远程升级云服务器系统 CentOS 6.x 至 CentOS 7.x

由于docker-ce不再支持centos6，所以觉得吧系统升级为centos7，以下是踩坑的过程

1、添加源 /etc/yum.repos.d/upgrade.repo

[upgrade]
name=CentOS-$releasever - Upgrade Tool
baseurl=http://dev.centos.org/centos/6/upg/x86_64/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

2、使用 yum 安装此工具及其预升级助手

[root@allen05ren ~]# yum install redhat-upgrade-tool preupgrade-assistant-contents

3、执行此工具的预升级助手查看可用内容

[root@allen05ren ~]# preupg -l
CentOS6_7

4、执行预升级助手进行升级前的检查

[root@ibills ~]# preupg -s CentOS6_7

问题来了：

I/O warning : failed to load external entity "/usr/share/openscap/xsl/security-guide.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 40 element import
xsl:import : unable to load /usr/share/openscap/xsl/security-guide.xsl
I/O warning : failed to load external entity "/usr/share/openscap/xsl/oval-report.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 41 element import
xsl:import : unable to load /usr/share/openscap/xsl/oval-report.xsl
I/O warning : failed to load external entity "/usr/share/openscap/xsl/sce-report.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 42 element import
xsl:import : unable to load /usr/share/openscap/xsl/sce-report.xsl
OpenSCAP Error:: Could not parse XSLT file \'/usr/share/preupgrade/xsl/preup.xsl\' [oscapxml.c:416]
Unable to open file /root/preupgrade/result.html
Usage: preupg [options]
preupg: error: [Errno 2] No such file or directory: \'/root/preupgrade/result.html\'

遇到问题那么就找原因和解决方法，通过搜索引擎搜索，找到 CentOS 官方论坛的一篇帖子，帖子中有一回复如下：

Erase the existing version of openscap (I had openscap 1.2) and install openscap-1.0.8-1.0.1 from http://dev.centos.org/centos/6/upg and redo the upgrade.

根据他的方法，把 openscap 软件包的版本降低之后，重新再安装此工具及其预升级助手：

[root@allen05ren ~]# yum erase openscap
[root@allen05ren ~]# yum install http://dev.centos.org/centos/6/upg/x86_64/Packages/openscap-1.0.8-1.0.1.el6.centos.x86_64.rpm
[root@allen05ren ~]# yum install redhat-upgrade-tool preupgrade-assistant-contents

重新执行 preupg -s CentOS6_7 命令：

[root@allen05ren ~]# preupg -s CentOS6_7
Preupg tool doesn\'t do the actual upgrade.
Please ensure you have backed up your system and/or data in the event of a failed upgrade
 that would require a full re-install of the system from installation media.
Do you want to continue? y/n
y
Gathering logs used by preupgrade assistant:
All installed packages : 01/10 ...finished (time 00:00s)
All changed files      : 02/10 ...finished (time 00:48s)
Changed config files   : 03/10 ...finished (time 00:00s)
All users              : 04/10 ...finished (time 00:00s)
...
042/100 ...done    (samba shared directories selinux)
043/100 ...done    (CUPS Browsing/BrowsePoll configuration)
044/100 ...done    (CVS Package Split)
...
|samba shared directories selinux          |notapplicable  |
|CUPS Browsing/BrowsePoll configuration    |notapplicable  |
|CVS Package Split                         |notapplicable  |
...

检查需要一些时间，检查的结果会被保存到 /root/preupgrade/result.html，预升级助手的目的可以查看上面给出的此工具的用途说明。/root/preupgrade 目录下还存储了其他一些文件，在升级完成后，可以查看一下。

5、开始执行升级

首先导入 CentOS 7 的CentOS-7 RPM GPG KEY：

[root@allen05ren ~]# rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7

执行升级命令：

[root@allen05ren ~]# centos-upgrade-tool-cli --network 7 --instrepo=http://mirror.centos.org/centos/7/os/x86_64/

以上的包仓库也可更换为其他的源地址。

问题又来了：

…

Continue with the upgrade [Y/N]? y

getting boot images…

Downloading failed: invalid data in .treeinfo: No option ‘upgrade’ in section: ‘images-x86_64’

根据提示，.treeinfo 文件中的 ‘images-x86_64’ 部分没有 ‘upgrade’ 选项，查看该文件：

[general]
name = CentOS Linux-7
family = CentOS Linux
timestamp = 1480944027.47
variant = 
version = 7
packagedir = 
arch = x86_64

[stage2]
mainimage = LiveOS/squashfs.img

[images-x86_64]
kernel = images/pxeboot/vmlinuz
initrd = images/pxeboot/initrd.img
boot.iso = images/boot.iso

[images-xen]
kernel = images/pxeboot/vmlinuz
initrd = images/pxeboot/initrd.img

[checksums]
LiveOS/squashfs.img = sha256:bb4bc180bce57d78e5ea0df91410a006b08966663ef21ff746b4b102852d08bb
repodata/repomd.xml = sha256:27dc6846e9cb739a79b28acdad499c7cc1894781bd92e0adedc646b05cf95d77
images/pxeboot/vmlinuz = sha256:0e9b8a60576744d54c2468fbc84051e09a6090d1b1cfecf9adbdd95b3614a8a2
images/pxeboot/initrd.img = sha256:d012bf47580c63586f02e8247819ea28bd6edc5e3870f13b1efd0130d4593cae
images/efiboot.img = sha256:c43aa456d5de63ffafe9792584aecc167f6de723fdc5ac78b0309f88788c5915
images/boot.iso = sha256:f2f7367deb90a25822947660c71638333ca0eceeabecc2d631be6cd508c24494

确实无此选项，但是根据官方的升级步骤也完全没有错误，经过一顿折腾，找其他的源，发现都是没有此选项（其实后面发送找其他源也是徒劳，因为都是同步的官方源的）。

心想不太可能升级不了，灵机一动 CentOS 不是有旧系统的备份源吗：http://vault.centos.org/，上去就是几个现存的 CentOS 版本目录查看 .treeinfo 文件，皇天不负有心人，7.0.1406、7.1.1503、7.2.1511几个版本都有 ‘upgrade’ 选项，那就选个最新的 7.2.1511 版本，升级完再升级吧：

[general]
name = CentOS-7
family = CentOS
timestamp = 1449700442.21
variant = 
version = 7
packagedir = 
arch = x86_64

[stage2]
mainimage = LiveOS/squashfs.img

[images-x86_64]
kernel = images/pxeboot/vmlinuz
initrd = images/pxeboot/initrd.img
upgrade = images/pxeboot/upgrade.img
boot.iso = images/boot.iso

[images-xen]
kernel = images/pxeboot/vmlinuz
initrd = images/pxeboot/initrd.img
upgrade = images/pxeboot/upgrade.img

[checksums]
LiveOS/squashfs.img = sha256:1778a13e6a0bd98c0db94c4c068e08f84f6f91cdca7b2a5111aad1b5a181c0c4
repodata/repomd.xml = sha256:13d1072eeb97c6e5a0ab8bcbf5f8b0b82c87c43bf6e4be26983772609b237cb1
images/pxeboot/vmlinuz = sha256:ee2df000e29c79ae96db95f61766a8c5adc527d8c92c4114badedf251f73b20e
images/pxeboot/upgrade.img = sha256:fa54ce9a3aedad9d7de59507410af3eec51ac7e65b45b7ac9a14c971f33e45cf
images/pxeboot/initrd.img = sha256:ad1f8fc2bebe9ec1eb5c36d4c38177e39fe8423602098d60c29804081f81b8bd
images/efiboot.img = sha256:08743dd12b338a6c726dd0d66e2109e18e19db8b6f0191f9882929035e7875a6
images/boot.iso = sha256:9ed9ffb5d89ab8cca834afce354daa70a21dcb410f58287d6316259ff89758f5

把源仓库地址一换，终于顺利下载升级文件开始升级。

[root@allen05ren ~]# centos-upgrade-tool-cli --network 7 --instrepo=http://vault.centos.org/centos/7.2.1511/os/x86_64/
setting up repos...
Repository base is listed more than once in the configuration
Repository updates is listed more than once in the configuration
Repository extras is listed more than once in the configuration
Repository centosplus is listed more than once in the configuration
Repository contrib is listed more than once in the configuration
cmdline-instrepo | 3.6 kB 00:00 
cmdline-instrepo/primary_db | 5.3 MB 02:17 
epel | 4.3 kB 00:00 
epel/primary_db | 5.9 MB 00:05 
upg | 1.9 kB 00:00 
upg/primary_db | 14 kB 00:00 
No upgrade available for the following repos: base extras updates
.treeinfo | 1.1 kB 00:00 
Preupgrade assistant risk check found risks for this upgrade.
You can run preupg --riskcheck --verbose to view these risks.
Addressing high risk issues is required before the in-place upgrade
and ignoring these risks may result in a broken upgrade and unsupported upgrade.
Please backup your data.

List of issues:
INPLACERISK: HIGH: We detected some non-CentOS signed packages, you can find the list in /root/preupgrade/./kickstart/noncentospkgs. You need to handle them yourself!
INPLACERISK: HIGH: After upgrading to CentOS 7 there are still some el6 packages left. Add --cleanup-post option to redhat-upgrade-tool if you want to remove them automatically.
INPLACERISK: HIGH: Library pcre (required by NonCentOS signed package(s):nginx ) changed soname between CentOS 6 and CentOS 7
INPLACERISK: HIGH: The service network on CentOS 7 is disabled by default. Enable them via commands: systemctl enable network && systemctl start network.service .
INPLACERISK: HIGH: The service nscd on CentOS 7 is disabled by default. Enable them via commands: systemctl enable nscd && systemctl start nscd.service .
INPLACERISK: HIGH: The service ntpd on CentOS 7 is disabled by default. Enable them via commands: systemctl enable ntpd && systemctl start ntpd.service .
INPLACERISK: HIGH: The service udev-post on CentOS 7 is disabled by default. Enable them via commands: systemctl enable udev-post && systemctl start udev-post.service .
INPLACERISK: HIGH: File /etc/rc.d/rc.local was changed
INPLACERISK: MEDIUM: We detected some packages installed on the system were removed (obsoleted) between CentOS 6 and CentOS 7. This may break the functionality of the packages depending on them.
INPLACERISK: MEDIUM: We detected some packages installed on the system were removed between CentOS 6 and CentOS 7. This may break the functionality of the packages depending on them.
INPLACERISK: MEDIUM: Package ql2500-firmware not provided by its replacement linux-firmware. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: Package ql23xx-firmware not provided by its replacement linux-firmware. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: Package bfa-firmware not provided by its replacement linux-firmware. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: Package ql2100-firmware not provided by its replacement linux-firmware. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: Package rt61pci-firmware not provided by its replacement linux-firmware. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: Package coreutils-libs not provided by its replacement coreutils. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: Package ql2400-firmware not provided by its replacement linux-firmware. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: Package rt73usb-firmware not provided by its replacement linux-firmware. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: Package ql2200-firmware not provided by its replacement linux-firmware. In-place upgrade might not work properly, will be finished by postupgrade script!
INPLACERISK: MEDIUM: having one of [nss libxcb libdrm libibverbs systemtap libpciaccess nss-sysinit ca-certificates systemtap-devel libX11 tzdata nspr nss-util elfutils-libelf systemtap-runtime openldap systemtap-client audit libX11-common audit-libs elfutils-libs nss-tools librdmacm openscap] package installed breaks upgrade
INPLACERISK: MEDIUM: We detected some soname bumps in the libraries installed on the system. This may break the functionality of some of your 3rd party applications. They may need rebuild. Please check their requirements.
INPLACERISK: MEDIUM: We detected some .so libraries installed on the system were removed between CentOS 6 and CentOS 7. This may break the functionality of some of your 3rd party applications.
INPLACERISK: MEDIUM: The service supervisord is not installed by CentOS signed packages and will not be automatically enabled after in-place upgrade.
INPLACERISK: SLIGHT: We detected some files where modifications are not tracked in the rpms. You may need to check their functionality after successful upgrade.
INPLACERISK: SLIGHT: We detected some files untracked by rpms. Some of these may need manual check/migration after redhat-upgrade-tool and/or can cause conflicts or troubles during the installation. Try to reduce unnecessary untracked files before running redhat-upgrade-tool.
INPLACERISK: SLIGHT: Package procps (required by NonCentOS signed package(s):mysql-community-server ) replaced between CentOS 6 and CentOS 7
INPLACERISK: SLIGHT: We detected some packages installed on the system changed their name between CentOS 6 and CentOS 7. Although they should be compatible, monitoring after the update is recommended.
INPLACERISK: SLIGHT: export shell commands will be deleted from /etc/sysconfig/sshd
INPLACERISK: SLIGHT: Some binaries untracked by RPM were discovered on the system and may need rebuild after upgrade.
INPLACERISK: SLIGHT: Some scripts untracked by RPM were discovered on