From 0fc39a0e65ab6c58db72d51507abbfa2761db835 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Wed, 8 Nov 2023 17:13:52 +0000 Subject: [PATCH 1/3] docs: Add in-place upgrade to RL9 migration --- doc/source/operations/rocky-linux-9.rst | 83 ++++++++++++++++++++++++- 1 file changed, 80 insertions(+), 3 deletions(-) diff --git a/doc/source/operations/rocky-linux-9.rst b/doc/source/operations/rocky-linux-9.rst index 9113f287a..8b873a6b8 100644 --- a/doc/source/operations/rocky-linux-9.rst +++ b/doc/source/operations/rocky-linux-9.rst @@ -599,7 +599,84 @@ Wazuh manager TODO -In-place migrations -=================== +In-place upgrades +================= -TODO +Sometimes it is necessary to upgrade a system in-place. +This may be the case for the seed hypervisor or Ansible control host which are often installed manually onto bare metal. +This procedure is not officially recommended, and can be risky, so be sure to back up all critical data and ensure serial console access is available (including password login) in case of getting locked out. + +The procedure is performed in two stages: + +1. Migrate from CentOS Stream 8 to Rocky Linux 8 +2. Upgrade from Rocky Linux 8 to Rocky Linux 9 + +Potential issues +---------------- + +Full procedure +-------------- + +- It's good to inspect existing DNF packages and determine whether they are + really required. + +- Use the `migrate2rocky.sh + `__ + script to migrate to Rocky Linux 8. + +- Disable all DNF modules - they're no longer used. + + .. code-block:: console + + sudo dnf module disable "*" + +- Migrate to NetworkManager: + + - Ensure that all network interfaces are managed by Network Manager: + + .. code:: console + + sudo sed -i -e 's/NM_CONTROLLED=no/NM_CONTROLLED=yes/g' /etc/sysconfig/network-scripts/* + + - Enable and start NetworkManager: + + .. code:: console + + sudo systemctl enable NetworkManager + sudo systemctl start NetworkManager + + - Migrate Ethernet connections to native NetworkManager configuration: + + .. code:: console + + sudo nmcli connection migrate + + - Manually migrate non-Ethernet (bonds, bridges & VLAN subinterfaces) network interfaces to native NetworkManager. + + - Look out for lost DNS configuration after migration to NetworkManager. This may be manually restored using something like this: + + .. code:: console + + nmcli con mod System\ brextmgmt.3003 ipv4.dns "10.41.4.4 10.41.4.5 10.41.4.6" + + - Make sure there are no funky udev rules left in + ``/etc/udev/rules.d/70-persistent-net.rules`` (e.g. from cloud-init run on + Rocky 9.1). + + - Inspect networking configuration at this point, ideally reboot to validate correctness. + +- Upgrade to Rocky Linux 9 + + .. https://forums.rockylinux.org/t/dnf-warning-message-after-upgrade-from-rocky-8-to-rocky-9/8319/2 + + .. code:: console + + sudo dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-gpg-keys-9.2-1.6.el9.noarch.rpm \ + https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-release-9.2-1.6.el9.noarch.rpm \ + https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-repos-9.2-1.6.el9.noarch.rpm + sudo rm -rf /usr/share/redhat-logos + sudo dnf --releasever=9 --allowerasing --setopt=deltarpm=false distro-sync -y + sudo rpm --rebuilddb + sudo rpm -qa | grep el8 | xargs dnf remove + +- You will need to re-create *all* virtualenvs afterwards due to system Python version upgrade. From 1e218c7ff5772e36ac8e75fb7bebf07daff00b76 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 9 Nov 2023 10:03:11 +0000 Subject: [PATCH 2/3] docs: RL9 migration in-place updates --- doc/source/operations/rocky-linux-9.rst | 55 ++++++++++++++++++++----- 1 file changed, 44 insertions(+), 11 deletions(-) diff --git a/doc/source/operations/rocky-linux-9.rst b/doc/source/operations/rocky-linux-9.rst index 8b873a6b8..beec3d020 100644 --- a/doc/source/operations/rocky-linux-9.rst +++ b/doc/source/operations/rocky-linux-9.rst @@ -617,8 +617,7 @@ Potential issues Full procedure -------------- -- It's good to inspect existing DNF packages and determine whether they are - really required. +- Inspect existing DNF packages and determine whether they are really required. - Use the `migrate2rocky.sh `__ @@ -630,7 +629,9 @@ Full procedure sudo dnf module disable "*" -- Migrate to NetworkManager: +- Migrate to NetworkManager. This can be done using a manual process or with Kayobe. + + The manual process is as follows: - Ensure that all network interfaces are managed by Network Manager: @@ -659,6 +660,16 @@ Full procedure nmcli con mod System\ brextmgmt.3003 ipv4.dns "10.41.4.4 10.41.4.5 10.41.4.6" + The following Kayobe process for migrating to NetworkManager has not yet been tested. + + - Set ``interfaces_use_nmconnection: true`` as a host/group variable for the relevant hosts + + - Run the appropriate host configure command. For example, for the seed hypervisor: + + .. code:: console + + kayobe seed hypervisor host configure -t network -kt none + - Make sure there are no funky udev rules left in ``/etc/udev/rules.d/70-persistent-net.rules`` (e.g. from cloud-init run on Rocky 9.1). @@ -669,14 +680,36 @@ Full procedure .. https://forums.rockylinux.org/t/dnf-warning-message-after-upgrade-from-rocky-8-to-rocky-9/8319/2 - .. code:: console + - Install Rocky Linux 9 repositories and GPG keys: + + .. code:: console + + sudo dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-gpg-keys-9.2-1.6.el9.noarch.rpm \ + https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-release-9.2-1.6.el9.noarch.rpm \ + https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-repos-9.2-1.6.el9.noarch.rpm + + - Remove the RedHat logos package: + + .. code:: console + + sudo rm -rf /usr/share/redhat-logos + + - Synchronise all packages with current versions + + .. code:: console + + sudo dnf --releasever=9 --allowerasing --setopt=deltarpm=false distro-sync -y + + - Rebuild RPB database: + + .. code:: console + + sudo rpm --rebuilddb + + - Remove all EL8 packages: + + .. code:: console - sudo dnf install -y https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-gpg-keys-9.2-1.6.el9.noarch.rpm \ - https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-release-9.2-1.6.el9.noarch.rpm \ - https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/r/rocky-repos-9.2-1.6.el9.noarch.rpm - sudo rm -rf /usr/share/redhat-logos - sudo dnf --releasever=9 --allowerasing --setopt=deltarpm=false distro-sync -y - sudo rpm --rebuilddb - sudo rpm -qa | grep el8 | xargs dnf remove + sudo rpm -qa | grep el8 | xargs dnf remove - You will need to re-create *all* virtualenvs afterwards due to system Python version upgrade. From 31b0c4016aecda7099c492f425ca63ee83b9cbf8 Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 9 Nov 2023 13:07:21 +0000 Subject: [PATCH 3/3] docs: RL9 migration in place fix --- doc/source/operations/rocky-linux-9.rst | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/doc/source/operations/rocky-linux-9.rst b/doc/source/operations/rocky-linux-9.rst index beec3d020..13ce7fd90 100644 --- a/doc/source/operations/rocky-linux-9.rst +++ b/doc/source/operations/rocky-linux-9.rst @@ -706,10 +706,18 @@ Full procedure sudo rpm --rebuilddb - - Remove all EL8 packages: + - Make a list of EL8 packages to remove: .. code:: console - sudo rpm -qa | grep el8 | xargs dnf remove + sudo rpm -qa | grep el8 > el8-packages + + - Inspect the ``el8-packages`` list and ensure only expected packages are included. + + - Remove the EL8 packages: + + .. code:: console + + cat el8-packages | xargs sudo dnf remove -y - You will need to re-create *all* virtualenvs afterwards due to system Python version upgrade.