Upgrading Oracle Linux 7 to 8 using Leapp

Leapp is a Desktop DevTool that handles the management and security of your cloud credentials for you.

I was wondering the other day how can I easily upgrade a OL7 to OL8, and looks like Oracle has the exact tool for the process:

Oracle® Linux 8 Performing System Upgrades With Leapp

This is the system I will try to upgrade:
First of all we need to verify if we have the last version and last patches of the Oracle Linux 7

[oracle@hol ~]$ cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.9 (Maipo)
[root@hol oracle]# yum update
Loaded plugins: langpacks, ulninfo
No packages marked for update

if you will have any packages to upgrade we need to do a reboot of the system.

Let’s install the Oracle Leapp Package now

yum install leapp --enablerepo=ol7_leapp,ol7_latest
Resolving Dependencies
--> Running transaction check
---> Package leapp.noarch 0:0.12.0-1.0.1.el7_9 will be installed
--> Processing Dependency: python2-leapp = 0.12.0-1.0.1.el7_9 for package: leapp-0.12.0-1.0.1.el7_9.noarch
Transaction Summary
Install  1 Package (+35 Dependent packages)

Total download size: 6.1 M
Installed size: 24 M
Is this ok [y/d/N]: y
  leapp.noarch 0:0.12.0-1.0.1.el7_9

Dependency Installed:
  audit-libs-python.x86_64 0:2.8.5-4.el7                          
  checkpolicy.x86_64 0:2.5-8.el7                         
  dnf.noarch 0:
  dnf-data.noarch 0:                                 
  json-glib.x86_64 0:1.4.2-2.el7                         
  leapp-deps.noarch 0:0.12.0-1.0.1.el7_9
  leapp-repository.noarch 0:0.13.0-2.0.1.el7_9                    
  leapp-repository-deps.noarch 0:0.13.0-2.0.1.el7_9      
  libcgroup.x86_64 0:0.41-21.el7
  libcomps.x86_64 0:0.1.8-14.el7                                  
  libdnf.x86_64 0:0.22.5-2.el7                           
  libmodulemd.x86_64 0:1.6.4-1.el7
  librepo.x86_64 0:1.8.1-8.el7_9                                  
  libreport-filesystem.x86_64 0:2.1.11-53.0.1.el7        
  librhsm.x86_64 0:0.0.3-3.el7
  libsemanage-python.x86_64 0:2.5-14.el7                          
  libsolv.x86_64 0:0.6.34-4.el7                          
  libyaml.x86_64 0:0.1.4-11.el7_0
  policycoreutils-python.x86_64 0:2.5-34.0.1.el7                  
  python-IPy.noarch 0:0.75-6.el7                         
  python-backports.x86_64 0:1.0-8.el7
  python-backports-ssl_match_hostname.noarch 0:      
  python-enum34.noarch 0:1.0.4-1.el7                     
  python-ipaddress.noarch 0:1.0.16-2.el7
  python-pyudev.noarch 0:0.15-9.el7                               
  python-requests.noarch 0:2.6.0-10.el7                  
  python-setuptools.noarch 0:18.0.1-2.el7
  python-six.noarch 0:1.9.0-2.el7                                 
  python-urllib3.noarch 0:1.10.2-7.el7                   
  python2-dnf.noarch 0:
  python2-hawkey.x86_64 0:0.22.5-2.el7                            
  python2-leapp.noarch 0:0.12.0-1.0.1.el7_9              
  python2-libcomps.x86_64 0:0.1.8-14.el7
  python2-libdnf.x86_64 0:0.22.5-2.el7                            
  setools-libs.x86_64 0:3.3.8-4.el7


The Preupgrade command will give information about what to expect and any mayor issues before the upgrade (If you are running this in OCI, please check the documentation since you should be using “–oci” instead of “–oraclelinux”)
It will also generate a “answerfile” with the changes that needs to be addressed before the upgrade can be executed

[root@hol oracle]# leapp preupgrade --oraclelinux
==> Processing phase `configuration_phase`
====> * ipu_workflow_config
        IPU workflow config actor
==> Processing phase `FactsCollection`
====> * grubdevname
        Get name of block device where GRUB is located
====> * scan_custom_repofile
        Scan the custom /etc/leapp/files/leapp_upgrade_repositories.repo repo file.
====> * scan_kernel_cmdline
        No documentation has been provided for the scan_kernel_cmdline actor.
====> * storage_scanner
        Provides data about storage settings.
====> * scan_sap_hana
        Gathers information related to SAP HANA instances on the system.
====> * scan_subscription_manager_info
        Scans the current system for subscription manager information
====> * network_manager_read_config
        Provides data about NetworkManager configuration.
====> * removed_pam_modules_scanner
        Scan PAM configuration for modules that are not available in OL-8.
====> * firewalld_facts_actor
        Provide data about firewalld
====> * xfs_info_scanner
        This actor scans all mounted mountpoints for XFS information
====> * common_leapp_dracut_modules
        Influences the generation of the initram disk
====> * sssd_facts
        Check SSSD configuration for changes in OL8 and report them in model.
====> * scancpu
        Scan CPUs of the machine.
====> * read_openssh_config
        Collect information about the OpenSSH configuration.
====> * scanclienablerepo
        Produce CustomTargetRepository based on the LEAPP_ENABLE_REPOS in config.
====> * system_facts
        Provides data about many facts from system.
====> * rpm_scanner
        Provides data about installed RPM Packages.
Loaded plugins: langpacks
====> * tcp_wrappers_config_read
        Parse tcp_wrappers configuration files /etc/hosts.{allow,deny}.
====> * repository_mapping
        Produces message containing repository mapping based on provided file.
====> * root_scanner
        Scan the system root directory and produce a message containing
====> * get_installed_desktops
        Actor checks if kde or gnome desktop environments
====> * authselect_scanner
        Detect what authselect configuration should be suggested to administrator.
====> * scanmemory
        Scan Memory of the machine.
====> * pam_modules_scanner
        Scan the pam directory for services and modules used in them
====> * transaction_workarounds
        Provides additional RPM transaction tasks based on bundled RPM packages.
====> * oracle_signed_rpm_scanner
        Provide data about installed RPM Packages signed by Oracle.
====> * udevadm_info
        Produces data exported by the "udevadm info" command.
====> * persistentnetnames
        Get network interface information for physical ethernet interfaces of the original system.
====> * biosdevname
        Enable biosdevname on OL8 if all interfaces on OL7 use biosdevname naming scheme and if machine vendor is DELL
====> * ipa_scanner
        Scan system for ipa-client and ipa-server status
====> * spamassassin_config_read
        Reads spamc configuration (/etc/mail/spamassassin/spamc.conf), the
====> * used_repository_scanner
        Scan used enabled repositories
====> * sctp_read_status
        Determines whether or not the SCTP kernel module might be wanted.
====> * quagga_daemons
        Active quagga daemons check.
====> * repositories_blacklist
        Generate list of repository IDs that should be ignored by Leapp during upgrade process
====> * vsftpd_config_read
        Reads vsftpd configuration files (/etc/vsftpd/*.conf) and extracts necessary information.
====> * multipath_conf_read
        Reads multipath configuration files (multipath.conf, and any files in
====> * persistentnetnamesdisable
        Disable systemd-udevd persistent network naming on machine with single eth0 NIC
====> * check_kde_apps
        Actor checks which KDE apps are installed.
====> * rpm_transaction_config_tasks_collector
        Provides additional RPM transaction tasks from /etc/leapp/transaction.
====> * selinuxcontentscanner
        Scan the system for any SELinux customizations
====> * pes_events_scanner
        Provides data about packages events from Package Evolution Service.
====> * setuptargetrepos
        Produces list of repositories that should be available to be used by Upgrade process.
==> Processing phase `Checks`
====> * spamassassin_config_check
        Reports changes in spamassassin between OL-7 and OL-8
====> * tcp_wrappers_check
        Check the list of packages previously compiled with TCP wrappers support
====> * check_root_symlinks
        Check if the symlinks /bin and /lib are relative, not absolute.
====> * check_olm
        Check if connected to OLM and both client and server
====> * vsftpd_config_check
        Checks whether the vsftpd configuration is supported in OL8. Namely checks that
====> * check_brltty
        Check if brltty is installed, check whether configuration update is needed.
====> * check_rdma_repo
        Check if ol7_UEKR5_RDMA yum repo is enabled and inhibit the upgrade process.
====> * checkdosfstools
        Check if dosfstools is installed. If yes, write information about non-compatible changes.
====> * efi_check_boot
        Adjust EFI boot entry for first reboot
====> * check_btrfs_raid
        Check if Btrfs RAID is in use. If yes, inhibit the upgrade process.
====> * check_os_release
        Check if the current OL minor version is supported. If not, inhibit the upgrade process.
====> * check_system_arch
        Check if system is running at a supported architecture. If no, inhibit the upgrade process.
====> * check_ocibm
        Check if the system is an OCI BM shape. If yes, inhibit the upgrade process.
====> * check_installed_devel_kernels
        Inhibit IPU (in-place upgrade) when multiple devel kernels are installed.
====> * check_kvm
        Check if Oracle KVM is installed and ensure ol8_kvm_appstream is enabled
====> * check_skipped_repositories
        Produces a report if any repositories enabled on the system are going to be skipped.
====> * check_chrony
        Check for incompatible changes in chrony configuration.
====> * check_installed_debug_kernels
        Inhibit IPU (in-place upgrade) when multiple debug kernels are installed.
====> * open_ssh_use_privilege_separation
        UsePrivilegeSeparation configuration option was removed.
====> * CheckDefaultBootKernel
        Check the default boot kernel, set to UEK if BTRFS is detected.
====> * detect_grub_config_error
        Check grub configuration for syntax error in GRUB_CMDLINE_LINUX value.
====> * check_fips
        Inhibit upgrade if FIPS is detected as enabled.
====> * open_ssh_protocol
        Protocol configuration option was removed.
====> * check_firewalld
        Check for certain firewalld configuration that may prevent an upgrade.
====> * checkacpid
        Check if acpid is installed. If yes, write information about non-compatible changes.
====> * removed_pam_modules
        Check for modules that are not available in OL 8 anymore
====> * unsupported_upgrade_check
        Checks enviroment variables and produces a warning report if the upgrade is unsupported.
====> * openssh_permit_root_login
        OpenSSH no longer allows root logins with password.
====> * check_removed_envvars
        Check for usage of removed environment variables and inhibit the upgrade
====> * checkgrep
        Check if Grep is installed. If yes, write information about non-compatible changes.
====> * python_inform_user
        This actor informs the user of differences in Python version and support in OL8.
====> * sssd_check
        Check SSSD configuration for changes in OL8 and report them.
====> * check_se_linux
        Check SELinux status and produce decision messages for further action.
====> * checkfstabxfsoptions
        Check the FSTAB file for the deprecated / removed XFS mount options.
====> * check_ha_cluster
        Check if HA Cluster is in use. If yes, inhibit the upgrade process.
====> * check_sap_hana
        If SAP HANA has been detected, several checks are performed to ensure a successful upgrade.
====> * check_grub_core
        Check whether we are on legacy (BIOS) system and instruct Leapp to upgrade GRUB core
====> * check_non_mount_boot_s390
        Inhibits on s390 when /boot is NOT on a separate partition.
====> * check_rdma_uekr5
        Check if running UEKR5 and RDMA and confirm upgrade to UEKR6 in OL8
====> * multipath_conf_check
        Checks whether the multipath configuration can be updated to OL-8.
====> * check_ipa_server
        Check for ipa-server and inhibit upgrade
====> * check_kernel_drivers
        Actor checks if any loaded OL7 kernel driver is missing in OL8.
====> * checkirssi
        Check if irssi is installed. If yes, write information about non-compatible changes.
====> * sctp_checks
        Parses collected SCTP information and take necessary actions.
====> * check_oracle_enabled_repos
        Check repos enabled on the leapp command line.
====> * check_kde_gnome
        Checks whether KDE is installed
====> * open_ssh_algorithms
        OpenSSH configuration does not contain any unsupported cryptographic algorithms.
====> * checktargetrepos
        Check whether target yum repositories are specified.
====> * removed_pam_modules_check
        Check if it is all right to disable PAM modules that are not in OL-8.
====> * check_ofed
        Check if any OFED packages are installed and inhibit the upgrade
====> * powertop
        Check if PowerTOP is installed. If yes, write information about non-compatible changes.
====> * checkhybridimage
        Check if the system is using Azure hybrid image.
====> * check_lvm2_cluster
        Check if Oracle lvm2-cluster package is installed and inhibit upgrade
====> * check_postfix
        Check if postfix is installed, check whether configuration update is needed.
====> * check_memcached
        Check for incompatible changes in memcached configuration.
====> * check_boot_avail_space
        Check if at least 100Mib of available space on /boot. If not, inhibit the upgrade process.
====> * check_wireshark
        Report a couple of changes in tshark usage
====> * check_luks_and_inhibit
        Check if any encrypted partitions is in use. If yes, inhibit the upgrade process.
====> * authselect_check
        Confirm suggested authselect call from AuthselectScanner.
====> * checkmemory
        The actor check the size of RAM against OL8 minimal hardware requirements
====> * check_sendmail
        Check if sendmail is installed, check whether configuration update is needed, inhibit upgrade if TCP wrappers
====> * oracle_signed_rpm_check
        Check if there are packages not signed by Oracle in use. If yes, warn user about it.
====> * check_installed_kernels
        Inhibit IPU (in-place upgrade) when installed kernels conflict with a safe upgrade.
====> * check_ntp
        Check if ntp and/or ntpdate configuration needs to be migrated.
====> * check_nfs
        Check if NFS filesystem is in use. If yes, inhibit the upgrade process.
====> * checkcpu
        Check whether the CPU is supported by the target system. Inhibit upgrade if not.
====> * quagga_report
        Checking for babeld on OL-7.
====> * check_btrfs
        Check if Btrfs filesystem is in use. If yes, inhibit the upgrade process.
====> * check_osms
        Check if OS Management Service (OSMS) is configured and active. If yes, inhibit the upgrade process.
====> * check_skip_phase
        Skip all the subsequent phases until the report phase.
====> * check_rpm_transaction_events
        Filter RPM transaction events based on installed RPM packages
==> Processing phase `Reports`
====> * verify_check_results
        Check all dialogs and notify that user needs to make some choices.
====> * verify_check_results
        Check all generated results messages and notify user about them.

                     UPGRADE INHIBITED                      

Upgrade has been inhibited due to the following problems:
    1. Inhibitor: Unsupported network configuration
    2. Inhibitor: Possible problems with remote login using root account
    3. Inhibitor: Missing required answers in the answer file
Consult the pre-upgrade report for details and possible remediation.

                     UPGRADE INHIBITED                      

Debug output written to /var/log/leapp/leapp-preupgrade.log


A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt

                       END OF REPORT                        

Answerfile has been generated at /var/log/leapp/answerfile

How to resolve the issues during pre-upgrade

  1. Inhibitor: Unsupported network configuration
    Detected multiple network interfaces using unstable kernel names (e.g. eth0, eth1). Upgrade process can not continue because stability of names can not be guaranteed.
  • If you have more interfaces, you need to disabled it
  • If you have interfaces name like eth0 or eth1 you need to change their name because beginning with OL7, network interfaces are named according to the biosdevname convention. This convention chooses location-based device names, such as enp0s10, instead of the more-familiar eth0 scheme that was used previously.
  1. Inhibitor: Possible problems with remote login using root account
    grep PermitRootLogin /etc/ssh/sshd_config
    PermitRootLogin yes

if the parameter “PermitRootLogin No” edit file and set PermitRootLogin yes

  1. Inhibitor: Missing required answers in the answer file
    Execute this command :
leapp answer --section remove_pam_pkcs11_module_check.confirm=True

Re-execute the pre-upgrade command:

[root@hol oracle]# leapp preupgrade --oraclelinux
Debug output written to /var/log/leapp/leapp-preupgrade.log


A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt

                       END OF REPORT                        

Answerfile has been generated at /var/log/leapp/answerfile

Now the status upgrade inhibited has disappeared and the system is ready for the upgrade step

leapp upgrade --oraclelinux
I will show you a partial output of the procedure
(1618/1621): btrfs-progs-5.15.1-0.el8.x86_64.rp 8.6 MB/s | 866 kB     00:00    
(1619/1621): xfsprogs-5.4.0-1.0.1.el8.x86_64.rp  11 MB/s | 1.1 MB     00:00    
(1620/1621): yelp-xsl-3.28.0-2.el8.noarch.rpm    74 kB/s | 210 kB     00:02    
(1621/1621): zenity-3.28.1-1.el8.x86_64.rpm     1.3 MB/s | 4.0 MB     00:03    
Total                                            11 MB/s | 1.5 GB     02:17     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
==> Processing phase `InterimPreparation`
====> * efi_interim_fix
        Adjust EFI boot entry for first reboot
====> * initram_disk_generator
        Creates the upgrade initram disk
====> * add_upgrade_boot_entry
        Add new boot entry for Leapp provided initramfs.
A reboot is required to continue. Please reboot your system.

Debug output written to /var/log/leapp/leapp-upgrade.log


A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt

                       END OF REPORT                        

Once completed, reboot the system.
The system will now apply all the changes for the upgrade, so it will take some time to start.
If you have console connection, is recommended to have it open in order to see what is going on.

After reboot and the system turn online

[oracle@hol ~]$ cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.5 (Ootpa)

Have a look at some Post-upgrade tasks from the documentation
Completing Post Upgrade Tasks after the process so you make sure you have the system in the best conditions.

Leave a Reply

Your email address will not be published. Required fields are marked *