Following on from the previous post, you should now have a Satellite Server that is running Red Hat Enterprise Linux 7.9 with the latest patches and Satellite 6.11.5.4.
The next step of this guide is to upgrade the Satellite Server operating system from to Red Hat Enterprise Linux 8.8 – Using the LEAPP upgrade process.
Preparing for the LEAPP upgrade
This process involves following these guidelines, but for a disconnected environment.
Download required LEAPP packages on to a connected host
The leapp packages must be downloaded on a connected helper host and then copied over to the disconnected Satellite server for local installation:
[connected-host] # yum --downloadonly --downloaddir=/var/tmp/leapp-files install leapp-upgrade
[connected-host] # tar -cvf leapp-packages.tar /var/tmp/leapp-files/*
Copy the tar file to the satellite server and install the packages
[satellite-server] # mkdir /var/tmp/leapp-files [satellite-server] # tar -xf leap-packages.tar -C /var/tmp/leapp-files
[satellite-server] # foreman-maintain packages unlock
[satellite-server] # yum install -y /var/tmp/leapp-files/*.rpm
[satellite-server] # foreman-maintain packages lock
Prepare yum repos for LEAPP Upgrade
From the previous post, the rhel8.8 DVD iso was mounted in /media/rhel-8 and the Satellite repositories were configure using the mounted Satellite DVD isos. However, the leapp utility cannot read file:/// based repositories, requiring http based repos only. In order to facilitate this, we will use the Satellite’s public HTML directory to provide html repositories.
Create a symlink from /media to /var/www/html/pub
[satellite-server] # ln -s /media /var/www/html/pub/
media
Update the Satellite yum repositories to point the local http server and relevant path:
[satellite-server] # cat <<EOF> /etc/yum.repos.d/satellite-6.11-rhel8.repo
[satellite-6.11-rhel8] baseurl=http://rhel7-satellite-demo/pub/media/satellite-6.11-rhel8/Satellite name=Satellite-6.11-rhel8 enabled=1 gpgcheck=0 [satellite-maintenance-6.11-rhel8]
baseurl=http://rhel7-satellite-demo/pub/media/satellite-6.11-rhel8/Maintenance/ name=Satellite-Maintenance-6.11-rhel8 enabled=1 gpgcheck=0
EOF
Disable the rhel7 and Satellite-6.11-rhel7 repositories:
[satellite-server] # sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/rhel7.repo
[satellite-server] # sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/satellite-6.11-rhel7.repo
Pre-requisite tasks for LEAPP upgrade
Two kernel modules must be removed prior to the upgrade process : floppy & pata_acpi
[satellite-server] # rmmod floppy pata_acpi
Ensure that there are no NFS mount points specified in /etc/fstab:
[satellite-server] # sed -i '/\bnfs(4)?\b/s/^/#/' /etc/fstab
Run LEAPP preupgrade check
Run the leapp preupgrade command to perform the pre-upgrade phase:
[satellite-server] # leapp preupgrade --no-rhsm --iso /<path>/rhel-8-dvd.iso --enablerepo=satellite-6.11-rhel8 --enablerepo=satellite-maintenance-6.11-rhel8
Once the pre-upgrade checks have been completed, a report and an answerfile is generated in /var/log/leapp/answerfile. The file can either be edited to provide the answer to the removal of pam_pkcs11 module (uncomment the line and confirm answer as True) or run the following command:
[satellite-server] # leapp answer --section remove_pam_pkcs11_module_check.confirm=True
Re-run the leapp preupgrade command again and confirm that there are no unresolved issues or inhibitors.
Backup / Snapshot
At this stage it is highly recommended to backup or take a snapshot of the Satellite server before performing the upgrade.
Upgrade to RHEL8 using LEAPP utility
To upgrade the Satellite server to RHEL8 using the leapp utility, run the following command:
[satellite-server] # leapp upgrade --no-rhsm --iso /<path>/rhel-8-dvd.iso --enablerepo=satellite-6.11-rhel8 --enablerepo=satellite-maintenance-6.11-rhel8
The upgrade process will start. It will determine the packages it requires and at some point will reboot and continue the upgrade. Once it has completed the last stages of the upgrade process it will reboot a few times and the Satellite server will now be running RHEL8. This process can take up to an hour. Once that is completed, there are some post-upgrade tasks which are required.
Post Upgrade Tasks
Once the upgrade has been completed, complete the following post-ugprade tasks:
Check Satellite Service Status
You may run into an error where Satellite services are not started correctly and/or httpd does not start because of an error. If so run the following command to check the service status:
# satellite-maintain service list
If you find that any services are disabled, then use the following command to enable them:
# satellite-maintain service enable --only dynflow-sidekiq@,foreman-proxy,httpd,postgresql,puppetserver,redis,tomcat
The httpd service may not start due to the duplicate loading of the mpm module, if that is the case disabled the module in the file
# vi /etc/httpd/conf.modules.d/00-mpm.conf
Setup the RHEL8 Repo from the install media
cat <<EOF> /etc/yum.repos.d/rhel-8.repo
[BaseOS]
name=Red Hat Enterprise Linux 8 for x86_64 BaseOS
baseurl=file:///media/rhel-8/BaseOS
gpgcheck=0
enabled=1
[AppStream]
name=Red Hat Enterprise Linux 8 for x86_64 AppStream
baseurl=file:///media/rhel-8/AppStream
gpgcheck=0
enabled=1
EOF
Remove
yum config-manager --save --setopt exclude='' cd /lib/modules && ls -d *.el7* [ -x /usr/sbin/weak-modules ] && /usr/sbin/weak-modules --remove-kernel 3.10.0-1160.25.1.el7.x86_64 /bin/kernel-install remove 3.10.0-1160.25.1.el7.x86_64 /lib/modules/3.10.0-1160.25.1.el7.x86_64/vmlinuz rpm -qa | grep -e '\.el[67]' | grep -vE '^(gpg-pubkey|libmodulemd|katello-ca-consumer)' | yum remove yum remove leapp-deps-el8 leapp-repository-deps-el8 rm -rf /lib/modules/*el7* rm -rf /var/log/leapp /root/tmp_leapp_py3 /var/lib/leapp rm -rf /boot/vmlinuz-*rescue* /boot/initramfs-*rescue* dnf reinstall -y kernel-core-$(uname -r) grubby --info=ALL | grep "\.el7" || echo "Old kernels are not present in the bootloader."
If there are still el7 kernels, find them and remove them:rpm -q kernel|grep el7 dnf remove kernel-<version>.el7.x86_64 grubby --remove-kernel=/boot/vmlinuz-<version>.el7.x86_64
ls /boot/vmlinuz-*rescue* /boot/initramfs-*rescue* lsinitrd /boot/initramfs-*rescue*.img | grep -qm1 "$(uname -r)/kernel/" && echo "OK" || echo "FAIL" grubby --info $(ls /boot/vmlinuz-*rescue*)
This completes the upgrade from Red Hat Enterprise Linux 7 to Red Hat Enterprise 8.
Update to latest RHEL8 Packages
The Satellite server has now been upgraded to RHEL8, but is not completely up to date with the latest security patches and bug fixes. The next step is to synchronise the BaseOS and AppStream repositories, using a helper host and then transfer the content onto the Satellite server in order to perform the update.
Use connected helper host to sync RHEL8 OS & Satellite repos
Use the reposync tool on the connected host to copy the rhel8 BaseOS and AppStream repositories. What I prefer to do is create a separate logical volume for the repository data : /repos
This allows me to manage the content separately from the rest of the OS on the connected host.
[connected-host] # reposync --gpgcheck --newpackage --download-metadata --repoid=rhel-8-for-x86_64-baseos-rpms -p /repos/
[connected-host] # reposync --gpgcheck --newpackage --download-metadata --repoid=rhel-8-for-x86_64-appstream-rpms -p /repos/
Once completed tar the rhel-8-for-x86_64-baseos-rpms and rhel-8-for-x86_64-appstream-rpms directories in the /repo directory and copy them across to the disconnected Satellite server.
Create the local repos on the Satellite server
On the Satellite server, create an additional logical volume /repos and upack the tar files into that directory.
Create the yum repo with the following command:
[satellite-server] # cat <<EOF> /etc/yum.repos.d/rhel8-local.repo
[rhel-8-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 BaseOS
baseurl=file:///repos/rhel-8-for-x86_64-baseos-rpms
gpgcheck=1
enabled=1
[rhel-8-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 AppStream
baseurl=file:///repos/rhel-8-for-x86_64-appstream-rpms
gpgcheck=1
enabled=1
EOF
The Satellite server can now update