Leapp is a Desktop DevTool that handles the management and security of your cloud credentials for you.
I was wondering the other day how can I easily upgrade a OL7 to OL8, and looks like Oracle has the exact tool for the process:
Oracle® Linux 8 Performing System Upgrades With Leapp
This is the system I will try to upgrade:
First of all we need to verify if we have the last version and last patches of the Oracle Linux 7
[oracle@hol ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)
[root@hol oracle]# yum update
Loaded plugins: langpacks, ulninfo
No packages marked for updateif you will have any packages to upgrade we need to do a reboot of the system.
Let’s install the Oracle Leapp Package now
yum install leapp --enablerepo=ol7_leapp,ol7_latest
Resolving Dependencies
--> Running transaction check
---> Package leapp.noarch 0:0.12.0-1.0.1.el7_9 will be installed
--> Processing Dependency: python2-leapp = 0.12.0-1.0.1.el7_9 for package: leapp-0.12.0-1.0.1.el7_9.noarch
[....]
Transaction Summary
=====================================================================================================================================================================
Install 1 Package (+35 Dependent packages)
Total download size: 6.1 M
Installed size: 24 M
Is this ok [y/d/N]: y
[....]
Installed:
leapp.noarch 0:0.12.0-1.0.1.el7_9
Dependency Installed:
audit-libs-python.x86_64 0:2.8.5-4.el7
checkpolicy.x86_64 0:2.5-8.el7
dnf.noarch 0:4.0.9.2-2.el7
dnf-data.noarch 0:4.0.9.2-2.el7
json-glib.x86_64 0:1.4.2-2.el7
leapp-deps.noarch 0:0.12.0-1.0.1.el7_9
leapp-repository.noarch 0:0.13.0-2.0.1.el7_9
leapp-repository-deps.noarch 0:0.13.0-2.0.1.el7_9
libcgroup.x86_64 0:0.41-21.el7
libcomps.x86_64 0:0.1.8-14.el7
libdnf.x86_64 0:0.22.5-2.el7
libmodulemd.x86_64 0:1.6.4-1.el7
librepo.x86_64 0:1.8.1-8.el7_9
libreport-filesystem.x86_64 0:2.1.11-53.0.1.el7
librhsm.x86_64 0:0.0.3-3.el7
libsemanage-python.x86_64 0:2.5-14.el7
libsolv.x86_64 0:0.6.34-4.el7
libyaml.x86_64 0:0.1.4-11.el7_0
policycoreutils-python.x86_64 0:2.5-34.0.1.el7
python-IPy.noarch 0:0.75-6.el7
python-backports.x86_64 0:1.0-8.el7
python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7
python-enum34.noarch 0:1.0.4-1.el7
python-ipaddress.noarch 0:1.0.16-2.el7
python-pyudev.noarch 0:0.15-9.el7
python-requests.noarch 0:2.6.0-10.el7
python-setuptools.noarch 0:18.0.1-2.el7
python-six.noarch 0:1.9.0-2.el7
python-urllib3.noarch 0:1.10.2-7.el7
python2-dnf.noarch 0:4.0.9.2-2.el7
python2-hawkey.x86_64 0:0.22.5-2.el7
python2-leapp.noarch 0:0.12.0-1.0.1.el7_9
python2-libcomps.x86_64 0:0.1.8-14.el7
python2-libdnf.x86_64 0:0.22.5-2.el7
setools-libs.x86_64 0:3.3.8-4.el7
Complete!
The Preupgrade command will give information about what to expect and any mayor issues before the upgrade (If you are running this in OCI, please check the documentation since you should be using “–oci” instead of “–oraclelinux”)
It will also generate a “answerfile” with the changes that needs to be addressed before the upgrade can be executed
[root@hol oracle]# leapp preupgrade --oraclelinux
==> Processing phase `configuration_phase`
====> * ipu_workflow_config
IPU workflow config actor
==> Processing phase `FactsCollection`
====> * grubdevname
Get name of block device where GRUB is located
====> * scan_custom_repofile
Scan the custom /etc/leapp/files/leapp_upgrade_repositories.repo repo file.
====> * scan_kernel_cmdline
No documentation has been provided for the scan_kernel_cmdline actor.
====> * storage_scanner
Provides data about storage settings.
====> * scan_sap_hana
Gathers information related to SAP HANA instances on the system.
====> * scan_subscription_manager_info
Scans the current system for subscription manager information
====> * network_manager_read_config
Provides data about NetworkManager configuration.
====> * removed_pam_modules_scanner
Scan PAM configuration for modules that are not available in OL-8.
====> * firewalld_facts_actor
Provide data about firewalld
====> * xfs_info_scanner
This actor scans all mounted mountpoints for XFS information
====> * common_leapp_dracut_modules
Influences the generation of the initram disk
====> * sssd_facts
Check SSSD configuration for changes in OL8 and report them in model.
====> * scancpu
Scan CPUs of the machine.
====> * read_openssh_config
Collect information about the OpenSSH configuration.
====> * scanclienablerepo
Produce CustomTargetRepository based on the LEAPP_ENABLE_REPOS in config.
====> * system_facts
Provides data about many facts from system.
====> * rpm_scanner
Provides data about installed RPM Packages.
Loaded plugins: langpacks
====> * tcp_wrappers_config_read
Parse tcp_wrappers configuration files /etc/hosts.{allow,deny}.
====> * repository_mapping
Produces message containing repository mapping based on provided file.
====> * root_scanner
Scan the system root directory and produce a message containing
====> * get_installed_desktops
Actor checks if kde or gnome desktop environments
====> * authselect_scanner
Detect what authselect configuration should be suggested to administrator.
====> * scanmemory
Scan Memory of the machine.
====> * pam_modules_scanner
Scan the pam directory for services and modules used in them
====> * transaction_workarounds
Provides additional RPM transaction tasks based on bundled RPM packages.
====> * oracle_signed_rpm_scanner
Provide data about installed RPM Packages signed by Oracle.
====> * udevadm_info
Produces data exported by the "udevadm info" command.
====> * persistentnetnames
Get network interface information for physical ethernet interfaces of the original system.
====> * biosdevname
Enable biosdevname on OL8 if all interfaces on OL7 use biosdevname naming scheme and if machine vendor is DELL
====> * ipa_scanner
Scan system for ipa-client and ipa-server status
====> * spamassassin_config_read
Reads spamc configuration (/etc/mail/spamassassin/spamc.conf), the
====> * used_repository_scanner
Scan used enabled repositories
====> * sctp_read_status
Determines whether or not the SCTP kernel module might be wanted.
====> * quagga_daemons
Active quagga daemons check.
====> * repositories_blacklist
Generate list of repository IDs that should be ignored by Leapp during upgrade process
====> * vsftpd_config_read
Reads vsftpd configuration files (/etc/vsftpd/*.conf) and extracts necessary information.
====> * multipath_conf_read
Reads multipath configuration files (multipath.conf, and any files in
====> * persistentnetnamesdisable
Disable systemd-udevd persistent network naming on machine with single eth0 NIC
====> * check_kde_apps
Actor checks which KDE apps are installed.
====> * rpm_transaction_config_tasks_collector
Provides additional RPM transaction tasks from /etc/leapp/transaction.
====> * selinuxcontentscanner
Scan the system for any SELinux customizations
====> * pes_events_scanner
Provides data about packages events from Package Evolution Service.
====> * setuptargetrepos
Produces list of repositories that should be available to be used by Upgrade process.
==> Processing phase `Checks`
====> * spamassassin_config_check
Reports changes in spamassassin between OL-7 and OL-8
====> * tcp_wrappers_check
Check the list of packages previously compiled with TCP wrappers support
====> * check_root_symlinks
Check if the symlinks /bin and /lib are relative, not absolute.
====> * check_olm
Check if connected to OLM and both client and server
====> * vsftpd_config_check
Checks whether the vsftpd configuration is supported in OL8. Namely checks that
====> * check_brltty
Check if brltty is installed, check whether configuration update is needed.
====> * check_rdma_repo
Check if ol7_UEKR5_RDMA yum repo is enabled and inhibit the upgrade process.
====> * checkdosfstools
Check if dosfstools is installed. If yes, write information about non-compatible changes.
====> * efi_check_boot
Adjust EFI boot entry for first reboot
====> * check_btrfs_raid
Check if Btrfs RAID is in use. If yes, inhibit the upgrade process.
====> * check_os_release
Check if the current OL minor version is supported. If not, inhibit the upgrade process.
====> * check_system_arch
Check if system is running at a supported architecture. If no, inhibit the upgrade process.
====> * check_ocibm
Check if the system is an OCI BM shape. If yes, inhibit the upgrade process.
====> * check_installed_devel_kernels
Inhibit IPU (in-place upgrade) when multiple devel kernels are installed.
====> * check_kvm
Check if Oracle KVM is installed and ensure ol8_kvm_appstream is enabled
====> * check_skipped_repositories
Produces a report if any repositories enabled on the system are going to be skipped.
====> * check_chrony
Check for incompatible changes in chrony configuration.
====> * check_installed_debug_kernels
Inhibit IPU (in-place upgrade) when multiple debug kernels are installed.
====> * open_ssh_use_privilege_separation
UsePrivilegeSeparation configuration option was removed.
====> * CheckDefaultBootKernel
Check the default boot kernel, set to UEK if BTRFS is detected.
====> * detect_grub_config_error
Check grub configuration for syntax error in GRUB_CMDLINE_LINUX value.
====> * check_fips
Inhibit upgrade if FIPS is detected as enabled.
====> * open_ssh_protocol
Protocol configuration option was removed.
====> * check_firewalld
Check for certain firewalld configuration that may prevent an upgrade.
====> * checkacpid
Check if acpid is installed. If yes, write information about non-compatible changes.
====> * removed_pam_modules
Check for modules that are not available in OL 8 anymore
====> * unsupported_upgrade_check
Checks enviroment variables and produces a warning report if the upgrade is unsupported.
====> * openssh_permit_root_login
OpenSSH no longer allows root logins with password.
====> * check_removed_envvars
Check for usage of removed environment variables and inhibit the upgrade
====> * checkgrep
Check if Grep is installed. If yes, write information about non-compatible changes.
====> * python_inform_user
This actor informs the user of differences in Python version and support in OL8.
====> * sssd_check
Check SSSD configuration for changes in OL8 and report them.
====> * check_se_linux
Check SELinux status and produce decision messages for further action.
====> * checkfstabxfsoptions
Check the FSTAB file for the deprecated / removed XFS mount options.
====> * check_ha_cluster
Check if HA Cluster is in use. If yes, inhibit the upgrade process.
====> * check_sap_hana
If SAP HANA has been detected, several checks are performed to ensure a successful upgrade.
====> * check_grub_core
Check whether we are on legacy (BIOS) system and instruct Leapp to upgrade GRUB core
====> * check_non_mount_boot_s390
Inhibits on s390 when /boot is NOT on a separate partition.
====> * check_rdma_uekr5
Check if running UEKR5 and RDMA and confirm upgrade to UEKR6 in OL8
====> * multipath_conf_check
Checks whether the multipath configuration can be updated to OL-8.
====> * check_ipa_server
Check for ipa-server and inhibit upgrade
====> * check_kernel_drivers
Actor checks if any loaded OL7 kernel driver is missing in OL8.
====> * checkirssi
Check if irssi is installed. If yes, write information about non-compatible changes.
====> * sctp_checks
Parses collected SCTP information and take necessary actions.
====> * check_oracle_enabled_repos
Check repos enabled on the leapp command line.
====> * check_kde_gnome
Checks whether KDE is installed
====> * open_ssh_algorithms
OpenSSH configuration does not contain any unsupported cryptographic algorithms.
====> * checktargetrepos
Check whether target yum repositories are specified.
====> * removed_pam_modules_check
Check if it is all right to disable PAM modules that are not in OL-8.
====> * check_ofed
Check if any OFED packages are installed and inhibit the upgrade
====> * powertop
Check if PowerTOP is installed. If yes, write information about non-compatible changes.
====> * checkhybridimage
Check if the system is using Azure hybrid image.
====> * check_lvm2_cluster
Check if Oracle lvm2-cluster package is installed and inhibit upgrade
====> * check_postfix
Check if postfix is installed, check whether configuration update is needed.
====> * check_memcached
Check for incompatible changes in memcached configuration.
====> * check_boot_avail_space
Check if at least 100Mib of available space on /boot. If not, inhibit the upgrade process.
====> * check_wireshark
Report a couple of changes in tshark usage
====> * check_luks_and_inhibit
Check if any encrypted partitions is in use. If yes, inhibit the upgrade process.
====> * authselect_check
Confirm suggested authselect call from AuthselectScanner.
====> * checkmemory
The actor check the size of RAM against OL8 minimal hardware requirements
====> * check_sendmail
Check if sendmail is installed, check whether configuration update is needed, inhibit upgrade if TCP wrappers
====> * oracle_signed_rpm_check
Check if there are packages not signed by Oracle in use. If yes, warn user about it.
====> * check_installed_kernels
Inhibit IPU (in-place upgrade) when installed kernels conflict with a safe upgrade.
====> * check_ntp
Check if ntp and/or ntpdate configuration needs to be migrated.
====> * check_nfs
Check if NFS filesystem is in use. If yes, inhibit the upgrade process.
====> * checkcpu
Check whether the CPU is supported by the target system. Inhibit upgrade if not.
====> * quagga_report
Checking for babeld on OL-7.
====> * check_btrfs
Check if Btrfs filesystem is in use. If yes, inhibit the upgrade process.
====> * check_osms
Check if OS Management Service (OSMS) is configured and active. If yes, inhibit the upgrade process.
====> * check_skip_phase
Skip all the subsequent phases until the report phase.
====> * check_rpm_transaction_events
Filter RPM transaction events based on installed RPM packages
==> Processing phase `Reports`
====> * verify_check_results
Check all dialogs and notify that user needs to make some choices.
====> * verify_check_results
Check all generated results messages and notify user about them.
============================================================
UPGRADE INHIBITED
============================================================
Upgrade has been inhibited due to the following problems:
1. Inhibitor: Unsupported network configuration
2. Inhibitor: Possible problems with remote login using root account
3. Inhibitor: Missing required answers in the answer file
Consult the pre-upgrade report for details and possible remediation.
============================================================
UPGRADE INHIBITED
============================================================
Debug output written to /var/log/leapp/leapp-preupgrade.log
============================================================
REPORT
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
END OF REPORT
============================================================
Answerfile has been generated at /var/log/leapp/answerfileHow to resolve the issues during pre-upgrade
- Inhibitor: Unsupported network configuration
Detected multiple network interfaces using unstable kernel names (e.g. eth0, eth1). Upgrade process can not continue because stability of names can not be guaranteed.
- If you have more interfaces, you need to disabled it
- If you have interfaces name like eth0 or eth1 you need to change their name because beginning with OL7, network interfaces are named according to the biosdevname convention. This convention chooses location-based device names, such as enp0s10, instead of the more-familiar eth0 scheme that was used previously.
- Inhibitor: Possible problems with remote login using root account
grep PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin yes
if the parameter “PermitRootLogin No” edit file and set PermitRootLogin yes
- Inhibitor: Missing required answers in the answer file
Execute this command :
leapp answer --section remove_pam_pkcs11_module_check.confirm=TrueRe-execute the pre-upgrade command:
[root@hol oracle]# leapp preupgrade --oraclelinux
........
........
Debug output written to /var/log/leapp/leapp-preupgrade.log
============================================================
REPORT
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
END OF REPORT
============================================================
Answerfile has been generated at /var/log/leapp/answerfileNow the status upgrade inhibited has disappeared and the system is ready for the upgrade step
leapp upgrade --oraclelinux
I will show you a partial output of the procedure
......
......
(1618/1621): btrfs-progs-5.15.1-0.el8.x86_64.rp 8.6 MB/s | 866 kB 00:00
(1619/1621): xfsprogs-5.4.0-1.0.1.el8.x86_64.rp 11 MB/s | 1.1 MB 00:00
(1620/1621): yelp-xsl-3.28.0-2.el8.noarch.rpm 74 kB/s | 210 kB 00:02
(1621/1621): zenity-3.28.1-1.el8.x86_64.rpm 1.3 MB/s | 4.0 MB 00:03
--------------------------------------------------------------------------------
Total 11 MB/s | 1.5 GB 02:17
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Complete!
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
==> Processing phase `InterimPreparation`
====> * efi_interim_fix
Adjust EFI boot entry for first reboot
====> * initram_disk_generator
Creates the upgrade initram disk
====> * add_upgrade_boot_entry
Add new boot entry for Leapp provided initramfs.
A reboot is required to continue. Please reboot your system.
Debug output written to /var/log/leapp/leapp-upgrade.log
============================================================
REPORT
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
END OF REPORT
============================================================Once completed, reboot the system.
The system will now apply all the changes for the upgrade, so it will take some time to start.
If you have console connection, is recommended to have it open in order to see what is going on.
After reboot and the system turn online
[oracle@hol ~]$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.5 (Ootpa)Have a look at some Post-upgrade tasks from the documentation
Completing Post Upgrade Tasks after the process so you make sure you have the system in the best conditions.