[Novalug] RHEL In-place [Pre-]Upgrade (very different from FedUp) -- WAS: Bad upgrade to Fedora 22 with fedup (LONG)

Jon LaBadie novalugml@jgcomp.com
Tue Aug 18 19:46:38 EDT 2015


On Tue, Aug 18, 2015 at 06:33:40PM -0400, Bryan J Smith wrote:
> Jon LaBadie wrote:
> > Bryan J Smith wrote:
> >> I wasn't aware that FedUp is remotely related to the "in-place" RHEL
> >> [Pre-]Upgrade tool [1] (CentOS equivalent [1a]).
> >> SIDE Q:  Did you mean CentOS 6.6 to 6.7 (simple Update)?
> >> Or did you really do CentOS 6.7 to 7.1 (complete "in-place Upgrade")?
> >
> > The latter, I was focused on my current probs and mistyped the
> > CentOS version numbers.
> 
> So you literally did go from 6.7 to 7.1, and _not_ 6.6 to 6.7?

Yes, 6.7 -> 7.1.  That's why I said latter.

> Any software issues?

A fair number.  The system acts as my mail server and caching
DNS name server.  The mail system, postfix, amavis, spamassassin,
postgrey, clamav, procmail, dovecot, ???  required a good bit of
tweaking.  Didn't reimplement postgrey.

fail2ban had errors, I haven't explored.

The switch from iptables to firewalld and its many zones was
for me a major hassle.  I don't expect to make use of the
extra granularity it is capable of.  I'm still not certain
I've reimplemented one aspect of the firewall.  I had an
ip-blacklist with about 40K netblocks using the kernel's
ipset feature.

I think I've got the blacklist working again, but the rate
of dropped packets seems lower than before the upgrade.
The rate was never very high, but why let hackers from China,
Russia, ... even have a crack at cracking in.  The rate now
seems to be about 5/day while it was about 30/day.

Jon

-- 
Jon H. LaBadie                  novalugml@jgcomp.com
 11226 South Shore Rd		(703) 787-0688 (H)
 Reston, VA  20190		(703) 935-6720 (C)



More information about the Novalug mailing list