum info nodejs
yum -y install nodejs
java
yum install -y java-11-openjdk
clamav
yum install epel-release
yum install clamav clamav-data clamav-devel clamav-filesystem clamav-update clamd
perl
yum install perl perl-core perl-local-liby
other
yum install httpd
yum install rsync
rpm -Uvh https://repo.zabbix.com/zabbix/4.0/rhel/7/x86_64/zabbix-release-4.0-2.el7.noarch.rpm
yum install zabbix-agent
yum install ncdu htop zip unzip nkf vim-minimal
# /opt/VBoxGuestAdditions-<バージョン番号>/uninstall.sh
/opt/VBoxGuestAdditions-7.0.10/uninstall.sh
NIC名変更
[root@kanaiwa-rh8 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:64:b1:d3 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic eth0
valid_lft 84539sec preferred_lft 84539sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:78:2c:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.33.24/24 brd 192.168.33.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe78:2c64/64 scope link
valid_lft forever preferred_lft forever
cd /etc/sysconfig/network-scripts
ll ifcfg-eth*
#-rw-r--r-- 1 root root 221 Apr 28 21:00 ifcfg-eth0
#-rw-rw-r-- 1 vagrant vagrant 214 Apr 28 21:00 ifcfg-eth1
cat ifcfg-eth0
mv ifcfg-eth0 ifcfg-ens33
vim ifcfg-ens33
# 変更
DEVICE="ens33"
# 以下追加
NAME="enp0s3"
# 2: eth0: ・・・
# link/ether 08:00:27:64:b1:d3 brd ff:ff:ff:ff:ff:ff
HWADDR=08:00:27:64:b1:d3
# private natwork disable
#config.vm.network "private_network", ip: "192.168.33.24"
vagrant
vagrant package
vagrant box add lo_centos7_to_rhel8_v01 ./package.box
rm ./package.box
vagrant snapshot save 20240429_lo_centos7_to_rhel8_v01
convert2rhel
yum clean all
yum –y update
curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release https://www.redhat.com/security/data/fd431d51.txt
ll /etc/pki/rpm-gpg/
curl -o /etc/yum.repos.d/convert2rhel.repo https://ftp.redhat.com/redhat/convert2rhel/7/convert2rhel.repo
ll /etc/yum.repos.d/
yum -y install convert2rhel
vim /etc/convert2rhel.ini
[subscription_manager]
username = <username>
password = <password>
# activation_key = <insert_activation_key>
# org = <insert_org>
convert2rhel analyze
[2024-04-29T10:37:46+0000] TASK - [Pre-conversion analysis report] ***********************************
========== Success (No changes needed) ==========
(SUCCESS) CHECK_FIREWALLD_AVAILABILITY::SUCCESS - N/A
・・・・
(SUCCESS) CONVERT2RHEL_LATEST_VERSION::SUCCESS - N/A
========== Info (No changes needed) ==========
(INFO) REMOVE_REPOSITORY_FILES_PACKAGES::REPOSITORY_FILE_PACKAGES_REMOVED - Repository file packages to be removed
Description: We have identified installed packages that match a pre-defined list of packages that are to be removed during the
conversion
Diagnosis: The following packages will be removed during the conversion: centos-release-7-9.2009.1.el7.centos.x86_64
Remediations: N/A
(INFO) REMOVE_EXCLUDED_PACKAGES::EXCLUDED_PACKAGES_REMOVED - Excluded packages to be removed
Description: We have identified installed packages that match a pre-defined list of packages that are to be removed during the
conversion
Diagnosis: The following packages will be removed during the conversion: geoipupdate-2.5.0-2.el7.x86_64
Remediations: N/A
========== Warning (Review and fix if needed) ==========
(WARNING) LIST_THIRD_PARTY_PACKAGES::THIRD_PARTY_PACKAGE_DETECTED - Third party packages detected
Description: Third party packages will not be replaced during the conversion.
Diagnosis: Only packages signed by CentOS Linux are to be replaced. Red Hat support won't be provided for the following third
party packages:
clamav-0.103.11-1.el7.x86_64, epel-release-7-14.noarch, 2:nodejs-12.22.12-1nodesource.x86_64, clamav-
update-0.103.11-1.el7.x86_64, clamav-data-0.103.11-1.el7.noarch, zabbix-agent-4.0.50-1.el7.x86_64, 1:nkf-2.1.3-5.el7.x86_64,
MariaDB-common-10.4.33-1.el7.centos.x86_64, MariaDB-server-10.4.33-1.el7.centos.x86_64, clamav-lib-0.103.11-1.el7.x86_64,
clamd-0.103.11-1.el7.x86_64, ncdu-1.19-1.el7.x86_64, haveged-1.9.13-1.el7.x86_64, libidn2-2.3.7-1.el7.x86_64, MariaDB-
compat-10.4.33-1.el7.centos.x86_64, nodesource-release-el7-1.noarch, clamav-filesystem-0.103.11-1.el7.noarch,
libprelude-5.2.0-2.el7.x86_64, clamav-devel-0.103.11-1.el7.x86_64, zabbix-release-4.0-2.el7.noarch, htop-2.2.0-3.el7.x86_64,
jwhois-4.0-47.el7.x86_64, MariaDB-client-10.4.33-1.el7.centos.x86_64, galera-4-26.4.16-1.el7.centos.x86_64
Remediations: N/A
convert2rhel
reboot
[root@kanaiwa-rh8 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)
[root@kanaiwa-rh8 ~]# uname -a
Linux kanaiwa-rh8.local 3.10.0-1160.118.1.el7.x86_64 #1 SMP Thu Apr 4 03:33:23 EDT 2024 x86_64 x86_64 x86_64 GNU/Linux
leapp
subscription-manager status
[root@kanaiwa-rh8 tmp]# subscription-manager status
+-------------------------------------------+
System Status Details
+-------------------------------------------+
Overall Status: Disabled
Content Access Mode is set to Simple Content Access. This host has access to content, regardless of subscription status.
System Purpose Status: Disabled
subscription-manager list --installed
+-------------------------------------------+
Installed Product Status
+-------------------------------------------+
Product Name: Red Hat Enterprise Linux Server
Product ID: 69
Version: 7.9
Arch: x86_64
Status: Not Subscribed
Status Details:
Starts:
Ends:
yum repolist all | grep enable
!convert2rhel-for-rhel-7-rpms enabled: 14
!epel/x86_64 enabled: 13,798
!mariadb-main enabled: 105
!mariadb-maxscale enabled: 1
!mariadb-tools enabled: 17
!nodesource/x86_64 enabled: 148
rhel-7-server-rpms/7Server/x86_64 enabled: 34,394
!zabbix/x86_64 enabled: 705
!zabbix-non-supported/x86_64 enabled: 6
subscription-manager repos --enable rhel-7-server-extras-rpms
subscription-manager release --unset
yum versionlock clear
# No such command: versionlock. Please use /bin/yum --help
サービスの停止及び、自動起動停止。
systemctl stop tomcat
systemctl disable tomcat
# NOTE: ウィルスソフトとか(RedHatが推奨)
yum update
yum install leapp-upgrade
yum install leapp-upgrade
Web コンソールを介したアップグレードの可能性の評価および自動修復の適用
基本的に /var/log/leapp/leapp-report.txt の内容がWEBから参照できる。そんなに有用性はなさそうだが、
エビデンスの取得とかにはよさそう。また、WEBからコンソール接続できる。
yum install cockpit-leapp
RHEL 7 で Web コンソールを使用したシステムの管理
systemctl enable --now cockpit.socket
https://localhost:9090
# vagrant config.vm.network "forwarded_port", guest: 9090, host: 19090
# https://localhost:19090 vagrnt : vagrant
leapp preupgrade
leapp answer --section remove_pam_pkcs11_module_check.confirm=True
modprobe -r pata_acpi
vim /etc/ssh/sshd_config
# PermitRootLogin yes
systemctl restart sshd
以上の対応で 阻害要因(Inhibitors) は解決。
その他の阻害要因の解決は9.3. 既知の問題に色々記載あり。
leapp upgrade
modprobe -r pata_acpi 再起動の度に必要。
leapp upgrade
about leapp
基本的に RedHat7のパッケージを RedHat8 のパッケージに更新してくれる。
ただ、RedHatのレポジトリからインストールしたものが対象。
yum でインストールしていない以下のようなパッケージは対象外
・rpm install したパッケージ : EX. Mysql
・手動インストールしたパッケージ : EX. tomcat
・サードパーティーのレポジトリからインストールしたパッケージ : Ex. MariaDB,ClamScan,zabbix-agent epel全般
・上記のパッケージを出来るだけRedHatのレポジトリからインストール : これが結構曲者。nodeでパッケージのコンフリクトで更新エラーになったり、MaiaDBだけ削除したりする。
・あまりないが、独自にビルドしたもの。
対象外となるパッケージは事前に調査の上、RedHat8 に更新された時点で 削除(el7用)、インストール(el8用)する必要がある。
大体の内容は /var/log/leapp/leapp-report.txt に記載あり。
leapp upgrade では 一時的にRedHat8用のパッケージをインストール、それを読み込む形で
起動用ファイル (/boot/vmlinuz-upgrade.x86_64) を作成し、reboot の際に本格的に更新する。
- 以下、問題ない場合の出力例。 「Complete!」が出力されている。
Complete!
====> * add_upgrade_boot_entry
Add new boot entry for Leapp provided initramfs.
A reboot is required to continue. Please reboot your system.
leapp upgrade 後の reboot 失敗
上記の様に「Complete!」が出力されており、reboot したのに正常に起動しない場合有。
接続できない原因が、「更新中」なのか、「更新に失敗した」なのかの切り分け方法が重要
起動後、ssh,AWSであればSSMでログインできない事象が発生した場合は、慌てず、強制終了 => 再起動する。
※AWSの場合はインスタンスの停止 => 起動
万が一に備え、「leapp upgrade」前の状態で起動できるように以前の起動用ファイルは残っているので通常起動するようになっている。
ただ、正常に起動できなかった事を確認する必要があり、方法としてはシリアルコンソール等で結果を見るしかない。
※vagrant 「vb.gui = true」、AWSはシリアルコンソール用のユーザ設定。
その他のサービス等でもある程度WEBブラウザ経由でシリアルコンソール的なものは提供されていると思われる。
-
起動できない場合の例
-
正常起動の場合の例
起動失敗対応
/var/log/leapp/leapp-upgrade.log を確認
[root@kanaiwa-rh8 leapp]# head -n 3 /var/log/leapp/leapp-upgrade.log
2024-05-01 18:03:56.827 INFO PID: 10493 leapp: Logging has been initialized
2024-05-01 18:03:56.870 INFO PID: 10493 leapp.repository.common: A new repository 'common' is initialized at /etc/leapp/repos.d/common
2024-05-01 18:03:56.871 DEBUG PID: 10493 leapp.repository.common: Scanning path /etc/leapp/repos.d/common
「Message: DNF execution failed with non zero exit code.」でエラーが発生していることがわかる。
※時間が 最初はJSTで、最後がUTCになっているので最初、戸惑った。
[root@kanaiwa-rh8 leapp]# tail -n 30 /var/log/leapp/leapp-upgrade.log
May 01 09:31:06 localhost upgrade[548]: REPORT OVERVIEW
May 01 09:31:06 localhost upgrade[548]: ============================================================
May 01 09:31:06 localhost upgrade[548]: Following errors occurred and the upgrade cannot continue:
May 01 09:31:06 localhost upgrade[548]: 1. Actor: dnf_upgrade_transaction
May 01 09:31:06 localhost upgrade[548]: Message: DNF execution failed with non zero exit code.
May 01 09:31:06 localhost upgrade[548]: HIGH and MEDIUM severity reports:
May 01 09:31:06 localhost upgrade[548]: 1. Packages available in excluded repositories will not be installed
May 01 09:31:06 localhost upgrade[548]: 2. Difference in Python versions and support in RHEL 8
May 01 09:31:06 localhost upgrade[548]: 3. Leapp detected loaded kernel drivers which are no longer maintained in RHEL 8.
May 01 09:31:06 localhost upgrade[548]: 4. GRUB2 core will be automatically updated during the upgrade
May 01 09:31:06 localhost upgrade[548]: 5. Packages not signed by Red Hat found on the system
May 01 09:31:06 localhost upgrade[548]: 6. Some RHEL 7 packages have not been upgraded
May 01 09:31:06 localhost upgrade[548]: 7. chrony using default configuration
May 01 09:31:06 localhost upgrade[548]: Reports summary:
May 01 09:31:06 localhost upgrade[548]: Errors: 1
May 01 09:31:06 localhost upgrade[548]: Inhibitors: 0
May 01 09:31:06 localhost upgrade[548]: HIGH severity reports: 6
May 01 09:31:06 localhost upgrade[548]: MEDIUM severity reports: 1
May 01 09:31:12 localhost upgrade[548]: LOW severity reports: 3
May 01 09:31:12 localhost upgrade[548]: INFO severity reports: 5
May 01 09:31:12 localhost upgrade[548]: Before continuing consult the full report:
May 01 09:31:12 localhost upgrade[548]: A report has been generated at /var/log/leapp/leapp-report.json
May 01 09:31:12 localhost upgrade[548]: A report has been generated at /var/log/leapp/leapp-report.txt
May 01 09:31:12 localhost upgrade[548]: ============================================================
May 01 09:31:12 localhost upgrade[548]: END OF REPORT OVERVIEW
May 01 09:31:12 localhost upgrade[548]: ============================================================
May 01 09:31:12 localhost upgrade[548]: Answerfile has been generated at /var/log/leapp/answerfile
May 01 09:31:13 localhost kernel: XFS (sda1): Unmounting Filesystem
May 01 09:31:13 localhost upgrade[537]: Container sysroot failed with error code 1.
May 01 09:31:13 localhost upgrade[525]: writing logs to disk and rebooting
/var/log/leapp/leapp-report.txt の確認
Risk Factor: high (error)
Title: DNF execution failed with non zero exit code.
Summary: {"STDERR": "Warning: Package marked by Leapp to upgrade not found in repositories metadata: gpg-pubkey leapp leapp-upgrade-el7toel8 python2-leapp
Transaction couldn't start:
file /usr/lib/node_modules/npm/docs from install of
npm-1:6.14.11-1.10.24.0.1.module+el8.3.0+10166+b07ac28e.x86_64 conflicts with file from package
nodejs-2:12.22.12-1nodesource.x86_64
Error: Could not run transaction.
", "STDOUT": "Last metadata expiration check: 0:21:40 ago on Wed May 1 18:06:38 2024.
leapp の機能で元々あった、nodejsを再インストールしようとして、関連の npm のバージョンがコンフリクトしており、更新がエラーになっている。
対応としては、nodejs をインストールしてから leapp upgrade する。
# node を削除する前に、node_module 等に追加したものが無いかの確認要。
# /usr/bin/npm も合わせて削除される。rpm -ql nodejs | grep npm
yum remove nodejs
# レポジトリファイルの削除
yum remove nodesource-release
leapp upgrade 成功
[root@kanaiwa-rh8 ~]# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.9 (Ootpa)
[root@kanaiwa-rh8 ~]# uname -a
Linux kanaiwa-rh8.local 4.18.0-513.24.1.el8_9.x86_64 #1 SMP Thu Mar 14 14:20:09 EDT 2024 x86_64 x86_64 x86_64 GNU/Linux
leapp upgrade 後の作業
# ssh したら表示されるので実施
insights-client --register
subscription-manager list --installed
subscription-manager release
[root@kanaiwa-rh8 ~]# cat /etc/dnf/dnf.conf
[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
exclude=python2-leapp,snactor,leapp-upgrade-el7toel8,leapp
yum config-manager --save --setopt exclude=''
[root@kanaiwa-rh8 ~]# cat /etc/dnf/dnf.conf
[main]
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
exclude=
[root@kanaiwa-rh8 ~]#
[root@kanaiwa-rh8 ~]# cd /lib/modules && ls -d *.el7*
3.10.0-1160.118.1.el7.x86_64
[ -x /usr/sbin/weak-modules ] && /usr/sbin/weak-modules --remove-kernel 3.10.0-1160.118.1.el7.x86_64
/bin/kernel-install remove 3.10.0-1160.118.1.el7.x86_64 /lib/modules/3.10.0-1160.118.1.el7.x86_64/vmlinuz
rpm -qa | grep -e '\.el[67]' | grep -vE '^(gpg-pubkey|libmodulemd|katello-ca-consumer)' | sort
[root@kanaiwa-rh8 modules]# rpm -qa | grep -e '\.el[67]' | grep -vE '^(gpg-pubkey|libmodulemd|katello-ca-consumer)' | sort
clamav-data-0.103.11-1.el7.noarch
clamav-filesystem-0.103.11-1.el7.noarch
haveged-1.9.13-1.el7.x86_64
htop-2.2.0-3.el7.x86_64
jwhois-4.0-47.el7.x86_64
kernel-3.10.0-1160.118.1.el7.x86_64
leapp-0.16.0-1.el7_9.noarch
leapp-upgrade-el7toel8-0.19.0-1.el7_9.noarch
MariaDB-client-10.4.33-1.el7.centos.x86_64
MariaDB-common-10.4.33-1.el7.centos.x86_64
MariaDB-compat-10.4.33-1.el7.centos.x86_64
ncdu-1.19-1.el7.x86_64
nkf-2.1.3-5.el7.x86_64
python2-leapp-0.16.0-1.el7_9.noarch
texinfo-5.1-5.el7.x86_64
ustr-1.0.4-16.el7.x86_64
yum-plugin-fastestmirror-1.1.31-54.el7_8.noarch
zabbix-agent-4.0.50-1.el7.x86_64
zabbix-release-4.0-2.el7.noarch
kernel
古いカーネルはすべて削除する。
dnf remove kernel-3.10.0-1160.118.1.el7
# rm -r /lib/modules/*el7*
rm -rf /lib/modules/3.10.0-1160.118.1.el7.x86_64
leapp
dnf remove leapp-deps-el8 leapp-repository-deps-el8
rm /etc/yum.repos.d/convert2rhel.repo
zabbix
dnf remove zabbix-agent zabbix-release
epel
dnf remove epel-release
ll /etc/yum.repos.d/*.rpmsave
cd /etc/yum.repos.d/
rm *.rpmsave
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
# clamav
dnf remove clamav-data clamav-filesystem
dnf install clamav clamav-data clamav-devel clamav-filesystem clamav-update clamd
subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
dnf remove haveged htop jwhois ncdu nkf texinfo ustr
dnf install haveged htop jwhois ncdu nkf texinfo ustr
dnf remove yum-plugin-fastestmirror
mariadb
rpm -qa | grep -i maria
dnf remove MariaDB-common MariaDB-compat MariaDB-client mariadb-connector
leappの残骸
# /var/log/leapp /var/lib/leapp は参考として取得したほうがよさそう
cd /var/log/
tar -cf leapp_log.tar leapp
mv leapp_log.tar /tmp/
cd /var/lib/
tar -cf leapp_lib.tar leapp
rm -rf /var/log/leapp /root/tmp_leapp_py3 /var/lib/leapp
BOOT_OPTIONS="$(tr -s "$IFS" '\n' </proc/cmdline | grep -ve '^BOOT_IMAGE=' -e '^initrd=' | tr '\n' ' ')"
echo $BOOT_OPTIONS
# 差分確認要
cp -p /boot/grub2/grub.cfg /tmp/.
grub2-editenv - set "kernelopts=$BOOT_OPTIONS"
#
diff /boot/grub2/grub.cfg grub.cfg
ll /boot/vmlinuz-*rescue*
ll /boot/initramfs-*rescue*
rm /boot/vmlinuz-*rescue* /boot/initramfs-*rescue*
/usr/lib/kernel/install.d/51-dracut-rescue.install add "$(uname -r)" /boot "/boot/vmlinuz-$(uname -r)"
検証手順
grubby --info=ALL | grep "\.el7" || echo "Old kernels are not present in the bootloader."
ls /boot/vmlinuz-*rescue* /boot/initramfs-*rescue*
lsinitrd /boot/initramfs-*rescue*.img | grep -qm1 "$(uname -r)/kernel/" && echo "OK" || echo "FAIL"
grubby --info $(ls /boot/vmlinuz-*rescue*)
- MariaDB関連のインストールは最後
rm /etc/yum.repos.d/mariadb.repo
curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
vim /etc/yum.repos.d/mariadb.repo
# to 10.11
dnf install MariaDB-server MariaDB-client