Skip to main content
Skip table of contents

Upgrade RedHat 7 to RedHat 8 / RedHat 9

Overview

1) Pre-requirements - Take server snapshot.

2) Prepare for OS Update - Install Upgrade RPM that will do the necessary changes for Veridium, before OS update.

3) perform OS Update

4) Post OS upgrade steps - Application Update - Install new RPM versions, that are compatible with the new OS version.

 

 

1) Pre-requirements

1.1) Take a snapshot of the server. It is critical to have snapshots, as this is the only way to restore in case of OS update is failing.

1.2) User should have internet access from server directly or via proxy, in order to download the update OS packages.

2) Prepare for OS update - Install Upgrade RPM that will do the necessary changes for Veridium, before OS update

2.1) using Veridium REPO, the packages can be found in the following:
2.2) In case of using local packages update, please download the following archive accordingly.

Package URL

MD5

SHA1

Description

Update Packages Archive RHEL 8

c24a23bf2449c48d737e504ee8126a91

9af8b3061607f2cd292d5bbb2fe7c4e9ce3961b6

VeridiumID Update packages archive containing all RPMs, for local update procedure

Update Packages Archive RHEL9

9f9108c54ebee2d5371119f54eb512ca

a20fe4e5dd3cb1931858acec1dd5ecb04447419d

VeridiumID Update packages archive containing all RPMs, for local update procedure

2.3) Install latest Upgrade RPM (from the update archive for the new operating system)
CODE
#######################################################################################
# In case of local RPMs - for RHEL 8
sudo unzip veridiumid-update-packages-rhel8-9.5.14.zip -d /home/veridiumid/update-354
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.13*

#######################################################################################
# In case of local RPMs - for RHEL 9
sudo unzip veridiumid-update-packages-rhel9-9.5.15.zip -d /home/veridiumid/update-354
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.13*

#######################################################################################
# In case of YUM repository
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.13
2.4) Run the pre-update steps
CODE
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/pre_os_update.sh

3) Upgrade OS from RHEL 7 to RHEL 8 and then to RHEL 9

3.1) In case, that there are some specific repo's, not Redhat, pls disable them. Below is a command to see what repo’s are enabled.
CODE
sudo yum clean metadata
sudo sed -i 's|enabled=1|enabled=0|g' /etc/yum.repos.d/remote.repo
sudo sed -i 's|enabled=1|enabled=0|g' /etc/yum.repos.d/nexus.repo

## should be enabled RedHat 7 
sudo yum repolist all | grep enabled
3.2) update OS to latest available OS and reboot
CODE
sudo yum update
# In case of kernel being update, a reboot will be required
sudo reboot
## check the kernel version, it should be at least
uname -r
3.10.0-1160.108.1.el7.x86_64
3.3) install additional repository, for RedHat7
  • for AWS:

CODE
#System needs to be registered if it is not already.
# to check if registered, run:
sudo subscription-manager status
sudo subscription-manager register --username XXXX  --password XXXX --force

#Following command can be skipped if yum-plugin-versionlock plug-in does not exist on the system; it is ok to receive error "No such command: versionlock. Please use /bin/yum --help"
sudo yum versionlock clear 

sudo yum-config-manager --enable rhui-client-config-server-7
sudo yum-config-manager --enable rhel-7-server-rhui-extras-rpms
sudo yum install yum-plugin-versionlock rh-amazon-rhui-client leapp-rhui-aws -y
  • for Bare Metal

CODE
#System needs to be registered if it is not already.
# to check if registered, run:
sudo subscription-manager status
# if not registered, run:
sudo subscription-manager register --username XXXX  --password XXXX --force

#Following command can be skipped if yum-plugin-versionlock plug-in does not exist on the system; it is ok to receive error "No such command: versionlock. Please use /bin/yum --help"
sudo yum versionlock clear

sudo yum install yum-plugin-versionlock leapp-upgrade
3.4) apply some specific rules, much more might be added, if specific OS rules were implemented. The report will be generated and inform if specific blocking actions need to be solved.
CODE
# Remove modules that are no longer used in RHEL 8
sudo rmmod pata_acpi floppy

# Enable yum plugins
sudo bash -c "sed -i 's/^plugins=0/plugins=1/' '/etc/yum.conf'; sed -i 's/^enabled=0/enabled=1/' '/etc/yum/pluginconf.d/subscription-manager.conf'; sed -i 's/^enabled=0/enabled=1/' '/etc/yum/pluginconf.d/product-id.conf'"

echo PermitRootLogin yes | sudo tee -a /etc/ssh/sshd_config
sudo leapp answer --section remove_pam_pkcs11_module_check.confirm=True
## if this is returning, errror, run the below one:
sudo leapp answer --add --section  remove_pam_pkcs11_module_check.confirm=True

## check if upgrade can be executed
sudo leapp preupgrade --target 8.8

Run the OS upgrade

CODE
sudo leapp upgrade --target 8.8
## after the upgrade, please reboot server; the reboot can take up to 15 minutes
sudo reboot
## check if latest RedHat was installed
cat /etc/redhat-release

3.5) Remove unnecessary packages from RedHat 7

CODE
rpm -qa | grep -E 'el7[.-]' | xargs sudo rpm -e
3.6) If case of wanting to upgrade to RedHat 9 continue with steps from “Upgrade from RedHat 8 to RedHat 9” otherwise continue with “Post upgrade steps”.

Upgrade from RedHat 8 to RedHat 9

3.7) Prepare the upgrade
CODE
# it was tested internally with 9.2, but is is also working with latest RHEL release, 9.3
# Since the OS version has changed subscription manager will need to be ran again
sudo subscription-manager register --username XXXX  --password='XXXX' --force

sudo yum versionlock clear
sudo subscription-manager release --set 8.8

# Remove old modules
sudo ls -d /lib/modules/*.el7*
sudo rm -rf /lib/modules/*el7*
sudo rm -rf /var/log/leapp /root/tmp_leapp_py3 /var/lib/leapp

# Clean metadata and cache for YUM repository
sudo yum clean all

# Comment packages excluded in /etc/yum.conf
sudo sed -e '/exclude=/ s/^#*/#/' -i /etc/yum.conf
sudo sed -e '/exclude=/ s/^#*/#/' -i /etc/dnf/dnf.conf

# Remove old leapp packages (used to update to RedHat 8)
sudo yum remove leapp-upgrade python2-leapp

sudo rpm -qa | grep leapp
## remove all leapp packages, and install the latest leapp.
sudo yum install leapp-upgrade

sudo leapp preupgrade --target 9.2
3.8) Run the OS update
CODE
sudo leapp upgrade --target 9.2

# After the upgrade is finished a reboot will be required
sudo reboot
3.9) Remove old RHEL 8 packages
CODE
rpm -qa | grep -E 'el8[.-]' | xargs sudo rpm -e
## if jemalloc is not installed, please install it:
sudo rpm -qa | grep jemalloc
sudo yum install jemalloc
##because jemalloc is in epel repository, not in the main RHEL one, it can be downloaded from here and installed separatelly:
wget https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/j/jemalloc-5.2.1-2.el9.x86_64.rpm
sudo yum install jemalloc-5.2.1-2.el9.x86_64.rpm
3.10) on RHEL8 and RHEL9, ntpd service was replaced by chronyd. If necessary, please setup the NTP servers in this file:
CODE
sudo chronyc -a sources
##
sudo vi /etc/chrony.conf
##pool SERVERIP iburst
##
sudo systemctl restart chronyd
3.11) Continue with “Post upgrade steps”

4) Post OS upgrade steps - Application Update

Install new RPM versions, that are compatible with the new OS version.

4.1) Run post upgrade script
CODE
# In case of local RPMs
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/post_os_update.sh /home/veridiumid/update-354/packages/

# In case of YUM repository
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/post_os_update.sh
4.2) Continue with application update
CODE
#######################################################################################
# In case of local RPMs - for RHEL 8
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.14*
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.14 --rpm-path /home/veridiumid/update-354/packages
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.14 --rpm-path /home/veridiumid/update-354/packages

#######################################################################################
# In case of local RPMs - for RHEL 9
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.15*
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.15 --rpm-path /home/veridiumid/update-354/packages
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.15 --rpm-path /home/veridiumid/update-354/packages

#######################################################################################
# In case of YUM repository - for RHEL 8
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.14
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.14 --use-repo
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.14 --use-repo

#######################################################################################
# In case of YUM repository - for RHEL 9
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.15
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.15 --use-repo
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.15 --use-repo

##check the status of the VeridiumID Services
sudo bash /etc/veridiumid/scripts/check_services.sh

 

 

Packages

For update procedure, with local packages, please download only “VeridiumID Update packages” archive containing all RPMs.

 

 

 

 

Update Packages Archive RHEL 8

c24a23bf2449c48d737e504ee8126a91

9af8b3061607f2cd292d5bbb2fe7c4e9ce3961b6

VeridiumID Update packages archive containing all RPMs, for local update procedure

Update Packages Archive RHEL9

9f9108c54ebee2d5371119f54eb512ca

a20fe4e5dd3cb1931858acec1dd5ecb04447419d

VeridiumID Update packages archive containing all RPMs, for local update procedure

Individual packages RHEL8

Package URL

MD5

SHA1

Description

Package URL

MD5

SHA1

Description

WebsecAdmin

31992daf871300ce2305fa6509fcbb63

30c947390e1d531720ce9f62435f5fe57403b4f5

VeridiumID Admin Dashboard

Migration

92758d88f86dfcc0ad7b6f2176039af4

912ce16cc1fc86ede64c1abc5742c6365ff6a8fa

VeridiumID migration tool

Websec

4a4c5a382ce4b3d0c5bcc8d3f18209f8

242e01e72ea44e591d46de1c747914216358b3a6

VeridiumID Websec

AdService

0bd2f72f6048ba51441da46e393d4dc5

bf0367a533edf120c300998e77db7b8e253b6500

VeridiumID Directory Service component

DMZ

a2ee049884b79ae6895f962111ba59f4

b0414bcf549e1eca7360fb677ff43e8cf2f558b6

VeridiumID DMZ service

Data Retention

1166dcf78fc747d5e839ce4196beb420

8d3699be19963764ef3bbfd1c11485499837fba3

VeridiumID Data Retention service

Fido

82eb0c9186cd34cd90f39c026bd5adc2

2ae36fb0e321470ec7a9c14dd88b1380fddeb3fc

VeridiumID Fido service

OPA

5c51f1863c19d15bba5b6b6092d1ac9c

2735f46e3b0f50b14e3530952bc64d203793f17e

VeridiumID Open Policy Agent

Elasticsearch

9081868e6408b32aece3a7e804b5b92f

4da8e0d76003a6ca96761965bff55a17c4418ca4

VeridiumID Elasticsearch

Kibana

a264659c2156d78ce16f6408722b0941

7d8f920d85cf92c18f055c18c63894e70620aab5

VeridiumID Kibana

Zookeeper

6ede9621228d472f4de35ccce13f230c

af964de8eca140c0e4faee787c0ebe3e82d054e1

VeridiumID Zookeeper

Cassandra

fecddc9ab3a3285dfe2cf371ff856af2

5f4a42097de014bf91944d8241ced09ef0da8741

VeridiumID Cassandra

Haproxy

671e22edcb1ddfb7b01284dd4d33d8d3

b9fbcd5ff43453c5b6cba3a43bd09153e1b66fc7

VeridiumID Haproxy

SelfServicePortal

398272906d4e3bfd3ad5de82aea098ca

748a0d087126a329e39f801db535740f7b394212

VeridiumID Self Service Portal

Shibboleth

0f191000d21361db37ee1fac3334930f

41d47ec5cacffe61df8e1795a77d99271db83eed

VeridiumID Shibboleth Identity Provider

Tomcat

85ebea10e073d5a7893cfdd73995d20c

ce0609003c98531c45267dfd40b3c8627dea739b

VeridiumID Tomcat

Freeradius

ae230f827cd7523807fe6c8c8df906b3

c62f74805f24baeacb0bc17593c95b107c3b3715

VeridiumID FreeRadius

4F

28d5bf75367030775980d708624b4d09

7eba98559cd2878771567c17f17dd43162718660

VeridiumID 4F biometric library

VFace

c4129c17d3c8b0ed70b3f5e5ee811b6c

3046ae81d1bb161c1fb6a512d65b02b194869047

VeridiumID VFace biometric library

Update procedure RPM

f6f76bb828fa4f1053200ab40822e7e5

14a33aec00d5b5a01c71fd6f00070a04641d465e

Update scripts

Individual packages RHEL9

Package URL

MD5

SHA1

Description

WebsecAdmin

ecd94bfeffaab84d93dd5c416aa0e1aa

9fc414aca0bf00ed88eb9cadb3e0e813c5e0a4b9

VeridiumID Admin Dashboard

Migration

1ef446823af21fc5686d85b1653d782d

a21ca995445bb33ce87180afdfb386744e43ac86

VeridiumID migration tool

Websec

1cb7610611b2cda8b7d706c5cef789f5

08dc833846d63e83903b36201d4bbff6d8a62600

VeridiumID Websec

AdService

0152c0c223370fe1a94c2bb9282e608f

6e4bccc9aacb1c162632da889f0d9e223e6fdd22

VeridiumID Directory Service component

DMZ

97d4805196eae98b84c3093d213b8604

1f5f8afc9956ae3c29cb84695e3ce799aac58d14

VeridiumID DMZ service

Data Retention

48e5cabac2699862b54226437298f187

d04e5fc4fe76dc549fa20c0b1f525a737ea5774a

VeridiumID Data Retention service

Fido

7945d38b5b59b9391de06a5121445d39

ad9d96c990ad041242a4c466298c58207e42b2ac

VeridiumID Fido service

OPA

3a7ba1758ed5901f58c95f6bf45bba1d

0503f6ad65d0d8cda1972b918ba205bf37ec1e4d

VeridiumID Open Policy Agent

Elasticsearch

bf05187a7f97206ceeafac4f5fc8f4b2

53263d315198e6935617e8e3b1452730e3e77ed3

VeridiumID Elasticsearch

Kibana

8110ce2902bb60272e1aae4bc44c50bf

4ea9d63690be8d99bcf94f3fab58a83ea243af77

VeridiumID Kibana

Zookeeper

87b539dfc01ac42bf23b14d37eefef37

9d1bb0f100d3277305d17a33498f45b22dad4b1b

VeridiumID Zookeeper

Cassandra

894c5e7c3a00ebcf2d7032d9c50967f5

37f1eb3ffcbd6343cbdbccafa793728d0dbfd95f

VeridiumID Cassandra

Haproxy

fbbaad896f9b034eb16a665e435ed82e

683e416a43c98ceac60602e7ec5132c5f4da37ef

VeridiumID Haproxy

SelfServicePortal

57be79dd15fb1c262f68451b0c885882

3fc61b4ef4336b80fc6d29f9bdddb8402c1344d5

VeridiumID Self Service Portal

Shibboleth

941629b403b8e01f94e03383d0c78536

f65dd4c8be221733c4d9da51c1db2a7082602a92

VeridiumID Shibboleth Identity Provider

Tomcat

3e1412e5712037de3b29b53ce020e2e9

1ee95fff7395f30b5add5f4280e892b108b9c1da

VeridiumID Tomcat

Freeradius

050390c9886bc472e34406d67e9a2181

9713dc52c77351900b9ee488338799f850594706

VeridiumID FreeRadius

4F

1cba640950f87e5a985e4b5bb19d3f08

8c623ab506d1aac09f1fe7c755ff0af314cb839e

VeridiumID 4F biometric library

VFace

9ead8b905e1cbc1a559cd43c1b02f03f

3ee998413985bcbe823f2dab0614c49f476475ab

VeridiumID VFace biometric library

Update procedure RPM

fcfc2e8abc9c09200a9833e739640adf

9db47f44eb73bdd96188118d9f9e28205e56e158

Update scripts

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.