CentOS 7 was released few months ago which I was very excited, but I have been waiting for a while for bugs fixing. Usually when any Linux distro is released, they usually comes with unknow bugs which may break your system. CentOS is always my favorite linux distro since it’s a very stable distro, and CentOS is basically RHEL (Red Hat Enterprise Linux) but it’s free. Let’s talk a little bit about new version of CentOS, CentOS 7 comes with systemd which incorporates features that help enhance scalability and optimize performance, Docker (open-source engine that automates deploy any application) integration, and many more great new features:
- Supports For Linux Containers
- XFS as the default filesystem
- Updated kernel to 3.10.0
- LVM-snapshots with ext4 and XFS
- Switched from MySQL to MariaDB
- Support up to 40G Ethernet Cards
- Support installation in UEFI mode
- Comes with VMware Tools & 3D graphics drivers
For full CentOS release notes, you can visit http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7
At the time I’m writing, CentOS 7 only comes with x86_64 version, we are expected to see 32 bit x86, ARM, and PowerPC releases later. So, if you have old 32bit version of CentOS 6, if you want to use CentOS 7, you will have to clean install CentOS 7 x86_64 (if your cpu and motherboard supports x86_64). The good new is, if you are using CentOS 6 x86_64 or 64 bit version of CentOS 6, you can upgrade to CentOS 7 without reinstall your whole system again.
** Before we do anything, I have tested upgrading from CentOS 6 to 7 on several systems, there are risks involved. It means after upgrading, some of the services will not be 100% functional. Luckily, preupg will analyze and let you know the risk factors before you actually do the upgrade.
So let’s get started!
Update your current CentOS 6 system
Before you do anything, you should update all your packages to the newest versions to avoid any problem later on.
# yum -y update
Check your current CentOS 6 version
You can upgrade from CentOS 6.5 or 6.6 to 7, if you have older version, you should update your CentOS 6 to the newest version which is 6.6 as of I’m writing this.
# cat /etc/redhat-release
This is the output on my machine
CentOS release 6.6 (Final)
Install some required packages and upgrade tools
You may have these packages installed on your system, but in case you don’t, you will need to install them.
yum -y install openscap pcre-devel libxml2-devel libxslt-devel m2crypto python-simplejson mod_wsgi
Starting from RHEL 7, Red Hat start to support for upgrading to major releases (RHEL 6.5 –> RHEL 7) via a tool called redhat-upgrade-tool.
To install upgarde tools, there are two ways to do it. Easy/quick way is to create a new repo file, or the long/hard way is to download each package and install them. I’m going to show you both ways.
The long way: the tools you need should be available to download at http://dev.centos.org/centos/6/upg/x86_64/Packages/ The files you will need are:
- preupgrade-assistant
- preupgrade-assistant-contents
- preupgrade-assistant-ui
- redhat-upgrade-tool
To download and install those packages:
# cd /etc
# wget http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-1.0.2-33.0.3.el6.centos.x86_64.rpm http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-contents-0.5.13-1.0.5.el6.centos.noarch.rpm http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-ui-1.0.2-33.0.3.el6.centos.x86_64.rpm http://dev.centos.org/centos/6/upg/x86_64/Packages/redhat-upgrade-tool-0.7.22-3.el6.centos.noarch.rpm
# yum localinstall preupgrade-assistant-*
Another way to install preupgrade and redhat upgrade tools is to add a new repo file. So let’s create a new repo file named upgradetool.repo in /etc/yum.repos.d/
# nano /etc/yum.repos.d/upgradetool.repo
with the content
[upg] name=CentOS-$releasever - Upgrade Tool baseurl=http://dev.centos.org/centos/6/upg/x86_64/ gpgcheck=1 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6
# yum -y install redhat-upgrade-tool preupgrade-assistant-contents
Run preupgrade assistant
As I mentioned about preupg (Preupgrade Assistant), preupg does not do the actual upgrading but will check for potential problems you might get from upgrading from CentOS 6 to 7. To run preupg
# preupg
preupg will ask you if you want to continue, say yes
[root@namhuy ~]# preupg Preupg tool doesn't do the actual upgrade. Please ensure you have backed up your system and/or data in the event of a failed upgrade that would require a full re-install of the system from installation media. Do you want to continue? y/n
Gathering logs used by preupgrade assistant: All installed packages : 01/11 ...finished (time 00:00s) All changed files : 02/11 ...finished (time 00:12s) Changed config files : 03/11 ...finished (time 00:00s) All users : 04/11 ...finished (time 00:00s) All groups : 05/11 ...finished (time 00:00s) Service statuses : 06/11 ...finished (time 00:00s) All installed files : 07/11 ...finished (time 00:00s) All local files : 08/11 ...finished (time 00:00s) All executable files : 09/11 ...finished (time 00:00s) RedHat signed packages : 10/11 ...finished (time 00:00s) CentOS signed packages : 11/11 ...finished (time 00:00s) Assessment of the system, running checks / SCE scripts: 001/096 ...done (Configuration Files to Review) 002/096 ...done (File Lists for Manual Migration) 003/096 ...done (Bacula Backup Software) 004/096 ...done (MySQL configuration) 005/096 ...done (Migration of the MySQL data stack) 006/096 ...done (Changes related to moving from MySQL to MariaDB) 007/096 ...done (PostgreSQL upgrade content) 008/096 ...done (GNOME Desktop Environment underwent several design modificat ions in CentOS 7 release) 009/096 ...done (KDE Desktop Environment underwent several design modificatio ns in CentOS 7 release) 010/096 ...done (several graphic drivers not supported in CentOS 7) 011/096 ...done (several input drivers not supported in CentOS 7) 012/096 ...done (several kernel networking drivers not available in CentOS 7) 013/096 ...done (several kernel storage drivers not available in CentOS 7) 014/096 ...done (Names, Options and Output Format Changes in arptables) 015/096 ...done (BIND9 running in a chroot environment check.) 016/096 ...done (BIND9 configuration compatibility check) 017/096 ...done (Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.se rvice files) 018/096 ...done (DNSMASQ configuration compatibility check) 019/096 ...done (Dovecot configuration compatibility check) 020/096 ...done (Compatibility Between iptables and ip6tables) 021/096 ...done (Net-SNMP check) 022/096 ...done (Squid configuration compatibility check) 023/096 ...done (Reusable Configuration Files) 024/096 ...done (VCS repositories) 025/096 ...done (Added and extended options for BIND9 configuration) 026/096 ...done (Added options in DNSMASQ configuration) 027/096 ...done (Packages not signed by CentOS) 028/096 ...done (Obsoleted rpms) 029/096 ...done (w3m not available in CentOS 7) 030/096 ...done (report incompatibilities between CentOS 6 and 7 in qemu-gues t-agent package) 031/096 ...done (Removed options in coreutils binaries) 032/096 ...done (Removed options in gawk binaries) 033/096 ...done (Removed options in netstat binary) 034/096 ...done (Removed options in quota tools) 035/096 ...done (Removed rpms) 036/096 ...done (Replaced rpms) 037/096 ...done (GMP library incompatibilities) 038/096 ...done (package downgrades) 039/096 ...done (restore custom selinux configuration) 040/096 ...done (General) 041/096 ...done (samba shared directories selinux) 042/096 ...done (CUPS Browsing/BrowsePoll configuration) 043/096 ...done (CVS Package Split) 044/096 ...done (FreeRADIUS Upgrade Verification) 045/096 ...done (httpd configuration compatibility check) 046/096 ...done (bind-dyndb-ldap) 047/096 ...done (Identity Management Server compatibility check) 048/096 ...done (IPA Server CA Verification) 049/096 ...done (NTP configuration) 050/096 ...done (Information on time-sync.target) 051/096 ...done (OpenLDAP /etc/sysconfig and data compatibility) 052/096 ...done (OpenSSH sshd_config migration content) 053/096 ...done (OpenSSH sysconfig migration content) 054/096 ...done (Configuration for quota_nld service) 055/096 ...done (Disk quota netlink message daemon moved into quota-nld packa ge) 056/096 ...done (SSSD compatibility check) 057/096 ...done (Luks encrypted partition) 058/096 ...done (Clvmd and cmirrord daemon management.) 059/096 ...done (State of LVM2 services.) 060/096 ...done (device-mapper-multipath configuration compatibility check) 061/096 ...done (Removal of scsi-target-utils) 062/096 ...done (Configuration for warnquota tool) 063/096 ...done (Disk quota tool warnquota moved into quota-warnquota package) 064/096 ...done (Architecture Support) 065/096 ...done (Binary rebuilds) 066/096 ...done (Debuginfo packages) 067/096 ...done (Cluster and High Availability) 068/096 ...done (Quorum implementation) 069/096 ...done (fix krb5kdc config file) 070/096 ...done (File Systems, Partitions and Mounts Configuration Review) 071/096 ...done (Read Only FHS directories) 072/096 ...done (Sonamebumped libs) 073/096 ...done (SonameKept Reusable Dynamic Libraries) 074/096 ...done (Removed .so libs) 075/096 ...done (In-place Upgrade Requirements for the /usr/ Directory) 076/096 ...done (CA certificate bundles modified) 077/096 ...done (Developer Tool Set packages) 078/096 ...done (Hyper-V) 079/096 ...done (Content for enabling and disabling services based on CentOS 6 system) 080/096 ...done (Check for ethernet interface naming) 081/096 ...done (User modification in /etc/rc.local and /etc/rc.d/rc.local) 082/096 ...done (cgroups configuration compatibility check) 083/096 ...done (Plugable authentication modules (PAM)) 084/096 ...done (Foreign Perl modules) 085/096 ...done (Python 2.7.5) 086/096 ...done (Ruby 2.0.0) 087/096 ...done (SCL collections) 088/096 ...done (System kickstart) 089/096 ...done (YUM) 090/096 ...done (Check for usage of dangerous range of UID/GIDs) 091/096 ...done (Incorrect usage of reserved UID/GIDs) 092/096 ...done (NIS ypbind config files back-up) 093/096 ...done (NIS Makefile back-up) 094/096 ...done (NIS server maps check) 095/096 ...done (NIS server MAXUID and MAXGID limits check) 096/096 ...done (NIS server config file back-up) Assessment finished (time 00:54s) Result table with checks and their results for main contents: --------------------------------------------------------------------------------------------------------------- |Bacula Backup Software |notapplicable | |MySQL configuration |notapplicable | |Migration of the MySQL data stack |notapplicable | |Changes related to moving from MySQL to MariaDB |notapplicable | |PostgreSQL upgrade content |notapplicable | |GNOME Desktop Environment underwent several design modifications in CentOS 7 release |notapplicable | |KDE Desktop Environment underwent several design modifications in CentOS 7 release |notapplicable | |several graphic drivers not supported in CentOS 7 |notapplicable | |several input drivers not supported in CentOS 7 |notapplicable | |Names, Options and Output Format Changes in arptables |notapplicable | |BIND9 running in a chroot environment check. |notapplicable | |BIND9 configuration compatibility check |notapplicable | |Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files |notapplicable | |DNSMASQ configuration compatibility check |notapplicable | |Dovecot configuration compatibility check |notapplicable | |Net-SNMP check |notapplicable | |Squid configuration compatibility check |notapplicable | |Added and extended options for BIND9 configuration |notapplicable | |Added options in DNSMASQ configuration |notapplicable | |w3m not available in CentOS 7 |notapplicable | |report incompatibilities between CentOS 6 and 7 in qemu-guest-agent package |notapplicable | |Removed options in quota tools |notapplicable | |General |notapplicable | |samba shared directories selinux |notapplicable | |CUPS Browsing/BrowsePoll configuration |notapplicable | |CVS Package Split |notapplicable | |FreeRADIUS Upgrade Verification |notapplicable | |httpd configuration compatibility check |notapplicable | |bind-dyndb-ldap |notapplicable | |Identity Management Server compatibility check |notapplicable | |IPA Server CA Verification |notapplicable | |OpenLDAP /etc/sysconfig and data compatibility |notapplicable | |Configuration for quota_nld service |notapplicable | |Disk quota netlink message daemon moved into quota-nld package |notapplicable | |SSSD compatibility check |notapplicable | |Luks encrypted partition |notapplicable | |Clvmd and cmirrord daemon management. |notapplicable | |State of LVM2 services. |notapplicable | |device-mapper-multipath configuration compatibility check |notapplicable | |Removal of scsi-target-utils |notapplicable | |Configuration for warnquota tool |notapplicable | |Disk quota tool warnquota moved into quota-warnquota package |notapplicable | |Quorum implementation |notapplicable | |fix krb5kdc config file |notapplicable | |Ruby 2.0.0 |notapplicable | |SCL collections |notapplicable | |System kickstart |notapplicable | |NIS ypbind config files back-up |notapplicable | |NIS Makefile back-up |notapplicable | |NIS server maps check |notapplicable | |NIS server MAXUID and MAXGID limits check |notapplicable | |NIS server config file back-up |notapplicable | |several kernel networking drivers not available in CentOS 7 |pass | |several kernel storage drivers not available in CentOS 7 |pass | |Reusable Configuration Files |pass | |Information on time-sync.target |pass | |OpenSSH sshd_config migration content |pass | |Architecture Support |pass | |Debuginfo packages |pass | |Cluster and High Availability |pass | |Read Only FHS directories |pass | |In-place Upgrade Requirements for the /usr/ Directory |pass | |CA certificate bundles modified |pass | |Developer Tool Set packages |pass | |Hyper-V |pass | |Check for ethernet interface naming |pass | |User modification in /etc/rc.local and /etc/rc.d/rc.local |pass | |Plugable authentication modules (PAM) |pass | |Check for usage of dangerous range of UID/GIDs |pass | |Incorrect usage of reserved UID/GIDs |pass | |Compatibility Between iptables and ip6tables |informational | |VCS repositories |informational | |Removed options in coreutils binaries |informational | |Removed options in gawk binaries |informational | |Removed options in netstat binary |informational | |GMP library incompatibilities |informational | |NTP configuration |informational | |File Systems, Partitions and Mounts Configuration Review |informational | |Sonamebumped libs |informational | |SonameKept Reusable Dynamic Libraries |informational | |Removed .so libs |informational | |Foreign Perl modules |informational | |YUM |informational | |Replaced rpms |fixed | |package downgrades |fixed | |restore custom selinux configuration |fixed | |OpenSSH sysconfig migration content |fixed | |Configuration Files to Review |needs_inspection | |File Lists for Manual Migration |needs_inspection | |Obsoleted rpms |needs_inspection | |Binary rebuilds |needs_inspection | |Python 2.7.5 |needs_inspection | |Packages not signed by CentOS |needs_action | |Removed rpms |needs_action | |Content for enabling and disabling services based on CentOS 6 system |needs_action | |cgroups configuration compatibility check |needs_action | --------------------------------------------------------------------------------------------------------------- Tarball with results is stored here /root/preupgrade-results/preupg_results-141103172105.tar.gz . The latest assessment is stored in directory /root/preupgrade . Summary information: We found some potential in-place upgrade risks. Read the file /root/preupgrade/result.html for more details. Upload results to UI by command: e.g. preupg -u http://127.0.0.1:8099/submit/ -r /root/preupgrade-results/preupg_results-*.tar.gz .
Exit Codes meaning
After running preupg tool, you will get the result with exit codes, here are the meaning of them
- PASS: Everything is good
- FAIL: something goes wrong, may have to do with compatibility problem
- FIXED: incompatibility was detected, but there are solutions to fix by
running postupgrade.d scripts after the upgrade. - INFORMATIONAL: information for admins
- NOT_APPLICABLE: some packages are not installed on your system but should be checked
- ERROR: means there are errors in the preupgrade-assistant framework (you don’t need to worry about this)
Upgrade from CentOS 6 to 7
Once you run preupg tool and reviewing the errors, risks in the results, you should be ready to upgrade from CentOS 6 to 7. You will need to import the CentOS 6 RPM key
# rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7
Finally, run this command to upgrade
# centos-upgrade-tool-cli --network 7 --instrepo=http://mirror.centos.org/centos/7/os/x86_64/
You can choose another mirror which is close to you for faster download, the full mirror list is available at http://www.centos.org/download/mirrors/
The output after I ran the command:
setting up repos... .treeinfo | 1.1 kB 00:00 Preupgrade assistant risk check found risks for this upgrade. You can run preupg --riskcheck --verbose to view these risks. Addressing high risk issues is required before the in-place upgrade and ignoring these risks may result in a broken upgrade and unsupported upgrade. Please backup your data. List of issues: INPLACERISK: HIGH: We detected some non-CentOS signed packages, you can find the list in /root/preupgrade/./kickstart/noncentospkgs. You need to handle them yourself! INPLACERISK: HIGH: Package python-cheetah (required by NonCentOS signed package(s):cloud-init ) removed between CentOS 6 and CentOS 7 INPLACERISK: HIGH: After upgrading to CentOS 7 there are still some el6 packages left. Add --cleanup-post option to redhat-upgrade-tool if you want to remove them automatically. INPLACERISK: HIGH: The service ip6tables on CentOS 7 is disabled by default. Enable them via commands: systemctl enable ip6tables && systemctl start ip6tables.service . INPLACERISK: HIGH: The service netfs on CentOS 7 is disabled by default. Enable them via commands: systemctl enable netfs && systemctl start netfs.service . INPLACERISK: HIGH: The service network on CentOS 7 is disabled by default. Enable them via commands: systemctl enable network && systemctl start network.service . INPLACERISK: HIGH: The service ntpd on CentOS 7 is disabled by default. Enable them via commands: systemctl enable ntpd && systemctl start ntpd.service . INPLACERISK: HIGH: The service postfix on CentOS 7 is disabled by default. Enable them via commands: systemctl enable postfix && systemctl start postfix.service . INPLACERISK: HIGH: The service udev-post on CentOS 7 is disabled by default. Enable them via commands: systemctl enable udev-post && systemctl start udev-post.service . INPLACERISK: HIGH: additional libcgroup configuration files were created (/etc/cgconfig.d) INPLACERISK: MEDIUM: We detected some packages installed on the system were removed (obsoleted) between CentOS 6 and CentOS 7. This may break the functionality of the packages depending on them. INPLACERISK: MEDIUM: We detected some packages installed on the system were removed between CentOS 6 and CentOS 7. This may break the functionality of the packages depending on them. INPLACERISK: MEDIUM: Package coreutils-libs not provided by its replacement coreutils. In-place upgrade might not work properly, will be finished by postupgrade script! INPLACERISK: MEDIUM: having one of [audit-libs nss-util nss-sysinit nss-tools audit-libs-python libpciaccess libdrm elfutils-libelf openscap tzdata nss openldap ca-certificates nspr] package installed breaks upgrade INPLACERISK: MEDIUM: We detected some soname bumps in the libraries installed on the system. This may break the functionality of some of your 3rd party applications. They may need rebuild. Please check their requirements. INPLACERISK: MEDIUM: We detected some .so libraries installed on the system were removed between CentOS 6 and CentOS 7. This may break the functionality of some of your 3rd party applications. INPLACERISK: MEDIUM: The service cloud-config is not installed by CentOS signed packages and will not be automatically enabled after in-place upgrade. INPLACERISK: MEDIUM: The service cloud-final is not installed by CentOS signed packages and will not be automatically enabled after in-place upgrade. INPLACERISK: MEDIUM: The service cloud-init is not installed by CentOS signed packages and will not be automatically enabled after in-place upgrade. INPLACERISK: MEDIUM: The service cloud-init-local is not installed by CentOS signed packages and will not be automatically enabled after in-place upgrade. INPLACERISK: SLIGHT: We detected some files where modifications are not tracked in the rpms. You may need to check their functionality after successful upgrade. INPLACERISK: SLIGHT: We detected some files untracked by rpms. Some of these may need manual check/migration after redhat-upgrade-tool and/or can cause conflicts or troubles during the installation. Try to reduce unnecessary untracked files before running redhat-upgrade-tool. INPLACERISK: SLIGHT: Package procps (required by NonCentOS signed package(s):cloud-init ) replaced between CentOS 6 and CentOS 7 INPLACERISK: SLIGHT: We detected some packages installed on the system changed their name between CentOS 6 and CentOS 7. Although they should be compatible, monitoring after the update is recommended. INPLACERISK: SLIGHT: export shell commands will be deleted from /etc/sysconfig/sshd INPLACERISK: SLIGHT: Some scripts untracked by RPM were discovered on the system and may not work properly after upgrade. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/argparse-1.2.1-py2.6.egg-info is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/backports is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/backports.ssl_match_hostname-3.4.0.2-py2.6.egg-info is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/boto is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/boto-2.32.1-py2.6.egg-info is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/chardet is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/cloud_init-0.7.4-py2.6.egg-info is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/cloudinit is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/jsonpatch-1.2-py2.6.egg-info is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/prettytable-0.7.2-py2.6.egg-info is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/requests is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/six-1.7.3-py2.6.egg-info is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/tests is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/urllib3 is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib/python2.6/site-packages/urllib3-1.5-py2.6.egg-info is owned by an RPM package that was not signed by CentOS. INPLACERISK: SLIGHT: /usr/lib64/python2.6/site-packages/backports is owned by an RPM package that was not signed by CentOS. INPLACERISK: NONE: Custom selinux configuration has been saved and it will be restored by a postupgrade script after the system upgrade. Continue with the upgrade [Y/N]?
# reboot
# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)