def check():
actual_problems = []
related_resources = []
for package, details in PROBLEM_PACKAGE_MAP.items():
name, arch = package.split('.')
if has_package(InstalledRPM, name, arch) and has_package(
InstalledRPM, name, 'x86_64'):
actual_problems.append(package)
# generate RelatedResources for the report
related_resources.append(RelatedResource('package', package))
if details['bugzilla']:
related_resources.append(
RelatedResource('bugzilla', details['bugzilla']))
if actual_problems:
remediation = ["yum", "remove", "-y"] + actual_problems
# create a single report entry for all problematic packages
create_report([
Title(
'Some packages have both 32bit and 64bit version installed which are known '
'to cause rpm transaction test to fail'),
Summary(
'The following packages have both 32bit and 64bit version installed which are known '
'to cause rpm transaction test to fail:\n{}'.format('\n'.join(
['- {}'.format(a) for a in actual_problems]))),
Severity(Severity.HIGH),
Flags([Flags.INHIBITOR]),
Remediation(commands=[remediation])
] + related_resources)
def test_has_package(current_actor_context):
installed_rpm = [
RPM(name='sample01',
version='0.1',
release='1.sm01',
epoch='1',
packager=RH_PACKAGER,
arch='noarch',
pgpsig=
'RSA/SHA256, Mon 01 Jan 1970 00:00:00 AM -03, Key ID 199e2f91fd431d51'
),
RPM(name='sample02',
version='0.1',
release='1.sm01',
epoch='1',
packager=RH_PACKAGER,
arch='noarch',
pgpsig='SOME_OTHER_SIG_X'),
]
current_actor_context.feed(InstalledRPM(items=installed_rpm))
current_actor_context.run(config_model=mock_configs.CONFIG)
assert rpms.has_package(InstalledRedHatSignedRPM,
'sample01',
context=current_actor_context)
assert not rpms.has_package(InstalledRedHatSignedRPM,
'nosuchpackage',
context=current_actor_context)
assert rpms.has_package(InstalledUnsignedRPM,
'sample02',
context=current_actor_context)
assert not rpms.has_package(
InstalledUnsignedRPM, 'nosuchpackage', context=current_actor_context)
def process(self):
arch = self.configuration.architecture
for provider, info in rhui.RHUI_CLOUD_MAP[arch].items():
if has_package(InstalledRPM, info['el7_pkg']):
if not rhsm.skip_rhsm():
create_report([
reporting.Title(
'Upgrade initiated with RHSM on public cloud with RHUI infrastructure'
),
reporting.Summary(
'Leapp detected this system is on public cloud with RHUI infrastructure '
'but the process was initiated without "--no-rhsm" command line option '
'which implies RHSM usage (valid subscription is needed).'
),
reporting.Severity(reporting.Severity.INFO),
reporting.Tags([reporting.Tags.PUBLIC_CLOUD]),
])
return
# AWS RHUI package is provided and signed by RH but the Azure one not
if not has_package(InstalledRPM, info['leapp_pkg']):
create_report([
reporting.Title('Package "{}" is missing'.format(
info['leapp_pkg'])),
reporting.Summary(
'On {} using RHUI infrastructure, a package "{}" is needed for'
'in-place upgrade'.format(provider.upper(),
info['leapp_pkg'])),
reporting.Severity(reporting.Severity.HIGH),
reporting.RelatedResource('package',
info['leapp_pkg']),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Tags(
[reporting.Tags.PUBLIC_CLOUD,
reporting.Tags.RHUI]),
reporting.Remediation(commands=[[
'yum', 'install', '-y', info['leapp_pkg']
]])
])
return
if provider == 'aws':
# We have to disable Amazon-id plugin in the initramdisk phase as the network
# is down at the time
self.produce(
DNFPluginTask(name='amazon-id',
disable_in=['upgrade']))
# if RHEL7 and RHEL8 packages differ, we cannot rely on simply updating them
if info['el7_pkg'] != info['el8_pkg']:
self.produce(
RpmTransactionTasks(to_install=[info['el8_pkg']]))
self.produce(
RpmTransactionTasks(to_remove=[info['el7_pkg']]))
self.produce(RHUIInfo(provider=provider))
self.produce(
RequiredTargetUserspacePackages(
packages=[info['el8_pkg']]))
return
def process(self):
ipainfo = IpaInfo(
has_client_package=has_package(InstalledRedHatSignedRPM,
"ipa-client"),
is_client_configured=is_ipa_client_configured(),
has_server_package=has_package(InstalledRedHatSignedRPM,
"ipa-server"),
is_server_configured=is_ipa_server_configured(),
)
self.produce(ipainfo)
def _check_package(pkg):
"""
Checks if a package is installed and signed.
:param str pkg: name of package
"""
return has_package(InstalledRedHatSignedRPM, pkg)
def process(self):
if has_package(InstalledRedHatSignedRPM, 'brltty'):
report_with_remediation(
title='Brltty has incompatible changes in the next major version',
summary='The --message-delay brltty option has been renamed to --message-timeout.\n'
'The -U [--update-interval=] brltty option has been removed.',
remediation='Please update your scripts to be compatible with the changes.',
severity='low')
(migrate_file, migrate_bt, migrate_espeak) = library.check_for_unsupported_cfg()
report_summary = ''
if migrate_bt:
report_summary = 'Unsupported aliases for bluetooth devices (\'bth:\' and \'bluez:\') will be '
report_summary += 'renamed to \'bluetooth:\'.'
if migrate_espeak:
if report_summary:
report_summary += '\n'
report_summary += 'eSpeak speech driver is no longer supported, it will be switched to eSpeak-NG.'
if report_summary:
report_generic(
title='brltty configuration will be migrated',
summary=report_summary,
severity='low')
self.produce(BrlttyMigrationDecision(migrate_file=migrate_file, migrate_bt=migrate_bt,
migrate_espeak=migrate_espeak))
else:
report_generic(
title='brltty configuration will be not migrated',
summary='brltty configuration seems to be compatible',
severity='low')
def process(self):
if not has_package(InstalledRedHatSignedRPM, 'sendmail'):
return
if config_applies_to_daemon(next(self.consume(TcpWrappersFacts)),
'sendmail'):
report_with_remediation(
title='TCP wrappers support removed in the next major version',
summary=
'TCP wrappers are legacy host-based ACL (Access Control List) system '
'which has been removed in the next major version of RHEL.',
remediation=
'Please migrate from TCP wrappers to some other access control mechanism and delete '
'sendmail from the /etc/hosts.[allow|deny].',
severity='high',
flags=['inhibitor'])
return
migrate_files = library.check_files_for_compressed_ipv6()
if migrate_files:
report_generic(
title='sendmail configuration will be migrated',
summary=
'IPv6 addresses will be uncompressed, check all IPv6 addresses in all sendmail '
'configuration files for correctness.',
severity='low')
self.produce(
SendmailMigrationDecision(migrate_files=migrate_files))
else:
self.log.info(
'The sendmail configuration seems compatible - it won\'t be migrated.'
)
def process(self):
# Check if our package is installed
if not has_package(InstalledRPM, 'acme-storage'):
return
# Get a list of active kernel modules
kernel_module_facts = next(self.consume(ActiveKernelModulesFacts),
None)
if not kernel_module_facts:
# hypothetic error; it should not happen
raise StopActorExecutionError(
'Unable to obtain list of active kernel modules.')
return
# Detect if our kernel module is installed
has_kernel_module = False
for active_module in kernel_module_facts.kernel_modules:
if active_module.filename == 'acme8xx':
has_kernel_module = True
break
# Is the device installed in the default location?
has_device = os.path.exists('/dev/acme0')
self.produce(
AcmeStorageInfo(has_kernel_module=has_kernel_module,
has_device=has_device))
def process(self):
if has_package(InstalledRedHatSignedRPM, 'grep'):
create_report([
reporting.Title(
'Grep has incompatible changes in the next major version'),
reporting.Summary(
'If a file contains data improperly encoded for the current locale, and this is '
'discovered before any of the file\'s contents are output, grep now treats the file '
'as binary.\n'
'The \'grep -P\' no longer reports an error and exits when given invalid UTF-8 data. '
'Instead, it considers the data to be non-matching.\n'
'In locales with multibyte character encodings other than UTF-8, grep -P now reports '
'an error and exits instead of misbehaving.\n'
'When searching binary data, grep now may treat non-text bytes as line terminators. '
'This can boost performance significantly.\n'
'The \'grep -z\' no longer automatically treats the byte \'\\200\' as binary data.\n'
'Context no longer excludes selected lines omitted because of -m. For example, '
'\'grep "^" -m1 -A1\' now outputs the first two input lines, not just the first '
'line.\n'),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags([reporting.Tags.TOOLS]),
reporting.Remediation(
hint=
'Please update your scripts to be compatible with the changes.'
),
reporting.RelatedResource('package', 'grep')
])
def _check_package(pkg_name):
"""
Checks if the package is installed and signed by Red Hat
:param str pkg_name: name of package
"""
return has_package(InstalledRedHatSignedRPM, pkg_name)
def report_installed_packages(_context=api):
"""
Create reports according to detected PostgreSQL packages.
Create the report if the postgresql-server rpm (RH signed) is installed.
Additionally, create another report if the postgresql-contrib rpm
is installed.
"""
has_server = has_package(InstalledRedHatSignedRPM, 'postgresql-server', context=_context)
has_contrib = has_package(InstalledRedHatSignedRPM, 'postgresql-contrib', context=_context)
if has_server:
# postgresql-server
_report_server_installed()
if has_contrib:
# postgresql-contrib
_report_contrib_installed()
def get_installed_desktops():
api.current_logger().info(" Detecting desktop environments ")
api.current_logger().info("==================================")
# Detect installed desktops by one of the base rpm packages
kde_desktop_installed = has_package(InstalledRPM, "kde-workspace")
gnome_desktop_installed = has_package(InstalledRPM, "gnome-session")
api.current_logger().info(
"* KDE installed: {0}".format(kde_desktop_installed))
api.current_logger().info(
"* Gnome installed: {0}".format(gnome_desktop_installed))
api.current_logger().info("----------------------------------")
return {
"gnome_installed": gnome_desktop_installed,
"kde_installed": kde_desktop_installed
}
def is_processable():
"""
Checks whether the spamassassin package is installed.
"""
res = has_package(InstalledRedHatSignedRPM, 'spamassassin')
if not res:
api.current_logger().debug('spamassassin is not installed.')
return res
def process(self):
if has_package(InstalledRedHatSignedRPM, 'acpid'):
report_with_remediation(
title='Acpid incompatible changes in the next major version',
summary=
'The option -d (debug) no longer implies -f (foreground).',
remediation=
'You must now use both options (\'-df\') for the same behavior. Please update '
'your scripts to be compatible with the changes.',
severity='low')
def process(self):
if has_package(InstalledRedHatSignedRPM, 'irssi'):
report_with_remediation(
title='Irssi incompatible changes in the next major version',
summary='Disabled support for the insecure SSLv2 protocol.\n'
'Disabled SSLv3 due to the POODLE vulnerability.\n'
'Removing networks will now remove all attached servers and channels.\n'
'Removed --disable-ipv6 option.\n',
remediation=
'Please update your scripts to be compatible with the changes.',
severity='low')
def process(self):
if has_package(InstalledRedHatSignedRPM, 'dosfstools'):
report_with_remediation(
title='Dosfstools incompatible changes in the next major version',
summary='The automatic alignment of data clusters that was added in 3.0.8 and broken for '
'FAT32 starting with 3.0.20 has been reinstated. If you need to create file systems '
'for finicky devices that have broken FAT implementations use the option -a to '
'disable alignment.\n'
'The fsck.fat now defaults to interactive repair mode which previously had to be '
'selected with the -r option.\n',
remediation='Please update your scripts to be compatible with the changes.',
severity='low')
def process(self):
if has_package(InstalledRedHatSignedRPM, 'powertop'):
report_with_remediation(
title=
'PowerTOP compatibility options removed in the next major version',
summary=
'The -d (dump) option which has been kept for RHEL backward compatibility has been '
'dropped.\n'
'The -h option which has been used for RHEL backward compatibility is no longer '
'alias for --html, but it\'s now an alias for --help to follow the upstream.\n'
'The -u option which has been used for RHEL backward compatibility as an alias for '
'--help has been dropped.\n',
remediation=
'Please remove the dropped options from your scripts.',
severity='low')
def get_kde_apps_info():
installed = list()
base_kde_apps = ("kde-baseapps", "okular", "ark", "kdepim", "konsole",
"gwenview", "kdenetwork", "kate", "kwrite")
api.current_logger().info(" Detecting installed KDE apps ")
api.current_logger().info("================================")
for app in [
application for application in base_kde_apps
if has_package(InstalledRPM, application)
]:
api.current_logger().info("Application {0} is installed.".format(app))
installed.append(app)
api.current_logger().info("----------------------------------")
return installed
def process(self):
if has_package(InstalledRedHatSignedRPM, 'acpid'):
create_report([
reporting.Title(
'Acpid incompatible changes in the next major version'),
reporting.Summary(
'The option -d (debug) no longer implies -f (foreground).'
),
reporting.Severity(reporting.Severity.LOW),
reporting.Remediation(
hint=
'You must now use both options (\'-df\') for the same behavior. Please update '
'your scripts to be compatible with the changes.'),
reporting.Tags(
[reporting.Tags.KERNEL, reporting.Tags.SERVICES]),
reporting.RelatedResource('package', 'acpid')
])
def process(self):
if has_package(InstalledRedHatSignedRPM, 'irssi'):
create_report([
reporting.Title(
'Irssi incompatible changes in the next major version'),
reporting.Summary(
'Disabled support for the insecure SSLv2 protocol.\n'
'Disabled SSLv3 due to the POODLE vulnerability.\n'
'Removing networks will now remove all attached servers and channels.\n'
'Removed --disable-ipv6 option.\n'),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags(
[reporting.Tags.COMMUNICATION, reporting.Tags.TOOLS]),
reporting.Remediation(
hint=
'Please update your scripts to be compatible with the changes.'
),
reporting.RelatedResource('package', 'irssi')
])
def process(self):
if has_package(InstalledRedHatSignedRPM, 'brltty'):
create_report([
reporting.Title(
'Brltty has incompatible changes in the next major version'
),
reporting.Summary(
'The --message-delay brltty option has been renamed to --message-timeout.\n'
'The -U [--update-interval=] brltty option has been removed.'
),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags([reporting.Tags.ACCESSIBILITY]),
reporting.Remediation(
hint=
'Please update your scripts to be compatible with the changes.'
)
] + related)
(
migrate_file,
migrate_bt,
migrate_espeak,
) = checkbrltty.check_for_unsupported_cfg()
report_summary = ''
if migrate_bt:
report_summary = 'Unsupported aliases for bluetooth devices (\'bth:\' and \'bluez:\') will be '
report_summary += 'renamed to \'bluetooth:\'.'
if migrate_espeak:
if report_summary:
report_summary += '\n'
report_summary += 'eSpeak speech driver is no longer supported, it will be switched to eSpeak-NG.'
if report_summary:
create_report([
reporting.Title('brltty configuration will be migrated'),
reporting.Summary(report_summary),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags([reporting.Tags.ACCESSIBILITY]),
] + related)
self.produce(
BrlttyMigrationDecision(migrate_file=migrate_file,
migrate_bt=migrate_bt,
migrate_espeak=migrate_espeak))
def process(self):
if has_package(InstalledRedHatSignedRPM, 'dosfstools'):
create_report([
reporting.Title('Dosfstools incompatible changes in the next major version'),
reporting.Summary(
'The automatic alignment of data clusters that was added in 3.0.8 and broken for '
'FAT32 starting with 3.0.20 has been reinstated. If you need to create file systems '
'for finicky devices that have broken FAT implementations use the option -a to '
'disable alignment.\n'
'The fsck.fat now defaults to interactive repair mode which previously had to be '
'selected with the -r option.\n'
),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags([
reporting.Tags.FILESYSTEM,
reporting.Tags.TOOLS
]),
reporting.Remediation(hint='Please update your scripts to be compatible with the changes.'),
reporting.RelatedResource('package', 'dosfstools')
])
def process(self):
if has_package(InstalledRedHatSignedRPM, 'powertop'):
create_report([
reporting.Title(
'PowerTOP compatibility options removed in the next major version'
),
reporting.Summary(
'The -d (dump) option which has been kept for RHEL backward compatibility has been '
'dropped.\n'
'The -h option which has been used for RHEL backward compatibility is no longer '
'alias for --html, but it\'s now an alias for --help to follow the upstream.\n'
'The -u option which has been used for RHEL backward compatibility as an alias for '
'--help has been dropped.\n'),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags(
[reporting.Tags.TOOLS, reporting.Tags.MONITORING]),
reporting.Remediation(
hint='Please remove the dropped options from your scripts.'
),
reporting.RelatedResource('package', 'powertop')
])
def process(self):
if not has_package(InstalledRedHatSignedRPM, 'sendmail'):
return
if config_applies_to_daemon(next(self.consume(TcpWrappersFacts)),
'sendmail'):
create_report([
reporting.Title(
'TCP wrappers support removed in the next major version'),
reporting.Summary(
'TCP wrappers are legacy host-based ACL (Access Control List) system '
'which has been removed in the next major version of RHEL.'
),
reporting.Remediation(
hint=
'Please migrate from TCP wrappers to some other access control mechanism and delete '
'sendmail from the /etc/hosts.[allow|deny].'),
reporting.Severity(reporting.Severity.HIGH),
reporting.Tags(COMMON_REPORT_TAGS + [reporting.Tags.NETWORK]),
reporting.Flags([reporting.Flags.INHIBITOR])
] + related)
return
migrate_files = checksendmail.check_files_for_compressed_ipv6()
if migrate_files:
create_report([
reporting.Title('sendmail configuration will be migrated'),
reporting.Summary(
'IPv6 addresses will be uncompressed, check all IPv6 addresses in all sendmail '
'configuration files for correctness.'),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags(COMMON_REPORT_TAGS)
] + related)
self.produce(
SendmailMigrationDecision(migrate_files=migrate_files))
else:
self.log.info(
'The sendmail configuration seems compatible - it won\'t be migrated.'
)
def process(self):
if has_package(InstalledRedHatSignedRPM, 'wireshark'):
create_report([
reporting.Title('tshark: CLI options and output changes'),
reporting.Summary(
'The -C suboption for -N option for asynchronous DNS name resolution '
'has been completely removed from tshark. The reason for this is that '
'the asynchronous DNS resolution is now the only resolution available '
'so there is no need for -C. If you are using -NC with tshark in any '
'of your scripts, please remove it.'
'\n\n'
'When using -H option with capinfos, the output no longer shows MD5 hashes. '
'Now it shows SHA256 instead. SHA1 might get removed very soon as well. '
'If you use these output values, please change your scripts.'
),
reporting.Severity(reporting.Severity.LOW),
reporting.Tags([
reporting.Tags.MONITORING, reporting.Tags.SANITY,
reporting.Tags.TOOLS
]),
reporting.RelatedResource('package', 'wireshark'),
])
def process(self):
check_memcached(has_package(InstalledRedHatSignedRPM, 'memcached'))
def process(self):
check_chrony(has_package(InstalledRedHatSignedRPM, 'chrony'))
def is_processable():
res = has_package(InstalledRedHatSignedRPM, 'device-mapper-multipath')
if not res:
api.current_logger().debug('device-mapper-multipath is not installed.')
return res
def is_azure_agent_installed():
"""Check whether 'WALinuxAgent' package is installed."""
upg_path = rhui.get_upg_path()
agent_pkg = rhui.RHUI_CLOUD_MAP[upg_path].get('azure',
{}).get('agent_pkg', '')
return has_package(InstalledRPM, agent_pkg)
def is_azure_agent_installed():
"""Check whether 'WALinuxAgent' package is installed."""
arch = api.current_actor().configuration.architecture
agent_pkg = rhui.RHUI_CLOUD_MAP[arch]['azure']['agent_pkg']
return has_package(InstalledRPM, agent_pkg)
