Upgrading Oracle Linux 7 to 8 With Leapp

project42

Project-42

Posted on September 14, 2021

Upgrading Oracle Linux 7 to 8 With Leapp

I was wondering the other day how can I easily upgrade a OL7 to OL8, and looks like Oracle has the exact tool for the process:

Oracle® Linux 8 Performing System Upgrades With Leapp

This is the system I will try to upgrade:

[root@OL7 ~]# head -1 /etc/*rel*
==> /etc/oracle-release <==
Oracle Linux Server release 7.9

==> /etc/os-release <==
NAME="Oracle Linux Server"

==> /etc/prelink.conf.d <==
head: error reading ‘/etc/prelink.conf.d’: Is a directory

==> /etc/redhat-release <==
Red Hat Enterprise Linux Server release 7.9 (Maipo)

==> /etc/system-release <==
Oracle Linux Server release 7.9

==> /etc/system-release-cpe <==
cpe:/o:oracle:linux:7:9:server
[root@OL7 ~]# 
Enter fullscreen mode Exit fullscreen mode

First, we need to make sure boot manager is disabled. Since this is a VM, I can not see a boot manager, so we are clear:

[root@OL7 ~]# bootctl status
System:
   Machine ID: 01a9ea161568458ba5d6f29e505d4c13
      Boot ID: 965df6b728634b0287b3f4059b3c1807


No suitable data is provided by the boot manager. See:
http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
for details.
Enter fullscreen mode Exit fullscreen mode

Confirm the locale is set to en_US.UTF-8

[root@OL7 ~]# cat /etc/locale.conf
LANG="en_US.UTF-8"
Enter fullscreen mode Exit fullscreen mode

Update the system to make sure you are on latest version and all packages are updated and reboot the system

[root@OL7 ~]# yum update
ol7_UEKR6                                                                                                                                     | 3.0 kB  00:00:00
ol7_addons                                                                                                                                    | 3.0 kB  00:00:00
ol7_developer                                                                                                                                 | 3.0 kB  00:00:00
[....]
Updated:
  bind-export-libs.x86_64 32:9.11.4-26.P2.el7_9.7          btrfs-progs.x86_64 0:5.12.1-1.el7               dhclient.x86_64 12:4.2.5-83.0.1.el7_9.1
  dhcp-common.x86_64 12:4.2.5-83.0.1.el7_9.1               dhcp-libs.x86_64 12:4.2.5-83.0.1.el7_9.1        glib2.x86_64 0:2.56.1-9.el7_9
  grub2.x86_64 1:2.02-0.87.0.13.el7_9.6                    grub2-common.noarch 1:2.02-0.87.0.13.el7_9.6    grub2-pc.x86_64 1:2.02-0.87.0.13.el7_9.6
  grub2-pc-modules.noarch 1:2.02-0.87.0.13.el7_9.6         grub2-tools.x86_64 1:2.02-0.87.0.13.el7_9.6     grub2-tools-extra.x86_64 1:2.02-0.87.0.13.el7_9.6
  grub2-tools-minimal.x86_64 1:2.02-0.87.0.13.el7_9.6      gssproxy.x86_64 0:0.7.0-30.el7_9                kernel-tools.x86_64 0:3.10.0-1160.42.2.el7
  kernel-tools-libs.x86_64 0:3.10.0-1160.42.2.el7          kpartx.x86_64 0:0.4.9-135.0.1.el7_9             krb5-libs.x86_64 0:1.15.1-50.0.1.el7
  libxml2.x86_64 0:2.9.1-6.0.3.el7.5                       libxml2-python.x86_64 0:2.9.1-6.0.3.el7.5       libzstd.x86_64 0:1.5.0-1.el7
  linux-firmware.noarch 999:20210617-999.8.git0f66b74b.el7 nfs-utils.x86_64 1:1.3.0-0.68.0.1.el7.1         openldap.x86_64 0:2.4.44-24.el7_9
  oraclelinux-release-el7.x86_64 0:1.0-17.el7              pciutils.x86_64 0:3.5.1-3.0.1.el7               pciutils-libs.x86_64 0:3.5.1-3.0.1.el7
  rsyslog.x86_64 0:8.24.0-57.0.1.el7_9.1                   selinux-policy.noarch 0:3.13.1-268.0.13.el7_9.2 selinux-policy-targeted.noarch 0:3.13.1-268.0.13.el7_9.2

Replaced:
  python-chardet.noarch 0:2.2.1-3.el7

Complete!
[root@OL7 ~]#

[root@OL7 ~]# reboot

Enter fullscreen mode Exit fullscreen mode

Let's install the Oracle Leapp Package now

[root@OL7 ~]# yum install leapp --enablerepo=ol7_leapp,ol7_latest
No package leapp available.
Error: Nothing to do
[root@OL7 ~]#
Enter fullscreen mode Exit fullscreen mode

It didn't work at first, but the reason is actually explained by the documentation:

https://docs.oracle.com/en/operating-systems/oracle-linux/8/leapp/chap-leapp-prep.html#:~:text=This%20warning,to%20proceed.

"This warning appears if an oracle-linux-ol7.repo file already exists prior to updating the Oracle Linux 7 packages. The update process creates the .rpmnew file to avoid overwriting any customizations that might be in the current file.

In this case, use the .rpmnew file to guide you in making the necessary modifications to your existing .repo file. Incorporate any new information into your .repo file. The ol7_leapp repository description must be listed in your final oracle-linux-ol7.repo file for the upgrade to proceed."

So, what I did was to replace the default .repo file with the new .rpmnew file:

[root@OL7 yum.repos.d]# ls -lrth
total 36K
-rw-r--r--. 1 root root  276 Feb 16  2021 oracle-softwarecollection-ol7.repo

-rw-r--r--. 1 root root 4.3K May 31 00:55 oracle-linux-ol7.repo   <<<<<<<<<<<

-rw-r--r--. 1 root root 1.1K May 31 00:55 oraclelinux-developer-ol7.repo
-rw-r--r--. 1 root root  252 May 31 00:55 oracle-epel-ol7.repo
-rw-r--r--. 1 root root  226 Jun  9 03:57 virt-ol7.repo
-rw-r--r--. 1 root root 2.6K Jun  9 03:57 uek-ol7.repo

-rw-r--r--. 1 root root 4.5K Jun  9 03:57 oracle-linux-ol7.repo.rpmnew   <<<<<<<<<<<


[root@OL7 yum.repos.d]# mv oracle-linux-ol7.repo oracle-linux-ol7.repo.bk
[root@OL7 yum.repos.d]# mv oracle-linux-ol7.repo.rpmnew oracle-linux-ol7.repo
[root@OL7 yum.repos.d]#
Enter fullscreen mode Exit fullscreen mode

It should work now:

[root@OL7 yum.repos.d]# yum install leapp --enablerepo=ol7_leapp,ol7_latest
Resolving Dependencies
--> Running transaction check
---> Package leapp.noarch 0:0.12.0-1.0.1.el7_9 will be installed
--> Processing Dependency: python2-leapp = 0.12.0-1.0.1.el7_9 for package: leapp-0.12.0-1.0.1.el7_9.noarch
[....]
Transaction Summary
=====================================================================================================================================================================
Install  1 Package (+35 Dependent packages)

Total download size: 6.1 M
Installed size: 24 M
Is this ok [y/d/N]: y
[....]
Installed:
  leapp.noarch 0:0.12.0-1.0.1.el7_9

Dependency Installed:
  audit-libs-python.x86_64 0:2.8.5-4.el7                          checkpolicy.x86_64 0:2.5-8.el7                         dnf.noarch 0:4.0.9.2-2.el7
  dnf-data.noarch 0:4.0.9.2-2.el7                                 json-glib.x86_64 0:1.4.2-2.el7                         leapp-deps.noarch 0:0.12.0-1.0.1.el7_9
  leapp-repository.noarch 0:0.13.0-2.0.1.el7_9                    leapp-repository-deps.noarch 0:0.13.0-2.0.1.el7_9      libcgroup.x86_64 0:0.41-21.el7
  libcomps.x86_64 0:0.1.8-14.el7                                  libdnf.x86_64 0:0.22.5-2.el7                           libmodulemd.x86_64 0:1.6.4-1.el7
  librepo.x86_64 0:1.8.1-8.el7_9                                  libreport-filesystem.x86_64 0:2.1.11-53.0.1.el7        librhsm.x86_64 0:0.0.3-3.el7
  libsemanage-python.x86_64 0:2.5-14.el7                          libsolv.x86_64 0:0.6.34-4.el7                          libyaml.x86_64 0:0.1.4-11.el7_0
  policycoreutils-python.x86_64 0:2.5-34.0.1.el7                  python-IPy.noarch 0:0.75-6.el7                         python-backports.x86_64 0:1.0-8.el7
  python-backports-ssl_match_hostname.noarch 0:3.5.0.1-1.el7      python-enum34.noarch 0:1.0.4-1.el7                     python-ipaddress.noarch 0:1.0.16-2.el7
  python-pyudev.noarch 0:0.15-9.el7                               python-requests.noarch 0:2.6.0-10.el7                  python-setuptools.noarch 0:18.0.1-2.el7
  python-six.noarch 0:1.9.0-2.el7                                 python-urllib3.noarch 0:1.10.2-7.el7                   python2-dnf.noarch 0:4.0.9.2-2.el7
  python2-hawkey.x86_64 0:0.22.5-2.el7                            python2-leapp.noarch 0:0.12.0-1.0.1.el7_9              python2-libcomps.x86_64 0:0.1.8-14.el7
  python2-libdnf.x86_64 0:0.22.5-2.el7                            setools-libs.x86_64 0:3.3.8-4.el7

Complete!
[root@OL7 yum.repos.d]#
Enter fullscreen mode Exit fullscreen mode

The Preupgrade command will give information about what to expect and any mayor issues before the upgrade (If you are running this in OCI, please check the documentation since you should be using "--oci" instead of "--oraclelinux")
It will also generate a "answerfile" with the changes that needs to be addressed before the upgrade can be executed

[root@OL7 yum.repos.d]# leapp preupgrade --oraclelinux
==> Processing phase `configuration_phase`
====> * ipu_workflow_config
        IPU workflow config actor
==> Processing phase `FactsCollection`
====> * system_facts
        Provides data about many facts from system.
====> * tcp_wrappers_config_read
        Parse tcp_wrappers configuration files /etc/hosts.{allow,deny}.
====> * selinuxcontentscanner
        Scan the system for any SELinux customizations
====> * scancpu
        Scan CPUs of the machine.
====> * root_scanner
        Scan the system root directory and produce a message containing
[....]
==> Processing phase `Reports`
====> * verify_check_results
        Check all dialogs and notify that user needs to make some choices.
====> * verify_check_results
        Check all generated results messages and notify user about them.

============================================================
                     UPGRADE INHIBITED
============================================================

Upgrade has been inhibited due to the following problems:
    1. Inhibitor: Possible problems with remote login using root account
    2. Inhibitor: Missing required answers in the answer file
Consult the pre-upgrade report for details and possible remediation.

============================================================
                     UPGRADE INHIBITED
============================================================


Debug output written to /var/log/leapp/leapp-preupgrade.log

============================================================
                           REPORT
============================================================

A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt

============================================================
                       END OF REPORT
============================================================

Answerfile has been generated at /var/log/leapp/answerfile    <<<<<
[root@OL7 yum.repos.d]#


[root@OL7 yum.repos.d]# cat /var/log/leapp/answerfile
[remove_pam_pkcs11_module_check]
# Title:              None
# Reason:             Confirmation
# =================== remove_pam_pkcs11_module_check.confirm ==================
# Label:              Disable pam_pkcs11 module in PAM configuration? If no, the upgrade process will be interrupted.
# Description:        PAM module pam_pkcs11 is no longer available in OL-8 since it was replaced by SSSD.
# Type:               bool
# Default:            None
# Available choices: True/False
# Unanswered question. Uncomment the following line with your answer
# confirm =

[root@OL7 yum.repos.d]#
Enter fullscreen mode Exit fullscreen mode

To be able to execute the upgrade, we now need to resolve the items from "UPGRADE INHIBITED" section.
In my case:

============================================================
                     UPGRADE INHIBITED
============================================================

Upgrade has been inhibited due to the following problems:
    1. Inhibitor: Possible problems with remote login using root account
    2. Inhibitor: Missing required answers in the answer file
Consult the pre-upgrade report for details and possible remediation.
Enter fullscreen mode Exit fullscreen mode

To "respond" to the answerfile we can use the leapp answer command (you can also modify the answerfile instead as documentation mentions)
I also needed to allow SSH root login, something that I'm not sure should be always necessary, but I understand is better to have it enable at least during the upgrade jut to make sure you don't lose full access to the system during the process (I didn't need to restart SSH service before the upgrade though)

[root@OL7 yum.repos.d]# leapp answer --section remove_pam_pkcs11_module_check.confirm=True
[root@OL7 yum.repos.d]#

[root@OL7 yum.repos.d]# grep PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin yes
# the setting of "PermitRootLogin without-password".
[root@OL7 yum.repos.d]#
Enter fullscreen mode Exit fullscreen mode

Once this is done, we can proceed with the upgrade.
It is recommended that you keep a second session logged into the system just in case you lose connectivity.

[root@OL7 yum.repos.d]# leapp upgrade --oraclelinux
==> Processing phase `configuration_phase`
====> * ipu_workflow_config
        IPU workflow config actor
==> Processing phase `FactsCollection`
====> * scanclienablerepo
        Produce CustomTargetRepository based on the LEAPP_ENABLE_REPOS in config.
====> * system_facts
        Provides data about many facts from system.
[....]
====> * check_skip_phase
        Skip all the subsequent phases until the report phase.
==> Processing phase `TargetTransactionFactsCollection`
====> * target_userspace_creator
        Initializes a directory to be populated as a minimal environment to run binaries from the target system.
Latest Unbreakable Enterprise Kernel Release 6  5.5 MB/s |  23 MB     00:04
Oracle Linux 8 Application Stream (x86_64)      6.2 MB/s |  26 MB     00:04
Oracle Linux 8 BaseOS Latest (x86_64)           6.1 MB/s |  35 MB     00:05
Last metadata expiration check: 0:00:07 ago on Wed Sep  8 12:18:03 2021.
Dependencies resolved.
================================================================================
 Package                    Arch   Version              Repository         Size
================================================================================
Installing:
 dnf                        noarch 4.4.2-11.el8         ol8_baseos_latest 539 k
Installing dependencies:
 audit-libs                 x86_64 3.0-0.17.20191104git1c2f876.el8
                                                        ol8_baseos_latest 116 k
 basesystem                 noarch 11-5.el8             ol8_baseos_latest  10 k
 bash                       x86_64 4.4.20-1.el8_4       ol8_baseos_latest 1.5 M
 brotli                     x86_64 1.0.6-3.el8          ol8_baseos_latest 323 k
[....]
tzdata                     noarch 2021a-1.el8          ol8_baseos_latest 473 k
 xz-libs                    x86_64 5.2.4-3.el8          ol8_baseos_latest  94 k
 zlib                       x86_64 1.2.11-17.el8        ol8_baseos_latest 102 k

Transaction Summary
================================================================================
Install  123 Packages

Total download size: 77 M
Installed size: 598 M
Downloading Packages:
(1/123): basesystem-11-5.el8.noarch.rpm         138 kB/s |  10 kB     00:00
(2/123): brotli-1.0.6-3.el8.x86_64.rpm          1.9 MB/s | 323 kB     00:00
(3/123): bzip2-libs-1.0.6-26.el8.x86_64.rpm     1.2 MB/s |  48 kB     00:00
(4/123): audit-libs-3.0-0.17.20191104git1c2f876 245 kB/s | 116 kB     00:00
(5/123): ca-certificates-2020.2.41-80.0.el8_2.n 1.9 MB/s | 391 kB     00:00
(6/123): bash-4.4.20-1.el8_4.x86_64.rpm         3.1 MB/s | 1.5 MB     00:00
[....]
(391/393): btrfs-progs-5.12.1-1.el8.x86_64.rpm  1.6 MB/s | 858 kB     00:00
(392/393): xfsprogs-5.4.0-1.0.1.el8.x86_64.rpm  1.5 MB/s | 1.1 MB     00:00
(393/393): linux-firmware-20210617-999.8.git0f6 4.8 MB/s | 178 MB     00:36
--------------------------------------------------------------------------------
Total                                           6.2 MB/s | 374 MB     01:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Complete!
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
==> Processing phase `InterimPreparation`
====> * efi_interim_fix
        Adjust EFI boot entry for first reboot
====> * initram_disk_generator
        Creates the upgrade initram disk

====> * add_upgrade_boot_entry
        Add new boot entry for Leapp provided initramfs.
A reboot is required to continue. Please reboot your system.


Debug output written to /var/log/leapp/leapp-upgrade.log

============================================================
                           REPORT
============================================================

A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt

============================================================
                       END OF REPORT
============================================================

Answerfile has been generated at /var/log/leapp/answerfile
[root@OL7 yum.repos.d]#
Enter fullscreen mode Exit fullscreen mode

Once completed, reboot the system.
The system will now apply all the changes for the upgrade, so it will take some time to start.
If you have console connection, is recommended to have it open in order to see what is going on.

And voilà!, we can see how the system is now upgraded:

[vagrant@OL7 ~]$ head -1 /etc/*rel*
==> /etc/oracle-release <==
Oracle Linux Server release 8.4

==> /etc/os-release <==
NAME="Oracle Linux Server"

==> /etc/prelink.conf.d <==
head: error reading '/etc/prelink.conf.d': Is a directory

==> /etc/redhat-release <==
Red Hat Enterprise Linux release 8.4 (Ootpa)

==> /etc/system-release <==
Oracle Linux Server release 8.4

==> /etc/system-release-cpe <==
cpe:/o:oracle:linux:8:4:server
[vagrant@OL7 ~]$
Enter fullscreen mode Exit fullscreen mode

Have a look at some Post-upgrade tasks from the documentation
Completing Post Upgrade Tasks after the process so you make sure you have the system in the best conditions.

In any case, looks like a good tool to do some upgrading, but make sure you double check the pre-upgrade report and never do it on your production systems without proper testing :)

💖 💪 🙅 🚩
project42
Project-42

Posted on September 14, 2021

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related