Migrate CentOS 8 Stream to AlmaLinux 8


Update CentOS 8 Stream

sudo dnf update -y

Download and run the almalinux-deploy script

curl -O https://raw.githubusercontent.com/AlmaLinux/almalinux-deploy/master/almalinux-deploy.sh
sudo bash almalinux-deploy.sh -d

You’ll need to run with the -d “downgrade” option if you are migrating from CentOS 8 Stream. https://github.com/AlmaLinux/almalinux-deploy/tree/master?tab=readme-ov-file#roadmap

You may need to remove packages if there are conflicts. On one instance, there were issues and I needed to remove grafana and llvm-compat-libs.

sudo yum remove grafana llvm-compat-libs

After those errors are fixed, rerun.

sudo bash almalinux-deploy.sh -d

Once the script finishes

sudo reboot

Once it comes back up, check the Linux version

cat /etc/*release

Example output

AlmaLinux release 8.9 (Midnight Oncilla)
AlmaLinux release 8.9 (Midnight Oncilla)
VERSION="8.9 (Midnight Oncilla)"
ID_LIKE="rhel centos fedora"
PRETTY_NAME="AlmaLinux 8.9 (Midnight Oncilla)"

Ansible Playbook for Updating Linux (Debian/Ubuntu)

Video on using Ansible to Update Linux

The three steps to update a machine with Ansible

  1. Create Ansible Inventory/Hosts file
  2. Create Playbook
  3. Run Playbook

Create Inventory

The first thing we need to do is create an inventory file. This will contain a list of our servers along with the credentials.

touch hosts.txt

Now let’s encrypt the file with Ansible Vault.

ansible-vault encrypt hosts.txt

The file is now encrypted. To edit the file, we need to use `ansible-vault edit`.
If you want to, you can configure the hosts.txt file and then encrypt it when you are finished.

ansible-vault edit hosts.txt

Now add some hosts. In this example we add the local Kali machine, because why not. If you have Ubuntu servers, replace debian with ubuntu.

kali ansible_host= ansible_ssh_user=kali ansible_ssh_port=22 ansible_ssh_password='kali pass' ansible_become_pass='kali sudo pass'

Add as many hosts as you need. For sake of simplicity, we are only adding one, and it is our localhost.

Create Playbook

Create a new playbook.

vi debian_update.yml

Put the following into the playbook. Edit as desired. Change hosts to match the above hosts in the inventory/hosts file.

- name: OS update
  hosts: debian
  gather_facts: yes
  become: yes

    - name: dist-upgrade
        upgrade: dist
        update_cache: yes
      register: upgrade_result

    - name: Check if a reboot is required
        path: /var/run/reboot-required
        get_checksum: no
      register: reboot_required_file

    - name: Reboot the server (if required).
      when: reboot_required_file.stat.exists
      register: reboot_result

    - name: Remove unneeded dependencies
        autoremove: yes
      register: autoremove_result

    - name: Print errors if upgrade failed
        msg: |
          Upgrade Result: {{ upgrade_result }}
          Reboot Result: {{ reboot_result }}
          Autoremove Result: {{ autoremove_result }}

A couple of notes

  1. On the 3rd line it defines which group to run this playbook against. In this case debian.
  2. This will check if a reboot is needed and reboot the machine. Reboots are usually needed when the kernel is updated
  3. The 5th line contains `become: yes` this means that the playbook will use sudo. You can specify the sudo password in the hosts file `ansible_become_pass=sudopass` or with the -k or –ask-become options
  4. The update and reboot are natively built into Ansible. Hence the ansible.builtin.

Run Playbook

Now that we have our inventory and playbook, we can upgrade our machines.

ansible-playbook debian_update.yml -i hosts.ini --ask-vault-password

Tip! If you have not specified a “ansible_ask_become” password (that is the sudo password), you can specify it with the -k or –ask-become options.

How to determine if Ubuntu Needs a Reboot after an update

Typically after a Linux Kernel update, you will want to reboot your machine to take advantage of the new kernel. But how do you know if you need to reboot?

Fortunately, there is a simple way to check.

cat /var/run/reboot-required

If it returns

*** System restart required ***

Then we should reboot the machine.


Update Matrix Server that is utilizing the matrix-docker-ansible-deploy scripts

Upgrading is fairly straightforward.


cd into the git directory and run

git pull

That will download any new files.

Run the ansible command, you can have it ask you for the password to use.

ansible-playbook -i inventory/hosts setup.yml --tags=setup-all --ask-pass --ask-become-pass

It should give you a report if anything failed.

An upgrade from ‘disco’ (19.04) to ‘focal’ (20.04) is not supported with this tool.

Unfortunately once a version of Ubuntu becomes unsupported you can run into problems upgrading to the latest version. As is the case when you try to upgrade disco to focal. Ubunut 19.04 to 20.04.

A work around is to update the apt sources and then run an update

Update Apt Sources with.

sudo sed -i 's/disco/focal/g' /etc/apt/sources.list

Now Upgrade with the following two commands.

sudo apt update
sudo apt -y dist-upgrade

More info at the following link.


Update FreeBSD 7.2

The freebsd-update command can be used to update a FreeBSD system


usage: freebsd-update [options] command … [path] 
   -b basedir   -- Operate on a system mounted at basedir
                   (default: /)
   -d workdir   -- Store working files in workdir
                   (default: /var/db/freebsd-update/)
   -f conffile  -- Read configuration options from conffile
                   (default: /etc/freebsd-update.conf)
   -k KEY       -- Trust an RSA key with SHA256 hash of KEY
   -r release   -- Target for upgrade (e.g., 6.2-RELEASE)
   -s server    -- Server from which to fetch updates
                   (default: update.FreeBSD.org)
   -t address   -- Mail output of cron command, if any, to address
                   (default: root)
   fetch        -- Fetch updates from server
   cron         -- Sleep rand(3600) seconds, fetch updates, and send an
                   email if updates were found
   upgrade      -- Fetch upgrades to FreeBSD version specified via -r option
   install      -- Install downloaded updates or upgrades
   rollback     -- Uninstall most recently installed updates
   IDS          -- Compare the system against an index of "known good" files.

To get the updates do

freebsd-update fetch

Let it run and download the updates, then run

freebsd-update install

Should say it is installing updates. Then done.

kubuntu-desktop : Depends: software-properties-kde but it is not going to be installed

Try installing software-properties-kde and get

The following packages have unmet dependencies:
  software-properties-kde : Depends: python3-software-properties (= but 1.8.8 is to be installed
 E: Unable to correct problems, you have held broken packages.

Try to install python3 from the bionic from bionic-updates

sudo apt install -t bionic-updates python3-software-properties

Install software-properties-kde

sudo apt install software-properties-kde

If it fails try force installing it

sudo dpkg -i --force-overwrite /var/cache/apt/archives/software-properties-kde_0.

Install Kubuntu desktop

sudo apt install kubuntu-desktop

More info here