SUSE Linux Enterprise Server: Upgrades & Migrations
54
1 SUSE Linux Enterprise Server: Upgrades & Migrations TUT1146 Paul McKeith – Sales Engineer [email protected] Thorsten Kukuk – Senior Architect [email protected]
Transcript of SUSE Linux Enterprise Server: Upgrades & Migrations
1
SUSE Linux Enterprise Server: Upgrades & Migrations
TUT1146
Paul McKeith – Sales [email protected]
Thorsten Kukuk – Senior [email protected]
2
Agenda
1. Destination: SLES 12 or SLES 15?
2. Upgrade or Fresh Installation?
3. Upgrade Paths / Methods
4. Upgrade / Migration Process Tips
5. Appendix: SLES Support Lifecycle
SUSE Enterprise Linux 12 or 15?
3
4
Support Pack or Major Version Upgrade?What are your goals?
GOAL: Maintain Support
• End of Life / Lifecycle & Longevity
• IHV & ISV Certification Requirements
• Regulatory or Enterprise Policy Compliance
• Compatible yet secure via backports
GOAL: New OS Features - May require SLE 15
GOAL: New Hardware Support - May require SLE 15
GOAL: Minimize Uncertainty
• If its not broke, don’t fix
GOAL: Maintain Support
• End of Life / Lifecycle & Longevity
• IHV & ISV Certification Requirements
• Regulatory or Enterprise Policy Compliance
• Compatible yet secure via backports
GOAL: New OS Features - May require SLE 15
GOAL: New Hardware Support - May require SLE 15
GOAL: Minimize Uncertainty
• If its not broke, don’t fix nor secure it! (example: TLS 1.2)
6
Server Platform Product Support Lifecycle
SUSE ten year support commitment for
SUSE Linux Enterprise 11, 12, and 15
https://www.suse.com/support/policy/
8
Server Platform Product Support Lifecycle
SUSE thirteen year support commitment for
SUSE Linux Enterprise 11, 12, and 15
https://www.suse.com/support/policy/
9
More time!
Long Term Service Pack Support (LTSS)An option that provides up to 3 years of continued access to technical
support, maintenance and security patches beyond general support
expiration date.
• For vanilla SLES 11,12, & 15 + SLES for SAP 11 SP4
• https://www.suse.com/products/long-term-service-pack-support/
Extended Support Pack Overlay Support (ESPOS)Total of 4.5 years of service pack support (1.5 yrs General + 3 yrs ESPOS).
• Now included with SLES for SAP 12 & 15
• https://www.suse.com/c/suse-linux-enterprise-server-for-sap-applications-
support-update/
10
SLES 12 is not SLES 11 SP4.5
Binary incompatible (shared libraries)
New features requiring major changes to base system
Introduction of systemd
Filesystem changes
Old cruft removed
Chance to resolve old mistakes
11
SLES 15 is not SLES 12 SP5.5, but…
• Differences far less than between 11 & 12
• Filesystem changes
• ReiserFS (no longer supported)
• BTRFS sub-volumes / file locations
• Next step with systemd
• Hardware support (see slide: Hardware 2/3)
• Processors, NVDIMM
• Security, Performance
• Multi-modal OS – The Foundation for the Modern Enterprise
• Software Defined Infrastructure (SDI) – Containers, Kubernetes, Software Defined Storage
• Cloud Native Application Delivery – DevOps & CI/CD
12
Workloads
What is running on your system?
“Small” services like DNS?
“Big” services like SAP, Oracle, etc…
How long can the services be down?
Is your 3rd Party Software supported on SLES12 / SLES15?
Some ISVs don't support a general major upgrade of OS and will require
a fresh install
Adjustment to configuration of third party packages may be
needed
13
Hardware (1/3)
How old is your hardware?
Architecture changes
i586 (32bit) to x86_64
POWER: big-endian to little-endian
Support for old graphic cards removed
Token ring no longer supported (SLES 12)
Support of some disk controllers is may be removed by your IHV
YES Certified Hardware: https://www.suse.com/partners/ihv/yes/
14
Hardware (2/3)
Upgrading to New Hardware too?
• Today SLES 12 SP5 & SLES 15 have the same kernel
• Similar but different hardware support
• This will increasingly diverge over time
• Intel Optane Non-volatile DIMM (NVDIMM) - SLES 12 SP4 & 15
• New x86 processors from Intel (e.g. Cascade Lake) and AMD (e.g.
ROME)
• Processor vulnerability OS (software) vs. on silicon mitigations
• YES Certified Hardware: https://www.suse.com/partners/ihv/yes/
15
Hardware (3/3)
Do you have enough free disk space?
RPMs and data are continuously growing
Fresh Install will “reset” the baseline
OS Binaries and Data separation
BTRFS snapshot(s)
rpm cache
16
SUSE Linux Enterprise Server 12 SP5 or SLES 15?General Considerations
Align decision with deployment lifecycle and ISV requirements
• SLES 12 will reach end of all general support 31 Oct 2024 (last SP)
• SLES 15 will reach end of all general support 31 Jul 2028
• SAP Note: 2255581, 2578899
• Other ISVs
SLES 15 Highlights…
17
SUSE Linux Enterprise 15+
• Kernel 4.12 (GA), 4.14 (SP1), 5.x (SP2)
• Unified Installer (15)
• Next step for systemd (15)
• init scripts have been removed
• innserv-compat for 3rd party
• systemd-timer is replacing cron
• reiserfs NOT supported
• Modules Changes (15 sp1)
• # zypper search-packages <pkg>
18
SUSE Linux Enterprise 15+
• 389 Directory Server replaces OpenLDAP (15)
• Firewalld replaces SUSE Firewall2 (15 sp1)
• RMT (15 sp1) replaces SMT
• Salt management
• Python 3 (15 sp1)
• Chrony replaces ntpd (15)
• NGINX is fully supported (15)
• OpenSSL 1.0x is legacy (15)
• OpenJDK 11 (15 sp1)
19
SUSE Linux Enterprise 15+
• File Placement (LSB is dead)
• Improved separation of binaries and data…
• BTRFS Snapshot and Rollback
• BTRFS sub-volume layout (15)
• /var no longer in snapshots
• RPM database: /usr/lib/sysimage
• Others
• Transactional Updates
• SP1 Technology Preview (15 sp1)
• Atomic updates + health check scripts
20
For more information (1/2)…
21
For more information (2/2)…
https://www.suse.com/betaprogram/sle-beta/
Upgrade or Fresh Installation?
23
24
Upgrade or Fresh Installation?
Every workload is different with unique combinations, SUSE can only generally inform and advise.
Ask yourself… Why am I upgrading?
• Bug Fixes
• New Features
• Optimize Performance
• Multiple major versions behind • Compliance & Support
• Security Concerns
• How good is your current setup documented?
• Any things you always wanted to have setup differently?
25
Upgrade Considerations (1/2)
Old “stuff” will remain
No longer maintained / no updates/security fixes but old 3rd party apps may still work
Possible package conflicts (ACPI)
See slide: Upgrade (2/2) to identify orphaned packages
Package Configuration Changes
Old and new changes will be saved in new files during upgrade process for your reference
See slide: Upgrade (2/2) to identify these files.
Adjustment to configuration of 3rd party packages may be needed
Obsolete packages could still be the default and/or referenced by
scripts requiring manual clean-up
26
Upgrade Considerations (2/2)
Database migration
See slide: Upgrade (1/2) for more information
reiserfs Filesystem
SLES 12 = compatible; SLES 15 = unsupported
Some new features will NOT be useable
Full system rollback for SLE12/15 depends on grub2, btrfs subvolume layout
New XFS on disk format
Full root filesystem encryption including /boot
IPv6 support for e.g. iSCSI (could be archived by reconfiguration)
Updating RPMs takes longer than fresh installation!
27
Fresh Installation Considerations (1/2)
Generally recommended when skipping major versions
All new features are useable
New / updated filesystems
reiserfs no longer supported in SLES 15
btrfs use cases: snapshot / rollback, transactional updates
Re-design Opportunities
Think about new disk / partition layout
Think about package & module (SLES 15) selections
No “old stuff” left behind
Good or bad?
28
Fresh Installation Considerations (2/2)
Completely fresh installation of third party software
Step by step and test along the way
Simplified Abort / Roll-back via Blue-Green approach
Helpful if BTRFS is NOT in use or not enough free space available for snapshot / rollback
Shared storage for data – Be careful
# rsync -r
Manual migration of configuration files and data to new system
Tuning & optimization opportunity
OS binaries & application data separation opportunity
Must select the desired packages, patterns, modules
29
Upgrade or Fresh Install to SLES 15 SP1?General Recommendations (see slides: Upgrade Paths & Methods)
If on SLES 11 SP4 or older and your destination is SLES 15 SP1:
• Recommend fresh installation – not required; from 11 SP4
• Upgrade SLES 8 to SLES 11 SP4 first then 15? – not recommended
If system was installed before SLES 12 SP2:
• Recommend fresh installation – not required (btrfs initial snapshot)
If system was installed with SLES 12 SP2 or later:
• Upgrade from 12 SP3 LTSS, SP4 LTSS or SP5 otherwise fresh installation
Fresh Installation Required for:
SLES 11 32-bit to SLES 12 / 15 x86-64bit
POWER big-endian to little endian
Upgrade Paths & Methods
30
31
Online vs Offline Upgrade
Online – server up / running
• Minor version (SP) upgrades only. Executed on an “up and running” system.
Example: zypper and YaST online update connected via SUSE Customer Center (SCC),
Subscription Mirroring Tool (SMT), Repository Mirroring Tool (RMT), Salt Policy via SUSE
Manager.
Offline – server down / not running
• Major and minor version upgrades.
Example: Installer for target release operating system is booted with DVD installation media,
PXE/network boot, or via local bootloader to perform the upgrade.
33
Supported Paths to SLES 12 SP5
LTSS?
35
Supported Paths to SLES 15 SP1
NEW
LTSS?
SP5?
https://documentation.suse.com/sles/15-SP1/single-html/SLES-upgrade/#sec-upgrade-paths-supported
36
Supported Scenarios (1/3)
Major Version Upgrades:
• From current SP versions that are still within General or LTSS support
lifecycle at time of each new release (including SPs)
• Offline Migration:
• Boot from DVD, ISO image, USB stick, Network (PXE/tftp), AutoYaST with (autoupgrade=1
boot parameter)
• Online Migration:
• Not supported
• SUSE Manager
• Mass scripted upgrades (AutoYaST)
37
Supported Scenarios (2/3)
Minor Version / Service Pack (SP) Upgrades:
• Skipping of 1 (SLES 15) or 2 SPs (SLES 12).
• Online Migration:
• YaST or zypper migration (12 or 15) via # zypper migration
• zypper distribution upgrade (12 or 15) via # zypper dup
• Supports full system rollback! via btrfs & snapper (12 or 15)
• Reference Support Knowledgebase and Documentation for details.
• Offline Migration:
• Boot from DVD, ISO image, USB stick, Network (PXE/tftp), AutoYaST (autoupgrade=1
parameter).
38
Supported Scenarios (3/3)
SUSE Manager
• Major or SPs
• Mass scripted upgrades (AutoYaST)
• Ideal for >20 servers and even thousands!
LTSS Upgrades:
• Offline or Online (SPs only)
39
Network Installation
Bootable USB installation image via mksusecd• SLES 15 Deployment Guide: Customizing Installation Images with mksusecd
tftpboot installer RPM• SLES 15 Deployment Guide: Creating a Minimal Boot Image
PXE/tftpboot with Install Server or SMT / RMT server• SLES 15 Deployment Guide: Setting Up an Installation Server
• SLES 15 Doc: RMT Guide
Autoyast profile changes• Autoupgrade=1
• SLES 15 AutoYaST Guide: Configuration and Installation Options > Upgrade
SUSE Manager• Built upon AutoYaST
• Documentation: SUSE Manager > Upgrade Guide > Client Migration
40
Disconnected / Air-gapped Install / Upgrade (1/2)
“Mobile” SMT / RMT Server or SUSE Manager Server
• SUSE Linux Enterprise Server 15 > Repository Mirroring Tool Guide:
https://documentation.suse.com/sles/15-SP1/single-html/SLES-rmt/#book-rmt
• Be sure to update RMT server before using
Opt1: 2-Step - Media Only Upgrade then Update via “Mobile” SMT / RMT Server
• SLES 15 SP1 Installer DVD: SLE-15-SP1-Installer-DVD-x86_64-GM-DVD1.iso
• SLES 15 SP1 Packages DVD: SLE-15-SP1-Packages-aarch64-GM-DVD1.iso
• SLES 15 SP2 Single ISO: Media1 (Media2 has source code)
• Disable network resources Boot option: media_upgrade=1• Deployment Guide > Other boot options https://documentation.suse.com/sles/15-SP1/html/SLES-all/cha-boot-
parameters.html#sec-boot-parameters-list
41
Disconnected / Air-gapped Install / Upgrade (2/2)
Opt2 1- Step: Customize Installation Media for “Gold installation image”
• Single Installation Image – Combine installer & packages into one DVD / ISO
• Best Practices > How to Create a Custom Installation Medium for SUSE Linux
Enterprise 15: https://documentation.suse.com/sbp/all/single-html/SBP-SLE15-
Custom-Installation-Medium/
• Customizing Installation Images with mksusecd• Minimal boot image or to customize modules, extensions, repositories
• SLES 15 Deployment Guide - https://documentation.suse.com/sles/15-SP1/single-html/SLES-deployment/#sec-
deployment-prep-boot-mksusecd
• Customizing Installation Images Manually - https://documentation.suse.com/sles/15-SP1/single-html/SLES-
deployment/#cha-deployment-prep-customize-installation-images
• SLES 15 SP2: Customize contents of single Media ISO
44
Cloud Deployments
SLES 12 SP4 to SLES 15 – New Distribution Migration Method
• Extension of offline “zypper migration”.
• For CSP PAYG registered instance images and BYOS SCC, SMT, or RMT registered instances.
• Not for SUSE Manager managed instances.
• SLES 15 Doc: SUSE Distribution Migration System 1.1: Using the SUSE Distribution Migration
System
• SUSE Blog: Major Distro Upgrade In The Public Cloud Made Easy
SLES 11 SP4 PAYG / On-Demand
• No LTSS (BYOS only)
• Ends 31 May 2020!!
• SUSE blog: Upgrading your running on demand instances in the Public Cloud
• SUSE blog: A New Update Infrastructure For The Public Cloud
45
Cloud Deployments
Upgrade / Migration Process Tips
47
48
Preparation Resources
TUT88423 Upgrading SLES 11 to SLES 12 (SUSECON 2017)
• https://www.youtube.com/watch?v=C_MneviVGNU
SUSE Linux Enterprise 15 (Technical Briefing)
• https://www.brighttalk.com/webcast/11477/334720
TUT1035: SUSE Linux Enterprise 15 Migration (SUSECON 2019)
• https://www.youtube.com/watch?v=3hqH7b3qsE4&feature=youtu.be
SUSE Linux Enterprise 15 Beta – How to Migrate to SLE 15 (Technical Briefing
• https://www.brighttalk.com/webcast/11477/318427
SUSE Linux Enterprise 15 Autoyast Profile
• https://githun.com/yast/yast-autoinstallation/blob/master/doc/profile_changes_SLES15.md
49
When SLES 15 is Your GoalGeneral Recommendation Summary
If on SLES11 SP4 and your destination is SLES 15:
• Recommend fresh installation – not required (two version hop)
If system was installed before SLES12 SP2:
• Recommend fresh installation – not required (btrfs initial snapshot)
If system was installed with SLES 12 SP2 or later:
• Upgrade or fresh installation
SLES 12 SP3 & SP 4 have direct upgrade paths to 15 SP1
SLES 12 general support (SP5) ends 31-Oct-2024
50
Before you START: Upgrade Preparation
Check the release-notes:
• https://www.suse.com/releasenotes/
• https://documentation.suse.com/#sles
Check disk space and filesystem requirements:
• Is there enough free disk space?
• Software tends to grow from version to version.
• Consider RPM package cache.
• Remember: BTRFS snapshots require additional disk space.
Make a backup – TEST YOUR BACKUP!
• Not the YaST backup tool – configuration files only.
If using pam_ldap, migrate to SSSD before upgrade
51
Upgrade (1/2)
If using a virtual machine, shutdown your virtual machine
If needed, backup, upgrade / migrate your MySQL, MariaDB, PostgreSQL• SLES 11 MySQL → SLES 12 / 15 MariaDB (mostly automated)
Upgrade to PostgreSQL to v9 on SLES11 before upgrade to SLES12• SLES 11 PostgreSQL 8 to 9 (pre-OS upgrade) → SLES 12 / 15 PostgreSQL10
Products, Modules, Extensions, Packages • Modules Info: Modules Info: White Paper Doc: 15 SP1
• Desired packages may now be in a different module
• https://scc.suse.com/packages or # zypper --search packages
• YaST or CLI: # SUSEConnect -list-extensions
• Enable 3rd party / custom repositories
52
Search Packages in SCChttps://scc.suse.com/packages
https://packagehub.suse.com
53
Upgrade (2/2)
Update your RMT Server – Pre-Upgrade
• Fix for missing new repositories after upgrade
Orphaned Packages – Post Upgrade (15 sp1)
• # zypper packages --orphaned
Configuration File Changes / Cleanup – Post-Upgrade (15 sp1)
• Upgrade will either leave the original untouched and add “new” version, or replace current and save a copy of the original
• *.rpmnew or *.rpmsave
• # find /etc -print | egrep "rpmnew$|rpmsave$"
Cleanup un-needed module registration – Post-Upgrade (15 sp1)
• YaST or CLI: # SUSEConnect -list-extensions
54
In-place Upgrade via SUSE Manager
• Offline, unattended – reboots system to trigger AutoYaST upgrade
• Provisioning function to SCHEDULE and execute unattended upgrades – over the network (Spacewalk/KOAN)
• Upgrade via network boot or ISO file
• Pre/Post/Chroot installation scripts can prepare, cleanup
• Clone channels for modules/updates can be integrated into the software installation/upgrade process with the <add-on> directive• Upgrade into the same filtered channels for existing target environments
• Activation keys and channel labels can be variables in the AutoYaSTprofile
• Profile snippets can be used to streamline
55
In-place Upgrade via SUSE Manager
56
In-place Upgrade via SUSE Manager
Appendix: Support Lifecycle
59
https://www.suse.com/lifecycle/
60
SLES 11 SP4 -- ** Last SP for SLES 11! **
General Support: March 2009 – 2019
Service Pack Release Date: 15 Jul 2015
End of General Support: 31 Mar 2019
End of LTSS/Extended Support: 31 Mar 2022
SLES 12 SP4 -- Release Date: 12 Dec 2018
End of General Support: 30 Jun 2020
End of LTSS Support: 30 Jun 2023
SLES 12 SP5 -- Release Date: 09 Dec 2019 ** Last SP for SLES 12 **
End of General Support: 31 Oct 2024 **End of 10 year General Support**
End of LTSS Support: 31 Oct 2027 **End of 13 year Support**
SUSE Linux Enterprise ServerSupport Lifecycle - Current Shipping Releases
https://www.suse.com/lifecycle/
61
SUSE Linux Enterprise ServerSupport Lifecycle - Current Shipping Releases
SLES 15 GA -- Release Date: 16 Jul 2018
End of General Support: 31 Dec 2019
End of LTSS Support: 31 Dec 2022
SLES 15 SP1 -- Release Date: 24 Jun 2019
End of General Support: 6 Months following release of SLES 15 SP2
LTSS will be available for three years following End of General Support
SLES 15 SP2 **BETA** -- Release Date: TBD
End of General Support: 6 Months following release of SLES 15 SP3
LTSS will be available for three years following End of General Support
https://www.suse.com/lifecycle/
62
SLES for SAP
SLES11 SP4 – End of General Support 31 March 2019
• LTSS Support: 1 April 2019 through 31 March 2022
• LTSS Support Terms and Conditions Apply
SLES12 / SLES15: All releases
• 4.5 years total maintenance and support per service pack release
• ESPOS phase begins with End of General Support for each Service Pack
release
• ESPOS = LTSS Lifecycle, LTSS Support Policy, and LTSS T&C’s
ESPOS = Extended Service Pack Overlay SupportLTSS = Long Term Service Pack Support
https://www.suse.com/lifecycle/
66
General Disclaimer
This document is not to be construed as a promise by any participating company to
develop, deliver, or market a product. It is not a commitment to deliver any material,
code, or functionality, and should not be relied upon in making purchasing
decisions. SUSE makes no representations or warranties with respect to the contents of
this document, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. The development, release, and
timing of features or functionality described for SUSE products remains at the sole
discretion of SUSE. Further, SUSE reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity
of such revisions or changes. All SUSE marks referenced in this presentation are
trademarks or registered trademarks of SUSE, LLC, Inc. in the United States and other
countries. All third-party trademarks are the property of their respective owners.
