Rebase on upstream most recent version 0.23.0-1 (dcf53c28ea9c3fdd03277abcdeb1d124660f7f8e) #149
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* add information about 'almalinux' new distro and its 'default' upgrade path * update mapping with 'almalinux' distro ID and its OS version format * add AlmaLinux OS release 9 and 10 RPM GPG keys, fingerprints of GPG keys, and obsoleted GPG keys * update unit tests to cover 'almalinux' (cherry picked from commit e2302c5)
Non-RHEL systems do not use Red Hat Subscription Manager (RHSM), therefore all RHSM related actions should be skipped on such systems. Changes: - The --no-rhsm option is implied on non-RHEL systems and LEAPP_NO_RHSM is forcefully set to 1. - Skip rhsm actions which are not skipped on RHEL even with --no-rhsm. Jira: RHEL-95975 (cherry picked from commit e2fad15)
This report is irrelevant on non-RHEL systems which don't use RHSM. (cherry picked from commit b207c64)
CentOS Stream systems the `stream` DNF variable is used instead of the `releasever`, which cause an issue when creating target repos, becuase the $stream variable is handled incorrectly. This patch is adjusting the content of /etc/dnf/vars/stream in scratch container, so $stream var is replaced with correct target version of system. Jira: RHEL-95982 (cherry picked from commit 9658b0b)
Update PES events data file. It includes also fixed PES events related to php module streams - fixing the DNF transaction when one of these rpms are installed. (cherry picked from commit 300e157)
The get_distro_id function from command_utils seeks wrong key in /etc/os-release. Instead of using 'ID', the function uses 'VERSION_ID', returning OS version (e.g. 9.6) instead of distro identifier such as RHEL. (cherry picked from commit cd161fd)
Execute isort when running the `fast_lint` target. Therefore, the target now matches the `lint` target, allowing the developer to see the results of running all of our linters on his/hers changes in a quick manner. (cherry picked from commit 315cb71)
Adding upgrade path 9.7 -> 10.1 for: - RHEL - AlmaLinux Adjust also CentOS virtual version to reflect actual state. Jira: RHEL-107228 (cherry picked from commit ba9c02e)
Adding the upgrade path 8.10 -> 9.7 for RHEL and Almalinux distros, making this upgrade path default now. Also update CI tests to reflect the changes. Note that tests for RHUI are not present at this moment yet - they will be added separately. Jira: RHEL-107228 (cherry picked from commit 5d1ea99) Keep AlmaLinux 9.6 -> 10.0 upgrade path.
The linux-firmware RPM has been rebased in RHEL 8.10.z, 9.6.z, 10.0.z, and updated in 9.4.z-eus. As the new rebased package contains dir <-> symlink change, it creates conflicts with old (not-updated) linux-firmware packages. To be able to test IPU 8.10.z -> 9.4, EUS repositories must be used for the target rhel 9.4 system as standard repositories do not receive updates anymore. (cherry picked from commit cb2408e)
Similarly to RHEL upgrades, we want to remove obsolete GPG keys, e.g. keys using SHA1 during Centos Stream upgrades. On CS9 (and also CS8) the gpg-pubkey-8483c65d-5ccc5b19 key imported from /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial is used. This key uses SHA1 and makes CS9 -> CS10 IPUs fail due to SHA1 being prohibited. This patch adds the key to the list of keys to remove during IPU. NOTE: The key used on CS10 is /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial-SHA256 which uses SHA256, but after importing it it's also named gpg-pubkey-8483c65d-5ccc5b19. This isn't a problem because the SHA1 one is removed before the SHA256 one is imported, but it's something to keep in mind if there is CS10 -> CS11 sometime in he future. Jira: RHEL-104389 (cherry picked from commit 58aa9a7)
The old tool sss_ssh_knownhostsproxy was replaced by sss_ssh_knonwhosts in RHEL 10. SSH's configuration has to be updated from things like: ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h to: KnownHostsCommand /usr/bin/sss_ssh_knownhosts %H Three actors are added: * SSSDFacts: Retrieves facts about SSSD and SSH configuration related to the sss_ssh_knownhostsproxy tool. It dentifies files in the SSSD configuration including the `service` keyword, and files in the SSH configuration mentioning the tool. * SSSDCheck: Checks if there is something to do and, in that case, creates a report. File access is also checked and reported if they cannot be written to. * SSSDUpdate: Updates the SSSD and SSH configuration to use the new tool and meet its requirements. Each actor includes its test. Jira: https://issues.redhat.com/browse/IDM-107 (cherry picked from commit 5e8c298)
* device_driver_deprecation_data.json
* repomap.json
Upg paths are unchanged.
The following mappings for UpgPath(src_major='9', dst_major='10') have been added:
- MappingEntry(src='rhel9-rhui-client-config-server-9-sap', dst=('rhel10-rhui-client-config-server-10-sap',))
- MappingEntry(src='rhel9-rhui-microsoft-azure-sap-apps', dst=('rhel10-rhui-microsoft-azure-sap-apps',))
- MappingEntry(src='rhel9-rhui-microsoft-sap-ha', dst=('rhel10-rhui-microsoft-sap-ha',))
The following repos have been added:
- Repo(pesid='rhel10-AppStream', major_version='10', repoid='rhel-10-for-x86_64-appstream-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-AppStream', major_version='10', repoid='rhel-10-for-x86_64-appstream-eus-rhui-rpms', repo_type='rpm', channel='eus', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-BaseOS', major_version='10', repoid='rhel-10-for-x86_64-baseos-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-BaseOS', major_version='10', repoid='rhel-10-for-x86_64-baseos-eus-rhui-rpms', repo_type='rpm', channel='eus', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-HighAvailability', major_version='10', repoid='rhel-10-for-x86_64-highavailability-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-SAP-NetWeaver', major_version='10', repoid='rhel-10-for-x86_64-sap-netweaver-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-SAP-NetWeaver', major_version='10', repoid='rhel-10-for-x86_64-sap-netweaver-eus-rhui-rpms', repo_type='rpm', channel='eus', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-SAP-Solutions', major_version='10', repoid='rhel-10-for-x86_64-sap-solutions-e4s-rhui-rpms', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-rhui-client-config-server-10-sap', major_version='10', repoid='rhui-client-config-server-10-sap-bundle', repo_type='rpm', channel='ga', arch='x86_64', rhui='aws', distro='rhel')
- Repo(pesid='rhel10-rhui-microsoft-azure-sap-apps', major_version='10', repoid='rhui-microsoft-azure-rhel10-sapapps', repo_type='rpm', channel='eus', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel10-rhui-microsoft-sap-ha', major_version='10', repoid='rhui-microsoft-azure-rhel10-sap-ha', repo_type='rpm', channel='e4s', arch='x86_64', rhui='azure', distro='rhel')
- Repo(pesid='rhel8-HighAvailability', major_version='8', repoid='rhel-8-for-x86_64-highavailability-aus-rpms', repo_type='rpm', channel='aus', arch='x86_64', rhui=None, distro='rhel')
(cherry picked from commit f73be94)
Add corresponding entries to known setups in the rhui.py library. Jira-ref: RHEL-104204, RHEL-104205 (cherry picked from commit f50b172)
This has been deprecated and replaced by DistributionSignedRPM since 2024-01-31. (cherry picked from commit 846057b)
ThirdPartyRPM is a more descriptive name as the model contains third-party packages as well. (cherry picked from commit 0177405)
Originally the redhatsignedrpmcheck actor has been written only with RHEL systems in mind and the expectation was that the only vendor as such is Red Hat. However, in case of other distributions that's not true. The existing report could be confusing for users and could set wrong expectations. This patch generalizes the actor with other distributions in mind: - the actor is renamed to distributionsignedrpmcheck - the report is updated to not mention the distribution/vendor name directly Jira: RHEL-80333 Co-authored-by: Petr Stodulka <pstodulk@redhat.com> (cherry picked from commit 73b2742)
Add an actor that scans the default boot entry by calling grubby. New model named 'DefaultSourceBootEntry' is introduced, allowing to share obtained information with actors. At the moment, only the initramfs path and kernel path are scanned, the rest of the default boot entry's information is ignored. (Done in preparation of:) Jira-ref: RHEL-102591 (cherry picked from commit 5a9dc2c)
Add an actor that scans the properties of the initramfs of the default boot entry. At the moment, only used dracut modules are determined, using `lsinitrd`. An accompanying model `DefaultInitramfsInfo` is introduced. (Done in preparation of:) Jira-ref: RHEL-102591 (cherry picked from commit 6994f3d)
Inhibit the upgrade if the initramfs of the source system's default boot entry was built using dracut modules that are not present on the target system. At the moment, only the `network-legacy` dracut module is detected. (cherry picked from commit ac92e20)
When fapolicy is running on system, the upgrade fails with error related to not sufficient permissions to /var/ilb/leapp/. To solve this issue, there needs to be added new rule to fapolicyd, so this change creates new rule and restart the service after any Leapp' packages transactions. Jira: RHEL-50847 (cherry picked from commit 7a3e2f6)
## Packaging - Require leapp-framework > 6.1 (oamg#1350) - Introduced leapp-upgrade-*-fapolicyd subpackage with config file for fapolicyd (oamg#1410) ## Upgrade handling ### Fixes - Disable localpkg_gpgcheck during the upgrade if set to allow installation of bundled leapp and leapp-repository deps packages (oamg#1401) - Fix in-place upgrades on systems using fapolicyd (oamg#1410) - Fix parsing of the kernel cmdline (oamg#1372) - Load DNF configuration in the `module.py` shared library to prevent errors when downloading remote content and proxy is required (oamg#1398) - Minor fixes in reports (oamg#1355, oamg#1371, oamg#1370, oamg#1402) - Prevent a crash during the Application phase when no custom SELinux modules needs to be handled post-upgrade (oamg#1352) - Sanitize the device driver deprecation data and the scan of deprecated PCI devices (oamg#1362, oamg#1376) - Skip checking ownership of files in the /etc/pki/ca-trust/extracted/pem/directory-hash directory (oamg#1405) - [IPU 8 -> 9] Fix broken bootloader on Azure hybrid images for systems previously upgraded from RHEL 7 (oamg#1284) - [IPU 9 -> 10] Create proper error message when the swap of RHUI clients fails (oamg#1353) - [IPU 9 -> 10] Exclude the leapp-upgrade-el9toel10 RPM from the upgrade transaction (oamg#1351) - [IPU 9 -> 10] Inhibit the upgrade on systems using deprecated network-legacy dracut module to prevent kernel panic (oamg#1412) ### Enhancements - Add IPU paths 8.10 -> 9.7 and 9.7 -> 10 (oamg#1411, oamg#1415) - Add RHEL 9.7 and 10.1 product certificates (oamg#1374) - Requires data with provided_data_streams 4.0+ (oamg#1375) - Generalize the solution to make it more distribution agnostic - Skip RHSM-related actions on non-RHEL distros (oamg#1407, oamg#1414) - Manage RPM GPG keys during the upgrade respecting used linux distributions (oamg#1378) - Respect the release_id of the OS when processing DNF repositories (oamg#1375) - Enable upgrades of CentOS Stream - Adjust the DNF `stream` variable during CentOS upgrades (oamg#1406) - Gracefully handle CentOS OS versions that do not provide a minor version number (oamg#1363, oamg#1396) - [IPU 9 -> 10] Remove obsoleted RPM GPG key when upgrading to CentOS 10 (oamg#1408) - Enable upgrades of AlmaLinux (oamg#1391) - Introduced the --enable-experimental-feature to simplify use of experimental features (oamg#1350) - Simplified use of the LiveMode experimental feature with additional enhancements (oamg#1350) - Unify definition and processing of defined upgrade paths (oamg#1359) - Update leapp upgrade data files, start to provide data stream 4.0 (oamg#1358, oamg#1380, oamg#1375, oamg#1388, oamg#1409, oamg#1418) - [IPU 8 -> 9] Add actor with recommendations for upgrade of MySQL (oamg#1335) - [IPU 9 -> 10] Add actors to migrate SSSD configuration (oamg#1397) - [IPU 9 -> 10] Enable upgrades on systems using RHUI on AWS, Azure, and Alibaba (oamg#1387, oamg#1383, oamg#1420) - [IPU 9 -> 10] Inhibit the upgrade if cgroups v1 are enabled on the system (oamg#1392) ## Additional changes interesting for devels - Documented more technical details about the LiveMode (oamg#1357, oamg#1366) - Makefile: Return non-zero exit code on failed tests in container (oamg#1382) - New deprecations introduced: - The `HybridImage` model has been replaced by `ConvertGrubenvTask`. (oamg#1284) - The `InstalledUnsignedRPM` model has been deprecated and replaced by `ThirdPartyRPM` (oamg#1402) - The `leapp.libraries.common.config.version.SUPPORTED_VERSIONS` variable is deprecated (oamg#1359) - the is_rhel_alt function from shared libraries has been deprecated (oamg#1377) - The rhui field in PESIDRepositoryEntry model is now plain string type instead of enumeration (oamg#1375) - Cleaning: - The el7toel8 repository has been removed (oamg#1385) - Removal of some deprecated models: InstalledRedHatSignedRPM, IPUPaths (oamg#1359, oamg#1402) - The `LEAPP_DEVEL_ENABLE_LIVE_MODE` envar has been dropped (oamg#1350) (cherry picked from commit c86de9a)
Implements detection and inhibition of the upgrade when DNF pluginpath is configured in /etc/dnf/dnf.conf: - Add DnfPluginPathDetected model to communicate detection results - Add ScanDnfPluginPath actor (FactsPhase) to scan DNF configuration - Add CheckDnfPluginPath actor (ChecksPhase) to create inhibitor report - Add related unit tests Localisation of dnf plugins is not constant between system releases which can cause issues with the upgrade, so the user should remove this option or comment it out. Jira: RHEL-69601 (cherry picked from commit dcf53c2)
Thank you for contributing to the Leapp project!Please note that every PR needs to comply with the leapp-repository contribution and development guidelines and must pass all tests in order to be mergeable.
Packit will automatically schedule regression tests for this PR's build and latest upstream leapp build.
Note that first time contributors cannot run tests automatically - they need to be started by a reviewer. It is possible to schedule specific on-demand tests as well. Currently 2 test sets are supported,
See other labels for particular jobs defined in the Please open ticket in case you experience technical problem with the CI. (RH internal only) Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please contact leapp-infra. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.