CurryTech

Upgrade OS to CentOS 7

Curry -

Upgrade OS to CentOS 7

[[+Home]] | [[Procedure MOC]] | Tags:: #CentOS7

1. VM Setup

Basic host settings

nano -w /etc/hosts
hostname usdc1prdcoh04.ecvision.com
nano -w /etc/hostname

Add new partitions or extend /opt (LVM)

Steps:

echo "- - -" >  /sys/class/scsi_host/host0/scan
fdisk -l /dev/sdb
pvcreate /dev/sdb1
pvs
vgextend  DataVG1 /dev/sdb1
vgs
lvextend -l +100%FREE /dev/mapper/DataVG1-DataLV1
xfs_growfs  /dev/mapper/DataVG1-DataLV1

Change timezone

Steps:

rm /etc/localtime
ln -s /usr/share/zoneinfo/US/Eastern /etc/localtime

2. Pre-install softwares

yum -y install nano or wget http://mirror.centos.org/centos/7/os/x86_64/Packages/nano-2.3.1-10.el7.x86_64.rpm

Upgrade Sudo (CentOS7)

rpm -Uvh sudo-1.8.23-10.el7_9.1.x86_64.rpm

Install mailx (Optional)

yum -y install mailx

Unison (Optional)

yum -y install unison

3. VM pre-configuration and Data migration

Migrate Users from Old VM to New VM

/etc/passwd

##/etc/group

/etc/shadow

Synchronize data to New VM

rsync -r -a -v -e "ssh -l root" --delete --exclude gfs --exclude glusterfs /opt/ 10.201.24.x:/opt rsync -r -a -v -e "ssh -l root" --delete /home/ 10.201.24.x:/home rsync -r -a -v -e "ssh -l root" --delete /root/ 10.201.24.x:/root rsync -r -a -v -e "ssh -l root" --delete /var/www/html/ 10.201.24.x:/var/www/html rsync -r -a -v -e "ssh -l root" --delete /ITWorkspace/ 10.201.24.x:/ITWorkspace/ rsync -r -a -v -e "ssh -l root" --delete /etc 10.201.24.x:/root/

(Optional) rsync -r -a -v -e "ssh -l root" --delete /tmp/ 10.201.24.x:/tmp rsync -r -a -v -e "ssh -l root" --delete /usr/java/ 10.201.24.x:/usr/java rsync -r -a -v -e "ssh -l root" --delete /usr/java 10.201.24.x:/usr/java/

Overwrite settings from old VM to new VM

rc.local

cp /root/etc/rc.local /etc/rc.local chmod +x /etc/rc.d/rc.local

Cron Jobs

cp /root/etc/crontab /etc/crontab crontab -l

Create Symbolic link

mkdir /opt/glusterfs ln -s /opt/glusterfs /opt/gfs

Migrate Settings /etc/fstab

Check GFS and NFS

Compare and Change php-fpm parameters (Optional)

less /etc/php-fpm.d/www.conf e.g. pm.max_children = 38

service php-fpm restart service php-fpm status

Compare and Change php.ini parameters (Optional)

less /etc/php.ini

Check and change Java version

  1. java -version
  2. Change Java default version alternatives --install /usr/bin/java java /usr/java/jdk1.6.0_211/bin/java 400 alternatives --install /usr/bin/javac javac /usr/java/jdk1.6.0_211/bin/javac 400
  3. run below and choose java 1.6 alternatives --config java

Check and records any manual scripts

e.g. nohup /ITWorkspace/scripts/sync_csjob.sh &

Change file (authorized key) under /root/.ssh/

The filename on CentOS7 should be authorized_keys, without the "2"

4. Post installation

Install LDAP

https://confluence.dev.e2open.com/display/SCCIT/OS+LDAP+authentication

yum install -y adcli realmd samba-common-tools sssd sssd-common rpm -i http://devportal.ecvision.com/centos7/x86_64/ldap-client-config-1-3.el7.centos.x86_64.rpm

Install Wazuh

https://confluence.dev.e2open.com/display/SCCIT/Wazuh+Server+Implementation#WazuhServerImplementation-WazuhAgent(Manually;NotbyAnsible)

rpm --import http://packages.wazuh.com/key/GPG-KEY-WAZUH cat > /etc/yum.repos.d/wazuh.repo <<\EOF [wazuh_repo] gpgcheck=1 gpgkey=https://packages.wazuh.com/key/GPG-KEY-WAZUH enabled=1 name=Wazuh repository baseurl=https://packages.wazuh.com/3.x/yum/ protect=1 EOF

WAZUH_MANAGER_IP="10.1.132.237" yum -y install wazuh-agent sed -i "s/^enabled=1/enabled=0/" /etc/yum.repos.d/wazuh.repo

Install Cylance

5. Production Deployment

5.1 Disable Public access 5.2 Shutdown OLD wildfly 5.3 Stop Cron Jobs/Tasks 5.4 Unmount NFS/GFS 5.5 Rsync delta to new VM 5.6 Swap VM IP address 5.7 Migrate crontab settings 5.8 Double check folder owners (/opt/*, /home) 5.9 Change IP address on /etc/hosts 5.10 Check/Update all mount point settings(/etc/fstab) 5.11 Start new VM Wildfly 5.12 nohup /ITWorkspace/scripts/sync_csjob.sh & 5.13 Change ADC Settings

  • Add New Nodes
  • Clear ADC cache 5.14 Enable Public access

6. Verification

a. Test SFTP connection with account login b. Monitor if any wsimport wsdl from customers (Optional) c. Verification steps from PD/CIT team d. Login system Frontend and Backend by URL e. Check any IF Integration (Optional)