def install_initramdisk_requirements(packages, target_userspace_info, used_repos): """ Performs the installation of packages into the initram disk """ with _prepare_transaction(used_repos=used_repos, target_userspace_info=target_userspace_info) as (context, target_repoids, _unused): if get_target_major_version() == '9': _rebuild_rpm_db(context) repos_opt = [['--enablerepo', repo] for repo in target_repoids] repos_opt = list(itertools.chain(*repos_opt)) cmd = [ 'dnf', 'install', '-y', '--nogpgcheck', '--setopt=module_platform_id=platform:el{}'.format(get_target_major_version()), '--setopt=keepcache=1', '--releasever', api.current_actor().configuration.version.target, '--disablerepo', '*' ] + repos_opt + list(packages) if config.is_verbose(): cmd.append('-v') if rhsm.skip_rhsm(): cmd += ['--disableplugin', 'subscription-manager'] env = {} if get_target_major_version() == '9': # allow handling new RHEL 9 syscalls by systemd-nspawn env = {'SYSTEMD_SECCOMP': '0'} context.call(cmd, env=env)
def perform_transaction_install(target_userspace_info, storage_info, used_repos, tasks, plugin_info): """ Performs the actual installation with the DNF rhel-upgrade plugin using the target userspace """ # These bind mounts are performed by systemd-nspawn --bind parameters bind_mounts = [ '/:/installroot', '/dev:/installroot/dev', '/proc:/installroot/proc', '/run/udev:/installroot/run/udev', ] if get_target_major_version() == '8': bind_mounts.append('/sys:/installroot/sys') else: # the target major version is RHEL 9+ # we are bindmounting host's "/sys" to the intermediate "/hostsys" # in the upgrade initramdisk to avoid cgroups tree layout clash bind_mounts.append('/hostsys:/installroot/sys') already_mounted = {entry.split(':')[0] for entry in bind_mounts} for entry in storage_info.fstab: mp = entry.fs_file if not os.path.isdir(mp): continue if mp not in already_mounted: bind_mounts.append('{}:{}'.format(mp, os.path.join('/installroot', mp.lstrip('/')))) if os.path.ismount('/boot'): bind_mounts.append('/boot:/installroot/boot') if os.path.ismount('/boot/efi'): bind_mounts.append('/boot/efi:/installroot/boot/efi') with _prepare_transaction(used_repos=used_repos, target_userspace_info=target_userspace_info, binds=bind_mounts ) as (context, target_repoids, _unused): # the below nsenter command is important as we need to enter sysvipc namespace on the host so we can # communicate with udev cmd_prefix = ['nsenter', '--ipc=/installroot/proc/1/ns/ipc'] # we have to ensure the leapp packages will stay untouched # Note: this is the most probably duplicate action - it should be already # set like that, however seatbelt is a good thing. dnfconfig.exclude_leapp_rpms(context) if get_target_major_version() == '9': _rebuild_rpm_db(context, root='/installroot') _transaction( context=context, stage='upgrade', target_repoids=target_repoids, plugin_info=plugin_info, tasks=tasks, cmd_prefix=cmd_prefix ) # we have to ensure the leapp packages will stay untouched even after the # upgrade is fully finished (it cannot be done before the upgarde # on the host as the config-manager plugin is available since rhel-8) dnfconfig.exclude_leapp_rpms(mounting.NotIsolatedActions(base_dir='/'))
def _get_repoids_to_exclude(repo_mapping): """ Returns a set of repoids that should be blacklisted on the target system. :param RepositoriesMapping repo_mapping: Repository mapping data. :returns: A set of repoids to blacklist on the target system. :rtype: Set[str] """ pesid_repos_to_exclude = _get_pesid_repos( repo_mapping, UNSUPPORTED_PESIDS[get_target_major_version()], get_target_major_version()) return {pesid_repo.repoid for pesid_repo in pesid_repos_to_exclude}
def perform_transaction_install(target_userspace_info, storage_info, used_repos, tasks, plugin_info): """ Performs the actual installation with the DNF rhel-upgrade plugin using the target userspace """ # These bind mounts are performed by systemd-nspawn --bind parameters bind_mounts = [ '/:/installroot', '/dev:/installroot/dev', '/proc:/installroot/proc', '/run/udev:/installroot/run/udev', ] if get_target_major_version() == '8': bind_mounts.append('/sys:/installroot/sys') else: # the target major version is RHEL 9+ # we are bindmounting host's "/sys" to the intermediate "/hostsys" # in the upgrade initramdisk to avoid cgroups tree layout clash bind_mounts.append('/hostsys:/installroot/sys') already_mounted = {entry.split(':')[0] for entry in bind_mounts} for entry in storage_info.fstab: mp = entry.fs_file if not os.path.isdir(mp): continue if mp not in already_mounted: bind_mounts.append('{}:{}'.format( mp, os.path.join('/installroot', mp.lstrip('/')))) if os.path.ismount('/boot'): bind_mounts.append('/boot:/installroot/boot') if os.path.ismount('/boot/efi'): bind_mounts.append('/boot/efi:/installroot/boot/efi') with _prepare_transaction(used_repos=used_repos, target_userspace_info=target_userspace_info, binds=bind_mounts) as (context, target_repoids, _unused): # the below nsenter command is important as we need to enter sysvipc namespace on the host so we can # communicate with udev cmd_prefix = ['nsenter', '--ipc=/installroot/proc/1/ns/ipc'] if get_target_major_version() == '9': _rebuild_rpm_db(context, root='/installroot') _transaction(context=context, stage='upgrade', target_repoids=target_repoids, plugin_info=plugin_info, tasks=tasks, cmd_prefix=cmd_prefix)
def prepare_target_userspace(context, userspace_dir, enabled_repos, packages): """ Implement the creation of the target userspace. """ target_major_version = get_target_major_version() run(['rm', '-rf', userspace_dir]) _create_target_userspace_directories(userspace_dir) with mounting.BindMount(source=userspace_dir, target=os.path.join( context.base_dir, 'el{}target'.format(target_major_version))): repos_opt = [['--enablerepo', repo] for repo in enabled_repos] repos_opt = list(itertools.chain(*repos_opt)) cmd = [ 'dnf', 'install', '-y', '--nogpgcheck', '--setopt=module_platform_id=platform:el{}'.format( target_major_version), '--setopt=keepcache=1', '--releasever', api.current_actor().configuration.version.target, '--installroot', '/el{}target'.format(target_major_version), '--disablerepo', '*' ] + repos_opt + packages if config.is_verbose(): cmd.append('-v') if rhsm.skip_rhsm(): cmd += ['--disableplugin', 'subscription-manager'] try: context.call(cmd, callback_raw=utils.logging_handler) except CalledProcessError as exc: raise StopActorExecutionError( message='Unable to install RHEL {} userspace packages.'.format( target_major_version), details={ 'details': str(exc), 'stderr': exc.stderr })
def generate_initram_disk(context): """ Function to actually execute the init ramdisk creation. Includes handling of specified dracut modules from the host when needed. The check for the 'conflicting' dracut modules is in a separate actor. """ env = {} if get_target_major_version() == '9': env = {'SYSTEMD_SECCOMP': '0'} # TODO(pstodulk): Add possibility to add particular drivers # Issue #645 modules = _get_dracut_modules() # deprecated files = set() for task in api.consume(UpgradeInitramfsTasks): modules.extend(task.include_dracut_modules) files.update(task.include_files) copy_dracut_modules(context, modules) # FIXME: issue #376 context.call([ '/bin/sh', '-c', 'LEAPP_ADD_DRACUT_MODULES="{modules}" LEAPP_KERNEL_ARCH={arch} ' 'LEAPP_DRACUT_INSTALL_FILES="{files}" {cmd}'.format( modules=','.join([mod.name for mod in modules]), arch=api.current_actor().configuration.architecture, files=' '.join(files), cmd=os.path.join('/', INITRAM_GEN_SCRIPT_NAME)) ], env=env) copy_boot_files(context)
def _get_rhsm_available_repoids(context): target_major_version = get_target_major_version() # FIXME: check that required repo IDs (baseos, appstream) # + or check that all required RHEL repo IDs are available. if rhsm.skip_rhsm(): return set() # Get the RHSM repos available in the target RHEL container # TODO: very similar thing should happens for all other repofiles in container # repoids = rhsm.get_available_repo_ids(context) if not repoids or len(repoids) < 2: raise StopActorExecutionError( message='Cannot find required basic RHEL {} repositories.'.format( target_major_version), details={ 'hint': ('It is required to have RHEL repositories on the system' ' provided by the subscription-manager unless the --no-rhsm' ' options is specified. Possibly you' ' are missing a valid SKU for the target system or network' ' connection failed. Check whether your system is attached' ' to a valid SKU providing RHEL {} repositories.' ' In case the Satellite is used, read the upgrade documentation' ' to setup the satellite and the system properly.'.format( target_major_version)) }) return set(repoids)
def build_plugin_data(target_repoids, debug, test, tasks, on_aws): """ Generates a dictionary with the DNF plugin data. """ # get list of repo IDs of target repositories that should be used for upgrade data = { 'pkgs_info': { 'local_rpms': [os.path.join('/installroot', pkg.lstrip('/')) for pkg in tasks.local_rpms], 'to_install': tasks.to_install, 'to_remove': tasks.to_remove, 'to_upgrade': tasks.to_upgrade }, 'dnf_conf': { 'allow_erasing': True, 'best': True, 'debugsolver': debug, 'disable_repos': True, 'enable_repos': target_repoids, 'gpgcheck': False, 'platform_id': 'platform:el{}'.format(get_target_major_version()), 'releasever': api.current_actor().configuration.version.target, 'installroot': '/installroot', 'test_flag': test }, 'rhui': { 'aws': { 'on_aws': on_aws, 'region': None, } } } return data
def _transaction(context, stage, target_repoids, tasks, plugin_info, test=False, cmd_prefix=None, on_aws=False): """ Perform the actual DNF rpm download via our DNF plugin """ # we do not want if stage != 'upgrade': create_config( context=context, target_repoids=target_repoids, debug=config.is_debug(), test=test, tasks=tasks, on_aws=on_aws ) backup_config(context=context) # FIXME: rhsm with guards.guarded_execution(guards.connection_guard(), guards.space_guard()): cmd = [ '/usr/bin/dnf', 'rhel-upgrade', stage, DNF_PLUGIN_DATA_PATH ] if config.is_verbose(): cmd.append('-v') if rhsm.skip_rhsm(): cmd += ['--disableplugin', 'subscription-manager'] if plugin_info: for info in plugin_info: if stage in info.disable_in: cmd += ['--disableplugin', info.name] if cmd_prefix: cmd = cmd_prefix + cmd env = {} if get_target_major_version() == '9': # allow handling new RHEL 9 syscalls by systemd-nspawn env = {'SYSTEMD_SECCOMP': '0'} try: context.call( cmd=cmd, callback_raw=utils.logging_handler, env=env ) except OSError as e: api.current_logger().error('Could not call dnf command: Message: %s', str(e), exc_info=True) raise StopActorExecutionError( message='Failed to execute dnf. Reason: {}'.format(str(e)) ) except CalledProcessError as e: api.current_logger().error('DNF execution failed: ') raise StopActorExecutionError( message='DNF execution failed with non zero exit code.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}'.format( stdout=e.stdout, stderr=e.stderr) ) finally: if stage == 'check': backup_debug_data(context=context)
def scan_repositories(read_repofile_func=_read_repofile): """ Scan the repository mapping file and produce RepositoriesMap msg. See the description of the actor for more details. """ # TODO: add filter based on the current arch # TODO: deprecate the product type and introduce the "channels" ?.. more or less # NOTE: product type is changed, now it's channel: eus,e4s,aus,tus,ga,beta if os.path.exists(os.path.join('/etc/leapp/files', OLD_REPOMAP_FILE)): # NOTE: what about creating the report (instead of warning) api.current_logger().warning( 'The old repomap file /etc/leapp/files/repomap.csv is present.' ' The file has been replaced by the repomap.json file and it is' ' not used anymore.') json_data = read_repofile_func(REPOMAP_FILE) try: repomap_data = RepoMapData.load_from_dict(json_data) mapping = repomap_data.get_mappings(get_source_major_version(), get_target_major_version()) valid_major_versions = [ get_source_major_version(), get_target_major_version() ] api.produce( RepositoriesMapping(mapping=mapping, repositories=repomap_data.get_repositories( valid_major_versions))) except ModelViolationError as err: err_message = ( 'The repository mapping file is invalid: ' 'the JSON does not match required schema (wrong field type/value): {}' .format(err)) _inhibit_upgrade(err_message) except KeyError as err: _inhibit_upgrade( 'The repository mapping file is invalid: the JSON is missing a required field: {}' .format(err)) except ValueError as err: # The error should contain enough information, so we do not need to clarify it further _inhibit_upgrade( 'The repository mapping file is invalid: {}'.format(err))
def _create_initram_packages(): # copy the list as we do not want to affect the constant because of tests required_pkgs = _REQUIRED_PACKAGES[:] if architecture.matches_architecture(architecture.ARCH_X86_64): required_pkgs.append('biosdevname') if version.get_target_major_version() == '9': required_pkgs += ['policycoreutils', 'rng-tools'] return (RequiredUpgradeInitramPackages(packages=required_pkgs), TargetUserSpaceUpgradeTasks(install_rpms=required_pkgs))
def get_target_pesid_repos(self, pesid): """ Return the list of PESIDRepositoryEntry objects for a specified PES ID mathing the target OS major version. :param pesid: The PES ID for which to retrieve PESIDRepositoryEntries. :type pesid: str :return: A list of PESIDRepositoryEntries that match the provided PES ID and have the OS Major version same as the target OS. :rtype: List[PESIDRepositoryEntry] """ return self.get_pesid_repos(pesid, get_target_major_version())
def _get_kernel_version(kernel_name): try: kernels = run(['rpm', '-q', kernel_name], split=True)['stdout'] except CalledProcessError: return '' for kernel in kernels: # name-version-release - we want the last two fields only version = '-'.join(kernel.split('-')[-2:]) if 'el{}'.format(get_target_major_version()) in version: return version return ''
def set_rhsm_release(): """Set the RHSM release to the target RHEL minor version.""" if rhsm.skip_rhsm(): api.current_logger().debug( 'Skipping setting the RHSM release due to --no-rhsm or environment variables.' ) return if config.get_product_type('target') != 'ga': api.current_logger().debug( 'Skipping setting the RHSM release as target product is set to beta/htb' ) return target_version = api.current_actor().configuration.version.target try: rhsm.set_release(mounting.NotIsolatedActions(base_dir='/'), target_version) except CalledProcessError as err: api.current_logger().warning( 'Unable to set the {0} release through subscription-manager. When using dnf,' ' content of the latest RHEL {1} minor version will be downloaded.\n{2}' .format(target_version, get_target_major_version(), str(err)))
def _get_rhsm_available_repoids(context): target_major_version = get_target_major_version() # FIXME: check that required repo IDs (baseos, appstream) # + or check that all required RHEL repo IDs are available. if rhsm.skip_rhsm(): return set() # Get the RHSM repos available in the target RHEL container # TODO: very similar thing should happens for all other repofiles in container # repoids = rhsm.get_available_repo_ids(context) if not repoids or len(repoids) < 2: reporting.create_report([ reporting.Title( 'Cannot find required basic RHEL target repositories.'), reporting.Summary( 'This can happen when a repository ID was entered incorrectly either while using the --enablerepo' ' option of leapp or in a third party actor that produces a CustomTargetRepositoryMessage.' ), reporting.Tags([reporting.Tags.REPOSITORY]), reporting.Severity(reporting.Severity.HIGH), reporting.Flags([reporting.Flags.INHIBITOR]), reporting.Remediation(hint=( 'It is required to have RHEL repositories on the system' ' provided by the subscription-manager unless the --no-rhsm' ' option is specified. You might be missing a valid SKU for' ' the target system or have a failed network connection.' ' Check whether your system is attached to a valid SKU that is' ' providing RHEL {} repositories.' ' If you are using Red Hat Satellite, read the upgrade documentation' ' to set up Satellite and the system properly.' ).format(target_major_version)), reporting.ExternalLink( # TODO: How to handle different documentation links for each version? url='https://red.ht/preparing-for-upgrade-to-rhel8', title='Preparing for the upgrade') ]) raise StopActorExecution() return set(repoids)
def process(): target_major_version = get_target_major_version() if target_major_version == '8': ipu_doc_url = ( 'https://access.redhat.com/documentation/en-us/' 'red_hat_enterprise_linux/8/html-single/upgrading_to_rhel_8/index') elif target_major_version == '9': ipu_doc_url = ('TBA') rhui_info = next(api.consume(RHUIInfo), None) if not rhsm.skip_rhsm() or rhui_info: # getting RH repositories through RHSM or RHUI; resolved by seatbelts # implemented in other actors return # rhsm skipped; take your seatbelts please is_ctr = _any_custom_repo_defined() is_ctrf = _the_custom_repofile_defined() is_re = _the_enablerepo_option_used() if not is_ctr: # no rhsm, no custom repositories.. this will really not work :) # TODO: add link to the RH article about use of custom repositories!! # NOTE: we can put here now the link to the main document, as this # will be described there or at least the link to the right document # will be delivered here. if is_ctrf: summary_ctrf = '\n\nThe custom repository file has been detected. Maybe it is empty?' else: summary_ctrf = '' reporting.create_report([ reporting.Title( 'Using RHSM has been skipped but no custom or RHUI repositories have been delivered.' ), reporting.Summary( 'Leapp is run in the mode when the Red Hat Subscription Manager' ' is not used (the --no-rhsm option or the LEAPP_NO_RHSM=1' ' environment variable has been set) so leapp is not able to' ' obtain YUM/DNF repositories with the content for the target' ' system in the standard way. The content has to be delivered' ' either by user manually or, in case of public clouds, by a' ' special Leapp package for RHUI environments.'), reporting.Remediation(hint=( 'Create the repository file according to instructions in the' ' referred document on the following path with all' ' repositories that should be used during the upgrade: "{}".' '\n\n{}'.format(CUSTOM_REPO_PATH, summary_ctrf))), reporting.Severity(reporting.Severity.HIGH), reporting.Tags([reporting.Tags.SANITY]), reporting.Flags([reporting.Flags.INHIBITOR]), reporting.ExternalLink( url=ipu_doc_url, title='UPGRADING TO RHEL {}'.format(target_major_version)), reporting.RelatedResource('file', CUSTOM_REPO_PATH), ]) elif not (is_ctrf or is_re): # Some custom repositories have been discovered, but the custom repo # file not - neither the --enablerepo option is used. Inform about # the official recommended way. reporting.create_report([ reporting.Title( 'Detected "CustomTargetRepositories" without using new provided mechanisms used.' ), reporting.Summary( 'Red Hat now provides an official way for using custom' ' repositories during the in-place upgrade through' ' the referred custom repository file or through the' ' --enablerepo option for leapp. The CustomTargetRepositories' ' have been produced from custom (own) actors?'), reporting.Remediation(hint=( 'Follow the new simple way to enable custom repositories' ' during the upgrade (see the referred document) or create' ' the empty custom repository file to acknowledge this report' ' message.')), reporting.Severity(reporting.Severity.INFO), reporting.ExternalLink( url=ipu_doc_url, title='UPGRADING TO RHEL {}'.format(target_major_version)), reporting.RelatedResource('file', CUSTOM_REPO_PATH), ])
def _feed(self): major = get_target_major_version() if major not in _DnfPluginPathStr._PATHS.keys(): # pylint: disable=W1655 raise KeyError('{} is not a supported target version of RHEL'.format(major)) self.data = _DnfPluginPathStr._PATHS[major]
def _transaction(context, stage, target_repoids, tasks, plugin_info, test=False, cmd_prefix=None, on_aws=False): """ Perform the actual DNF rpm download via our DNF plugin """ # we do not want if stage not in ['dry-run', 'upgrade']: create_config( context=context, target_repoids=target_repoids, debug=config.is_debug(), test=test, tasks=tasks, on_aws=on_aws ) backup_config(context=context) # FIXME: rhsm with guards.guarded_execution(guards.connection_guard(), guards.space_guard()): cmd_prefix = cmd_prefix or [] common_params = [] if config.is_verbose(): common_params.append('-v') if rhsm.skip_rhsm(): common_params += ['--disableplugin', 'subscription-manager'] if plugin_info: for info in plugin_info: if stage in info.disable_in: common_params += ['--disableplugin', info.name] env = {} if get_target_major_version() == '9': # allow handling new RHEL 9 syscalls by systemd-nspawn env = {'SYSTEMD_SECCOMP': '0'} # We need to reset modules twice, once before we check, and the second time before we actually perform # the upgrade. Not more often as the modules will be reset already. if stage in ('check', 'upgrade') and tasks.modules_to_reset: # We shall only reset modules that are not going to be enabled # This will make sure it is so modules_to_reset = {(module.name, module.stream) for module in tasks.modules_to_reset} modules_to_enable = {(module.name, module.stream) for module in tasks.modules_to_enable} module_reset_list = [module[0] for module in modules_to_reset - modules_to_enable] # Perform module reset cmd = ['/usr/bin/dnf', 'module', 'reset', '--enabled', ] + module_reset_list cmd += ['--disablerepo', '*', '-y', '--installroot', '/installroot'] try: context.call( cmd=cmd_prefix + cmd + common_params, callback_raw=utils.logging_handler, env=env ) except (CalledProcessError, OSError): api.current_logger().debug('Failed to reset modules via dnf with an error. Ignoring.', exc_info=True) cmd = [ '/usr/bin/dnf', 'rhel-upgrade', stage, DNF_PLUGIN_DATA_PATH ] try: context.call( cmd=cmd_prefix + cmd + common_params, callback_raw=utils.logging_handler, env=env ) except OSError as e: api.current_logger().error('Could not call dnf command: Message: %s', str(e), exc_info=True) raise StopActorExecutionError( message='Failed to execute dnf. Reason: {}'.format(str(e)) ) except CalledProcessError as e: api.current_logger().error('DNF execution failed: ') raise StopActorExecutionError( message='DNF execution failed with non zero exit code.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}'.format( stdout=e.stdout, stderr=e.stderr) ) finally: if stage == 'check': backup_debug_data(context=context)
def _get_repositories_mapping(target_pesids): """ Get all repositories mapped from repomap file and map repositories id with respective names. :param target_pesids: The set of expected needed target PES IDs :return: Dictionary with all repositories mapped. """ repositories_map_msgs = api.consume(RepositoriesMapping) repositories_map_msg = next(repositories_map_msgs, None) if list(repositories_map_msgs): api.current_logger().warning( 'Unexpectedly received more than one RepositoriesMapping message.') if not repositories_map_msg: raise StopActorExecutionError( 'Cannot parse RepositoriesMapping data properly', details={ 'Problem': 'Did not receive a message with mapped repositories' }) repomap = peseventsscanner_repomap.RepoMapDataHandler(repositories_map_msg) # NOTE: We have to calculate expected target repositories # like in the setuptargetrepos actor. It's planned to handle this in different # way in future... enabled_repoids = _get_enabled_repoids() default_channels = peseventsscanner_repomap.get_default_repository_channels( repomap, enabled_repoids) repomap.set_default_channels(default_channels) exp_pesid_repos = repomap.get_expected_target_pesid_repos(enabled_repoids) # FIXME: this is hack now. In case some packages will need a repository # with pesid that is not mapped by default regarding the enabled repos, # let's use this one representative repository (baseos/appstream) to get # data for a guess of the best repository from the requires target pesid.. # FIXME: this could now fail in case all repos are disabled... representative_repo = exp_pesid_repos.get( peseventsscanner_repomap.DEFAULT_PESID[get_target_major_version()], None) if not representative_repo: api.current_logger().warning( 'Cannot determine the representative target base repository.') api.current_logger().info( 'Fallback: Create an artificial representative PESIDRepositoryEntry for the repository mapping' ) representative_repo = PESIDRepositoryEntry( pesid=peseventsscanner_repomap.DEFAULT_PESID[ get_target_major_version()], arch=api.current_actor().configuration.architecture, major_version=get_target_major_version(), repoid='artificial-repoid', repo_type='rpm', channel='ga', rhui='', ) for pesid in target_pesids: if pesid in exp_pesid_repos: continue # some packages are moved to repos outside of default repomapping # try to find the best possible repo for them.. # FIXME: HACK NOW # good way is to modify class to search repo with specific criteria.. if not representative_repo: api.current_logger().warning( 'Cannot find suitable repository for PES ID: {}'.format(pesid)) continue pesid_repo = repomap._find_repository_target_equivalent( representative_repo, pesid) if not pesid_repo: api.current_logger().warning( 'Cannot find suitable repository for PES ID: {}'.format(pesid)) continue exp_pesid_repos[pesid] = pesid_repo # map just pesids with found repoids # {to_pesid: repoid} repositories_mapping = {} for pesid, repository in exp_pesid_repos.items(): if pesid not in target_pesids: # We can skip this repo as it was not identified as needed during the processing of PES events continue if not repository: # TODO continue repositories_mapping[pesid] = repository.repoid return repositories_mapping
def _get_target_userspace(): return constants.TARGET_USERSPACE.format(get_target_major_version())
def process(): facts = next(api.consume(SELinuxFacts), None) if not facts: return enabled = facts.enabled conf_status = facts.static_mode if conf_status == 'disabled': if get_target_major_version() == '9': api.produce(KernelCmdlineArg(key='selinux', value='0')) reporting.create_report([ reporting.Title('LEAPP detected SELinux disabled in "/etc/selinux/config"'), reporting.Summary( 'On RHEL 9, disabling SELinux in "/etc/selinux/config" is no longer possible. ' 'This way, the system starts with SELinux enabled but with no policy loaded. LEAPP ' 'will automatically disable SELinux using "SELINUX=0" kernel command line parameter. ' 'However, Red Hat strongly recommends to have SELinux enabled' ), reporting.Severity(reporting.Severity.INFO), reporting.Tags([reporting.Tags.SELINUX]), reporting.RelatedResource('file', '/etc/selinux/config'), reporting.ExternalLink(url=DOC_URL, title='Disabling SELinux'), ]) if enabled: reporting.create_report([ reporting.Title('SElinux should be disabled based on the configuration file but it is enabled'), reporting.Summary( 'This message is to inform user about non-standard SElinux configuration. Please check ' '"/etc/selinux/config" to see whether the configuration is set as expected.' ), reporting.Severity(reporting.Severity.LOW), reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY]) ]) reporting.create_report([ reporting.Title('SElinux disabled'), reporting.Summary('SElinux disabled, continuing...'), reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY]) ]) return if conf_status in ('enforcing', 'permissive'): api.produce(SelinuxRelabelDecision(set_relabel=True)) reporting.create_report([ reporting.Title('SElinux relabeling will be scheduled'), reporting.Summary('SElinux relabeling will be scheduled as the status is permissive/enforcing.'), reporting.Severity(reporting.Severity.INFO), reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY]) ]) if conf_status == 'enforcing': api.produce(SelinuxPermissiveDecision( set_permissive=True)) reporting.create_report([ reporting.Title('SElinux will be set to permissive mode'), reporting.Summary( 'SElinux will be set to permissive mode. Current mode: enforcing. This action is ' 'required by the upgrade process to make sure the upgraded system can boot without ' 'beinig blocked by SElinux rules.' ), reporting.Severity(reporting.Severity.LOW), reporting.Remediation(hint=( 'Make sure there are no SElinux related warnings after the upgrade and enable SElinux ' 'manually afterwards. Notice: You can ignore the "/root/tmp_leapp_py3" SElinux warnings.' ) ), reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY]) ])
def get_upg_path(): """ Get upgrade path in specific string format """ return '7to8' if get_target_major_version() == '8' else '8to9'