Preparing for the Upgrade

2 Preparing for the Upgrade

Caution:

The SHA-1 hash algorithm is deprecated in Oracle Linux 9 and not used by default. This security policy affects RSA/SHA-1 signatures which can no longer be verified against the default cryptographic policy. Leapp upgrade is inhibited if packages are found with a RSA/SHA-1 digital signature. Before upgrading, consider the following options:

Contact the package vendor and ask for new builds that are signed with valid signatures, and then install these.
Alternatively, remove the incompatible packages.

For more information about Oracle Linux security, see General Oracle Linux documentation.

Complete the steps as applicable to prepare for an upgrade from Oracle Linux 8 to Oracle Linux 9. Unless specified otherwise, all of the procedures for upgrading an Oracle Linux 8 system also apply upgrading an Oracle Linux 8 instance on Oracle Cloud Infrastructure.

Review Completing Postupgrade Tasks in Oracle Linux 8: Upgrading Systems With Leapp and ensure that the Oracle Linux 8 system has been configured to be in a supported state.

Important:

You MUST perform this step. In particular, remove older packages to avoid errors and to ensure a successful upgrade. This step is critical especially if the system has been upgraded earlier from an Oracle Linux 7 installation where residual packages can be inhibitors to an upgrade.
If the Oracle Linux 8 system was upgraded earlier from Oracle Linux 7 and then retained the use of legacy network scripts, you must migrate these scripts, as they're no longer usable in Oracle Linux 9. The presence of these scripts inhibits upgrading Oracle Linux 8 to Oracle Linux 9. For example, you can run the following command:
```
sudo nmcli connection migrate
```
For more information about configuring the network by using NetworkManager, see Oracle Linux 8: Setting Up Networking.
Ensure that SSH root login is disabled in the /etc/ssh/sshd_config file by verifying that the comment mark (#) is at the beginning of the following line, as shown:
```
#PermitRootLogin yes
```
Alternatively, replace the yes value with no.
Set up a means to connect remotely through a console.

This document assumes that you're performing a Leapp upgrade remotely. In this case, a console is necessary so you can monitor the progress of the upgrade process, especially as the upgrade performs automatic reboots.

The following list shows console connection options you can use:
- Oracle Cloud Infrastructure instance: Create a console connection by following the instructions at https://docs.oracle.com/iaas/Content/Compute/References/serialconsole.htm#Instance_Console_Connections.
- Oracle Linux server: Use Oracle Integrated Lights Out Manager (ILOM). See https://docs.oracle.com/en/servers/management/ilom/index.html.
- Oracle Private Cloud Appliance: Use the Instance Console Connection. See https://docs.oracle.com/en/engineered-systems/private-cloud-appliance/index.html.
- Oracle Linux Virtualization Manager or Oracle Linux Kernel based Virtual Machines (KVM): User virt-viewer, virt-manager, or Cockpit Web Console. See Oracle Linux Virtualization Manager documentation.
Note:

If you connect to the system by using SSH or by using VNC to a VNC service running on the system, you're disconnected during the upgrade process and are unable to log in until the upgrade is completed.
If you are upgrading an Oracle Linux instance on Oracle Cloud Infrastructure, verify if Oracle OS Management Hub or OS Management Service is running on the instance. Do the following:
1. From Oracle Cloud Infrastructure, open the navigation menu and click Compute. Under Compute, click Instances.
2. Select the instance you want to upgrade.
3. From the Resources section, click OS Management.
  - If the Oracle OS Management description specifies "No OS management information is available for this resource," then the instance isn't managed by the OS Management Service or by the OS Management Hub.
  - If the description provides information about the instance, then the instance is managed by OS Management Service or OS Management Hub.
  Note:
  
  An instance might be registered with OS Management Hub but with a stopped osmh-agent. In this scenario, do one of the following:
  - If you want the instance to be upgraded with OS Management Hub, enable the appropriate agent.
  - If you don't want to upgrade the instance with OS Management Hub, then unregister the instance. For more information, see https://docs.oracle.com/en-us/iaas/osmh/doc/home.htm.
Do one of the following:
- If the instance is managed by OS Management Server or OS Management Hub, ensure that Oracle Linux 8 Application Stream x86_64 or Oracle Linux 8 Application Stream aarch64 Software Source is attached to the instance. For more information about managing data source using OS Management Service, see https://docs.oracle.com/en-us/iaas/os-management/osms/osms-software-sources.htm. For more information about managing data sources using OS Management Hub, see https://docs.oracle.com/en-us/iaas/osmh/doc/software-sources.htm
- If the instance is not managed by Oracle OS Management Service , ensure that the Oracle OS Management Service agent is disabled:
  1. Select the Oracle Cloud Agent tab.
  2. Disable the OS Management Service Agent process if it is enabled.
    This process takes awhile to complete.
  3. After waiting sufficiently, check for osms-agent processes and ensure that none are running. Connect to the process with a terminal, and run the following command:
```
ps -ef | grep osms-agent
```
    For more information, see https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/manage-plugins.htm#disable-one-plugin.
Note:
An Oracle Linux system might run the Oracle OS Management Service agent, but might not be managed by the Oracle OS Management Service. For more information about Oracle OS Management Service, see https://docs.oracle.com/iaas/os-management/osms/osms-getstarted.htm.
Perform a backup.

Always back up a system so that the system can be restored to its former state if the upgrade fails.

Note:

For an Oracle Linux 8 instance in Oracle Cloud Infrastructure, perform a boot volume backup. For instructions, see https://docs.oracle.com/iaas/Content/Block/Concepts/bootvolumebackups.htm.
Shut down all production workloads that have been set up to run on the system, as the upgrade is intrusive and requires several reboots.
Disable AllowZoneDrifting in the firewall configuration file to prevent the Leapp upgrade from being blocked. Type:
```
sudo sed -i "s/^AllowZoneDrifting=.*/AllowZoneDrifting=no/" /etc/firewalld/firewalld.conf
```
If the system has network mounted file systems, unmount them, and then insert related entries in the /etc/fstab file inside comment marks.

See File Systems and Storage Issues.
If the system is behind a proxy, configure the proxy settings in /etc/dnf/dnf.conf, for example:
```
proxy=proxy-url:port
```
See Oracle Linux: Managing Software on Oracle Linux.
If you installed the python3-dnf-plugin-versionlock package, clear any packages with locked versions.
```
sudo dnf versionlock clear
```
Obtain the latest Oracle Linux 8 packages.
```
sudo dnf update -y
```
If you're upgrading Oracle Linux 8 KVM hosts, stop all the virtual machines that might be running.

The command lists the virtual machines. From the list, stop specific virtual machines that are running.
1. List the available virtual machines.
```
sudo virsh list --all
```
2. From the list, stop individual virtual machines that are running.
```
sudo virsh shutdown vm-name
```
If the system is registered with ULN or a ULN mirror, unregister the system.

See the following documentation for this step.
- Removing a System From ULN in Oracle Linux: Managing Software on Oracle Linux
- Checking Yum Configuration in https://yum.oracle.com/getting-started.html#checking-yum-configuration.
Reboot the system.
```
sudo reboot
```
Ensure that the appstream and baseos_latest repositories are enabled.
Install the Leapp utility using the following command:
```
sudo dnf install -y leapp-upgrade
```