On ma, 10 touko 2021, Kees Bakker via FreeIPA-users wrote:
On 10-05-2021 14:45, Rob Crittenden wrote:
>Kees Bakker via FreeIPA-users wrote:
>>Hi,
>>
>>Trying to upgrade CentOS 7 tot CentOS 8, following the various hints on
>>the internet. Executing this command fails
>>
>># dnf --releasever=8 --allowerasing --setopt=deltarpm=false distro-sync
>>...
>>Running transaction check
>>Error: transaction check vs depsolve:
>>(ipa-selinux = 4.8.7-12.module_el8.3.0+514+e7703106 if
>>selinux-policy-targeted) is needed by
>>ipa-common-4.8.7-12.module_el8.3.0+514+e7703106.noarch
>>rpmlib(RichDependencies) <= 4.12.0-1 is needed by
>>ipa-common-4.8.7-12.module_el8.3.0+514+e7703106.noarch
>>To diagnose the problem, try running: 'rpm -Va --nofiles --nodigest'.
>>You probably have corrupted RPMDB, running 'rpm --rebuilddb' might fix
>>the issue.
>>The downloaded packages were saved in cache until the next successful
>>transaction.
>>You can remove cached packages by executing 'dnf clean packages'.
>>
>>How can I solve this?
>We don't manage the centos repos so I don't know. RHEL uses the leapp
>utility for in-place upgrades but that isn't supported in centos:
>https://wiki.centos.org/FAQ/CentOS8#Is_there_a_way_to_upgrade_CentOS-7_to_CentOS-8.3F_How_about_leapp.3F
>
>The packages aren't really all that relevant in any case as there is no
>"upgrade" when upgrading client packages. It just installs new bits.
>
>There are some important differences between 7 and 8 that could affect
>the resulting upgrade, most importantly that 7 uses authconfig to
>configure PAM and 8 uses authselect. Even if you managed to install the
>new bits, manually use authselect to re-do the PAM config, the result
>will be a failure uninstall because authconfig isn't present to restore
>the original PAM config.
>
>It is probably easier and safer to unconfigure the IPA client, uninstall
>the packages, upgrade, re-install then reconfigure. You can for example
>save the current keytab to re-enroll (see the ipa-client-install man page).
>
>rob
>
Hmm. In this case it's a master that I want to upgrade. I have two
installations (two distinct environments). One environment with three
masters, and one environment with just one master. In the first
environment, I guess your advise would be to disconnect the master,
uninstall freeipa, upgrade (or reinstall) centos, install freeipa
(master). That, I can do. However, that still leaves me with the
problem in my second environment.
Standard upgrade process across major versions of RHEL IdM is to deploy
a replica on a new RHEL version, transition all services provided by the
master-to-be-deleted to it, then cut off the old master and decommission
it. It is described in the documentation quite well.
An upgrade from RHEL 7 to RHEL 8 inplace is not supported.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland