Managing CentOS Migrations and RHEL Upgrades

Instructions

In the previous activity, you tested a sample application and upgraded a system. In this activity, you complete post-upgrade tasks and test the sample application again to verify the success of the upgrade.

1. Verify that the serverc machine is running RHEL 8.9.

   1. Log in to the serverc machine as the student user. Switch to the root user. Use student as the password.

      [student@workstation ~]$ ssh serverc
      student@serverc's password: student
      [student@serverc ~]$ sudo -i
      [sudo] password for student: student
      [root@serverc ~]#

   2. Review the contents of the /etc/redhat-release file to verify that the system is running the new version of RHEL.

      [root@serverc ~]# cat /etc/redhat-release
      Red Hat Enterprise Linux release 8.9 (Ootpa)

   3. Verify the kernel version.

      [root@serverc ~]# uname -r
      4.18.0-513.18.1.el8_9.x86_64

      The serverc machine is running a kernel version that corresponds to RHEL 8.9.

2. Confirm that the serverc machine is running system services as expected. Review log entries to verify that the machine does not have critical messages.

   1. Verify that the NetworkManager, tuned, and chronyd services are running as expected.

      [root@serverc ~]# systemctl status NetworkManager
      ● NetworkManager.service - Network Manager
         Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; vendor preset: enabled)
         Active: active (running) since Mon 2024-03-11 13:32:20 EDT; 3h 1min ago
      ...output omitted...

      [root@serverc ~]# systemctl status tuned
      ● tuned.service - Dynamic System Tuning Daemon
         Loaded: loaded (/usr/lib/systemd/system/tuned.service; enabled; vendor preset: enabled)
         Active: active (running) since Mon 2024-03-11 13:32:21 EDT; 3h 20min ago

      [root@serverc ~]# systemctl status chronyd
      ● chronyd.service - NTP client/server
         Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor preset: enabled)
         Active: active (running) since Mon 2024-03-11 13:32:17 EDT; 3h 4min ago
      ...output omitted...

      To run correctly, the machines in your organization might depend on a specific set of services. Make sure to review all services before continuing with other tasks.

   2. Review the /var/log/leapp/leapp-upgrade.log file to verify that the upgrade process completed successfully.

      [root@serverc ~]# cat /var/log/leapp/leapp-upgrade.log
      ...output omitted...
      2024-03-15 13:28:07.99  INFO     PID: 1382 leapp.workflow.FirstBoot: Starting stage Before of phase FirstBoot
      2024-03-15 13:28:07.129 INFO     PID: 1382 leapp.workflow.FirstBoot: Starting stage Main of phase FirstBoot
      2024-03-15 13:28:07.139 INFO     PID: 1382 leapp.workflow.FirstBoot: Executing actor enable_rhsm_target_repos
      2024-03-15 13:28:07.284 DEBUG    PID: 6228 leapp.workflow.FirstBoot.enable_rhsm_target_repos: External command has started: ['subscription-manager', 'release', '--set', '8.9']
      2024-03-15 13:28:08.627 DEBUG    PID: 6228 leapp.workflow.FirstBoot.enable_rhsm_target_repos: Release set to: 8.9
      2024-03-15 13:28:08.713 DEBUG    PID: 6228 leapp.workflow.FirstBoot.enable_rhsm_target_repos: External command has finished: ['subscription-manager', 'release', '--set', '8.9']
      ...output omitted...

      After reviewing the leapp-upgrade.log file, you determine that the upgrade completed successfully.

   3. Review the /var/log/messages file to verify that the system reports no new issues since the last system boot.

      [root@serverc ~]# cat /var/log/messages
      ...output omitted...
      Mar 15 12:24:38 serverc kernel: Initializing cgroup subsys cpuacct
      Mar 15 12:24:38 serverc kernel: Linux version 3.10.0-1160.59.1.el7.x86_64 (mockbuild@x86-vm-37.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) ) #1 SMP Wed Feb 16 12:17:35 UTC 2022
      Mar 15 12:24:38 serverc kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-3.10.0-1160.59.1.el7.x86_64 root=UUID=7c4f398a-9ad7-46a3-8a6a-e5d481122726 ro console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=auto LANG=en_US.UTF-8
      ...output omitted...
      Mar 15 12:57:39 serverc NetworkManager[615]: <info>  [1710521859.7200] manager: NetworkManager state is now CONNECTED_LOCAL
      Mar 15 12:57:39 serverc NetworkManager[615]: <info>  [1710521859.7346] device (eth0): Activation: successful, device activated.
      Mar 15 12:57:39 serverc NetworkManager[615]: <info>  [1710521859.7375] manager: startup complete
      ...output omitted...

      The /var/log/messages file does not show error messages.

3. Remove the Leapp tool packages.

   1. Review the exclude directive in the /etc/dnf/dnf.conf file.

      [root@serverc ~]# cat /etc/dnf/dnf.conf
      [main]
      gpgcheck=1
      installonly_limit=3
      clean_requirements_on_remove=True
      best=True
      skip_if_unavailable=False
      exclude=python2-leapp,snactor,leapp-upgrade-el7toel8,leapp
      ...output omitted...

      The Leapp packages are excluded from the package management system. To remove these packages from the system, first remove them from the exclude list.

   2. Clear the exclude list of the DNF package management system.

      [root@serverc ~]# dnf config-manager --save --setopt exclude=''
      Updating Subscription Management repositories.

   3. Verify that the exclude directive in the /etc/dnf/dnf.conf file is updated as expected.

      [root@serverc ~]# cat /etc/dnf/dnf.conf
      [main]
      gpgcheck=1
      installonly_limit=3
      clean_requirements_on_remove=True
      best=True
      skip_if_unavailable=False
      exclude=

   4. Remove the Leapp packages.

      [root@serverc ~]# dnf remove python2-leapp snactor leapp-upgrade-el7toel8 leapp
      Updating Subscription Management repositories.
      ...output omitted...
      Is this ok [y/N]: y
      ...output omitted...
      Complete!

4. Remove RHEL 7 packages.

   1. Query all packages that belong to the RHEL 7 release.

      [root@serverc ~]# rpm -qa | grep -e '\.el[7]'
      kernel-3.10.0-1160.59.1.el7.x86_64
      kernel-3.10.0-1160.108.1.el7.x86_64
      ustr-1.0.4-16.el7.x86_64

      You can remove the unused kernel versions by using the dnf remove --oldinstallonly command.

   2. Remove the unused RHEL 7 kernels.

      [root@serverc ~]# dnf remove --oldinstallonly
      ...output omitted...
      Is this ok [y/N]: y
      ...output omitted...
      Complete!

   3. Remove the ustr package.

      [root@serverc ~]# dnf remove ustr
      ...output omitted...
      Is this ok [y/N]: y
      ...output omitted...
      Complete!

5. Ensure that SELinux is set to enforcing mode and verify that the system-wide cryptographic policies are set to the default value.

   1. Verify the current SELinux mode.

      [root@serverc ~]# sestatus
      SELinux status:                 enabled
      SELinuxfs mount:                /sys/fs/selinux
      SELinux root directory:         /etc/selinux
      Loaded policy name:             targeted
      Current mode:                   permissive
      Mode from config file:          permissive
      Policy MLS status:              enabled
      Policy deny_unknown status:     allowed
      Memory protection checking:     actual (secure)
      Max kernel policy version:      33

   2. Set SELinux to enforcing mode by updating the /etc/selinux/config file.

      [root@serverc ~]# cat /etc/selinux/config
      
      # This file controls the state of SELinux on the system.
      # SELINUX= can take one of these three values:
      #     enforcing - SELinux security policy is enforced.
      #     permissive - SELinux prints warnings instead of enforcing.
      #     disabled - No SELinux policy is loaded.
      SELINUX=enforcing
      ...output omitted...

   3. Reboot the serverc machine.

      [root@serverc ~]# reboot
      Connection to serverc closed by remote host.
      Connection to serverc closed.
      [student@workstation ~]$

      Wait a minute for the machine to restart.

   4. Log in to the serverc machine as the student user. Switch to the root user. Use student as the password.

      [student@workstation ~]$ ssh serverc
      student@serverc's password: student
      [student@serverc ~]$ sudo -i
      [sudo] password for student: student
      [root@serverc ~]#

   5. Verify the SELinux mode.

      [root@serverc ~]# sestatus
      SELinux status:                 enabled
      SELinuxfs mount:                /sys/fs/selinux
      SELinux root directory:         /etc/selinux
      Loaded policy name:             targeted
      Current mode:                   enforcing
      Mode from config file:          enforcing
      Policy MLS status:              enabled
      Policy deny_unknown status:     allowed
      Memory protection checking:     actual (secure)
      Max kernel policy version:      33

   6. Verify that the system-wide cryptographic policies are set to the default value.

      [root@serverc ~]# update-crypto-policies --show
      DEFAULT

   7. Exit the serverc machine.

      [root@serverc ~]# exit
      logout
      [student@serverc ~]$ exit
      logout
      Connection to serverc closed.
      [student@workstation ~]$

6. In a previous activity, you tested a sample application before upgrading the system. Now, review the sample application to verify that the application still works after completing the upgrade and the post-upgrade tasks.

   From the workstation machine, observe the sample application that is running on the serverc RHEL 8 machine. The application is a game that uses Node.js and some other operating system dependencies to function.

   Interact with the application to confirm that it works correctly.

   1. Open a browser and navigate to the http://serverc.lab.example.com site. Wait for the application to start.

   2. When the application finishes loading, press Space or click the web page to start playing.

      Press Space to prevent the bird from falling.

   3. When finished testing, close the web browser.