Skip to content

Offline Upgrading Photon OS 3.0 to 5.0

Jump to bottom
dcasota edited this page Mar 19, 2024 · 81 revisions

UNFINISHED - USE AT YOUR OWN RISK

Offline upgrading Photon OS virtual machines isn't difficult, but it isn't described in the docs because the initial situation, configuration and installed applications lead rapidly to environment-specific cascades. To get an idea of so-called airgap server deployment topologies, have a look to VMware By Broadcom Telco Cloud Automation in which the commercial version of Photon OS is in use as subsystem, see https://docs.vmware.com/en/VMware-Telco-Cloud-Automation/1.9.5/com.vmware.tca.userguide/GUID-27304C0A-2D5C-4E99-8932-E7FE08B92D31.html and the follow-up chapters. The concept and a few commands in the guide are reusable for the open-source version of Photon OS as well.

The offline upgrade requirement isn't new and traces can be found here, here and here.

The following 5-steps-guide is a slightly different approach to not use any network on the target environment. Basically it populates a virtual disk with packages and - after the virtual disk has been transported and attached to the target virtual machine - the upgrade is applied from the repositories on that mounted virtual disk.

Remarks:

  • Specify $basearch, if target virtual machine $HOSTTYPE is different to helper virtual machine cpu architecture.
  • The virtual machine virtual hardware remains unchanged, still MBR boot-mode, no secure boot.

1. Populate 3.0, 4.0 and 5.0 repositories on a Photon OS helper virtual machine

A. Create a Photon OS 5.0 helper virtual machine with VMware Photon OS packages connectivity.

  • Consider the same virtual hardware as the Photon OS 3.0 target virtual machine. If using e.g. https://packages.vmware.com/photon/5.0/GA/ova/photon-hw15-5.0-dde71ec57.x86_64.ova, the virtual hardware of the 3.0 virtual machine must be upgraded at least to virtual hardware 15.
  • 2vcpu, 2gb ram
  • Consider a 250GB hard disk. The following recipe syncs a lot of repo files. Storing all versions of any packages is unoptimized, but I haven't found an optimized logic yet.

B. Add the Photon OS repositories 3.0, 4.0 and 5.0 and do a reposync.

Hint: The following code snippet adds all repositories but 3.0 GA-, iso- and debuginfo-repos.

cat > /etc/yum.repos.d/photon-updates_3.0.repo << "EOF-updates_3.0"
[photon-updates-3.0-$basearch]
name=VMware Photon Linux 3.0 ($basearch) Updates
baseurl=https://packages.vmware.com/photon/3.0/photon_updates_3.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-updates_3.0

cat > /etc/yum.repos.d/photon-release_3.0.repo << "EOF-release_3.0"
[photon-release-3.0-$basearch]
name=VMware Photon Linux 3.0 ($basearch)
baseurl=https://packages.vmware.com/photon/3.0/photon_release_3.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-release_3.0

cat > /etc/yum.repos.d/photon-extras_4.0.repo << "EOF-extras_4.0"
[photon-extras-4.0-$basearch]
name=VMware Photon Linux Extras 4.0 ($basearch)
baseurl=https://packages.vmware.com/photon/4.0/photon_extras_4.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
skip_md_filelists=1
EOF-extras_4.0

cat > /etc/yum.repos.d/photon-updates_4.0.repo << "EOF-updates_4.0"
[photon-updates-4.0-$basearch]
name=VMware Photon Linux 4.0 ($basearch) Updates
baseurl=https://packages.vmware.com/photon/4.0/photon_updates_4.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-updates_4.0

cat > /etc/yum.repos.d/photon-release_4.0.repo << "EOF-release_4.0"
[photon-release-4.0-$basearch]
name=VMware Photon Linux 4.0 ($basearch)
baseurl=https://packages.vmware.com/photon/4.0/photon_release_4.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-release_4.0

cat> /etc/yum.repos.d/photon-extras_5.0.repo << "EOF-extras_5.0"
[photon-extras-5.0-$basearch]
name=VMware Photon Linux Extras 5.0 ($basearch)
baseurl=https://packages.vmware.com/photon/5.0/photon_extras_5.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
skip_md_filelists=1
EOF-extras_5.0

cat > /etc/yum.repos.d/photon-updates_5.0.repo << "EOF-updates_5.0"
[photon-updates-5.0-$basearch]
name=VMware Photon Linux 5.0 ($basearch) Updates
baseurl=https://packages.vmware.com/photon/5.0/photon_updates_5.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-updates_5.0

cat > /etc/yum.repos.d/photon-release_5.0.repo << "EOF-release_5.0"
[photon-release-5.0-$basearch]
name=VMware Photon Linux 5.0 ($basearch)
baseurl=https://packages.vmware.com/photon/5.0/photon_release_5.0_$basearch
gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096
gpgcheck=1
enabled=1
skip_if_unavailable=1
EOF-release_5.0

chmod 644 /etc/yum.repos.d/*.repo

sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-updates_3.0.repo /etc/yum.repos.d/photon-release_3.0.repo
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-extras_4.0.repo /etc/yum.repos.d/photon-updates_4.0.repo /etc/yum.repos.d/photon-release_4.0.repo
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-extras_5.0.repo /etc/yum.repos.d/photon-updates_5.0.repo /etc/yum.repos.d/photon-release_5.0.repo

# Disable repo which were configured during installation of the helper vm
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-debuginfo.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-extras.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-iso.repo
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-updates.repo

tdnf makecache
tdnf reposync

Reposync takes hours.

C. Shutdown the helper virtual machine. Transport its virtual disk to the air-gapped target environment.

2. Backup the air-gapped target Photon OS virtual machine(s)

A. Perform a backup.

B. Consider the upgrade first in an air-gapped test environment with the backuped target Photon OS virtual machine.

C. Attach the helper virtual disk to the offline 3.0 target virtual machine.
The tested offline target is a Photon OS 3.0 GA virtual machine without floppy disk, without network adapter and without cd/dvd.

3. Perform upgrade pre-steps.

A. Notice the added virtual disk.

fdisk -l

B. Mount the attached virtual disk e.g. on /dev/sdb3

mkdir /mnt/local
mount /dev/sdb3 /mnt/local

C. Configure the local repositories.

chmod 644 -R /mnt/local/root/photon-extras-4.0-x86_64
chmod 644 -R /mnt/local/root/photon-extras-5.0-x86_64
chmod 644 -R /mnt/local/root/photon-release-3.0-x86_64
chmod 644 -R /mnt/local/root/photon-release-4.0-x86_64
chmod 644 -R /mnt/local/root/photon-release-5.0-x86_64
chmod 644 -R /mnt/local/root/photon-updates-3.0-x86_64
chmod 644 -R /mnt/local/root/photon-updates-4.0-x86_64
chmod 644 -R /mnt/local/root/photon-updates-5.0-x86_64

rpm -ivh /mnt/local/root/photon-updates-3.0-x86_64/x86_64/createrepo_c-0.11.1-5.ph3.x86_64.rpm

createrepo /mnt/local/root/photon-extras-4.0-x86_64
createrepo /mnt/local/root/photon-extras-5.0-x86_64
createrepo /mnt/local/root/photon-release-3.0-x86_64
createrepo /mnt/local/root/photon-release-4.0-x86_64
createrepo /mnt/local/root/photon-release-5.0-x86_64
createrepo /mnt/local/root/photon-updates-3.0-x86_64
createrepo /mnt/local/root/photon-updates-4.0-x86_64
createrepo /mnt/local/root/photon-updates-5.0-x86_64

cat > /etc/yum.repos.d/photon-release_releasever.repo << "EOF-release"
[Local photon-release $basearch]
name=Local VMware Photon Linux $releasever ($basearch)
baseurl=file:///mnt/local/root/photon-release-$releasever-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-release

cat > /etc/yum.repos.d/photon-updates_releasever.repo << "EOF-updates"
[Local photon-updates $basearch]
name=Local VMware Photon Linux $releasever ($basearch) Updates
baseurl=file:///mnt/local/root/photon-updates-$releasever-$basearch
enabled=1
gpgcheck=0
skip_if_unavailable=1
EOF-updates

cat > /etc/yum.repos.d/photon-extras_releasever.repo << "EOF-extras"
[Local photon-extras $basearch]
name=Local VMware Photon Linux Extras $releasever ($basearch)
baseurl=file:///mnt/local/root/photon-extras-$releasever-$basearch
enabled=0
gpgcheck=0
skip_if_unavailable=1
EOF-extras

chmod 644 /etc/yum.repos.d/*.repo

# 3.0 cannot read variables, hence replace them with hardcoded values.
sed -i "s/\$basearch/$HOSTTYPE/g" /etc/yum.repos.d/photon-extras_releasever.repo /etc/yum.repos.d/photon-updates_releasever.repo /etc/yum.repos.d/photon-release_releasever.repo
sed -i "s/\$releasever/3.0/g" /etc/yum.repos.d/photon-extras_releasever.repo /etc/yum.repos.d/photon-updates_releasever.repo /etc/yum.repos.d/photon-release_releasever.repo

# Switch to offline repos
cp /etc/yum.repos.d/photon-release_releasever.repo /etc/yum.repos.d/photon.repo 
cp /etc/yum.repos.d/photon-updates_releasever.repo /etc/yum.repos.d/photon-updates.repo 
cp /etc/yum.repos.d/photon-extras_releasever.repo /etc/yum.repos.d/photon-extras.repo

# avoid duplicate repos
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-release_releasever.repo /etc/yum.repos.d/photon-updates_releasever.repo

# these repos should already be disabled
sed -i "s/enabled=1/enabled=0/g" /etc/yum.repos.d/photon-debuginfo.repo /etc/yum.repos.d/photon-iso.repo

tdnf makecache

4. Apply the upgrade.

A. Save the status before upgrade for debug purposes.

cat /etc/photon-release
uname -a
systemctl list-unit-files --all 2>/dev/null
networkctl
resolvectl
iptables --list
docker container ls
ls -ll /etc/yum.repos.d/
ls -ll /etc/systemd/network

B. Apply a 3.0 distro-sync

tdnf update tdnf -y

# solve conflict before distro-sync
tdnf remove bc -y --releasever=3.0
tdnf distro-sync -y --releasever=3.0

C. Make virtual disk mount permanently.

tdnf install awk -y
cp /etc/fstab /etc/fstab.org
UUID=`blkid /dev/sdb3 | awk '{ print $2 }' | awk -F '=' '{ print $2}' | awk -F '"' '{ print $2}'`
echo "UUID=$UUID    /mnt/local ext4 defaults 0 2">>/etc/fstab

D. Apply the upgrade to 4.0

# remove packages which cause issues on upgrade e.g. liota
tdnf remove -y liota

tdnf install -y photon-upgrade

# Overwrite the files with the offline repos with variables $HOSTTYPE and $releasever.
cp /etc/yum.repos.d/photon-release_releasever.repo /etc/yum.repos.d/photon.repo
cp /etc/yum.repos.d/photon-updates_releasever.repo /etc/yum.repos.d/photon-updates.repo
cp /etc/yum.repos.d/photon-extras_releasever.repo /etc/yum.repos.d/photon-extras.repo
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/photon.repo /etc/yum.repos.d/photon-updates.repo /etc/yum.repos.d/photon-extras.repo
sed -i "s/gpgcheck=0/gpgcheck=1/g" /etc/yum.repos.d/photon.repo.rpmnew /etc/yum.repos.d/photon-updates.repo.rpmnew /etc/yum.repos.d/photon-extras.repo
echo "gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096">>/etc/yum.repos.d/photon.repo
echo "gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096">>/etc/yum.repos.d/photon-updates.repo
echo "gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096">>/etc/yum.repos.d/photon-extras.repo
echo "skip_md_filelists=1">>/etc/yum.repos.d/photon.repo
echo "skip_md_filelists=1">>/etc/yum.repos.d/photon-updates.repo
echo "skip_md_filelists=1">>/etc/yum.repos.d/photon-extras.repo

/usr/bin/photon-upgrade.sh --upgrade-os --assume-yes

E. Reboot
Proceed a reboot.

F. Apply the upgrade to 5.0

tdnf install -y photon-upgrade

# In /etc/yum.repos.d, the migration of the files photon.repo, photon-updates and photon-extras.repo are prepared by .rpmnew files.
# We overwrite those files with the offline repos.
cp /etc/yum.repos.d/photon-release_releasever.repo /etc/yum.repos.d/photon.repo.rpmnew
cp /etc/yum.repos.d/photon-updates_releasever.repo /etc/yum.repos.d/photon-updates.repo.rpmnew
cp /etc/yum.repos.d/photon-extras_releasever.repo /etc/yum.repos.d/photon-extras.repo.rpmnew
sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/photon.repo.rpmnew /etc/yum.repos.d/photon-updates.repo.rpmnew /etc/yum.repos.d/photon-extras.repo.rpmnew
sed -i "s/gpgcheck=0/gpgcheck=1/g" /etc/yum.repos.d/photon.repo.rpmnew /etc/yum.repos.d/photon-updates.repo.rpmnew /etc/yum.repos.d/photon-extras.repo.rpmnew
echo "gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096">>/etc/yum.repos.d/photon.repo.rpmnew
echo "gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096">>/etc/yum.repos.d/photon-updates.repo.rpmnew
echo "gpgkey=file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY file:///etc/pki/rpm-gpg/VMWARE-RPM-GPG-KEY-4096">>/etc/yum.repos.d/photon-extras.repo.rpmnew
echo "skip_md_filelists=1">>/etc/yum.repos.d/photon.repo.rpmnew
echo "skip_md_filelists=1">>/etc/yum.repos.d/photon-updates.repo.rpmnew
echo "skip_md_filelists=1">>/etc/yum.repos.d/photon-extras.repo.rpmnew

/usr/bin/photon-upgrade.sh --upgrade-os --assume-yes

G. Reboot
Proceed a reboot.

H. Save the status after upgrade for debug purposes.

cat /etc/photon-release
uname -a
systemctl list-unit-files --all 2>/dev/null
networkctl
resolvectl
iptables --list
docker container ls
ls -ll /etc/yum.repos.d/
ls -ll /etc/systemd/network

5. Perform upgrade post-steps.

A. Check configuration, applications' functionality.

B. Cleanup of the local repositories.

  ```
  rm -f /etc/yum.repos.d/photon*_3.0.repo
  rm -f /etc/yum.repos.d/photon*_4.0.repo
  rm -f /etc/yum.repos.d/photon-extras.repo
  rm -f /etc/yum.repos.d/photon-iso.repo
  rm -f /etc/yum.repos.d/photon-release.repo
  rm -f /etc/yum.repos.d/photon-srpms.repo
  rm -f /etc/yum.repos.d/photon-debuginfo.repo
  rm -f /etc/yum.repos.d/photon-updates.repo
  tdnf makecache --releasever=5.0
  ```

C. Install additional software e.g. tdnf install open-vm-tools -y --releasever=5.0

D. Delete snapshot(s) if not needed anymore.

E. Apply the recipe in production.

Before, consider the following TODO list.

  • How to copy the repo to the first disk and to relink the packages before detaching the virtual disk.
  • For testing purposes, the custom recipe syncs lot of packages from packages.vmware.com/photon. Hence the disk file needed is 250GB. How to identify only necessary packages 3.0, 4.0 and 5.0 ?
  • The custom recipe requires that the virtual disk with packages is attached, but it doesn't copy the packages to the local disk. Hence it is not possible yet to get rid of the attached virtual disk. How to relink copied packages as '@system' ?
  • gpgcheck isn't implemented, no cert-checks.
  • Differences between a vanila Photon OS 5.0 and an upgraded system? [fill-in observations]
Clone this wiki locally