When we upgrade we usually create a similiar host with a slightly different name.
For instance upgrading lcls-archapp - we created a RHEL7 lcls-archapp7 server.
Need to open a ticket before - a day is best - to let OCIO know to remove the servername from the known_hosts file on RHEL6 and RHEL7. This is needed for X11 forwarding.
Right before the name change we will release CHEF
$ curl yum.slac.stanford.edu/ungo-chef | sudo /bin/sh
Now remove the krb5.keytab file
[root@lcls-archapp7 system]# klist -kt /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
1 07/10/2023 12:19:51 host/lcls-archapp7.slac.stanford.edu@SLAC.STANFORD.EDU
1 07/10/2023 12:19:51 host/lcls-archapp7.slac.stanford.edu@SLAC.STANFORD.EDU
1 07/10/2023 12:19:51 host/lcls-archapp7.slac.stanford.edu@SLAC.STANFORD.EDU
1 07/10/2023 12:19:52 nfs/lcls-archapp7.slac.stanford.edu@SLAC.STANFORD.EDU
1 07/10/2023 12:19:52 nfs/lcls-archapp7.slac.stanford.edu@SLAC.STANFORD.EDU
1 07/10/2023 12:19:52 nfs/lcls-archapp7.slac.stanford.edu@SLAC.STANFORD.EDU
rm /etc/krb5.keytab
Upgrade the hostname:
hostnamectl set-hostname lcls-archapp
Modify the /etc/sysconfig/network-scripts/ifcfg-???
--Change IPADDR and anything else that is needed
Shutdown original server and boot up new server
Enable CHEF -Once server comes back up
$ curl http://yum.slac.stanford.edu/go-chef | sudo /bin/sh
Update limit login and sudo
Commands:
Add Sudo users (cannot add one at a time) -This will be different for each server -DO NOT Cut and paste
knife node attribute set lcls-archapp.slac.stanford.edu authorization.sudo.users '["arjun", "brobeck", "jingchen", "bisegni", "mshankar"]'
Add Limit Login (cannot add one at a time)-This will be different for each server -DO NOT Cut and paste
knife node attribute set lcls-archapp.slac.stanford.edu normal.limit_login '["brobeck","jingchen", "uwd", "arjun", "laci", "mshankar", "bisegni"]'
Check the krb5.keytab file
klist -kt /etc/krb5.keytab
if empty then run
/opt/openssh/sbin/keytab as root
- use hostnamectl to change hostname
hostnamectl status
hostnamectl set-hostname xxx
- if ip needs to be changed
identify network interface (e.g. em1)
update /etc/sysconfig/network-scripts/ifcfg-em1
reboot
- for access control to the server
update /etc/security/access.conf