On 09/27/2014 05:43 PM, Bert wrote:
To David Mansfield,

My name is Bert, I'm on the Centos-Doc mailing list and I've been doing a bit of further write up on the C6.5 -> C7 upgrade process - basically on how to avoid common problems and pitfalls. In other words, give the user the best experience possible. I've been doing a fair bit of experimenting before I go ahead and "put up a bunch of suggested ways of doing things to avoid problematic upgrades" and would like to share what I've learnt so far, and ask for some more info.

Regarding issue #1:
I too did an upgrade on that had an NTFS partition (was for dual-boot Windows 2008R2).  I commented out the mountpoint in  /etc/fstab BEFORE doing the upgrade (as removing ntfs3g would obviously cause mount to complain it didn't know about the partition, and there's no FUSE add-ons in the upgrade image kernel) and that avoided any problems for me.  It is helpful to know from your experience that the upgrade process ended up in an emergency shell.  This will scare some people, so I will be adding a specific note about checking for mount points (specifically that use FUSE add-ons) and a suggestion to comment them out of /etc/fstab before running the preupgrade advisor.

I suggest commenting them out and unmounting before running the advisor because (from what I gather) the tool scans and any all mount points collecting a list of files, which wastes time on the NTFS partition. You wouldn't expect someone to install Linux-related libraries or executables on their NTFS partition... though you never know.
One system of mine also had a md RAID6 array, which I unmounted and commented out for the same reasons above.

After the upgrade, yum isntall ntfs-3g went as expected, and un-commenting the mountpoint got it mounting again.
I'm glad that worked for you in the end.

Perhaps there are issues with automount that you were encountering prior to the upgrade.  With the new 

Regarding issue #2:
My write-up basically guides the user through removing (read as exorcising if you'll pardon the expression) anything X Window System and Gnome related before running the upgrade advisor (at least for the last time).
I include the X window system packages because there have been a few changes that I suspect would lead to a "bad experience".  Some preferences seem to have been brought across after a re-install once running C7.

There was a couple of tricks I did before the upgrade.
1. Change to runlevel 3 so the GUI doesn't start up straight after the upgrade.  (i.e. get to a text-only shell) so we can re-install our GUI aftewards.
2. Removed X, Gnome and MESA packages.

I had disabled NetworkManager and for the interfaces in the ifcfg scripts so I can't comment on NM-related issues but there were a few niggles after the upgrade.   

Post upgrade...

yum groups mark convert 
to fix the group package assignment changes between C6 and C7.

yum groups install "GNOME Desktop" "Graphical Administration Tools"
to install GNOME again... It's no longer "yum groupinstall ....."

This more/less got GNOME up and running again for me  (via VNC server)

Once in GNOME, use the package maanger to install anything else.

/etc/inittab is no longer relevant.  Use 
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
to get X and your window manager starting up by default.

Network manager:
Was starting again by default.   Once I got around that, and switching over to fiewall-cmd (from plain IPTABLES) and setting up an appropriate zone, my networking has been fine.

May I ask, why did you choose to install MATE?  Could you not get GNOME working?
Can anyone else comment on NM?  (before and after)



Hi Bert,

Here's another NetworkManager one that I just learned about which took about 30 minutes hard debugging to find out (and I'm not the first one to be bitten, see link below).

(Regarding MATE - It's our desktop of choice because it's MUCH more friendly for remote access.  We used NX and the x2go for a long time, and GNOME3 was broken in that environment.  Recently we starting using VM's and SPICE, and although it runs (with software 3d emulation) it's a slow, fat, pig so we prefer MATE.  So it all boils down to remote access...)

Openvpn in C7 does not allow for "md5" signed certificates by default, even though C6 _AND_ the latest Fedora both allow them.  The clue is in the client side log:

Mon Jul 14 16:24:23 2014 us=213271 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


And the solution (as documented originally here: https://www.centos.org/forums/viewtopic.php?f=50&t=47210) is to either get re-issued certificates, or change the environment variables that the NetworkManager service run under. In /usr/lib/systemd/system/NetworkManager.service


[Service]
Environment="OPENSSL_ENABLE_MD5_VERIFY=1 NSS_HASH_ALG_SUPPORT=+MD5"
Then:

systemctl daemon-reload
systemctl restart  NetworkManager.service

Hope this helps someone else (I'm never going to forget!)

Oh, and another one that I haven't figured out yet: my C7 machines I installed from scratch do dual logging (journalctl and /var/log/messages) while the upgraded one is only journalctl.

--
Thanks,
David Mansfield
Cobite, INC.