-
Notifications
You must be signed in to change notification settings - Fork 1
Offline Upgrading Photon OS 3.0 to 5.0
UNFINISHED - USE AT YOUR OWN RISK
Offline upgrading Photon OS virtual machines isn't difficult, but it isn't described in the docs because the initial situation, configuration and installed applications lead rapidly to environment-specific cascades. To get an idea of so-called airgap server deployment topologies, have a look to VMware By Broadcom Telco Cloud Automation in which the commercial version of Photon OS is in use as subsystem, see https://docs.vmware.com/en/VMware-Telco-Cloud-Automation/1.9.5/com.vmware.tca.userguide/GUID-27304C0A-2D5C-4E99-8932-E7FE08B92D31.html and the follow-up chapters. The concept and a few commands in the guide are reusable for the open-source version of Photon OS as well.
The offline upgrade requirement isn't new and traces can be found here, here and here.
The following 5-steps-guide is a slightly different approach to not use any network on the target environment. Basically it populates a virtual disk with packages and - after the virtual disk has been transported and attached to the target virtual machine - the upgrade is applied from the repositories on that mounted virtual disk.
Remarks:
- Specify $basearch, if target virtual machine $HOSTTYPE is different to helper virtual machine cpu architecture.
- The virtual machine virtual hardware remains unchanged, still MBR boot-mode, no secure boot.
A. Create a Photon OS 5.0 helper virtual machine with VMware Photon OS packages connectivity.
- Consider the same virtual hardware as the Photon OS 3.0 target virtual machine. If using e.g. https://packages.vmware.com/photon/5.0/GA/ova/photon-hw15-5.0-dde71ec57.x86_64.ova, the virtual hardware of the 3.0 virtual machine must be upgraded at least to virtual hardware 15.
- 2vcpu, 2gb ram
- Consider a 250GB hard disk. The following recipe syncs a lot of repo files. Storing all versions of any packages is unoptimized, but I haven't found an optimized logic yet.
B. Add the Photon OS repositories 3.0, 4.0 and 5.0 and do a reposync.
Hint: The following code snippet adds all repositories but 3.0 GA-, iso- and debuginfo-repos.
cat > /etc/yum.repos.d/photon-extras_3.0.repo << "EOF-extras_3.0"
[photon-extras-3.0-$basearch]
name=VMware Photon Linux Extras 3.0 ($basearch)
baseurl=https://packages.vmware.com/photon/3.0/photon_extras_3.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
skip_md_filelists=1
EOF-extras_3.0
cat > /etc/yum.repos.d/photon-updates_3.0.repo << "EOF-updates_3.0"
[photon-updates-3.0-$basearch]
name=VMware Photon Linux 3.0 ($basearch) Updates
baseurl=https://packages.vmware.com/photon/3.0/photon_updates_3.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-updates_3.0
cat > /etc/yum.repos.d/photon-srpms_3.0.repo << "EOF-srpms_3.0"
[photon-srpms-3.0-$basearch]
name=VMware Photon Linux 3.0 ($basearch) Source Packages
baseurl=https://packages.vmware.com/photon/3.0/photon_srpms_3.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=0
skip_if_unavailable=1
skip_md_filelists=1
EOF-srpms_3.0
cat > /etc/yum.repos.d/photon-release_3.0.repo << "EOF-release_3.0"
[photon-release-3.0-$basearch]
name=VMware Photon Linux 3.0 ($basearch)
baseurl=https://packages.vmware.com/photon/3.0/photon_release_3.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-release_3.0
cat > /etc/yum.repos.d/photon-extras_4.0.repo << "EOF-extras_4.0"
[photon-extras-4.0-$basearch]
name=VMware Photon Linux Extras 4.0 ($basearch)
baseurl=https://packages.vmware.com/photon/4.0/photon_extras_4.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
skip_md_filelists=1
EOF-extras_4.0
cat > /etc/yum.repos.d/photon-updates_4.0.repo << "EOF-updates_4.0"
[photon-updates-4.0-$basearch]
name=VMware Photon Linux 4.0 ($basearch) Updates
baseurl=https://packages.vmware.com/photon/4.0/photon_updates_4.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-updates_4.0
cat > /etc/yum.repos.d/photon-srpms_4.0.repo << "EOF-srpms_4.0"
[photon-srpms-4.0-$basearch]
name=VMware Photon Linux 4.0 ($basearch) Source Packages
baseurl=https://packages.vmware.com/photon/4.0/photon_srpms_4.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=0
skip_if_unavailable=1
skip_md_filelists=1
EOF-srpms_4.0
cat > /etc/yum.repos.d/photon-release_4.0.repo << "EOF-release_4.0"
[photon-release-4.0-$basearch]
name=VMware Photon Linux 4.0 ($basearch)
baseurl=https://packages.vmware.com/photon/4.0/photon_release_4.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-release_4.0
cat> /etc/yum.repos.d/photon-extras_5.0.repo << "EOF-extras_5.0"
[photon-extras-5.0-$basearch]
name=VMware Photon Linux Extras 5.0 ($basearch)
baseurl=https://packages.vmware.com/photon/5.0/photon_extras_5.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
skip_md_filelists=1
EOF-extras_5.0
cat > /etc/yum.repos.d/photon-updates_5.0.repo << "EOF-updates_5.0"
[photon-updates-5.0-$basearch]
name=VMware Photon Linux 5.0 ($basearch) Updates
baseurl=https://packages.vmware.com/photon/5.0/photon_updates_5.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-updates_5.0
cat > /etc/yum.repos.d/photon-srpms_5.0.repo << "EOF-srpms_5.0"
[photon-srpms-5.0-$basearch]
name=VMware Photon Linux 5.0 ($basearch) Source Packages
baseurl=https://packages.vmware.com/photon/5.0/photon_srpms_5.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=0
skip_if_unavailable=1
skip_md_filelists=1
EOF-srpms_5.0
cat > /etc/yum.repos.d/photon-release_5.0.repo << "EOF-release_5.0"
[photon-release-5.0-$basearch]
name=VMware Photon Linux 5.0 ($basearch)
baseurl=https://packages.vmware.com/photon/5.0/photon_release_5.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-release_5.0
chmod 644 /etc/yum.repos.d/*.repo
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-extras_3.0.repo /etc/yum.repos.d/photon-updates_3.0.repo /etc/yum.repos.d/photon-srpms_3.0.repo /etc/yum.repos.d/photon-release_3.0.repo
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-extras_4.0.repo /etc/yum.repos.d/photon-updates_4.0.repo /etc/yum.repos.d/photon-srpms_4.0.repo /etc/yum.repos.d/photon-release_4.0.repo
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-extras_5.0.repo /etc/yum.repos.d/photon-updates_5.0.repo /etc/yum.repos.d/photon-srpms_5.0.repo /etc/yum.repos.d/photon-release_5.0.repo
# Disable repo which were configured during installation of the helper vm
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-debuginfo.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-extras.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-iso.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-updates.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-release.repo
tdnf makecache
tdnf reposync
Reposync takes hours.
C. Shutdown the helper virtual machine. Transport its virtual disk to the air-gapped target environment.
A. Perform a backup.
B. Consider the upgrade first in an air-gapped test environment with the backuped target Photon OS virtual machine.
C. Attach the helper virtual disk to the offline 3.0 target virtual machine.
The tested offline target is a Photon OS 3.0 GA virtual machine without floppy disk, without network adapter and without cd/dvd.
A. Notice the added virtual disk.
fdisk -l
B. Mount the attached virtual disk e.g. on /dev/sdb3
mkdir /mnt/local
mount /dev/sdb3 /mnt/local
C. Configure the local repositories.
chmod 644 -R /mnt/local/root/photon-extras-4.0-x86_64
chmod 644 -R /mnt/local/root/photon-extras-5.0-x86_64
chmod 644 -R /mnt/local/root/photon-release-3.0-x86_64
chmod 644 -R /mnt/local/root/photon-release-4.0-x86_64
chmod 644 -R /mnt/local/root/photon-release-5.0-x86_64
chmod 644 -R /mnt/local/root/photon-updates-3.0-x86_64
chmod 644 -R /mnt/local/root/photon-updates-4.0-x86_64
chmod 644 -R /mnt/local/root/photon-updates-5.0-x86_64
rpm -ivh /mnt/local/root/photon-updates-3.0-x86_64/x86_64/createrepo_c-0.11.1-5.ph3.x86_64.rpm
createrepo /mnt/local/root/photon-extras-4.0-x86_64
createrepo /mnt/local/root/photon-extras-5.0-x86_64
createrepo /mnt/local/root/photon-release-3.0-x86_64
createrepo /mnt/local/root/photon-release-4.0-x86_64
createrepo /mnt/local/root/photon-release-5.0-x86_64
createrepo /mnt/local/root/photon-updates-3.0-x86_64
createrepo /mnt/local/root/photon-updates-4.0-x86_64
createrepo /mnt/local/root/photon-updates-5.0-x86_64
cat > /etc/yum.repos.d/photon-updates_3.0.repo << "EOF-updates_3.0"
[Local photon-updates 3.0 $basearch]
name=Local VMware Photon Linux 3.0 ($basearch) Updates
baseurl=file:///mnt/local/root/photon-updates-3.0-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-updates_3.0
cat > /etc/yum.repos.d/photon-release_3.0.repo << "EOF-release_3.0"
[Local photon-release 3.0 $basearch]
name=Local VMware Photon Linux 3.0 ($basearch)
baseurl=file:///mnt/local/root/photon-release-3.0-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-release_3.0
cat > /etc/yum.repos.d/photon-extras_4.0.repo << "EOF-extras_4.0"
[Local photon-extras 4.0 $basearch]
name=Local VMware Photon Linux Extras 4.0 ($basearch)
baseurl=file:///mnt/local/root/photon-extras-4.0-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-extras_4.0
cat > /etc/yum.repos.d/photon-updates_4.0.repo << "EOF-updates_4.0"
[Local photon-updates 4.0 $basearch]
name=Local VMware Photon Linux 4.0 ($basearch) Updates
baseurl=file:///mnt/local/root/photon-updates-4.0-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-updates_4.0
cat > /etc/yum.repos.d/photon-release_4.0.repo << "EOF-release_4.0"
[Local photon-release 4.0 $basearch]
name=Local VMware Photon Linux 4.0 ($basearch)
baseurl=file:///mnt/local/root/photon-release-4.0-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-release_4.0
cat > /etc/yum.repos.d/photon-extras_5.0.repo << "EOF-extras_5.0"
[Local photon-extras 5.0 $basearch]
name=Local VMware Photon Linux Extras 5.0 ($basearch)
baseurl=file:///mnt/local/root/photon-extras-5.0-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-extras_5.0
cat > /etc/yum.repos.d/photon-updates_5.0.repo << "EOF-updates_5.0"
[Local photon-updates 5.0 $basearch]
name=Local VMware Photon Linux 5.0 ($basearch) Updates
baseurl=file:///mnt/local/root/photon-updates-5.0-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-updates_5.0
cat > /etc/yum.repos.d/photon-release_5.0.repo << "EOF-release_5.0"
[Local photon-release 5.0 $basearch]
name=Local VMware Photon Linux 5.0 ($basearch)
baseurl=file:///mnt/local/root/photon-release-5.0-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-release_5.0
chmod 644 /etc/yum.repos.d/*.repo
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-updates_3.0.repo /etc/yum.repos.d/photon-release_3.0.repo
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-extras_4.0.repo /etc/yum.repos.d/photon-updates_4.0.repo /etc/yum.repos.d/photon-release_4.0.repo
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-extras_5.0.repo /etc/yum.repos.d/photon-updates_5.0.repo /etc/yum.repos.d/photon-release_5.0.repo
# Disable all original repos
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-debuginfo.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-extras.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-iso.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-updates.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-extras_5.0.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-updates_5.0.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-release_5.0.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-extras_4.0.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-updates_4.0.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-release_4.0.repo
# Actually only the two offline provided 3.0 repos are available
# photon-updates_3.0.repo
# photon-release_3.0.repo
tdnf makecache
A. Save the status before upgrade for debug purposes.
cat /etc/photon-release
uname -a
systemctl list-unit-files --all 2>/dev/null
networkctl
resolvectl
iptables --list
docker container ls
ls -ll /etc/yum.repos.d/
ls -ll /etc/systemd/network
B. Apply a 3.0 distro-sync
tdnf update tdnf -y
# solve conflict before distro-sync
tdnf remove bc -y --releasever=3.0
tdnf distro-sync -y --releasever=3.0
C. Make virtual disk mount permanently.
tdnf install awk -y
cp /etc/fstab /etc/fstab.org
UUID=`blkid /dev/sdb3 | awk '{ print $2 }' | awk -F '=' '{ print $2}' | awk -F '"' '{ print $2}'`
echo "UUID=$UUID /mnt/local ext4 defaults 0 2">>/etc/fstab
D. Apply the upgrade to 4.0
# remove packages which cause issues on upgrade e.g. liota
tdnf remove -y liota
tdnf install -y photon-upgrade
# Enable 4.0 repos
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/photon-extras_4.0.repo
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/photon-updates_4.0.repo
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/photon-release_4.0.repo
tdnf clean all
tdnf makecache
/usr/bin/photon-upgrade.sh --upgrade-os --assume-yes
E. Reboot
Proceed a reboot
.
F. Apply the upgrade to 5.0
tdnf install -y photon-upgrade
# Enable 5.0 repos
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/photon-extras_5.0.repo
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/photon-updates_5.0.repo
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/photon-release_5.0.repo
# Disable 3.0 repos
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-extras_3.0.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-updates_3.0.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-srpms_3.0.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-release_3.0.repo
tdnf clean all
tdnf makecache
/usr/bin/photon-upgrade.sh --upgrade-os --assume-yes --to-ver=5.0
G. Reboot
Proceed a reboot
.
H. Save the status after upgrade for debug purposes.
cat /etc/photon-release
uname -a
systemctl list-unit-files --all 2>/dev/null
networkctl
resolvectl
iptables --list
docker container ls
ls -ll /etc/yum.repos.d/
ls -ll /etc/systemd/network
A. Check configuration, applications' functionality.
B. Cleanup of the local repositories.
```
rm -f /etc/yum.repos.d/photon*_3.0.repo
rm -f /etc/yum.repos.d/photon*_4.0.repo
rm -f /etc/yum.repos.d/photon-extras.repo
rm -f /etc/yum.repos.d/photon-iso.repo
rm -f /etc/yum.repos.d/photon-release.repo
rm -f /etc/yum.repos.d/photon-srpms.repo
rm -f /etc/yum.repos.d/photon-debuginfo.repo
rm -f /etc/yum.repos.d/photon-updates.repo
tdnf makecache --releasever=5.0
```
C. Install additional software e.g.
tdnf install open-vm-tools -y --releasever=5.0
D. Delete snapshot(s) if not needed anymore.
E. Apply the recipe in production.
Before, consider the following TODO list.
- How to copy the repo to the first disk and to relink the packages before detaching the virtual disk.
- For testing purposes, the custom recipe syncs lot of packages from packages.vmware.com/photon. Hence the disk file needed is 250GB. How to identify only necessary packages 3.0, 4.0 and 5.0 ?
- The custom recipe requires that the virtual disk with packages is attached, but it doesn't copy the packages to the local disk. Hence it is not possible yet to get rid of the attached virtual disk. How to relink copied packages as '@system' ?
- gpgcheck isn't implemented, no cert-checks.
- Differences between a vanila Photon OS 5.0 and an upgraded system? [fill-in observations]