All Products
Search

This Product

    Elastic Compute Service:Upgrade from RHEL 7 to RHEL 8

    Document Center

    Elastic Compute Service:Upgrade from RHEL 7 to RHEL 8

    Last Updated:Aug 16, 2024

    After June 30, 2024, Red Hat Enterprise Linux (RHEL) 7 transitioned from the Maintenance Support phase to the Extended Life phase. Red Hat provides limited technical support in the Extended Life phase. If your Elastic Compute Service (ECS) instances and applications are deployed on top of RHEL 7, we recommend that you upgrade RHEL 7 to RHEL 8 to use new service capabilities and remain compatible with the most recent hardware platforms and independent software vendor (ISV) software. This topic describes how to upgrade RHEL 7 to RHEL 8 on an ECS instance.

    Note

    If your current business must be retained in RHEL 7, we recommend that you purchase an Alibaba Cloud RHEL Extended Life Cycle Support (ELS) Add-On subscription to receive continuous software maintenance and technical support in the ELS phase. For more information, see Red Hat Enterprise Linux 7 ELS guidance.

    Prerequisites

    • The ECS instance that you want to upgrade meets the requirements for running RHEL 8. For more information, see Red Hat Enterprise Linux Technology Capabilities and Limits.

    • The ECS instance uses a RHEL 7 image that is purchased in Alibaba Cloud Marketplace and contains a RHEL 7 subscription or a RHEL 7 image that is imported to Alibaba Cloud and contains a separately purchased Alibaba Cloud RHEL 7 subscription.

      Note

      • To check whether your operating system has the Alibaba Cloud RHEL 7 subscription, run the rpm -q client-rhel7 command. If the command output similar to client-rhel7-3.0-1.el7_9.noarch is returned, you purchased the Alibaba Cloud RHEL 7 subscription.

      • If you purchased a Red Hat RHEL 7 subscription, see Upgrading from RHEL 7 to RHEL 8 at the official Red Hat website.

    Procedure

    Important

    The upgrade operation can create risks. Before you perform the upgrade, we recommend that you create snapshots for disks on the instance to back up important data and familiarize yourself with the upgrade process and issues that may occur during the process. Exercise caution when you perform the upgrade. For information about how to create snapshots for disks, see Create a snapshot for a disk.

    1. Connect to the ECS instance that runs a RHEL 7 operating system as the root user.

      For more information, see Connect to a Linux instance by using a password or key.

    2. Prepare the RHEL 7 operating system for the upgrade.

      1. Run the following commands to update the RHEL 7 operating system to the latest minor version and restart the instance for the update to take effect: 

        yum -y update
reboot

      2. Run the following command to install the Leapp utility on the RHEL 7 operating system: 

        yum -y install leapp leapp-rhui-alibaba --enablerepo="*"

    3. Perform a pre-upgrade check.

      You must use the Leapp utility to perform a pre-upgrade check because RHEL 7 significantly differs from RHEL 8. You can view the Leapp check results and modify the configurations based on suggestions to meet upgrade requirements.

      1. Run the following command to perform a pre-upgrade check. By default, RHEL 7 is upgraded to the latest version of RHEL 8. 

        leapp preupgrade  --no-rhsm
        Note

        • You can also specify a RHEL 8 version. For example, to upgrade to RHEL 8.8, run the leapp preupgrade --no-rhsm --target 8.8 command.

        • To view the RHEL 8 versions that are supported, run the leapp preupgrade -h command.

      2. View the pre-upgrade check results.

        Leapp pre-upgrade check logs are stored in the following log files:

        • /var/log/leapp/leapp-preupgrade.log: stores the logs of the Leapp utility.

        • /var/log/leapp/leapp-report.txt: stores the pre-upgrade check report in the text format.

        • /var/log/leapp/leapp-report.json: stores the pre-upgrade check report in the JSON format.

        If the pre-upgrade check fails, specific failed items (inhibitors) are displayed as shown in the following figure.

        image.png

      3. Resolve the issues that are reported in the pre-upgrade report.

        Analyze the pre-upgrade check report in the /var/log/leapp/leapp-report.txt file. Resolve all reported issues by following the remediation suggestions that are provided by the Leapp utility. The following section describes several common issues that are reported in pre-upgrade check reports and how to resolve the issues:

        • Issue 1: Multiple kernel versions are installed.

          Risk Factor: high (inhibitor)
Title: Multiple devel kernels installed
Summary: DNF cannot produce a valid upgrade transaction when multiple kernel-devel packages are installed.
Remediation: [hint] Remove all but one kernel-devel packages before running Leapp again.
[command] yum -y remove kernel-devel-3.10.0-1160.11.1.el7

          Solution: If multiple kernel versions are installed, uninstall all kernel versions except the latest version. To uninstall all kernel versions except the latest version, run the command that is suggested by the Leapp utility. In this example, the yum -y remove kernel-devel-3.10.0-1160.11.1.el7 command is the suggested command.

        • Issue 2: Kernel modules that are not supported by RHEL 8 are loaded.

          Risk Factor: high (inhibitor)                                                                                                                                                                                         
Title: Leapp detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed.                                                                                                                
Summary: Support for the following RHEL 7 device drivers has been removed in RHEL 8:                                                                                                                                  
     - floppy

          Solution: If kernel modules that are not supported by RHEL 8 are loaded, run commands to uninstall the kernel modules. In this example, the floppy module that is not supported by RHEL 8 is loaded. To uninstall the floppy module, run the following command: 

          rmmod floppy

        • Issue 3: The PermitRootLogin option is incorrectly configured in the sshd_config file. 

          Risk Factor: high (inhibitor)
Title: Possible problems with remote login using root account
Summary: OpenSSH configuration file does not explicitly state the option PermitRootLogin in sshd_config file, which will default in RHEL8 to "prohibit-password".
Remediation: [hint] If you depend on remote root logins using passwords, consider setting up a different user for remote administration or adding "PermitRootLogin yes" to sshd_config. 
If this change is ok for you, add explicit "PermitRootLogin prohibit-password" to your sshd_config to ignore this inhibitor

          Solution:

          1. In the /etc/sshd/sshd_config file, set the default value of PermitRootLogin to yes.

            Note

            The default values of PermitRootLogin in RHEL 7 and RHEL 8 are different.

            • In RHEL 7, the default value of PermitRootLogin is yes to enable password-based and key-based logons for the root user.

            • In RHEL 8, the default value of PermitRootLogin is prohibit-password to disable password-based logons for the root user.

          2. Run the following command to restart sshd: 

            systemctl restart sshd

        • Issue 4: Required answers are missing from the answer file.

          Risk Factor: high (inhibitor)
Title: Missing required answers in the answer file
Summary: One or more sections in answerfile are missing user choices: remove_pam_pkcs11_module_check.confirm
For more information consult https://leapp.readthedocs.io/en/latest/dialogs.html
Remediation: [hint] Please register user choices with leapp answer cli command or by manually editing the answerfile.
[command] leapp answer --section remove_pam_pkcs11_module_check.confirm=True

          Solution: In this example, the answer to the question about whether to remove the PAM module that is not supported by RHEL 8 is missing from the /var/log/leapp/answerfile file. Run the following command to set confirm to True to answer the question and confirm the PAM module removal: 

          leapp answer --section remove_pam_pkcs11_module_check.confirm=True

          image.png

    4. Run the following command to upgrade RHEL 7. By default, RHEL 7 is upgraded to the latest version of RHEL 8. 

      leapp upgrade  --no-rhsm
      Note

      You can also specify a RHEL 8 version. For example, to upgrade to RHEL 8.8, run the leapp upgrade --no-rhsm --target 8.8 command.

      The following command output indicates that the upgrade is complete.

      image.png

    5. Run the following command to restart the instance: 

      reboot

    6. Check the post-upgrade status of the RHEL 8 operating system.

      • Check the upgrade logs or report.

        In the RHEL 8 operating system, you can view the upgrade logs in the /var/log/leapp/leapp-upgrade.txt file or the upgrade report in the /var/log/leapp/leapp-report.txt file to obtain the details of the upgrade process.

        • The following log information indicates that specific software packages may fail to be installed or upgraded. You can manually install the software packages after the upgrade. 

          Risk Factor: high
Title: Packages from unknown repositories may not be installed
Summary: 3 packages may not be installed or upgraded due to repositories unknown to leapp:
- python3-pyxattr (repoid: rhel8-CRB)
- rpcgen (repoid: rhel8-CRB)
- ustr (repoid: rhel8-CRB)
Remediation: [hint] In case the listed repositories are mirrors of official repositories for RHEL (provided by Red Hat on CDN) and their repositories IDs has been customized, you can change the configuration to use the official IDs instead of fixing the problem. You can also review the projected DNF upgrade transaction result in the logs to see what is going to happen, as this does not necessarily mean that the listed packages will not be upgraded. You can also install any missing packages after the in-place upgrade manually.

        • The following log information indicates that specific RHEL 7 packages are not upgraded. You can remove the packages to retain the operating system in the supported status. 

          Risk Factor: high
Title: Some RHEL 7 packages have not been upgraded
Summary: Following RHEL 7 packages have not been upgraded:
leapp-upgrade-el7toel8-0.18.0-1.el7_9
kernel-3.10.0-1160.92.1.el7
leapp-rhui-alibaba-1.0.0-1.el7_9
Please remove these packages to keep your system in supported state.

          Run the yum remove leapp-upgrade-el7toel8-0.18.0-1.el7_9 kernel-3.10.0-1160.92.1.el7 leapp-rhui-alibaba-1.0.0-1.el7_9 command to remove the packages.

      • Check whether your business runs as expected on RHEL 8.

    7. (Conditionally required) Run the following commands to configure the software repository of RHEL 8.

      After you perform the upgrade, the /etc/dnf/vars/releasever file is modified by default to specify a RHEL 8 version that you used in the preceding steps. For example, the RHEL 8.8 software repository address is set to https://xxxx/8.8/xxx, and you can only access the RHEL 8.8 software packages. If you want to have automatic access to packages of the latest minor version of RHEL 8 such as RHEL 8.10, you can delete the releasever configuration file and rebuild the metadata cache. This way, you can obtain the latest security patches and feature updates. 

      rm -f /etc/dnf/vars/releasever
dnf clean all && dnf makecache

      After the execution is complete, the software repository address is updated to https://xxxx/8/xxx, and you can obtain the latest version of the RHEL 8 packages.

    References

    • For information about RHEL, see Red Hat Enterprise Linux.

    • For information about the RHEL 7 ELS phase, see the official FAQ released by Red Hat.