Upgrade RedHat 7 to RedHat 8 / RedHat 9 - After update Veridium version to 3.6.0
This procedure is applicable only if you have updated Veridium to version 3.6.0.
Overview
1) Pre-requirements - Take server snapshot.
2) Prepare for OS Update - Install Upgrade RPM that will do the necessary changes for Veridium, before OS update.
3) Perform OS Update
4) Post OS upgrade steps - Application Update - Install new RPM versions, that are compatible with the new OS version.
1) Pre-requirements
1.1) Take a snapshot of the server. It is critical to have snapshots, as this is the only way to restore in case of OS update is failing.
1.2) User should have internet access from server directly or via proxy, in order to download the update OS packages.
2) Prepare for OS update - Install Upgrade RPM that will do the necessary changes for Veridium, before OS update
2.1) Using Veridium REPO, the packages can be found in the following, based to which version you want to do the update:
Package URL | Description |
|---|
Package URL | Description |
|---|---|
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM8/packages/ | Repository with RHEL8 packages |
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM9/packages/ | Repository with RHEL9 packages |
2.2) In case of using local packages update, please download the following archive accordingly, based to which version you want to do the update.
Package URL | MD5 | SHA1 | Description |
|---|---|---|---|
|
| VeridiumID Update packages archive containing all RPMs, for local update procedure | |
|
| VeridiumID Update packages archive containing all RPMs, for local update procedure |
CODE
## Download the package, based on what you want to install.
## RHEL8, Rocky8
wget --user NEXUS_USER --password NEXUS_PASSWORD -e use_proxy=yes -e http_proxy=PROXY_IP:PROXY_PORT https://veridium-repo.veridium-dev.com/repository/VeridiumUtils/Veridium-3.6.0-update/veridiumid-update-packages-rhel8-10.0.55.zip
TMP_DEST="/home/veridiumid/update360RHELUPDATE"
unzip veridiumid-update-packages-rhel8-10.0.55.zip -d ${TMP_DEST}
## RHEL9, Rocky9
wget --user NEXUS_USER --password NEXUS_PASSWORD -e use_proxy=yes -e http_proxy=PROXY_IP:PROXY_PORT https://veridium-repo.veridium-dev.com/repository/VeridiumUtils/Veridium-3.6.0-update/veridiumid-update-packages-rhel9-10.0.55.zip
TMP_DEST="/home/veridiumid/update360RHELUPDATE"
unzip veridiumid-update-packages-rhel9-10.0.55.zip -d ${TMP_DEST}
2.3) Run the pre-update steps.
CODE
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/360/pre_os_update.sh3) Upgrade OS from RHEL 7 to RHEL 8 and then to RHEL 9
3.1) Setup PROXY, If you are using public repositories.
CODE
## edit /etc/environment, by adding the reverse proxy.
vim /etc/environment
http_proxy=IP:PORT
https_proxy=IP:PORT
## After that login/logout from current session3.2) In case, that there are some specific repo's, not Redhat, pls disable them. Below is a command to see what repo’s are enabled.
CODE
sudo yum clean metadata
sudo sed -i 's|enabled=1|enabled=0|g' /etc/yum.repos.d/remote.repo
sudo sed -i 's|enabled=1|enabled=0|g' /etc/yum.repos.d/nexus.repo
## should be enabled RedHat 7
sudo yum repolist all | grep enabled3.3) update OS to latest available OS and reboot
CODE
sudo yum update
# In case of kernel being update, a reboot will be required
sudo reboot
## check the kernel version, it should be at least
uname -r
3.10.0-1160.108.1.el7.x86_64
3.4) install additional repository, for RedHat7
for AWS:
CODE
#System needs to be registered if it is not already.
# to check if registered, run:
sudo subscription-manager status
sudo subscription-manager register --username XXXX --password XXXX --force
#Following command can be skipped if yum-plugin-versionlock plug-in does not exist on the system; it is ok to receive error "No such command: versionlock. Please use /bin/yum --help"
sudo yum versionlock clear
sudo yum-config-manager --enable rhui-client-config-server-7
sudo yum-config-manager --enable rhel-7-server-rhui-extras-rpms
sudo yum install yum-plugin-versionlock rh-amazon-rhui-client leapp-rhui-aws -yfor Bare Metal
CODE
#System needs to be registered if it is not already.
# to check if registered, run:
sudo subscription-manager status
# if not registered, run:
sudo subscription-manager register --username XXXX --password XXXX --force
#Following command can be skipped if yum-plugin-versionlock plug-in does not exist on the system; it is ok to receive error "No such command: versionlock. Please use /bin/yum --help"
sudo yum versionlock clear
sudo yum install yum-plugin-versionlock leapp-upgrade3.5) apply some specific rules, much more might be added, if specific OS rules were implemented. The report will be generated and inform if specific blocking actions need to be solved.
CODE
# Remove modules that are no longer used in RHEL 8
sudo rmmod pata_acpi floppy
# Enable yum plugins
sudo bash -c "sed -i 's/^plugins=0/plugins=1/' '/etc/yum.conf'; sed -i 's/^enabled=0/enabled=1/' '/etc/yum/pluginconf.d/subscription-manager.conf'; sed -i 's/^enabled=0/enabled=1/' '/etc/yum/pluginconf.d/product-id.conf'"
echo PermitRootLogin yes | sudo tee -a /etc/ssh/sshd_config
sudo leapp answer --section remove_pam_pkcs11_module_check.confirm=True
## if this is returning, errror, run the below one:
sudo leapp answer --add --section remove_pam_pkcs11_module_check.confirm=True
## check if upgrade can be executed
sudo leapp preupgrade --target 8.8
Run the OS upgrade
CODE
sudo leapp upgrade --target 8.8
## after the upgrade, please reboot server; the reboot can take up to 15 minutes
sudo reboot
## check if latest RedHat was installed
cat /etc/redhat-release3.6) Remove unnecessary packages from RedHat 7
CODE
rpm -qa | grep -E 'el7[.-]' | xargs sudo rpm -e3.7) If case of wanting to upgrade to RedHat 9 continue with steps from “Upgrade from RedHat 8 to RedHat 9” otherwise continue with “Post upgrade steps”.
Also undo reverse proxy setup, if you want to upgrade only to Rocky8:
CODE
## edit /etc/environment, by adding the reverse proxy.
vim /etc/environment
## remove these lines
http_proxy=IP:PORT
https_proxy=IP:PORT
## After that reboot the server, by running:
rebootUpgrade from RedHat 8 to RedHat 9
3.8) Prepare the upgrade
CODE
# it was tested internally with 9.2, but is is also working with latest RHEL release, 9.3
# Since the OS version has changed subscription manager will need to be ran again
sudo subscription-manager register --username XXXX --password='XXXX' --force
sudo yum versionlock clear
sudo subscription-manager release --set 8.8
# Remove old modules
sudo ls -d /lib/modules/*.el7*
sudo rm -rf /lib/modules/*el7*
sudo rm -rf /var/log/leapp /root/tmp_leapp_py3 /var/lib/leapp
# Clean metadata and cache for YUM repository
sudo yum clean all
# Comment packages excluded in /etc/yum.conf
sudo sed -e '/exclude=/ s/^#*/#/' -i /etc/yum.conf
sudo sed -e '/exclude=/ s/^#*/#/' -i /etc/dnf/dnf.conf
# Remove old leapp packages (used to update to RedHat 8)
sudo yum remove leapp-upgrade python2-leapp
sudo rpm -qa | grep leapp
## remove all leapp packages, and install the latest leapp.
sudo yum install leapp-upgrade
sudo leapp preupgrade --target 9.23.9) Run the OS update
CODE
sudo leapp upgrade --target 9.2
# After the upgrade is finished a reboot will be required
sudo reboot3.10) Remove old RHEL 8 packages
CODE
rpm -qa | grep -E 'el8[.-]' | xargs sudo rpm -e
## if jemalloc is not installed, please install it:
sudo rpm -qa | grep jemalloc
sudo yum install jemalloc
##because jemalloc is in epel repository, not in the main RHEL one, it can be downloaded from here and installed separatelly:
wget https://dl.fedoraproject.org/pub/epel/9/Everything/x86_64/Packages/j/jemalloc-5.2.1-2.el9.x86_64.rpm
sudo yum install jemalloc-5.2.1-2.el9.x86_64.rpm
3.11) on RHEL8 and RHEL9, ntpd service was replaced by chronyd. If necessary, please setup the NTP servers in this file:
CODE
sudo chronyc -a sources
##
sudo vi /etc/chrony.conf
##pool SERVERIP iburst
##
sudo systemctl restart chronyd
3.12) Continue with “Post upgrade steps”
Also undo reverse proxy setup.
CODE
## edit /etc/environment, by adding the reverse proxy.
vim /etc/environment
## remove these lines
http_proxy=IP:PORT
https_proxy=IP:PORT
## After that reboot the server, by running:
reboot4) Post OS upgrade steps - Application Update
Install new RPM versions, that are compatible with the new OS version.
4.1) Run post upgrade script
CODE
# In case of local RPMs
TMP_DEST="/home/veridiumid/update360RHELUPDATE"
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/360/post_os_update.sh ${TMP_DEST}/packages/
# In case of YUM repository
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/360/post_os_update.sh
bash /etc/veridiumid/scripts/check_services.sh4.2) Enable log rotate to run each day
CODE
## apply this fix, because some files might be duplicated
if [ -e "/etc/logrotate.d/rsyslog" ] && [ -e "/etc/logrotate.d/syslog" ]; then
rm -f /etc/logrotate.d/syslog
systemctl restart logrotate
fi
## enable the logrotate timer to be executed periodically
systemctl enable logrotate.timer
systemctl start logrotate.timer