Upgrading Satellite 6.11 from RHEL7 to RHEL8
Satellite 6.11 is the only version of Satellite capable of running both in RHEL7 and RHEL8. While Satellite 6.11 was published a few months ago, I didn't immediately upgrade to RHEL8, and here's a quick recap on what is needed to update a Satellite system in place to the next version of RHEL.
Preparations
You can review the official upgrade documentation in the Upgrading Satellite or Capsule to Red Hat Enterprise Linux 8 In-Place Using Leapp chapter of the documentation.
Prior to performing this upgrade, you should be on the latest Satellite 6.11
version, including the RHEL OS packages. You can upgrade to the latest
version with a regular foreman-maintain upgrade run -y --target-version=6.11.z.
In addition to that, you need to enable the extras repository and install the
leapp package:
# subscription-manager repos --enable rhel-7-server-extras-rpms # satellite-maintain packages install leapp leapp-repository -y Running install packages in unlocked session ================================================================================ Confirm installer run is allowed: WARNING: This script runs satellite-installer after the yum execution to ensure the Satellite is in a consistent state. As a result some of your services may be restarted. Do you want to proceed?, [y(yes), q(quit)] y [OK] -------------------------------------------------------------------------------- Unlock packages: [OK] -------------------------------------------------------------------------------- Install packages: Loaded plugins: product-id, search-disabled-repos, subscription-manager [...] ================================================================================ Install 2 Packages (+16 Dependent packages) Total download size: 3.8 M Installed size: 14 M Is this ok [y/d/N] y [...] -------------------------------------------------------------------------------- Check status of version locking of packages: Automatic locking of package versions is enabled in installer. Packages are locked. [OK] -------------------------------------------------------------------------------- #
You will also need to perform this workaround to pass through a known caveat in the upgrade process documented in https://access.redhat.com/solutions/6966647 .
# subscription-manager repo-override --repo=satellite-6.11-for-rhel-8-x86_64-rpms --add=module_hotfixes:1
Repository 'satellite-6.11-for-rhel-8-x86_64-rpms' does not currently exist, but the override has been added.
Running leapp preupgrade
LEAPP can be run to assess the system and prepare the upgrade process.
# time leapp preupgrade ==> Processing phase `configuration_phase` ====> * ipu_workflow_config IPU workflow config actor ==> Processing phase `FactsCollection` ====> * tcp_wrappers_config_read Parse tcp_wrappers configuration files /etc/hosts.{allow,deny}. ====> * grubdevname Get name of block device where GRUB is located ====> * scanmemory Scan Memory of the machine. ====> * scan_subscription_manager_info Scans the current system for subscription manager information ====> * scan_files_for_target_userspace Scan the source system and identify files that will be copied into the target userspace when it is created. ====> * sssd_facts Check SSSD configuration for changes in RHEL8 and report them in model. ====> * network_manager_read_config Provides data about NetworkManager configuration. ====> * scan_kernel_cmdline No documentation has been provided for the scan_kernel_cmdline actor. ====> * storage_scanner Provides data about storage settings. ====> * load_device_driver_deprecation_data Loads deprecation data for drivers and devices (PCI & CPU) ====> * register_yum_adjustment Registers a workaround which will adjust the yum directories during the upgrade. ====> * udevadm_info Produces data exported by the "udevadm info" command. ====> * scan_sap_hana Gathers information related to SAP HANA instances on the system. ====> * pci_devices_scanner Provides data about existing PCI Devices. ====> * authselect_scanner Detect what authselect configuration should be suggested to administrator. ====> * persistentnetnames Get network interface information for physical ethernet interfaces of the original system. ====> * common_leapp_dracut_modules Influences the generation of the initram disk ====> * persistentnetnamesdisable Disable systemd-udevd persistent network naming on machine with single eth0 NIC ====> * system_facts Provides data about many facts from system. ====> * read_openssh_config Collect information about the OpenSSH configuration. ====> * repository_mapping Produces message containing repository mapping based on provided file. ====> * xfs_info_scanner This actor scans all mounted mountpoints for XFS information ====> * sctp_read_status Determines whether or not the SCTP kernel module might be wanted. ====> * source_boot_loader_scanner Scans the boot loader configuration on the source system. ====> * scan_custom_repofile Scan the custom /etc/leapp/files/leapp_upgrade_repositories.repo repo file. ====> * biosdevname Enable biosdevname on the target RHEL system if all interfaces on the source RHEL ====> * rpm_scanner Provides data about installed RPM Packages. Loaded plugins: foreman-protector, product-id, subscription-manager WARNING: Excluding 13038 packages due to foreman-protector. Use foreman-maintain packages install/update <package> to safely install packages without restrictions. Use foreman-maintain upgrade run for full upgrade. ====> * transaction_workarounds Provides additional RPM transaction tasks based on bundled RPM packages. ====> * scan_pkg_manager Provides data about package manager (yum/dnf) ====> * check_kde_apps Actor checks which KDE apps are installed. ====> * root_scanner Scan the system root directory and produce a message containing ====> * firewalld_facts_actor Provide data about firewalld ====> * scanclienablerepo Produce CustomTargetRepository based on the LEAPP_ENABLE_REPOS in config. ====> * pam_modules_scanner Scan the pam directory for services and modules used in them ====> * selinuxcontentscanner Scan the system for any SELinux customizations ====> * scandasd In case of s390x architecture, check whether DASD is used. ====> * scancpu Scan CPUs of the machine. ====> * removed_pam_modules_scanner Scan PAM configuration for modules that are not available in RHEL-8. ====> * satellite_upgrade_facts Report which Satellite packages require updates and how to handle PostgreSQL data ====> * get_enabled_modules Provides data about which module streams are enabled on the source system. ====> * repositories_blacklist Exclude target repositories provided by Red Hat without support. ====> * detect_kernel_drivers Matches all currently loaded kernel drivers against known deprecated and removed drivers. ====> * get_installed_desktops Actor checks if kde or gnome desktop environments ====> * checkrhui Check if system is using RHUI infrastructure (on public cloud) and send messages to ====> * red_hat_signed_rpm_scanner Provide data about installed RPM Packages signed by Red Hat. ====> * quagga_daemons Active quagga daemons check. ====> * ipa_scanner Scan system for ipa-client and ipa-server status ====> * rpm_transaction_config_tasks_collector Provides additional RPM transaction tasks from /etc/leapp/transaction. ====> * used_repository_scanner Scan used enabled repositories ====> * cups_scanner Gather facts about CUPS features which needs to be migrated ====> * spamassassin_config_read Reads spamc configuration (/etc/mail/spamassassin/spamc.conf), the ====> * pes_events_scanner Provides data about package events from Package Evolution Service. ====> * vsftpd_config_read Reads vsftpd configuration files (/etc/vsftpd/*.conf) and extracts necessary information. ====> * multipath_conf_read Read multipath configuration files and extract the necessary informaton ====> * setuptargetrepos Produces list of repositories that should be available to be used by Upgrade process. ==> Processing phase `Checks` ====> * check_luks_and_inhibit Check if any encrypted partitions is in use. If yes, inhibit the upgrade process. ====> * check_memcached Check for incompatible changes in memcached configuration. ====> * check_os_release Check if the current RHEL minor version is supported. If not, inhibit the upgrade process. ====> * authselect_check Confirm suggested authselect call from AuthselectScanner. ====> * checkacpid Check if acpid is installed. If yes, write information about non-compatible changes. ====> * tcp_wrappers_check Check the list of packages previously compiled with TCP wrappers support ====> * postgresql_check Actor checking for presence of PostgreSQL installation. ====> * check_root_symlinks Check if the symlinks /bin and /lib are relative, not absolute. ====> * check_kde_gnome Checks whether KDE is installed ====> * check_non_mount_boot_s390 Inhibits on s390 when /boot is NOT on a separate partition. ====> * check_btrfs Check if Btrfs filesystem is in use. If yes, inhibit the upgrade process. ====> * check_se_linux Check SELinux status and produce decision messages for further action. ====> * check_rhsmsku Ensure the system is subscribed to the subscription manager ====> * check_sendmail Check if sendmail is installed, check whether configuration update is needed, inhibit upgrade if TCP wrappers ====> * open_ssh_deprecated_directives_check Check for any deprecated directives in the OpenSSH configuration. ====> * check_ipa_server Check for ipa-server and inhibit upgrade ====> * check_skipped_repositories Produces a report if any repositories enabled on the system are going to be skipped. ====> * check_ntp Check if ntp and/or ntpdate configuration needs to be migrated. ====> * check_chrony Check for incompatible changes in chrony configuration. ====> * check_firewalld Check for certain firewalld configuration that may prevent an upgrade. ====> * check_docker Checks if Docker is installed and warns about its deprecation in RHEL8. ====> * open_ssh_algorithms OpenSSH configuration does not contain any unsupported cryptographic algorithms. ====> * checkdosfstools Check if dosfstools is installed. If yes, write information about non-compatible changes. ====> * check_brltty Check if brltty is installed, check whether configuration update is needed. ====> * cups_check Reports changes in configuration between CUPS 1.6.3 and 2.2.6 ====> * checktargetrepos Check whether target yum repositories are specified. ====> * check_sap_hana If SAP HANA has been detected, several checks are performed to ensure a successful upgrade. ====> * check_removed_envvars Check for usage of removed environment variables and inhibit the upgrade ====> * zipl_check_boot_entries Inhibits the upgrade if a problematic Zipl configuration is detected on the system. ====> * checkhybridimage Check if the system is using Azure hybrid image. ====> * quagga_report Checking for babeld on RHEL-7. ====> * unsupported_upgrade_check Checks enviroment variables and produces a warning report if the upgrade is unsupported. ====> * checkfstabxfsoptions Check the FSTAB file for the deprecated / removed XFS mount options. ====> * check_boot_avail_space Check if at least 100Mib of available space on /boot. If not, inhibit the upgrade process. ====> * python_inform_user This actor informs the user of differences in Python version and support in RHEL 8. ====> * check_system_arch Check if system is running at a supported architecture. If no, inhibit the upgrade process. ====> * check_etc_releasever Check releasever info and provide a guidance based on the facts ====> * removed_pam_modules Check for modules that are not available in RHEL 8 anymore ====> * check_cifs Check if CIFS filesystem is in use. If yes, inhibit the upgrade process. ====> * open_ssh_protocol Protocol configuration option was removed. ====> * check_nfs Check if NFS filesystem is in use. If yes, inhibit the upgrade process. ====> * check_postfix Check if postfix is installed, check whether configuration update is needed. ====> * multipath_conf_check Checks whether the multipath configuration can be updated to RHEL-8 and ====> * check_fips Inhibit upgrade if FIPS is detected as enabled. ====> * powertop Check if PowerTOP is installed. If yes, write information about non-compatible changes. ====> * check_installed_debug_kernels Inhibit IPU (in-place upgrade) when multiple debug kernels are installed. ====> * sctp_checks Parses collected SCTP information and take necessary actions. ====> * check_wireshark Report a couple of changes in tshark usage ====> * sssd_check Check SSSD configuration for changes in RHEL8 and report them. ====> * checkgrep Check if Grep is installed. If yes, write information about non-compatible changes. ====> * efi_check_boot Adjust EFI boot entry for first reboot ====> * check_bind Actor parsing BIND configuration and checking for known issues in it. ====> * vsftpd_config_check Checks whether the vsftpd configuration is supported in RHEL-8. Namely checks that ====> * checkmemory The actor check the size of RAM against RHEL8 minimal hardware requirements ====> * check_installed_devel_kernels Inhibit IPU (in-place upgrade) when multiple devel kernels are installed. ====> * check_detected_devices_and_drivers Checks whether or not detected devices and drivers are usable on the target system. ====> * red_hat_signed_rpm_check Check if there are packages not signed by Red Hat in use. If yes, warn user about it. ====> * check_ha_cluster Check if HA Cluster is in use. If yes, inhibit the upgrade process. ====> * spamassassin_config_check Reports changes in spamassassin between RHEL-7 and RHEL-8 ====> * multiple_package_versions Check for problematic 32bit packages installed together with 64bit ones. ====> * satellite_upgrade_check Check state of Satellite system before upgrade ====> * check_rpm_transaction_events Filter RPM transaction events based on installed RPM packages ====> * removed_pam_modules_check Check if it is all right to disable PAM modules that are not in RHEL-8. ====> * detect_grub_config_error Check grub configuration for syntax error in GRUB_CMDLINE_LINUX value. ====> * open_ssh_use_privilege_separation UsePrivilegeSeparation configuration option was removed. ====> * checkirssi Check if irssi is installed. If yes, write information about non-compatible changes. ====> * openssh_permit_root_login OpenSSH no longer allows root logins with password. ====> * yum_config_scanner Scans the configuration of the YUM package manager. ====> * check_installed_kernels Inhibit IPU (in-place upgrade) when installed kernels conflict with a safe upgrade. ====> * check_grub_core Check whether we are on legacy (BIOS) system and instruct Leapp to upgrade GRUB core ====> * check_yum_plugins_enabled Checks that the required yum plugins are enabled. ====> * check_skip_phase Skip all the subsequent phases until the report phase. ==> Processing phase `Reports` ====> * verify_check_results Check all dialogs and notify that user needs to make some choices. ====> * verify_check_results Check all generated results messages and notify user about them. ============================================================ UPGRADE INHIBITED ============================================================ Upgrade has been inhibited due to the following problems: 1. Inhibitor: Use of NFS detected. Upgrade can't proceed 2. Inhibitor: Leapp detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed. 3. Inhibitor: Newest installed kernel not in use 4. Inhibitor: Missing required answers in the answer file Consult the pre-upgrade report for details and possible remediation. ============================================================ UPGRADE INHIBITED ============================================================ Debug output written to /var/log/leapp/leapp-preupgrade.log ============================================================ REPORT ============================================================ A report has been generated at /var/log/leapp/leapp-report.json A report has been generated at /var/log/leapp/leapp-report.txt ============================================================ END OF REPORT ============================================================ Answerfile has been generated at /var/log/leapp/answerfile real 3m26.738s user 2m48.344s sys 0m11.675s
The output of the report can be reviewed at :
📋 : /var/log/leapp/leapp-report.txt
Answering update questions and amending configurations
LEAPP will probably point a number of blocker issues (inhibitors) that prevent RHEL from being directly upgraded into the next version. The most typical ones are:
- Deprecated drivers (eg: floppy)
- Multiple NICs following the naming standard (eg:
eth0andeth1). - Not running the latest installed kernel
- NFS mountpoints
- Changes in configuration.
Deprecated drivers can be removed online with a simple modprobe -r command, eg:
# modprobe -r floppy # modprobe -r pata_acpi
If you need to rename your NICs prior to upgrade, review your satellite configuration to ensure no service depends on such nic names. This can be achieved looking at the current configuration:
# satellite-installer --scenario satellite -h | grep eth
This command will provide the output of any service using 'eth' .
Finally, you'll need to answer any pending questions at /var/log/leapp/answerfile.
They can be answered by editing the file, or programatically with:
# leapp answer --section remove_pam_pkcs11_module_check.confirm=True
Performing the upgrade
You will need about:
- 15-30 min to download the new RHEL8 RPMs.
- 15-30 min to power down the system, start in single user and perform the RHEL upgrade (done automatically by leapp).
- 15-30 min post-reboot, once in RHEL8, for the leapp-upgrade process to run
satellite-installeronce again.
Launching the upgrade
Once the prerequisites have been sorted out, you can launch the actual install phase with:
# time leapp upgrade --reboot ==> Processing phase `configuration_phase` ====> * ipu_workflow_config IPU workflow config actor ==> Processing phase `FactsCollection` ====> * source_boot_loader_scanner Scans the boot loader configuration on the source system. [...] ====> * target_userspace_creator Initializes a directory to be populated as a minimal environment to run binaries from the target system. Red Hat Enterprise Linux 8 for x86_64 - AppStre 33 MB/s | 47 MB 00:01 Red Hat Enterprise Linux 8 for x86_64 - BaseOS 34 MB/s | 53 MB 00:01 [...] rpm-plugin-systemd-inhibit x86_644.14.3-24.el8_6 rhel-8-for-x86_64-baseos-rpms 79 k kpartx x86_640.8.4-22.el8_6.2 rhel-8-for-x86_64-baseos-rpms 115 k Transaction Summary ================================================================================ Install 199 Packages Total download size: 111 M Installed size: 707 M Downloading Packages: (1/199): pinentry-1.1.0-2.el8.x86_64.rpm 376 kB/s | 100 kB 00:00 (2/199): libxkbcommon-0.9.1-1.el8.x86_64.rpm 295 kB/s | 116 kB 00:00 [...] Complete! ==> Processing phase `TargetTransactionCheck` ====> * tmp_actor_to_satisfy_sanity_checks The actor does NOTHING but satisfy static sanity checks ====> * local_repos_inhibit Inhibits the upgrade if local repositories were found. ====> * report_set_target_release Reports information related to the release set in the subscription-manager after the upgrade. ====> * dnf_transaction_check This actor tries to solve the RPM transaction to verify the all package dependencies can be successfully resolved. Applying transaction workaround - yum config fix Applying transaction workaround - PostgreSQL symlink fix Last metadata expiration check: 0:01:05 ago on Sun Oct 30 05:49:50 2022. Package foreman-installer-katello-1:3.1.2.8-1.el7sat.noarch is already installed. Package rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch is already installed. Package tfm-rubygem-smart_proxy_ansible-3.3.1-4.el7sat.noarch is already installed. Package satellite-installer-6.11.0.7-1.el7sat.noarch is already installed. Package katello-4.3.0-3.el7sat.noarch is already installed. Package foreman-installer-1:3.1.2.8-1.el7sat.noarch is already installed. [...] Transaction Summary ==================================================================================================================================================================== Install 796 Packages Upgrade 520 Packages Remove 501 Packages Downgrade 11 Packages Total size: 1.1 G Total download size: 1.0 G DNF will only download packages, install gpg keys, and check the transaction. Downloading Packages: [SKIPPED] libcroco-0.6.12-4.el8_2.1.x86_64.rpm: Already downloaded [...] (1323/1324): glib2-devel-2.56.4-158.el8_6.1.x86 1.9 MB/s | 425 kB 00:00 (1324/1324): linux-firmware-20220210-108.git634 43 MB/s | 196 MB 00:04 -------------------------------------------------------------------------------- Total 7.7 MB/s | 1.0 GB 02:12 Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Complete! The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. ==> Processing phase `InterimPreparation` ====> * upgrade_initramfs_generator Creates the upgrade initramfs [...] Transaction test succeeded. Complete! ====> * add_upgrade_boot_entry Add new boot entry for Leapp provided initramfs. ====> * efi_interim_fix Adjust EFI boot entry for first reboot Connection to sat.example.org closed by remote host.
When the system reboots, it will automatically enter the upgrade phase. Progress can be seen on the server console (if it has one), or similarly in the serial console:
[ 0.000000] Linux version 4.18.0-372.32.1.el8_6.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-10) (GCC)) #1 SMP Fri Oct 7 12:35:10 EDT 2022 [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-upgrade.x86_64 root=UUID=989ac477-64f2-449f-8415-25b1a5f7d47f ro console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=auto LANG=en_US.UTF-8 enforcing=0 rd.plymouth=0 plymouth.enable=0 [...] [ OK ] Reached target System Upgrade. Starting System Upgrade... [ 3.091330] upgrade[564]: starting upgrade hook [ 3.100141] upgrade[564]: /bin/upgrade: line 19: /sysroot/var/tmp/system-upgrade.state: Read-only file system [ 3.108025] upgrade[567]: WARNING: locking_type (4) is deprecated, using --sysinit --readonly. [ 3.139068] upgrade[577]: Spawning container sysroot on /sysroot. [ 3.140429] upgrade[577]: Press ^] three times within 1s to kill container. [ 3.158634] upgrade[578]: Host and machine ids are equal (e6a3f27a614a4bafbce01f024fffa4fa): refusing to link journals [ 19.039129] upgrade[581]: ==> Processing phase `InitRamStart` [ 19.040185] upgrade[581]: ====> * remove_upgrade_boot_entry [ 19.041240] upgrade[581]: Remove boot entry for Leapp provided initramfs. [ 20.201161] upgrade[581]: ==> Processing phase `LateTests` [ 20.202092] upgrade[581]: ====> * persistentnetnamesinitramfs [ 20.203015] upgrade[581]: Get network interface information for physical ethernet interfaces with the new kernel in initramfs. [ 20.368520] upgrade[581]: ==> Processing phase `Preparation` [ 20.369458] upgrade[581]: ====> * applytransactionworkarounds [ 20.370454] upgrade[581]: Executes registered workaround scripts on the system before the upgrade transaction [ 20.687348] upgrade[1127]: Applying transaction workaround - yum config fix [ 20.688443] upgrade[1127]: Applying transaction workaround - PostgreSQL symlink fix [ 20.713928] upgrade[581]: ====> * zipl_convert_to_blscfg [ 20.714805] upgrade[581]: Convert the zipl boot loader configuration to the the boot loader specification on s390x systems. [ 20.810979] upgrade[581]: ====> * update_etc_sysconfig_kernel [ 20.811979] upgrade[581]: Update /etc/sysconfig/kernel file. [ 20.928661] upgrade[581]: ====> * removed_pam_modules_apply [ 20.929962] upgrade[581]: Remove old PAM modules that are no longer available in RHEL-8 from [ 21.008238] upgrade[581]: ====> * remove_boot_files [ 21.009385] upgrade[581]: Remove Leapp provided initramfs from boot partition. [ 21.079783] upgrade[581]: ====> * bind_update [ 21.080723] upgrade[581]: Actor parsing facts found in configuration and modifing configuration. [ 21.702416] upgrade[581]: ====> * selinuxprepare [ 21.703252] upgrade[581]: Remove selinux policy customizations before updating selinux-policy* packages [ 37.974629] upgrade[581]: ==> Processing phase `RPMUpgrade` [ 37.975625] upgrade[581]: ====> * dnf_upgrade_transaction [ 37.976681] upgrade[581]: Setup and call DNF upgrade command [ 56.672687] upgrade[1508]: Last metadata expiration check: 0:09:28 ago on Sun Oct 30 05:49:50 2022. [ 56.674187] upgrade[1508]: Package foreman-installer-katello-1:3.1.2.8-1.el7sat.noarch is already installed. [ 56.675740] upgrade[1508]: Package rubygem-foreman_maintain-1:1.0.18-1.el7sat.noarch is already installed. [ 56.677163] upgrade[1508]: Package tfm-rubygem-smart_proxy_ansible-3.3.1-4.el7sat.noarch is already installed. [ 56.678745] upgrade[1508]: Package satellite-installer-6.11.0.7-1.el7sat.noarch is already installed. [ 56.680170] upgrade[1508]: Package katello-4.3.0-3.el7sat.noarch is already installed. [ 56.681422] upgrade[1508]: Package foreman-installer-1:3.1.2.8-1.el7sat.noarch is already installed. [ 56.682846] upgrade[1508]: Dependencies resolved. ... [ 629.502384] upgrade[1508]: Cleanup : libffi-3.0.13-19.el7.x86_64 2358/2377 [ 629.504355] upgrade[1508]: Running scriptlet: libffi-3.0.13-19.el7.x86_64 2358/2377 [ 629.506308] upgrade[1508]: Cleanup : libattr-2.4.46-13.el7.x86_64 2359/2377 [ 629.508318] upgrade[1508]: Running scriptlet: libattr-2.4.46-13.el7.x86_64 2359/2377 [ 629.510145] upgrade[1508]: Cleanup : glibc-common-2.17-326.el7_9.x86_64 2360/2377 [ 629.512042] upgrade[1508]: Cleanup : libselinux-2.5-15.el7.x86_64 2361/2377 ... [ 767.787262] upgrade[1508]: yum-rhn-plugin-2.0.1-10.el7.noarch [ 767.789242] upgrade[1508]: Complete! [ 767.826797] upgrade[581]: ====> * scan_installed_target_kernel_version [ 767.828424] upgrade[581]: Scan for the version of the newly installed kernel [ 768.206418] upgrade[581]: ====> * update_grub_core [ 768.208251] upgrade[581]: On legacy (BIOS) systems, GRUB core (located in the gap between the MBR and the [ 769.967896] upgrade[581]: ====> * prepare_python_workround [ 769.969822] upgrade[581]: Prepare environment to be able to run leapp with Python3 in initrd. [ 770.059375] upgrade[581]: ====> * check_leftover_packages [ 770.061088] upgrade[581]: Check if there are any RHEL 7 packages present after upgrade. [ 785.130946] upgrade[581]: ====> * report_leftover_packages [ 785.132304] upgrade[581]: Collect messages about leftover el7 packages and generate report for users. [ 785.479332] upgrade[581]: Debug output written to /var/log/leapp/leapp-upgrade.log [ 785.482295] upgrade[581]: ============================================================ [ 785.485510] upgrade[581]: REPORT [ 785.488046] upgrade[581]: ============================================================ [ 785.491356] upgrade[581]: A report has been generated at /var/log/leapp/leapp-report.json [ 785.494664] upgrade[581]: A report has been generated at /var/log/leapp/leapp-report.txt [ 785.497093] upgrade[581]: ============================================================ [ 785.499437] upgrade[581]: END OF REPORT [ 785.501382] upgrade[581]: ============================================================ [ 785.503777] upgrade[581]: Answerfile has been generated at /var/log/leapp/answerfile [ 785.541018] upgrade[577]: Container sysroot exited successfully. [ 785.569372] upgrade[23665]: Spawning container sysroot on /sysroot. [ 785.571293] upgrade[23665]: Press ^] three times within 1s to kill container. [ 785.589754] upgrade[23666]: Host and machine ids are equal (e6a3f27a614a4bafbce01f024fffa4fa): refusing to link journals [ 800.976473] upgrade[23669]: ==> Processing phase `Applications` [ 800.978106] upgrade[23669]: ====> * persistentnetnamesconfig [ 800.979944] upgrade[23669]: Generate udev persistent network naming configuration [ 801.100341] upgrade[23669]: ====> * satellite_upgrade_data_migration [ 801.101788] upgrade[23669]: Reconfigure Satellite services and migrate PostgreSQL data [ 801.200412] upgrade[23669]: ====> * sctp_config_update [ 801.201875] upgrade[23669]: This actor updates SCTP configuration for RHEL8. [ 801.453848] upgrade[23669]: ====> * migrate_ntp [ 801.455196] upgrade[23669]: Migrate ntp and/or ntpdate configuration to chrony. [ 801.570183] upgrade[23669]: ====> * cups_migrate [ 801.571466] upgrade[23669]: cups_migrate actor [ 801.677384] upgrade[23669]: ====> * spamassassin_config_update [ 801.679294] upgrade[23669]: This actor performs several modifications to spamassassin configuration [ 801.813341] upgrade[23669]: ====> * network_manager_update_config [ 801.814771] upgrade[23669]: Updates NetworkManager configuration for Red Hat Enterprise Linux 8. [ 801.929467] upgrade[23669]: ====> * authselect_apply [ 801.930932] upgrade[23669]: Apply changes suggested by AuthselectScanner. [ 802.030986] upgrade[23669]: ====> * firewalld_update_lockdown_whitelist [ 802.032780] upgrade[23669]: Update the firewalld Lockdown Whitelist. [ 802.168557] upgrade[23669]: ====> * sanebackends_migrate [ 802.170137] upgrade[23669]: Actor for migrating sane-backends configuration files. [ 802.369631] upgrade[23669]: ====> * migrate_sendmail [ 802.371174] upgrade[23669]: Migrate sendmail configuration files. [ 802.506474] upgrade[23669]: ====> * quagga_to_frr [ 802.507824] upgrade[23669]: Edit frr configuration on the new system. [ 802.589137] upgrade[23669]: ====> * set_etc_releasever [ 802.590430] upgrade[23669]: Release version in /etc/dnf/vars/releasever will be set to the current target release [ 802.686639] upgrade[23669]: ====> * vim_migrate [ 802.688214] upgrade[23669]: Modify configuration files of Vim 8.0 and later to keep the same behavior [ 803.087132] upgrade[23669]: ====> * vsftpd_config_update [ 803.088369] upgrade[23669]: Modifies vsftpd configuration files on the target RHEL-8 system so that the effective [ 803.224567] upgrade[23669]: ====> * migrate_brltty [ 803.226273] upgrade[23669]: Migrate brltty configuration files. [ 803.306197] upgrade[23669]: ====> * selinuxapplycustom [ 803.307482] upgrade[23669]: Re-apply SELinux customizations from the original RHEL installation [ 813.958361] upgrade[23669]: ====> * network_manager_update_service [ 813.960107] upgrade[23669]: Updates NetworkManager services status. [ 814.226576] upgrade[23669]: ====> * multipath_conf_update [ 814.227993] upgrade[23669]: Modifies multipath configuration files on the target RHEL-8 system so that [ 814.343563] upgrade[23669]: ====> * cupsfilters_migrate [ 814.345277] upgrade[23669]: Actor for migrating package cups-filters. [ 814.739751] upgrade[23669]: ==> Processing phase `ThirdPartyApplications` [ 814.741239] upgrade[23669]: ==> Processing phase `Finalization` [ 814.742808] upgrade[23669]: ====> * schedule_se_linux_relabelling [ 814.744659] upgrade[23669]: Schedule SELinux relabelling. [ 814.884644] upgrade[23669]: ====> * grubenvtofile [ 814.886180] upgrade[23669]: Convert "grubenv" symlink to a regular file on Azure hybrid images using BIOS. [ 814.959727] upgrade[23669]: ====> * kernelcmdlineconfig [ 814.961317] upgrade[23669]: Append extra arguments to the target RHEL kernel command line [ 815.278592] upgrade[23669]: ====> * efi_finalization_fix [ 815.280153] upgrade[23669]: Adjust EFI boot entry for final reboot [ 815.376693] upgrade[23669]: ====> * force_default_boot_to_target_kernel_version [ 815.378281] upgrade[23669]: Ensure the default boot entry is set to the new target kernel [ 816.031702] upgrade[23669]: ====> * create_systemd_service [ 816.033670] upgrade[23669]: Add a systemd service to launch Leapp. [ 816.169112] upgrade[23669]: ====> * target_initramfs_generator [ 816.170874] upgrade[23669]: Regenerate the target RHEL major version initrd and include files produced by other actors [ 816.263190] upgrade[23669]: ====> * set_permissive_se_linux [ 816.264610] upgrade[23669]: Set SELinux mode. [ 816.424797] upgrade[25854]: Running in chroot, ignoring request. [ 816.586634] upgrade[23669]: Debug output written to /var/log/leapp/leapp-upgrade.log [ 816.588318] upgrade[23669]: ============================================================ [ 816.590201] upgrade[23669]: REPORT [ 816.591874] upgrade[23669]: ============================================================ [ 816.594323] upgrade[23669]: A report has been generated at /var/log/leapp/leapp-report.json [ 816.596922] upgrade[23669]: A report has been generated at /var/log/leapp/leapp-report.txt [ 816.599435] upgrade[23669]: ============================================================ [ 816.601852] upgrade[23669]: END OF REPORT [ 816.603864] upgrade[23669]: ============================================================ [ 816.605804] upgrade[23669]: Answerfile has been generated at /var/log/leapp/answerfile [ 816.645563] upgrade[23665]: Container sysroot exited successfully. [ 816.650618] upgrade[564]: writing logs to disk and rebooting [ 816.784097] upgrade[25871]: Spawning container sysroot on /sysroot. [ 816.785843] upgrade[25871]: Press ^] three times within 1s to kill container. [ 816.805312] upgrade[25872]: Host and machine ids are equal (e6a3f27a614a4bafbce01f024fffa4fa): refusing to link journals [ 816.825354] upgrade[25871]: Container sysroot exited successfully. [ 817.100972] upgrade[564]: /bin/upgrade: line 19: /sysroot/var/tmp/system-upgrade.state: Read-only file system [ OK ] Stopped target Timers. [ OK ] Stopped target Remote File Systems (Pre). ... [ 817.883505] reboot: Restarting system [ 817.884817] reboot: machine restart
Now the system will restart and start a SELinux relabeling process:
[ 29.079373] selinux-autorelabel[817]: Warning: Skipping the following R/O filesystems: [ 29.081344] selinux-autorelabel[817]: /sys/fs/cgroup [ 29.082834] selinux-autorelabel[817]: Relabeling / /dev /dev/hugepages /dev/mqueue /dev/pts /dev/shm /run /sys /sys/fs/cgroup/blkio /sys/fs/cgroup/cpu,cpuacct /sys/fs/cgroup/cpuset /sys/fs/cgroup/devices /sys/fs/cgroup/freezer /sys/fs/cgroup/hugetlb /sys/fs/cgroup/memory /sys/fs/cgroup/net_cls,net_prio /sys/fs/cgroup/perf_event /sys/fs/cgroup/pids /sys/fs/cgroup/rdma /sys/fs/cgroup/systemd /sys/fs/pstore /sys/kernel/debug /sys/kernel/tracing ... [ 181.063734] reboot: Restarting system [ 181.064470] reboot: machine restart
At this moment, the system restarts with RHEL8 and initiates the last part of the configuration and upgrade process. The progress can be followed logging in via SSH and following the leapp-upgrade systemd unit, and the /var/log/foreman-installer/satellite.log :
# journalctl -u leapp_resume.service -f -- Logs begin at Sun 2022-10-30 06:15:40 EDT. -- Oct 30 06:15:46 sat.example.org systemd[1]: Starting Temporary Leapp service which resumes execution after reboot... Oct 30 06:16:08 sat.example.org leapp3[1348]: ==> Processing phase `FirstBoot` Oct 30 06:16:08 sat.example.org leapp3[1348]: ====> * network_manager_update_connections Oct 30 06:16:08 sat.example.org leapp3[1348]: Update NetworkManager connections. Oct 30 06:16:08 sat.example.org leapp3[1348]: ====> * enable_rhsm_target_repos Oct 30 06:16:08 sat.example.org leapp3[1348]: On the upgraded target system, set release and enable repositories that were used during the upgrade Oct 30 06:17:23 sat.example.org leapp3[1348]: ====> * satellite_upgrader Oct 30 06:17:23 sat.example.org leapp3[1348]: Execute installer in the freshly booted system, to finalize Satellite configuration Oct 30 06:36:00 sat.example.org leapp3[6544]: Running the installer. This can take a while. Oct 30 06:36:00 sat.example.org leapp3[1348]: ====> * remove_systemd_resume_service Oct 30 06:36:00 sat.example.org leapp3[1348]: Remove systemd service to launch Leapp. Oct 30 06:36:01 sat.example.org leapp3[1348]: Debug output written to /var/log/leapp/leapp-upgrade.log Oct 30 06:36:01 sat.example.org leapp3[1348]: ============================================================ Oct 30 06:36:01 sat.example.org leapp3[1348]: REPORT Oct 30 06:36:01 sat.example.org leapp3[1348]: ============================================================ Oct 30 06:36:01 sat.example.org leapp3[1348]: A report has been generated at /var/log/leapp/leapp-report.json Oct 30 06:36:01 sat.example.org leapp3[1348]: A report has been generated at /var/log/leapp/leapp-report.txt Oct 30 06:36:01 sat.example.org leapp3[1348]: ============================================================ Oct 30 06:36:01 sat.example.org leapp3[1348]: END OF REPORT Oct 30 06:36:01 sat.example.org leapp3[1348]: ============================================================ Oct 30 06:36:01 sat.example.org leapp3[1348]: Answerfile has been generated at /var/log/leapp/answerfile Oct 30 06:36:01 sat.example.org systemd[1]: leapp_resume.service: Succeeded. Oct 30 06:36:01 sat.example.org systemd[1]: Started Temporary Leapp service which resumes execution after reboot.
The satellite should be now up and running in the latest version!
We can verify with foreman-maintain, as usual:
# foreman-maintain service status ... \ All services are running [OK] --------------------------------------------------------------------------------
Post upgrade tasks
Set SELinux in enforcing mode
As you folks are running ALL your systems with SELinux in enforcing mode 😉 , you'll need to reenable it with:
# vim /etc/selinux/config # (and set it to enforcing) # dnf reinstall foreman-selinux katello-selinux --disableplugin=foreman-protector -y && reboot
Remove the package locks in /etc/yum.conf
Edit /etc/yum.conf so no packages are listed in the exclude section. The leapp
process leaves the following configuration, which must be removed:
# grep exclude /etc/yum.conf exclude=python2-leapp,snactor,leapp-upgrade-el7toel8,leapp
Remove the leapp package
As a part of the upgrade, the leapp package is not automatically removed and this can create issues.
You can remove the leapp package with:
# dnf remove leapp leapp-deps-el8 leapp-repository-deps-el8 leapp-upgrade-el7toel8 python2-leapp --disableplugin=foreman-protector -y
Optionally perform an update to the latest Satellite version
As a verification of the previous steps, we can perform an optional update of Satellite to ensure we didn't forget any relevant step. The update should do nothing (packages are already in the latest version), and we can quickly confirm no problems will occur on future updates.
# foreman-maintain upgrade run --target-version=6.11.z -y
Conclusion
All in all, great work of the LEAPP team creating a tool that will provide the framework to perform in-place upgrades of RHEL operating systems for the years to come!