Red Hat is replacing CentOS 7 with CentOS Stream, and RHEL 7 will reach end of maintenance in the summer of 2024. This leaves admins wondering about upgrade options and what the process looks like.
If you're a RHEL administrator or a developer using CentOS 7 on your company's systems, you might be curious of the options available to move to RHEL 9. There are several approaches to upgrade to RHEL 9, from clean installations to an actual upgrade. It's time to modernize your Red Hat-based systems to take advantage of the latest security, performance and automation opportunities RHEL 9 offers.
Why upgrade to RHEL 9
Key factors to upgrading major versions of RHEL include backward compatibility and new features. Here are a few new items in RHEL 9:
- New automation capabilities.
- Improved metrics for performance monitoring.
- Integration of OpenSSL 3.
- New Security-Enhanced Linux (SELinux) profiles for improved security.
- Improved container management.
- Improved Cockpit features.
- Updated versions of Python, PHP, Ruby, Git and Apache.
- Updated version of GNU Network Object Model Environment for desktop.
Test RHEL 9 with any custom or third-party applications before implementing it in production.
Red Hat typically uses a 10-year lifecycle for its major OS releases. Major OS versions are phased out using the following terms:
- End of Maintenance. Loss of security and bug fix advisories.
- End of Life (EOL). Loss of all support and fixes for the OS.
OS vendors define specific support windows for each version. Systems approaching EOL should move to a more current OS version.
Understand upgrade terminology
You should understand some Red Hat vocabulary before starting. Red Hat differentiates between the following.
- Update. Fixes bugs and adds feature enhancements to minor releases, such as RHEL 8.1 to RHEL 8.2.
- Upgrade. Replaces an existing OS or application with a newer version -- usually a transition from one major version to another, such as RHEL 8 to RHEL 9.
There are two types of upgrades to choose from:
- In-place upgrade. Replaces the older OS with a newer version without removing the original OS, applications or data on the system. Always back up your data before upgrading.
- Clean installation (upgrade). Removes the old OS and applications from the system and may remove existing data. All applications, configurations and data must be restored to the system.
You may also hear the term migration. This refers to changing platforms, such as from one server to another. The goal is often to provide newer hardware with the OS.
Upgrade paths refer to upgrade options between major versions. You cannot skip major versions of RHEL in an in-place upgrade. The current options are to upgrade from RHEL 7 to RHEL 8 or RHEL 8 to RHEL 9. Use the most current minor version as the starting point for an in-place upgrade.
If you're starting fresh with a clean installation, you can install the newest version, regardless of what was on the system before. Remember to back up your data and any key configuration files, like SSH, Apache and networking, before wiping the old system and installing the new one.
Preparation steps to upgrade from RHEL 8 to 9
This article relates specifically to in-place upgrades from RHEL 8 to RHEL 9.
You need a current system backup or VM snapshot before proceeding. The upgrade process should preserve your data, but it is best to run a backup first. Turn off any configuration management tools, like Puppet or Chef, and don't allow Ansible playbooks to run while upgrading. Make sure your system is at RHEL 8.6.
Use the Leapp utility to manage the upgrade, including installing packages and starting the initramfs to conduct the upgrade. The framework includes a pre-upgrade test to report any issues before you begin.
It's possible that the system was upgraded from RHEL 7 to RHEL 8 using this process. If so, there is an older version of Leapp you need to remove. Run this command to remove it:
sudo rm -rf /root/tmp_leapp_py3
Remove any JSON files in /etc/leapp/files. New versions are added when you install Leapp.
The following steps cover the upgrade process. Depending on your system's configuration and your upgrade goals, you may not need all the preparation steps.
1. Confirm the Red Hat subscription status
Comment sudo subscription-manager list --installed. You should receive a message indicating the system is subscribed.
2. Confirm software repositories
The following message indicates both repositories are enabled, ensuring the upgrade can access the software it needs:
sudo subscription-manager repos --enable rhel-8-for-x86_64-baseos-rpms --enable rhel-8-for-x86_64-appstream-rpms
3. Lock the system to version 8.6
This setting keeps additional updates from changing the minor version. The minor version should be set to the following:
sudo subscription-manager release --set 8.6
4. Update the repositories
Update repositories with the sudo dnf update command.
5. Install Leapp, which manages the upgrade process
Install Leapp by typing the command sudo dnf install -y leapp-upgrade.
The current version of Leapp is leapp-upgrade-el8toel9.
6. Remove any application version locks
You may have implemented an application version lock in the past to keep applications from upgrading to a newer version. Clear app version locks by entering sudo dnf versionlock clear.
7. Disable zone drifting in the firewall
Edit the /etc/firewalld/firewalld.conf configuration file. Comment AllowZoneDrifting at the bottom of the file.
Pre-upgrade check with Leapp
The Leapp utility framework tests the repositories to make sure it has everything it needs to conduct the upgrade. Run the pre-upgrade with the command sudo leapp preupgrade --target 9.0.
Leapp writes a report to /var/log/leapp/leapp-report.json. It also prints the results to the screen. All steps should pass before you proceed to the upgrade. There is a Cockpit console plugin for Leapp, which provides a clear view of the upgrade viability.
Upgrade to RHEL 9 with Leapp
You've confirmed all settings and run the pre-upgrade test. Enter the following command to initiate the upgrade using Leapp: sudo leapp upgrade --target 9.0. This allows Leapp to download and install the necessary packages to upgrade the system.
The system should reboot. At the OS selection method, pick RHEL-Upgrade-Initramfs, then press Ctrl-D to begin the upgrade process.
If you didn't receive any errors, your upgrade is complete. To confirm this, run the following commands:
sudo cat /etc/redhat-release
sudo name -r
Next, confirm that the system is associated with your subscription by using the subscription-manager command:
sudo subscription-manager list --installed
RHEL should be displayed. At this point, you can reenable configuration management tools. Check SELinux status, harden the system per your security policy, test all services and applications, and confirm no data was lost.
Try the upgrade process a couple of times on VMs, if possible. That gives you the opportunity to see the commands in action, anticipate timing and familiarize yourself with the commands before upgrading your system.
If you're already moving CentOS and RHEL 7 systems to RHEL 9, consider whether upgrading RHEL 8 devices is also a good idea. Standardization makes support easier.