Upgrade Centos 7 to Rocky Linux 8/9
Overview
1) Pre-requirements - Take server snapshot.
2) Prepare for OS Update - Install Upgrade RPM that will do the necessary changes for Veridium, before OS update.
3) perform OS Update
4) Post OS upgrade steps - Application Update - Install new RPM versions, that are compatible with the new OS version.
1) Pre-requirements
1.1) Take a snapshot of the server. It is critical to have snapshots, as this is the only way to restore in case of OS update is failing.
1.2) User should have internet access from server directly or via proxy, in order to download the update OS packages.
2) Prepare for OS update - Install Upgrade RPM that will do the necessary changes for Veridium, before OS update
2.1) using Veridium REPO, the packages can be found in the following:
Package URL | Description |
|---|---|
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM/packages/ | Repository with RHEL7 packages |
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM8/packages/ | Repository with RHEL8 packages |
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM9/packages/ | Repository with RHEL9 packages |
2.2) In case of using local packages update, please download the following archive accordingly.
Package URL | MD5 | SHA1 | Description |
|---|---|---|---|
c24a23bf2449c48d737e504ee8126a91 | 9af8b3061607f2cd292d5bbb2fe7c4e9ce3961b6 | VeridiumID Update packages archive containing all RPMs, for local update procedure | |
9f9108c54ebee2d5371119f54eb512ca | a20fe4e5dd3cb1931858acec1dd5ecb04447419d | VeridiumID Update packages archive containing all RPMs, for local update procedure |
2.3) Install latest Upgrade RPM (from the update archive for the new operating system)
#######################################################################################
# In case of local RPMs - for RHEL 8
sudo unzip veridiumid-update-packages-rhel8-9.5.14.zip -d /home/veridiumid/update-354
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.13*
#######################################################################################
# In case of local RPMs - for RHEL 9
sudo unzip veridiumid-update-packages-rhel9-9.5.15.zip -d /home/veridiumid/update-354
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.13*
#######################################################################################
# In case of YUM repository
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.132.5) Run the pre-update steps
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/pre_os_update.sh3) Upgrade from Centos 7 to Rocky 8 and then to Rocky 9
3.1) In case, that there are some specific repo-s, not Centos/Redhat, pls disable
sudo yum repolist all
sudo sed -i 's|enabled=1|enabled=0|g' /etc/yum.repos.d/remote.repo
sudo sed -i 's|enabled=1|enabled=0|g' /etc/yum.repos.d/nexus.repo
##centos updates should be enabled
sudo sed -i 's|enabled=0|enabled=1|g' /etc/yum.repos.d/CentOS-Base.repo
sudo yum clean metadata
## should be enabled CentOS-7 - Base and CentOS-7 - Updates
sudo yum repolist all | grep enabled
3.2) update OS to latest available OS and reboot
sudo yum update
sudo reboot
## check the kernel version, it should be at least
uname -r
3.10.0-1160.108.1.el7.x86_64
3.3) install additional repository, for rocky/alma
sudo yum install -y http://repo.almalinux.org/elevate/elevate-release-latest-el$(rpm --eval %rhel).noarch.rpm
sudo yum install -y leapp-upgrade leapp-data-rocky3.4) apply some specific rules, much more might be added, if specific OS rules were implemented. The report will be generated and inform if specific blocking actions need to be solved.
sudo rmmod pata_acpi
echo PermitRootLogin yes | sudo tee -a /etc/ssh/sshd_config
sudo leapp answer --section remove_pam_pkcs11_module_check.confirm=True
## if this is returning, errror, run the below one:
sudo leapp answer --add --section remove_pam_pkcs11_module_check.confirm=True
## check if upgrade can be executed
sudo leapp preupgrade
Run the OS upgrade
sudo leapp upgrade
## after the upgrade, please reboot server; the reboot can take up to 15 minutes
sudo reboot
## check if rocky was installed
cat /etc/rocky-release3.5) Remove unnecessary packages from Centos 7
rpm -qa | grep -E 'el7[.-]' | xargs sudo rpm -e3.6) If case of wanting to upgrade to Rocky 9 continue with steps from “Upgrade from Rocky 8 to Rocky 9” otherwise continue with “Post upgrade steps”.
Upgrade from Rocky 8 to Rocky 9
3.7) Prepare the upgrade
#Install the elevate-release package for Rocky 8
sudo yum install -y http://repo.almalinux.org/elevate/elevate-release-latest-el$(rpm --eval %rhel).noarch.rpm
#yum configuration excluded several packages during the upgrade. Change the configuration so no packages are excluded. This command does not provide an output.
sudo yum config-manager --save --setopt exclude=''
#Install the Leapp migration packages:
sudo yum install -y leapp-upgrade leapp-data-rocky
sudo leapp preupgrade
##check for inhibitors
less /var/log/leapp/leapp-report.txt3.8) Possible inhibitors
sudo yum remove -y make-devel rocky-logos
## RHEL 9 does not support the legacy network-scripts package that was deprecated in RHEL 8 in favor of NetworkManager. Files for device types that are not supported by NetworkManager are present in the system.
ls /etc/sysconfig/network-scripts/ifcfg-*
sudo nmcli con show
#The network interface needs to be converted to work with NetworkManager. This can be achieved by running the following command for the affected interface.
sudo nmcli connection migrate "<interface_name>"
sudo sed -i "s/^AllowZoneDrifting=.*/AllowZoneDrifting=no/" /etc/firewalld/firewalld.conf
sudo leapp answer --section check_vdo.no_vdo_devices=True
##if the previous is failing
sudo leapp answer --add --section check_vdo.no_vdo_devices=True
3.9) Run the OS update
sudo leapp upgrade
# After the upgrade is finished a reboot will be required
reboot
cat /etc/rocky-release3.10) Remove old Rocky 8 packages
rpm -qa | grep -E 'el8[.-]' | xargs sudo rpm -e
sudo yum install jemalloc3.11) on Rocky8 and Rocky9, ntpd service was replaced by chronyd. If necessary, please setup the NTP servers in this file:
sudo chronyc -a sources
##
sudo vi /etc/chrony.conf
pool SERVERIP iburst
##
sudo systemctl restart chronyd3.12) Continue with “Post upgrade steps”
4) Post OS upgrade steps - Application Update
Install new RPM versions, that are compatible with the new OS version.
4.1) Run post upgrade script
# In case of local RPMs
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/post_os_update.sh /home/veridiumid/update-354/packages/
# In case of YUM repository
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/post_os_update.sh
4.2) Continue with application update
#######################################################################################
# In case of local RPMs - for RHEL 8
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.14*
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.14 --rpm-path /home/veridiumid/update-354/packages
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.14 --rpm-path /home/veridiumid/update-354/packages
#######################################################################################
# In case of local RPMs - for RHEL 9
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.15*
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.15 --rpm-path /home/veridiumid/update-354/packages
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.15 --rpm-path /home/veridiumid/update-354/packages
#######################################################################################
# In case of YUM repository - for RHEL 8
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.14
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.14 --use-repo
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.14 --use-repo
#######################################################################################
# In case of YUM repository - for RHEL 9
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.15
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.15 --use-repo
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.15 --use-repo
##check the status of the VeridiumID Services
bash /etc/veridiumid/scripts/check_services.sh
Packages
For update procedure, with local packages, please download only “VeridiumID Update packages” archive containing all RPMs.
|
|
|
|
|---|---|---|---|
c24a23bf2449c48d737e504ee8126a91 | 9af8b3061607f2cd292d5bbb2fe7c4e9ce3961b6 | VeridiumID Update packages archive containing all RPMs, for local update procedure | |
9f9108c54ebee2d5371119f54eb512ca | a20fe4e5dd3cb1931858acec1dd5ecb04447419d | VeridiumID Update packages archive containing all RPMs, for local update procedure |
Individual packages RHEL8
Package URL | MD5 | SHA1 | Description |
|---|
Package URL | MD5 | SHA1 | Description |
|---|
Package URL | MD5 | SHA1 | Description |
|---|---|---|---|
31992daf871300ce2305fa6509fcbb63 | 30c947390e1d531720ce9f62435f5fe57403b4f5 | VeridiumID Admin Dashboard | |
92758d88f86dfcc0ad7b6f2176039af4 | 912ce16cc1fc86ede64c1abc5742c6365ff6a8fa | VeridiumID migration tool | |
4a4c5a382ce4b3d0c5bcc8d3f18209f8 | 242e01e72ea44e591d46de1c747914216358b3a6 | VeridiumID Websec | |
0bd2f72f6048ba51441da46e393d4dc5 | bf0367a533edf120c300998e77db7b8e253b6500 | VeridiumID Directory Service component | |
a2ee049884b79ae6895f962111ba59f4 | b0414bcf549e1eca7360fb677ff43e8cf2f558b6 | VeridiumID DMZ service | |
1166dcf78fc747d5e839ce4196beb420 | 8d3699be19963764ef3bbfd1c11485499837fba3 | VeridiumID Data Retention service | |
82eb0c9186cd34cd90f39c026bd5adc2 | 2ae36fb0e321470ec7a9c14dd88b1380fddeb3fc | VeridiumID Fido service | |
5c51f1863c19d15bba5b6b6092d1ac9c | 2735f46e3b0f50b14e3530952bc64d203793f17e | VeridiumID Open Policy Agent | |
9081868e6408b32aece3a7e804b5b92f | 4da8e0d76003a6ca96761965bff55a17c4418ca4 | VeridiumID Elasticsearch | |
a264659c2156d78ce16f6408722b0941 | 7d8f920d85cf92c18f055c18c63894e70620aab5 | VeridiumID Kibana | |
6ede9621228d472f4de35ccce13f230c | af964de8eca140c0e4faee787c0ebe3e82d054e1 | VeridiumID Zookeeper | |
fecddc9ab3a3285dfe2cf371ff856af2 | 5f4a42097de014bf91944d8241ced09ef0da8741 | VeridiumID Cassandra | |
671e22edcb1ddfb7b01284dd4d33d8d3 | b9fbcd5ff43453c5b6cba3a43bd09153e1b66fc7 | VeridiumID Haproxy | |
398272906d4e3bfd3ad5de82aea098ca | 748a0d087126a329e39f801db535740f7b394212 | VeridiumID Self Service Portal | |
0f191000d21361db37ee1fac3334930f | 41d47ec5cacffe61df8e1795a77d99271db83eed | VeridiumID Shibboleth Identity Provider | |
85ebea10e073d5a7893cfdd73995d20c | ce0609003c98531c45267dfd40b3c8627dea739b | VeridiumID Tomcat | |
ae230f827cd7523807fe6c8c8df906b3 | c62f74805f24baeacb0bc17593c95b107c3b3715 | VeridiumID FreeRadius | |
28d5bf75367030775980d708624b4d09 | 7eba98559cd2878771567c17f17dd43162718660 | VeridiumID 4F biometric library | |
c4129c17d3c8b0ed70b3f5e5ee811b6c | 3046ae81d1bb161c1fb6a512d65b02b194869047 | VeridiumID VFace biometric library | |
f6f76bb828fa4f1053200ab40822e7e5 | 14a33aec00d5b5a01c71fd6f00070a04641d465e | Update scripts |
Individual packages RHEL9
Package URL | MD5 | SHA1 | Description |
|---|---|---|---|
ecd94bfeffaab84d93dd5c416aa0e1aa | 9fc414aca0bf00ed88eb9cadb3e0e813c5e0a4b9 | VeridiumID Admin Dashboard | |
1ef446823af21fc5686d85b1653d782d | a21ca995445bb33ce87180afdfb386744e43ac86 | VeridiumID migration tool | |
1cb7610611b2cda8b7d706c5cef789f5 | 08dc833846d63e83903b36201d4bbff6d8a62600 | VeridiumID Websec | |
0152c0c223370fe1a94c2bb9282e608f | 6e4bccc9aacb1c162632da889f0d9e223e6fdd22 | VeridiumID Directory Service component | |
97d4805196eae98b84c3093d213b8604 | 1f5f8afc9956ae3c29cb84695e3ce799aac58d14 | VeridiumID DMZ service | |
48e5cabac2699862b54226437298f187 | d04e5fc4fe76dc549fa20c0b1f525a737ea5774a | VeridiumID Data Retention service | |
7945d38b5b59b9391de06a5121445d39 | ad9d96c990ad041242a4c466298c58207e42b2ac | VeridiumID Fido service | |
3a7ba1758ed5901f58c95f6bf45bba1d | 0503f6ad65d0d8cda1972b918ba205bf37ec1e4d | VeridiumID Open Policy Agent | |
bf05187a7f97206ceeafac4f5fc8f4b2 | 53263d315198e6935617e8e3b1452730e3e77ed3 | VeridiumID Elasticsearch | |
8110ce2902bb60272e1aae4bc44c50bf | 4ea9d63690be8d99bcf94f3fab58a83ea243af77 | VeridiumID Kibana | |
87b539dfc01ac42bf23b14d37eefef37 | 9d1bb0f100d3277305d17a33498f45b22dad4b1b | VeridiumID Zookeeper | |
894c5e7c3a00ebcf2d7032d9c50967f5 | 37f1eb3ffcbd6343cbdbccafa793728d0dbfd95f | VeridiumID Cassandra | |
fbbaad896f9b034eb16a665e435ed82e | 683e416a43c98ceac60602e7ec5132c5f4da37ef | VeridiumID Haproxy | |
57be79dd15fb1c262f68451b0c885882 | 3fc61b4ef4336b80fc6d29f9bdddb8402c1344d5 | VeridiumID Self Service Portal | |
941629b403b8e01f94e03383d0c78536 | f65dd4c8be221733c4d9da51c1db2a7082602a92 | VeridiumID Shibboleth Identity Provider | |
3e1412e5712037de3b29b53ce020e2e9 | 1ee95fff7395f30b5add5f4280e892b108b9c1da | VeridiumID Tomcat | |
050390c9886bc472e34406d67e9a2181 | 9713dc52c77351900b9ee488338799f850594706 | VeridiumID FreeRadius | |
1cba640950f87e5a985e4b5bb19d3f08 | 8c623ab506d1aac09f1fe7c755ff0af314cb839e | VeridiumID 4F biometric library | |
9ead8b905e1cbc1a559cd43c1b02f03f | 3ee998413985bcbe823f2dab0614c49f476475ab | VeridiumID VFace biometric library | |
fcfc2e8abc9c09200a9833e739640adf | 9db47f44eb73bdd96188118d9f9e28205e56e158 | Update scripts |