All Products
Search

This Product

    Elastic Compute Service:Upgrade from RHEL 7 to RHEL 8

    Document Center

    Elastic Compute Service:Upgrade from RHEL 7 to RHEL 8

    Last Updated:Dec 29, 2023

    If your applications are deployed on an Elastic Compute Service (ECS) instance that runs Red Hat Enterprise Linux (RHEL) 7, you can upgrade the instance to RHEL 8 to use new and better features. This topic describes how to upgrade an ECS instance from RHEL 7 to RHEL 8.

    For more information, see Upgrading from RHEL 7 to RHEL 8.

    Prerequisites

    The ECS instance that you want to upgrade meets the requirements for running RHEL 8. For more information, see Red Hat Enterprise Linux Technology Capabilities and Limits.

    Procedure

    Important

    The upgrade operation can create risks. Before you perform the upgrade, we recommend that you create snapshots for disks on the instance to back up important data and familiarize yourself with the upgrade process and issues that may occur during the process. Exercise cause when you perform the upgrade. For information about how to create snapshots for the disks, see Create a snapshot for a disk.

    1. Connect to the ECS instance that runs a RHEL 7 operating system as the root user.

      For more information, see Connect to a Linux instance by using a password or key.

    2. Prepare the RHEL 7 operating system for the upgrade.

      1. Run the following commands to update the RHEL 7 operating system to the latest minor version and restart the instance for the update to take effect: 

        yum -y update
reboot

      2. Run the following command to install the Leapp utility on the RHEL 7 operating system: 

        yum -y install leapp leapp-rhui-alibaba --enablerepo="*"

    3. Perform a pre-upgrade check.

      1. Run the following command to perform a pre-upgrade check: 

        leapp preupgrade  --no-rhsm --target 8.8

        In the preceding command, --target 8.8 indicates that the target version is RHEL 8.8. You can replace 8.8 with the actual target version number. If you do not specify a target version, the command upgrades the RHEL 7 operating system to the latest RHEL version.

        Note

        You can run the leapp preupgrade -h command to view the supported target versions.

      2. View the pre-upgrade check results.

        RHEL 7 significantly differs from RHEL 8. During the pre-upgrade check, the Leapp utility scans the RHEL 7 operating system for the configurations that must be modified to support the upgrade. Leapp pre-upgrade check logs are stored in the following log files:

        • /var/log/leapp/leapp-preupgrade.log: stores the logs of the Leapp utility.

        • /var/log/leapp/leapp-report.txt: stores the pre-upgrade check report in the text format.

        • /var/log/leapp/leapp-report.json: stores the pre-upgrade check report in the JSON format.

        If the pre-upgrade check fails, specific failed items (inhibitors) are displayed as shown in the following figure.

        image.png

      3. Resolve the issues that are reported in the pre-upgrade report.

        Analyze the pre-upgrade check report in the /var/log/leapp/leapp-report.txt file. Resolve all reported issues by following the remediation suggestions that are provided by the Leapp utility. The following section describes several common issues that are reported in pre-upgrade check reports and how to resolve the issues:

        • Issue 1: Multiple kernel versions are installed.

          Risk Factor: high (inhibitor)
Title: Multiple devel kernels installed
Summary: DNF cannot produce a valid upgrade transaction when multiple kernel-devel packages are installed.
Remediation: [hint] Remove all but one kernel-devel packages before running Leapp again.
[command] yum -y remove kernel-devel-3.10.0-1160.11.1.el7

          Solution: If multiple kernel versions are installed, uninstall all kernel versions except the latest version. To uninstall all kernel versions except the latest version, run the command that is suggested by the Leapp utility. In this example, the yum -y remove kernel-devel-3.10.0-1160.11.1.el7 command is the suggested command.

        • Issue 2: Kernel modules that are not supported by RHEL 8 are loaded.

          Risk Factor: high (inhibitor)                                                                                                                                                                                         
Title: Leapp detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed.                                                                                                                
Summary: Support for the following RHEL 7 device drivers has been removed in RHEL 8:                                                                                                                                  
     - floppy

          Solution: If kernel modules that are not supported by RHEL 8 are loaded, run commands to uninstall the modules. In this example, the floppy module that is not supported by RHEL 8 is loaded. To uninstall the floppy module, run the following command: 

          rmmod floppy

        • Issue 3: The PermitRootLogin option is incorrectly configured in the sshd_config file. 

          Risk Factor: high (inhibitor)
Title: Possible problems with remote login using root account
Summary: OpenSSH configuration file does not explicitly state the option PermitRootLogin in sshd_config file, which will default in RHEL8 to "prohibit-password".
Remediation: [hint] If you depend on remote root logins using passwords, consider setting up a different user for remote administration or adding "PermitRootLogin yes" to sshd_config. 
If this change is ok for you, add explicit "PermitRootLogin prohibit-password" to your sshd_config to ignore this inhibitor

          Solution:

          1. In the /etc/sshd/sshd_config file, set the default value of PermitRootLogin to yes.

            Note

            The default values of PermitRootLogin are different in RHEL 7 and RHEL 8.

            • In RHEL 7, the default value of PermitRootLogin is yes to enable password-based and key-based logons for the root user.

            • In RHEL 8, the default value of PermitRootLogin is prohibit-password to disable password-based logons for the root user.

          2. Run the following command to restart sshd: 

            systemctl restart sshd

        • Issue 4: Required answers are missing from the answer file.

          Risk Factor: high (inhibitor)
Title: Missing required answers in the answer file
Summary: One or more sections in answerfile are missing user choices: remove_pam_pkcs11_module_check.confirm
For more information consult https://leapp.readthedocs.io/en/latest/dialogs.html
Remediation: [hint] Please register user choices with leapp answer cli command or by manually editing the answerfile.
[command] leapp answer --section remove_pam_pkcs11_module_check.confirm=True

          Solution: In this example, the answer to the question about whether to remove the PAM module that is not supported by RHEL 8 is missing from the /var/log/leapp/answerfile file. Run the following command to set confirm to True to answer the question and confirm the PAM module removal: 

          leapp answer --section remove_pam_pkcs11_module_check.confirm=True

          image.png

    4. Run the following command to upgrade from RHEL 7 to RHEL 8: 

      leapp upgrade  --no-rhsm --target 8.8

      The following command output indicates that the upgrade is complete.

      image.png

    5. Run the following command to restart the instance: 

      reboot

    6. Check the post-upgrade status of the RHEL 8 operating system.

      • Check the upgrade logs or report.

        In the RHEL 8 operating system, you can view the upgrade logs in the /var/log/leapp/leapp-upgrade.txt file or the upgrade report in the /var/log/leapp/leapp-report.txt file for the details of the upgrade process.

        • The following log information indicates that specific software packages may fail to be installed or upgraded. You can manually install the software packages after the upgrade. 

          Risk Factor: high
Title: Packages from unknown repositories may not be installed
Summary: 3 packages may not be installed or upgraded due to repositories unknown to leapp:
- python3-pyxattr (repoid: rhel8-CRB)
- rpcgen (repoid: rhel8-CRB)
- ustr (repoid: rhel8-CRB)
Remediation: [hint] In case the listed repositories are mirrors of official repositories for RHEL (provided by Red Hat on CDN) and their repositories IDs has been customized, you can change the configuration to use the official IDs instead of fixing the problem. You can also review the projected DNF upgrade transaction result in the logs to see what is going to happen, as this does not necessarily mean that the listed packages will not be upgraded. You can also install any missing packages after the in-place upgrade manually.

        • The following log information indicates that specific RHEL 7 packages are not upgraded. You can remove the packages to retain the operating system in the supported status. 

          Risk Factor: high
Title: Some RHEL 7 packages have not been upgraded
Summary: Following RHEL 7 packages have not been upgraded:
leapp-upgrade-el7toel8-0.18.0-1.el7_9
kernel-3.10.0-1160.92.1.el7
leapp-rhui-alibaba-1.0.0-1.el7_9
Please remove these packages to keep your system in supported state.

          Run the yum remove leapp-upgrade-el7toel8-0.18.0-1.el7_9 kernel-3.10.0-1160.92.1.el7 leapp-rhui-alibaba-1.0.0-1.el7_9 command to remove the packages.

      • Check whether your business runs as expected on RHEL 8.