CentOS 6.5からCentOS 7.0へのアップグレード(補足トラブル:対処)
CentOS 7.0がリリースされしばらく経つので、CentOS 6.5をCentOS 7.0にアップグレードし、CentOS7.0 の新機能を学ぶことにしました。
現行のCentOS
# cat /etc/redhat-release CentOS release 6.5 (Final)
参考URL
下記の情報を参考にしました。
http://wiki.centos.org/TipsAndTricks/CentOSUpgradeTool
http://abi.io/blogs/in-place-upgrade-centos-6-5-to-7-0-using-preupg.html
前提条件
・ CentOSで提供されるアップグレードを使用します。
・ 事前にシステムのバックアップを取得しておきます。
必ずしもアップグレードが成功するわけではないようです。
・ 自己責任で実施して下さい。
失敗した場合は、再インストールもしくはバックアップから復旧して下さい
今回は壊れてよい試験環境で実施しています。
手順
アップグレードのために実施した手順を記載します。
1. yumによるパッケージの最新化(必要であれば)
# yum -y update
2. 再起動(必要であれば)
# reboot
# vi /etc/yum.repos.d/upgradetool.repo [下記を追加] [upg] name=CentOS-$releasever - Upgrade Tool baseurl=http://dev.centos.org/centos/6/upg/x86_64/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
4.アップツールのインストール
# yum install redhat-upgrade-tool preupgrade-assistant-contents
5.Preupgrade Assistantツールを実行
# preupg -l CentOS6_7 # preupg -s CentOS6_7 Preupg tool doesn't do the actual upgrade. Please ensure you have backed up your system and/or data in the event of a failed upgrade that would require a full re-install of the system from installation media. Do you want to continue? y/n [yを入力] Gathering logs used by preupgrade assistant: All installed packages : 01/11 ...finished (time 00:01s) All changed files : 02/11 ...finished (time 06:10s) Changed config files : 03/11 ...finished (time 00:00s) All users : 04/11 ...finished (time 00:00s) All groups : 05/11 ...finished (time 00:00s) Service statuses : 06/11 ...finished (time 00:00s) All installed files : 07/11 ...finished (time 00:05s) All local files : 08/11 ...finished (time 00:28s) All executable files : 09/11 ...finished (time 00:04s) RedHat signed packages : 10/11 ...finished (time 00:00s) CentOS signed packages : 11/11 ...finished (time 00:00s) Assessment of the system, running checks / SCE scripts: 001/096 ...done (Configuration Files to Review) 002/096 ...done (File Lists for Manual Migration) 003/096 ...done (Bacula Backup Software) 004/096 ...done (MySQL configuration) 005/096 ...done (Migration of the MySQL data stack) 006/096 ...done (Changes related to moving from MySQL to MariaDB) 007/096 ...done (PostgreSQL upgrade content) 008/096 ...running (GNOME Desktop Environment underwent several design modificatdone (GNOME Desktop Environment underwent several design modifications in CentOS 7 release) 009/096 ...running (KDE Desktop Environment underwent several design modificatiodone (KDE Desktop Environment underwent several design modifications in CentOS 7 release) 010/096 ...done (several graphic drivers not supported in CentOS 7) 011/096 ...done (several input drivers not supported in CentOS 7) 012/096 ..done (several kernel networking drivers not available in CentOS 7)) 013/096 ...done (several kernel storage drivers not available in CentOS 7) 014/096 ...done (Names, Options and Output Format Changes in arptables) 015/096 ...done (BIND9 running in a chroot environment check.) 016/096 ...done (BIND9 configuration compatibility check) 017/096 ...running (Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.sedone (Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files) 018/096 ...done (DNSMASQ configuration compatibility check) 019/096 ...done (Dovecot configuration compatibility check) 020/096 ...done (Compatibility Between iptables and ip6tables) 021/096 ...done (Net-SNMP check) 022/096 ...done (Squid configuration compatibility check) 023/096 ...done (Reusable Configuration Files) 024/096 ...done (VCS repositories) 025/096 ...done (Added and extended options for BIND9 configuration) 026/096 ...done (Added options in DNSMASQ configuration) 027/096 ...done (Packages not signed by CentOS) 028/096 ...done (Obsoleted rpms) 029/096 ...done (w3m not available in CentOS 7) 030/096 ...running (report incompatibilities between CentOS 6 and 7 in qemu-guesdone (report incompatibilities between CentOS 6 and 7 in qemu-guest-agent package) 031/096 ...done (Removed options in coreutils binaries) 032/096 ...done (Removed options in gawk binaries) 033/096 ...done (Removed options in netstat binary) 034/096 ...done (Removed options in quota tools) 035/096 ...done (Removed rpms) 036/096 ...done (Replaced rpms) 037/096 ...done (GMP library incompatibilities) 038/096 ...done (package downgrades) 039/096 ...done (restore custom selinux configuration) 040/096 ...done (General) 041/096 ...done (samba shared directories selinux) 042/096 ...done (CUPS Browsing/BrowsePoll configuration) 043/096 ...done (CVS Package Split) 044/096 ...done (FreeRADIUS Upgrade Verification) 045/096 ...done (httpd configuration compatibility check) 046/096 ...done (bind-dyndb-ldap) 047/096 ...done (Identity Management Server compatibility check) 048/096 ...done (IPA Server CA Verification) 049/096 ...done (NTP configuration) 050/096 ...done (Information on time-sync.target) 051/096 ...done (OpenLDAP /etc/sysconfig and data compatibility) 052/096 ...done (OpenSSH sshd_config migration content) 053/096 ...done (OpenSSH sysconfig migration content) 054/096 ...done (Configuration for quota_nld service) 055/096 ...running (Disk quota netlink message daemon moved into quota-nld packadone (Disk quota netlink message daemon moved into quota-nld package) 056/096 ...done (SSSD compatibility check) 057/096 ...done (Luks encrypted partition) 058/096 ...done (Clvmd and cmirrord daemon management.) 059/096 ...done (State of LVM2 services.) 060/096 ...done (device-mapper-multipath configuration compatibility check) 061/096 ...done (Removal of scsi-target-utils) 062/096 ...done (Configuration for warnquota tool) 055/096 ...running (Disk quota netlink message daemon moved into quota-nld packadone (Disk quota netlink message daemon moved into quota-nld package) 056/096 ...done (SSSD compatibility check) 057/096 ...done (Luks encrypted partition) 058/096 ...done (Clvmd and cmirrord daemon management.) 059/096 ...done (State of LVM2 services.) 060/096 ...done (device-mapper-multipath configuration compatibility check) 061/096 ...done (Removal of scsi-target-utils) 062/096 ...done (Configuration for warnquota tool) 063/096 ...running (Disk quota tool warnquota moved into quota-warnquota packagedone (Disk quota tool warnquota moved into quota-warnquota package) 064/096 ...done (Architecture Support) 065/096 ...done (Binary rebuilds) 066/096 ...done (Debuginfo packages) 067/096 ...done (Cluster and High Availability) 068/096 ...done (Quorum implementation) 069/096 ...done (fix krb5kdc config file) 070/096 ...done (File Systems, Partitions and Mounts Configuration Review) 071/096 ...done (Read Only FHS directories) 072/096 ...done (Sonamebumped libs) 073/096 ...done (SonameKept Reusable Dynamic Libraries) 074/096 ...done (Removed .so libs) 075/096 ...done (In-place Upgrade Requirements for the /usr/ Directory) 076/096 ...done (CA certificate bundles modified) 077/096 ...done (Developer Tool Set packages) 078/096 ...done (Hyper-V) 079/096 ...running (Content for enabling and disabling services based on CentOS done (Content for enabling and disabling services based on CentOS 6 system) 080/096 ...done (Check for ethernet interface naming) 081/096 ...done (User modification in /etc/rc.local and /etc/rc.d/rc.local) 082/096 ...done (cgroups configuration compatibility check) 083/096 ...done (Plugable authentication modules (PAM)) 084/096 ...done (Foreign Perl modules) 085/096 ...done (Python 2.7.5) 086/096 ...done (Ruby 2.0.0) 087/096 ...done (SCL collections) 088/096 ...done (System kickstart) 089/096 ...done (YUM) 090/096 ...done (Check for usage of dangerous range of UID/GIDs) 091/096 ...done (Incorrect usage of reserved UID/GIDs) 092/096 ...done (NIS ypbind config files back-up) 093/096 ...done (NIS Makefile back-up) 094/096 ...done (NIS server maps check) 095/096 ...done (NIS server MAXUID and MAXGID limits check) 096/096 ...done (NIS server config file back-up) Assessment finished (time 09:27s) Result table with checks and their results for main contents: --------------------------------------------------------------------------------------------------------------- |Bacula Backup Software |notapplicable | |MySQL configuration |notapplicable | |Migration of the MySQL data stack |notapplicable | |Changes related to moving from MySQL to MariaDB |notapplicable | |PostgreSQL upgrade content |notapplicable | |GNOME Desktop Environment underwent several design modifications in CentOS 7 release |notapplicable | |KDE Desktop Environment underwent several design modifications in CentOS 7 release |notapplicable | |several graphic drivers not supported in CentOS 7 |notapplicable | |several input drivers not supported in CentOS 7 |notapplicable | |Names, Options and Output Format Changes in arptables |notapplicable | |BIND9 running in a chroot environment check. |notapplicable | |BIND9 configuration compatibility check |notapplicable | |Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files |notapplicable | |DNSMASQ configuration compatibility check |notapplicable | |Dovecot configuration compatibility check |notapplicable | |Net-SNMP check |notapplicable | |Squid configuration compatibility check |notapplicable | |Added and extended options for BIND9 configuration |notapplicable | |Added options in DNSMASQ configuration |notapplicable | |w3m not available in CentOS 7 |notapplicable | |report incompatibilities between CentOS 6 and 7 in qemu-guest-agent package |notapplicable | |restore custom selinux configuration |notapplicable | |samba shared directories selinux |notapplicable | |CUPS Browsing/BrowsePoll configuration |notapplicable | |FreeRADIUS Upgrade Verification |notapplicable | |bind-dyndb-ldap |notapplicable | |Identity Management Server compatibility check |notapplicable | |IPA Server CA Verification |notapplicable | |OpenLDAP /etc/sysconfig and data compatibility |notapplicable | |SSSD compatibility check |notapplicable | |Clvmd and cmirrord daemon management. |notapplicable | |device-mapper-multipath configuration compatibility check |notapplicable | |Removal of scsi-target-utils |notapplicable | |Quorum implementation |notapplicable | |fix krb5kdc config file |notapplicable | |cgroups configuration compatibility check |notapplicable | |Ruby 2.0.0 |notapplicable | |System kickstart |notapplicable | |NIS ypbind config files back-up |notapplicable | |NIS Makefile back-up |notapplicable | |NIS server maps check |notapplicable | |NIS server MAXUID and MAXGID limits check |notapplicable | |NIS server config file back-up |notapplicable | |several kernel networking drivers not available in CentOS 7 |pass | |several kernel storage drivers not available in CentOS 7 |pass | |OpenSSH sshd_config migration content |pass | |Configuration for quota_nld service |pass | |Disk quota netlink message daemon moved into quota-nld package |pass | |Luks encrypted partition |pass | |Configuration for warnquota tool |pass | |Architecture Support |pass | |Debuginfo packages |pass | |Cluster and High Availability |pass | |Read Only FHS directories |pass | |In-place Upgrade Requirements for the /usr/ Directory |pass | |CA certificate bundles modified |pass | |Developer Tool Set packages |pass | |Hyper-V |pass | |Check for ethernet interface naming |pass | |Plugable authentication modules (PAM) |pass | |SCL collections |pass | |Compatibility Between iptables and ip6tables |informational | |VCS repositories |informational | |Removed options in coreutils binaries |informational | |Removed options in gawk binaries |informational | |Removed options in netstat binary |informational | |Removed options in quota tools |informational | |GMP library incompatibilities |informational | |CVS Package Split |informational | |httpd configuration compatibility check |informational | |NTP configuration |informational | |Information on time-sync.target |informational | |Disk quota tool warnquota moved into quota-warnquota package |informational | |File Systems, Partitions and Mounts Configuration Review |informational | |Sonamebumped libs |informational | |SonameKept Reusable Dynamic Libraries |informational | |Removed .so libs |informational | |Foreign Perl modules |informational | |YUM |informational | |Reusable Configuration Files |fixed | |Replaced rpms |fixed | |package downgrades |fixed | |OpenSSH sysconfig migration content |fixed | |State of LVM2 services. |fixed | |Configuration Files to Review |needs_inspection | |File Lists for Manual Migration |needs_inspection | |Obsoleted rpms |needs_inspection | |Binary rebuilds |needs_inspection | |Python 2.7.5 |needs_inspection | |Check for usage of dangerous range of UID/GIDs |needs_inspection | |Incorrect usage of reserved UID/GIDs |needs_inspection | |Packages not signed by CentOS |needs_action | |Removed rpms |needs_action | |General |needs_action | |Content for enabling and disabling services based on CentOS 6 system |needs_action | |User modification in /etc/rc.local and /etc/rc.d/rc.local |needs_action | --------------------------------------------------------------------------------------------------------------- Tarball with results is stored here /root/preupgrade-results/preupg_results-150110180525.tar.gz . The latest assessment is stored in directory /root/preupgrade . Summary information: We found some potential in-place upgrade risks. Read the file /root/preupgrade/result.html for more details. Upload results to UI by command: e.g. preupg -u http://127.0.0.1:8099/submit/ -r /root/preupgrade-results/preupg_results-*.tar.gz .
6.レポートの詳細確認
/root/preupgrade/result.htmlに結果が記載されています。
※ 今回は壊れてもよい試験的な環境で実施したため詳細は確認せず、次の手順に進みました。
本来はすべての内容を確認し、対処方法を検討すべき
7.アップグレードの実施
# rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7 # centos-upgrade-tool-cli --network 7 --instrepo=http://mirror.centos.org/centos/7/os/x86_64/ # centos-upgrade-tool-cli --network 7 --instrepo=http://mirror.centos.org/centos/7/os/x86_64/ setting up repos... cmdline-instrepo | 3.6 kB 00:00 cmdline-instrepo/primary_db | 4.9 MB 00:03 epel/metalink | 4.9 kB 00:00 epel | 4.4 kB 00:00 epel/primary_db | 6.4 MB 00:00 upg | 1.9 kB 00:00 upg/primary_db | 14 kB 00:00 No upgrade available for the following repos: base extras updates .treeinfo | 1.1 kB 00:00 Preupgrade assistant risk check found risks for this upgrade. You can run preupg --riskcheck --verbose to view these risks. Addressing high risk issues is required before the in-place upgrade and ignoring these risks may result in a broken upgrade and unsupported upgrade. Please backup your data. List of issues: INPLACERISK: HIGH: We detected some non-CentOS signed packages, you can find the list in /root/preupgrade/./kickstart/noncentospkgs. You need to handle them yourself! INPLACERISK: HIGH: After upgrading to CentOS 7 there are still some el6 packages left. Add --cleanup-post option to redhat-upgrade-tool if you want to remove them automatically. INPLACERISK: HIGH: There were changes in SELinux policies between CentOS 6 and CentOS 7. Please, check solution in order to resolve this issue. INPLACERISK: HIGH: The service blk-availability on CentOS 7 is disabled by default. Enable them via commands: systemctl enable blk-availability && systemctl start blk-availability.service . INPLACERISK: HIGH: The service ip6tables on CentOS 7 is disabled by default. Enable them via commands: systemctl enable ip6tables && systemctl start ip6tables.service . INPLACERISK: HIGH: The service network on CentOS 7 is disabled by default. Enable them via commands: systemctl enable network && systemctl start network.service . INPLACERISK: HIGH: The service ntpd on CentOS 7 is disabled by default. Enable them via commands: systemctl enable ntpd && systemctl start ntpd.service . INPLACERISK: HIGH: The service ntpdate on CentOS 7 is disabled by default. Enable them via commands: systemctl enable ntpdate && systemctl start ntpdate.service . INPLACERISK: HIGH: File /etc/rc.d/rc.local was changed INPLACERISK: MEDIUM: We detected some packages installed on the system were removed (obsoleted) between CentOS 6 and CentOS 7. This may break the functionality of the packages depending on them. INPLACERISK: MEDIUM: We detected some packages installed on the system were removed between CentOS 6 and CentOS 7. This may break the functionality of the packages depending on them. [省略] Continue with the upgrade [Y/N]? [Yを入力] [省略] rpm transaction 100% [=========================================================] rpm install 100% [=============================================================] setting up system for upgrade
8. 再起動
# reboot
再起動に時間がかかります。
9. バージョンの確認
# cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core)
以上で、アップグレードは終了です。
補足:
CentOS 7.0後にupgrade後、下記の問題が発生しました。
a. sshdが起動しないが起動しない
# systemctl start sshd # systemctl status sshd sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled) Active: activating (auto-restart) (Result: exit-code) since 土 2015-01-10 19:47:47 JST; 5s ago Process: 1283 ExecStart=/usr/sbin/sshd -D $OPTIONS (code=exited, status=127) Process: 1281 ExecStartPre=/usr/sbin/sshd-keygen (code=exited, status=0/SUCCESS) Main PID: 1283 (code=exited, status=127) 1月 10 19:47:47 www9379ue.sakura.ne.jp sshd[1283]: /usr/sbin/sshd: error wh... 1月 10 19:47:47 www9379ue.sakura.ne.jp systemd[1]: sshd.service: main proce... 1月 10 19:47:47 www9379ue.sakura.ne.jp systemd[1]: Unit sshd.service entere... Hint: Some lines were ellipsized, use -l to show in full.
b. yumが実行できない
# yum install postgresql There was a problem importing one of the Python modules required to run yum. The error leading to this problem was: libsasl2.so.2: cannot open shared object file: No such file or directory Please install a package which provides this module, or verify that the module is installed correctly. It's possible that the above module doesn't match the current version of Python, which is: 2.7.5 (default, Jun 17 2014, 18:11:42) [GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] If you cannot solve this problem yourself, please go to the yum faq at: http://yum.baseurl.org/wiki/Faq
原因特定
libsasl2.so.2 => not foundが原因
# /usr/sbin/sshd /usr/sbin/sshd: error while loading shared libraries: libsasl2.so.2: cannot open shared object file: No such file or directory # ldd /usr/sbin/sshd [省略] libsasl2.so.2 => not found [省略]
対処
# ln -s /lib64/libsasl2.so.3 /lib64/libsasl2.so.2
今後は、CentOS 7.0の新機能を学んでいこうと思います。