def process(self):
hint = 'In order to unload the module from the running system, check the accompanied command.'
command = ['modprobe', '-r', 'btrfs']
for fact in self.consume(ActiveKernelModulesFacts):
for active_module in fact.kernel_modules:
if active_module.filename == 'btrfs':
create_report([
reporting.Title('Btrfs has been removed from RHEL8'),
reporting.Summary(
'The Btrfs file system was introduced as Technology Preview with the '
'initial release of Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. As of '
'versions 6.6 and 7.4 this technology has been deprecated and removed in RHEL8.'
),
reporting.ExternalLink(
title='Considerations in adopting RHEL 8 - btrfs has been removed.',
url='https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/considerations_in_adopting_rhel_8/file-systems-and-storage_considerations-in-adopting-rhel-8#btrfs-has-been-removed_file-systems-and-storage' # noqa: E501; pylint: disable=line-too-long
),
reporting.ExternalLink(
title='How do I prevent a kernel module from loading automatically?',
url='https://access.redhat.com/solutions/41278'
),
reporting.Severity(reporting.Severity.HIGH),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Tags([reporting.Tags.FILESYSTEM]),
reporting.Remediation(hint=hint, commands=[command]),
reporting.RelatedResource('kernel-driver', 'btrfs')
])
break
def version2_check(info):
""" Performs all checks for SAP HANA 2 and creates a report if anything unsupported has been detected """
found = {}
for instance in info.instances:
if _manifest_get(instance.manifest, 'release', None) == '1.00':
continue
if not _fullfills_hana_min_version(instance):
_add_hana_details(found, instance)
if found:
detected = _create_detected_instances_list(found)
reporting.create_report([
reporting.Title('SAP HANA needs to be updated before upgrade'),
reporting.Summary((
'A newer version of SAP HANA is required in order continue with the upgrade.'
' {min_hana_version} is required for the target version of RHEL.\n\n'
'The following SAP HANA instances have been detected to be running with a lower version'
' than required on the target system:\n'
'{detected}').format(
detected=detected,
min_hana_version=SAP_HANA_MINIMAL_VERSION_STRING)),
reporting.RemediationHint('Update SAP HANA at least to {}'.format(
SAP_HANA_MINIMAL_VERSION_STRING)),
reporting.ExternalLink(
url='https://launchpad.support.sap.com/#/notes/2235581',
title='SAP HANA: Supported Operating Systems'),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.SANITY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Audience('sysadmin')
])
def process():
# blacklist CRB repo if optional repo is not enabled
reposid_blacklist = _get_disabled_optional_repo()
if reposid_blacklist:
api.current_logger().info(
"The optional repository is not enabled. Blacklisting the CRB repository."
)
api.produce(RepositoriesBlacklisted(repoids=reposid_blacklist))
report = [
reporting.Title("Excluded RHEL 8 repositories"),
reporting.Summary(
"The following repositories are not supported by "
"Red Hat and are excluded from the list of repositories "
"used during the upgrade.\n- {}".format(
"\n- ".join(reposid_blacklist))),
reporting.Severity(reporting.Severity.INFO),
reporting.Tags([reporting.Tags.REPOSITORY]),
reporting.Flags([reporting.Flags.FAILURE]),
reporting.ExternalLink(
url=("https://access.redhat.com/documentation/en-us/"
"red_hat_enterprise_linux/8/html/package_manifest/"
"codereadylinuxbuilder-repository."),
title="CodeReady Linux Builder repository",
),
]
reporting.create_report(report)
def process(self):
interfaces = next(self.consume(PersistentNetNamesFacts)).interfaces
if self.single_eth0(interfaces):
self.disable_persistent_naming()
elif len(interfaces) > 1 and self.ethX_count(interfaces) > 0:
create_report([
reporting.Title('Unsupported network configuration'),
reporting.Summary(
'Detected multiple physical network interfaces where one or more use kernel naming (e.g. eth0). '
'Upgrade process can not continue because stability of names can not be guaranteed. '
'Please read the article at https://access.redhat.com/solutions/4067471 for more information.'
),
reporting.ExternalLink(
title=
'How to perform an in-place upgrade to RHEL 8 when using kernel NIC names on RHEL 7',
url='https://access.redhat.com/solutions/4067471'),
reporting.Remediation(
hint=
'Rename all ethX network interfaces following the attached KB solution article.'
),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.NETWORK]),
reporting.Flags([reporting.Flags.INHIBITOR])
])
def process(self):
if not all(next(self.consume(model), None) for model in self.consumes):
return
if self.file_baseurl_in_use():
warn_msg = (
"Local repository found (baseurl starts with file:///). "
"Currently leapp does not support this option.")
self.log.warning(warn_msg)
reporting.create_report([
reporting.Title("Local repository detected"),
reporting.Summary(warn_msg),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.REPOSITORY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Remediation(
hint=("By using Apache HTTP Server you can expose "
"your local repository via http. See the linked "
"article for details. ")),
reporting.ExternalLink(
title=("Customizing your Red Hat Enterprise Linux "
"in-place upgrade"),
url=("https://access.redhat.com/articles/4977891/"
"#repos-known-issues"),
),
])
def process():
if not architecture.matches_architecture(architecture.ARCH_S390X):
return
cpuinfo = next(api.consume(CPUInfo), None)
if cpuinfo is None:
raise StopActorExecutionError(message=("Missing information about CPU."))
if not cpuinfo.machine_type:
# this is not expected to happen, but in case...
api.curernt_logger().warning("The machine (CPU) type is empty.")
if cpuinfo.machine_type not in SUPPORTED_MACHINE_TYPES:
summary = ("The machine is not possible to upgrade because of unsupported"
" type of the processor. Regarding the official documentation,"
" z13 and z14 processors are supported on the Red Had Enterprise"
" Linux 8 system for the IBM Z architecture. If you have one of"
" the supported processors, you should see provided the machine"
" type in the /proc/cpuinfo file with one of those values: {}."
" Detected machine type of the CPU is '{}'."
.format(", ".join([str(i) for i in SUPPORTED_MACHINE_TYPES]), cpuinfo.machine_type))
report = [
reporting.Title("The processor is not supported by the target system."),
reporting.Summary(summary),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.SANITY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.ExternalLink(
title="Considerations in adopting RHEL 8",
url=("https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/"
"html-single/considerations_in_adopting_rhel_8/"
"index#changes-in-gcc-in-rhel-8_changes-in-toolchain-since-rhel-7"))
]
reporting.create_report(report)
def process(self):
try:
quagga_facts = next(self.consume(QuaggaToFrrFacts))
except StopIteration:
return
if 'babeld' in quagga_facts.active_daemons or 'babeld' in quagga_facts.enabled_daemons:
create_report([
reporting.Title('Babeld is not available in FRR'),
reporting.ExternalLink(
url='https://access.redhat.com/'
'documentation/en-us/red_hat_enterprise_linux/8/html/'
'configuring_and_managing_networking/setting-your-rou'
'ting-protocols_configuring-and-managing-networking',
title='Setting routing protocols in RHEL8'),
reporting.Summary(
'babeld daemon which was a part of quagga implementation in RHEL7 '
'is not available in RHEL8 in FRR due to licensing issues.'
),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags(COMMON_REPORT_TAGS),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Remediation(
hint='Please use RIP, OSPF or EIGRP instead of Babel')
])
else:
self.log.debug('babeld not used, moving on.')
def inhibit(node_type):
create_report([
reporting.Title("Use of HA cluster detected. Upgrade can't proceed."),
reporting.Summary(
"HA cluster is not supported by the inplace upgrade.\n"
"HA cluster configuration file(s) found."
" It seems to be a cluster {0}.".format(node_type)),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.HIGH_AVAILABILITY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.ExternalLink(
url="https://access.redhat.com/articles/2059253",
title=(
"Recommended Practices for Applying Software Updates"
" to a RHEL High Availability or Resilient Storage Cluster"),
),
reporting.Remediation(
hint=(
"Destroy the existing HA cluster"
" or (if you have already removed HA cluster packages) remove"
" configuration files {0} and {1}".format(
CIB_LOCATION,
COROSYNC_CONF_LOCATION,
)),
commands=[[
"sh", "-c",
"pcs cluster stop --all --wait && pcs cluster destroy --all"
]]),
reporting.RelatedResource('file', COROSYNC_CONF_LOCATION),
reporting.RelatedResource('file', CIB_LOCATION)
])
def generate_report(existing_custom_network_scripts):
""" Generate reports informing user about possible manual intervention required """
# Show documentation url if custom network-scripts detected
title = "custom network-scripts detected"
summary = (
"RHEL 9 does not support the legacy network-scripts package that was"
" deprecated in RHEL 8. Custom network-scripts have been detected.")
reporting.create_report([
reporting.Title(title),
reporting.Summary(summary),
reporting.Remediation(hint=(
"Migrate the custom network-scripts to NetworkManager dispatcher"
" scripts manually before the ugprade. Follow instructions in the"
" official documentation.")),
reporting.Severity(reporting.Severity.HIGH),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Tags([reporting.Tags.NETWORK, reporting.Tags.SERVICES]),
reporting.ExternalLink(
title=
("Upgrading from RHEL 8 to 9 - migrating custom network-scripts to"
" NetworkManager dispatcher scripts"),
url=DOC_URL,
),
] + [
reporting.RelatedResource("file", fname)
for fname in existing_custom_network_scripts
])
def ipa_warn_pkg_installed(ipainfo):
"""
Warn that unused ipa-server package is installed
"""
if ipainfo.is_client_configured:
summary = (
"The ipa-server package is installed but only IdM client is "
"configured on this system.")
else:
summary = (
"The ipa-server package is installed but neither IdM server "
"nor client is configured on this system.")
entries = [
reporting.Title(
"ipa-server package is installed but no IdM is configured"),
reporting.Summary(summary),
reporting.Remediation(
hint="Remove unused ipa-server package",
commands=[["yum", "remove", "-y", "ipa-server"]],
),
reporting.ExternalLink(
url=MIGRATION_GUIDES[get_source_major_version()],
title="Migrating IdM from RHEL 7 to 8",
),
reporting.Severity(reporting.Severity.MEDIUM),
reporting.Tags([reporting.Tags.SERVICES]),
reporting.RelatedResource("package", "ipa-server"),
]
return reporting.create_report(entries)
def version1_check(info):
""" Creates a report for SAP HANA instances running on version 1 """
found = {}
for instance in info.instances:
if _manifest_get(instance.manifest, 'release') == '1.00':
_add_hana_details(found, instance)
if found:
detected = _create_detected_instances_list(found)
reporting.create_report([
reporting.Title(
'Found SAP HANA 1 which is not supported with the target version of RHEL'
),
reporting.Summary((
'SAP HANA 1.00 is not supported with the version of RHEL you are upgrading to.\n\n'
'The following instances have been detected to be version 1.00:\n'
'{}'.format(detected))),
reporting.Severity(reporting.Severity.HIGH),
reporting.RemediationHint((
'In order to upgrade RHEL, you will have to upgrade your SAP HANA 1.0 software to '
'{supported}.'.format(
supported=SAP_HANA_MINIMAL_VERSION_STRING))),
reporting.ExternalLink(
url='https://launchpad.support.sap.com/#/notes/2235581',
title='SAP HANA: Supported Operating Systems'),
reporting.Tags([reporting.Tags.SANITY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Audience('sysadmin')
])
def process(self):
# Consume a single TCP Wrappers message
tcp_wrappers_messages = self.consume(TcpWrappersFacts)
tcp_wrappers_facts = next(tcp_wrappers_messages, None)
if list(tcp_wrappers_messages):
api.current_logger().warning(
'Unexpectedly received more than one TcpWrappersFacts message.'
)
if not tcp_wrappers_facts:
raise StopActorExecutionError(
'Could not check tcp wrappers configuration',
details={'details': 'No TcpWrappersFacts found.'})
# Convert installed packages message to list
packages = create_lookup(InstalledRedHatSignedRPM,
field='items',
keys=('name', ))
found_packages = config_affects_daemons(tcp_wrappers_facts, packages,
DAEMONS)
if found_packages:
create_report([
reporting.Title(
'TCP Wrappers configuration affects some installed packages'
),
reporting.Summary(
'tcp_wrappers support has been removed in RHEL-8. '
'There is some configuration affecting installed packages (namely {}) '
'in /etc/hosts.deny or /etc/hosts.allow, which '
'is no longer going to be effective after update. '
'Please migrate it manually.'.format(', '.join(
found_packages))),
reporting.Severity(reporting.Severity.HIGH),
reporting.ExternalLink(
title='Replacing TCP Wrappers in RHEL 8',
url='https://access.redhat.com/solutions/3906701'),
reporting.Tags(
[reporting.Tags.SECURITY, reporting.Tags.NETWORK]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.RelatedResource('file', '/etc/hosts.allow'),
reporting.RelatedResource('file', '/etc/hosts.deny'),
reporting.RelatedResource('package', 'tcp_wrappers')
] + [
reporting.RelatedResource('package', fp)
for fp in found_packages
])
def _report_server_installed():
"""
Create report on postgresql-server package installation detection.
Should remind user about present PostgreSQL server package
installation, warn them about necessary additional steps, and
redirect them to online documentation for the upgrade process.
"""
reporting.create_report([
reporting.Title('PostgreSQL (postgresql-server) has been detected on your system'),
reporting.Summary(report_server_inst_summary),
reporting.Severity(reporting.Severity.MEDIUM),
reporting.Tags([reporting.Tags.SERVICES]),
reporting.ExternalLink(title='Migrating to a RHEL 8 version of PostgreSQL',
url=report_server_inst_link_url),
reporting.RelatedResource('package', 'postgresql-server'),
reporting.Remediation(hint=report_server_inst_hint),
])
def process(self):
url = "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_basic_system_settings/#using-python3" # noqa: E501; pylint: disable=line-too-long
title = "Difference in Python versions and support in RHEL 8"
summary = ("In RHEL 8, there is no 'python' command."
" Python 3 (backward incompatible) is the primary Python version"
" and Python 2 is available with limited support and limited set of packages."
" Read more here: {}".format(url))
create_report([
reporting.Title(title),
reporting.Summary(summary),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.PYTHON]),
reporting.Audience('developer'),
reporting.ExternalLink(url, title),
reporting.Remediation(commands=[['alternatives', '--set', 'python', '/usr/bin/python3']]),
reporting.RelatedResource('package', 'python'),
reporting.RelatedResource('package', 'python2'),
reporting.RelatedResource('package', 'python3')
])
def process(self):
acme_storage_info = next(self.consume(AcmeStorageInfo), None)
# Rename the device
if acme_storage_info.has_device and acme_storage_info.has_kernel_module:
os.rename('/dev/acme0', '/dev/acme')
# Emit a report message informing the system administrator that the device
# path has been changed
reporting.create_report([
reporting.Title('ACME Storage device path migrated'),
reporting.Summary(
'ACME Storage device path has been changed to /dev/acme'),
reporting.Severity(reporting.Severity.INFO),
reporting.Tags([reporting.Tags.OS_FACTS]),
reporting.RelatedResource('device', '/dev/acme'),
reporting.ExternalLink(url='https://acme.corp/storage-rhel',
title='ACME Storage on RHEL')
])
def inhibit(node_type):
create_report([
reporting.Title("Use of HA cluster detected. Upgrade can't proceed."),
reporting.Summary(
"HA cluster is not supported by the inplace upgrade.\n"
"HA cluster configuration file(s) found."
" It seems to be a cluster {0}.".format(node_type)),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.HIGH_AVAILABILITY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.ExternalLink(
url="https://access.redhat.com/articles/2059253",
title=(
"Recommended Practices for Applying Software Updates"
" to a RHEL High Availability or Resilient Storage Cluster"),
),
reporting.RelatedResource('file', COROSYNC_CONF_LOCATION),
reporting.RelatedResource('file', CIB_LOCATION)
])
def ipa_inhibit_upgrade(ipainfo):
"""
Create upgrade inhibitor for configured ipa-server
"""
entries = [
reporting.Title("ipa-server does not support in-place upgrade"),
reporting.Summary(
"An IdM server installation was detected on the system. IdM "
"does not support in-place upgrade."),
reporting.Remediation(
hint="Follow the IdM RHEL migration guide lines."),
reporting.ExternalLink(
url=MIGRATION_GUIDES[get_source_major_version()],
title="IdM migration guide",
),
reporting.Severity(reporting.Severity.HIGH),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Tags([reporting.Tags.SERVICES]),
reporting.RelatedResource("package", "ipa-server"),
]
return reporting.create_report(entries)
def platform_check():
""" Creates an inhibitor report in case the system is not running on x86_64 """
if not architecture.matches_architecture(architecture.ARCH_X86_64):
reporting.create_report([
reporting.Title(
'SAP HANA upgrades are only supported on X86_64 systems'),
reporting.Summary(
('Upgrades for SAP HANA are only supported on X86_64 systems.'
' For more information please consult the documentation.')),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.SANITY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Audience('sysadmin'),
reporting.ExternalLink(
url='https://access.redhat.com/solutions/5533441',
title=
'How do I upgrade from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8 with SAP HANA'
)
])
return False
return True
def _get_rhsm_available_repoids(context):
target_major_version = get_target_major_version()
# FIXME: check that required repo IDs (baseos, appstream)
# + or check that all required RHEL repo IDs are available.
if rhsm.skip_rhsm():
return set()
# Get the RHSM repos available in the target RHEL container
# TODO: very similar thing should happens for all other repofiles in container
#
repoids = rhsm.get_available_repo_ids(context)
if not repoids or len(repoids) < 2:
reporting.create_report([
reporting.Title(
'Cannot find required basic RHEL target repositories.'),
reporting.Summary(
'This can happen when a repository ID was entered incorrectly either while using the --enablerepo'
' option of leapp or in a third party actor that produces a CustomTargetRepositoryMessage.'
),
reporting.Tags([reporting.Tags.REPOSITORY]),
reporting.Severity(reporting.Severity.HIGH),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Remediation(hint=(
'It is required to have RHEL repositories on the system'
' provided by the subscription-manager unless the --no-rhsm'
' option is specified. You might be missing a valid SKU for'
' the target system or have a failed network connection.'
' Check whether your system is attached to a valid SKU that is'
' providing RHEL {} repositories.'
' If you are using Red Hat Satellite, read the upgrade documentation'
' to set up Satellite and the system properly.'
).format(target_major_version)),
reporting.ExternalLink(
# TODO: How to handle different documentation links for each version?
url='https://red.ht/preparing-for-upgrade-to-rhel8',
title='Preparing for the upgrade')
])
raise StopActorExecution()
return set(repoids)
def process():
if not architecture.matches_architecture(architecture.ARCH_S390X):
return
cpuinfo = next(api.consume(CPUInfo), None)
if cpuinfo is None:
raise StopActorExecutionError(
message=("Missing information about CPU."))
if not cpuinfo.machine_type:
# this is not expected to happen, but in case...
api.current_logger().warning("The machine (CPU) type is empty.")
if cpuinfo.machine_type not in SUPPORTED_MACHINE_TYPES:
summary = (
"The system is not possible to upgrade because of unsupported"
" type of the processor. Based on the official documentation,"
" z14 and z15 processors are supported on the Red Hat Enterprise"
" Linux 9 system for the IBM Z architecture. The supported processors"
" have machine types {}. The detected machine type of the CPU is '{}'."
.format(", ".join([str(i) for i in SUPPORTED_MACHINE_TYPES]),
cpuinfo.machine_type))
report = [
reporting.Title(
"The processor is not supported by the target system."),
reporting.Summary(summary),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.SANITY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.ExternalLink(
title="Considerations in adopting RHEL 8",
url=
("https://access.redhat.com/ecosystem/hardware/#/search?p=1&"
"c_version=Red%20Hat%20Enterprise%20Linux%208&ch_architecture=s390x"
))
]
# FIXME(dhorak): update the URL to the document once it exists
reporting.create_report(report)
def check_interface_scripts(facts, report_func):
"""
Checks if the data model tells interface scripts are used
and produces a report.
:param obj facts: model object containing info about CUPS configuration
:param func report_func: creates report
"""
title = ('CUPS no longer supports usage of interface scripts')
summary = ('Interface scripts are no longer supported due to '
'security issues - an attacker could provide '
'malicious script which will be run during printing.')
hint = (
'Install the queue with PPD file for the printer '
'if available or install the queue with generic PPD, '
'add *cupsFilter2 directive into PPD of installed '
'queue (in /etc/cups/ppd) and reinstall the queue with modified PPD. '
'The interface script needs to have permissions 750 and '
'ownership root:lp. How to write *cupsFilter2 keyword '
'is described at https://www.cups.org/doc/spec-ppd.html#cupsFilter2 '
'and the script needs to be put into /usr/lib/cups/filter '
'or you need to use an absolute path to the script '
'in *cupsFilter2 directive.')
if facts.interface:
args = [
reporting.Title(title),
reporting.Summary(summary),
reporting.Tags([reporting.Tags.DRIVERS]),
reporting.Severity(reporting.Severity.MEDIUM),
reporting.Remediation(hint=hint),
reporting.ExternalLink(
title='Upstream documentation for the cupsFilter2 PPD keyword',
url='https://www.cups.org/doc/spec-ppd.html#cupsFilter2')
]
report_func(args)
def process(self):
# If firewalld is not enabled then don't bother the user about its
# configuration. This Report keys off a _default_ value and as such
# will trigger for all users that have not done one of the following:
# - disabled firewalld
# - manually set AllowZoneDrifting=no (as firewalld logs suggests)
#
for facts in self.consume(FirewallsFacts):
if not facts.firewalld.enabled:
return
for facts in self.consume(FirewalldGlobalConfig):
if not facts.allowzonedrifting:
return
create_report([
reporting.Title('Unsupported Firewalld Configuration In Use'),
reporting.Summary(
'Firewalld has enabled configuration option '
'"{conf_key}" which has been removed in RHEL-9. '
'New behavior is as if "{conf_key}" was set to "no".'.format(
conf_key='AllowZoneDrifiting')),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.SANITY, reporting.Tags.FIREWALL]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.ExternalLink(
url='https://access.redhat.com/articles/4855631',
title='Changes in firewalld related to Zone Drifting'),
reporting.Remediation(
hint=
'Set AllowZoneDrifting=no in /etc/firewalld/firewalld.conf',
commands=[[
'sed -i "s/^AllowZoneDrifting=.*/AllowZoneDrifting=no/" '
'/etc/firewalld/firewalld.conf'
]]),
])
def process(self):
# Check if Acme is installed and used
acme_info = next(self.consume(AcmeStorageInfo), None)
if not acme_info:
return
# Inform the system administrator about the change
if acme_info.has_device and acme_info.has_kernel_module:
reporting.create_report([
reporting.Title('ACME Storage device path migration'),
reporting.Summary('ACME Storage device path is going to change to /dev/acme'),
reporting.Severity(reporting.Severity.INFO),
reporting.Tags([reporting.Tags.OS_FACTS]),
reporting.RelatedResource('device', '/dev/acme0'),
reporting.RelatedResource('device', '/dev/acme'),
reporting.ExternalLink(
url='https://acme.corp/storage-rhel',
title='ACME Storage on RHEL'
)
])
elif acme_info.has_device and not acme_info.has_kernel_module:
self.log.warning(
'Acme storage device detected but kernel module is not loaded.'
)
def check_config_supported(tcpwrap_facts, vsftpd_facts):
bad_configs = [
config.path for config in vsftpd_facts.configs if config.tcp_wrappers
]
if bad_configs and config_applies_to_daemon(tcpwrap_facts, 'vsftpd'):
list_separator_fmt = '\n - '
create_report([
reporting.Title('Unsupported vsftpd configuration'),
reporting.Summary(
'tcp_wrappers support has been removed in RHEL-8. '
'Some configuration files set the tcp_wrappers option to true and '
'there is some vsftpd-related configuration in /etc/hosts.deny '
'or /etc/hosts.allow. Please migrate it manually. '
'The list of problematic configuration files:{}{}'.format(
list_separator_fmt, list_separator_fmt.join(bad_configs))),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.SERVICES, reporting.Tags.NETWORK]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.ExternalLink(
title='Replacing TCP Wrappers in RHEL 8',
url='https://access.redhat.com/solutions/3906701'),
reporting.RelatedResource('package', 'tcp_wrappers'),
reporting.RelatedResource('package', 'vsftpd'),
] + [reporting.RelatedResource('file', str(bc)) for bc in bad_configs])
def process():
facts = next(api.consume(SELinuxFacts), None)
if not facts:
return
enabled = facts.enabled
conf_status = facts.static_mode
if conf_status == 'disabled':
if get_target_major_version() == '9':
api.produce(KernelCmdlineArg(key='selinux', value='0'))
reporting.create_report([
reporting.Title('LEAPP detected SELinux disabled in "/etc/selinux/config"'),
reporting.Summary(
'On RHEL 9, disabling SELinux in "/etc/selinux/config" is no longer possible. '
'This way, the system starts with SELinux enabled but with no policy loaded. LEAPP '
'will automatically disable SELinux using "SELINUX=0" kernel command line parameter. '
'However, Red Hat strongly recommends to have SELinux enabled'
),
reporting.Severity(reporting.Severity.INFO),
reporting.Tags([reporting.Tags.SELINUX]),
reporting.RelatedResource('file', '/etc/selinux/config'),
reporting.ExternalLink(url=DOC_URL, title='Disabling SELinux'),
])
if enabled:
reporting.create_report([
reporting.Title('SElinux should be disabled based on the configuration file but it is enabled'),
reporting.Summary(
'This message is to inform user about non-standard SElinux configuration. Please check '
'"/etc/selinux/config" to see whether the configuration is set as expected.'
),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY])
])
reporting.create_report([
reporting.Title('SElinux disabled'),
reporting.Summary('SElinux disabled, continuing...'),
reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY])
])
return
if conf_status in ('enforcing', 'permissive'):
api.produce(SelinuxRelabelDecision(set_relabel=True))
reporting.create_report([
reporting.Title('SElinux relabeling will be scheduled'),
reporting.Summary('SElinux relabeling will be scheduled as the status is permissive/enforcing.'),
reporting.Severity(reporting.Severity.INFO),
reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY])
])
if conf_status == 'enforcing':
api.produce(SelinuxPermissiveDecision(
set_permissive=True))
reporting.create_report([
reporting.Title('SElinux will be set to permissive mode'),
reporting.Summary(
'SElinux will be set to permissive mode. Current mode: enforcing. This action is '
'required by the upgrade process to make sure the upgraded system can boot without '
'beinig blocked by SElinux rules.'
),
reporting.Severity(reporting.Severity.LOW),
reporting.Remediation(hint=(
'Make sure there are no SElinux related warnings after the upgrade and enable SElinux '
'manually afterwards. Notice: You can ignore the "/root/tmp_leapp_py3" SElinux warnings.'
)
),
reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY])
])
def gather_target_repositories(context, indata):
"""
Get available required target repositories and inhibit or raise error if basic checks do not pass.
In case of repositories provided by Red Hat, it's checked whether the basic
required repositories are available (or at least defined) in the given
context. If not, raise StopActorExecutionError.
For the custom target repositories we expect all of them have to be defined.
If any custom target repository is missing, raise StopActorExecutionError.
If any repository is defined multiple times, produce the inhibitor Report
msg.
:param context: An instance of a mounting.IsolatedActions class
:type context: mounting.IsolatedActions class
:return: List of target system repoids
:rtype: List(string)
"""
rh_available_repoids = _get_rh_available_repoids(context, indata)
all_available_repoids = _get_all_available_repoids(context)
target_repoids = []
missing_custom_repoids = []
for target_repo in api.consume(TargetRepositories):
for rhel_repo in target_repo.rhel_repos:
if rhel_repo.repoid in rh_available_repoids:
target_repoids.append(rhel_repo.repoid)
else:
# TODO: We shall report that the RHEL repos that we deem necessary for
# the upgrade are not available; but currently it would just print bunch of
# data everytime as we maps EUS and other repositories as well. But these
# do not have to be necessary available on the target system in the time
# of the upgrade. Let's skip it for now until it's clear how we will deal
# with it.
pass
for custom_repo in target_repo.custom_repos:
if custom_repo.repoid in all_available_repoids:
target_repoids.append(custom_repo.repoid)
else:
missing_custom_repoids.append(custom_repo.repoid)
api.current_logger().debug("Gathered target repositories: {}".format(
', '.join(target_repoids)))
if not target_repoids:
reporting.create_report([
reporting.Title('There are no enabled target repositories'),
reporting.Summary(
'This can happen when a system is not correctly registered with the subscription manager'
' or, when the leapp --no-rhsm option has been used, no custom repositories have been'
' passed on the command line.'),
reporting.Tags([reporting.Tags.REPOSITORY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Severity(reporting.Severity.HIGH),
reporting.Remediation(hint=(
'Ensure the system is correctly registered with the subscription manager and that'
' the current subscription is entitled to install the requested target version {version}.'
' If you used the --no-rhsm option (or the LEAPP_NO_RHSM=1 environment variable is set),'
' ensure the custom repository file is provided with'
' properly defined repositories and that the --enablerepo option for leapp is set if the'
' repositories are defined in any repofiles under the /etc/yum.repos.d/ directory.'
' For more information on custom repository files, see the documentation.'
' Finally, verify that the "/etc/leapp/files/repomap.json" file is up-to-date.'
).format(
version=api.current_actor().configuration.version.target)),
reporting.ExternalLink(
# TODO: How to handle different documentation links for each version?
url='https://red.ht/preparing-for-upgrade-to-rhel8',
title='Preparing for the upgrade'),
reporting.RelatedResource("file", "/etc/leapp/files/repomap.json"),
reporting.RelatedResource("file", "/etc/yum.repos.d/")
])
raise StopActorExecution()
if missing_custom_repoids:
reporting.create_report([
reporting.Title(
'Some required custom target repositories have not been found'
),
reporting.Summary(
'This can happen when a repository ID was entered incorrectly either'
' while using the --enablerepo option of leapp, or in a third party actor that produces a'
' CustomTargetRepositoryMessage.\n'
'The following repositories IDs could not be found in the target configuration:\n'
'- {}\n'.format('\n- '.join(missing_custom_repoids))),
reporting.Tags([reporting.Tags.REPOSITORY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Severity(reporting.Severity.HIGH),
reporting.ExternalLink(
# TODO: How to handle different documentation links for each version?
url='https://access.redhat.com/articles/4977891',
title=
'Customizing your Red Hat Enterprise Linux in-place upgrade'),
reporting.Remediation(hint=(
'Consider using the custom repository file, which is documented in the official'
' upgrade documentation. Check whether a repository ID has been'
' entered incorrectly with the --enablerepo option of leapp.'
' Check the leapp logs to see the list of all available repositories.'
))
])
raise StopActorExecution()
return set(target_repoids)
def process():
rhui_info = next(api.consume(RHUIInfo), None)
if not rhsm.skip_rhsm() or rhui_info:
# getting RH repositories through RHSM or RHUI; resolved by seatbelts
# implemented in other actors
return
# rhsm skipped; take your seatbelts please
is_ctr = _any_custom_repo_defined()
is_ctrf = _the_custom_repofile_defined()
is_re = _the_enablerepo_option_used()
if not is_ctr:
# no rhsm, no custom repositories.. this will really not work :)
# TODO: add link to the RH article about use of custom repositories!!
# NOTE: we can put here now the link to the main document, as this
# will be described there or at least the link to the right document
# will be delivered here.
if is_ctrf:
summary_ctrf = '\n\nThe custom repository file has been detected. Maybe it is empty?'
else:
summary_ctrf = ''
reporting.create_report([
reporting.Title(
'Using RHSM has been skipped but no custom or RHUI repositories have been delivered.'
),
reporting.Summary(
'Leapp is run in the mode when the Red Hat Subscription Manager'
' is not used (the --no-rhsm option or the LEAPP_NO_RHSM=1'
' environment variable has been set) so leapp is not able to'
' obtain YUM/DNF repositories with the content for the target'
' system in the standard way. The content has to be delivered'
' either by user manually or, in case of public clouds, by a'
' special Leapp package for RHUI environments.'),
reporting.Remediation(hint=(
'Create the repository file according to instructions in the'
' referred document on the following path with all'
' repositories that should be used during the upgrade: "{}".'
'\n\n{}'.format(CUSTOM_REPO_PATH, summary_ctrf))),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags([reporting.Tags.SANITY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.ExternalLink(url=_IPU_DOC_URL,
title='UPGRADING TO RHEL 8'),
reporting.RelatedResource('file', CUSTOM_REPO_PATH),
])
elif not (is_ctrf or is_re):
# Some custom repositories have been discovered, but the custom repo
# file not - neither the --enablerepo option is used. Inform about
# the official recommended way.
reporting.create_report([
reporting.Title(
'Detected "CustomTargetRepositories" without using new provided mechanisms used.'
),
reporting.Summary(
'Red Hat now provides an official way for using custom'
' repositories during the in-place upgrade through'
' the referred custom repository file or through the'
' --enablerepo option for leapp. The CustomTargetRepositories'
' have been produced from custom (own) actors?'),
reporting.Remediation(hint=(
'Follow the new simple way to enable custom repositories'
' during the upgrade (see the referred document) or create'
' the empty custom repository file to acknowledge this report'
' message.')),
reporting.Severity(reporting.Severity.INFO),
reporting.ExternalLink(url=_IPU_DOC_URL,
title='UPGRADING TO RHEL 8'),
reporting.RelatedResource('file', CUSTOM_REPO_PATH),
])
