変奏現実

パソコンやMMORPGのことなどを思いつくまま・・・記載されている会社名・製品名・システム名などは、各社の商標、または登録商標です。

この画面は、簡易表示です

AlmaLinux release 8.7

[AlmaLinux]KVMからHyper-Vに移行

投稿日 2025年3月12日 06:50 by おっとっとっと Comment

単にqcow2ファイルをvhdxファイルにコンバートすればいいのかなと思ったら

# qemu-img convert -p -f qcow2 -O vhdx {qcow2ファイル名} {vhdxファイル名}

起動に失敗した。

Linux起動時にgrub2の画面でカーネルを選択後、

/bootの下のinitramfsファイルを読んで一時的にファイルシステムとして使用されるが

フルセットでは重いからインストーラは

# dracut --kver {カーネル名} -f -v

で必須なドライバを見繕ったinitramfsファイルをカーネルごとに作成している。

つまり、KVMで作成したVMはKVM環境のドライバしか入っていないので、そのままHyper-Vに移行してもドライバ不足で何もできなくなる。

仕方が無いので、KVMで動いている状況下で

# dracut --kver $(uname -r) -f --add-drivers "hv_vmbus hv_storvsc hv_netvsc hv_utils hv_balloon hyperv-keyboard hyperv_fb hid-hyperv"

Hyper-V用のinitramfsファイルを作成する必要がある。

またネットワークの状況も違い

# nmcli con show
NAME    UUID                                  TYPE      DEVICE 
virbr0  63189c34-2fc4-48f8-adc8-8a631ab7e98c  bridge    virbr0
ens2    dc75b52c-b3eb-4fe3-9027-7983b30c0ed5  ethernet  --     
ens3    e18ddd44-7abe-4297-b16f-919c7cd32430  ethernet  --

Hyper-Vではブリッジではなくeth0に繋がる仕組みなので、

nmcli –offline connection コマンドでとりあえずファイルを作り

# nmcli --offline connection add type ethernet con-name eth0 ipv4.address 192.0.2.1/24 ipv4.dns 192.0.2.200 ipv4.method manual > /etc/NetworkManager/system-connections/eth0.nmconnection

Hyper-V上で作成したAlmaLinux9.5VMを見ながら一部コピペ

[connection]
id=eth0
uuid=20f2b6eb-7e6c-473c-b362-4d390d16e5a9    ※AlmaLinux9.5VMからコピペ
type=ethernet
autoconnect-priority=-999                    ※AlmaLinux9.5VMからコピペ
interface-name=eth0
timestamp=1741709046                         ※AlmaLinux9.5VMからコピペ

[ethernet]

[ipv4]
method=auto                                  ※DHCPモード

[ipv6]
addr-gen-mode=eui64                          ※AlmaLinux9.5VMからコピペ
method=auto

[proxy]

と書き換え

# chmod 600 eth0.nmconnection 
# chown root:root eth0.nmconnection
# systemctl start NetworkManager-dispatcher.service 
# reboot

再起動後は

# nmcli con show
NAME    UUID                                  TYPE      DEVICE 
eth0    20f2b6eb-7e6c-473c-b362-4d390d16e5a9  ethernet  eth0   ※これが欲しかった
virbr0  63189c34-2fc4-48f8-adc8-8a631ab7e98c  bridge    virbr0 ※多分要らない
ens2    dc75b52c-b3eb-4fe3-9027-7983b30c0ed5  ethernet  --     
ens3    e18ddd44-7abe-4297-b16f-919c7cd32430  ethernet  --

となり何とかなった。

不要なvirbr0は消した方がいいだろう。

また、起動状態を見たい場合は

grub2の画面で[e]キーを押して設定を一時的に修正しctrl+xで起動。

起動時に出てくる

probing edd (edd=off to disable)... ok

は、カーネルのオプションに

edd=off

を追加すると消える。

また、カーネルのオプショのconsole=以降を

console=tty0 console=ttyS0,115200

に変えるとコンソールに普通に起動の進行状況が表示される

永続的に変えたい場合は /etc/default/grub のGRUB_CMDLINE_LINUXの行を

修正前
GRUB_CMDLINE_LINUX="crashkernel=auto resume=/dev/mapper/cl-swap rd.lvm.lv=cl/root rd.lvm.lv=cl/swap console=ttyS0,115200n8"
修正後
GRUB_CMDLINE_LINUX="crashkernel=auto resume=/dev/mapper/cl-swap rd.lvm.lv=cl/root rd.lvm.lv=cl/swap console=tty0 console=ttyS0,115200n8 edd=off"

とエディタで書換え

# grub2-mkconfig -o /boot/grub2/grub.cfg

でgrub2が使う設定を更新できるらしい。



「AlmaLinux8」アップデート失敗

投稿日 2025年3月10日 19:03 by おっとっとっと Comment

アップデートに失敗しました

再起動してください。と表示されたので再起動すると・・・

initramfs-4.18.0-553.42.1.el8_10.x86_64.img not found

となってshellのプロンプトまで到達しなかった。

仕方が無いのでレスキュー版で起動すると、

kernel panic!

仕方が無いので3つあるkernelを順に起動すると

  • AlmaLinux (4.18.0-553.40.1.el8_10.x86_64) 8.10
  • AlmaLinux (4.18.0-553.36.1.el8_10.x86_64) 8.10

で起動できた。

とりあえず2か3番目で自動起動しようとGRUB_SAVEDEFAULT=trueを追加してみた・・・

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=true
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200"
GRUB_CMDLINE_LINUX="crashkernel=auto resume=/dev/mapper/cl-swap rd.lvm.lv=cl/rooot rd.lvm.lv=cl/swap console=ttyS0,115200n8"
GRUB_DISABLE_RECOVERY="true"
GRUB_ENABLE_BLSCFG=true
grub2-mkconfig -o /boot/grub2/grub.cfg

したけど36を指定して起動した後に再起動しても、やはり先頭の42を起動してしまう。

無駄だったみたいなので戻す。

ちゃんと直すしかないのか orz

失敗するのは最新の

  • AlmaLinux (4.18.0-553.42.1.el8_10.x86_64) 8.10

だけなのでとりあえず、ls -l /boot/init*すると

# ls -l init*
-rw-------. 1 root root 65479600  2月  3  2020 initramfs-0-rescue-888ffa2eb9d5445599d39810727386a4.img
-rw-------  1 root root 51083878  1月 24 06:34 initramfs-4.18.0-553.36.1.el8_10.x86_64.img
-rw-------  1 root root 32029184  1月 29 07:24 initramfs-4.18.0-553.36.1.el8_10.x86_64kdump.img
-rw-------  1 root root 51083826  2月 13 04:15 initramfs-4.18.0-553.40.1.el8_10.x86_64.img
-rw-------  1 root root 32025088  2月 13 04:22 initramfs-4.18.0-553.40.1.el8_10.x86_64kdump.img

36と40が同じサイズ(注:そのときにはそう見えた)だから、

42でもサイズが同じならコピればすむかな?と36のファイルを42でコピして起動すると

[    4.513259] dracut-pre-udev[294]: modprobe: FATAL: Module dm_mod not found in directory /lib/modules/4.18.0-553.42.1.el8_10.x86_64

使うファイル名にカーネルのバージョンが入っているのか・・・orz

initramfs-4.18.0-553.42.1.el8_10.x86_64.imgの中に

/lib/modules/4.18.0-553.42.1.el8_10.x86_64が無く困ってるようだ。

諦めてinitramfsファイルを再構築することにする

dracut --force --kver 4.18.0-553.42.1.el8_10.x86_64 /boot/initramfs-4.18.0-553.42.1.el8_10.x86_64.img

–force は実行フラグ

–kverはカーネルのバージョンで普通は uname -r でチェックできるけど、その42では動かないので

{36上で調べると}
# uname -r
4.18.0-553.36.1.el8_10.x86_64
{だから}
4.18.0-553.42.1.el8_10.x86_64
{だろう}

/boot/initramfs-4.18.0-553.42.1.el8_10.x86_64.imgは出力先ファイル名

これで42で起動できるようになったが、

レスキューが動かないと思えてしまったのはカーネルダンプの起動エラーの後、コンソールのエスケープシーケンスが壊れログインプロンプトがそれっぽく見えなかったせいだった。

その後

virt-sparsifyでKVMイメージを圧縮して約半分のサイズにしたら、

# virt-sparsify /var/lib/libvirt/images/AlmaLinux9.qcow2 /var/lib/libvirt/images/AlmaLinux9new.qcow2
は、$TMPDIRに一旦作業エリアを確保するし、コピー先ファイルも一旦同じサイズで作るみたいで空き容量は倍以上必要っぽい
また、未使用エリアのクリアが元になってエラーが出ることもあるようだ

クリアーし過ぎてエラったみたいなので

再び同じdracutコマンドでinitramfsを再構築し再起動したらちゃんと起動した。

#qemu-img convert -c -f qcow2 -O qcow2 /var/lib/libvirt/images/AlmaLinux9{,new}.qcow2
は、必要なトコだけファイルを作るので助かるけど圧縮率がイマイチなことも多々ある


linux usbメモリ

投稿日 2025年2月13日 05:52 by おっとっとっと Comment

USBメモリをマウントする方法

とりあえずUSBメモリを繋ぎ、dmesgコマンドで

[  744.338016] usb 2-1.3: USB disconnect, device number 3
[  796.933913] IPv6: ADDRCONF(NETDEV_UP): vnet2: link is not ready
[  865.484995] usb 2-1.3: new SuperSpeed USB device number 4 using xhci_hcd
[  865.498779] usb 2-1.3: New USB device found, idVendor=30de, idProduct=6545, bcdDevice= 1.10
[  865.498791] usb 2-1.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  865.498796] usb 2-1.3: Product: TransMemory
[  865.498799] usb 2-1.3: Manufacturer: KIOXIA
[  865.498803] usb 2-1.3: SerialNumber: C03FD5F6A7E8E5615326139A
[  865.500601] usb-storage 2-1.3:1.0: USB Mass Storage device detected
[  865.500877] scsi host2: usb-storage 2-1.3:1.0
[  866.549604] scsi 2:0:0:0: Direct-Access     KIOXIA   TransMemory      PMAP PQ: 0 ANSI: 6
[  866.550663] sd 2:0:0:0: [sdb] 122019840 512-byte logical blocks: (62.5 GB/58.2 GiB)
[  866.550862] sd 2:0:0:0: [sdb] Write Protect is off
[  866.550868] sd 2:0:0:0: [sdb] Mode Sense: 45 00 00 00
[  866.551101] sd 2:0:0:0: Attached scsi generic sg1 type 0
[  866.551280] sd 2:0:0:0: [sdb] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA
[  866.708686]  sdb: sdb1
[  866.710141] sd 2:0:0:0: [sdb] Attached SCSI removable disk

とか表示してくれるので、/dev/sdb1をマウントすれば良い事が判るが、lsblkコマンドの方が判りやすい

# lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda               8:0    0 111.8G  0 disk 
├─sda1            8:1    0   200M  0 part /boot/efi
├─sda2            8:2    0     1G  0 part /boot
└─sda3            8:3    0 110.6G  0 part 
  ├─centos-root 253:0    0    50G  0 lvm  /
  ├─centos-swap 253:1    0   7.6G  0 lvm  [SWAP]
  └─centos-home 253:2    0    53G  0 lvm  /home
sdb               8:16   1  58.2G  0 disk 
└─sdb1            8:17   1  58.2G  0 part

但し、USBメモリにパーテーションを作っていないと

# lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda               8:0    0 111.8G  0 disk 
├─sda1            8:1    0   200M  0 part /boot/efi
├─sda2            8:2    0     1G  0 part /boot
└─sda3            8:3    0 110.6G  0 part 
  ├─centos-root 253:0    0    50G  0 lvm  /
  ├─centos-swap 253:1    0   7.6G  0 lvm  [SWAP]
  └─centos-home 253:2    0    53G  0 lvm  /home
sdb               8:16   1  58.2G  0 disk

の様にtypeがpartの行が無く、mountしようがないのでパーテーションを作ってフォーマットしておく。

このUSBメモリの情報をチェックしてみると、

# fdisk -l /dev/sdb1
Disk /dev/sdb1: 58.2 GiB, 62472060928 bytes, 122015744 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x73736572

Device      Boot      Start        End    Sectors   Size Id Type
/dev/sdb1p1      1920221984 3736432267 1816210284   866G 72 unknown
/dev/sdb1p2      1936028192 3889681299 1953653108 931.6G 6c unknown
/dev/sdb1p3               0          0          0     0B  0 Empty
/dev/sdb1p4        27722122   27722568        447 223.5K  0 Empty

Partition table entries are not in disk order.

ところが

# mount -t vfat /dev/sdb1 /mnt/usbfm
mount: /mnt/usbfm: wrong fs type, bad option, bad superblock on /dev/sdb1, missing codepage or helper program, or other error.

そうntfsに対応してないので、だんだんめんどくさくなったので

consoleのストレージでパーテーションとマウントの設定をしよう

少々時間がかかるが

と出来上がる

結果を見てみよう

#  lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda               8:0    0 111.8G  0 disk 
├─sda1            8:1    0   200M  0 part /boot/efi
├─sda2            8:2    0     1G  0 part /boot
└─sda3            8:3    0 110.6G  0 part 
  ├─centos-root 253:0    0    50G  0 lvm  /
  ├─centos-swap 253:1    0   7.6G  0 lvm  [SWAP]
  └─centos-home 253:2    0    53G  0 lvm  /home
sdb               8:16   1  58.2G  0 disk 
└─sdb1            8:17   1  58.2G  0 part /dev/usbfm


AlmaLimnux8to9

投稿日 2025年1月29日 08:06 by おっとっとっと Comment

現状

# cat /etc/os-release
NAME="AlmaLinux"
VERSION="8.10 (Cerulean Leopard)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.10 (Cerulean Leopard)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"

ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.10"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"
SUPPORT_END=2029-06-01

elevate-testing リポジトリをダウンロードします。

# sudo curl https://repo.almalinux.org/elevate/testing/elevate-testing.repo -o /etc/yum.repos.d/elevate-testing.repo
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   465  100   465    0     0    750      0 --:--:-- --:--:-- --:--:--   750
# ls /etc/yum.repos.d/elevate-testing.repo
/etc/yum.repos.d/elevate-testing.repo

ELevate GPG キーをインポートします。

# sudo rpm --import https://repo.almalinux.org/elevate/RPM-GPG-KEY-ELevate

AlmaLinux 8 から AlmaLinux 9 にアップグレードできるようにする Leapp パッケージをインストールします。


# sudo yum install -y leapp-upgrade leapp-data-almalinux
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

ELevate Testing                                                                                                                                                                651 kB/s | 258 kB     00:00    
Dependencies resolved.
===============================================================================================================================================================================================================
 Package                                                    Architecture                          Version                                                 Repository                                      Size
===============================================================================================================================================================================================================
Installing:
 leapp-data-almalinux                                       noarch                                0.5-1.el8.20241127                                      elevate-testing                                470 k
 leapp-upgrade-el8toel9                                     noarch                                1:0.21.0-5.el8.elevate.1                                elevate-testing                                1.1 M
Installing dependencies:
 leapp                                                      noarch                                0.18.0-2.el8                                            elevate-testing                                 34 k
 leapp-deps                                                 noarch                                0.18.0-2.el8                                            elevate-testing                                 16 k
 leapp-upgrade-el8toel9-deps                                noarch                                1:0.21.0-5.el8.elevate.1                                elevate-testing                                 45 k
 python3-leapp                                              noarch                                0.18.0-2.el8                                            elevate-testing                                199 k

Transaction Summary
===============================================================================================================================================================================================================
Install  6 Packages

Total download size: 1.9 M
Installed size: 31 M
Downloading Packages:
(1/6): leapp-0.18.0-2.el8.noarch.rpm                                                                                                                                           187 kB/s |  34 kB     00:00    
(2/6): leapp-deps-0.18.0-2.el8.noarch.rpm                                                                                                                                       80 kB/s |  16 kB     00:00    
(3/6): leapp-data-almalinux-0.5-1.el8.20241127.noarch.rpm                                                                                                                      1.7 MB/s | 470 kB     00:00    
(4/6): leapp-upgrade-el8toel9-deps-0.21.0-5.el8.elevate.1.noarch.rpm                                                                                                           381 kB/s |  45 kB     00:00    
(5/6): leapp-upgrade-el8toel9-0.21.0-5.el8.elevate.1.noarch.rpm                                                                                                                5.5 MB/s | 1.1 MB     00:00    
(6/6): python3-leapp-0.18.0-2.el8.noarch.rpm                                                                                                                                   269 kB/s | 199 kB     00:00    
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                                                                          1.8 MB/s | 1.9 MB     00:01     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                                                       1/1 
  Installing       : leapp-upgrade-el8toel9-deps-1:0.21.0-5.el8.elevate.1.noarch                                                                                                                           1/6 
  Installing       : leapp-deps-0.18.0-2.el8.noarch                                                                                                                                                        2/6 
  Installing       : python3-leapp-0.18.0-2.el8.noarch                                                                                                                                                     3/6 
  Installing       : leapp-0.18.0-2.el8.noarch                                                                                                                                                             4/6 
  Installing       : leapp-upgrade-el8toel9-1:0.21.0-5.el8.elevate.1.noarch                                                                                                                                5/6 
  Installing       : leapp-data-almalinux-0.5-1.el8.20241127.noarch                                                                                                                                        6/6 
  Running scriptlet: leapp-data-almalinux-0.5-1.el8.20241127.noarch                                                                                                                                        6/6 
  Verifying        : leapp-0.18.0-2.el8.noarch                                                                                                                                                             1/6 
  Verifying        : leapp-data-almalinux-0.5-1.el8.20241127.noarch                                                                                                                                        2/6 
  Verifying        : leapp-deps-0.18.0-2.el8.noarch                                                                                                                                                        3/6 
  Verifying        : leapp-upgrade-el8toel9-1:0.21.0-5.el8.elevate.1.noarch                                                                                                                                4/6 
  Verifying        : leapp-upgrade-el8toel9-deps-1:0.21.0-5.el8.elevate.1.noarch                                                                                                                           5/6 
  Verifying        : python3-leapp-0.18.0-2.el8.noarch                                                                                                                                                     6/6 
Installed products updated.

Installed:
  leapp-0.18.0-2.el8.noarch                                      leapp-data-almalinux-0.5-1.el8.20241127.noarch    leapp-deps-0.18.0-2.el8.noarch    leapp-upgrade-el8toel9-1:0.21.0-5.el8.elevate.1.noarch   
  leapp-upgrade-el8toel9-deps-1:0.21.0-5.el8.elevate.1.noarch    python3-leapp-0.18.0-2.el8.noarch                

Complete!

パッケージがインストールされたことを確認するメッセージが表示されます。次に、前の段階と同様に、次のコマンドを使用してアップグレード前のチェックを実行する必要があります。

# sudo leapp preupgrade
==> Processing phase `configuration_phase`
====> * ipu_workflow_config
        IPU workflow config actor
==> Processing phase `FactsCollection`
====> * system_facts
        Provides data about many facts from system.
====> * vendor_repositories_mapping
        Scan the vendor repository mapping files and provide the data to other actors.
====> * check_enabled_vendor_repos
        Create a list of vendors whose repositories are present on the system and enabled.
====> * vendor_repo_signature_scanner
        Produce VendorSignatures messages for the vendor signature files inside the
====> * scan_systemd_source
        Provides info about systemd on the source system
====> * check_custom_network_scripts
        Check the existence of custom network-scripts and warn user about possible
====> * firewalld_collect_used_object_names
        This actor reads firewalld's configuration and produces Model
====> * nis_scanner
        Collect information about the NIS packages configuration.
====> * scanzfcp
        In case of s390x architecture, check whether ZFCP is used.
====> * network_manager_connection_scanner
        Scan NetworkManager connection keyfiles
====> * firewalld_collect_global_config
        This actor reads firewalld's configuration and produces Model
====> * scan_grub_device_name
        Find the name of the block devices where GRUB is located
====> * roce_scanner
        Detect active RoCE NICs on IBM Z machines.
====> * scan_source_files
        Scan files (explicitly specified) of the source system.
====> * scan_vendor_repofiles
        Load and produce custom repository data from vendor-provided files.
====> * rpm_scanner
        Provides data about installed RPM Packages.
====> * scan_grub_config
        Scan grub configuration files for errors.
====> * get_installed_desktops
        Actor checks if kde or gnome desktop environments
====> * register_ruby_irb_adjustment
        Register a workaround to allow rubygem-irb's directory -> symlink conversion.
====> * scan_sap_hana
        Gathers information related to SAP HANA instances on the system.
====> * get_enabled_modules
        Provides data about which module streams are enabled on the source system.
====> * scan_pkg_manager
        Provides data about package manager (yum/dnf)
====> * network_manager_read_config
        Provides data about NetworkManager configuration.
====> * transaction_workarounds
        Provides additional RPM transaction tasks based on bundled RPM packages.
====> * repository_mapping
        Produces message containing repository mapping based on provided file.
====> * distribution_signed_rpm_scanner
        Provide data about distribution plus vendors signed & unsigned RPM packages.
====> * scan_source_kernel
        Scan the source system kernel.
====> * scandasd
        In case of s390x architecture, check whether DASD is used.
====> * copy_dnf_conf_into_target_userspace
        Copy dnf.conf into target userspace
====> * scan_custom_modifications_actor
        Collects information about files in leapp directories that have been modified or newly added.
====> * xorgdrvfacts8to9
        Check the journal logs for deprecated Xorg drivers.
====> * scanclienablerepo
        Produce CustomTargetRepository based on the LEAPP_ENABLE_REPOS in config.
====> * persistentnetnames
        Get network interface information for physical ethernet interfaces of the original system.
====> * scancryptopolicies
        Scan information about system wide set crypto policies including:
====> * root_scanner
        Scan the system root directory and produce a message containing
====> * scan_files_for_target_userspace
        Scan the source system and identify files that will be copied into the target userspace when it is created.
====> * ipa_scanner
        Scan system for ipa-client and ipa-server status
====> * open_ssl_config_scanner
        Read an OpenSSL configuration file for further analysis.
====> * biosdevname
        Enable biosdevname on the target RHEL system if all interfaces on the source RHEL
====> * checkrhui
        Check if system is using RHUI infrastructure (on public cloud) and send messages to
====> * storage_scanner
        Provides data about storage settings.
====> * persistentnetnamesdisable
        Disable systemd-udevd persistent network naming on machine with single eth0 NIC
====> * remove_obsolete_gpg_keys
        Remove obsoleted RPM GPG keys.
====> * scanmemory
        Scan Memory of the machine.
====> * selinuxcontentscanner
        Scan the system for any SELinux customizations
====> * sssd_facts_8to9
        Check SSSD configuration for changes in RHEL9 and report them in model.
====> * trusted_gpg_keys_scanner
        Scan for trusted GPG keys.
====> * udevadm_info
        Produces data exported by the "udevadm info" command.
====> * scan_custom_repofile
        Scan the custom /etc/leapp/files/leapp_upgrade_repositories.repo repo file.
====> * scan_subscription_manager_info
        Scans the current system for subscription manager information
====> * ifcfg_scanner
        Scan ifcfg files with legacy network configuration
====> * load_device_driver_deprecation_data
        Loads deprecation data for drivers and devices (PCI & CPU)
====> * scan_kernel_cmdline
        No documentation has been provided for the scan_kernel_cmdline actor.
====> * scan_target_os_image
        Scans the provided target OS ISO image to use as a content source for the IPU, if any.
====> * scanblacklistca
        Scan the file system for distrusted CA's in the blacklist directory.
====> * vdo_conversion_scanner
        Provides conversion info about VDO devices.
====> * read_openssh_config
        Collect information about the OpenSSH configuration.
====> * scan_dynamic_linker_configuration
        Scan the dynamic linker configuration and find modifications.
====> * repositories_blacklist
        Exclude target repositories provided by Red Hat without support.
====> * xfs_info_scanner
        This actor scans all mounted mountpoints for XFS information
====> * rpm_transaction_config_tasks_collector
        Provides additional RPM transaction tasks from /etc/leapp/transaction.
====> * scan_fips
        Determine whether the source system has FIPS enabled.
====> * used_repository_scanner
        Scan used enabled repositories
====> * multipath_conf_read_8to9
        Read multipath configuration files and extract the necessary information
====> * luks_scanner
        Provides data about active LUKS devices.
====> * detect_kernel_drivers
        Matches all currently loaded kernel drivers against known deprecated and removed drivers.
====> * pci_devices_scanner
        Provides data about existing PCI Devices.
====> * scancpu
        Scan CPUs of the machine.
====> * satellite_upgrade_facts
        Report which Satellite packages require updates and how to handle PostgreSQL data
====> * satellite_upgrade_services
        Reconfigure Satellite services
====> * pes_events_scanner
        Provides data about package events from Package Evolution Service.
====> * setuptargetrepos
        Produces list of repositories that should be available to be used by Upgrade process.
==> Processing phase `Checks`
====> * dotnet_unsupported_versions_check
        Check for installed .NET versions that are no longer supported.
====> * check_microarchitecture
        Inhibit if RHEL9 microarchitecture requirements are not satisfied
====> * check_system_arch
        Check if system is running at a supported architecture. If no, inhibit the upgrade process.
====> * emit_net_naming_scheme
        Emit necessary modifications of the upgrade environment and target command line to use net.naming-scheme.
====> * check_target_iso
        Check that the provided target ISO is a valid ISO image and is located on a persistent partition.
====> * efi_check_boot
        Adjust EFI boot entry for first reboot
====> * network_deprecations
        Ensures that network configuration doesn't rely on unsupported settings
====> * checkmemory
        The actor check the size of RAM against RHEL8 minimal hardware requirements
====> * red_hat_signed_rpm_check
        Check if there are packages not signed by Red Hat in use. If yes, warn user about it.
====> * check_arm_bootloader
        Install required RPM packages for ARM system upgrades on paths with
====> * check_skipped_repositories
        Produces a report if any repositories enabled on the system are going to be skipped.
====> * check_vdo
        Check if VDO devices need to be migrated to lvm management.
====> * check_insights_auto_register
        Checks if system can be automatically registered into Red Hat Insights
====> * bacula_check
        Actor checking for presence of Bacula installation.
====> * check_nvidia_proprietary_driver
        Check if NVIDIA proprietary driver is in use. If yes, inhibit the upgrade process.
====> * check_mount_options
        Check for mount options preventing the upgrade.
====> * checkhybridimage
        Check if the system is using Azure hybrid image.
====> * mariadb_check
        Actor checking for presence of MariaDB installation.
====> * firewalld_check_service_tftp_client
        This actor will inhibit if firewalld's configuration is using service
====> * firewalld_check_allow_zone_drifting
        This actor will check if AllowZoneDrifiting=yes in firewalld.conf. This
====> * check_detected_devices_and_drivers
        Checks whether or not detected devices and drivers are usable on the target system.
====> * check_kpatch
        Carry over kpatch-dnf and it's config into the container
====> * checkblacklistca
        No documentation has been provided for the checkblacklistca actor.
====> * cephvolumescan
        Retrieves the list of encrypted Ceph OSD
====> * openssh_permit_root_login
        OpenSSH no longer allows root logins with password.
====> * sssd_check_8to9
        Check SSSD configuration for changes in RHEL9 and report them in model.
====> * check_yum_plugins_enabled
        Checks that the required yum plugins are enabled.
====> * unsupported_upgrade_check
        Checks environment variables and produces a warning report if the upgrade is unsupported.
====> * check_sap_hana
        If SAP HANA has been detected, several checks are performed to ensure a successful upgrade.
====> * nis_check
        Checks if any of NIS components is installed and configured
====> * check_rhsmsku
        Ensure the system is subscribed to the subscription manager
====> * open_ssl_config_check
        The OpenSSL configuration changed between RHEL8 and RHEL9 significantly with the rebase to
====> * check_nfs
        Check if NFS filesystem is in use. If yes, inhibit the upgrade process.
====> * checktargetrepos
        Check whether target yum repositories are specified.
====> * open_ssh_drop_in_directory_check
        Trigger a notice that the main sshd_config will be updated to contain
====> * check_consumed_assets
        Check whether Leapp is using correct data assets.
====> * check_installed_kernels
        Inhibit IPU (in-place upgrade) when installed kernels conflict with a safe upgrade.
====> * check_etc_releasever
        Check releasever info and provide a guidance based on the facts
====> * check_ifcfg
        Ensures that ifcfg files are compatible with NetworkManager
====> * open_ssh_subsystem_sftp
        The RHEL9 changes the SCP to use SFTP protocol internally. The both RHEL8 and RHEL9
====> * check_boot_avail_space
        Check if at least 100Mib of available space on /boot. If not, inhibit the upgrade process.
====> * check_ipa_server
        Check for ipa-server and inhibit upgrade
====> * check_deprecated_rpm_signature
        Check whether any packages signed by RSA/SHA1 are installed
====> * check_fips
        Inhibit upgrade if FIPS is detected as enabled.
====> * check_bls_grub_onppc64
        Check whether GRUB config is BLS aware on RHEL 8 ppc64le systems
====> * postgresql_check
        Actor checking for presence of PostgreSQL installation.
====> * detect_grub_config_error
        Check grub configuration for various errors.
====> * crypto_policies_check
        This actor consumes previously gathered information about crypto policies on the source
====> * check_cifs
        Check if CIFS filesystem is in use. If yes, inhibit the upgrade process.
====> * check_se_linux
        Check SELinux status and produce decision messages for further action.
====> * check_systemd_broken_symlinks
        Check whether some systemd symlinks are broken
====> * check_fstab_mount_order
        Checks order of entries in /etc/fstab based on their mount point and inhibits upgrade if overshadowing is detected.
====> * roce_check
        Check whether RoCE is used on the system and well configured for the upgrade.
====> * check_persistent_mounts
        Check if mounts required to be persistent are mounted in persistent fashion.
====> * check_dynamic_linker_configuration
        Check for customization of dynamic linker configuration.
====> * check_grub_core
        Check whether we are on legacy (BIOS) system and instruct Leapp to upgrade GRUB core
====> * check_luks
        Check if any encrypted partitions are in use and whether they are supported for the upgrade.
====> * xorgdrvcheck8to9
        Warn if Xorg deprecated drivers are in use.
====> * check_custom_modifications_actor
        Checks CustomModifications messages and produces a report about files in leapp directories that have been
====> * check_openssl_conf
        Check whether the openssl configuration and openssl-IBMCA.
====> * check_root_symlinks
        Check if the symlinks /bin and /lib are relative, not absolute.
====> * check_os_release
        Check if the current RHEL minor version is supported. If not, inhibit the upgrade process.
====> * multipath_conf_check_8to9
        Checks if changes to the multipath configuration files are necessary
====> * check_rpm_transaction_events
        Filter RPM transaction events based on installed RPM packages
====> * check_skip_phase
        Skip all the subsequent phases until the report phase.
==> Processing phase `Reports`
====> * verify_check_results
        Check all dialogs and notify that user needs to make some choices.
====> * verify_check_results
        Check all generated results messages and notify user about them.

Debug output written to /var/log/leapp/leapp-preupgrade.log

============================================================
                      REPORT OVERVIEW                       
============================================================

Upgrade has been inhibited due to the following problems:
    1. Possible problems with remote login using root account
    2. Upgrade requires links in root directory to be relative

HIGH and MEDIUM severity reports:
    1. Packages not signed by Red Hat found on the system
    2. Leapp detected loaded kernel drivers which are no longer maintained in RHEL 9.
    3. Leapp detected a processor which is no longer maintained in RHEL 9.
    4. Remote root logins globally allowed using password
    5. GRUB2 core will be automatically updated during the upgrade
    6. Detected custom leapp actors or files.
    7. MariaDB (mariadb-server) has been detected on your system

Reports summary:
    Errors:                      0
    Inhibitors:                  2
    HIGH severity reports:       6
    MEDIUM severity reports:     1
    LOW severity reports:        1
    INFO severity reports:       2

Before continuing, review the full report below for details about discovered problems and possible remediation instructions:
    A report has been generated at /var/log/leapp/leapp-report.txt
    A report has been generated at /var/log/leapp/leapp-report.json

============================================================
                   END OF REPORT OVERVIEW                   
============================================================

Answerfile has been generated at /var/log/leapp/answerfile

結果は/var/log/leapp/leapp-report.txtに出るらしいけど0バイトだった。

SELinuxはOFFってるし、/etc/firewalld/firewalld.confはAllowZoneDrifting=noだからかな?

でも赤文字でREPORT OVERVIEWなので内容を見てみると

Upgrade has been inhibited due to the following problems:  出直せ
1. Possible problems with remote login using root account リモートでルートが使えるのは嫌い!
2. Upgrade requires links in root directory to be relative ルート直下の絶対パスのリンクは嫌い!

なので

# ls -la /
・・・
lrwxrwxrwx    1 root root    19 Sep  2  2021 snap -> /var/lib/snapd/snap
・・・

があったので、

# cd /
# rm snap
rm: remove symbolic link 'snap'? y
# ln -s var/lib/snapd/snap /snap

ルートでログインできないようにする

# vi /etc/ssh/sshd_config
/Root
#PermitRootLogin yes にする
:wq
#reboot

TeraTermではルートからログインできないからcockpit画面でルートでログインして(笑

# sudo leapp preupgrade

・・・
============================================================
                      REPORT OVERVIEW                       黄色
============================================================

HIGH and MEDIUM severity reports:
    1. Packages not signed by Red Hat found on the system
    2. Detected custom leapp actors or files.
    3. Leapp detected loaded kernel drivers which are no longer maintained in RHEL 9.
    4. Leapp detected a processor which is no longer maintained in RHEL 9.
    5. GRUB2 core will be automatically updated during the upgrade
    6. MariaDB (mariadb-server) has been detected on your system

Reports summary:
    Errors:                      0
    Inhibitors:                  0
    HIGH severity reports:       5
    MEDIUM severity reports:     1
    LOW severity reports:        2
    INFO severity reports:       3

Before continuing, review the full report below for details about discovered problems and possible remediation instructions:
    A report has been generated at /var/log/leapp/leapp-report.txt
    A report has been generated at /var/log/leapp/leapp-report.json

============================================================
                   END OF REPORT OVERVIEW                   
============================================================

Answerfile has been generated at /var/log/leapp/answerfile

MariaDB (mariadb-server) が動いてるとダメなのか?



[Linux]cockpit が「保護されていない通信」扱い

投稿日 2024年5月21日 00:41 by おっとっとっと Comment

httpsを使わないとChromeの機嫌が悪い。

でも、そのままhttpsにしておくと、「怪しい電子証明書」として扱われるので、

ブログのためにLet’s Encryptで取得した電子証明書を流用してみる。

Let’s Encryptでの電子証明書は、/etc/letsencrypt/live/の{コモンネーム}のフォルダの中の fullchain.pem(証明書)とprivkey.pem(秘密鍵)を使用する。

cockitでは電子証明書を、/etc/cockpit/ws-certs.d/ フォルダの中に格納することになっているので、先の証明書と秘密鍵のファイルを、{コモンネーム}.crtと{コモンネーム}.keyとしてシンボリックリンクを貼り、cockpitを再起動。

しかし、ブログのkvmホストは非公開だからChromeが安心する様な電子証明書は作りにくいので、ブログサーバのcockpitのホストリストにkvmホストを登録してソコから接続することにした。

ま、この方法だとブログのサーバを止める時に困るけどね。普段は使えるからヨシとしよう。



[Linux]Cockpit コンソールから他のコンソールに繋ぐ

投稿日 2023年10月15日 22:02 by おっとっとっと Comment

KVMサーバーのCockpitのページから直接ブログサーバのCockpitに繋いでみた。

まずはSSH接続用の公開鍵を作る。

# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): [passphraseを入力] ※passphraseはログイン時に使用
Enter same passphrase again: [passphraseを入力]
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Fyfc0Do9Wux/6uZgjLvM9nCq4mYVaOphgip9bx8I1eE root@xxxxxxxx.xxxxxxxx.local
The key's randomart image is:
+---[RSA 3072]----+
|        . ..     |
|       o o o.    |
|      ..E ++o    |
|     .o . o+=    |
| .  .o  S..= .   |
|. . +. ....o.    |
|.. + .... o =.   |
|o . o =  +.* .o .|
|.  . *oooo*o.++o |
+----[SHA256]-----+

次にブログサーバのSSHの設定内容を取得

# ssh-keyscan -H 192.168.xxx.xxx >> ~/.ssh/known_hosts
# 192.168.xxx.xxx:22 SSH-2.0-OpenSSH_8.0
# 192.168.xxx.xxx:22 SSH-2.0-OpenSSH_8.0
# 192.168.xxx.xxx:22 SSH-2.0-OpenSSH_8.0

最後にブログサーバに公開鍵を送信

# ssh-copy-id root@192.168.xxx.xxx
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.xxx.xxx's password: [passwordを入力]

Number of key(s) added: 1

Cockpitの画面を開き、左上のサーバー名の右の▲をクリックして▼に変え、【新規ホストの追加】ボタンを押す。

ダイアログからIPアドレス、ユーザ名、パスフェーズを入力。

認証でSSHキーを選択、キーパスワードは先のパスフェーズを入力。

自動ログインは、/root/.ssh/id_rsa のパスワードを変更しますのチェックし、新しいパスワードを設定する。



[AlumaLinux]WARNING: AllowZoneDrifting is enabled.

投稿日 2023年10月13日 06:11 by おっとっとっと Comment 
# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2023-10-11 17:03:59 JST; 1 day 12h ago
     Docs: man:firewalld(1)
 Main PID: 793 (firewalld)
    Tasks: 2 (limit: 23014)
   Memory: 33.7M
   CGroup: /system.slice/firewalld.service
           mq793 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

10月 11 17:03:55 *******.*******.********** systemd[1]: Starting firewalld - dynamic firewall daemon...
10月 11 17:03:59 *******.*******.********** systemd[1]: Started firewalld - dynamic firewall daemon.
10月 11 17:03:59 *******.*******.********** firewalld[793]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will...

firewalldでエラっていた。

AllowZoneDriftingは将来のリリースでは削除される予定です。今すぐ無効を検討してください。

だそうで、設定ファイルを修正。

# AllowZoneDrifting=yes
AllowZoneDrifting=no

結果

# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2023-10-13 06:03:36 JST; 3s ago
     Docs: man:firewalld(1)
 Main PID: 29104 (firewalld)
    Tasks: 2 (limit: 23014)
   Memory: 23.9M
   CGroup: /system.slice/firewalld.service
           mq29104 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

10月 13 06:03:35 *******.*******.********** systemd[1]: firewalld.service: Succeeded.
10月 13 06:03:35 *******.*******.********** systemd[1]: Stopped firewalld - dynamic firewall daemon.
10月 13 06:03:35 *******.*******.********** systemd[1]: Starting firewalld - dynamic firewall daemon...
10月 13 06:03:36 *******.*******.********** systemd[1]: Started firewalld - dynamic firewall daemon.


[blog]激重

投稿日 2023年6月17日 06:01 by おっとっとっと Comment

データベースエラーが出ていた。

原因はブログ用のゲストOSがヘタれ、コマンドプロンプトでコマンドを打つと10秒くらい応答が無かったので、タイムアウトチェックに引っかかるものは全てエラってるっぽい。

rebootやpoweroffコマンドは通るもののシャットダウンする気配が無い。

ホスト側は特に異常は見当たらない。

virt-topでゲストOSの負荷を見ても、CPU:0.5%しかない。

仕方なくホスト側を再起動。

apacheの設定を見直してみると前のDDNSのドメインのままになっている箇所を発見。

コレのせいかな?

てか何で普通に観れてたんだろう???

とりあえず、バックアップを取っておこう。圧縮しても4GB越え。

WinSCPでコピると6分以上かかる。

とても古い圧縮方式arcfourの優先度を最上位にしてもほとんど差が無かった。

サーバ側が古すぎなのは未サポートになってた様な気もする。

当然、同時接続数をq2から9に上げても変わらず。

やっぱりCPUか。J1900だもんなぁ。




top