I have a production web server that is centios stream 8 and that I need to migrate it to Rock 8 for security patches. The network configuration is such that all downloads to the server need to be done through an ssh tunnel. For example the dnf update command will work through that tunnel.
When trying to run the migratetorocky script it fails because curl is not set up to work via the tunnel. Please advise on how to proceed with the migration. Would it be possible to transfer all the required programs and files for the migration prior to starting the migration command so that it can go through the migration steps using the information downloaded locally? After the migration, all updates should work fine since the dnf update command works via the ssh tunnel.
Unfortunately migrate2rocky doesn’t have an option to be able to use local repos. You would have to modify the script to be able to do so. A quick summary of what would need modifying:
The Rocky Linux GPG Key would have to be pre-downloaded and migrate2rocky modified to use that key instead of attempting to download the key itself (around lines 141 and 1279).
The repo URLs for baseos and appstream need to be modified to point to a local copy of those repositories (line 149)
The rocky*.repo files need to be modified after they are installed to point to the local copies of the repos by adding code to do so around line 1098 (before the distrosync).
In addition to this you need to have a working local copy of the CentOS Stream 8 repos from vault and have the appropriate CentOS-Stream-*.repo files modified to point to those local copies. You should not have to modify migrate2rocky for this step but in case you get issues it may help to modify all the centos-stream URLs from line 623.
I believe that this is all the places that need modifications but keep in mind that there may be more and it would be very easy to make a mistake which screw up the migration so make sure that you have a full backup as well as a snapshot that you can easily roll back if you decide to attempt this.
Otherwise it may be easier to just temporarily allow a proper internet connection through to the target machine and then change it back once your migration is done.
I have successfully downloaded the Rocky Linux repositories and placed them in a local directory at /home/wmclaughlin/rocky8repos. Additionally, I have saved the GPG key at /home/wmclaughlin/RPM-GPG-KEY-rockyofficial.
I plan to modify the migrate2rocky.sh script with the following changes:
Replace the lines around 141 and 1279 to use the pre-downloaded GPG key:
Add code around line 1098 to modify the rocky*.repo files:
sed -i 's|baseurl=.|baseurl=file:/home/wmclaughlin/rocky8repos/BaseOS/|’ /etc/yum.repos.d/rocky.repo
sed -i 's|baseurl=.|baseurl=file:/home/wmclaughlin/rocky8repos/AppStream/|’ /etc/yum.repos.d/rocky.repo
Unfortunately, I was unable to download the CentOS Stream 8 repositories to create a local copy. I attempted to use the mirror at https://vault.centos.org/, but I was only able to retrieve a robots.txt file.
Could you please advise if the planned modifications look correct for proceeding with the migration using the local files? I am still using an intermediate machine to transfer files from the web, and I have not yet been able to establish an open internet connection on the target machine.
Don’t forget that the code around line 1279 has to be modified to work with a local file instead of attempting to download from a URL.
Local repos need to be specified with a “file:///” URL.
This will not comment out mirrorlist= lines and will leave baseurl lines commented, but modified. Also it should be file:///home/… (three slashes initially). Also these regexes will not do what you think, experiment with sed on a copy of the files first to see what they actually do.
I suggest:
sed -i \
-e 's|^mirrorlist=|#mirrorlist=|' \
-e 's|^#?baseurl=.*releasever/|baseurl=file:/home/wmclaughlin/rocky8repos/|'
Thank you for the assistance. Although I was not successful with the migration using local files on the remote server, I was able to do a fresh install of Rocky 9 there from the DVD iso. FYI dnf update no longer worked via the ssh tunnel to the remote server, possibly due to its use of curl, so we established local repos on the remote server. These are updated from repos created on a server that does have an Internet connection and transferred to the remote server using scp.
Also the restic snapshot of the Centios 8 stream server was instrumental in enabling the efficient retrieval of the data and configuration files for the move of the server to Rocky 9.