Samba update breaks AD authentication

We’ve got a Samba server running on a CentOS 6.7 server. As part of the CentOS 6.7 upgrade a new Samba package was also installed. The packages were specifically:

  • samba-common-3.6.23-20.el6.x86_64
  • samba-winbind-clients-3.6.23-20.el6.x86_64
  • samba-client-3.6.23-20.el6.x86_64
  • samba4-libs-4.0.0-66.el6_6.rc4.x86_64
  • samba-winbind-3.6.23-20.el6.x86_64
  • samba-3.6.23-20.el6.x86_64

Our Samba server is tied into a Windows 2003 Domain and we use groups to provide access to the shares on the CentOS server. It had also been running perfectly fine for months to years.

After the upgrade and restart of Samba users started receiving the following error when trying to access the share:

The group name could not be found.

or

“<SHARE NAME> is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

The group name could not be found”

After a significant amount of troubleshooting, reading and re-reading of the patch notes for this Samba update (https://rhn.redhat.com/errata/RHBA-2015-1383.html) I kept getting stuck on this:

* When the “winbind use default domain = yes” setting was used in combinationwith the “force user = AD_user_name” setting in the /etc/samba/smb.conf file, the AD domain user specified in the “force user” attribute could not access the share. With this update, setting “winbind use default domain = yes” no longer prevents the AD domain user from accessing the share in the described situation. (BZ#1201611)

In our configuration we have “winbind use default domain = yes” set AND we use “force user =”. The only difference is that we weren’t using “force user = <Domain User>” we were using “force user = <Local User>”

I commented out the line “winbind use default domain = yes” in ‘/etc/samba/smb.conf’, restarted Samba and the problem was resolved.

This issue caused both domain logins to fail AND logins with local credentials.

Unable to use grep to search logfiles output from Powershell scripts

I recently had to do some PowerShell work on a Windows server which outputted some log files for later review using the “Start-Transcript” function.

Later I went to review the logs looking for some specific information. I transferred them to my CentOS 5 Dev system to begin analyzing them with grep.

Every time I ran a grep command against the logs no results were returned. Very strange. Even if I used ‘cat’ first and then tried to grep that output grep would return no results.

Turns out the version of grep on CentOS 5 (GNU grep 2.6.3) does not support UTF-16 which is what my PowerShell logs were encoded in.

I ran the following command (thanks SuperUser) and converted all of my logs to UTF-8 and then grep began functioning properly again.

$ find . -name '*.log' -exec iconv -f UTF-16 -t utf-8 -o {} {} \;

 

Symantec Backup Exec RALUS crashes on CentOS 7

We just deployed our first CentOS 7 machine and are trying to back it up using Backup Exec 2010 R3 and the RALUS agent.

After installing the missing compatibility libraries needed for the RALUS:

yum install compat-libstdc++-33.i686 compat-libstdc++-33.x86_64

the agent installs and starts but once the Media Server connects to it the agent crashes.

Some log digging came up with this from /var/log/messages:

Aug  7 16:09:41 localhost kernel: beremote[10898]: segfault at fffffffffffffffc ip 00007f7543fbc8cc sp 00007f75420c29d8 error 5 in libc-2.17.so[7f7543f3c000+1b6000]
Aug  7 16:09:41 localhost abrt-hook-ccpp: Saved core dump of pid 10894 (/opt/VRTSralus/bin/beremote) to /var/tmp/abrt/ccpp-2014-08-07-16:09:41-10894 (48660480 bytes)
Aug  7 16:09:41 localhost abrt-server: Package 'VRTSralus' isn't signed with proper key
Aug  7 16:09:41 localhost abrt-server: 'post-create' on '/var/tmp/abrt/ccpp-2014-08-07-16:09:41-10894' exited with 1
Aug  7 16:09:41 localhost abrt-server: Deleting problem directory '/var/tmp/abrt/ccpp-2014-08-07-16:09:41-10894'

and running the agent in debug mode shows this:

[[email protected] bin]# ./beremote --log-console
f8a1b740 Thu Aug  7 16:25:38 2014 : Starting BE Remote Agent
f8a1b740 Thu Aug  7 16:25:38 2014 : Requested no generation of log file
f8a1b740 Thu Aug  7 16:25:38 2014 : No configuration file specified.  Using default.
f8a1b740 Thu Aug  7 16:25:38 2014 : Log to console: enabled
f8a1b740 Thu Aug  7 16:25:38 2014 : Successfully set the supplementary groups of the process
f8a1b740 Thu Aug  7 16:25:38 2014 : Initialized locks for SSL callbacks
f8a1b740 Thu Aug  7 16:25:38 2014 : Starting NDMP processor
f8a1b740 Thu Aug  7 16:25:38 2014 : NDMPDMainThreadFunc spawned: grpid=1, tid=-231061760
f23a4700 Thu Aug  7 16:25:38 2014 : FS_InitFileSys
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsnt5.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedssql2.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsxchg.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsxese.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsmbox.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedspush.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsnote.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsmdoc.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedssps2.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedssps3.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsupfs.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsshadow.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsoffhost.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   loaded libbedsvx.so
f23a4700 Thu Aug  7 16:25:38 2014 :   loaded libbedsrman.so
f23a4700 Thu Aug  7 16:25:38 2014 :   loaded libbedssms.so
f23a4700 Thu Aug  7 16:25:38 2014 :   loaded libbedssmsp.so
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsra.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsdb2.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 :   loaded libbedsedir.so
f23a4700 Thu Aug  7 16:25:38 2014 :   libbedsvmesx.so could not be loaded: 0x       2 (2)
f23a4700 Thu Aug  7 16:25:38 2014 : Initializing FSs
f23a4700 Thu Aug  7 16:25:38 2014 : FS 1 failed to initialize: 0xE000FE46
f23a4700 Thu Aug  7 16:25:38 2014 : Function called: RMAN_InitFileSys
f23a4700 Thu Aug  7 16:25:38 2014 : Using 'UTF-8' Encoding.
f23a4700 Thu Aug  7 16:25:38 2014 : Using vfm path /opt/VRTSralus/VRTSvxms from config.
f23a4700 Thu Aug  7 16:25:38 2014 : Sucessfully set VFM_PRIVATE_ROOT env to /opt/VRTSralus/VRTSvxms.
f23a4700 Thu Aug  7 16:25:38 2014 : VFM_PRIVATE_ROOT was set with value /opt/VRTSralus/VRTSvxms
f23a4700 Thu Aug  7 16:25:38 2014 :      VXMS Initialization OK.
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <rootfs> mounted at </>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <proc> mounted at </proc>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <sysfs> mounted at </sys>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <devtmpfs> mounted at </dev>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <securityfs> mounted at </sys/kernel/security>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <tmpfs> mounted at </dev/shm>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <devpts> mounted at </dev/pts>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <tmpfs> mounted at </run>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <tmpfs> mounted at </sys/fs/cgroup>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/systemd>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <pstore> mounted at </sys/fs/pstore>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/cpuset>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/cpu,cpuacct>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/memory>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/devices>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/freezer>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/net_cls>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/blkio>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/perf_event>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <cgroup> mounted at </sys/fs/cgroup/hugetlb>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <configfs> mounted at </sys/kernel/config>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <xfs> mounted at </>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <autofs> mounted at </proc/sys/fs/binfmt_misc>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <debugfs> mounted at </sys/kernel/debug>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <mqueue> mounted at </dev/mqueue>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <hugetlbfs> mounted at </dev/hugepages>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <nfsd> mounted at </proc/fs/nfsd>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <xfs> mounted at </boot>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <xfs> mounted at </var>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <rpc_pipefs> mounted at </var/lib/nfs/rpc_pipefs>
f23a4700 Thu Aug  7 16:25:38 2014 : Detected Mounted Filesystem: type <binfmt_misc> mounted at </proc/sys/fs/binfmt_misc>
f23a4700 Thu Aug  7 16:25:38 2014 : INFORMATIONAL: Zero value found for 'DisableRMAL' from ralus.cfg, allowing RMAL to initialize
f23a4700 Thu Aug  7 16:25:38 2014 : Successfully resolved the "ndmp" service to port: 10000 (host order)
f23a4700 Thu Aug  7 16:25:38 2014 : BETCPListener successfully installed a signal handler for SIGTERM
f23a4700 Thu Aug  7 16:25:38 2014 : BETCPListener::BETCPListener: This system appears to be a Dual IP system
f23a4700 Thu Aug  7 16:25:38 2014 : BETCPListener::BETCPListener: Successfully set the IPV6_V6ONLY option, this listener may behave as Dual Stack listener
f23a4700 Thu Aug  7 16:25:38 2014 : Started NDMP Listener on port 10000
f0dfd700 Thu Aug  7 16:25:48 2014 : NrdsAdvertiserThread: advertisement cycle started.
f0dfd700 Thu Aug  7 16:25:48 2014 : RMAN_EnumSelfDLE: AgentConfig GetOracleDBNames returned error. If Oracle Agent is installed, please run AgentConfig.
f0dfd700 Thu Aug  7 16:25:48 2014 : NrdsAdvertiserThread: EnumSelfDLE for file system 14 returned 0(0x0) and 0 DLEs
GetIfAddrs(LINUX): failed err = 11
GetAdaptersAddresses: error = 1, ret=-1
f0dfd700 Thu Aug  7 16:25:48 2014 : VX_RemoveDLE: DestroyDLE()
f0dfd700 Thu Aug  7 16:25:48 2014 : NrdsAdvertiserThread: EnumSelfDLE for file system 22 returned -1(0xFFFFFFFF) and 0 DLEs
f0dfd700 Thu Aug  7 16:25:48 2014 : NrdsAdvertiserThread: Security is enabled!!!
f0dfd700 Thu Aug  7 16:25:48 2014 : This instance of BETCPListener was not requested to install a signal handler and hence will not install one!
GetIfAddrs(LINUX): failed err = 11
GetAdaptersAddresses: error = 1, ret=-1
f0dfd700 Thu Aug  7 16:25:48 2014 : NrdsAdvertiserThread: connect to target=mediaserver.mydomain port=6101 failed
f0dfd700 Thu Aug  7 16:25:48 2014 : NrdsAdvertiserThread: Retrying in 60 seconds
e5ad8700 Thu Aug  7 16:25:53 2014 : NrdsAdvertiserThread: negative (purge) advertisement cycle started.
e5ad8700 Thu Aug  7 16:25:53 2014 : NrdsAdvertiserThread: no purge is pending.
e5ad8700 Thu Aug  7 16:25:53 2014 : NrdsAdvertiserThread: negative (purge) advertisement cycle complete.  Waiting 240 minutes before advertising again.
f0dfd700 Thu Aug  7 16:26:48 2014 : NrdsAdvertiserThread: Security is enabled!!!
f0dfd700 Thu Aug  7 16:26:48 2014 : This instance of BETCPListener was not requested to install a signal handler and hence will not install one!
GetIfAddrs(LINUX): failed err = 11
Segmentation fault (core dumped)

 

I’ve opened a case with Symantec and their answer was that CentOS isn’t supported and neither is RHEL7.

Anyone else running into this? Have you fixed it?

I found a blog post where someone suggested hex editing the beremote binary which I’d rather not do. Plus our version of the agent is newer than the one he describes in his post: http://blog.redweb.at/2012/08/howto-backupexec-2012-linux-agent-and-kernel-3-0-debian/

How to upgrade CentOS 6 to CentOS 7

This article comes with a HUGE warning. This was written using beta tools available from here: http://dev.centos.org/centos/6/upg/x86_64/Packages/

I will likely update this article when these tools are no longer in beta and when I perform this on my more complicated production server. Right now I’m testing these packages and this method on a relatively simple CentOS 6 test server I have at work.

My test server has the basics on it like Apache, PHP, NFS, VNC, Samba and Gnome. It is a vSphere VM with 2vCPUs, 4GB of RAM and the storage is back ended on a NetApp via NFS.

I pieced this together using the references at the bottom of the post. This will probably work for upgrading RHEL6 to RHEL7 as well but you’ll need to figure out the mirror information. I don’t have access to RHEL repos.

 

TAKE A FULL SYSTEM BACKUP BEFORE FOLLOWING THIS GUIDE

  1.  Download the upgrade packages from http://dev.centos.org/centos/6/upg/x86_64/Packages/

    [[email protected] temp]# wget -c "http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-1.0.2-33.el6.x86_64.rpm"
    [[email protected] temp]# wget -c "http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-contents-0.5.13-1.el6.noarch.rpm"
    [[email protected] temp]# wget -c "http://dev.centos.org/centos/6/upg/x86_64/Packages/preupgrade-assistant-ui-1.0.2-33.el6.x86_64.rpm"
    [[email protected] temp]# wget -c "http://dev.centos.org/centos/6/upg/x86_64/Packages/python-rhsm-1.9.7-1.el6.x86_64.rpm"
    [[email protected] temp]# wget -c "http://dev.centos.org/centos/6/upg/x86_64/Packages/redhat-upgrade-tool-0.7.22-1.el6.noarch.rpm"
  2. Install the tools. My server needed some pre-reqs which yum took care of
    [[email protected] temp]# yum install *.rpm
  3. Run the upgrade tool
    [[email protected] temp]# preupg
  4. The tool will now warn you that you should have taken a full system backup. Hopefully you did. Press ‘y’ to contiune
  5. The tool will now run a bunch of tests to determine if there are any blockers for an upgrade. This took about 10 minutes on my system. Once the tool completes it’s assessment you’ll find an upgrade report in ‘/root/preupgrade-results/’
  6. Review the files in the report. Mine came out with no results…. I take this to mean it found nothing wrong with an in place upgrade…. or there is a bug in the tools. The readme included this description of each file and status descriptions:
    /root/preupgrade file&directory structure
    ------------------------------------
    
    This directory contains the data from the last preupgrade assistant run.
    Files:
    result.html - File with final migration assessment report in human readable
             form (we are sorry for "listing" functionality only)
    result.xml - File with final migration assessment report in machine
             readable form
    README - this file
    results.tar.gz - Tar ball with all files in directory /root/preupgrade
    
    Directories:
    cleanconf - directory with all user-modified configuration files, which were
              checked for the compatibility by preupgrade-assistant. These files
              can be safely used on RHEL-7 system (some of these files may need
              postupgrade.d scripts execution)
    dirtyconf - directory with all user-modified configuration files, which were not
              checked for the compatibility by preupgrade-assistant. These may
              require admin review after the RHEL-7 installation/upgrade.
    kickstart - directory which contains various files useful for generating
              kickstart for cloning this system. Some of the files in this
              directory may give administrator the guidance what was not handled
              by rhelup (and will need some additional actions). See README file
              in the kickstart directory for the file descriptions.
    postupgrade.d - contains various scripts which are supposed to be executed
              AFTER the upgrade to RHEL-7. These scripts should NEVER be used
              on RHEL-6 system.
    RHEL6_7 - just "debugging" directory - will be removed later. Ignore, unless you'll see some "Error" plugin exit status.
    
    Possible check exit codes explanation
    -------------------------------------
    Every single plugin has its own exit code. Administrator needs to check
    at least those with FAIL result before using inplace upgrade. Results FIXED
    should be checked after the inplace upgrade - to finish the RHEL-7 migration
    properly.
    
    The possible exit codes are:
     * PASS = everything is fine, no incompatibility/issue detected by this checker
     * FAIL = some incompatibility/issue that needs to be review by admin was detected.
              FAIL doesn't necessarily mean that inplace upgrade will fail, but may
              result in not 100% functional system
     * FIXED = some incompatibility was detected, but preupgrade-assistant was able
              to find automated solution. Some of the fixes may require running
              postupgrade.d scripts after the upgrade. Fixed configs are available
              in /root/preupgrade/cleanconf directory. preupgrade-assistant doesn't
              handle the fixes automatically at the moment!
     * INFORMATIONAL = nice to have information for admins (e.g. removed options
              in some common tools which may cause malfunctions of their scripts)
     * NOT_APPLICABLE = package which should be tested by the check is not
              installed on the system (test therefore doesn't make sense)
     * ERROR = shouldn't occur, does usually mean error in the preupgrade-assistant
              framework. All such errors should be reported to Red Hat
              preupgrade-assistant team.
    
    In place upgrade risk explanations
    -----------------------------------
    There are several levels of inplace upgrade risks. Any level higher than
    "slight" means you will get not 100% functional upgraded system, although
    inplace upgrade tool "rhelup" may pass.
    
    The available risk assessment levels are:
     * None - Default. It can be used as an indicator for some checks. It is not
              necessary to enter these values.
     * Slight - We assessed this field and have not found any issues. However,
              there is still some risk that not all variants have been covered.
     * Medium - It is likely that the area causes a problem in case of the inplace
              upgrade. It needs to be checked by the administrator after
              the inplace upgrade and after the system has been monitored for
              some time.
     * High - The inplace upgrade can't be used safely without the administrator's
              assistance. This typically involves some known broken scenario,
              existing 3rd party packages. After the administrator manually fixes
              the issue, it may be possible to perform the inplace upgrade, but it
              is not recommended.
     * Extreme - We found an incompatibility which makes the inplace upgrade
              impossible. It is recommended to install a new system with the help
              of preupgrade-assistant remediations.
    

     

  7. Since my report didn’t lead me to believe there were any issues that had to be dealt with pre-upgrade I went for it. First I had to import the repo key and then I ran the upgrade
    [[email protected] temp]# rpm --import http://mirror.its.sfu.ca/mirror/CentOS/7/os/x86_64/RPM-GPG-KEY-CentOS-7
    [[email protected] temp]# redhat-upgrade-tool --network 7.0 --instrepo http://mirror.its.sfu.ca/mirror/CentOS/7/os/x86_64/ --cleanup-post --reboot --force

    Note: I had to add “–force” to the above command. It kept telling me I had not run ‘preupg’ which I had”

  8. After running the above command things started happening. From what I’ve read online this process will take up to 90 minutes while it downloads updates, creates a new boot image, reboots the server and performs the upgrade. The system will automatically reboot when it’s ready.On my system spec’d out as I listed above on a 300mbit internet connection the upgrade process took about 45 minutes.

That’s it! After a few reboots I ended up with a CentOS 7 machine…. with a few issues.

In my case Gnome would load a black screen and there were about 164 CentOS 6 packages left that were not upgraded to their equivalent CentOS 7 packages which caused ‘yum update’ to not work anymore citing dependency issues.

I also had a package, pywebkitgtk, which I had installed that was causing ‘yum update’ to not function properly after adding the EPEL Beta 7 Repo. A quick ‘yum remove pywebkitgtk’ and then ‘yum update’ fixed that.

Apache wasn’t very happy either. The config file needed a lot of work.

On my server there ended up being about 134 CentOS6 packages left over which may or may not cause conflicts in the future.

While this technically worked I’m going to recommend side-by-side upgrades to a fresh CentOS 7 server as the better way to do this. I also believe it is the recommended best practice.

 

References

How to convert RHEL 6.x to CentOS 6.x

Last modified: [last-modified]

This post relates to my older post about converting RHEL 5.x to CentOS 5.x. All the reasons for doing so and other background information can be found in that post.

This post will cover how to convert RHEL 6.x to 5.x.

Updated 2016-03-29 – Thanks to feedback from here I’ve updated the guide.

Updates and Backups!

  1. Fully patch your system and reboot your system before starting this process
  2. Take a full backup of your system or a Snapshot if it’s a VM

Conversion

  1. Login to the server and become root
  2. Clean up yum’s cache
    localhost:~ root# yum clean all
  3. Create a temporary working area
    localhost:~ root# mkdir -p /temp/centos
    localhost:~ root# cd /temp/centos
  4. Determine your version of RHEL
    localhost:~ root# cat /etc/redhat-release
  5. Determine your architecture (32-bit = i386, 64-bit = x86_64)
    localhost:~ root# uname -i
  6. Download the applicable files for your release and architecture. The version numbers on these packages could change. To find the current versions of these files browse this FTP site: http://mirror.centos.org/centos/6/os/i386/Packages/ (32-bit) or http://mirror.centos.org/centos/6/os/x86_64/Packages/ (64-bit) and replace the ‘x’ values below with the current version numbers
    CentOS 6.5 / 32-bit

    localhost:~ root# wget http://mirror.centos.org/centos/6/os/i386/RPM-GPG-KEY-CentOS-6
    localhost:~ root# wget http://mirror.centos.org/centos/6/os/i386/Packages/centos-release-6-x.el6.centos.x.x.i686.rpm
    localhost:~ root# wget http://mirror.centos.org/centos/6/os/i386/Packages/centos-indexhtml-6-x.el6.centos.noarch.rpm
    localhost:~ root# wget http://mirror.centos.org/centos/6/os/i386/Packages/yum-x.x.x-x.el6.centos.noarch.rpm
    localhost:~ root# wget http://mirror.centos.org/centos/6/os/i386/Packages/yum-plugin-fastestmirror-x.x.x-x.el6.noarch.rpm

    CentOS 6.5 / 64-bit

    localhost:~ root# wget http://mirror.centos.org/centos/6/os/x86_64/RPM-GPG-KEY-CentOS-6
    localhost:~ root# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/centos-release-6-x.el6.centos.xx.x.x86_64.rpm
    localhost:~ root# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/centos-indexhtml-6-x.el6.centos.noarch.rpm
    localhost:~ root# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-x.x.xx-xx.el6.centos.noarch.rpm
    localhost:~ root# wget http://mirror.centos.org/centos/6/os/x86_64/Packages/yum-plugin-fastestmirror-x.x.xx-xx.el6.noarch.rpm
  7. Import the GPG key for the appropriate version of CentOS
    localhost:~ root# rpm --import RPM-GPG-KEY-CentOS-6
  8. Remove RHEL packages

    Note:
    If the ‘rpm -e’ command fails saying one of the packages is not installed remove the package from the command and run it again.

    localhost:~ root# yum remove rhnlib abrt-plugin-bugzilla redhat-release-notes*
    localhost:~ root# rpm -e --nodeps redhat-release-server-6Server redhat-indexhtml
  9. Remove any left over RHEL subscription information and the subscription-manager

    Note:
    If you do not do this every time you run ‘yum’ you will receive the following message: “This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.”

    localhost:~ root# subscription-manager clean
    localhost:~ root# yum remove subscription-manager
  10. Force install the CentOS RPMs we downloaded
    localhost:~ root# rpm -Uvh --force *.rpm
  11. Clean up yum one more time and then upgrade
    localhost:~ root# yum clean all
    localhost:~ root# yum upgrade
  12. Reboot your server
  13. Verify functionality
  14. Delete VM Snapshot if you took one as part of the backup

 

References