[CentOS-devel] centos 6 to 7 upgrade tool report

Mon Sep 29 14:09:00 UTC 2014
David Mansfield <centos at dm.cobite.com>

On 09/27/2014 05:43 PM, Bert wrote:
> To David Mansfield,
>
> My name is Bert, I'm on the Centos-Doc mailing list and I've been 
> doing a bit of further write up on the C6.5 -> C7 upgrade process - 
> basically on how to avoid common problems and pitfalls. In other 
> words, give the user the best experience possible. I've been doing a 
> fair bit of experimenting before I go ahead and "put up a bunch of 
> suggested ways of doing things to avoid problematic upgrades" and 
> would like to share what I've learnt so far, and ask for some more info.
>
> Regarding issue #1:
> I too did an upgrade on that had an NTFS partition (was for dual-boot 
> Windows 2008R2).  I commented out the mountpoint in  /etc/fstab BEFORE 
> doing the upgrade (as removing ntfs3g would obviously cause mount to 
> complain it didn't know about the partition, and there's no FUSE 
> add-ons in the upgrade image kernel) and that avoided any problems for 
> me.  It is helpful to know from your experience that the upgrade 
> process ended up in an emergency shell.  This will scare some people, 
> so I will be adding a specific note about checking for mount points 
> (specifically that use FUSE add-ons) and a suggestion to comment them 
> out of /etc/fstab before running the preupgrade advisor.
>
> I suggest commenting them out and unmounting before running the 
> advisor because (from what I gather) the tool scans and any all mount 
> points collecting a list of files, which wastes time on the NTFS 
> partition. You wouldn't expect someone to install Linux-related 
> libraries or executables on their NTFS partition... though you never know.
> One system of mine also had a md RAID6 array, which I unmounted and 
> commented out for the same reasons above.
>
> After the upgrade, yum isntall ntfs-3g went as expected, and 
> un-commenting the mountpoint got it mounting again.
> I'm glad that worked for you in the end.
>
> Perhaps there are issues with automount that you were encountering 
> prior to the upgrade.  With the new
>
> Regarding issue #2:
> My write-up basically guides the user through removing (read as 
> exorcising if you'll pardon the expression) anything X Window System 
> and Gnome related before running the upgrade advisor (at least for the 
> last time).
> I include the X window system packages because there have been a few 
> changes that I suspect would lead to a "bad experience".  Some 
> preferences seem to have been brought across after a re-install once 
> running C7.
>
> There was a couple of tricks I did before the upgrade.
> 1. Change to runlevel 3 so the GUI doesn't start up straight after the 
> upgrade.  (i.e. get to a text-only shell) so we can re-install our GUI 
> aftewards.
> 2. Removed X, Gnome and MESA packages.
>
> I had disabled NetworkManager and for the interfaces in the ifcfg 
> scripts so I can't comment on NM-related issues but there were a few 
> niggles after the upgrade.
>
> Post upgrade...
>
> yum groups mark convert
> to fix the group package assignment changes between C6 and C7.
>
> yum groups install "GNOME Desktop" "Graphical Administration Tools"
> to install GNOME again... It's no longer "yum groupinstall ....."
>
> This more/less got GNOME up and running again for me  (via VNC server)
>
> Once in GNOME, use the package maanger to install anything else.
>
> /etc/inittab is no longer relevant.  Use
> ln -sf /lib/systemd/system/graphical.target 
> /etc/systemd/system/default.target
> to get X and your window manager starting up by default.
>
> Network manager:
> Was starting again by default.   Once I got around that, and switching 
> over to fiewall-cmd (from plain IPTABLES) and setting up an 
> appropriate zone, my networking has been fine.
>
> May I ask, why did you choose to install MATE?  Could you not get 
> GNOME working?
> Can anyone else comment on NM?  (before and after)
>


Hi Bert,

Here's another NetworkManager one that I just learned about which took 
about 30 minutes hard debugging to find out (and I'm not the first one 
to be bitten, see link below).

(Regarding MATE - It's our desktop of choice because it's MUCH more 
friendly for remote access.  We used NX and the x2go for a long time, 
and GNOME3 was broken in that environment.  Recently we starting using 
VM's and SPICE, and although it runs (with software 3d emulation) it's a 
slow, fat, pig so we prefer MATE.  So it all boils down to remote access...)

Openvpn in C7 does not allow for "md5" signed certificates by default, 
even though C6 _AND_ the latest Fedora both allow them. The clue is in 
the client side log:

|Mon Jul 14 16:24:23 2014 us=213271 TLS_ERROR: BIO read 
tls_read_plaintext error: error:14090086:SSL 
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

|
And the solution (as documented originally here: 
https://www.centos.org/forums/viewtopic.php?f=50&t=47210) is to either 
get re-issued certificates, or change the environment variables that the 
NetworkManager service run under. In 
/usr/lib/systemd/system/NetworkManager.service

|
[Service]
Environment="OPENSSL_ENABLE_MD5_VERIFY=1 NSS_HASH_ALG_SUPPORT=+MD5"

|

|||Then:|

systemctl daemon-reload

systemctl restart  NetworkManager.service

||


Hope this helps someone else (I'm never going to forget!)

Oh, and another one that I haven't figured out yet: my C7 machines I 
installed from scratch do dual logging (journalctl and 
/var/log/messages) while the upgraded one is only journalctl.

-- 
Thanks,
David Mansfield
Cobite, INC.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140929/023464f4/attachment-0008.html>