Category Archives: Linux

Setting up WSL for Sysadmin work

A list of tools/configurations to make sysadmin life easy on Windows workstation!

Linux lovers on Windows!

This article is intended for the sysadmins who use Windows workstations for their job and yet would love to have Linux experience on it. Moreover, if they are interacting with AWS CLI, GIT, etc. CLI based tools on daily basis then its best suited for them. I list all the tools and their respective configurations you must have in your arsenal to make your journey peaceful, less frustrating and avoid non-Linux workstation issues. I expect the audience to be comfortable with Linux.

Without further a due let’s get started.

Windows Subsystem for Linux

First of all, let’s get Linux on the Windows 🙂 WSL is a Windows feature available from Windows 10 (WSL Install steps). Install the latest (at the time of this article draft) Ubuntu 20.04 LTS from Microsoft Store. Post-installation you can run it just like other Windows apps. For the first login, you will be prompted to set a username and password. This user is configured to switch to root using sudo.

Now, you have a Linux subsystem running on your Windows! Let’s move on to configure it to ease up daily activities.

Install necessary packages using apt-get. I am listing here frequently useful for your quick reference –

I even configured WSL normal user to perform passwordless sudo into root at the login to save the hassle of typing command and password to switch into root. I love to work at root # prompt!

Avoid sound beeps from Linux terminal

With WSL, one thing you might like to avoid is workstation speaker beeps/bells due to the Linux terminal prompt of vi editors. Here is how you can avoid them :

# echo set bell-style none >>/etc/inputrc # Stops prompt bells
# echo set visualbell >> ~/.vimrc # Stops vi bells

Setting up Git on WSL

Personal Authentication Token (PAT) or SSH keys can be leveraged for configuring Git on WSL. I prefer to use SSH keys so listing steps here –

  • Create and add SSH keys to GitHub account. Steps here.
  • Authorize the organizations for the Public key you are uploading to Git by visiting Key settings on Git.
  • Add ssh-agent service startup and key identity addition at login under user/shell profile. Dirty way to do it on bash is adding below lines in ~/.bashrc file.
eval "$(ssh-agent -s)"
ssh-add /root/.ssh/git_id_rsa
  • Add alias to your Git folder on Windows drive so that you can navigate to it quickly when running all Git commands like repo clone. It can be done by adding below command to your user/shell profiles. You can choose alias (gitdir) of your owne choice and the destination cd <path> too.
alias gitdir='cd /mnt/c/Users/<username>/Downloads/Github'    

Setting up prompt to show current Git branch

It’s easy. You need to tweak your prompt PS1 with git branch command output!

The git branch output looks like this –

# git branch
* master

With help of sed you can take out branch name from it. Obviously, you also want to redirect error (on non-git directory command will fail). And add brackets around branch name to have the same look like gitbash prompt. That sums up to below code –

# git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/(\1)/'
(master)

Add this to a function and call this function in your PS1! Ta da. Sample prompt with colours from Ubuntu. Don’t forget to set this into shell profile (e.g. ~/.bashrc) so that it will be loaded on your login.

git_branch() {
  git branch 2> /dev/null | sed -e '/^[^*]/d' -e 's/* \(.*\)/(\1)/'
}
export PS1="\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\] \[\033[00;32m\]\$(git_branch)\[\033[00m\]# "

Code platform

Oh yes, even sysadmins code for their automation stuff and with IaC being hot in the market it’s essential for sysadmins to code as well. Since we discussed this article is intended for Windows users, Microsoft Visual Code is an undefeated entry here! Its superb code editing tool with numerous plugins makes you comfortable to code.

Tweaking Visual code for PuTTY like experience

PuTTY is the preferred tool for SSHing in Linux world. The beauty of PuTTY lies in its copy-paste capabilities. The same capabilities can be configured on MS Visual code terminal.

Head to the terminal settings by entering the command Terminal: configure Terminal Settings in the command palette (ctrl + shift + p). On the setting screen set below options –

MS VS code setting for Putty copy-paster behaviour!

Setting up VS Code to launch from WSL

Since we already configured Git on WSL, it makes sense to directly run code . command in WSL from Git Directory and have VS code started on the Windows workstation. For that, you just need to add the alias of the code.exe file with an absolute path on Windows to code command!

If you have installed VS code with default config then the below command in your user/shell profile should do the trick.

alias code='/mnt/c/Users/<username>/AppData/Local/Programs/Microsoft\ VS\ Code/code.exe'

Code linters

There are two ways you can have your code linted locally before you commit it on Git.

  1. Install respective code linter binaries/packages on WSL. Its Linux!
  2. Install code linters on VS code if appropriate plugin is available.

Running docker on WSL without installing Docker Desktop for Windows

With WSL version 2, one can run docker on WSL without installing the docker desktop for windows. The Docker installation remains the same inside WSL just like any other Linux installation.

Once installed make sure you are running on WSL version 2. If not upgrade to WSL 2.

Convert the current WSL distro to make use of WSL 2 using the command in PowerShell –

> wsl --set-version <distro-name> 2
## Example wsl --set-version Ubuntu-20.04 2

Now, launch WSL and start the docker by incoming /usr/bin/dockerd binary! You can set an alias to dockerd & start it quickly in the background.

You can also set up cron so that it will start at boot. Note: It did not work for me in WSL

@reboot /usr/bin/dockerd &

Or, you can add the below code in your login profile like .bashrc file so that docker will run at your login.

ps -ef |grep -iq dockerd
if [ $? == 0 ]; then
:
else
/usr/bin/dockerd &
fi

If you have more tips please let us know in the comments below!

Kubernetes tools

Install a text-based UI tool for managing the K8s clusters. Its K9s. Simple installation with standalone binary can be done using the below commands –

# wget -qO- https://github.com/derailed/k9s/releases/download/v0.25.18/k9s_Linux_x86_64.tar.gz | tar zxvf -  -C /tmp/
# mv /tmp/k9s /usr/local/bin

You need to set the context from CLI first and then run k9s command.

Creating Identity provider for AWS EKS

A quick post on creating EKS OIDC provider.

EKS OIDC provider!

We will be creating OpenID Connect Identity Provider for the AWS EKS cluster in the IAM service. It will enable to establish trust between AWS account and Kubernetes running on EKS. For using IAM roles with service accounts created under the EKS cluster, it must have the OIDC provider associated with the cluster. Hence, it’s important to have this created at the beginning of the project along with the cluster.

Let’s get into steps to create an OIDC provider for your cluster.

First, you need to get the OpenID Connect provider URL from EKS Cluster.

  • Navigate to EKS console
  • Click on Cluster name
  • Select Configuration tab and check under Details
OpenID URL on EKS console.

Now head back to the IAM console

  • Click on Identity providers under Access management on left hand side menu
  • Click on Add provider button
Add provider in IAM
  • Select OpenId Connet
  • Paste EKS OpenId provider URL in the give field
  • Click on Get thumbprint button
  • Add sts.amazonaws.com in Audience field
  • Click on Add provider button.
IdP thumbprint

Identity provider is created! View its details by clicking on the provider name.

EKS OIDC

If you are using CloudFormation as an IaC tool then below resource block can be used to create OIDC for the EKS cluster :

OidcProvider:
    Type: AWS::IAM::OIDCProvider
    Properties: 
      Url: !GetAtt EksCluster.OpenIdConnectIssuerUrl
      ThumbprintList: 
        - 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
      ClientIdList:
        - sts.amazonaws.com

Where –

  • EksCluster is the logical ID of the EKS cluster resource in the same CloudFormation template.
  • 9e99a48a9960b14926bb7f3b02e22da2b0ab7280 is EKS thumbprint for region us-east-1. Refer this document to get thumbprints.

How to configure EC2 for Session Manager

A quick reference to configure EC2 for Session Manager in AWS

EC2 session manager!

Ok this must be a very basic post for most of you and there is a readily available AWS doc for it, but I am just cutting it short to list down steps for achieving the objective quickly. You should go through the official AWS doc to understand all aspects of it but if you are on the clock then just follow along and get it set up in no time.

Checklist

Before you start, make sure you checked out these minimum configurations to get going.

  1. Your EC2 is running supported Opertaing System. We are taking example of Linux here so all Linux versions that supports AWS Systems Manager supports session manager.
  2. SSM agent 2.3+ installed on system. If not, we got it covered here.
  3. Outbound 443 traffic should be allowed to below 3 endpoints. You must have this already covered since most of the setups has ALL traffic aalowed in outgoing security group rule. –
    • ec2messages.region.amazonaws.com
    • ssm.region.amazonaws.com
    • ssmmessages.region.amazonaws.com

In a nutshell, probably point 2 is the one you need to verify. If you are using AWS managed AMI then you got it covered for that too! But, if you are using custom-built, home-grown AMI then that might not be the case.

SSM agent installation

It’s a pretty basic RPM installation as you would do on any Linux platform. Download package relevant to your Linux version from here. Or global URLs for Linux agents –

Run package installation and service handler commands with root privileges as below –

# systemctl enable amazon-ssm-agent
# systemctl start amazon-ssm-agent
# systemctl status amazon-ssm agent

If you do not have access to EC2 (Key lost or EC2 without keypair) then probably you need to re-launch the EC2. If your EC2 is part of an auto-scaling group (ASG) then it makes sense to add these commands in the user-data script for the launch template and launch a new EC2 from ASG.

Instance role permissions

Now the agent is up and running. The next step is to authorize the AWS Systems Manager service to perform actions on EC2. This is done via Instance Role. Create the IAM instance role with below IAM policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:UpdateInstanceInformation",
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel"
            ],
            "Resource": "*"
        }
    ]
}

You can scope it down to a particular resource if you want. You can even add KMS encryption-related permissions in it if you are planning to encrypt session data using KMS encryption. An example can be found here.

Once done attach the role to EC2. If EC2 is already having a role attached to it then add the above policy to the existing role and you should be good.

IAM instance profile

Connecting via Session Manager

Now you are good to test the connection.

  • Login to EC2 console.
  • Navigate to instances and selct the respective EC2 instance from the list.
  • Click on Connect button
Connecting to session manager from EC2 console
  • Make sure you are on Serssion Manager tab and click on Connect.
  • If you still see error reported on this screen then give it a minute or two. Sometimes it takes some seconds to propagate IAM role permissions.
Connect to the instance using session manager

New browser tab will open and you should be seeing the Linux prompt.

Instance connected!

Notice you are logged in with the default user ssm-user. You can switch to root user by using sudo.

There are a couple of benefits to using session manager as standard over Key pairs :

  • No need to maintain key files.
  • Avoid security threat posed to infra associated with Key file management.
  • Access management is easy through IAM.
  • Native AWS feature!
  • Session can be logged for audit purposes.

Preparing for Hashicorp Certified Terraform Associate Exam

A quick article that helps you preparing for Hashicorp Certified Terraform Associate Exam

Terraform Associate exam!

In this quick post, I would like to share some of the resources that help you clear the terraform associate exam. Feel free to add resources you know in the comments section, which may help fellow readers.

The terraform associate exam is designed to test the candidate’s readiness towards IaC, i.e. Infrastructure as code. IaC concepts, terraform CLI hands-on (a lot of it) and knowledge on terraform’s paid offerings through Cloud or Enterprise should get you through this exam. It’s a practitioner level exam, so it shouldn’t be hard to beat if you have IaC and cloud background.

You must have researched already about the exam on its official page, but here are quick facts for your reference.

Topics to study

I suggest you have good hands-on with terraform CLI before taking this exam. It will help you cover the majority of topics, and you don’t have to learn them during preparation. That leaves you with minimal topics to prepare for actual certification.

Hashicorp’s study guide is the best resource to follow along for preparation. Let me quickly list down a couple of topics you should not miss during preparation –

  • IaC concepts
    • Traditional infra provisioning v/s IaC
  • Terraform basic workflow
    • Write, plan and apply.
  • Different types of blocks in terraform code
  • Terraform CLI commands (a huge list of them!)
  • Terraform Modules, functions, state files
    • At least go through all functions once.
    • Lots of hands-on to understand how modules works
    • State management (a big topic!)
  • Debugging and variables
    • Different ways to handle variables
    • Debugging levels, ways to set them, logging in files
  • Detailed understanding of Terraform cloud and enterprise
    • Free and paid offerings in each type
    • Sentinal, workspaces, remote runs etc. understanding
    • Clustering, OS availability in each type

Resources for preparation

Assorted list of online resources you can leverage to follow along your preparation journey.

I am linking here my own last day revision notes as well that I prepared during my certification preparation.

Practice tests

Here is a list of practice tests you can take online before going in for an actual exam. It will test the understanding of your topic and concretes your decision for exam booking.

That’s all I have to share. All the best!

How to upgrade from Oracle Linux 6 to Oracle Linux 7

In this quick walk-through we will upgrade OL 6.8 to OL 7.6

OL6 to OL7!

All outputs under this article are from the EC2 server running on AWS. I am using Oracle Linux Yum server public repo hence reference the names from it. If your system is registered to ULN then use respective repos accordingly.

First you need to prepare system for upgrade. Below are pre-requisites :

  • Make sure you have a proper backup of your data, disabled monitoring of server, stopped all applications on the server, etc.
  • Make sure the system is subscribed to ol6_latest repository
  • Update system completely using yum update
  • Subscribe system to ol6_addons repo
  • Make sure the system meets all OL7 system requirements.

Once you are ready you can go ahead with running pre-upgrade checks to verify if your system is compatible to move on. For that, you need to install the below packages. Those are available from ol6_addons repo.

[root@kerneltalks ~]# yum install openscap redhat-upgrade-tool preupgrade-assistant  preupgrade-assistant-el6toel7 preupgrade-assistant-el6toel7-data-0 preupgrade-assistant-tools preupgrade-assistant-ui

Once packages are installed you are ready to run a pre-upgrade check. Note: In my case, preupgrade-assistant-el6toel7-data-0 was not available from my repo but it did not hurt my upgrade.

Now run below command to run checks –

[root@kerneltalks ~]# preupg
The Preupgrade Assistant is a diagnostics tool
and does not perform the actual upgrade.
Do you want to continue? [Y/n]
Y
Gathering logs used by the Preupgrade Assistant:
All installed packages                                 : 01/10 ...finished (time 00:00s)
All changed files                                      : 02/10 ...finished (time 01:39s)
Changed config files                                   : 03/10 ...finished (time 00:00s)
All users                                              : 04/10 ...finished (time 00:00s)
All groups                                             : 05/10 ...finished (time 00:00s)
Service statuses                                       : 06/10 ...finished (time 00:00s)
All installed files                                    : 07/10 ...finished (time 00:00s)
All local files                                        : 08/10 ...finished (time 00:01s)
All executable files                                   : 09/10 ...finished (time 00:00s)
Oracle signed packages                                 : 10/10 ...finished (time 00:00s)
Assessment of the system, running checks / SCE scripts:
001/141 ...done    (Configuration files to be reviewed) (time: 00:01s)
002/141 ...done    (File lists for the manual migration) (time: 00:00s)
003/141 ...done    (Bacula Backup Software) (time: 00:00s)
004/141 ...done    (MySQL configuration) (time: 00:00s)
005/141 ...done    (MySQL data stack) (time: 00:00s)
006/141 ...done    (Changes related to moving from MySQL to MariaDB) (time: 00:00s)
007/141 ...done    (PostgreSQL) (time: 00:00s)
008/141 ...done    (GNOME desktop environment) (time: 00:00s)
009/141 ...done    (KDE desktop environment) (time: 00:00s)
010/141 ...done    (POWER6 processors) (time: 00:00s)
011/141 ...done    (Graphic drivers not supported in Oracle Linux 7) (time: 00:00s)
012/141 ...done    (Input drivers not supported in Oracle Linux 7) (time: 00:00s)
013/141 ...done    (Kernel networking drivers not available in Oracle Linux 7) (time: 00:00s)
014/141 ...done    (Kernel storage drivers not available in Oracle Linux 7) (time: 00:00s)
015/141 ...done    (Oracle Directory Server) (time: 00:00s)
016/141 ...done    (Arptables) (time: 00:00s)
017/141 ...done    (BIND9 in a chroot environment) (time: 00:00s)
018/141 ...done    (BIND9 configuration compatibility) (time: 00:00s)
019/141 ...done    (Moving the 'dhcpd' and 'dhcrelay' arguments) (time: 00:00s)
020/141 ...done    (Dnsmasq) (time: 00:00s)
021/141 ...done    (Dovecot) (time: 00:00s)
022/141 ...done    (Compatibility between iptables and ip6tables) (time: 00:00s)
023/141 ...done    (Net-SNMP) (time: 00:00s)
024/141 ...done    (NFSv2) (time: 00:00s)
025/141 ...done    (OpenLDAP server daemon configuration) (time: 00:00s)
026/141 ...done    (Moving openssh-keycat) (time: 00:00s)
027/141 ...done    (SSH configuration file and SSH keys) (time: 00:00s)
028/141 ...done    (Postfix) (time: 00:00s)
029/141 ...done    (SMB) (time: 00:00s)
030/141 ...done    (Sendmail) (time: 00:00s)
031/141 ...done    (Squid) (time: 00:00s)
032/141 ...done    (VSFTP daemon configuration) (time: 00:00s)
033/141 ...done    (Reusable configuration files) (time: 00:00s)
034/141 ...done    (Changed configuration files) (time: 00:00s)
035/141 ...done    (Rsyslog configuration incompatibility) (time: 00:00s)
036/141 ...done    (VCS repositories) (time: 00:00s)
037/141 ...done    (Added and extended options for BIND9) (time: 00:00s)
038/141 ...done    (Added options in dnsmasq) (time: 00:00s)
039/141 ...done    (Changes in utilities) (time: 00:00s)
040/141 ...done    (Packages from other system variants) (time: 00:00s)
041/141 ...done    (Load balancer support) (time: 00:00s)
042/141 ...done    (Packages not signed by Oracle) (time: 00:00s)
043/141 ...done    (Obsolete RPM packages) (time: 00:01s)
044/141 ...done    (w3m browser) (time: 00:00s)
045/141 ...done    (The qemu-guest-agent package) (time: 00:00s)
046/141 ...done    (The coreutils packages) (time: 00:00s)
047/141 ...done    (The gawk package) (time: 00:00s)
048/141 ...done    (Removed command line options) (time: 00:00s)
049/141 ...done    (The netstat binary) (time: 00:00s)
050/141 ...done    (Quota) (time: 00:00s)
051/141 ...done    (The util-linux (util-linux-ng) binaries) (time: 00:00s)
052/141 ...done    (Removed RPM packages) (time: 00:01s)
053/141 ...done    (TaskJuggler) (time: 00:00s)
054/141 ...done    (Replaced RPM packages) (time: 00:02s)
055/141 ...done    (GMP library incompatibilities) (time: 00:00s)
056/141 ...done    ("not-base" channels) (time: 00:05s)
057/141 ...done    (Package downgrades) (time: 00:00s)
058/141 ...done    (Custom SELinux policy) (time: 00:00s)
059/141 ...done    (Custom SELinux configuration) (time: 00:03s)
060/141 ...done    (Samba SELinux context check) (time: 00:00s)
061/141 ...done    (Removing sandbox from SELinux) (time: 00:00s)
062/141 ...done    (CUPS Browsing and BrowsePoll) (time: 00:00s)
063/141 ...done    (CVS) (time: 00:00s)
064/141 ...done    (FreeRADIUS) (time: 00:00s)
065/141 ...done    (httpd) (time: 00:00s)
066/141 ...done    (The bind-dyndb-ldap configuration file) (time: 00:00s)
067/141 ...done    (Identity Management Server) (time: 00:00s)
068/141 ...done    (IPA Server CA) (time: 00:00s)
069/141 ...done    (Network Time Protocol) (time: 00:00s)
070/141 ...done    (time-sync.target) (time: 00:00s)
071/141 ...done    (OpenLDAP /etc/sysconfig and data compatibility) (time: 00:00s)
072/141 ...done    (The OpenSSH sshd_config file migration) (time: 00:00s)
073/141 ...done    (The OpenSSH sysconfig/sshd file migration) (time: 00:00s)
074/141 ...done    (The quota_nld service) (time: 00:00s)
075/141 ...done    (Moving the disk quota netlink message daemon into the quota-nld package) (time: 00:00s)
076/141 ...done    (System Security Services Daemon) (time: 00:00s)
077/141 ...done    (Tomcat configuration compatibility check) (time: 00:00s)
078/141 ...done    (Detection of LUKS devices using Whirlpool for password hash) (time: 00:00s)
079/141 ...done    (Detection of Direct Access Storage Device (DASD) format on s390x platform for LDL format) (time: 00:00s)
080/141 ...done    (The clvmd and cmirrord daemon management) (time: 00:00s)
081/141 ...done    (Logical Volume Management 2 services) (time: 00:00s)
082/141 ...done    (Device Mapper Multipath) (time: 00:00s)
083/141 ...done    (The scsi-target-utils packages) (time: 00:00s)
084/141 ...done    (Backing up warnquota) (time: 00:00s)
085/141 ...done    (The warnquota tool) (time: 00:00s)
086/141 ...done    (Add-Ons) (time: 00:00s)
087/141 ...done    (Unsupported architectures) (time: 00:00s)
088/141 ...done    (Binaries to be rebuilt) (time: 00:25s)
089/141 ...done    (Debuginfo packages) (time: 00:00s)
090/141 ...done    (Read-only FHS directories) (time: 00:00s)
091/141 ...done    (FHS incompatibilities) (time: 00:00s)
092/141 ...done    (Requirements for the /usr/ directory) (time: 00:00s)
093/141 ...done    (Cluster and High Availability) (time: 00:00s)
094/141 ...done    (The quorum implementation) (time: 00:00s)
095/141 ...done    (The krb5kdc configuration file) (time: 00:00s)
096/141 ...done    (File systems, partitions, and the mounts configuration) (time: 00:00s)
097/141 ...done    (Removable media in the /etc/fstab file) (time: 00:00s)
098/141 ...done    (Libraries with their soname bumped) (time: 00:08s)
099/141 ...done    (Libraries with their soname kept) (time: 00:07s)
100/141 ...done    (Removed .so libraries) (time: 00:46s)
101/141 ...done    (CGROUP_DAEMON in sysconfig scripts) (time: 00:00s)
102/141 ...done    (Checking the system version and variant) (time: 00:00s)
103/141 ...done    (Consequences of upgrading to RHEL 7.6 instead of the latest RHEL minor version) (time: 00:00s)
104/141 ...done    (AIDE) (time: 00:00s)
105/141 ...done    (CA bundles) (time: 00:00s)
106/141 ...done    (Oracle Developer Toolset) (time: 00:00s)
107/141 ...done    (GRUB to GRUB 2 migration) (time: 00:00s)
108/141 ...done    (Grubby) (time: 00:00s)
109/141 ...done    (Obsoleting Hardware Abstraction Layer) (time: 00:00s)
110/141 ...done    (Hyper-V) (time: 00:00s)
111/141 ...done    (Enabled and disabled services in Oracle Linux 6) (time: 00:02s)
112/141 ...done    (Ethernet interface naming) (time: 00:00s)
113/141 ...done    (The /etc/rc.local and /etc/rc.d/rc.local files) (time: 00:00s)
114/141 ...done    (java-1.8.0-ibm compatibility check) (time: 00:00s)
115/141 ...done    (Java upgrade) (time: 00:00s)
116/141 ...done    (The kernel-kdump package) (time: 00:00s)
117/141 ...done    (The cgroups configuration compatibility) (time: 00:00s)
118/141 ...done    (Pluggable authentication modules (PAM)) (time: 00:00s)
119/141 ...done    (Perl modules not distributed by Oracle) (time: 00:13s)
120/141 ...done    (PHP modules not distributed by Oracle) (time: 00:00s)
121/141 ...done    (PolicyKit) (time: 00:00s)
122/141 ...done    (Python packages) (time: 00:03s)
123/141 ...done    (Repositories for Kickstart) (time: 00:00s)
124/141 ...done    (System requirements) (time: 00:00s)
125/141 ...done    (Ruby 2.0.0) (time: 00:00s)
126/141 ...done    (Oracle Software Collections (RHSCL)) (time: 00:00s)
127/141 ...done    (Oracle Subscription Manager) (time: 00:00s)
128/141 ...done    (Oracle Network Classic unsupported) (time: 00:00s)
129/141 ...done    (Copying Kickstart) (time: 00:00s)
130/141 ...done    (The 'tuned' profiles) (time: 00:00s)
131/141 ...done    (UEFI boot loader) (time: 00:00s)
132/141 ...done    (Yaboot) (time: 00:00s)
133/141 ...done    (The yum configuration file) (time: 00:00s)
134/141 ...done    (Dangerous ranges of UIDs and GIDs) (time: 00:00s)
135/141 ...done    (Incorrect usage of reserved UIDs and GIDs) (time: 00:01s)
136/141 ...done    (The libuser.conf file) (time: 00:00s)
137/141 ...done    (NIS ypbind) (time: 00:00s)
138/141 ...done    (NIS Makefile) (time: 00:00s)
139/141 ...done    (NIS server maps) (time: 00:00s)
140/141 ...done    (NIS server UID_MIN and GID_MIN limits) (time: 00:00s)
141/141 ...done    (The NIS server configuration file) (time: 00:00s)
The assessment finished (time 02:18s)
The '/root/preupgrade/cleanconf/etc/ssh/sshd_config' configuration file already exists in the '/root/preupgrade/cleanconf/etc/ssh' directory
The 'https://z5.kerneltalks.com/root/preupgrade/cleanconf/etc/yum.conf' configuration file already exists in the '/root/preupgrade/cleanconf/etc' directory
Result table with checks and their results for 'main contents':
-------------------------------------------------------------------------------------------------------------------
|Bacula Backup Software                                                                        |notapplicable     |
|MySQL configuration                                                                           |notapplicable     |
|MySQL data stack                                                                              |notapplicable     |
|Changes related to moving from MySQL to MariaDB                                               |notapplicable     |
|PostgreSQL                                                                                    |notapplicable     |
|GNOME desktop environment                                                                     |notapplicable     |
|KDE desktop environment                                                                       |notapplicable     |
|Graphic drivers not supported in Oracle Linux 7                                               |notapplicable     |
|Input drivers not supported in Oracle Linux 7                                                 |notapplicable     |
|Oracle Directory Server                                                                       |notapplicable     |
|Arptables                                                                                     |notapplicable     |
|BIND9 in a chroot environment                                                                 |notapplicable     |
|BIND9 configuration compatibility                                                             |notapplicable     |
|Moving the 'dhcpd' and 'dhcrelay' arguments                                                   |notapplicable     |
|Dnsmasq                                                                                       |notapplicable     |
|Dovecot                                                                                       |notapplicable     |
|Net-SNMP                                                                                      |notapplicable     |
|OpenLDAP server daemon configuration                                                          |notapplicable     |
|Postfix                                                                                       |notapplicable     |
|SMB                                                                                           |notapplicable     |
|Squid                                                                                         |notapplicable     |
|VSFTP daemon configuration                                                                    |notapplicable     |
|Added and extended options for BIND9                                                          |notapplicable     |
|Added options in dnsmasq                                                                      |notapplicable     |
|Load balancer support                                                                         |notapplicable     |
|w3m browser                                                                                   |notapplicable     |
|The qemu-guest-agent package                                                                  |notapplicable     |
|Quota                                                                                         |notapplicable     |
|TaskJuggler                                                                                   |notapplicable     |
|Samba SELinux context check                                                                   |notapplicable     |
|CUPS Browsing and BrowsePoll                                                                  |notapplicable     |
|CVS                                                                                           |notapplicable     |
|FreeRADIUS                                                                                    |notapplicable     |
|The bind-dyndb-ldap configuration file                                                        |notapplicable     |
|Identity Management Server                                                                    |notapplicable     |
|IPA Server CA                                                                                 |notapplicable     |
|OpenLDAP /etc/sysconfig and data compatibility                                                |notapplicable     |
|The quota_nld service                                                                         |notapplicable     |
|Moving the disk quota netlink message daemon into the quota-nld package                       |notapplicable     |
|System Security Services Daemon                                                               |notapplicable     |
|Tomcat configuration compatibility check                                                      |notapplicable     |
|Detection of LUKS devices using Whirlpool for password hash                                   |notapplicable     |
|Detection of Direct Access Storage Device (DASD) format on s390x platform for LDL format      |notapplicable     |
|The clvmd and cmirrord daemon management                                                      |notapplicable     |
|Logical Volume Management 2 services                                                          |notapplicable     |
|Device Mapper Multipath                                                                       |notapplicable     |
|The scsi-target-utils packages                                                                |notapplicable     |
|Backing up warnquota                                                                          |notapplicable     |
|The warnquota tool                                                                            |notapplicable     |
|The quorum implementation                                                                     |notapplicable     |
|The krb5kdc configuration file                                                                |notapplicable     |
|AIDE                                                                                          |notapplicable     |
|Obsoleting Hardware Abstraction Layer                                                         |notapplicable     |
|Java upgrade                                                                                  |notapplicable     |
|java-1.8.0-ibm compatibility check                                                            |notapplicable     |
|The kernel-kdump package                                                                      |notapplicable     |
|PHP modules not distributed by Oracle                                                         |notapplicable     |
|Ruby 2.0.0                                                                                    |notapplicable     |
|Oracle Software Collections (RHSCL)                                                           |notapplicable     |
|Oracle Network Classic unsupported                                                            |notapplicable     |
|Oracle Subscription Manager                                                                   |notapplicable     |
|Copying Kickstart                                                                             |notapplicable     |
|The 'tuned' profiles                                                                          |notapplicable     |
|Yaboot                                                                                        |notapplicable     |
|NIS ypbind                                                                                    |notapplicable     |
|NIS Makefile                                                                                  |notapplicable     |
|NIS server maps                                                                               |notapplicable     |
|NIS server UID_MIN and GID_MIN limits                                                         |notapplicable     |
|The NIS server configuration file                                                             |notapplicable     |
|POWER6 processors                                                                             |pass              |
|Kernel networking drivers not available in Oracle Linux 7                                     |pass              |
|Kernel storage drivers not available in Oracle Linux 7                                        |pass              |
|Sendmail                                                                                      |pass              |
|Reusable configuration files                                                                  |pass              |
|time-sync.target                                                                              |pass              |
|The OpenSSH sshd_config file migration                                                        |pass              |
|Add-Ons                                                                                       |pass              |
|Unsupported architectures                                                                     |pass              |
|Debuginfo packages                                                                            |pass              |
|Read-only FHS directories                                                                     |pass              |
|Requirements for the /usr/ directory                                                          |pass              |
|Cluster and High Availability                                                                 |pass              |
|CGROUP_DAEMON in sysconfig scripts                                                            |pass              |
|Checking the system version and variant                                                       |pass              |
|CA bundles                                                                                    |pass              |
|Oracle Developer Toolset                                                                      |pass              |
|Hyper-V                                                                                       |pass              |
|The /etc/rc.local and /etc/rc.d/rc.local files                                                |pass              |
|Pluggable authentication modules (PAM)                                                        |pass              |
|Python packages                                                                               |pass              |
|System requirements                                                                           |pass              |
|The libuser.conf file                                                                         |pass              |
|NFSv2                                                                                         |informational     |
|Rsyslog configuration incompatibility                                                         |informational     |
|VCS repositories                                                                              |informational     |
|The coreutils packages                                                                        |informational     |
|The gawk package                                                                              |informational     |
|Removed command line options                                                                  |informational     |
|The netstat binary                                                                            |informational     |
|The util-linux (util-linux-ng) binaries                                                       |informational     |
|GMP library incompatibilities                                                                 |informational     |
|httpd                                                                                         |informational     |
|Network Time Protocol                                                                         |informational     |
|File systems, partitions, and the mounts configuration                                        |informational     |
|Removable media in the /etc/fstab file                                                        |informational     |
|Libraries with their soname kept                                                              |informational     |
|Consequences of upgrading to RHEL 7.6 instead of the latest RHEL minor version                |informational     |
|Perl modules not distributed by Oracle                                                        |informational     |
|PolicyKit                                                                                     |informational     |
|The yum configuration file                                                                    |informational     |
|SSH configuration file and SSH keys                                                           |fixed             |
|Replaced RPM packages                                                                         |fixed             |
|Package downgrades                                                                            |fixed             |
|Custom SELinux policy                                                                         |fixed             |
|Custom SELinux configuration                                                                  |fixed             |
|The OpenSSH sysconfig/sshd file migration                                                     |fixed             |
|Grubby                                                                                        |fixed             |
|Dangerous ranges of UIDs and GIDs                                                             |fixed             |
|File lists for the manual migration                                                           |needs_inspection  |
|Compatibility between iptables and ip6tables                                                  |needs_inspection  |
|Moving openssh-keycat                                                                         |needs_inspection  |
|Changed configuration files                                                                   |needs_inspection  |
|Changes in utilities                                                                          |needs_inspection  |
|Obsolete RPM packages                                                                         |needs_inspection  |
|Binaries to be rebuilt                                                                        |needs_inspection  |
|FHS incompatibilities                                                                         |needs_inspection  |
|Libraries with their soname bumped                                                            |needs_inspection  |
|Removed .so libraries                                                                         |needs_inspection  |
|Ethernet interface naming                                                                     |needs_inspection  |
|Repositories for Kickstart                                                                    |needs_inspection  |
|Incorrect usage of reserved UIDs and GIDs                                                     |needs_inspection  |
|Configuration files to be reviewed                                                            |needs_action      |
|Packages from other system variants                                                           |needs_action      |
|Packages not signed by Oracle                                                                 |needs_action      |
|Removed RPM packages                                                                          |needs_action      |
|"not-base" channels                                                                           |needs_action      |
|Removing sandbox from SELinux                                                                 |needs_action      |
|GRUB to GRUB 2 migration                                                                      |needs_action      |
|Enabled and disabled services in Oracle Linux 6                                               |needs_action      |
|The cgroups configuration compatibility                                                       |needs_action      |
|UEFI boot loader                                                                              |needs_action      |
-------------------------------------------------------------------------------------------------------------------
The tarball with results is stored in 'https://z5.kerneltalks.com/root/preupgrade-results/preupg_results-200723042538.tar.gz' .
The latest assessment is stored in the '/root/preupgrade' directory.
Summary information:
We have found some potential risks.
Read the full report file '/root/preupgrade/result.html' for more details.
Please ensure you have backed up your system and/or data
before doing a system upgrade to prevent loss of data in
case the upgrade fails and full re-install of the system
from installation media is needed.
Upload results to UI by the command:
e.g. preupg -u http://example.com:8099/submit/ -r /root/preupgrade-results/preupg_results-200723042538.tar.gz .

Once the tool completes checks, download, and review /root/preupgrade/result.html It will be something like below –

Pre-upgrade report

It will be having all the checks, their results, what is actionable and what actions to be taken.

Spare some time to read the report thoroughly, read the actionable, action on it if it suits your environment/needs, etc. and then move ahead with the upgrade. Since I am running a test instance on AWS, I did not care to consider actionable and I moved ahead with the upgrade.

The upgrade needs an ISO or network path from where it can read OL7 packages for an upgrade. I downloaded OL7 ISO from Oracle using get. To start upgrade with ISO use below command –

[root@kerneltalks ~]# redhat-upgrade-tool-cli --iso OracleLinux-R7-U6-Server-x86_64-dvd.iso --debuglog=/tmp/upgrade.log --cleanup-post
setting up repos...
upgradeiso                                                                                                                                       | 3.6 kB     00:00 ...
upgradeiso/primary_db                                                                                                                            | 5.0 MB     00:00 ...
The Preupgrade Assistant has found upgrade risks.
 You can run 'preupg --riskcheck --verbose' to view these risks.
Addressing high risk issues is mandatory before continuing with the upgrade.
Ignoring these risks may result in a broken and/or unsupported upgrade.
Please backup your data.

List of issues:
preupg.risk.MEDIUM: Some packages installed on the system were removed between Oracle Linux 6 and Oracle Linux 7. This might break the functionality of the packages that depend on the removed packages.
preupg.risk.MEDIUM: After the upgrade, migrate GRUB to GRUB 2 manually.
preupg.risk.MEDIUM: The  name distros was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name __init__.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name __init__.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name __init__.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name arch.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name arch.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name arch.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name debian.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name debian.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name debian.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name fedora.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name fedora.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name fedora.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name freebsd.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name freebsd.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name freebsd.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name gentoo.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name gentoo.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name gentoo.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name net_util.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name net_util.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name net_util.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name parsers was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name hostname.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name hostname.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name hostname.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name hosts.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name hosts.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name hosts.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name resolv_conf.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name resolv_conf.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name resolv_conf.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name sys_conf.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name sys_conf.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name sys_conf.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name rhel.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name rhel.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name rhel.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name rhel_util.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name rhel_util.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name rhel_util.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name sles.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name sles.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name sles.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name ubuntu.py was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name ubuntu.pyc was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.MEDIUM: The  name ubuntu.pyo was changed in Oracle Linux 7 to one of these services:  cloud-config.service cloud-config.target cloud-final.service cloud-init-local.service cloud-init.service
preupg.risk.SLIGHT: We detected some files where their modifications are not tracked by the RPM packages. Check the functionality of the files after the successful upgrade.
preupg.risk.HIGH: The /etc/shadow and /etc/gshadow files must be backed up manually by the administrator.
preupg.risk.HIGH: You have installed some packages signed by Oracle for a different variant of the Oracle Linux system.
preupg.risk.HIGH: We detected some packages not signed by Oracle. You can find the list in the /root/preupgrade/kickstart/nonrhpkgs file. Handle them yourself.
preupg.risk.HIGH: After upgrading to Oracle Linux 7, there are still some el6 packages left. Add the '--cleanup-post' option to redhat-upgrade-tool to remove them automatically.
preupg.risk.HIGH: The apr-util-ldap package moved to the Optional channel between Oracle Linux 6 and Oracle Linux 7.
preupg.risk.HIGH: The groff package moved to the Optional channel between Oracle Linux 6 and Oracle Linux 7.
preupg.risk.HIGH: The openscap-engine-sce package is available in the Optional channel.
preupg.risk.HIGH: The python-pygments package moved to the Optional channel between Oracle Linux 6 and Oracle Linux 7.
preupg.risk.HIGH: The system-config-firewall-tui package moved to the Optional channel between Oracle Linux 6 and Oracle Linux 7.
preupg.risk.HIGH: The xz-lzma-compat package moved to the Optional channel between Oracle Linux 6 and Oracle Linux 7.
preupg.risk.HIGH: There were changes in SELinux policies between Oracle Linux 6 and Oracle Linux 7. See the solution to resolve this problem.
preupg.risk.HIGH: Back up the grub RPM manually before the upgrade. See the remediation instructions for more info.
preupg.risk.HIGH: The blk-availability service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable blk-availability && systemctl start blk-availability.service .
preupg.risk.HIGH: The cloud-config service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable cloud-config && systemctl start cloud-config.service .
preupg.risk.HIGH: The cloud-final service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable cloud-final && systemctl start cloud-final.service .
preupg.risk.HIGH: The cloud-init service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable cloud-init && systemctl start cloud-init.service .
preupg.risk.HIGH: The cloud-init-hotplugd service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable cloud-init-hotplugd && systemctl start cloud-init-hotplugd.service .
preupg.risk.HIGH: The cloud-init-local service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable cloud-init-local && systemctl start cloud-init-local.service .
preupg.risk.HIGH: The ip6tables service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable ip6tables && systemctl start ip6tables.service .
preupg.risk.HIGH: The messagebus service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable messagebus && systemctl start messagebus.service .
preupg.risk.HIGH: The netfs service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable netfs && systemctl start netfs.service .
preupg.risk.HIGH: The network service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable network && systemctl start network.service .
preupg.risk.HIGH: The ntpd service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable ntpd && systemctl start ntpd.service .
preupg.risk.HIGH: The sendmail service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable sendmail && systemctl start sendmail.service .
preupg.risk.HIGH: The udev-post service is disabled by default in Oracle Linux 7. Enable it by typing: systemctl enable udev-post && systemctl start udev-post.service .
preupg.risk.HIGH: Additional libcgroup configuration files were created (https://z5.kerneltalks.com/etc/cgconfig.d).
preupg.risk.HIGH: Binary efibootmgr is not installed.
preupg.risk.HIGH: Please, install all required packages (and binaries) and run preupg again to process check properly.
preupg.risk.MEDIUM: The ssh-keycat files are moved to the openssh-keycat package.
preupg.risk.MEDIUM: Some packages installed on the system were removed between Oracle Linux 6 and Oracle Linux 7. This might break the functionality of the packages depending on these removed packages.
preupg.risk.MEDIUM: Conflict with the file structure: the /run/ directory already exists.
preupg.risk.MEDIUM:  Some soname bumps in the libraries installed on the system were detected, which might break the functionality of some of your third-party applications. They might need to be rebuilt, so check their requirements.
preupg.risk.MEDIUM: Some .so libraries installed on the system were removed between Oracle Linux 6 and Oracle Linux 7. This might break the functionality of some of your third-party applications.
preupg.risk.MEDIUM: Reserved user and group IDs by the setup package changed between Oracle Linux 6 and Oracle Linux 7.
preupg.risk.SLIGHT: Some files untracked by RPM packages were detected. Some of these files might need a manual check or migration after redhat-upgrade-tool and/or might cause conflicts during the installation. Try to reduce the number of the unnecessary untracked files before running redhat-upgrade-tool.
preupg.risk.SLIGHT: The iptables or ip6tables service is enabled.Read the remediation instructions.
preupg.risk.SLIGHT: Certain configuration files are changed and the .rpmnew files will be generated.
preupg.risk.SLIGHT: Some utilities were replaced, removed, moved between packages, or their location changed.
preupg.risk.SLIGHT: Some scripts untracked by RPM were discovered on the system. The scripts might not work properly after the upgrade.
preupg.risk.SLIGHT: /etc/sysconfig/network-scripts/ifcfg-eth0 is old style ethX name without HWADDR, its name can change after the upgrade.
preupg.risk.SLIGHT: You use one network device with an old style 'ethX' name.
preupg.risk.SLIGHT: The public_ol6_latest repository is enabled.
preupg.risk.SLIGHT: The public_ol6_addons repository is enabled.
preupg.risk.SLIGHT: The public_ol6_ga_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_u1_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_u2_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_u3_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_u4_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_u5_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_u6_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_u7_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_u8_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_UEK_latest repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_UEKR3_latest repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_UEKR4 repository is enabled.
preupg.risk.SLIGHT: The public_ol6_UEK_base repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_MySQL repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_gdm_multiseat repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_MySQL56 repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_MySQL57 repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_ceph10 repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_spacewalk20_server repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_spacewalk20_client repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_ofed_UEK repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_UEKR4_OFED repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_playground_latest repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_spacewalk22_server repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_spacewalk22_client repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_software_collections repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_spacewalk24_server repository is not enabled.
preupg.risk.SLIGHT: The public_ol6_spacewalk24_client repository is not enabled.
preupg.risk.SLIGHT: Enabled repository files for the Kickstart generation are stored in the /root/preupgrade/kickstart/available-repos file.
preupg.risk.SLIGHT: Some packages installed on the system changed their names between Oracle Linux 6 and Oracle Linux 7. Although they should be compatible, monitor them after the update.
Continue with the upgrade [Y/N]? Y

Once again it will list out risks of upgrade and ask your confirmation to move ahead. Once you confirm it with Y, the upgrade starts.

Continue with the upgrade [Y/N]? Y
getting boot images...
vmlinuz-redhat-upgrade-tool                                                                                                                      | 6.3 MB     00:00 ...
initramfs-redhat-upgrade-tool.img                                                                                                                |  58 MB     00:00 ...
setting up update...
finding updates 100% [=================================================================================================================================================]testing upgrade transaction
rpm transaction 100% [=================================================================================================================================================]
rpm install 100% [=====================================================================================================================================================]
setting up system for upgrade
HOOK-pkgdowngrades: INFO: start with arguments: /root/preupgrade/pkgdowngrades/enforce_downgraded --destdir=/root/preupgrade/pkgdowngrades/rpms --installroot=/root/preupgrade/pkgdowngrades/installroot --rhelupdir=/var/lib/system-upgrade
No plugin match for: rhnplugin
Repository 'public_ol6_UEK_latest': Error parsing config: Error parsing "enabled = '$uek'": invalid boolean value
Repository 'public_ol6_UEKR3_latest': Error parsing config: Error parsing "enabled = '$uekr3'": invalid boolean value
Repository 'public_ol6_UEKR4': Error parsing config: Error parsing "enabled = '$uekr4'": invalid boolean value
HOOK-pkgdowngrades: WARNING: The ncurses-base.x86_64 package switched to 'noarch' in the next RHEL release.
HOOK-pkgdowngrades: WARNING: The 'hwdata' package is not noarch anymore, x86_64 will be installed.
HOOK-pkgdowngrades: WARNING: The 'dracut' package is not noarch anymore, x86_64 will be installed.
HOOK-pkgdowngrades: WARNING: The 'rhn-client-tools' package is not noarch anymore, x86_64 will be installed.
HOOK-pkgdowngrades: WARNING: The 'rhn-check' package is not noarch anymore, x86_64 will be installed.
HOOK-pkgdowngrades: WARNING: The 'rhn-setup' package is not noarch anymore, x86_64 will be installed.
HOOK-pkgdowngrades: WARNING: The perl-Pod-Escapes.x86_64 package switched to 'noarch' in the next RHEL release.
HOOK-pkgdowngrades: WARNING: The perl-Module-Pluggable.x86_64 package switched to 'noarch' in the next RHEL release.
HOOK-pkgdowngrades: WARNING: The perl-Pod-Simple.x86_64 package switched to 'noarch' in the next RHEL release.
HOOK-pkgdowngrades: WARNING: The cloud-utils-growpart.x86_64 package switched to 'noarch' in the next RHEL release.
HOOK-pkgdowngrades: WARNING: The python-jinja2.x86_64 package switched to 'noarch' in the next RHEL release.
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libgcc.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'redhat-release-server.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'setup.noarch'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'tzdata.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'ncurses-base.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'filesystem.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'basesystem.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'bash.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'nss-softokn-freebl.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'glibc-common.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'glibc.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'nspr.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'nss-util.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libsepol.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libstdc++.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'ncurses-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'pcre.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libselinux.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'zlib.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'info.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'xz-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'bzip2-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libcom_err.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libdb.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'sed.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libuuid.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libattr.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libacl.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libcap.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'grep.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'elfutils-libelf.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libffi.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'popt.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libcap-ng.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'audit-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'chkconfig.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'readline.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'sqlite.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'gawk.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'diffutils.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libgpg-error.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libgcrypt.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'nss-softokn.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'lua.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'p11-kit.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libxml2.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'xz.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'findutils.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'cpio.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libnfnetlink.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libmnl.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'lz4.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'expat.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libnetfilter_conntrack.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'iptables.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'iproute.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'setools-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'acl.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'tar.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libdb-utils.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libss.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'e2fsprogs-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'kmod-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libidn.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libselinux-utils.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'ncurses.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'gmp.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libverto.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'dmidecode.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libsmartcols.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'ustr.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libsemanage.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'checkpolicy.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libtasn1.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'p11-kit-trust.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'ca-certificates.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'hardlink.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'qrencode-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libyaml.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'keyutils-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'coreutils.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'openssl-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'krb5-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'shadow-utils.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libblkid.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libmount.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'glib2.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'shared-mime-info.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'gzip.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'cracklib.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'cracklib-dicts.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'pam.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libpwquality.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'pkgconfig.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'e2fsprogs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libutempter.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'cyrus-sasl-lib.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libssh2.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'nss-sysinit.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'nss-pem.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'nss.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'nss-tools.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libcurl.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'curl.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'rpm-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'rpm.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'openldap.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libuser.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'binutils.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'json-c.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'device-mapper.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'kpartx.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'procps-ng.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'util-linux.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'device-mapper-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'cryptsetup-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'dracut.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'kmod.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'elfutils-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'systemd-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'dbus-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'systemd.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'elfutils-default-yama-scope.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'dbus.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libcgroup.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'net-tools.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'policycoreutils.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'gdbm.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-libs.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libselinux-python.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-ipaddress.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-six.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'audit-libs-python.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-markupsafe.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-backports.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-backports-ssl_match_hostname.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-setuptools.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-urllib3.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'PyYAML.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'pyserial.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-IPy.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-babel.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-jinja2.noarch'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'python-prettytable.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-configobj.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'libsemanage-python.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'policycoreutils-python.x86_64'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-jsonpointer.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-jsonpatch.noarch'
HOOK-pkgdowngrades: INFO: DEP: enforcing package installation 'python-chardet.noarch'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'python-requests.noarch'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'cloud-init.x86_64'
HOOK-pkgdowngrades: INFO: DOWNGRADE: enforcing package installation 'vim-minimal.x86_64'
HOOK-pkgdowngrades: INFO: done
Finished. Reboot to start upgrade.
[root@kerneltalks ~]# reboot

Broadcast message from ec2-user@ip-172-31-34-211
        (/dev/pts/0) at 5:41 ...

The system is going down for reboot NOW!

Once command completes it will ask you to reboot the server. Reboot will take a while since upgrade process completes during reboot and then login to system to check.

[root@kerneltalks ~]# cat /etc/*release
Oracle Linux Server release 7.6
NAME="Oracle Linux Server"
VERSION="7.6"
ID="ol"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="7.6"
PRETTY_NAME="Oracle Linux Server 7.6"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:7:6:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://bugzilla.oracle.com/"

ORACLE_BUGZILLA_PRODUCT="Oracle Linux 7"
ORACLE_BUGZILLA_PRODUCT_VERSION=7.6
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=7.6
Red Hat Enterprise Linux Server release 7.6 (Maipo)
Oracle Linux Server release 7.6

And we are upgraded to Ol7.6! You have to read all the reports and messages before you actually hit confirmation to upgrade. This will make your life easy post upgrade!

Issue with tool version

Redhat upgrade tool always looks for the latest OS that is known to it for an upgrade. So if you are using newer tool version and trying to upgrade OS to old version than the version known to the tool then you will see below error –

The installed version of Preupgrade Assistant allows upgrade only to the system version 7.5

I was trying to upgrade to OL 7.4 and tool was looking for 7.5 only. So in such case, you have to downgrade tool version and try.

For OL 7.4 upgrade below version worked for me –

redhat-upgrade-tool-0.7.50-1.0.1.el6.noarch.rpm

If you use any version below 0.7.50, it will land you up in issue where you see lots of couldn’t add media errors and failed to open file errors in the console –

Warning: couldn't add media/Packages/dracut-network-033-502.0.1.el7.x86_64.rpm to the transaction
Warning: failed to open file /sysroot/var/lib/system-upgrade/media/Packages/xulrunner-31.6.0-2.0.1.el7_1.x86_64.rpm

If you use any version above 0.7.50, you will land in the issue explained above. Decompress kernel modules capability introduced in 0.7.50 makes it best bet in the above-explained scenario.

Few redhat-upgrade-tool versions mapping with their supported upgrades.

redhat-upgrade-tool-0.7.48-1.0.2.el6.noarch.rpmallows upgrade only to the system version 7.5
redhat-upgrade-tool-0.7.49-1.0.2.el6.noarch.rpmallows upgrade only to the system version 7.5
redhat-upgrade-tool-0.7.51-1.0.2.el6.noarch.rpmallows upgrade only to the system version 7.6
redhat-upgrade-tool-0.7.52-1.0.1.el6.noarch.rpmallows upgrade only to the system version 7.6
redhat-upgrade-tool-0.8.0-4.0.1.el6.noarch.rpmallows upgrade only to the system version 7.6

Running a pod in Kubernetes

In this article we will look at pod concept in Kubernetes

pods in K8s.

What is pod in kubernetes?

The pod is the smallest execution unit in Kubernetes. It’s a single container or group of containers that serve a running process in the K8s cluster. Read what is container? if you are not familiar with containerization.

Each pod has a single IP address that is shared by all the containers within. Also, the port space is shared by all the containers inside.

You can view running pods in K8s by using below command –

$ kubectl get pods
NAME        READY   STATUS    RESTARTS   AGE
webserver   1/1     Running   0          10s

View pod details in K8s

To get more detailed information on each pod, you can run below command by supplying its pod name as argument –

$ kubectl describe pods webserver
Name:         webserver
Namespace:    default
Priority:     0
Node:         node01/172.17.0.9
Start Time:   Sun, 05 Jul 2020 13:50:41 +0000
Labels:       <none>
Annotations:  <none>
Status:       Running
IP:           10.244.1.3
IPs:
  IP:  10.244.1.3
Containers:
  webserver:
    Container ID:   docker://8b260effa4ada1ff80e106fb12cf6e2da90eb955321bbe3b9e302fdd33b6c0d8
    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:21f32f6c08406306d822a0e6e8b7dc81f53f336570e852e25fbe1e3e3d0d0133
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Sun, 05 Jul 2020 13:50:50 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-bjcwg (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  default-token-bjcwg:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-bjcwg
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  25s   default-scheduler  Successfully assigned default/webserver to node01
  Normal  Pulling    23s   kubelet, node01    Pulling image "nginx"
  Normal  Pulled     17s   kubelet, node01    Successfully pulled image "nginx"
  Normal  Created    16s   kubelet, node01    Created container webserver
  Normal  Started    16s   kubelet, node01    Started container webserver

pod configuration file

One can create a pod configuration file i.e. yml file which has all the details to start a pod. K8s can read this file and spin up your pod according to specifications. Sample file below –

$ cat my_webserver.yml
echo "apiVersion: v1
kind: Pod
metadata:
  name: webserver
spec:
  containers:
    - name: webserver
      image: nginx
      ports:
        - containerPort: 80" >my_webserver.yml

Its a single container pod file since we specified specs for only one kind of container in it.

Single container pod

Single container pod can be run without using a yml file. Like using simple command –

$ kubectl run single-c-pod --image=nginx
pod/single-c-pod created
$ kubectl get pods
NAME           READY   STATUS    RESTARTS   AGE
single-c-pod   1/1     Running   0          35s
webserver      1/1     Running   0          2m52s

You can spin the single container pod using simple yml file stated above.

Multiple container pod

For multiple container pods, let’s edit the above yml file to add another container specs as well.

$ cat << EOF >web-bash.yml
apiVersion: v1
kind: Pod
metadata:
  name: web-bash
spec:
  containers:
    - name: apache
      image: httpd
      ports:
        - containerPort: 80
    - name: linux
      image: ubuntu
      ports:
      command: ["/bin/bash", "-ec", "while true; do echo '.'; sleep 1 ; done"]
EOF

In the above file, we are spinning up a pod that has 1 webserver container and another is Ubuntu Linux container.

$ kubectl create -f web-bash.yml
pod/web-bash created
$ kubectl get pods
NAME       READY   STATUS    RESTARTS   AGE
web-bash   2/2     Running   0          12s

How to delete pod

Its a simple delete pod command

$ kubectl delete pods web-bash
pod "web-bash" deleted

How to view pod logs in Kubernetes

I am running a single container pod of Nginx. We will then check pod logs to confirm this messages.

$ kubectl run single-c-pod --image=nginx
pod/single-c-pod created
$ kubectl logs single-c-pod
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up

Content Lifecycle Management in SUSE Manager

How to create custom channels using Content Lifecycle Management in SUSE Manager

CLM in SUSE Manager

In this article, we will discuss Content Lifecycle Management in SUSE Manager for controlling patching in your infrastructure.

What is Content Lifecycle Management in SUSE Manager

Content Lifecycle management is managing how patches flow through your infra in a staged manner. In ideal infra, the latest patches will always be applied on development servers. If everything is good there then those patches will be applied to QA servers and lastly to production servers. This enables sysadmins to catch issues if any and hence preventing patching of the prod system which may create downtime of live environments.

SUSE Manager gives you this control via the content lifecycle. In this, you create custom channels in SUSE Manager for example dev, QA and prod. Then you register your systems to those channels according to their criticality. Now whenever channels get the new patches it will be available to respective systems (registered to those channels) to install. So if you control channels you control the patch availability to systems.

In content lifecycle management, SUSE manager enables you to push patches to channels manually. Like on first deploy all latest patches will be available to dev channels and hence dev systems. At this stage, if you run update commands (zypper up, yum update) they will show the latest patches only on dev servers. QA and prod servers won’t show any new patches.

Once dev is found to be ok after updates, you can go and manually promote patches to QA so now QA channels will have new latest patches and hence QA servers. Finally the same for prod. This is how you control and hence manage the patch lifecycle using SUSE Manager.

If it found confusing to you then go through the below process and screenshots, it will be more clear for you.

How to create custom channels in SUSE Manager

Now we will start with Content Lifecycle Management in SUSE Manager we setup. Log in to SUSE Manager and navigate to Content Lifecycle > Projects and click Create Project button.

Creating a project in Content Lifecycle Management of SUSE Manager

You will be presented with the below page: Fill in all relevant details and hit Create button. You can create a project for each flavor of Linux you have in your infra. For example, you can create projects for Suse Linux 11, Suse Linux 12, Suse Linux 12 sp 3, etc. So that you can select respective source channels in each of these projects and keep your SUSE Manager organized.

In our SUSE Manager, I synced only one product channels i.e. of Suse Linux 15 so I simply keyed in patch deploy as a name.

New Project in SUSE Manager CLM

Once the project is created, you will be prompted to add source channels to it. Means from those channels packages, updates will be sourced (from SUSE) and distributed to your project channels.

These source channels are the ones you synced during initial setup of SUSE Manager. Read how to sync SUSE product channels in SUSE Manager for more details. So you need to select channels from these ones according to project requirement. Like for project Suse Linux 11 select only source channels of Suse Linux 11 and so on.

Click Attach/Detach sources to do that.

How to attach source channels in the SUSE Manager project

Now you can see in the below screenshot that only Suse Linux 15 channels are available for me to select since I synced only the Suse Linux product channel in the initial setup. You will see here all the products which you have synced.

Select product channels

Once selected and clicked save you will see sources are updated with your selected channel list. Also, notice that version history details under Project properties are set to version 1 (draft - Not built)

Project version history

Now its time to add your destination! This means to create environments. As I explained earlier here we will flow patches from dev to QA to prod. So here it is where you define this hierarchy. In the interest of time, we will follow from dev to prod only.

So we will create the environment as dev and prod as below by clicking Add Environment button –

Create an environment

Once done you can see as below, dev and prod environments and buttons Build and Promote. Whereas version is marked as not built for all of them.

So you have to start patch flow now. As of now, all the latest patches are in source channels. Once you click Build button below they will be made available to the dev environment. Basically it will create child channels for dev where all these patches will be made available from source channel.

Build project in SUSE Manager

Once you click Build button you will see below version keeper window where you can add a version message note so that it will be easy to remember the purpose of this channel syncs or date/time of sync etc.

Start building the first environment

It will take time depending on the number of channels, number of patches within, size of them and of course your internet bandwidth! As Don Vosburg from SUSE commented below – ” This process is database intensive – so having the Postgres database on SSD helps speed it up a bit! “

The first environment built!

Patches will be built in new custom channels and only then you will be able to Promote them to the next stage.

What do you mean by promoting patches?

So once build is completed, the latest patches are now available to dev environment from source channels via custom channels. But still, the next environment i.e. prod still don’t have them. At this stage, you can install/test them on dev servers and isolate prod servers from them in case of any issues. If everything is working fine after installing/testing then you can promote them to the next environment (here its prod) and then all latest patches will be made available to the prod environment via custom channels.

You can then click Promote button and the same way they will be synced to the next environment.

View custom channels in SUSE Manager

Now we built and promoted; dev and prod environments. I said they will have now custom channels through which the latest patches will be made available to respective environments. So its time to check these new custom channels created by content lifecycle management.

Navigate to Software > Channel List > All

You can see below dev and prod channel of project year-1 listed there. Where the provider is Personal. Remember, we added our organization name as Personal in our initial SUSE Manager setup.

That’s all for this article! We created new custom channels in SUSE Manager via Content Lifecycle Management feature. Using this feature we able to control the latest patches availability to different environments.

The next step is to create Activation Keys for these custom channels which can be used to register client systems to these channels in your infra.

SUSE Manager 4 Setup Configuration

Step by step setup of SUSE Manager Server 4.0 configuration

SUSE Manager server 4 setup

In our previous post of SUSE Manager server installation, we walked you through how to install SUSE Manager step by step including screenshots. In this article, we will walk you through the SUSE Manager 4.0 configuration setup.

Considering you have the system installed with SUSE Manager package you can proceed to start SUSE Manager setup by running below command –

kerneltalks:~ # yast2 susemanager_setup

If you see an error saying No such client module susemanger_setup then you must not have susemanger package installed. Install it using zyapper in susemanager command and you will be able to run above setup command.

Once run, you will be presented with a text-based GUI setup and we will go through it step by step along with screenshots.

Obviously keep in mind you completed the disk space requirements before you start setup. Those are explained in the pre-requisite on the SUSE documentation.

SUSE Manager Setup

The first screen to choose the type of setup which is a pretty obvious choice.

The first screen of the setup

On the second screen, you will be asked to enter the SUSE Manager Administrator email address.

Admin email address

On the next screen, you need to provide details to create an SSL certificate of SUSE Manager.

Certificate setup

Now it will ask you for database details to be set. You can choose the database user of your choice.

Database settings

At this stage, all inputs have been collected and setup is ready to complete configurations. It still gives you another chance to modify your responses in answer file and run setup manually later in below window.

The setup is ready!

We made the obvious choice and hit the Yes button. Now, it will setup the SUSE manager and show you output as it goes. Finally, the SUSE Manager setup will be completed as below.

Setup is completed!

Hit Next and you will be shown web URL which can be used to administrator your SUSE Manager along with the instruction to create an account first.

SUSE Manager is configured!

SUSE Manager web console

As given in the last screen of setup, open your browser and head to the URL mentioned. Since I installed in VirtualBox, I used port forwards and opened it on loopback IP –

SUSE Manager console first page!

You need to fill in all the details to create your SUSE Administrator user and hit ‘Create Organization‘ button at the end of the page. And you are done! You will see below home page of the SUSE Manager console.

SUSE Manager console home page

Now your SUSE Manager setup is completed and you have web page console from where you can manage your SUSE Manager.

As very next step after this setup completion is to add subscription details to it and sync product channels so that it can be used in your organization for patching. We have covered it here in how to add product channels in SUSE Manager

How to start, stop and reload postfix

This is a quick post that lists commands to start, stop postfix service.

postfix service in Linux

Postfix is a free and open-source mailing service. It was developed by IBM and is a common alternative to Sendmail service.

How to start, stop and reload postfix mail service

You can use postfix command directly or you can use OS service management commands.

[root@kerneltalks ~]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@kerneltalks ~]# postfix stop
postfix/postfix-script: stopping the Postfix mail system
[root@kerneltalks ~]# postfix reload

Using systemctl or service command to control postfix service.

[root@kerneltalks ~]# service postfix start
Redirecting to /bin/systemctl start postfix.service
[root@kerneltalks ~]# service postfix stop
Redirecting to /bin/systemctl stop postfix.service
[root@kerneltalks ~]# systemctl start postfix
[root@kerneltalks ~]# systemctl stop postfix

IPv6 error in postfix

Sometimes you see below error while dealing with postfix service.

[root@kerneltalks ~]# postfix start
postfix: fatal: parameter inet_interfaces: no local interface found for ::1

This is due to your system is using IPv6 as well along with IPv4. If you don’t need IPv6 then you can safely disable IPv6 and then restart postfix service to resolve the above error.

Another way is to disable postfix IPv6 support and get rid of this error. To do that you need to edit /etc/postfix/main.cf configuration file and change inet_protocols to ipv4.

[root@kerneltalks ~]# vi /etc/postfix/main.cf
#inet_protocols = all 
inet_protocols = ipv4 

Save changes and restart postfix service.

SUSE Manager Server 4 installation with screenshots

SUSE Manager 4 server installation walkthrough along with screenshots.

SUSE Manager server 4 Installation!

This is SUSE Manager 4 installation walk-through which was done in Oracle VM VirtualBox Manager. The whole installation process can be split into below phases –

  1. Subscription procurement
  2. Installation with DVD
  3. Booting it first time

Let’s go through one by one without any further delay.

Subscription Procurement

The first thing is you need to have a subscription for using the SUSE Manager module. For this exercise, I procured a free 60 days subscription from SUSE. You can navigate to the product page and get a “60 Day free trial” license. You will get to download one Installer DVD after sign up like below.

If you are trying to set up SUSE Manager in corporate setup then your company must have already procured licenses for the same. You can get required subscription details from the respective team. Or you can click buy now on the product page and walk through the purchase procedure.

Suse Manager 4 download page

Once you have downloaded the DVD, its time to boot server with this DVD. Make sure your server meets specified hardware requirements as stated herein the documentation.


Installation with DVD

Once your system is ready and DVD is downloaded, boot system with DVD. Halt at below screen and press F4 if you want to configure a proxy for an internet connection during setup. If you have direct internet access then skip it.

Suse Manager 4 boot screen

Proceed with installation after proxy config (if applicable) and select product SUSE manager 4 on the next screen.

Product selection screen

Click Next. On the next screen accept the license terms and click next. You will be prompted with a registration window.

Suse registration window

Fill in your registration details. Here you can configure the network by clicking the ‘network configuration’ box above. It will open up the standard SUSE network configuration setup. You can set up IP details, hostname, DNS here so that your system can go online on the network and access the internet for registration. Click next and your system will be registered to SUSE.

After successful registration, you will be offered to enable repositories. Choose accordingly. I prefer to enable them during installation to receive the latest updates.

Post that you will be prompted to select SUSE manager extensions and modules to install. Mandatory are selected already.

Suse manager module selection

After selection click, next and setup will register modules to SUSE. Remember previous registration was for system and this one is for module/extensions you selected.

On the next screen, you will be prompted to select any add on products you want. I would skip it and click next. It will ask for a system role in the next window.

Select server role

The choice is obvious here! Select the SUSE manager server and proceed. On the next screen disk partitioning can be done.

Since this is my test system I will go with the default FS layout which setup offers. You can create a custom layout with expert partitioned here. Especially you need to check /var/lib/pgsql and /var/spacewalk sizes since all patch data going to be dumped here by SUSE Manager.

This followed by “Clone & timezone”, “Local User”, “Root password” standard screens which you normally see during any Linux install. I am skipping their screenshots here.

Finally, you will be greeted with an installation summary. Verify things here and change if you want to like firewall etc. and hit ‘Install’ to start the installation.

Suse manager installation summary

Now you can see packages are being downloaded from SUSE and then being installed. If you remember we used only 600+ MB DVD to boot system so its obvious it did not have whole OS packages in it. So setup will download packages and complete installation.

Suse manager installation

Once installation complete, the system will reboot and you are good to login.


Booting it first time

After the system reboot, type in below command to start the SUSE Manager setup!

kerneltalks:~ # yast2 sysemanager_setup 

SUSE Manager setup will begin in text mode GUI which we will walk you through in our next post.

You can verify different susemanager packages are installed on the system using rpm -qa |grep susemanager command. Unless susemanager package is installed on server, the above command won’t work. It will throw below error :

No such client module susemanger_setup

It happens mostly when you choose not to register system during setup and opt to install a system with another packages ISO (when your system don’t have internet access). In that case, you just need to register your system with SUSE first and then install susemanager package using zypper and you are good to go.

Follow the next article which explains how to configure SUSE Manager Server 4.0