 Good morning. Good afternoon. Good evening and welcome to another episode of Red Hat Enterprise Linux Presents I am Chris Short executive producer of OpenShift TV and I would like to hand it off to the one and only rel experienced person to the stars Scott McBrien who actually is supporting the Red Hat Enterprise Linux label today Thanks. Thanks a lot Chris. So today we were joined by two guests First is Terry Bowling who is the senior product manager for rail upgrade migration and management experiences And I'll give him a second in a minute Well, that was a misnomer. I'll give him a minute In just a moment to introduce himself and also with us today is Jerome Young who is a senior architect for Red Hat Consulting and today we're going to be talking about migrating from one Linux to Red Hat Enterprise Linux or other Linuxes to Red Hat Enterprise Linux So let's start with Terry and then we'll move on to Jerome and just do a little bit of introductions about Yourself and and what you do Sure. Thanks Scott. Yeah, so I've been with the Red Hat gosh, how many years going on nine? I think so I'm in the rail product management team focused on a variety of things Including installations migrations in place upgrades as well as other management Experiences so I was a sys admin for many years So when I talk to other sys admins, I feel like I'm with my people and I feel like I really relate to those people and the types of work that they have to do and the kind of problems that they Run into and their challenges So usually when I I talk to those types of customers and those types of people I I feel like I can Really feel and own their issues that they experience Thanks, Jerome. How's it going? Good. Good. Good. Yes. I'll give my little intro. I'm Jerome Young I'm an architect with the Red Hat. I've been here for about nine years as Terry has just about as long as Terry has And I actually work a lot with customers actually to do architecture planning and even implementation of you know, either moving from a another Linux or even upgrading Linux at scale So if you're in a large enterprise, how do you do that? And I'm very large way actually take some planning and You know some execution so been through a lot of a lot of things with customers and it can talk to a lot of Experiences out there in the field I'm excited to have you both today So we're talking about converting from Other Linuxes to red hat enterprise Linux So what are the reasons that you guys see people converting from other Linuxes to red hat enterprise Linux? Let's go first. Do you want to go first? Oh, sure. Yeah, I can definitely go first I think one of the key reasons is definitely support being one of the key reason for a lot of larger enterprise customers, but also having Expertise there while you sometimes you're running the free Linux and that's that's great Well, I can say Sometimes you're running a version of Linux and you don't have the support there To actually get you over problems when they happen. So if you're running something, especially that's business critical That problem could actually cost you a serious money or serious downtime Where a lot of folks have a mindset when they're at home Something goes down at home. It causes some inconvenience for when you're running a business That definitely causes a real problem. So I think support is definitely the big Reason why folks move to red hat Yeah, and I'll add to that Geron We have a lot of customers that find themselves in a situation where They themselves are a business and they have their own customers And they have to answer to their own customers. So they have to answer to their their customers regarding things like security supply chain and especially when those customers Have their own end customers where they're maybe managing customer data customer personal information This whole concept of a secure supply chain and a known provenance of origin Where did these open source bits come? How were they built? Are there any points in the process along the way where a malicious person could insert something bad? And with recent security concerns in the public media today, that is a growing topic So we have a lot of customers coming to us and say look we've built our business around centos It's been great. However to get this next customer account They are requiring us to maybe have government certifications like the system must be run in FIPS mode It must Be able to meet certain government security clearance criteria and things like that And that comes with a lot of people doing a lot of work to achieve those certifications And and validate that and and so even though centos has done a great job of rebuilding from source and getting very close to binary compatibility equality You know, there's still some things that don't quite pass the muster when you're Maybe trying to land a big government contract or something like that where they they simply have strict requirements that they must adhere to So as wonderful as the open source community is there's certain business problems that You know, it just requires a business investing in the people to Follow the process and make that happen. So that's another real value that we're hearing from customers is they simply have to convert to something that meets those security requirements And Perry just to follow up on that you said that especially public sector folks certifications Just this week we achieved both common criteria and FIPS 140-2 for rel 8.1 and so Rebuilds like sent to us Don't carry those certifications, right? correct Even though it might be built from the same source code or close to the same source code Those certifications, it's about a process. It's about a build pipeline and knowing that you can control and lock down Access to that and when you have a open public community it's really hard for those same public communities to achieve that same level of control and And quite honestly it requires money investing in the certification process Which is quite expensive. So red hat spends a lot of money with third party certification organizations to validate that and there's just a lot to it that Sent us and I'm not aware of any other Any other Linux distribution that has managed to obtain these certifications Without some type of enterprise company behind it Great Um, so what are some of the Linux's they're supported to convert into red hat enterprise Linux? Great question. Um, so currently the the tooling that we have been working on we call it convert to rel And it focuses on those rel derivative distributions. So those would include distros like CentOS or CentOS depending on your preference of pronunciation Um, so CentOS Oracle Linux is also a derivative Scientific Linux would be one but they Transition to CentOS or CentOS proper a couple of years ago, I believe So those are pretty much the distributions we're looking at So it doesn't really apply to even fedora because that's a little bit too forward thinking so even though it's um, It's part of the same ecosystem family. It's a little bit too far upstream or up river For the the tooling to effectively convert to rel So I think I covered everything. Did I miss anything Jerome? Yeah, no, I think I've got it. I'll cover And are there any specific versions that are? Um, Supported and versions that are not supported Yeah, the tooling that we're focused on uh right now is um primarily focused on converting CentOS seven and eight to rel eight red hat enterprise Linux eight and um, so seven and eight The tooling actually works with six and we've had A lot of success with that especially with our consulting agency. They've they've been the ones working with customers the most with it Um, I'll let Jerome come comment on that in a moment But we're we're we're considering we're thinking about what's in the best interest of our customers And helping customers convert centos six to rel six Given that it's that end of life cycle It it raises a lot of questions of is this The best behavior that we should be doing so we're kind of treating that as a support exception scenario So we're not planning on that being broadly supported The tooling in the community works if you have a simple centos six, it'll convert it to rel six But it's it's very basic and minimal and we're not necessarily recommending that Unless you're also planning on doing a rel six to rel seven upgrade because getting yourself to a supportable Found platform that has a life cycle remaining where you're getting security you're at it That's really the best recommended practice. So that's what we're focused on so Really centos six since or centos seven and eight to rel seven and eight drone. Do you want to mention anything about? Yes, I'd say definitely trying to get folks on to in a supported A platform is really kind of the key and so since rel six is now end of life for the most part It's also comes with its own challenges because well six Has some age behind it and so You know working on the consulting side what we've seen there are some old either Sis admin things that have been done that can cause some things to not miss a Not work But we've found ways around them to kind of make that work But it does take some work at times to get that going because you have these unexpected Challenges just because of the age of rel six and oftentimes these systems have been around for a very long time and changed many hands Yeah, over a decade Yeah, potentially at this point, so And drone what what? Because you work on a lot of the conversion processes, right? So What do you see folks converting from and to a lot of times? You know the Oracle Linux is is one and CentOS. Those are the main two we've seen CentOS, you know seven is a big one and Oracle Linux before six and seven are the big two right now that we're seeing awesome and in the towards the end of the the show today, we're going to convert a CentOS Linux eight box to a rel eight box and it's a You know, I have 10 commands or something you got to put some stuff into place And so it's possible to do a your your own conversion But what kind of scale do you see people converting your own? Yeah, so usually it's it can go You know from a handful of systems basically usually critical systems that either folks don't have the ability to You know reset up like this being configured and nobody really knows how to reconfigure them Or it can go to thousands of systems where something like a Hadoop cluster for instance If those are on CentOS that's type of something you would convert but also Hey, all of our footprint has just been in CentOS and now we want to They convert them to a supported platform So that's that's where it kind of goes to and Where we try to really do that on a larger scale is bring in automation be an answer automation to help with that and kind of a planning process of not just The actual conversion but pre pre conversion and post conversion So the whole process actually goes through smoothly And I know that we're going to talk in a bit about kind of best practices and things like that. Yeah I'm sure I will have questions there about like Testing and do you do it in phases and Uh, so I I will ask you those at the appropriate time. I'm with that. All right So how does the conversion process actually function Do you want me to take that one drone or yeah, I'll let you take that one Terry. Okay. So the way it works is we have this utility called convert to rel and it's It's it's still in a quasi supported state It's it was developed in partnership with consulting and engineering And so we're still in the process of making it a final broadly supported utility But it is accessible to anyone today And we're very very close to declaring criteria on Support so that we can simply say it's supported go ahead and use it. We'll support the results And so the way the utility works is you download this utility and when you run it you provide it as certain parameters It's it's going to want ideally a subscription We can talk about those offerings in a moment, but the best way that the tool runs is when it can access Red hat to download the latest versions of packages because you're always better to go and Upgrade where the packages need to update themselves rather than a package downgrade And I can talk more details about that in a moment as well. But um, so you provide your credentials or Not authentication key but registration key and so that it can access your subscription And it examines your system. There's a few files. It needs to change and manipulate because we have Oh gosh, I am drawing a blank today the PIM files the the Authentic certificate certificates certificate keys. Thank you Certificate keys that helps with that whole supply chain topic I was talking about before so when it downloads the content it validates that the packages are coming from a trusted source and that the packages validate You know validate themselves with the signing key and everything and So it's going to examine the packages on the system make a few changes around red hat subscription manager the red hat release files things like that and it's going to examine your Your your repositories and look for like any repos that you might have configured that Um, we have concerns about like might cause you problems Or possibly disable some it's going to make sure that the newer red hat repos are configured And then it's literally kind of like a patching cycle takes about the same amount of time so um, it's very similar to You know doing a yum update to update to a minor release Where it's going to replace every package on the system and it literally just downloads all the packages and and then does the Basically like a package reinstall. There's a few other things under the hood that it does It does a few safety checks and things like that, but that's pretty much the way it works Okay um So Jaron, there's a an old adage that if you've failed a plan you've planned a fail so somebody is considering Doing a conversion. What type of stuff should they be prepping in advance of that? Before they actually execute on it. Yeah, and definitely one of the first things there really is What we feel like called pre steps Of how do you actually back up or back out if for some reason something goes wrong? Because again, you want to do the conversion But you want to make sure that hey if we do have a problem and it's usually unexpected and you try to you try your best to Go through like a kind of a dev cycle and then go to production So let's try in our dev environment to test this out build the workflows and then go to production And then as we all know everything in production does not look exactly like dev But one key mitigating piece there is actually having some type of backup Either a vmware snapshot if it's vmware or any virtualization snapshot really Or using a tool like boom if it's a physical machine so you can actually restore the machine if possible if things Do go wrong, but I think that's kind of the key thing But really kind of following the process of starting in dev Testing it out building your workflows there and then basically strategizing how you're going to build in production And of course having that backup as part of that workflow. I think is the key there Okay, and When they when you're preparing do you need to do anything like Build out what packages you have installed or third-party packages that might be there like When you're doing that prep work, what are the things you need to be keenly aware of? Yeah, definitely any third-party Repositories or those packages And making sure and some of these things you'll find out as you're kind of doing things in dev To see if some of these third parties the packages have issues or are Not even the version that ships are red at so some of those maybe overriding versions of the sento s package That's there and then addressing those issues as well where oftentimes especially when you're in the sento s Space folks really just aren't thinking about it They'll just write over packages that sento s ships and not think much about it But if you're going to go to the supported model, you want to make sure you're using the packages that are shipped by red hat for those packages Yeah, for sure I worked in a Development shop for a while And one of the guys needed to get an updated or he wanted to install image magic on a box And he pulled down the tar archive and did like a make make install Oh Yeah, yeah, and it like overwrote a bunch of libraries. I'm like, okay. Oh, we'll be we blowing this box up and Scratch again. Thanks. Use the rpms. Yeah. Yeah, so yeah, and that's kind of the best case scenario really using rpms but just kind of watching out for uh, you know like that scenario there where somebody has a tar and It just writes over files and some a lot of times you can kind of catch those though in the dev process as When you do the conversion either things will work or either things won't work as you Start to test the application and say hey, this isn't working exactly properly And starts looking at the different libraries and hold on this library doesn't match up from what it should be Yeah, and I've actually been Looking at doing an article for the enable sysadmin community about always having Plan b Right because there are so many times where you're like troubleshooting and you're like editing a file and then Turns out that's not the thing but now you've got a changed file and you can't remember what changes you made to it Because you didn't account for that in your plan b. So your your plan b is Make a bootable backup Or a backup that can restore completely the state of the system exactly. Um, and But I guess that's it Yeah, and I'd say it's the the harder pieces definitely when you're dealing with visible systems versus virtual virtual gives you that kind of ease On the end just have to worry about is there storage for it where? physical if it does mess up, there's a lot more pain so having that backup is Very critical And if I was scheduling kind of a maintenance window to do to do the work You know terry talked about how it's a rather quick process, but while the process itself might be quick Maybe you got to Execute that backup plan, right? So what type of of maintenance window should I probably look at? Yeah, so I usually try to say Always make your maintenance when I'm big enough for the worst-case scenario so You know for a system mainly like maybe even two to three hours even though you will probably not come close to that If for some reason the the back out process you may even take some time the physical system that that might even grow A bit more because that you know that's going to be a case by case And that's something we would have more of a good idea when you're doing things in dev But that's where I would say would be a good time frame So if you do need to back out for whatever reason that you have time to back out and bring things back to Back to a working state Awesome. Yeah So this is a question for both of you What are some kind of issues that you've run across? several times or particular Points of contention that people should be aware of Sure, I can take this one and then hand it back to you drone The things that I know of As a product manager working with the engineering team and as we're prioritizing what we know we need to take care of These are some of the known issues that I want to make sure everyone's aware of And I don't want to scare anyone off. This is Especially the the conversation that just took place. We're being ultra conservative We we want to be safe with our customer systems because we don't want to see anyone in a bad position So I don't want to sound all doom and gloom But at the same time, let's do our due diligence and let's be careful So some of the known issues that we have is the tooling currently has a bug dealing with uefi hardware systems So it works great with bios legacy bios type systems. There's a known bug that we're working on We should have a resolution for it pretty quickly But the breadth of testing before we really release that, you know, there's a lot of different versions of uefi different hardware platforms So there's a lot of testing to cover So that's why it might seem a little simple to fix But when you think about all the testing we need to do it takes us a little bit longer Before we have that confidence level um So if you are using uefi based systems Hold off just a little bit longer And and we'll have that working for you. Um, we already talked about the third party repository content But I'll just mention that again anytime you're using third party software Red Hat does not necessarily know about that or know what you're using We we know some of the the big companies Net backup Many of our customers are using Some of the other semantech products and you know oracle databases But you know, there's a level of Um Collaboration that has to happen between partners and we can't always force other companies To test and evaluate and provide guidance to their customers. So we can't always answer every question So we always urge customers Know what is on your system? Which hopefully you already do if you're managing your environment. Well our best run Customers can usually tell us exactly what is on every system. Uh, so that's a very good skill to develop and um, so just have a conversation with those third parties and make sure that there's no compatibility concerns Um, honestly, we've not really seen any third party compatibility concerns because Centos did a really good job of at least being binary compatible compatible for the most part Um So we're not aware of any known issues. We're just being super conservative and cautious The exception to that is third party kernel modules In the windows world, we kind of call these drivers But in the Linux world, we call them kernel modules or kmods for short So third party kmods, uh, such as those used by some Graphical processors You know gpu graphics cards Also, we commonly see this with network and storage interfaces because The third party maybe melanox intel hp You name it any of the big oem brands They might have like their latest and greatest drivers available with the latest functionality That hasn't quite landed in the upstream kernel yet or flowed into The rel ecosystem yet It's all stuff that will eventually land But sometimes there's a timing mismatch and so Sometimes those can be just an unknown So i'm not saying that there's problems with it It's just that's an unknown because those are things that we can't test Another thing that's super popular in the community is a dkms dynamic kernel module System, I think it is. So basically that's a source A service rather that you run on your system and it uses the the compiler on your system and Nvidia has done this for many years where they they basically provide The source code for a shim that gets basically compiled on the fly And so this dkms service Will detect that oh you're installing a new kernel I better rebuild this shim and usually it does a great job But there's a risk there because it's not something that we can You know if you installed a different version of the gcc compiler or using some other third party c compiler We don't know that we don't know what exact combination So there's no possible way for us to to know or tell that So our recommendation is if you're using third party kernel modules or the latest k mods from a vendor Or if you're using dkms Don't use this tool. That system may not be a good candidate for conversion Especially if you're using any community repos like I know there's a community zfs kernel module for sentos And that would be a great example of there's a whole lot of unknown there. It might work. It might not I don't know But that's not something that's supported So that's those systems wouldn't be good candidates. So don't use this tool for those we are looking at future scoping of Working with some of our partners like nvidia intel melanox and others So that we can support some of those known use cases, but we're just not there yet um Antivirus is another unknown. We know it oftentimes use 30 third party k mods also antivirus has this unique ability to Identify what it thinks as suspicious activity And so we have concerns of what it's going to think is happening if it sees the convert to rel utility Taking place. Uh, so that's an unknown that we recommend Testing that on a system first. So if you're using Antivirus software, I'm not saying you can't proceed. It's just we're not testing that yet So we encourage you to test it thoroughly and evaluate that and make sure that it's working And we'd love to work with you if you're a customer or community user that's going to test that We'd love to talk to you about it and work through that with you because any findings that you discover in your own testing We plan to test on that in the future So if if you're already doing that, we'd love to take that information and then Incorporate that into the future testing when we do get around to it um, the other big one is clustering if you have a system that is Clustered it's important enough to need high availability That deserves an extra step of caution right because you've already deemed that environment that very important So right now we have that out of scope That our goal is simply to detect clustering is in place and have the utility simply stop So we don't consider those as good systems for conversion at this time It might be something that we can look at more in the future But currently our recommendation for clusters is a true migration to other systems rather than an in-place conversion Yeah Oh, sorry go ahead Jero Oh, no, and I think actually Tara kind of hit on on most of the points and especially with the the kernel module pieces And that's where I was talking about the pre the implementation and then the post Piece of like a workflow that's something that would become part of the post piece of the workflow of okay We've done the conversion. We know this piece Needs some fixing up and that's what becomes part of that It's okay now the fix-up process for the nvidia drivers for instance. Let's fix those up and make sure they're functioning post the conversion and Red Hat doesn't support third-party kernel modules Anyway, when I say support, I don't mean they don't work I mean that you don't call an open support cases against red hat for nvidia drivers, right or VMware drivers So When we say that they're not supported or that you wanted to be extra cautious about them We're recommending that because We just want to make sure that If you're using them that you They're still going to be unsupported Even though your goal of coming to rel may be to gain more support, right? Correct correct Yeah, and a lot of this is It's it's uh wording is hard, right? So there's some of this stuff where it's It might work fine, but we're not testing it yet. Therefore we can't we can't really say it's supported because we're not able to test certain scenarios and Ultimately though the way this works is If you get a system that successfully converts to rel That system will be supported But if you run into issues using the tooling and you fall into one of these scenarios The support might get turned away because You know, we've documented don't do these things or the system is it not a good candidate because of this So it's um, I don't want to say it's 100% unsupported It's just we're not able to test all these things use caution if your system breaks Because you did one of these things we guided against It's definitely going to affect The level of support you get if that makes sense right so like if the tool stops because it sees that I have some clustering packages installed and I do something super horky and force it to continue anyway and then it comes up, you know boots after the conversion and my cluster doesn't work anymore or my database doesn't work anymore. That's a place where you would not consider it a fully supported system because You very obviously transgressed against the the guidance that we are providing on usage of the tool Yeah, and so our response to something like that might be um You know simply back, you know take copies of your cluster configuration uninstall the cluster software reinstall it And uh, and then reapply those configurations that would probably be the level of guidance that you would get so it's uh, it's not like you're going to be totally turned away and left defend for yourself, but There's you know, it's it's not something that we can guarantee we can fix an existing broken system It might be some level of you need to rebuild this environment or at least rebuild part of it Yeah, and backup plan will play a part there having that backup Right, and and I think that's the other point I wanted to make is that we're disclosing that there are factors of risk and if you know that the risk exists you can determine what level of Of effort you want to put against mitigating that risk and so if the Thing is that we just kind of give up and we restore to our known good state backup There you go. That's that's the mitigation of said risk Good and then Uh terry we talked earlier about how fedora is not a good kind of virtual candidate Um, what about sent to us stream? I think you're on mute terry Sorry, I have a habit of always muting myself Yeah, so, um, that is a great question scott. Um, so sent us stream We are not currently testing that we're very very interested We want to see sent us stream be as successful as possible and we want to enable our customers to Use sent us stream and when needed convert to a supported platform. There's some unknown questions there right now Um There's I'm going to go a little bit low level for a moment and so bear with me, but When you install rpm packages one of the things it does is it runs these little rpm scriptlets And those rpm scriptlets literally can be like shell scripts or even python scripts That are embedded in the package and Those scripts are not uh item potents like they don't check if the system is in this state So for example a known rpm scriptlet problem is Uh, i'm going to install the apache web server if if that Package uses a simple shell script to add the apache user If you run that and the account already exists It's going to produce a failure command because those the scripts are very simple minded They just say do something and there's no intelligence to know that That account already exists. So don't do it And also there's no reversing. So when you Install an rpm package Usually the package maintainer will provide uninstall scriptlets to undo or reverse everything that was already done In and so When you When you upgrade Usually open source packages rpm packages those maintainers are always thinking To the future moving forward for upgrades and very rarely do they think of the opposite? What happens if I need to downgrade this package? um, so we already have a known issue with that with If you want to do an rpm downgrade or a yum downgrade That's already got a lot of known issues Sometimes it works beautifully But we have known issues especially anytime the kernel or glibc is involved where a customer might say You know what? I just upgraded to 7.9 We're experiencing a problem. We don't know if it's with the os upgrade Or if it's with my application or something else we need to do a root cause analysis So in the meantime, we need to revert it back to the previous state And so if they upgraded maybe from 7.7 to 7.9, maybe they skipped a minor release in between Doing that downgrade could impose problems. So already with simple straight supported raw minor releases. We do not recommend Doing a downgrade So the concern with syntosh stream is it introduces a similar package downgrade The content that is in syntosh stream is content that we intend to eventually include in rel But it's very new. It's unknown. So it might be possible in the future that We test something we put it in stream We see problems and we decide no we're going to remove it or defer it to later or Or something. I don't know And so if you try to convert a syntosh stream system to a supported raw minor release We don't know what kind of rpm Downgrade package scenarios we might run into Again, this is us being super conservative because We provide enterprise stable linux. That means we don't get crazy experimental Fedora and syntosh stream are good ecosystems to be a little bit more Experimental but when we say enterprise linux is supported We really mean it and so it's not that we want to discourage innovation It's we need to make sure our customers are safe Are safe rather and and so that's the concern there with syntosh stream All right, and I saw that there was a question in chat about rel subscriptions So I would say that if you so the question is if I don't have a rel subscription Can I test convert to rel particularly with vms? I would suggest that maybe the developer for individual subscription might be a good match to that use case Or you can also get an evaluation subscription Where you get I think it's 30 or 90 days of a rel entitlement if you wanted to use it for evaluation and testing so there are ways that you can get a A rel subscription to to try out doing this conversion Yeah, I guess I'll add to that. You can also use a customer repositories as well So you don't have to connect through our hsm and I believe we have in our link On how to do that. So if you do need if you need to use a local iso or Get rel through a web server We have some instructions in our knowledge based article on convert to rel that that spell that out Yeah, and I'll actually be using an iso and the repose on the iso today in the in the demo So terry you one last thing one like, you know Storytime with uh with scott so I was working on a doing applying updates to a whole bunch systems and After I had applied updates to this one box that was running enterprise database I couldn't get the enterprise database to Start up its storage. Drivery stop and After like just rashing against the machine troubleshooting it We finally got it back up and working and it turns out that the cause of the problem Was uh in short, I'll put this for us to paste in the channel to In the rpm uninstall scriptlet There was uh or actually it's a Not rpm. That's remove There was an rm command that basically said rm live modules and then had a uname dash r encapsulated command And then the path to the driver that had been built against that kernel Except I had booted into the newer update kernel and That script or that that rpm would build one and replace it and I didn't need to replace anymore Because I had rebooted the machine when I ran the rpm command to remove it it actually deleted the wrong kernels kmod And then I couldn't use the hba controller anymore because That the module was gone so yeah, like It it would have been great to have a little bit more logic in it than that but uh, but yeah, there was that Yeah, that sounds painful And I'm sure that wasn't solved in five minutes, right? It took you a while to figure out what happened Yeah, and and this is a place where I have never once had someone complain to me That we finished the maintenance earlier than the maintenance window Never once But this was a situation where we went over the maintenance window And there was much anger Even though it was the weekend and the system wasn't actually in use But there was anger that we had crossed over the threshold of our maintenance window Um as we were trying to diagnose troubleshoot and repair this box that that had gotten medical So Yeah, it happens. Everybody has stories All right, uh, so I'd like to switch gears and and do uh demonstration But before I do that, I want to give both Terry and Jerome any An opportunity to have any last parting thoughts before I switch gears and they make fun of my terrible typing Yeah, I think good to show the demo All right. Yeah, let's see it Man, just pressure's on No pressure. No pressure But don't mess it up Oh, and so what I'm going to be using is the uh Short I think you already pasted it in the chat the um I'll grab it again red hat a k-base article on how to execute convert to rel um So I will just be using that as my guideline But one of the things that um that it starts off with is Excuse me uh It doesn't tell you how to prepare your environment to to to get access to the rel software So first thing is i'm just going to go ahead and install this convert to rel rpm Maybe You can do it I I can Happy and pasting between machines is hard Yes, um So here we're installing off of github. I already have to install in the box, which is yay You can also download and find this from the red hat knowledge base article And then there's a short link that that takes you there. I think uh Short has already pushed it in the chat as well The other thing that I've done to this box is I've attached the rel eight re iso to it And as terry mentioned one of the things that's going to happen Is we're going to replace some of the sent to us linux eight packages with their rel eight counterparts So we need to make the repositories for those rel eight rpms available So i'm just going to go ahead and um make a couple of quick repositories All right, so uh in red hat enterprise linux eight there are two repositories included with the install media Once called rel eight base os sorry base url And the other one is rel eight upstream That's right And i'm going to go ahead and melt that place up To the directory as well. All right, so there it is There's the upstream directory which should go with the rel eight upstream repo that i've created and the base os one So i'm just going to real quick do a yum Recover rest if i work correctly Yeah, so there's upstream there's base os and I think we're Good ish um, so now that i've got the Repositories created i've got the tool installed Um, i'm going to go ahead and run convertorl And because i've got local isos i'm going to run it disabling subscription manager Do we lose your screen? Did we? No, yeah Yeah One second This is the joy of live streaming folks. You never know Which api is going to break when? Well this the box that is my uh hypervisor has been a little bit squidgy of late um That's that's a technical term by the way. You didn't know squidgy. Yeah, the uh, the squidgy-ness Yeah, i think it needs a uh, a diet again My browser keeps blowing up on it. I think yeah Your screen Share that screen So I think We're good. All right. Here you go so We're enabling the rel eight base os repo and we're enabling rel eight Appstream And I did I see that I never yeah And I want to enable Extra verbose logging as i'm doing this. So let me just yeah, please do so we all can see One quick look to make sure it looks cool me Yeah Bam All right, so are you sure are you sure? So we talked about all different types of risk factors and I already made a backup of this system So I can get it back right because I always have a back out plan And uh, so we're going to go ahead and say yes And uh, it's going to basically verify all the packages that I have you see it's calling the command rpm va there And what it's looking for is packages where I may have Changed configuration files Or maybe there are Files that have changed that would actually be Something that would detect the situation Jerome mentioned earlier where somebody has overwritten the libraries or something With uh, oh Do you think there's a whole environment there again? Yeah, I did But it's worse my uh, oh that power off. I think my box died. Oh I'm sure the VM's fine. It's all good Do you need me to take over? I mean No, like I Actually was having a long time to take over to have to install something that would have to be converted over That's right. You'd have to have a relic. Yeah. Okay. So yeah, the whole thing died. All right. So in other renews um It would run Increase your font size. Okay. No, right. All right. So it was running and then my box like literally kernel panicked and rebooted The hypervisor layer Nice In other news, I'll be doing the same demo in a red hat conversion session in two weeks Good Good. I'll be reinstalling the hypervisor. Yay. Hey, you might want to clean out and test VMs. Yeah, I'm glad we did this All right, well, so it was on its way to converting It does the rpm va and then it figures out what packages it needs to replace And then stops and goes, okay, we're about to we're about to cross the threshold of Unmangling you can't you can't go no going back. Yeah, right And we'll ask if you want to do it and if you say yes, then it'll start Downgrading or replacing the command the rpm's with the new ones and Yeah Well well At least it wasn't convert to rel that was the problem. It's like yes. Well, that's true That's like next level broken Scott if you like I might be able to do this for you as well Unless you just want to give up Well, I this box is gone So, uh, yeah, if you want to grab the screen share and and run a conversion. Yeah, or All right, I know that we provided a Video of the conversion being executed that would be the safe way to like look at it, right So Yeah, I mean, this is live streaming. Why would we play a video? All right. Why would we yeah sounds great All right. Do you see my screen here? Yeah, you could tune up the font a little bit So this is uh, this is the rel web console Which i'm a super big fan of I have this running on my uh, my hypervisor Which is actually a rel 7 hypervisor because I've not yet gotten around to upgrading it Actually, you know what it is years ago I tried putting open stack on it and doing like a single note open stack And I just like never cleaned it up and I'm afraid there's still like some weirdness. I see in the logs I'm just afraid to do anything might be a clean install sometime soon in your future I yeah, I need to just buy a new box and spend some money and then do a nice clean rel 8 on it So anyway, I'll go into virtual machines. Here's my little Virtual machine that I use for centos to rel 8.3 So I'll go ahead and run that Let me pull up my terminal And while it's starting up and so Oh goodness So I had to search my history So here's a little playbook that I was testing And so the first thing I do is I validate is this really centos or oracle enix And then I check is it the latest version because I'm still of the mind. Let's make sure I'm starting from the latest version possible Because I don't want to combine a conversion with a minor release all at the same time Let's let's like separate that out. So I'll just update to the latest centos first and then I'll do the conversion That's not a hard requirement. That's just my personal preference And then it's going to download the latest version of the package for me and then it's going to run the The tool and in this case, I'm using My own personal individual developer subscription And once I got that I went to the customer portal and I created A red hat subscription key and so I'm passing those to it. So it's actually pulling packages over the internet Because I'm also of the mind and we might make this a support criteria as well if you're installing against If if you're going to convert using the dvd iso, which doesn't get updated But yet the system is using the latest errata updates pulled over the internet You potentially face another package downgrade So I don't like using the dvd unless I'm going to convert like a 7.8 system to Uh Wait, what's my number 7.8 to 7.9? Um, so that I know I'm getting the migration is is using the latest packages Um, I don't like package downgrades Anyway, so that's that's what I'm doing here But I'll copy and paste the commands because you don't get to see it run I'm using the auto answer flag. So you don't get all this to see all the commands run that scott was pointing to So let's see. Can I log in now? Yes, I am in so I mean, I've pointed to them terry, but only until my box died You're you're already doing like way more right Am I doing way more Well, we'll see once it starts running, but I I have faith. I know it's gonna work Way better than than mine worked I have tested this about 10 times and it hasn't failed yet, but I was not live. So, you know the demo gremlins. I'm sure are present and watching A live demo. What could possibly go wrong? Is that even big enough for you to read? I can read it. I can read it I mean There we go. All right, so I installed the package Now let's see. I forget what the key is here copy and paste So I don't need to do any of the repost stuff. So let me back out these ansible variables And let me find my key I have it in another doc that I just need to copy and paste And of course I close that doc So I was doing a demo for my local user group recently There we go. Hey So yes to the yula So the first thing it's doing Scott. Did you already talk about this? I forget where it's this. This is right where my box Went belly up. Yeah, it pretty much died right here Thanks short. Thanks for rubbing it in No problem. Hey, you know what? We had like I said earlier We had a wonderful little level up hour this morning where neither playing nor I could figure out what was going on So yeah, this is just par for the course today So Scott you already had plans to talk about this. Do you want to talk us through what it's saying now? Or do you want me so this is the uh the point of no return, right? So when we answer yes to this question, we're actually going to start swapping the packages out So if your box dies unexpectedly at this point where it's swapping packages out, you'll not know what state it's in Or if it has some kind of wonky error During this stage That can cause you an uncertain state. So that's Here's your last chance to the back out of this process before moving forward Actually, I think there's one more before we get to that last step because it actually tells you this is the point of no return Um and it's not saying that yet But what's interesting is it's it's flagging itself as not an official red hat package Which I think we are going to be signing it with the red hat key shortly ish We are we're talking Probably weeks, uh, we will be providing A signed version of this package from an official red hat dot com Download page so that you won't have to get it from github cool um So basically it's identifying some pot packages that will be excluded It downloads the red hat subscription manager it does some stuff Oh, maybe that was the point of no return. Oh, no, right. It's only doing subscription manager so Yes, and no and this is one of the um Bugzilla arguments I've been having one of the devs on the team. So it actually downloads some things like the centOS Release package And scrolls it away somewhere And there's like three or four other things that go along with that and um If at this point something goes wrong you can recover the system by finding that squirreled away location And undoing the things that it did But there's not a great set of instructions on what that means And uh, we're looking at your screen there terry Yes, uh, which screen do you see right now? I'm seeing the only the wrong logo on it The terminal? Yes Yeah, the terminal sorry Okay, so we have an error. So you're seeing all these error messages uh-huh So I forgot I deleted this activation key um So because I was doing it for my local linux user group demo um He didn't want them to use your activation key later. Yeah, I don't trust that group. They're my friends So Give me one second. I can probably create one for you No, I'm going to demo that if we have time. Do we have a hard stop? Uh, I don't have another meeting for another 20 minutes or so. So there's no hard stop I do but I'm more interested in this one You have to make a choice now Is that meeting with you scott? I forget. No, it's not but I uh Uh I am now late for a meeting that got dropped on my schedule five minutes ago. Oh fun So, yeah, but are you really late then or did you just not get the message? Well, now you've admitted to it live on tv. Good job. No, it's a little bit of a It's a little bit of a Oh, I can leave guys, but thanks for having me No, thank you. Thanks Ron. Thank you guys. Great to see you. Thanks Ron So scott you just tell me where to stop but I went to access.redhead.com. I logged in with my personal I'm going to subscriptions That's going a little slow And this is the right order No, this is the wrong one. Let me log in with a different one I have two since I do a lot of demos So basically I have one as my personal and then one as my work demo account I have to do the same thing now And I always get the two mixed up. So I go to subscriptions You can see I have one active subscription I will go to Is it manage? Yes activation keys My demo is right here seven yep Okay, so This is going to be interesting. I have not done this before so we need to stop this guy And do it over and I have no idea if that's going to confuse it or not Oh, we need to unregister first, don't we? No because we never successfully registered So I should be able to just change this to my demo Yes And so this is the step that usually takes about 30 seconds to a minute And then the rest of it goes relatively quickly And I guess we can call it a wrap once we see it actually installing packages Now if I had properly planned to fail I would have been more prepared with my activation key already defined I'm ready to go. I mean I'm I'm pretty happy that you're able to pull together when like all this. Yes, everything just train wrecked on me It's like, oh look over. There's another track with another train. Sweet. Let's jump on that Well, we're not done yet. So True There's plenty of room for fail promises promises There you go So now it's basically creating identifying the repository files for the official repos that's pulled from our content delivery network And And just one note terry One of the reasons why we want to use subscription manager is because I'm guessing this is a rel or a sent to us a three box And if you've been updating it And then you can you add the iso for convert to rel to use um your sent to us one x 8 3 box is Further ahead Then the iso those were initially released with 8 3 right you've applied updates and other stuff And so that's where you're in the situation where you'd have to downgrade a bunch of packages But here where we're pulling from subscription manager You're getting the latest rel packages as well Right. So here it's saying it's going to replace those sent us packages. We'll say yes to that Another benefit of using a subscription that i'll show you Once it starts doing its thing Is included with the individual Uh developer subscription Uh, here's here's your point of no return Right, but uh prior to that it's it's talking about the packages being removed That's where it scrolls them away in this other location If you say no you still have to kind of undo some things to get it back to right to rightness So it looks like first it's doing the kernel all by itself I usually we're gonna coffee at this point. So i'm not used to watching it Well, what were you going to tell us about the benefit of a subscription? Yeah So it's really cool. Um Insights red hat insights comes with free developer subscription So another benefit to this especially for your home lab The individual developer subscription is good for up to 16 instances. That's a pretty awesome home lab I don't have that many devices in my office that in my home lab that can Use all of these up and uh, let's see. I forget where it is. I want to go Wait, that's another site isn't it? Is it insights? Cloud.red hat Don't tell anyone it used to be something else, but now it's under cloud. So as we've made it more convenient So i'm going to go to the insights dashboard And we see all of these cool things So i'm going to go to inventory first. Oh, I haven't registered it to insights. I need to wait on it to finish So I'd have to actually Um type in the command insights client register before it shows up But it would eventually show up And I would see it here. So I don't have anything yet Uh subscription watch Basically, you can see a nice inventory of all the subscriptions that you have in use Um, so yeah, I guess this isn't telling us a whole lot yet But once I register this system to insights, I'm going to get all of these cool tools advisor Vulnerability, you know, if there's another name brand security vulnerability that is circulating the media Like I'm going to be able to see which of my systems are vulnerable I'm going to be able to download remediation scripts as either shell scripts or ansible playbooks So that I can take care of that So there's a lot of cool things that we're making available with this free subscription as well And so you get that when you convert those sento systems to rel So, uh terry maybe Regging with insights would be an option for your converter. Oh Yeah, it's just I don't know that it's going to be done. Yeah, I feel like this is going to take quite some time Um, yeah, because this is just running a VM and I'm streaming video while it's trying to download packages Well, so after this happens you reboot the machine And that's a new kernel. You're done. You're off and running. Yeah. Yeah so, um And also at this point if it completely derails You're probably in the state where you need to do a restore from backup Right to get back to the normal Okay Is that a fair assessment terry? Correct. Yeah, and this is going to work I let to see a clean system stop sento system fail even with apple packages installed I've never seen any of the apple if you're not familiar with that community repository. It's called extra packages for enterprise linux, but most of us call it either apple or apple And even using content from there We're not testing all of the content in that repository, but I'm not aware of any issues Using it. It's uh very popular among our enterprise customers. Yeah And uh, I've actually used convert to rel from there Which meant that it was actually installed on my sento s linux system that I was planning to convert And it was available after that too if I were correctly So I'm going to log back into my true personal account Because I have my homelab systems registered there because I want to while we're waiting. I want to show off insights It's important to note that we had John Spinks on the program. Um, maybe a month ago Has it been that long? Gosh, it feels like yes. Yeah, but yeah, I guess so Well, when you're bi-weekly or semi-monthly, whichever you prefer Yeah, so here under my inventory you can see I have my hypervisor Registered that's rule seven And then I just have a couple VMs that I use off and I call them my utility VMs And when I come to the dashboard, I see this Nice interface that it's telling me I have zero critical Issues that are affecting my systems that are registered Two important three moderate. So let's go ahead and click on important and let's see what they say Uh, so there's some uh samba issue. Yeah Installation of packages Oh, is that because of the the upgrade thing that scott was talking about? No, he's not well, maybe but it wouldn't impact the box that he's converting now because it's not yet registered Oh, yeah, good point. Yeah, my syntos system isn't registered Syntos cannot register to insights Uh, correct. It can never benefit from any of this stuff um But what's nice is it lets you know the your systems have these concerns And it makes it really easy for me to just click these links and learn more risk of the change is very low I still don't exactly understand what this means installation of packages across major release hit the knowledge base article so if you installed a Maybe you installed a fedora package on that box Yeah Not a rel package because it was close enough for what you needed That would trigger that remember. This is advisor advice not uh, not vulnerability cvs So these are things where we think that's important that you yeah Know the state is wonky So this is my tab server box. That's my main trusty hypervisor And at one time I installed open stack and I've had this box running rel seven since rel seven dot zero I think It's not a clean system Yeah, and it could also be that you pulled a um Pulled a package from the repo that Obsolute a package like a third party. Yeah or something. Yeah Yeah, it's it's a dirty box um And it's one of the things that you can do now is you can um kind of accept the Accept the advice and basically remove it from the list. It's in the dot dot dot if I remember correctly Where's uh right here the menu dots disable recommendation. Yeah, so it's like I'm good I know that this is a problem. So stop showing it to me So is this global or just for this one host? uh This one is I believe I believe this is going to do it for all of your hosts. Okay. It's a good one But I haven't tested it. So that's that's like you know My feelings not facts, right So somehow I have not updated samba in a long time That's well Is that one of the Are you one of the few people that haven't upgraded and you're still like possibly a victim of Cry or something I feel like that'd be more than important I thought I was running the latest a rata of rel 7.9 on this box because I do update it But you know what for a while didn't we ship two versions of samba? We shipped a samba three and a samba four I think so a little bit So that it could be that I'm running the old version and I need to So I'll I'll take care of that soon and now that I've told the world what version of samba I'm running Well, we'll get right on rendering your box unusable. Yes So I can click on an individual system and I can see Just the information that applies to this host rather than all of my environment But let's check on the status of the conversion It's wrapping up Almost done well It has 342 packages to apply Oh, yeah Oh, look at all those scriptlets So, uh, scott, do we keep going or should we wrap up so that you can I think we can call it good and go After this if you don't survive it it needs to be restored from backup If you do survive reboot and you'll notice the red hat kernels in place if you do a uh, you know, check out the Red hat release file it'll tell you her on red hat enterprise linux and at that point you would Because terry converted with subscription manager it'll register And then if you wanted to also register to insights that would be a post reboot task to do the insights client dash dash register But yeah, I think this is good Awesome awesome So terry, thanks for coming on today. Hopefully you enjoyed it and it wasn't too stressful No, not at all. Thanks for having me Thanks for saving my bacon by the way. Yeah, I appreciate that Awesome great show. Thank you everybody in the audience for your questions And uh, stay safe out there folks Make sure Thank you. Thanks everyone