OpenSUSE OS Upgrade from 15.6 to 16.0
Introduction
This guide provides step-by-step instructions for upgrading OpenSUSE from version 15.6 to 16.0 on Eyeglass and ECA (Eyeglass Cluster Appliance) virtual machines. The upgrade process includes pre-upgrade preparation, network configuration, and post-upgrade validation steps to ensure your system remains operational after the upgrade.
This upgrade process applies to both Eyeglass and ECA VMs. Some steps are specific to each platform and are clearly marked throughout this guide.
Prerequisites
Before starting the upgrade process, ensure you have:
- Root or sudo access to the VM
- Access the VM console
- Current network configuration details documented
- Recent backup of critical system configurations
- Sufficient disk space for the upgrade process
Document your current network configuration (IP address, gateway, DNS, network interface) before starting the upgrade process. You will need this information after the reboot.
Pre-Upgrade Preparation
Step 1: Log in to the VM
Log in to the VM and switch to root user:
sudo -s
Step 2: Stop Services
- Eyeglass Only
- ECA Only
Stop the SCA service:
systemctl stop sca
Stop the ECA cluster:
ecactl cluster down
Step 3: Check AppArmor Packages
Run the following command to check if AppArmor packages are installed:
zypper se --installed-only apparmor
You should see output similar to:
i | apparmor | AppArmor | pattern
i | apparmor-abstractions | AppArmor abstractions and directory structure | package
i | apparmor-docs | AppArmor Documentation package | package
i | apparmor-parser | AppArmor userlevel parser utility | package
i | apparmor-parser-lang | Translations for package apparmor | package
i | apparmor-profiles | AppArmor profiles that are loaded into the apparmor kernel module | package
i | apparmor-utils | AppArmor User-Level Utilities Useful for Creating AppArmor Profiles | package
i | apparmor-utils-lang | Translations for package apparmor | package
i | libapparmor1 | Utility library for AppArmor | package
i | patterns-base-apparmor | AppArmor | package
i | python3-apparmor | Python 3 interface for libapparmor functions | package
i | yast2-apparmor | AppArmor configuration module for YaST2 | package
Step 4: Remove AppArmor Packages
If AppArmor packages are installed, remove them (excluding specific packages):
zypper rm patterns-base-apparmor yast2-apparmor python3-apparmor apparmor-abstractions apparmor-docs apparmor-profiles
- Do not remove the
libapparmor1package or packages related to docker - Do not remove
apparmor-parserorapparmor-parser-langpackages
Step 5: Lock AppArmor Packages
Lock the AppArmor pattern and package to prevent reinstallation:
zypper al --type pattern apparmor
zypper al apparmor
Step 6: Check and Unlock Required Packages
Run the following command to list locked packages:
zypper ll
If the following packages are locked, unlock them:
libzypp < 17.31.22libapparmor1
To unlock these packages, run:
zypper rl "libzypp < 17.31.22" libapparmor1 &>/dev/null
Step 7: Install Required Packages
Install NetworkManager and the opensuse-migration-tool:
zypper in NetworkManager opensuse-migration-tool
Performing the Upgrade
Step 8: Run the Migration Tool
Execute the opensuse-migration-tool:
opensuse-migration-tool
You will see a menu with available upgrade options:
- Select the option for openSUSE Leap 16.0
- Click OK to proceed
Conditional Screens
- If a screen appears indicating that third-party repositories are not recognized, select the
openSUSE-Leaprepository suggested by the migration tool (for example,openSUSE-Leap-15.6-1) and click OK to continue. - If a screen appears prompting you to select optional tasks to run after the upgrade, click Cancel to proceed without enabling any tasks.
Step 9: Record Current Network Configuration
Before rebooting, record your current network configuration. Run the following commands and document the output:
1. DNS Configuration:
cat /etc/resolv.conf
Record the following:
nameserverentries as your<ipv4.dns>searchentry as your<ipv4.dns-search>
2. Network Interface:
ip addr
Record your ethernet interface name (e.g., ens160, eth0) as <ethernet interface>
3. IP Address and CIDR:
ip addr show <ethernet interface>
Example:
ip addr show ens160
Record your IP address with CIDR notation (e.g., 192.168.1.100/24) as <ip>/<cidr>
4. Default Gateway:
ip route show
Record the default gateway IP address as <gateway>
Save this information securely. You will need it after the reboot to restore network connectivity.
Step 10: Reboot the System
Reboot the VM to complete the upgrade:
reboot
After the reboot, you will lose SSH connectivity to the VM. You must use the console to access the terminal.
Post-Upgrade Network Configuration
Step 11: Access VM via Console
After the reboot completes:
- Open the VM console
- Log in to the system
- Switch to root user:
sudo -s
Step 12: Check Network Interface
Verify if the network interface name has changed:
ip addr
Record your new or current ethernet interface name as <ethernet interface>. It may have changed from the pre-upgrade value.
Step 13: Configure Network Manually
Configure the network interface with your previously recorded values:
ip link set <ethernet interface> up
ip addr add <ip>/<cidr> dev <ethernet interface>
ip route add default via <gateway>
Example:
ip link set ens160 up
ip addr add 192.168.1.100/24 dev ens160
ip route add default via 192.168.1.1
The CIDR value (e.g., /24, /16) is based on your network's subnet mask:
/24= 255.255.255.0/16= 255.255.0.0/8= 255.0.0.0
Step 14: Test Network Connectivity
After configuring the network, test connectivity:
ping -c 4 8.8.8.8
If successful, you can now exit the console and return to SSH terminal access.
Step 15: Disable Wicked Service
Disable the legacy wicked network service:
systemctl disable --now wicked
Step 16: Enable NetworkManager
Enable and start NetworkManager:
systemctl enable --now NetworkManager
If you encounter errors when enabling NetworkManager, proceed to Step 17. If NetworkManager starts successfully without errors, skip to Step 18.
Step 17: Troubleshoot NetworkManager Errors (If Needed)
If you see errors when enabling NetworkManager, check the service status:
systemctl status NetworkManager
If you see an error related to SELinux contexts or missing files, run the following commands:
Create the SELinux directory:
mkdir -p /etc/selinux/targeted/contexts/files
Create the D-Bus contexts file:
sudo cat > /etc/selinux/targeted/contexts/dbus_contexts << 'EOF'
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
</busconfig>
EOF
Create the file contexts file:
touch /etc/selinux/targeted/contexts/files/file_contexts
Restart required services:
systemctl restart NetworkManager firewalld.service polkit.service
Step 18: Verify NetworkManager Status
Confirm that NetworkManager is running correctly:
systemctl status NetworkManager
The service should show as active (running).
Step 19: Configure Persistent Network Connection
Create a persistent network connection using nmcli:
nmcli connection add type ethernet ifname <ethernet interface> con-name eth0 ipv4.address <ip>/<cidr> ipv4.gateway <gateway> ipv4.dns <ipv4.dns> ipv4.dns-search <ipv4.dns-search> ipv4.method manual autoconnect yes
Example:
nmcli connection add type ethernet ifname ens160 con-name eth0 ipv4.address 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns 8.8.8.8 ipv4.dns-search example.com ipv4.method manual autoconnect yes
Step 20: Activate the Connection
Bring up the network connection:
nmcli connection up eth0
Step 21: Verify OS Upgrade
Confirm that the OS has been upgraded to openSUSE Leap 16.0:
cat /etc/os-release
You should see output indicating openSUSE Leap 16.0 in the VERSION field.
Step 22: Disable Root SSH Login
For security, disable direct root login via SSH:
echo "PermitRootLogin no" | sudo tee /etc/ssh/sshd_config.d/10-disable-root-login.conf
Post-Upgrade Configuration (Eyeglass Only)
This section applies only to Eyeglass VMs and is optional. Follow these steps if you want to preserve configuration files that may have been renamed during the upgrade.
Step 23: Locate Renamed Configuration Files
During the OS upgrade, some configuration files may have been renamed with the .rpmsave suffix (e.g., system.xml becomes system.xml.rpmsave). To locate these files, run:
find /opt -type f -name "*.rpmsave"
If any .rpmsave files are found and you want to restore or review them, proceed to Step 24.
Step 24: Run the Recovery Script
Use the following script to compare and optionally restore .rpmsave files:
#!/bin/bash
find /opt -type f -name "*.rpmsave" | while read rpmsave_file; do
original_file="${rpmsave_file%.rpmsave}"
echo "================================"
echo "Comparing:"
echo "Old file: $rpmsave_file"
echo "New file: $original_file"
echo "================================"
if [ -f "$original_file" ]; then
diff -u "$rpmsave_file" "$original_file"
else
echo "Original file not found: $original_file"
echo "Renaming $rpmsave_file to $original_file"
mv "$rpmsave_file" "$original_file"
fi
echo
done
echo "Done renaming rpmsave files in /opt"
Save this script to a file (e.g., restore_rpmsave.sh), make it executable, and run it:
chmod +x restore_rpmsave.sh
./restore_rpmsave.sh
The script will:
- Compare
.rpmsavefiles with current configuration files - Display differences using
diff - Automatically restore files if the original no longer exists
Step 25: Run the Installer
After restoring configuration files, run the Eyeglass installer to upgrade the VM:
# Follow your organization's standard installer procedure
# The specific command will depend on your installation method
The exact installer command depends on your Eyeglass version and deployment method. Refer to your Eyeglass installation documentation for the correct procedure.
Post-Upgrade Service Validation
After upgrading the Eyeglass VM, verify that critical services are running correctly.
Step 26: Check Logrotate Service
Verify that the logrotate service is operational:
systemctl status logrotate
If you see an error like:
error: /etc/logrotate.d/syslog.rpmsave.old:14 duplicate log entry for /var/log/warn
error: /etc/logrotate.d/syslog.rpmsave.old:14 duplicate log entry...
To fix:
rm /etc/logrotate.d/syslog.rpmsave.old
To test:
logrotate -dv /etc/logrotate.conf
Then check the service status again:
systemctl status logrotate
Step 27: Check scadb Service
Verify that the scadb service is running:
systemctl status scadb
If the service is not running, restart it:
systemctl restart scadb
Then verify the status:
systemctl status scadb
Step 28: Check lighttpd Service
Verify that the lighttpd service is running:
systemctl status lighttpd
If the service is not running, restart it:
systemctl restart lighttpd
Then verify the status:
systemctl status lighttpd
Troubleshooting
Network Connectivity Issues
If you cannot access the VM after the upgrade:
- Verify that the network interface is up:
ip link show - Check the IP address configuration:
ip addr show - Verify the default gateway:
ip route show - Test DNS resolution:
nslookup example.com - Check NetworkManager status:
systemctl status NetworkManager
Service Failures
If a service fails to start after the upgrade:
- Check the service status:
systemctl status <service-name> - View detailed logs:
journalctl -u <service-name> -n 50 - Check for configuration file issues in
/etc/ - Look for
.rpmsaveor.rpmnewfiles that may indicate configuration conflicts
AppArmor Related Issues
If you encounter AppArmor-related errors:
- Verify that AppArmor packages are still removed:
zypper se --installed-only apparmor - Check that the AppArmor lock is in place:
zypper ll | grep apparmor - If AppArmor was reinstalled, repeat Steps 4-6 from the Pre-Upgrade Preparation section
Summary
This guide covered the complete process of upgrading OpenSUSE from 15.6 to 16.0 on Eyeglass and ECA VMs, including:
- Pre-upgrade preparation and AppArmor package removal
- OS upgrade using the opensuse-migration-tool
- Post-upgrade network reconfiguration
- NetworkManager setup and troubleshooting
- Eyeglass-specific configuration file restoration
- Service validation and troubleshooting
After completing the upgrade, monitor your system for 24-48 hours to ensure all services are functioning correctly and no unexpected issues arise.
Related Topics
For more information on related topics, see: