Upgrade RedHat 7 to RedHat 8 / RedHat 9
Overview
1) Pre-requirements - Take server snapshot.
2) Prepare for OS Update - Install Upgrade RPM that will do the necessary changes for Veridium, before OS update.
3) perform OS Update
4) Post OS upgrade steps - Application Update - Install new RPM versions, that are compatible with the new OS version.
1) Pre-requirements
1.1) Take a snapshot of the server. It is critical to have snapshots, as this is the only way to restore in case of OS update is failing.
1.2) User should have internet access from server directly or via proxy, in order to download the update OS packages.
2) Prepare for OS update - Install Upgrade RPM that will do the necessary changes for Veridium, before OS update
2.1) using Veridium REPO, the packages can be found in the following:
Package URL | Description |
---|---|
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM/packages/ | Repository with RHEL7 packages |
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM8/packages/ | Repository with RHEL8 packages |
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM9/packages/ | Repository with RHEL9 packages |
2.2) In case of using local packages update, please download the following archive accordingly.
Package URL | MD5 | SHA1 | Description |
---|---|---|---|
c24a23bf2449c48d737e504ee8126a91 | 9af8b3061607f2cd292d5bbb2fe7c4e9ce3961b6 | VeridiumID Update packages archive containing all RPMs, for local update procedure | |
9f9108c54ebee2d5371119f54eb512ca | a20fe4e5dd3cb1931858acec1dd5ecb04447419d | VeridiumID Update packages archive containing all RPMs, for local update procedure |
2.3) Install latest Upgrade RPM (from the update archive for the new operating system)
#######################################################################################
# In case of local RPMs - for RHEL 8
sudo unzip veridiumid-update-packages-rhel8-9.5.14.zip -d /home/veridiumid/update-354
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.13*
#######################################################################################
# In case of local RPMs - for RHEL 9
sudo unzip veridiumid-update-packages-rhel9-9.5.15.zip -d /home/veridiumid/update-354
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.13*
#######################################################################################
# In case of YUM repository
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.13
2.4) Run the pre-update steps
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/pre_os_update.sh
3) Upgrade OS from RHEL 7 to RHEL 8 and then to RHEL 9
3.1) In case, that there are some specific repo's, not Redhat, pls disable them. Below is a command to see what repo’s are enabled.
sudo yum clean metadata
sudo sed -i 's|enabled=1|enabled=0|g' /etc/yum.repos.d/remote.repo
sudo sed -i 's|enabled=1|enabled=0|g' /etc/yum.repos.d/nexus.repo
## should be enabled RedHat 7
sudo yum repolist all | grep enabled
3.2) update OS to latest available OS and reboot
sudo yum update
# In case of kernel being update, a reboot will be required
sudo reboot
## check the kernel version, it should be at least
uname -r
3.10.0-1160.108.1.el7.x86_64
3.3) install additional repository, for RedHat7
for AWS:
#System needs to be registered if it is not already.
# to check if registered, run:
sudo subscription-manager status
sudo subscription-manager register --username XXXX --password XXXX --force
#Following command can be skipped if yum-plugin-versionlock plug-in does not exist on the system; it is ok to receive error "No such command: versionlock. Please use /bin/yum --help"
sudo yum versionlock clear
sudo yum-config-manager --enable rhui-client-config-server-7
sudo yum-config-manager --enable rhel-7-server-rhui-extras-rpms
sudo yum install yum-plugin-versionlock rh-amazon-rhui-client leapp-rhui-aws -y
for Bare Metal
#System needs to be registered if it is not already.
# to check if registered, run:
sudo subscription-manager status
# if not registered, run:
sudo subscription-manager register --username XXXX --password XXXX --force
#Following command can be skipped if yum-plugin-versionlock plug-in does not exist on the system; it is ok to receive error "No such command: versionlock. Please use /bin/yum --help"
sudo yum versionlock clear
sudo yum install yum-plugin-versionlock leapp-upgrade
3.4) apply some specific rules, much more might be added, if specific OS rules were implemented. The report will be generated and inform if specific blocking actions need to be solved.
# Remove modules that are no longer used in RHEL 8
sudo rmmod pata_acpi floppy
# Enable yum plugins
sudo bash -c "sed -i 's/^plugins=0/plugins=1/' '/etc/yum.conf'; sed -i 's/^enabled=0/enabled=1/' '/etc/yum/pluginconf.d/subscription-manager.conf'; sed -i 's/^enabled=0/enabled=1/' '/etc/yum/pluginconf.d/product-id.conf'"
echo PermitRootLogin yes | sudo tee -a /etc/ssh/sshd_config
sudo leapp answer --section remove_pam_pkcs11_module_check.confirm=True
## if this is returning, errror, run the below one:
sudo leapp answer --add --section remove_pam_pkcs11_module_check.confirm=True
## check if upgrade can be executed
sudo leapp preupgrade --target 8.8
Run the OS upgrade
sudo leapp upgrade --target 8.8
## after the upgrade, please reboot server; the reboot can take up to 15 minutes
sudo reboot
## check if latest RedHat was installed
cat /etc/redhat-release
3.5) Remove unnecessary packages from RedHat 7
rpm -qa | grep -E 'el7[.-]' | xargs sudo rpm -e
3.6) If case of wanting to upgrade to RedHat 9 continue with steps from “Upgrade from RedHat 8 to RedHat 9” otherwise continue with “Post upgrade steps”.
Upgrade from RedHat 8 to RedHat 9
3.7) Prepare the upgrade
# it was tested internally with 9.2, but is is also working with latest RHEL release, 9.3
# Since the OS version has changed subscription manager will need to be ran again
sudo subscription-manager register --username XXXX --password='XXXX' --force
sudo yum versionlock clear
sudo subscription-manager release --set 8.8
# Remove old modules
sudo ls -d /lib/modules/*.el7*
sudo rm -rf /lib/modules/*el7*
sudo rm -rf /var/log/leapp /root/tmp_leapp_py3 /var/lib/leapp
# Clean metadata and cache for YUM repository
sudo yum clean all
# Comment packages excluded in /etc/yum.conf
sudo sed -e '/exclude=/ s/^#*/#/' -i /etc/yum.conf
sudo sed -e '/exclude=/ s/^#*/#/' -i /etc/dnf/dnf.conf
# Remove old leapp packages (used to update to RedHat 8)
sudo yum remove leapp-upgrade python2-leapp
sudo rpm -qa | grep leapp
## remove all leapp packages, and install the latest leapp.
sudo yum install leapp-upgrade
sudo leapp preupgrade --target 9.2
3.8) Run the OS update
sudo leapp upgrade --target 9.2
# After the upgrade is finished a reboot will be required
sudo reboot
3.9) Remove old RHEL 8 packages
rpm -qa | grep -E 'el8[.-]' | xargs sudo rpm -e
## if jemalloc is not installed, please install it:
sudo rpm -qa | grep jemalloc
sudo yum install jemalloc
##because jemalloc is in epel repository, not in the main RHEL one, it can be downloaded from here and installed separatelly:
wget https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/j/jemalloc-5.2.1-2.el9.x86_64.rpm
sudo yum install jemalloc-5.2.1-2.el9.x86_64.rpm
3.10) on RHEL8 and RHEL9, ntpd service was replaced by chronyd. If necessary, please setup the NTP servers in this file:
sudo chronyc -a sources
##
sudo vi /etc/chrony.conf
##pool SERVERIP iburst
##
sudo systemctl restart chronyd
3.11) Continue with “Post upgrade steps”
4) Post OS upgrade steps - Application Update
Install new RPM versions, that are compatible with the new OS version.
4.1) Run post upgrade script
# In case of local RPMs
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/post_os_update.sh /home/veridiumid/update-354/packages/
# In case of YUM repository
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/354/post_os_update.sh
4.2) Continue with application update
#######################################################################################
# In case of local RPMs - for RHEL 8
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.14*
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.14 --rpm-path /home/veridiumid/update-354/packages
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.14 --rpm-path /home/veridiumid/update-354/packages
#######################################################################################
# In case of local RPMs - for RHEL 9
sudo rpm -Uvh /home/veridiumid/update-354/packages/veridiumid_update_procedure-9.5.15*
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.15 --rpm-path /home/veridiumid/update-354/packages
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.15 --rpm-path /home/veridiumid/update-354/packages
#######################################################################################
# In case of YUM repository - for RHEL 8
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.14
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.14 --use-repo
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.14 --use-repo
#######################################################################################
# In case of YUM repository - for RHEL 9
sudo yum clean metadata
sudo yum -y install veridiumid_update_procedure-9.5.15
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 9.5.15 --use-repo
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 9.5.15 --use-repo
##check the status of the VeridiumID Services
sudo bash /etc/veridiumid/scripts/check_services.sh
Packages
For update procedure, with local packages, please download only “VeridiumID Update packages” archive containing all RPMs.
|
|
|
|
---|---|---|---|
c24a23bf2449c48d737e504ee8126a91 | 9af8b3061607f2cd292d5bbb2fe7c4e9ce3961b6 | VeridiumID Update packages archive containing all RPMs, for local update procedure | |
9f9108c54ebee2d5371119f54eb512ca | a20fe4e5dd3cb1931858acec1dd5ecb04447419d | VeridiumID Update packages archive containing all RPMs, for local update procedure |
Individual packages RHEL8
Package URL | MD5 | SHA1 | Description |
---|
Package URL | MD5 | SHA1 | Description |
---|---|---|---|
31992daf871300ce2305fa6509fcbb63 | 30c947390e1d531720ce9f62435f5fe57403b4f5 | VeridiumID Admin Dashboard | |
92758d88f86dfcc0ad7b6f2176039af4 | 912ce16cc1fc86ede64c1abc5742c6365ff6a8fa | VeridiumID migration tool | |
4a4c5a382ce4b3d0c5bcc8d3f18209f8 | 242e01e72ea44e591d46de1c747914216358b3a6 | VeridiumID Websec | |
0bd2f72f6048ba51441da46e393d4dc5 | bf0367a533edf120c300998e77db7b8e253b6500 | VeridiumID Directory Service component | |
a2ee049884b79ae6895f962111ba59f4 | b0414bcf549e1eca7360fb677ff43e8cf2f558b6 | VeridiumID DMZ service | |
1166dcf78fc747d5e839ce4196beb420 | 8d3699be19963764ef3bbfd1c11485499837fba3 | VeridiumID Data Retention service | |
82eb0c9186cd34cd90f39c026bd5adc2 | 2ae36fb0e321470ec7a9c14dd88b1380fddeb3fc | VeridiumID Fido service | |
5c51f1863c19d15bba5b6b6092d1ac9c | 2735f46e3b0f50b14e3530952bc64d203793f17e | VeridiumID Open Policy Agent | |
9081868e6408b32aece3a7e804b5b92f | 4da8e0d76003a6ca96761965bff55a17c4418ca4 | VeridiumID Elasticsearch | |
a264659c2156d78ce16f6408722b0941 | 7d8f920d85cf92c18f055c18c63894e70620aab5 | VeridiumID Kibana | |
6ede9621228d472f4de35ccce13f230c | af964de8eca140c0e4faee787c0ebe3e82d054e1 | VeridiumID Zookeeper | |
fecddc9ab3a3285dfe2cf371ff856af2 | 5f4a42097de014bf91944d8241ced09ef0da8741 | VeridiumID Cassandra | |
671e22edcb1ddfb7b01284dd4d33d8d3 | b9fbcd5ff43453c5b6cba3a43bd09153e1b66fc7 | VeridiumID Haproxy | |
398272906d4e3bfd3ad5de82aea098ca | 748a0d087126a329e39f801db535740f7b394212 | VeridiumID Self Service Portal | |
0f191000d21361db37ee1fac3334930f | 41d47ec5cacffe61df8e1795a77d99271db83eed | VeridiumID Shibboleth Identity Provider | |
85ebea10e073d5a7893cfdd73995d20c | ce0609003c98531c45267dfd40b3c8627dea739b | VeridiumID Tomcat | |
ae230f827cd7523807fe6c8c8df906b3 | c62f74805f24baeacb0bc17593c95b107c3b3715 | VeridiumID FreeRadius | |
28d5bf75367030775980d708624b4d09 | 7eba98559cd2878771567c17f17dd43162718660 | VeridiumID 4F biometric library | |
c4129c17d3c8b0ed70b3f5e5ee811b6c | 3046ae81d1bb161c1fb6a512d65b02b194869047 | VeridiumID VFace biometric library | |
f6f76bb828fa4f1053200ab40822e7e5 | 14a33aec00d5b5a01c71fd6f00070a04641d465e | Update scripts |
Individual packages RHEL9
Package URL | MD5 | SHA1 | Description |
---|---|---|---|
ecd94bfeffaab84d93dd5c416aa0e1aa | 9fc414aca0bf00ed88eb9cadb3e0e813c5e0a4b9 | VeridiumID Admin Dashboard | |
1ef446823af21fc5686d85b1653d782d | a21ca995445bb33ce87180afdfb386744e43ac86 | VeridiumID migration tool | |
1cb7610611b2cda8b7d706c5cef789f5 | 08dc833846d63e83903b36201d4bbff6d8a62600 | VeridiumID Websec | |
0152c0c223370fe1a94c2bb9282e608f | 6e4bccc9aacb1c162632da889f0d9e223e6fdd22 | VeridiumID Directory Service component | |
97d4805196eae98b84c3093d213b8604 | 1f5f8afc9956ae3c29cb84695e3ce799aac58d14 | VeridiumID DMZ service | |
48e5cabac2699862b54226437298f187 | d04e5fc4fe76dc549fa20c0b1f525a737ea5774a | VeridiumID Data Retention service | |
7945d38b5b59b9391de06a5121445d39 | ad9d96c990ad041242a4c466298c58207e42b2ac | VeridiumID Fido service | |
3a7ba1758ed5901f58c95f6bf45bba1d | 0503f6ad65d0d8cda1972b918ba205bf37ec1e4d | VeridiumID Open Policy Agent | |
bf05187a7f97206ceeafac4f5fc8f4b2 | 53263d315198e6935617e8e3b1452730e3e77ed3 | VeridiumID Elasticsearch | |
8110ce2902bb60272e1aae4bc44c50bf | 4ea9d63690be8d99bcf94f3fab58a83ea243af77 | VeridiumID Kibana | |
87b539dfc01ac42bf23b14d37eefef37 | 9d1bb0f100d3277305d17a33498f45b22dad4b1b | VeridiumID Zookeeper | |
894c5e7c3a00ebcf2d7032d9c50967f5 | 37f1eb3ffcbd6343cbdbccafa793728d0dbfd95f | VeridiumID Cassandra | |
fbbaad896f9b034eb16a665e435ed82e | 683e416a43c98ceac60602e7ec5132c5f4da37ef | VeridiumID Haproxy | |
57be79dd15fb1c262f68451b0c885882 | 3fc61b4ef4336b80fc6d29f9bdddb8402c1344d5 | VeridiumID Self Service Portal | |
941629b403b8e01f94e03383d0c78536 | f65dd4c8be221733c4d9da51c1db2a7082602a92 | VeridiumID Shibboleth Identity Provider | |
3e1412e5712037de3b29b53ce020e2e9 | 1ee95fff7395f30b5add5f4280e892b108b9c1da | VeridiumID Tomcat | |
050390c9886bc472e34406d67e9a2181 | 9713dc52c77351900b9ee488338799f850594706 | VeridiumID FreeRadius | |
1cba640950f87e5a985e4b5bb19d3f08 | 8c623ab506d1aac09f1fe7c755ff0af314cb839e | VeridiumID 4F biometric library | |
9ead8b905e1cbc1a559cd43c1b02f03f | 3ee998413985bcbe823f2dab0614c49f476475ab | VeridiumID VFace biometric library | |
fcfc2e8abc9c09200a9833e739640adf | 9db47f44eb73bdd96188118d9f9e28205e56e158 | Update scripts |