On 09/27/2014 05:43 PM, Bert wrote: > To David Mansfield, > > My name is Bert, I'm on the Centos-Doc mailing list and I've been > doing a bit of further write up on the C6.5 -> C7 upgrade process - > basically on how to avoid common problems and pitfalls. In other > words, give the user the best experience possible. I've been doing a > fair bit of experimenting before I go ahead and "put up a bunch of > suggested ways of doing things to avoid problematic upgrades" and > would like to share what I've learnt so far, and ask for some more info. > > Regarding issue #1: > I too did an upgrade on that had an NTFS partition (was for dual-boot > Windows 2008R2). I commented out the mountpoint in /etc/fstab BEFORE > doing the upgrade (as removing ntfs3g would obviously cause mount to > complain it didn't know about the partition, and there's no FUSE > add-ons in the upgrade image kernel) and that avoided any problems for > me. It is helpful to know from your experience that the upgrade > process ended up in an emergency shell. This will scare some people, > so I will be adding a specific note about checking for mount points > (specifically that use FUSE add-ons) and a suggestion to comment them > out of /etc/fstab before running the preupgrade advisor. > > I suggest commenting them out and unmounting before running the > advisor because (from what I gather) the tool scans and any all mount > points collecting a list of files, which wastes time on the NTFS > partition. You wouldn't expect someone to install Linux-related > libraries or executables on their NTFS partition... though you never know. > One system of mine also had a md RAID6 array, which I unmounted and > commented out for the same reasons above. > > After the upgrade, yum isntall ntfs-3g went as expected, and > un-commenting the mountpoint got it mounting again. > I'm glad that worked for you in the end. > > Perhaps there are issues with automount that you were encountering > prior to the upgrade. With the new > > Regarding issue #2: > My write-up basically guides the user through removing (read as > exorcising if you'll pardon the expression) anything X Window System > and Gnome related before running the upgrade advisor (at least for the > last time). > I include the X window system packages because there have been a few > changes that I suspect would lead to a "bad experience". Some > preferences seem to have been brought across after a re-install once > running C7. > > There was a couple of tricks I did before the upgrade. > 1. Change to runlevel 3 so the GUI doesn't start up straight after the > upgrade. (i.e. get to a text-only shell) so we can re-install our GUI > aftewards. > 2. Removed X, Gnome and MESA packages. > > I had disabled NetworkManager and for the interfaces in the ifcfg > scripts so I can't comment on NM-related issues but there were a few > niggles after the upgrade. > > Post upgrade... > > yum groups mark convert > to fix the group package assignment changes between C6 and C7. > > yum groups install "GNOME Desktop" "Graphical Administration Tools" > to install GNOME again... It's no longer "yum groupinstall ....." > > This more/less got GNOME up and running again for me (via VNC server) > > Once in GNOME, use the package maanger to install anything else. > > /etc/inittab is no longer relevant. Use > ln -sf /lib/systemd/system/graphical.target > /etc/systemd/system/default.target > to get X and your window manager starting up by default. > > Network manager: > Was starting again by default. Once I got around that, and switching > over to fiewall-cmd (from plain IPTABLES) and setting up an > appropriate zone, my networking has been fine. > > May I ask, why did you choose to install MATE? Could you not get > GNOME working? > Can anyone else comment on NM? (before and after) > Hi Bert, Here's another NetworkManager one that I just learned about which took about 30 minutes hard debugging to find out (and I'm not the first one to be bitten, see link below). (Regarding MATE - It's our desktop of choice because it's MUCH more friendly for remote access. We used NX and the x2go for a long time, and GNOME3 was broken in that environment. Recently we starting using VM's and SPICE, and although it runs (with software 3d emulation) it's a slow, fat, pig so we prefer MATE. So it all boils down to remote access...) Openvpn in C7 does not allow for "md5" signed certificates by default, even though C6 _AND_ the latest Fedora both allow them. The clue is in the client side log: |Mon Jul 14 16:24:23 2014 us=213271 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed | And the solution (as documented originally here: https://www.centos.org/forums/viewtopic.php?f=50&t=47210) is to either get re-issued certificates, or change the environment variables that the NetworkManager service run under. In /usr/lib/systemd/system/NetworkManager.service | [Service] Environment="OPENSSL_ENABLE_MD5_VERIFY=1 NSS_HASH_ALG_SUPPORT=+MD5" | |||Then:| systemctl daemon-reload systemctl restart NetworkManager.service || Hope this helps someone else (I'm never going to forget!) Oh, and another one that I haven't figured out yet: my C7 machines I installed from scratch do dual logging (journalctl and /var/log/messages) while the upgraded one is only journalctl. -- Thanks, David Mansfield Cobite, INC. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140929/023464f4/attachment-0008.html>