Archive 2017年5月31日

CentOS 6.5升级至CentOS 7完整步骤及注意事项

留下评论

一 背景:

1 公司内部大量开发、测试、UAT环境机器都是CentOS 6.5的物理机/虚拟机;
2 公司在阿里云上的ECS机器环境同样多数为CentOS 6.5;
3 近期,公司内部在推Docker技术,而相对稳定且版本不至于太低的docker,需要部署在至少RHEL/CentOS 7.0以上版本的操作系统上。

二 说明:

本文档用于记录升级Centos 6.5到CentOS 7.2版本的操作步骤,以及升级后带来的问题和解决办法。升级前,本机的OS版本、内核版本、文件系统信息如下:

[root@dev-middleware ~]# cat /etc/redhat-release 
CentOS release 6.5 (Final)
[root@dev-middleware ~]# uname -rm
2.6.32-431.el6.x86_64 x86_64
[root@dev-middleware ~]# df -Th
Filesystem                   Type   Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root ext4    50G   40G  7.2G  85% /
tmpfs                        tmpfs  1.9G     0  1.9G   0% /dev/shm
/dev/sda1                    ext4   485M   32M  428M   7% /boot
/dev/mapper/VolGroup-lv_home ext4   144G  193M  136G   1% /home
[root@dev-middleware ~]#

根据从网络上的获取的相关参考信息,本文档中的内容和步骤并不适用于Centos其它版本6.X升级至CentOS 7的参考。且,该升级是in-place-upgrade的升级方式,即直接在原机上执行升级的操作,存在一定风险。而官方推荐的非in-place-upgrade的方式,即先备份相关的文件和数据,然后安装CentOS 7系统,再恢复还原相关数据的作法,相对比较安全可控。

三 升级:

1 添加1个yum的repo文件:

vi /etc/yum.repo.d/upgrade.repo
内容为:

[upg]
name=CentOS-$releasever - Upgrade Tool
baseurl=http://dev.centos.org/centos/6/upg/x86_64/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

2 安装升级工具:

yum install redhat-upgrade-tool preupgrade-assistant-contents

3 执行预升级检查:

preupg -l

preupg -s CentOS6_7

如果有类似下述错误:

I/O warning : failed to load external entity "/usr/share/openscap/xsl/security-guide.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 40 element import
xsl:import : unable to load /usr/share/openscap/xsl/security-guide.xsl
I/O warning : failed to load external entity "/usr/share/openscap/xsl/oval-report.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 41 element import
xsl:import : unable to load /usr/share/openscap/xsl/oval-report.xsl
I/O warning : failed to load external entity "/usr/share/openscap/xsl/sce-report.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 42 element import
xsl:import : unable to load /usr/share/openscap/xsl/sce-report.xsl
OpenSCAP Error:: Could not parse XSLT file '/usr/share/preupgrade/xsl/preup.xsl' [oscapxml.c:416]
Unable to open file /root/preupgrade/result.html
Usage: preupg [options]
preupg: error: [Errno 2] No such file or directory: '/root/preupgrade/result.html'

则,原因是openscap软件包的版本太高。通过下述先删除,再安装的来办法解决:

yum erase openscap
yum install http://dev.centos.org/centos/6/upg/x86_64/Packages/openscap-1.0.8-1.0.1.el6.centos.x86_64.rpm
yum install redhat-upgrade-tool preupgrade-assistant-contents

4 再次执行,预升级检查:

preupg -s CentOS6_7

执行结果:

....
094/096 ...done (NIS server maps check)
095/096 ...done (NIS server MAXUID and MAXGID limits check)
096/096 ...done (NIS server config file back-up)
Assessment finished (time 02:15s)
Result table with checks and their results for main contents:
....

|Content for enabling and disabling services based on CentOS 6 system |needs_action |
---------------------------------------------------------------------------------------------------------------
Tarball with results is stored here /root/preupgrade-results/preupg_results-170510111635.tar.gz .
The latest assessment is stored in directory /root/preupgrade .
Summary information:
We found some potential in-place upgrade risks.
Read the file /root/preupgrade/result.html for more details.
Upload results to UI by command:
e.g. preupg -u http://127.0.0.1:8099/submit/ -r /root/preupgrade-results/preupg_results-*.tar.gz .

执行升级的过程中,可能会有的一些不兼容问题,则都在上述的预升级检查结果中,需要关注并处理。

5 导入仓库的RPM签名证书

 rpm --import http://172.16.11.36/yum/test/RPM-GPG-KEY-CentOS-7

需要说明的是,这里导入的是使用本地搭建的一个yum源的签名证书。这个本地源,是基于从网络上下载的CentOS-7-x86_64-DVD-1611.iso进行搭建的。当然,并不一定非要搭建本地yum源,也可以直接从下载的该ISO文件中,获取RPM-GPG-KEY-CentOS-7,直接在本地机器执行导入。为什么这么做,后面会有详细的解释和说明。
该文件的内容如下:

[root@localhost test]# cat RPM-GPG-KEY-CentOS-7
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.5 (GNU/Linux)

mQINBFOn/0sBEADLDyZ+DQHkcTHDQSE0a0B2iYAEXwpPvs67cJ4tmhe/iMOyVMh9
Yw/vBIF8scm6T/vPN5fopsKiW9UsAhGKg0epC6y5ed+NAUHTEa6pSOdo7CyFDwtn
4HF61Esyb4gzPT6QiSr0zvdTtgYBRZjAEPFVu3Dio0oZ5UQZ7fzdZfeixMQ8VMTQ
4y4x5vik9B+cqmGiq9AW71ixlDYVWasgR093fXiD9NLT4DTtK+KLGYNjJ8eMRqfZ
Ws7g7C+9aEGHfsGZ/SxLOumx/GfiTloal0dnq8TC7XQ/JuNdB9qjoXzRF+faDUsj
WuvNSQEqUXW1dzJjBvroEvgTdfCJfRpIgOrc256qvDMp1SxchMFltPlo5mbSMKu1
x1p4UkAzx543meMlRXOgx2/hnBm6H6L0FsSyDS6P224yF+30eeODD4Ju4BCyQ0jO
IpUxmUnApo/m0eRelI6TRl7jK6aGqSYUNhFBuFxSPKgKYBpFhVzRM63Jsvib82rY
438q3sIOUdxZY6pvMOWRkdUVoz7WBExTdx5NtGX4kdW5QtcQHM+2kht6sBnJsvcB
JYcYIwAUeA5vdRfwLKuZn6SgAUKdgeOtuf+cPR3/E68LZr784SlokiHLtQkfk98j
NXm6fJjXwJvwiM2IiFyg8aUwEEDX5U+QOCA0wYrgUQ/h8iathvBJKSc9jQARAQAB
tEJDZW50T1MtNyBLZXkgKENlbnRPUyA3IE9mZmljaWFsIFNpZ25pbmcgS2V5KSA8
c2VjdXJpdHlAY2VudG9zLm9yZz6JAjUEEwECAB8FAlOn/0sCGwMGCwkIBwMCBBUC
CAMDFgIBAh4BAheAAAoJECTGqKf0qA61TN0P/2730Th8cM+d1pEON7n0F1YiyxqG
QzwpC2Fhr2UIsXpi/lWTXIG6AlRvrajjFhw9HktYjlF4oMG032SnI0XPdmrN29lL
F+ee1ANdyvtkw4mMu2yQweVxU7Ku4oATPBvWRv+6pCQPTOMe5xPG0ZPjPGNiJ0xw
4Ns+f5Q6Gqm927oHXpylUQEmuHKsCp3dK/kZaxJOXsmq6syY1gbrLj2Anq0iWWP4
Tq8WMktUrTcc+zQ2pFR7ovEihK0Rvhmk6/N4+4JwAGijfhejxwNX8T6PCuYs5Jiv
hQvsI9FdIIlTP4XhFZ4N9ndnEwA4AH7tNBsmB3HEbLqUSmu2Rr8hGiT2Plc4Y9AO
aliW1kOMsZFYrX39krfRk2n2NXvieQJ/lw318gSGR67uckkz2ZekbCEpj/0mnHWD
3R6V7m95R6UYqjcw++Q5CtZ2tzmxomZTf42IGIKBbSVmIS75WY+cBULUx3PcZYHD
ZqAbB0Dl4MbdEH61kOI8EbN/TLl1i077r+9LXR1mOnlC3GLD03+XfY8eEBQf7137
YSMiW5r/5xwQk7xEcKlbZdmUJp3ZDTQBXT06vavvp3jlkqqH9QOE8ViZZ6aKQLqv
pL+4bs52jzuGwTMT7gOR5MzD+vT0fVS7Xm8MjOxvZgbHsAgzyFGlI1ggUQmU7lu3
uPNL0eRx4S1G4Jn5
=OGYX
-----END PGP PUBLIC KEY BLOCK-----
[root@localhost test]#

6 执行升级:

 
centos-upgrade-tool-cli --network 7 --instrepo=http://vault.centos.org/centos/7.2.1511/os/x86_64/
setting up repos...
.treeinfo | 1.1 kB 00:00
Preupgrade assistant risk check found risks for this upgrade.
You can run preupg --riskcheck --verbose to view these risks.
Addressing high risk issues is required before the in-place upgrade
and ignoring these risks may result in a broken upgrade and unsupported upgrade.
Please backup your data.
...
...

(276/277): zlib-1.2.7-17.el7.x86_64.rpm | 90 kB 00:00
(277/277): zlib-devel-1.2.7-17.el7.x86_64.rpm | 50 kB 00:00
testing upgrade transaction
rpm transaction 100% [======================================================================================================================================================]
rpm install 100% [==========================================================================================================================================================]
setting up system for upgrade
Finished. Reboot to start upgrade.

7 根据提示,重启升级。

升级后的OS、内核版本、文件系统信息如下:

[root@dev-middleware conf.d]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
[root@dev-middleware conf.d]# uname -rm
3.10.0-327.el7.x86_64 x86_64
[root@dev-middleware conf.d]# df -Th
文件系统 类型 容量 已用 可用 已用% 挂载点
/dev/mapper/VolGroup-lv_root ext4 50G 43G 4.3G 91% /
devtmpfs devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs tmpfs 1.9G 80M 1.8G 5% /run
tmpfs tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/sda1 ext4 477M 110M 338M 25% /boot
/dev/mapper/VolGroup-lv_home ext4 144G 354M 136G 1% /home
[root@dev-middleware conf.d]#

四 遇到的问题,及解决办法

1 Downloading failed: invalid data in .treeinfo: No option ‘upgrade’ in section: ‘images-x86_64’
升级过程中,可能会遇到:No option ‘upgrade’ in section: ‘images-x86_64’:

redhat-upgrade-tool --network 7.0 --force --instrepo  http://mirrors.aliyun.com/centos/7.3.1611/os/x86_64/
setting up repos...
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
 Eg. Invalid release/
removing mirrorlist with no valid mirrors: /var/tmp/system-upgrade/base/mirrorlist.txt
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
 Eg. Invalid release/
removing mirrorlist with no valid mirrors: /var/tmp/system-upgrade/extras/mirrorlist.txt
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
 Eg. Invalid release/
removing mirrorlist with no valid mirrors: /var/tmp/system-upgrade/updates/mirrorlist.txt
No upgrade available for the following repos: base extras updates
.treeinfo                                                                                                                                             |  946 B     00:00     
getting boot images...

Downloading failed: invalid data in .treeinfo: No option 'upgrade' in section: 'images-x86_64'

原因,如果使用互联上的签名文件的话,互联网上的yum源都会有相同的报错,.treeinfo: No option ‘upgrade’ in section: ‘images-x86_64’。即,网上的yum源下的文件.treeinfo里都没有upgrade选项。所以,经过测试,才使用了上述升级步骤中的导入本地rpm签名证书。

2 升级后,遇到nginx启动报错,Starting nginx: /usr/sbin/nginx: error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directory

[root@dev-middleware ~]# systemctl status nginx.service
● nginx.service - LSB: start and stop nginx
Loaded: loaded (/etc/rc.d/init.d/nginx; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since 六 2017-05-27 16:49:28 CST; 5min ago
Docs: man:systemd-sysv-generator(8)

5月 27 16:49:28 dev-middleware systemd[1]: Starting LSB: start and stop nginx...
5月 27 16:49:28 dev-middleware nginx[1661]: Starting nginx: /usr/sbin/nginx: error while loading shared libraries: libpcre.so.0: cannot open shared object file: No such file or directory
5月 27 16:49:28 dev-middleware nginx[1661]: [失败]
5月 27 16:49:28 dev-middleware systemd[1]: nginx.service: control process exited, code=exited status=1
5月 27 16:49:28 dev-middleware systemd[1]: Failed to start LSB: start and stop nginx.
5月 27 16:49:28 dev-middleware systemd[1]: Unit nginx.service entered failed state.
5月 27 16:49:28 dev-middleware systemd[1]: nginx.service failed.
[root@dev-middleware ~]#

解决办法:

a 查找libpcre.so文件
 
[root@dev-middleware ~]# find / -name libpcre.so*
/usr/lib64/libpcre.so.1.2.0
/usr/lib64/libpcre.so
/usr/lib64/libpcre.so.1
/usr/lib64/libpcre.so.0
[root@dev-middleware ~]#
b 创建链接文件
 
[root@dev-middleware ~]# link /usr/lib64/libpcre.so.1 /lib64/libpcre.so.0
c 输出LD_LIBRARY_PATH环境变量
 
[root@dev-middleware ~]# export LD_LIBRARY_PATH=/usr/local/lib:/lib64:$LD_LIBRARY_PATH
[root@dev-middleware ~]# echo $LD_LIBRARY_PATH
/usr/local/lib:/lib64:/usr/lib64:/usr/local/lib:
[root@dev-middleware ~]#
d 相关链接:

链接:
关于共享库找不到:
http://sempike.blogspot.com/2016/02/update-to-centos-7-libpcreso0-no-such.html
关于nginx启动报错:
http://blog.csdn.net/bzhxuexi/article/details/35821121
为防止以后出错,还是把export LD_LIBRARY_PATH=/usr/local/lib:/lib64:$LD_LIBRARY_PATH写入root的profile。

3 升级后,遇到类似问题:/ppas/9.3as/bin/edb-postgres: error while loading shared libraries: libsasl2.so.2: cannot open shared object file: No such file or directory

这是,之前一台运行CentOS 6.5的机器,上面跑着PostgreSQL数据库,升级到CentOS 7版本之后,数据库启动失败。

[enterprisedb@localhost ~]$ pg_ctl start
/ppas/9.3as/bin/edb-postgres: error while loading shared libraries: libsasl2.so.2: cannot open shared object file: No such file or directory
no data was returned by command ""/ppas/9.3as/bin/edb-postgres" -V"
The program "edb-postgres" is needed by pg_ctl but was not found in the
same directory as "/ppas/9.3as/bin/pg_ctl".
Check your installation.
[enterprisedb@localhost ~]$

解决办法:

a root创建链接文件:
 
[root@localhost ~]# find / -name libsasl2.*
/usr/lib64/libsasl2.so.3.0.0
/usr/lib64/libsasl2.so.3
[root@localhost ~]# link /usr/lib64/libsasl2.so.3 /lib64/libsasl2.so.2
b 然后,PostgreSQL数据库用户,输出环境变量:
 
[enterprisedb@localhost ~]$ export LD_LIBRARY_PATH=/usr/lib64/:/lib64
[enterprisedb@localhost ~]$ echo $LD_LIBRARY_PATH
/usr/lib64/:/lib64
[enterprisedb@localhost ~]$ pg_ctl status
pg_ctl: no server running
[enterprisedb@localhost ~]$ pg_ctl start
server starting
[enterprisedb@localhost ~]$ 2017-05-27 17:18:05 CST 日志:

** EnterpriseDB Dynamic Tuning Agent ********************************************
* System Utilization: 100% *
* Database Version: 9.3.11.33 *
* Operating System Version: *
* Number of Processors: 0 *
* Processor Type: *
* Processor Architecture: *
* Database Size: 0.1 GB *
* RAM: 15.5 GB *
* Shared Memory: 15839 MB *
* Max DB Connections: 0 *
* Autovacuum: on *
* Autovacuum Naptime: 60 Seconds *
* InfiniteCache: off *
* InfiniteCache Servers: 0 *
* InfiniteCache Size: 0.000 GB *
*********************************************************************************

2017-05-27 17:18:05 CST 日志: 已加载的库 "$libdir/dbms_pipe"
2017-05-27 17:18:05 CST 日志: 已加载的库 "$libdir/edb_gen"
2017-05-27 17:18:05 CST 日志: redirecting log output to logging collector process
2017-05-27 17:18:05 CST 提示: Future log output will appear in directory "pg_log".

[enterprisedb@localhost ~]$

五 参考链接:

远程升级云服务器系统 CentOS 6.x 至 CentOS 7.x