Migrate from CentOS7 to CentOS8

The following steps will migrate a CentOS7 server to CentOS8.

yum -y install epel-release

yum -y install yum-utils rpmconf

rm -f /etc/issue.net ; mv /etc/issue.net.rpmsave /etc/issue.net

rpmconf -a # 5 times N

rm -rf /etc/yum.repos.d/reece.repo

yum clean all

package-cleanup --orphans | egrep 'noarch|x86_64' | xargs -r -n 1 yum -y remove

package-cleanup --leaves | egrep 'noarch|x86_64' | xargs -r -n 1 yum -y remove

# do above until none found - leaves 4-5 times

yum install -y dnf

dnf remove -y yum yum-metadata-parser

rm -Rf /etc/yum

dnf -y upgrade

dnf -y install http://vault.centos.org/8.5.2111/BaseOS/x86_64/os/Packages/{centos-linux-repos-8-3.el8.noarch.rpm,centos-linux-release-8.5-1.2111.el8.noarch.rpm,centos-gpg-keys-8-3.el8.noarch.rpm}

dnf -y upgrade https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

cd /etc/yum.repos.d && mkdir backups && mv CentOS-* backups

tee CentOS-Linux-BaseOS.repo<<EOM

[baseos]

name=CentOS Linux \$releasever - BaseOS

baseurl=http://vault.centos.org/8.5.2111/BaseOS/\$basearch/os/

gpgcheck=1

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

EOM

tee CentOS-Linux-AppStream.repo<<EOM

[appstream]

name=CentOS Linux \$releasever - AppStream

baseurl=http://vault.centos.org/8.5.2111/AppStream/\$basearch/os/

gpgcheck=1

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

EOM

rpm -e `rpm -q kernel` --nodeps

rpm -e `rpm -q kernel-devel` --nodeps

rpm -e --nodeps sysvinit-tools

dnf -y erase dracut-network python36-rpmconf python-syspurpose python-sssdconfig

dnf -y --releasever=8 --allowerasing --setopt=deltarpm=false distro-sync

dnf -y install kernel-core

dnf -y groupupdate "Core" "Minimal Install"

grub2-mkconfig -o /boot/grub2/grub.cfg

echo "PermitRootLogin yes" >> /etc/ssh/sshd_config

systemctl reboot

That's it, after the reboot the server should be running CentOS8.

Comments

Manual Kubernetes TLS certificate renewal procedure

Intro Kubernetes utilizes TLS certificates to secure different levels of internal and external cluster communication. This includes internal services like the apiserver, kubelet, scheduler and controller-manager etc. These TLS certificates are created during the initial cluster installation and are usually valid for 12 months. The cluster internal certificate authority (CA) certificate is valid for ten years. There are options available to automate certificate renewals, but they are not always utilised and these certs can become out of date. Updating certain certificates may require restarts of K8s components, which may not be fully automated either. If any of these certificates is outdated or expired, it will stop parts or all of your cluster from functioning correctly. Obviously this scenario should be avoided - especially in production environments. This blog entry focuses on manual renewals / re-creation of Kubernetes certificates. For example, the api-server certificate below...

Analysing and replaying MySQL database queries using tcpdump

Why There are situations where you want to quickly enable query logging on a MySQL Database or trouble shoot queries hitting the Database server in real-time. Yes, you can enable the DB query log and there are other options available, however the script below has helped me in many cases as it is non intrusive and does not require changing the DB server, state or configuration in any way. Limitations The following only works if the DB traffic is not encrypted (no SSL/TLS transport enabled). Also this needs to be run directly on the DB server host (as root / admin). Please also be aware that this should be done on servers and data you own only. Script This script has been amended to suit my individual requirements. #!/bin/sh tcpdump -i any -s 0 -l -w - dst port 3306 | strings | perl -e ' while(<>) { chomp; next if /^[^ ]+[ ]*$/; if(/^(ALTER|COMMIT|CREATE|DELETE|DROP|INSERT|SELECT|SET|UPDATE|ROLLBACK)/i) { if (defined $q) { print "$q\n"; } $q=$_; ...

Deprecating Networking Ingress API version in Kubernetes 1.22

Intro Kubernetes deprecates API versions over time. Usually this affects alpha and beta versions and only requires changing the apiVersion: line in your resource file to make it work. However with this Ingress object version change, additional changes are necessary. Basics For this post I am quickly creating a new cluster via Kind (Kubernetes in Docker) . Once done, we can see which API versions are supported by this cluster (version v1.21.1). $ kubectl api-versions | grep networking networking.k8s.io/v1 networking.k8s.io/v1beta1 Kubernetes automatically converts existing resources internally into different supported API versions. So if we create a new Ingress object with version v1beta1 on a recent cluster version, you will receive a deprecation warning - and the same Ingress object will exist both in version v1beta1 and v1. Create $ cat ingress_beta.yaml apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: clusterpirate-ingress spec: rules: ...

Clusterpirate

Search This Blog