| SYSTEM INFORMATION | |
|---|---|
| OS type and version | CENTOS7/ALMA9 |
| Webmin version | 2.021 |
| Virtualmin version | 7.5 |
| Related packages | SUGGESTED |
I recently asked for advice on upgrading CentOS 7.9 to AlmaLinux 9.1 and received many useful recommendations. Thank you all who participated,
I have now completed the in-place change from CentOS to Alma and thought I would share my experience.
My choice of options will not suit everyone, but perhaps it will help you if you are considering a similar upgrade. Below are the steps I planned and notes that I made at each stage. Overall down time was about 3 hours, but of course this will vary with the size of your server and network speed.
Apologies for the formatting (or lack thereof!)
-
OLD server refers to the existing server that you will re-install with AlmaLinux 9
ANOTHER server refers to a place to hold the backup of OLD server for later restore.
See below that if ANOTHER server is in a Webmin CLUSTER, the file copy is achieved
in just a few clicks. -
Get AlmaLinux 9.1 ISO to Vultr, from a mirror near your server/instance.
Minimal version is best. Full DVD version installs the GUI which is unnecessary
and tedious to remove later. -
Set/test all domains to PHP 8 FPM (not essential for the upgrade but warns
if there might be future problems) -
Stop Postfix and Dovecot servers on OLD instanceYou might also want to
stop Apache and Usermin. -
Full VM backup of domains AND Virtualmin configurations to local folder
e.g. /var/bkup_xfer
[4 GB took me 12 minutes] -
Transfer backup to ANOTHER server
[4 GB took me 4 minutes]
Transferring to a server in your CLUSTER is just a few clicks in Webmin
Webmin > Cluster > Cluster copy files
Create new scheduled file copy
Files to copy: /var/bkup_xfer
Destination directory: /
Copy on schedule: NO
SAVE
Choose from list of scheduled copy jobs and click EXECUTE
Note: Emailing the result will not work because POSTFIX is stopped -
Vultr snapshot of OLD instance[60 GB disk took me 30 minutes]
-
Fresh Install Alma 9.1 on OLD instance[This took me about 16 minutes]
In Vultr control panel, choose Instance, Settings, Custom ISO (left menu),
select the ISO and reboot.
Use the Vultr console window to navigate the installation menus.
OR Choose a Vultr ISO of AlmaLinux for fully automated install.
[Probably the best way in retrospect]
When finished check your requirements for SSH access.
As necessary edit /etc/ssh/sshd_config.
AlmaLinux 9 defaults to no root SSH access with password - it prefers keys.
TIP: set the root password to the same as the previous server so that cluster operations work.
- Install Virtualmin. This is through the console or SSH.
a. Ensure server is up to date
yum update -y
b. Ensure server FQDN is correct - same as OLD [already set in my case]
hostnamectl set-hostname
edit /etc/hosts (machine name first, then FQDN)
systemctl restart systemd-hostnamed
c. Install perl for the Virtualmin script to execute correctly
yum install perl -y
d. Install wget [already installed in AlmaLinux 9, same for nano]
yum install wget -y
e. Download the Virtualmin installer script using wget
wget http://software.virtualmin.com/gpl/scripts/install.sh
f. Make the script executable
chmod +x install.sh
g. Execute the install script
sh install.sh
h. Virtualmin post-install config. This is in a browser on Virtualmin’s first run.
At this stage the SSL certificate is self-signed, so you must create an exception.
[These were my settings]
Preload Virtualmin linraries: NO
Run email lookup: NO
ClamAV: NO
MariaDB: YES
PostgreSQL: NO
MariaDB password: I set this to the previous password on OLD server
Secondary DNS: optional, must be a FQDN, NOT an IP address
Optional features:
Passwords: plaintext
MariaDB config: MEDIUM
SSL storage: Per domain under /etc/ssl/virtualmin
Create default virtual server: NO
i. Get a Let’s Encrypt certificate for Virtualmin
Webmin > Webmin configuration > SSL Encryption (icon)> Let’s Encrypt (tab)
In “Website root directory for validation file” choose “Other directory” and remove quotes
around /var/www/html, then click “Request certificate”.
j. If you installed from the “full DVD” ISO remove the desktop GUI
But I needed https://www.joe0.com/2020/04/14/how-to-remove-gnome-from-centos-8/
-
Copy VM backup from ANOTHER server to NEW instance
Cluster servers are not yet configured on this new instance but if this new server is configured
with the same root password, Cluster copy files will work from ANOTHER server.
Set up to copy job on ANOTHER server as above -
VM restore of VM backup, creating all domains
TIP: In my case I did not check that MariaDB was running. It was not and the
restore ignored all database creation and loading. I started MariaDB and
re-ran the VM restore successfully.
[4 GB took me 20 minutes] -
Check
a. DNS MX, A, SRV records etc [All correct from restore]
b. Cluster servers NOT restored. Add other servers in cluster.
ADD slave DNS servers in Webmin BIND server config.
c. Databases? e.g. Wordpress were transferred, created, populated [All correct from restore]
d. PHP versions available. [PHP 8 is the default installation]
e. Additional software installed in domain e.g. Wordpress. [All correct from restore]
f. Backup config (full and incremental) [All correct from restore]
BUT,SCP fails with error:
Failed to connect to SSH server … subsystem request failed on channel 0 Connection closed. -
ISSUES
a. SSL Certificates:
I had a virtual server for domain.tld and the server name is web.domain.tld.
Access to Virtualmin on port 10000 used the certificate from the domain,
not the certificate configured in Webmin > SSL.
My solution was to add web.domain.tld to the list of names in the Let’s Encrypt request
configured in virtual server domain.tld.
This may be because Virtualmin will use certificates from any of the virtual servers
b. DAV
I got a warning that plugin virtualmin_dav was not installed.
Apparently this is by design since Apache DAV is considered insecure.
I used this feature when hosting a Baikal Cal/CardDAV server. It appears that my use of
the Baikal server doesn’t require DAV access.
“Protected directories” (standard VM plugin) is sufficient to provide the passworded
access to the Baikal server.
I don’t think I have to do anything to “Un-DAV” my configuration.
c. VM BACKUP
VM Backup using SSH (v8.7) to Synology DSM 7 no longer works.
SSH connects, but SCP fails with “subsystem request failed on channel 0”
That error was caused because I wasn’t running an SFTP server on the Synology (new in SCP 8.7)
But when I fixed that the error changed to “Permission denied”.
The solution is to revert to the old file transfer method by using the option -O (letter O)
I did this in Virtualmin > System settings > Virtualmin configuration > Backup & Restore > Additional parameters to SSH and SCP.
d. Adding SLAVE DNS zones from other cluster servers. How to sync?BIND > Create slave zone. Enter domain name, master server IP address, Also create on slave servers? = NO for each slave zone from all master serversOREdit config file (/etc/named.conf) and add these 7 lines for each slave domain
zone “DOMAIN.TLD” {
type slave;
masters {
;
};
file “/var/named/slaves/DOMAIN.TLD.hosts”;
};
Then “Apply configuration” (restart BIND) to force transfers from master.
OBSERVATIONS
1. Older mail clients e.g. Outlook 2010 on Windows 7 require update to support TLS 1.2 for mail
