0

My VM instance was on CentOS 7

I recently attempted upgrading that to Almalinux 8 using below link

https://wiki.almalinux.org/elevate/ELevating-CentOS7-to-AlmaLinux-9.html#migrate-centos-7-to-almalinux-8

As I per formed the instructed reboot post step sudo leapp upgrade I was unable to connect to my instance via SSH

On observing VM instance logs I have some error logs on repeat which are like

{@type: type.googleapis.com/cloud_integrity.IntegrityEvent, bootCounter: 1000, startupEvent: {…}}

{@type: type.googleapis.com/cloud_integrity.IntegrityEvent, bootCounter: 1000, earlyBootReportEvent: {…}}

{@type: type.googleapis.com/cloud_integrity.IntegrityEvent, bootCounter: 1000, shutdownEvent: {…}}

Any help here would be appreciated for how may I connect to the VM instance now. enter image description here enter image description here

Logs generated Logs

Early Boot Event Error in expanded form Early Boot Event Error

1
  • Edit your question with more details. Are you using a shielded image for your VM? Do you have Secure Boot, vTPM, or Integrity Monitoring enabled? Research error messages before posting a question so that you know which details to provide. cloud.google.com/compute/shielded-vm/docs/shielded-vm Commented Feb 9 at 16:43

2 Answers 2

1

As per the Almalinux doc, Migrations will require your system to reboot twice. Can you reboot again and try it. If still unable to connect check below points :

  • As per the logs you are receiving integrity validation failure , You might need to identify the cause of an integrity validation failure and update the integrity policy baseline using the current instance configuration. The VM instance must be running when you update the baseline.

  • If you can't diagnose and resolve the cause of the SSH connection issue, connect using the SSH Putty client .

  • To find more methods for diagnosing and resolving failed SSH connections, see Troubleshooting SSH.

  • You can also raise this issue in almalinux disclosure group to get in line issue resolution .

1

I was finally able to pass this error.

I had to turn OFF the VM SHIELD checkboxes at my VM security section

  • vTPM
  • Integrity Monitoring

Above options were present as ON. Upon upgrade the kernel was also upgraded. the Integrity Monitoring maintains a record of existing kernel version which was causing the error as appearing in the logs at the questions. (As the kernel was upgraded now)

Though by this change I am able to bypass the error but I am still not sure of how to actually update the kernel records so that the integrity monitoring passes it. So, my approach is more a hack where I turned the validation off.

Do update the question thread if somebody knows about the Update Kernel records to pass Integrity Check. Thanks

enter image description here

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .