How to Upgrade RHEL 9 to RHEL 10 Step-by-Step Guide

by


RHEL 10 shipped in May 2025. If you are still running RHEL 9 on critical systems, you are exposing your server to cybersecurity threats. This guide covers how to upgrade RHEL 9 to RHEL 10 step-by-step.

Strategy and Prerequisites

The in-place upgrade using leapp is the default choice for a reason. But consider a fresh install if your system has been running since RHEL 7 and has accumulated significant configuration drift, or your system uses complex third-party kernel modules. For the fresh installation of RHEL 10 guide, click here.

For everything else, the in-place method (using leapp) is efficient.

Step 1: Establish a Reliable Recovery Point

A snapshot of a virtual machine is a good start, but a verified, file-level backup is better. For a physical server, ensure you have a complete system image. It helps recover if upgrades fail due to a corrupted file system that went unnoticed. After backup, test your restoration process on a non-production machine. If you can’t restore, you aren’t ready.

Step 2: Validate Application Compatibility

Don’t assume your applications will work. For commercial software, check the vendor’s support portal to determine if the application supports RHEL 10. For in-house applications, rebuild and test them in a RHEL 10 container. Pay attention to shared libraries and any kernel-specific system calls.

For example, RHEL 10 dropped Broadcom BCM5720 driver support. Check your drivers now and reinstall supported drivers and modules.

Specifically, check any service that integrates deeply with the OS. A custom authentication module or an audit daemon plugin will likely need a recompile.

Step 3: Prepare the RHEL 9 System

Patch RHEL 9 to the latest. Your initial system state matters.

sudo dnf update -y
sudo reboot

DNF Update On RHEL 9 Before Upgrade

And remove unnecessary load, if any.

sudo dnf clean all
sudo dnf remove --oldinstallonly --setopt installonly_limit=2

Remove old kernel on RHEL 9 Before Upgrade

sudo dnf autoremove

DNF Autoremove RHEL 9

Ensure the system is registered with Red Hat Subscription Manager and check whether your Red Hat account subscription inventory has active entitlements for the RHEL 10 repositories. (Free Trial of RHEL that comes with Developer subscription for individuals is used here. So, your inventory dashboard may be different depending on the subscription purchased by your organization.)

RHEL Subscription Page on Redhat Portal

The Leapp Pre-Upgrade Analysis

The leapp utility is the core of the process. Its true value isn’t in the upgrade execution, but in the pre-upgrade analysis. Running the update without understanding its output may lead to a failed or corrupted upgrade. Install and run the pre-upgrade check.

sudo dnf install -y leapp-upgrade

Install Leapp Upgrade On RHEL 9

sudo leapp preupgrade --target 10.0

Leapp Preupgrade Check Target RHEL 10

This process can take a few minutes. It’s not just checking package versions but also analyzing your configuration files, loaded kernel modules, and running services against a database of known issues.

Interpreting the Report

The report at /var/log/leapp/leapp-report.txt is your single most important source of truth. Ignoring it is the primary cause of failed upgrades.

Interpreting Leapp Preupgrade Report for RHEL 10

You are looking for inhibitors and hard stops.

Common examples of errors and inhibitors encountered in leapp preupgrade include:

  • Unsupported Kernel Modules: Leapp will block the upgrade if any driver or module is unsupported. You must remove the driver or find a RHEL 10 compatible version before proceeding. For example, leapp might fail with the error “Unsupported Samba version” because of custom Samba configs. The solution is to reset Samba configs.
sudo samba-tool dbcheck --fix && samba-tool dbcheck --fix --reset-well-known-acls
  • Obsolete Network Configurations: If you’re still using network-scripts (ifcfg files), Leapp will flag it. You must migrate to NetworkManager. If it fails to start NetworkManager after a restart, which is due to a missing NIC driver, you’ll need to install extra kernel modules and enforce them.
sudo dnf install kernel-modules-extra
sudo dracut --force

Install Extra Kernel Module On RHEL 9 Before Upgrade

  • Certain Security Configurations: A custom audit rule or a specific SELinux policy might require remediation. For example, an app crash with the error “GLIBC_2.34 not found” is resolved by rebuilding the app against the RHEL 10 devtoolset. The report also contains warnings and info messages. Don’t ignore these. A warning about a configuration file that will be migrated (.rpmnew or .rpmsave) tells you exactly what you’ll need to check and merge manually after the upgrade.

The Pre-Upgrade Progressive Validation

You will likely not pass the first time for the pre-upgrade. The workflow is:

  1. Run leapp preupgrade.
  2. Scan the report for inhibitors and high-priority warnings.
  3. Address them. This might involve removing packages, editing config files based on Leapp’s suggestions, or running a provided remediation script.
  4. Repeat.

You are done only when leapp preupgrade produces no inhibitors and you have a plan for all high-priority warnings.

Upgrade RHEL 9 to RHEL 10

Once the pre-upgrade is clean, the actual upgrade is simple. Schedule a maintenance window and communicate it. Then run the upgrade command.

sudo leapp upgrade --target 10.0

Upgrade RHEL 9 to RHEL 10

The system will download packages and eventually reboot. It will boot into a special initramfs environment where the package transaction occurs. You will see a console screen showing progress. This is not a hang. It can take a bit longer. Do not power off the machine. The system will reboot again, this time into the RHEL 10 kernel.

Post-Upgrade Validation and Hardening

The system is on RHEL 10. Now the real work begins. This is not just about checking if it booted. Confirm the version.

cat /etc/os-release

OS Verification Post RHEL Upgrade

Check for any services that failed to start

systemctl --failed

Verify the boot loader

sudo grub2-editenv list

Systemctl Failed Services RHEL 10 Post Upgrade

It is crucial to check if all the necessary processes are working correctly.

For the network, check all necessary endpoints (DNS, NTP, internal APIs).

ss -tulpn | grep -E ':80|:443|:3306|:5432'

Also, test your servers with ping, dig, and curl.

For security, check if SELinux is in enforcing mode? Check with getenforce. Are your firewall rules intact? Run this command.

firewall-cmd --list-all-zones

Verify Firewall Rules And Network Ports Post RHEL 10 Upgrade

For a database server, don’t just check if PostgreSQL is running. Connect with a client and run a query. For a web server, curl the endpoint and validate the response. Check application logs for permission errors or library issues.

Final Steps

Update any system automation. Your Ansible playbooks, monitoring checks, and documentation should now reference RHEL 10. Consider through documentation, including every error and fix, upgrade pain points and commands that saved you, vendor notes on the upgrade support, and the leapp upgrade report. When RHEL 11 drops, this will save your team hours.

Conclusion

The upgrade from RHEL 9 to RHEL 10 is a need of the time, but it’s not automatic. Its success depends entirely on the thoroughness of your pre-upgrade analysis and post-upgrade validation. The leapp tool does the heavy lifting. By methodically working through the prerequisites, taking into account the pre-upgrade report, and thoroughly testing the resulting system, you can execute this upgrade with confidence. It’s a straightforward process for those who prepare.



Source link

Leave a Comment