CentOS に関する投稿を表示しています

needs-restarting

某所の某 CentOS7 なサーバー、たまに何も考えずにログインしては yum update -y して、更にたまに reboot してるけどこれもはや cron で自動でよいのではと思ったのでそうする。

そういえば、アップデート内容によっては再起動が必要かを調べてくれるツールがあったなあぼんやり思い出した。
調べてみたら needs-restarting だった。そのままだ。

yum-utils に入っているらしいので、それでいれる。

$ sudo yum search needs-restarting
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
...
============================================================================================================= Matched: needs-restarting =============================================================================================================
dnf-plugins-core.noarch : Core Plugins for DNF
python2-dnf-plugins-core.noarch : Core Plugins for DNF
yum-utils.noarch : Utilities based around the yum package manager

$ sudo yum install yum-utils
...
$ needs-restarting --help
Usage:
    needs-restarting: Report a list of process ids of programs that started
                    running before they or some component they use were updated.

Options:
  -h, --help        show this help message and exit
  -u, --useronly    show processes for my userid only
  -r, --reboothint  only report whether a full reboot is required (returns 1)
                    or not (returns 0)
  -s, --services    list the affected systemd services only

フルリブートが必要なのか、特定のサービスだけでいいのか、をオプションで切り替えられる模様。

こうしておいた。

$ cat /etc/cron.daily/yum
#!/bin/sh
yum update -y

$ cat /etc/cron.daily/needs-restarting-reboothint
#!/bin/sh
needs-restarting --reboothint

$ cat /etc/cron.daily/needs-restarting-services
#!/bin/sh
needs-restarting --services

確認した結果、全自動で再起動するようにしてもいいけど、何かが何かに引っかかって立ち上がらなくなったりして、まったく気付かないというのは少し怖いので、とりあえずは通知するだけにしておく。
cron はすでに通知…、というか MAILTO にかかれていて、本文に色々書かれていたので、このままで OK ということにしておく。

CentOS 6 系から CentOS 7 系にアップグレードしたかった

この記事は公開されてから1年以上経過しており、情報が古い可能性があります。

某所の CentOS サーバをいい加減に 7 系にしよう!と思い、アップグレード手順なんかを調べていたら結構大変そうなことになった記録。結論としてまだアップグレードは出来てない。大して yum 以外でモリモリ入れたのも無いし、およそ nginx と php が動けば良いだろうな、入れ直しが手っ取り早そうだ。

公式 Wiki にアップグレードツールの件が記載されている。
TipsAndTricks/CentOSUpgradeTool - CentOS Wiki

目につく部分に警告が書かれている。

DO NOT USE this tool. Warning: use of this tool is currently BROKEN as several system-critical packages are of a higher version number in CentOS 6.7 than they are in CentOS 7 so those do not get upgraded correctly. This renders yum and several other system tools non-functional.

要するに CentOS 6.7 以降のパッケージは CentOS 7 に入っているパッケージよりもバージョンが進んでいるものもあり、うまく動かないらしい。詰まる該当パッケージのバージョン下げれば良いんじゃないか、行けるっしょ、という気持ちでトライしてみる。
※良い子は真似しないでね!

// まずは現状の確認をする
# cat /etc/redhat-release
CentOS release 6.9 (Final)


// アップグレードツールのリポジトリを追加
# vi /etc/yum.repos.d/upg.repo

// 以下を記載

[upg]
name=CentOS-$releasever - Upgrade Tool
baseurl=http://dev.centos.org/centos/6/upg/x86_64/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6


// 必要なツールのインストール
# yum install redhat-upgrade-tool preupgrade-assistant-contents


// 可能なアップグレードを確認
# preupg --list
CentOS6_7


// アップグレード検証をする
# preupg -s CentOS6_7

Preupg tool doesn't do the actual upgrade.
Please ensure you have backed up your system and/or data in the event of a failed upgrade
 that would require a full re-install of the system from installation media.
Do you want to continue? y/n

// y を入力

Gathering logs used by preupgrade assistant:
All installed packages : 01/11 ...finished (time 00:01s)
All changed files      : 02/11 ...finished (time 04:51s)
Changed config files   : 03/11 ...finished (time 00:00s)
All users              : 04/11 ...finished (time 00:00s)
All groups             : 05/11 ...finished (time 00:00s)
Service statuses       : 06/11 ...finished (time 00:00s)
All installed files    : 07/11 ...finished (time 00:04s)
All local files        : 08/11 ...finished (time 00:40s)
All executable files   : 09/11 ...finished (time 00:07s)
RedHat signed packages : 10/11 ...finished (time 00:00s)
CentOS signed packages : 11/11 ...finished (time 00:00s)
Assessment of the system, running checks / SCE scripts:
001/096 ...done    (Configuration Files to Review)
002/096 ...done    (File Lists for Manual Migration)
003/096 ...done    (Bacula Backup Software)
004/096 ...done    (MySQL configuration)
005/096 ...done    (Migration of the MySQL data stack)
006/096 ...done    (Changes related to moving from MySQL to MariaDB)
007/096 ...done    (PostgreSQL upgrade content)
008/096 ...done    (GNOME Desktop Environment underwent several design modifications in CentOS 7 release)
009/096 ...done    (KDE Desktop Environment underwent several design modifications in CentOS 7 release)
010/096 ...done    (several graphic drivers not supported in CentOS 7)
011/096 ...done    (several input drivers not supported in CentOS 7)
012/096 ...done    (several kernel networking drivers not available in CentOS 7)
013/096 ...done    (several kernel storage drivers not available in CentOS 7)
014/096 ...done    (Names, Options and Output Format Changes in arptables)
015/096 ...done    (BIND9 running in a chroot environment check.)
016/096 ...done    (BIND9 configuration compatibility check)
017/096 ...done    (Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files)
018/096 ...done    (DNSMASQ configuration compatibility check)
019/096 ...done    (Dovecot configuration compatibility check)
020/096 ...done    (Compatibility Between iptables and ip6tables)
021/096 ...done    (Net-SNMP check)
022/096 ...done    (Squid configuration compatibility check)
023/096 ...done    (Reusable Configuration Files)
024/096 ...done    (VCS repositories)
025/096 ...done    (Added and extended options for BIND9 configuration)
026/096 ...done    (Added options in DNSMASQ configuration)
027/096 ...done    (Packages not signed by CentOS)
028/096 ...done    (Obsoleted rpms)
029/096 ...done    (w3m not available in CentOS 7)
030/096 ...done    (report incompatibilities between CentOS 6 and 7 in qemu-guest-agent package)
031/096 ...done    (Removed options in coreutils binaries)
032/096 ...done    (Removed options in gawk binaries)
033/096 ...done    (Removed options in netstat binary)
034/096 ...done    (Removed options in quota tools)
035/096 ...done    (Removed rpms)
036/096 ...done    (Replaced rpms)
037/096 ...done    (GMP library incompatibilities)
038/096 ...done    (package downgrades)
039/096 ...done    (restore custom selinux configuration)
040/096 ...done    (General)
041/096 ...done    (samba shared directories selinux)
042/096 ...done    (CUPS Browsing/BrowsePoll configuration)
043/096 ...done    (CVS Package Split)
044/096 ...done    (FreeRADIUS Upgrade Verification)
045/096 ...done    (httpd configuration compatibility check)
046/096 ...done    (bind-dyndb-ldap)
047/096 ...done    (Identity Management Server compatibility check)
048/096 ...done    (IPA Server CA Verification)
049/096 ...done    (NTP configuration)
050/096 ...done    (Information on time-sync.target)
051/096 ...done    (OpenLDAP /etc/sysconfig and data compatibility)
052/096 ...done    (OpenSSH sshd_config migration content)
053/096 ...done    (OpenSSH sysconfig migration content)
054/096 ...done    (Configuration for quota_nld service)
055/096 ...done    (Disk quota netlink message daemon moved into quota-nld package)
056/096 ...done    (SSSD compatibility check)
057/096 ...done    (Luks encrypted partition)
058/096 ...done    (Clvmd and cmirrord daemon management.)
059/096 ...done    (State of LVM2 services.)
060/096 ...done    (device-mapper-multipath configuration compatibility check)
061/096 ...done    (Removal of scsi-target-utils)
062/096 ...done    (Configuration for warnquota tool)
063/096 ...done    (Disk quota tool warnquota moved into quota-warnquota package)
064/096 ...done    (Architecture Support)
065/096 ...done    (Binary rebuilds)
066/096 ...done    (Debuginfo packages)
067/096 ...done    (Cluster and High Availability)
068/096 ...done    (Quorum implementation)
069/096 ...done    (fix krb5kdc config file)
070/096 ...done    (File Systems, Partitions and Mounts Configuration Review)
071/096 ...done    (Read Only FHS directories)
072/096 ...done    (Sonamebumped libs)
073/096 ...done    (SonameKept Reusable Dynamic Libraries)
074/096 ...done    (Removed .so libs)
075/096 ...done    (In-place Upgrade Requirements for the /usr/ Directory)
076/096 ...done    (CA certificate bundles modified)
077/096 ...done    (Developer Tool Set packages)
078/096 ...done    (Hyper-V)
079/096 ...done    (Content for enabling and disabling services based on CentOS 6 system)
080/096 ...done    (Check for ethernet interface naming)
081/096 ...done    (User modification in /etc/rc.local and /etc/rc.d/rc.local)
082/096 ...done    (cgroups configuration compatibility check)
083/096 ...done    (Plugable authentication modules (PAM))
084/096 ...done    (Foreign Perl modules)
085/096 ...done    (Python 2.7.5)
086/096 ...done    (Ruby 2.0.0)
087/096 ...done    (SCL collections)
088/096 ...done    (System kickstart)
089/096 ...done    (YUM)
090/096 ...done    (Check for usage of dangerous range of UID/GIDs)
091/096 ...done    (Incorrect usage of reserved UID/GIDs)
092/096 ...done    (NIS ypbind config files back-up)
093/096 ...done    (NIS Makefile back-up)
094/096 ...done    (NIS server maps check)
095/096 ...done    (NIS server MAXUID and MAXGID limits check)
096/096 ...done    (NIS server config file back-up)
Assessment finished (time 06:32s)
I/O warning : failed to load external entity "/usr/share/openscap/xsl/security-guide.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 40 element import
xsl:import : unable to load /usr/share/openscap/xsl/security-guide.xsl
I/O warning : failed to load external entity "/usr/share/openscap/xsl/oval-report.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 41 element import
xsl:import : unable to load /usr/share/openscap/xsl/oval-report.xsl
I/O warning : failed to load external entity "/usr/share/openscap/xsl/sce-report.xsl"
compilation error: file /usr/share/preupgrade/xsl/preup.xsl line 42 element import
xsl:import : unable to load /usr/share/openscap/xsl/sce-report.xsl
OpenSCAP Error:: Could not parse XSLT file '/usr/share/preupgrade/xsl/preup.xsl' [oscapxml.c:416]
Unable to open file /root/preupgrade/result.html
Usage: preupg [options]

preupg: error: [Errno 2] No such file or directory: '/root/preupgrade/result.html'

やっぱりうごかない。調べると openscap のバージョンを下げることで先にすすめるらしい。
CentOS6.8 から CentOS7 へのアップグレード - demandosigno

// バージョン確認
# rpm -qa | grep openscap
openscap-1.2.13-2.el6.x86_64


// 古いものを入れる
# rpm -Uhv --oldpackage http://dev.centos.org/centos/6/upg/x86_64/Packages/openscap-1.0.8-1.0.1.el6.centos.x86_64.rpm
http://dev.centos.org/centos/6/upg/x86_64/Packages/openscap-1.0.8-1.0.1.el6.centos.x86_64.rpm を取得中
準備中...                ########################################### [100%]
   1:openscap               ########################################### [100%]


// 確認
# rpm -qa | grep openscap
openscap-1.0.8-1.0.1.el6.centos.x86_64


// 再度ツール実行
# preupg -s CentOS6_7

~~

Assessment finished (time 06:21s)

Result table with checks and their results for main contents:
---------------------------------------------------------------------------------------------------------------
|Bacula Backup Software                                                                    |notapplicable     |
|MySQL configuration                                                                       |notapplicable     |
|Migration of the MySQL data stack                                                         |notapplicable     |
|Changes related to moving from MySQL to MariaDB                                           |notapplicable     |
|PostgreSQL upgrade content                                                                |notapplicable     |
|GNOME Desktop Environment underwent several design modifications in CentOS 7 release      |notapplicable     |
|KDE Desktop Environment underwent several design modifications in CentOS 7 release        |notapplicable     |
|several graphic drivers not supported in CentOS 7                                         |notapplicable     |
|several input drivers not supported in CentOS 7                                           |notapplicable     |
|Names, Options and Output Format Changes in arptables                                     |notapplicable     |
|BIND9 running in a chroot environment check.                                              |notapplicable     |
|BIND9 configuration compatibility check                                                   |notapplicable     |
|Move dhcpd/dhcprelay arguments from /etc/sysconfig/* to *.service files                   |notapplicable     |
|DNSMASQ configuration compatibility check                                                 |notapplicable     |
|Dovecot configuration compatibility check                                                 |notapplicable     |
|Net-SNMP check                                                                            |notapplicable     |
|Squid configuration compatibility check                                                   |notapplicable     |
|Added and extended options for BIND9 configuration                                        |notapplicable     |
|Added options in DNSMASQ configuration                                                    |notapplicable     |
|w3m not available in CentOS 7                                                             |notapplicable     |
|report incompatibilities between CentOS 6 and 7 in qemu-guest-agent package               |notapplicable     |
|restore custom selinux configuration                                                      |notapplicable     |
|samba shared directories selinux                                                          |notapplicable     |
|CUPS Browsing/BrowsePoll configuration                                                    |notapplicable     |
|FreeRADIUS Upgrade Verification                                                           |notapplicable     |
|bind-dyndb-ldap                                                                           |notapplicable     |
|Identity Management Server compatibility check                                            |notapplicable     |
|IPA Server CA Verification                                                                |notapplicable     |
|OpenLDAP /etc/sysconfig and data compatibility                                            |notapplicable     |
|SSSD compatibility check                                                                  |notapplicable     |
|Clvmd and cmirrord daemon management.                                                     |notapplicable     |
|device-mapper-multipath configuration compatibility check                                 |notapplicable     |
|Removal of scsi-target-utils                                                              |notapplicable     |
|Quorum implementation                                                                     |notapplicable     |
|fix krb5kdc config file                                                                   |notapplicable     |
|cgroups configuration compatibility check                                                 |notapplicable     |
|System kickstart                                                                          |notapplicable     |
|NIS ypbind config files back-up                                                           |notapplicable     |
|NIS Makefile back-up                                                                      |notapplicable     |
|NIS server maps check                                                                     |notapplicable     |
|NIS server MAXUID and MAXGID limits check                                                 |notapplicable     |
|NIS server config file back-up                                                            |notapplicable     |
|several kernel networking drivers not available in CentOS 7                               |pass              |
|several kernel storage drivers not available in CentOS 7                                  |pass              |
|OpenSSH sshd_config migration content                                                     |pass              |
|Configuration for quota_nld service                                                       |pass              |
|Disk quota netlink message daemon moved into quota-nld package                            |pass              |
|Luks encrypted partition                                                                  |pass              |
|Configuration for warnquota tool                                                          |pass              |
|Architecture Support                                                                      |pass              |
|Debuginfo packages                                                                        |pass              |
|Cluster and High Availability                                                             |pass              |
|Read Only FHS directories                                                                 |pass              |
|In-place Upgrade Requirements for the /usr/ Directory                                     |pass              |
|Developer Tool Set packages                                                               |pass              |
|Hyper-V                                                                                   |pass              |
|Check for ethernet interface naming                                                       |pass              |
|Plugable authentication modules (PAM)                                                     |pass              |
|Ruby 2.0.0                                                                                |pass              |
|SCL collections                                                                           |pass              |
|Incorrect usage of reserved UID/GIDs                                                      |pass              |
|Compatibility Between iptables and ip6tables                                              |informational     |
|VCS repositories                                                                          |informational     |
|Removed options in coreutils binaries                                                     |informational     |
|Removed options in gawk binaries                                                          |informational     |
|Removed options in netstat binary                                                         |informational     |
|Removed options in quota tools                                                            |informational     |
|GMP library incompatibilities                                                             |informational     |
|CVS Package Split                                                                         |informational     |
|httpd configuration compatibility check                                                   |informational     |
|NTP configuration                                                                         |informational     |
|Information on time-sync.target                                                           |informational     |
|Disk quota tool warnquota moved into quota-warnquota package                              |informational     |
|File Systems, Partitions and Mounts Configuration Review                                  |informational     |
|Sonamebumped libs                                                                         |informational     |
|SonameKept Reusable Dynamic Libraries                                                     |informational     |
|Foreign Perl modules                                                                      |informational     |
|YUM                                                                                       |informational     |
|Reusable Configuration Files                                                              |fixed             |
|Replaced rpms                                                                             |fixed             |
|package downgrades                                                                        |fixed             |
|OpenSSH sysconfig migration content                                                       |fixed             |
|State of LVM2 services.                                                                   |fixed             |
|Configuration Files to Review                                                             |needs_inspection  |
|File Lists for Manual Migration                                                           |needs_inspection  |
|Obsoleted rpms                                                                            |needs_inspection  |
|Binary rebuilds                                                                           |needs_inspection  |
|CA certificate bundles modified                                                           |needs_inspection  |
|Python 2.7.5                                                                              |needs_inspection  |
|Check for usage of dangerous range of UID/GIDs                                            |needs_inspection  |
|Packages not signed by CentOS                                                             |needs_action      |
|Removed rpms                                                                              |needs_action      |
|General                                                                                   |needs_action      |
|Removed .so libs                                                                          |needs_action      |
|Content for enabling and disabling services based on CentOS 6 system                      |needs_action      |
|User modification in /etc/rc.local and /etc/rc.d/rc.local                                 |needs_action      |
---------------------------------------------------------------------------------------------------------------
Tarball with results is stored here /root/preupgrade-results/preupg_results-170926155342.tar.gz .
The latest assessment is stored in directory /root/preupgrade .
Summary information:
We found some potential in-place upgrade risks.
Read the file /root/preupgrade/result.html for more details.
Upload results to UI by command:
e.g. preupg -u http://127.0.0.1:8099/submit/ -r /root/preupgrade-results/preupg_results-*.tar.gz .

出てきた。結構いろいろみてくれるのね、しゅごい。

/root/preupgrade/result.html に詳細があるそうなので、ドキュメントルートに持っていって、ブラウザから確認すると次のような画面になった。

  • 半分くらいの項目はちゃんと確認しないと危ない気がする
  • がんばってアップグレードしてもとっちらかった状態になりそう
  • web サーバとして簡単に使っている程度なので、バックアップ全部とって入れ替えるもあり

というところから、入れ替えちゃったほうが早そうだなあ、という結論。

まずは docker だったりで CentOS 7 を準備して、稼働中のサービス、設定ファイルや鍵を移しつつ、いろいろ動作するか確認したのち、まるっと入れ替える、という流れになりそーう。

つづく。

pv コマンド便利だよって

この記事は公開されてから1年以上経過しており、情報が古い可能性があります。

こんにちは、ごみばこです。

pv コマンド絶妙に便利なのですが、使う機会も少ないので、忘録的に書いときます。

pv ??

ivarch.com: Pipe Viewer

pv = pipe viewer の略で、その名の通り、パイプ処理のときのデータ量を可視化してくれて、絶妙に役立ちます。

pv をインストール

debian 系なら apt-get で、特に何することなくインストールするとこができます。Redhat もとい CentOS では RPMForge を導入することで yum install pv でインストールできます。

RepoForge Project

RPMForge は終了したそうです。理由としては、メンテナンスされていない古いソフトウェアが増えてきたから、とのこと。。というわけで Redhat/CentOS な方々は pv の公式サイトから rpm が公開されているので、これを利用すると良さそうです。

http://www.ivarch.com/programs/rpms/pv-1.6.6-1.x86_64.rpm

※バージョンは要確認すること。

$ sudo rpm -ivh http://www.ivarch.com/programs/rpms/pv-1.6.6-1.x86_64.rpm
$ pv --version

pv を使う

たとえば圧縮された SQL をドバーッと mysql に流したい…。

$ bzcat dump.sql.bz2 | mysql -uroot -pxxxx

が、これでは、ちゃんと進んでいるのかわからにくい! ここで pv を使うと…

$ bzcat dump.sql.bz2 | pv | mysql -uroot -pxxxx
1.81GiB 0:02:31 [ 12.4MiB/s] [                      <=>           ]

こんな出力がされ、流れるデータ量が可視化されます!

更に pv は複数に渡って記述ができるので…
(公式サイトに記載されているものとほぼ同じですが。。)

$ pv -cN source < dump.sql.bz2 | bzcat | pv -cN bzcat | mysql -uroot -pxxxx
    bzcat:  109MiB 0:00:18 [7.60MiB/s] [            <=>                     ]
   source: 52.7MiB 0:00:19 [3.89MiB/s] [=====>              ] 27% ETA 0:00:50

終わりそうな目処感と流れるデータ量を可視化できます!

まとめ

pv を使うことでパイプに流れるデータ量を観測することができます。これによっていつ終わるのか不安に思える作業もある程度は見える化されて便利~!