Upgrading RHEL Using Leapp
Upgrading Red Hat Enterprise Linux has gotten a lot easier in recent years. While Fedora has been able to do in-place upgrades for decades, for unknown reasons, RHEL only recently gotten a supported way to do in-place upgrades. Before RHEL 8, it was rebuild and switch over.
Well, now, thanks to Leapp, you can upgrade RHEL in place. And while it’s not a simple or clean as using DNF in Fedora, it does work and pretty well too.
Supported Versions
As of July 2023, the following upgrade paths are supported
| Original OS | Upgrade to OS |
|---|---|
| 7.9 | 8.6 or 8.8 |
| 8.6 | 9.0 |
| 8.8 | 9.2 |
NOTE: It is not possible to directly from 7 to 9. You must start on 7.9, then go to 8.8, then to 9.2.
But here, we will be upgrading from 8.8 to 9.2.
Pre-upgrade steps
The first step is to do update and reboot to make sure you are on the latest version of RHEL 8.
$ dnf upgrade
$ reboot
Verify the version installed.
$ subscription-manager list --installed
+-------------------------------------------+
Installed Product Status
+-------------------------------------------+
Product Name: Red Hat Enterprise Linux for x86_64
Product ID: 479
Version: 8.8
Arch: x86_64
Pre-configuration
Ensure the base and appstream repos are enabled.
$ subscription-manager repos --enable rhel-8-for-x86_64-baseos-rpms --enable rhel-8-for-x86_64-appstream-rpms
Repository 'rhel-8-for-x86_64-baseos-rpms' is enabled for this system.
Repository 'rhel-8-for-x86_64-appstream-rpms' is enabled for this system.
Set the release to 8.8 and verify there are no updated packages.
$ subscription-manager release --set 8.8
Release set to: 8.8
$ dnf update
Updating Subscription Management repositories.
Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 42 MB/s | 58 MB 00:01
Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 38 MB/s | 62 MB 00:01
Last metadata expiration check: 0:00:01 ago on Sat 22 Jul 2023 09:33:50 PM EDT.
Dependencies resolved.
Nothing to do.
Complete!
Since we updated the system earlier, This is expected.
Next, install leapp-upgrade.
$ dnf -y install leapp-upgrade
Updating Subscription Management repositories.
Last metadata expiration check: 0:03:00 ago on Sat 22 Jul 2023 09:33:50 PM EDT.
Dependencies resolved.
====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Installing:
leapp-upgrade-el8toel9 noarch 0.18.0-1.el8_8.2 rhel-8-for-x86_64-appstream-rpms 1.0 M
Installing dependencies:
leapp noarch 0.15.1-1.el8 rhel-8-for-x86_64-appstream-rpms 33 k
leapp-deps noarch 0.15.1-1.el8 rhel-8-for-x86_64-appstream-rpms 15 k
leapp-upgrade-el8toel9-deps noarch 0.18.0-1.el8_8.2 rhel-8-for-x86_64-appstream-rpms 36 k
python3-leapp noarch 0.15.1-1.el8 rhel-8-for-x86_64-appstream-rpms 178 k
python3-pip noarch 9.0.3-22.el8 rhel-8-for-x86_64-appstream-rpms 20 k
python36 x86_64 3.6.8-38.module+el8.5.0+12207+5c5719bc rhel-8-for-x86_64-appstream-rpms 19 k
systemd-container x86_64 239-74.el8_8.2 rhel-8-for-x86_64-baseos-rpms 773 k
Enabling module streams:
python36 3.6
Transaction Summary
====================================================================================================================================
Install 8 Packages
Total download size: 2.0 M
Installed size: 11 M
Downloading Packages:
...
Preupgrade Check
Run the preupgrade to target 9.2 and fix any issues that arise.
$ leapp preupgrade --target 9.2
This generates a lot of output but the part that matters is:
============================================================
UPGRADE INHIBITED
============================================================
Upgrade has been inhibited due to the following problems:
1. Inhibitor: Firewalld Configuration AllowZoneDrifting Is Unsupported
2. Inhibitor: Possible problems with remote login using root account
Consult the pre-upgrade report for details and possible remediation.
============================================================
UPGRADE INHIBITED
============================================================
A log with more information is written to /var/log/leapp/leapp-preupgrade.log. But, Since it seems these must be common problems as EVERYONE of my RHEL 8 systems had these two issues.
To fix the first one, edit /etc/firewalld/firewalld.conf changing
AllowZoneDrifting=yes
to
AllowZoneDrifting=no
Then restart firewalld.
$ systemctl restart firewalld
To fix the Second issue, edit /etc/ssh/sshd_config changing
PermitRootLogin yes
to
PermitRootLogin no
Then restart sshd.
$ systemctl restart sshd
Re-run the preupgrade to target 9.2.
$ leapp preupgrade --target 9.2
If successful, it will end with this output
============================================================
REPORT
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
END OF REPORT
============================================================
Answerfile has been generated at /var/log/leapp/answerfile
It’s a good idea to review the txt report listed above before proceeding.
In all my cases, the Answerfile referenced above is empty, so I just ignored it.
Perform the Upgrade
Start the upgrade process.
$ leapp upgrade --target 9.2
If all is well, a lot of stuff will scroll by and after several minutes, you have this message:
A reboot is required to continue. Please reboot your system.
Debug output written to /var/log/leapp/leapp-upgrade.log
============================================================
REPORT
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
END OF REPORT
============================================================
Answerfile has been generated at /var/log/leapp/answerfile
So reboot and select the RHEL-Upgrade-Initramfs option from the boot menu.
A lot of stuff will scroll by the screen for a while longer.
Then, after the upgrade is complete, the system will boot.
Post Upgrade
If needed, unable EPEL.
$ dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
Then update and reboot
$ dnf update
$ reboot
Verify that RHEL 9.2 is, in fact installed
$ subscription-manager list --installed
+-------------------------------------------+
Installed Product Status
+-------------------------------------------+
Product Name: Red Hat Enterprise Linux for x86_64
Product ID: 479
Version: 9.2
Arch: x86_64
Status: Not Subscribed
Status Details:
Starts:
Ends:
Remove Leapp
$ rpm -e leapp-deps-el9 leapp-repository-deps-el9 python3-leapp leapp-upgrade-el8toel9 leapp
NOTE: This might be the best way, but it’s what I found that seems to work
Inspect old RHEL8 packages.
$ rpm -qa | grep -e '\.el[78]' | grep -vE '^(gpg-pubkey|libmodulemd|katello-ca-consumer)' | sort
kernel-4.18.0-305.el8.x86_64
kernel-4.18.0-477.15.1.el8_8.x86_64
kernel-core-4.18.0-305.el8.x86_64
kernel-core-4.18.0-477.15.1.el8_8.x86_64
kernel-modules-4.18.0-305.el8.x86_64
kernel-modules-4.18.0-477.15.1.el8_8.x86_64
libmodman-2.0.1-17.el8.x86_64
In most cases, the can just be removed.
$ dnf remove `rpm -qa | grep -e '\.el[78]' | grep -vE '^(gpg-pubkey|libmodulemd|katello-ca-consumer)'i`
Unset the release
$ subscription-manager release --unset
Release preference has been unset
Inspect the output for possible SELinux issues.
$ ausearch -m AVC,USER_AVC -ts boot
If no issues, re-enable SELinux. In /etc/selinux/config,
Change
SELINUX=permissive
to
SELINUX=enforcing
and reboot.
And with that, the upgrade is complete!
$ cat /etc/redhat-release
Red Hat Enterprise Linux release 9.2 (Plow)
Reference Material
RHEL 7 to RHEL 8 on Access.redhat.com.
RHEL 8 to RHEL 9 on Access.redhat.com.