Compare commits

..

1 Commits

Author SHA1 Message Date
eabdullin 6e448a755d import CS leapp-repository-0.20.0-2.el8 2024-05-22 10:44:17 +00:00
7 changed files with 324 additions and 506 deletions

4
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/deps-pkgs-9.tar.gz
SOURCES/leapp-repository-0.19.0.tar.gz
SOURCES/deps-pkgs-10.tar.gz
SOURCES/leapp-repository-0.20.0.tar.gz

View File

@ -1,2 +1,2 @@
02499ccd70d4a8e6ce9ad29bd286a317d5e0b57b SOURCES/deps-pkgs-9.tar.gz
79402ad1aa427e43bdce143f4c0641dda383eb5d SOURCES/leapp-repository-0.19.0.tar.gz
d520ada12294e4dd8837c81f92d4c184ab403d51 SOURCES/deps-pkgs-10.tar.gz
185bbb040dba48e1ea2d6c627133af594378afd4 SOURCES/leapp-repository-0.20.0.tar.gz

View File

@ -1,37 +0,0 @@
From b6e409e1055b5d8b7f27e5df9eae096eb592a9c7 Mon Sep 17 00:00:00 2001
From: Petr Stodulka <pstodulk@redhat.com>
Date: Fri, 27 Oct 2023 13:34:38 +0200
Subject: [PATCH] RHSM: Adjust the switch to container mode for new RHSM
RHSM in RHEL 8.9+ & RHEL 9.3+ requires newly for the switch to the
container mode existence and content under /etc/pki/entitlement-host,
which in our case should by symlink to /etc/pki/entitlement.
So currently we need for the correct switch 2 symlinks:
* /etc/pki/rhsm-host -> /etc/pki/rhsm
* /etc/pki/entitlement-host -> /etc/pki/entitlement
Technically we need that only for RHEL 8.9+ but discussing it with
RHSM SST, we can do this change unconditionally for any RHEL system
as older versions of RHSM do not check /etc/pki/entitlement-host.
jira: RHEL-14839
---
repos/system_upgrade/common/libraries/rhsm.py | 1 +
1 file changed, 1 insertion(+)
diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
index 4a5b0eb0..18842021 100644
--- a/repos/system_upgrade/common/libraries/rhsm.py
+++ b/repos/system_upgrade/common/libraries/rhsm.py
@@ -334,6 +334,7 @@ def set_container_mode(context):
return
try:
context.call(['ln', '-s', '/etc/rhsm', '/etc/rhsm-host'])
+ context.call(['ln', '-s', '/etc/pki/entitlement', '/etc/pki/entitlement-host'])
except CalledProcessError:
raise StopActorExecutionError(
message='Cannot set the container mode for the subscription-manager.')
--
2.41.0

View File

@ -0,0 +1,251 @@
From 921c06892f7550a3a8e2b3fe941c6272bdacf88d Mon Sep 17 00:00:00 2001
From: mhecko <mhecko@redhat.com>
Date: Thu, 15 Feb 2024 09:56:27 +0100
Subject: [PATCH] rhui: do not bootstrap target client on aws
Bootstrapping target RHUI client now requires installing the entire
RHEL8 RPM stack. Threfore, do not try installing target client
and instead rely only on the files from our leapp-rhui-aws package.
---
.../cloud/checkrhui/libraries/checkrhui.py | 6 +-
.../libraries/userspacegen.py | 104 ++++++++++++++----
.../system_upgrade/common/models/rhuiinfo.py | 7 ++
3 files changed, 92 insertions(+), 25 deletions(-)
diff --git a/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py b/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
index 84ab40e3..e1c158c7 100644
--- a/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
+++ b/repos/system_upgrade/common/actors/cloud/checkrhui/libraries/checkrhui.py
@@ -142,7 +142,11 @@ def customize_rhui_setup_for_aws(rhui_family, setup_info):
target_version = version.get_target_major_version()
if target_version == '8':
- return # The rhel8 plugin is packed into leapp-rhui-aws as we need python2 compatible client
+ # RHEL8 rh-amazon-rhui-client depends on amazon-libdnf-plugin that depends
+ # essentially on the entire RHEL8 RPM stack, so we cannot just swap the clients
+ # The leapp-rhui-aws will provide all necessary files to access entire RHEL8 content
+ setup_info.bootstrap_target_client = False
+ return
amazon_plugin_copy_task = CopyFile(src='/usr/lib/python3.9/site-packages/dnf-plugins/amazon-id.py',
dst='/usr/lib/python3.6/site-packages/dnf-plugins/')
diff --git a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
index d917bfd5..d60bc75f 100644
--- a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
+++ b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
@@ -853,9 +853,9 @@ def _get_rhui_available_repoids(context, cloud_repo):
return set(repoids)
-def get_copy_location_from_copy_in_task(context, copy_task):
+def get_copy_location_from_copy_in_task(context_basepath, copy_task):
basename = os.path.basename(copy_task.src)
- dest_in_container = context.full_path(copy_task.dst)
+ dest_in_container = os.path.join(context_basepath, copy_task.dst)
if os.path.isdir(dest_in_container):
return os.path.join(copy_task.dst, basename)
return copy_task.dst
@@ -871,7 +871,10 @@ def _get_rh_available_repoids(context, indata):
# If we are upgrading a RHUI system, check what repositories are provided by the (already installed) target clients
if indata and indata.rhui_info:
- files_provided_by_clients = _query_rpm_for_pkg_files(context, indata.rhui_info.target_client_pkg_names)
+ setup_info = indata.rhui_info.target_client_setup_info
+ target_content_access_files = set()
+ if setup_info.bootstrap_target_client:
+ target_content_access_files = _query_rpm_for_pkg_files(context, indata.rhui_info.target_client_pkg_names)
def is_repofile(path):
return os.path.dirname(path) == '/etc/yum.repos.d' and os.path.basename(path).endswith('.repo')
@@ -884,24 +887,33 @@ def _get_rh_available_repoids(context, indata):
yum_repos_d = context.full_path('/etc/yum.repos.d')
all_repofiles = {os.path.join(yum_repos_d, path) for path in os.listdir(yum_repos_d) if path.endswith('.repo')}
- client_repofiles = {context.full_path(path) for path in files_provided_by_clients if is_repofile(path)}
+ api.current_logger().debug('(RHUI Setup) All available repofiles: {0}'.format(' '.join(all_repofiles)))
+
+ target_access_repofiles = {
+ context.full_path(path) for path in target_content_access_files if is_repofile(path)
+ }
# Exclude repofiles used to setup the target rhui access as on some platforms the repos provided by
# the client are not sufficient to install the client into target userspace (GCP)
rhui_setup_repofile_tasks = [task for task in setup_tasks if task.src.endswith('repo')]
rhui_setup_repofiles = (
- get_copy_location_from_copy_in_task(context, copy_task) for copy_task in rhui_setup_repofile_tasks
+ get_copy_location_from_copy_in_task(context.base_dir, copy) for copy in rhui_setup_repofile_tasks
)
rhui_setup_repofiles = {context.full_path(repofile) for repofile in rhui_setup_repofiles}
- foreign_repofiles = all_repofiles - client_repofiles - rhui_setup_repofiles
+ foreign_repofiles = all_repofiles - target_access_repofiles - rhui_setup_repofiles
+
+ api.current_logger().debug(
+ 'The following repofiles are considered as unknown to'
+ ' the target RHUI content setup and will be ignored: {0}'.format(' '.join(foreign_repofiles))
+ )
# Rename non-client repofiles so they will not be recognized when running dnf repolist
for foreign_repofile in foreign_repofiles:
os.rename(foreign_repofile, '{0}.back'.format(foreign_repofile))
try:
- dnf_cmd = ['dnf', 'repolist', '--releasever', target_ver, '-v']
+ dnf_cmd = ['dnf', 'repolist', '--releasever', target_ver, '-v', '--enablerepo', '*']
repolist_result = context.call(dnf_cmd)['stdout']
repoid_lines = [line for line in repolist_result.split('\n') if line.startswith('Repo-id')]
rhui_repoids = {extract_repoid_from_line(line) for line in repoid_lines}
@@ -919,6 +931,9 @@ def _get_rh_available_repoids(context, indata):
for foreign_repofile in foreign_repofiles:
os.rename('{0}.back'.format(foreign_repofile), foreign_repofile)
+ api.current_logger().debug(
+ 'The following repofiles are considered as provided by RedHat: {0}'.format(' '.join(rh_repoids))
+ )
return rh_repoids
@@ -1086,7 +1101,7 @@ def _get_target_userspace():
return constants.TARGET_USERSPACE.format(get_target_major_version())
-def _create_target_userspace(context, packages, files, target_repoids):
+def _create_target_userspace(context, indata, packages, files, target_repoids):
"""Create the target userspace."""
target_path = _get_target_userspace()
prepare_target_userspace(context, target_path, target_repoids, list(packages))
@@ -1096,12 +1111,57 @@ def _create_target_userspace(context, packages, files, target_repoids):
_copy_files(target_context, files)
dnfplugin.install(_get_target_userspace())
+ # If we used only repofiles from leapp-rhui-<provider> then remove these as they provide
+ # duplicit definitions as the target clients already installed in the target container
+ if indata.rhui_info:
+ api.current_logger().debug(
+ 'Target container should have access to content. '
+ 'Removing repofiles from leapp-rhui-<provider> from the target..'
+ )
+ setup_info = indata.rhui_info.target_client_setup_info
+ if not setup_info.bootstrap_target_client:
+ target_userspace_path = _get_target_userspace()
+ for copy in setup_info.preinstall_tasks.files_to_copy_into_overlay:
+ dst_in_container = get_copy_location_from_copy_in_task(target_userspace_path, copy)
+ dst_in_container = dst_in_container.strip('/')
+ dst_in_host = os.path.join(target_userspace_path, dst_in_container)
+ if os.path.isfile(dst_in_host) and dst_in_host.endswith('.repo'):
+ api.current_logger().debug('Removing repofile: {0}'.format(dst_in_host))
+ os.remove(dst_in_host)
+
# and do not forget to set the rhsm into the container mode again
with mounting.NspawnActions(_get_target_userspace()) as target_context:
rhsm.set_container_mode(target_context)
-def install_target_rhui_client_if_needed(context, indata):
+def _apply_rhui_access_preinstall_tasks(context, rhui_setup_info):
+ if rhui_setup_info.preinstall_tasks:
+ api.current_logger().debug('Applying RHUI preinstall tasks.')
+ preinstall_tasks = rhui_setup_info.preinstall_tasks
+
+ for file_to_remove in preinstall_tasks.files_to_remove:
+ api.current_logger().debug('Removing {0} from the scratch container.'.format(file_to_remove))
+ context.remove(file_to_remove)
+
+ for copy_info in preinstall_tasks.files_to_copy_into_overlay:
+ api.current_logger().debug(
+ 'Copying {0} in {1} into the scratch container.'.format(copy_info.src, copy_info.dst)
+ )
+ context.makedirs(os.path.dirname(copy_info.dst), exists_ok=True)
+ context.copy_to(copy_info.src, copy_info.dst)
+
+
+def _apply_rhui_access_postinstall_tasks(context, rhui_setup_info):
+ if rhui_setup_info.postinstall_tasks:
+ api.current_logger().debug('Applying RHUI postinstall tasks.')
+ for copy_info in rhui_setup_info.postinstall_tasks.files_to_copy:
+ context.makedirs(os.path.dirname(copy_info.dst), exists_ok=True)
+ debug_msg = 'Copying {0} to {1} (inside the scratch container).'
+ api.current_logger().debug(debug_msg.format(copy_info.src, copy_info.dst))
+ context.call(['cp', copy_info.src, copy_info.dst])
+
+
+def setup_target_rhui_access_if_needed(context, indata):
if not indata.rhui_info:
return
@@ -1110,15 +1170,14 @@ def install_target_rhui_client_if_needed(context, indata):
_create_target_userspace_directories(userspace_dir)
setup_info = indata.rhui_info.target_client_setup_info
- if setup_info.preinstall_tasks:
- preinstall_tasks = setup_info.preinstall_tasks
+ _apply_rhui_access_preinstall_tasks(context, setup_info)
- for file_to_remove in preinstall_tasks.files_to_remove:
- context.remove(file_to_remove)
-
- for copy_info in preinstall_tasks.files_to_copy_into_overlay:
- context.makedirs(os.path.dirname(copy_info.dst), exists_ok=True)
- context.copy_to(copy_info.src, copy_info.dst)
+ if not setup_info.bootstrap_target_client:
+ # Installation of the target RHUI client is not possible and we bundle all necessary
+ # files into the leapp-rhui-<provider> packages.
+ api.current_logger().debug('Bootstrapping target RHUI client is disabled, leapp will rely '
+ 'only on files budled in leapp-rhui-<provider> package.')
+ return
cmd = ['dnf', '-y']
@@ -1149,16 +1208,13 @@ def install_target_rhui_client_if_needed(context, indata):
context.call(cmd, callback_raw=utils.logging_handler, stdin='\n'.join(dnf_transaction_steps))
- if setup_info.postinstall_tasks:
- for copy_info in setup_info.postinstall_tasks.files_to_copy:
- context.makedirs(os.path.dirname(copy_info.dst), exists_ok=True)
- context.call(['cp', copy_info.src, copy_info.dst])
+ _apply_rhui_access_postinstall_tasks(context, setup_info)
# Do a cleanup so there are not duplicit repoids
files_owned_by_clients = _query_rpm_for_pkg_files(context, indata.rhui_info.target_client_pkg_names)
for copy_task in setup_info.preinstall_tasks.files_to_copy_into_overlay:
- dest = get_copy_location_from_copy_in_task(context, copy_task)
+ dest = get_copy_location_from_copy_in_task(context.base_dir, copy_task)
can_be_cleaned_up = copy_task.src not in setup_info.files_supporting_client_operation
if dest not in files_owned_by_clients and can_be_cleaned_up:
context.remove(dest)
@@ -1184,10 +1240,10 @@ def perform():
target_iso = next(api.consume(TargetOSInstallationImage), None)
with mounting.mount_upgrade_iso_to_root_dir(overlay.target, target_iso):
- install_target_rhui_client_if_needed(context, indata)
+ setup_target_rhui_access_if_needed(context, indata)
target_repoids = _gather_target_repositories(context, indata, prod_cert_path)
- _create_target_userspace(context, indata.packages, indata.files, target_repoids)
+ _create_target_userspace(context, indata, indata.packages, indata.files, target_repoids)
# TODO: this is tmp solution as proper one needs significant refactoring
target_repo_facts = repofileutils.get_parsed_repofiles(context)
api.produce(TMPTargetRepositoriesFacts(repositories=target_repo_facts))
diff --git a/repos/system_upgrade/common/models/rhuiinfo.py b/repos/system_upgrade/common/models/rhuiinfo.py
index 3eaa4826..0a2e45af 100644
--- a/repos/system_upgrade/common/models/rhuiinfo.py
+++ b/repos/system_upgrade/common/models/rhuiinfo.py
@@ -36,6 +36,13 @@ class TargetRHUISetupInfo(Model):
files_supporting_client_operation = fields.List(fields.String(), default=[])
"""A subset of files copied in preinstall tasks that should not be cleaned up."""
+ bootstrap_target_client = fields.Boolean(default=True)
+ """
+ Swap the current RHUI client for the target one to facilitate access to the target content.
+
+ When False, only files from the leapp-rhui-<provider> will be used to access target content.
+ """
+
class RHUIInfo(Model):
"""
--
2.43.0

View File

@ -1,62 +0,0 @@
From d1f28cbd143f2dce85f7f175308437954847aba8 Mon Sep 17 00:00:00 2001
From: Petr Stodulka <pstodulk@redhat.com>
Date: Thu, 2 Nov 2023 14:20:11 +0100
Subject: [PATCH] Do not create dangling symlinks for containerized RHSM
When setting RHSM into the container mode, we are creating symlinks
to /etc/rhsm and /etc/pki/entitlement directories. However, this
creates dangling symlinks if RHSM is not installed or user manually
removes one of these dirs.
If any of these directories is missing, skip other actions and
log the warning. Usually it means that RHSM is not actually used
or installed at all, so in these cases we can do the skip. The
only corner case when system could use RHSM without
/etc/pki/entitlement is when RHSM is configured to put these
certificate on a different path, and we do not support nor cover
such a scenario as we are not scanning the RHSM configuration at
all.
This also solves the problems on systems that does not have RHSM
available at all.
---
repos/system_upgrade/common/libraries/rhsm.py | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
index 18842021..eb388829 100644
--- a/repos/system_upgrade/common/libraries/rhsm.py
+++ b/repos/system_upgrade/common/libraries/rhsm.py
@@ -325,6 +325,11 @@ def set_container_mode(context):
could be affected and the generated repo file in the container could be
affected as well (e.g. when the release is set, using rhsm, on the host).
+ We want to put RHSM into the container mode always when /etc/rhsm and
+ /etc/pki/entitlement directories exists, even when leapp is executed with
+ --no-rhsm option. If any of these directories are missing, skip other
+ actions - most likely RHSM is not installed in such a case.
+
:param context: An instance of a mounting.IsolatedActions class
:type context: mounting.IsolatedActions class
"""
@@ -332,6 +337,17 @@ def set_container_mode(context):
api.current_logger().error('Trying to set RHSM into the container mode'
'on host. Skipping the action.')
return
+ # TODO(pstodulk): check "rhsm identity" whether system is registered
+ # and the container mode should be required
+ if (not os.path.exists(context.full_path('/etc/rhsm'))
+ or not os.path.exists(context.full_path('/etc/pki/entitlement'))):
+ api.current_logger().warning(
+ 'Cannot set the container mode for the subscription-manager as'
+ ' one of required directories is missing. Most likely RHSM is not'
+ ' installed. Skipping other actions.'
+ )
+ return
+
try:
context.call(['ln', '-s', '/etc/rhsm', '/etc/rhsm-host'])
context.call(['ln', '-s', '/etc/pki/entitlement', '/etc/pki/entitlement-host'])
--
2.41.0

View File

@ -1,384 +0,0 @@
diff --git a/commands/command_utils.py b/commands/command_utils.py
index 338978dd..af78efdf 100644
--- a/commands/command_utils.py
+++ b/commands/command_utils.py
@@ -13,7 +13,7 @@ LEAPP_UPGRADE_FLAVOUR_DEFAULT = 'default'
LEAPP_UPGRADE_FLAVOUR_SAP_HANA = 'saphana'
LEAPP_UPGRADE_PATHS = 'upgrade_paths.json'
-VERSION_REGEX = re.compile(r"^([1-9]\d*)\.(\d+)$")
+VERSION_REGEX = re.compile(r"^([1-9]\d*)(\.(\d+))?$")
def check_version(version):
diff --git a/commands/upgrade/breadcrumbs.py b/commands/upgrade/breadcrumbs.py
index 16903ee0..46f116fb 100644
--- a/commands/upgrade/breadcrumbs.py
+++ b/commands/upgrade/breadcrumbs.py
@@ -61,7 +61,7 @@ class _BreadCrumbs(object):
if not os.path.exists('/etc/rhsm'):
# If there's no /etc/rhsm folder just skip it
return
- os.path.mkdir('/etc/rhsm/facts')
+ os.mkdir('/etc/rhsm/facts')
try:
with open('/etc/rhsm/facts/leapp.facts', 'w') as f:
json.dump(_flattened({
diff --git a/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py b/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py
index 4e1c4204..3474867a 100644
--- a/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py
+++ b/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py
@@ -18,7 +18,7 @@ def add_boot_entry(configs=None):
'/usr/sbin/grubby',
'--add-kernel', '{0}'.format(kernel_dst_path),
'--initrd', '{0}'.format(initram_dst_path),
- '--title', 'RHEL-Upgrade-Initramfs',
+ '--title', 'ELevate-Upgrade-Initramfs',
'--copy-default',
'--make-default',
'--args', '{DEBUG}{NET} enforcing=0 rd.plymouth=0 plymouth.enable=0'.format(DEBUG=debug, NET=ip_arg)
diff --git a/repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py b/repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py
index ddc37e52..a9c40691 100644
--- a/repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py
+++ b/repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py
@@ -42,7 +42,7 @@ run_args_add = [
'/usr/sbin/grubby',
'--add-kernel', '/abc',
'--initrd', '/def',
- '--title', 'RHEL-Upgrade-Initramfs',
+ '--title', 'ELevate-Upgrade-Initramfs',
'--copy-default',
'--make-default',
'--args',
diff --git a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/do-upgrade.sh b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/do-upgrade.sh
index 491b85ec..059cf506 100755
--- a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/do-upgrade.sh
+++ b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/85sys-upgrade-redhat/do-upgrade.sh
@@ -9,7 +9,7 @@ type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
get_rhel_major_release() {
local os_version
- os_version=$(grep -o '^VERSION="[0-9][0-9]*\.' /etc/initrd-release | grep -o '[0-9]*')
+ os_version=$(grep -o '^VERSION="[0-9][0-9]*' /etc/initrd-release | grep -o '[0-9]*')
[ -z "$os_version" ] && {
# This should not happen as /etc/initrd-release is supposed to have API
# stability, but check is better than broken system.
@@ -377,4 +377,3 @@ getarg 'rd.break=leapp-logs' && emergency_shell -n upgrade "Break after LEAPP sa
sync
mount -o "remount,$old_opts" "$NEWROOT"
exit $result
-
diff --git a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/90sys-upgrade/initrd-system-upgrade-generator b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/90sys-upgrade/initrd-system-upgrade-generator
index 5cc6fd92..fe81626f 100755
--- a/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/90sys-upgrade/initrd-system-upgrade-generator
+++ b/repos/system_upgrade/common/actors/commonleappdracutmodules/files/dracut/90sys-upgrade/initrd-system-upgrade-generator
@@ -1,7 +1,7 @@
#!/bin/sh
get_rhel_major_release() {
- _os_version=$(cat /etc/initrd-release | grep -o '^VERSION="[0-9][0-9]*\.' | grep -o '[0-9]*')
+ _os_version=$(cat /etc/initrd-release | grep -o '^VERSION="[0-9][0-9]*' | grep -o '[0-9]*')
[ -z "$_os_version" ] && {
# This should not happen as /etc/initrd-release is supposed to have API
# stability, but check is better than broken system.
diff --git a/repos/system_upgrade/common/actors/efibootorderfix/finalization/actor.py b/repos/system_upgrade/common/actors/efibootorderfix/finalization/actor.py
index f42909f0..4a2bc8ad 100644
--- a/repos/system_upgrade/common/actors/efibootorderfix/finalization/actor.py
+++ b/repos/system_upgrade/common/actors/efibootorderfix/finalization/actor.py
@@ -1,17 +1,118 @@
+import os
+import re
+
+from leapp.libraries.stdlib import run, api
from leapp.actors import Actor
-from leapp.libraries.common import efi_reboot_fix
+from leapp.models import InstalledTargetKernelVersion, KernelCmdlineArg, FirmwareFacts, MountEntry
from leapp.tags import FinalizationPhaseTag, IPUWorkflowTag
+from leapp.exceptions import StopActorExecutionError
class EfiFinalizationFix(Actor):
"""
- Adjust EFI boot entry for final reboot
+ Ensure that EFI boot order is updated, which is particularly necessary
+ when upgrading to a different OS distro. Also rebuilds grub config
+ if necessary.
"""
name = 'efi_finalization_fix'
- consumes = ()
+ consumes = (KernelCmdlineArg, InstalledTargetKernelVersion, FirmwareFacts, MountEntry)
produces = ()
tags = (FinalizationPhaseTag, IPUWorkflowTag)
def process(self):
- efi_reboot_fix.maybe_emit_updated_boot_entry()
+ is_system_efi = False
+ ff = next(self.consume(FirmwareFacts), None)
+
+ dirname = {
+ 'AlmaLinux': 'almalinux',
+ 'CentOS Linux': 'centos',
+ 'CentOS Stream': 'centos',
+ 'Oracle Linux Server': 'redhat',
+ 'Red Hat Enterprise Linux': 'redhat',
+ 'Rocky Linux': 'rocky',
+ 'Scientific Linux': 'redhat',
+ 'EuroLinux': 'eurolinux',
+ }
+
+ efi_shimname_dict = {
+ 'x86_64': 'shimx64.efi',
+ 'aarch64': 'shimaa64.efi'
+ }
+
+ def devparts(dev):
+ """
+ NVMe block devices aren't named like SCSI/ATA/etc block devices and must be parsed differently.
+ SCSI/ATA/etc devices have a syntax resembling /dev/sdb4 for the 4th partition on the 2nd disk.
+ NVMe devices have a syntax resembling /dev/nvme0n2p4 for the 4th partition on the 2nd disk.
+ """
+ if '/dev/nvme' in dev:
+ """
+ NVMe
+ """
+ part = next(re.finditer(r'p\d+$', dev)).group(0)
+ dev = dev[:-len(part)]
+ part = part[1:]
+ else:
+ """
+ Non-NVMe (SCSI, ATA, etc)
+ """
+ part = next(re.finditer(r'\d+$', dev)).group(0)
+ dev = dev[:-len(part)]
+ return [dev, part];
+
+ with open('/etc/system-release', 'r') as sr:
+ release_line = next(line for line in sr if 'release' in line)
+ distro = release_line.split(' release ', 1)[0]
+
+ efi_bootentry_label = distro
+ distro_dir = dirname.get(distro, 'default')
+ shim_filename = efi_shimname_dict.get(api.current_actor().configuration.architecture, 'shimx64.efi')
+
+ shim_path = '/boot/efi/EFI/' + distro_dir + '/' + shim_filename
+ grub_cfg_path = '/boot/efi/EFI/' + distro_dir + '/grub.cfg'
+ bootmgr_path = '\\EFI\\' + distro_dir + '\\' + shim_filename
+
+ has_efibootmgr = os.path.exists('/sbin/efibootmgr')
+ has_shim = os.path.exists(shim_path)
+ has_grub_cfg = os.path.exists(grub_cfg_path)
+
+ if not ff:
+ raise StopActorExecutionError(
+ 'Could not identify system firmware',
+ details={'details': 'Actor did not receive FirmwareFacts message.'}
+ )
+
+ if not has_efibootmgr:
+ return
+
+ for fact in self.consume(FirmwareFacts):
+ if fact.firmware == 'efi':
+ is_system_efi = True
+ break
+
+ if is_system_efi and has_shim:
+ efidevlist = []
+ with open('/proc/mounts', 'r') as fp:
+ for line in fp:
+ if '/boot/efi' in line:
+ efidevpath = line.split(' ', 1)[0]
+ efidevpart = efidevpath.split('/')[-1]
+ if os.path.exists('/proc/mdstat'):
+ with open('/proc/mdstat', 'r') as mds:
+ for line in mds:
+ if line.startswith(efidevpart):
+ mddev = line.split(' ')
+ for md in mddev:
+ if '[' in md:
+ efimd = md.split('[', 1)[0]
+ efidp = efidevpath.replace(efidevpart, efimd)
+ efidevlist.append(efidp)
+ if len(efidevlist) == 0:
+ efidevlist.append(efidevpath)
+ for devpath in efidevlist:
+ efidev, efipart = devparts(devpath)
+ run(['/sbin/efibootmgr', '-c', '-d', efidev, '-p', efipart, '-l', bootmgr_path, '-L', efi_bootentry_label])
+
+ if not has_grub_cfg:
+ run(['/sbin/grub2-mkconfig', '-o', grub_cfg_path])
diff --git a/repos/system_upgrade/common/actors/ipuworkflowconfig/libraries/ipuworkflowconfig.py b/repos/system_upgrade/common/actors/ipuworkflowconfig/libraries/ipuworkflowconfig.py
index 9e213f64..52cfe14f 100644
--- a/repos/system_upgrade/common/actors/ipuworkflowconfig/libraries/ipuworkflowconfig.py
+++ b/repos/system_upgrade/common/actors/ipuworkflowconfig/libraries/ipuworkflowconfig.py
@@ -47,15 +47,20 @@ def get_os_release(path):
:return: `OSRelease` model if the file can be parsed
:raises: `IOError`
"""
+ os_version = '.'.join(platform.dist()[1].split('.')[:2])
try:
with open(path) as f:
data = dict(l.strip().split('=', 1) for l in f.readlines() if '=' in l)
+ release_id = data.get('ID', '').strip('"')
+ version_id = data.get('VERSION_ID', '').strip('"')
+ if release_id == 'centos' and '.' not in os_version:
+ os_version = "{}.999".format(version_id)
return OSRelease(
- release_id=data.get('ID', '').strip('"'),
+ release_id=release_id,
name=data.get('NAME', '').strip('"'),
pretty_name=data.get('PRETTY_NAME', '').strip('"'),
version=data.get('VERSION', '').strip('"'),
- version_id=data.get('VERSION_ID', '').strip('"'),
+ version_id=os_version,
variant=data.get('VARIANT', '').strip('"') or None,
variant_id=data.get('VARIANT_ID', '').strip('"') or None
)
diff --git a/repos/system_upgrade/common/actors/redhatsignedrpmscanner/actor.py b/repos/system_upgrade/common/actors/redhatsignedrpmscanner/actor.py
index 1085beee..8416fd39 100644
--- a/repos/system_upgrade/common/actors/redhatsignedrpmscanner/actor.py
+++ b/repos/system_upgrade/common/actors/redhatsignedrpmscanner/actor.py
@@ -17,11 +17,28 @@ class RedHatSignedRpmScanner(Actor):
tags = (IPUWorkflowTag, FactsPhaseTag)
def process(self):
- RH_SIGS = ['199e2f91fd431d51',
+ RH_SIGS = ['199e2f91fd431d51', # rhel
'5326810137017186',
'938a80caf21541eb',
'fd372689897da07a',
- '45689c882fa658e0']
+ '45689c882fa658e0',
+ '24c6a8a7f4a80eb5', # centos
+ '05b555b38483c65d',
+ '4eb84e71f2ee9d55',
+ 'a963bbdbf533f4fa',
+ '6c7cb6ef305d49d6',
+ '51d6647ec21ad6ea', # almalinux
+ 'd36cb86cb86b3716',
+ '2ae81e8aced7258b',
+ '15af5dac6d745a60', # rockylinux
+ '702d426d350d275d',
+ '72f97b74ec551f03', # ol
+ '82562ea9ad986da3',
+ 'bc4d06a08d8b756f',
+ '75c333f418cd4a9e', # eurolinux
+ 'b413acad6275f250',
+ 'f7ad3e5a1c9fd080',
+ 'b0b4183f192a7d7d'] # scientific
signed_pkgs = InstalledRedHatSignedRPM()
unsigned_pkgs = InstalledUnsignedRPM()
@@ -46,7 +63,12 @@ class RedHatSignedRpmScanner(Actor):
"""
return ( # pylint: disable-msg=consider-using-ternary
pkg.name == 'gpg-pubkey'
- and pkg.packager.startswith('Red Hat, Inc.')
+ and (pkg.packager.startswith('Red Hat, Inc.')
+ or pkg.packager.startswith('CentOS')
+ or pkg.packager.startswith('AlmaLinux')
+ or pkg.packager.startswith('infrastructure@rockylinux.org')
+ or pkg.packager.startswith('EuroLinux')
+ or pkg.packager.startswith('Scientific Linux'))
or all_signed
)
diff --git a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
index 1cc5d64f..11c61e36 100644
--- a/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
+++ b/repos/system_upgrade/common/actors/removeobsoletegpgkeys/libraries/removeobsoleterpmgpgkeys.py
@@ -11,7 +11,11 @@ OBSOLETED_KEYS_MAP = {
"gpg-pubkey-37017186-45761324",
"gpg-pubkey-db42a60e-37ea5438",
],
- 9: ["gpg-pubkey-d4082792-5b32db75"],
+ 9: [
+ "gpg-pubkey-d4082792-5b32db75",
+ "gpg-pubkey-3abb34f8-5ffd890e",
+ "gpg-pubkey-6275f250-5e26cb2e",
+ ],
}
diff --git a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
index 9dfa0f14..3dc8e6db 100644
--- a/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
+++ b/repos/system_upgrade/common/actors/targetuserspacecreator/libraries/userspacegen.py
@@ -400,9 +400,9 @@ def _prep_repository_access(context, target_userspace):
target_yum_repos_d = os.path.join(target_etc, 'yum.repos.d')
backup_yum_repos_d = os.path.join(target_etc, 'yum.repos.d.backup')
- _copy_certificates(context, target_userspace)
if not rhsm.skip_rhsm():
+ _copy_certificates(context, target_userspace)
run(['rm', '-rf', os.path.join(target_etc, 'rhsm')])
context.copytree_from('/etc/rhsm', os.path.join(target_etc, 'rhsm'))
# NOTE: we cannot just remove the original target yum.repos.d dir
diff --git a/repos/system_upgrade/common/libraries/config/version.py b/repos/system_upgrade/common/libraries/config/version.py
index 0f1e5874..5eb80c9c 100644
--- a/repos/system_upgrade/common/libraries/config/version.py
+++ b/repos/system_upgrade/common/libraries/config/version.py
@@ -15,8 +15,8 @@ OP_MAP = {
_SUPPORTED_VERSIONS = {
# Note: 'rhel-alt' is detected when on 'rhel' with kernel 4.x
- '7': {'rhel': ['7.9'], 'rhel-alt': [], 'rhel-saphana': ['7.9']},
- '8': {'rhel': ['8.6', '8.8', '8.9'], 'rhel-saphana': ['8.6', '8.8']},
+ '7': {'rhel': ['7.9'], 'rhel-alt': [], 'rhel-saphana': ['7.9'], 'centos': ['7.9'], 'eurolinux': ['7.9'], 'ol': ['7.9'], 'scientific': ['7.9']},
+ '8': {'rhel': ['8.5', '8.6', '8.8', '8.9', '8.10'], 'rhel-saphana': ['8.6', '8.8', '8.9', '8.10'], 'centos': ['8.5', '8.999'], 'almalinux': ['8.6', '8.7', '8.8', '8.9', '8.10'], 'eurolinux': ['8.6', '8.7', '8.8', '8.9', '8.10'], 'ol': ['8.6', '8.7', '8.8', '8.9', '8.10'], 'rocky': ['8.6', '8.7', '8.8', '8.9', '8.10']},
}
diff --git a/repos/system_upgrade/common/libraries/module.py b/repos/system_upgrade/common/libraries/module.py
index abde69e7..7d4e8aa4 100644
--- a/repos/system_upgrade/common/libraries/module.py
+++ b/repos/system_upgrade/common/libraries/module.py
@@ -1,4 +1,3 @@
-import os
import warnings
from leapp.libraries.common.config.version import get_source_major_version
@@ -23,14 +22,20 @@ def _create_or_get_dnf_base(base=None):
# have repositories only for the exact system version (including the minor number). In a case when
# /etc/yum/vars/releasever is present, read its contents so that we can access repositores on such systems.
conf = dnf.conf.Conf()
- pkg_manager = 'yum' if get_source_major_version() == '7' else 'dnf'
- releasever_path = '/etc/{0}/vars/releasever'.format(pkg_manager)
- if os.path.exists(releasever_path):
- with open(releasever_path) as releasever_file:
- releasever = releasever_file.read().strip()
- conf.substitutions['releasever'] = releasever
- else:
- conf.substitutions['releasever'] = get_source_major_version()
+
+ # preload releasever from what we know, this will be our fallback
+ conf.substitutions['releasever'] = get_source_major_version()
+
+ # dnf on EL7 doesn't load vars from /etc/yum, so we need to help it a bit
+ if get_source_major_version() == '7':
+ try:
+ with open('/etc/yum/vars/releasever') as releasever_file:
+ conf.substitutions['releasever'] = releasever_file.read().strip()
+ except IOError:
+ pass
+
+ # load all substitutions from etc
+ conf.substitutions.update_from_etc('/')
base = dnf.Base(conf=conf)
base.init_plugins()
diff --git a/repos/system_upgrade/common/libraries/rhsm.py b/repos/system_upgrade/common/libraries/rhsm.py
index 4a5b0eb0..9fdec233 100644
--- a/repos/system_upgrade/common/libraries/rhsm.py
+++ b/repos/system_upgrade/common/libraries/rhsm.py
@@ -92,7 +92,7 @@ def _handle_rhsm_exceptions(hint=None):
def skip_rhsm():
"""Check whether we should skip RHSM related code."""
- return get_env('LEAPP_NO_RHSM', '0') == '1'
+ return True
def with_rhsm(f):

View File

@ -2,7 +2,7 @@
%global repositorydir %{leapp_datadir}/repositories
%global custom_repositorydir %{leapp_datadir}/custom-repositories
%define leapp_repo_deps 9
%define leapp_repo_deps 10
%if 0%{?rhel} == 7
%define leapp_python_sitelib %{python2_sitelib}
@ -40,25 +40,24 @@ py2_byte_compile "%1" "%2"}
# to create such an rpm. Instead, we are going to introduce new naming for
# RHEL 8+ packages to be consistent with other leapp projects in future.
Epoch: 1
Name: leapp-repository
Version: 0.19.0
Release: 6%{?dist}
Version: 0.20.0
Release: 2%{?dist}
Summary: Repositories for leapp
License: ASL 2.0
URL: https://oamg.github.io/leapp/
Source0: https://github.com/oamg/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: deps-pkgs-9.tar.gz
Source1: deps-pkgs-10.tar.gz
# NOTE: Our packages must be noarch. Do no drop this in any way.
BuildArch: noarch
### PATCHES HERE
# Patch0001: filename.patch
Patch0001: 0001-RHSM-Adjust-the-switch-to-container-mode-for-new-RHS.patch
Patch0002: 0002-Do-not-create-dangling-symlinks-for-containerized-RH.patch
Patch0003: leapp-repository-0.19.0-elevate.patch
Patch0001: 0001-rhui-do-not-bootstrap-target-client-on-aws.patch
%description
%{summary}
@ -152,6 +151,16 @@ Provides: leapp-repository-dependencies = %{leapp_repo_deps}
##################################################
Requires: dnf >= 4
Requires: pciutils
# required to be able to format disk images with XFS file systems (default)
Requires: xfsprogs
# required to be able to format disk images with Ext4 file systems
# NOTE: this is not happening by default, but we can expact that many customers
# will want to / need to do this - especially on RHEL 7 now. Adding this deps
# as the best trade-off to resolve this problem.
Requires: e2fsprogs
%if 0%{?rhel} && 0%{?rhel} == 7
# Required to gather system facts about SELinux
Requires: libselinux-python
@ -201,8 +210,6 @@ Requires: python3-gobject-base
# APPLY PATCHES HERE
# %%patch0001 -p1
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
%build
@ -274,21 +281,64 @@ done;
%{_sysconfdir}/leapp/transaction/*
%{repositorydir}/*
%{leapp_python_sitelib}/leapp/cli/commands/*
%exclude %{_sysconfdir}/leapp/files/repomap.json
%exclude %{_sysconfdir}/leapp/files/pes-events.json
%exclude %{_sysconfdir}/leapp/files/device_driver_deprecation_data.json
%exclude %{leapp_datadir}/repositories/system_upgrade/common/files/rpm-gpg/*/*
%files -n %{lpr_name}-deps
# no files here
%changelog
* Wed Apr 24 2024 Yuriy Kohut <ykohut@almalinux.org> - 1:0.19.0-6
- Enable CentOS Stream release 8 to 9 elevation
- Update actor.py to support NVMe device enumeration
* Tue Feb 20 2024 Petr Stodulka <pstodulk@redhat.com> - 0.20.0-2
- Fallback to original RHUI solution on AWS to fix issues caused by changes in RHUI client
- Resolves: RHEL-16729
* Wed Jan 10 2024 Yuriy Kohut <ykohut@almalinux.org> - 1:0.19.0-5
- AlmaLinux/CentOS/Oracle/Rocky/EuroLinux support (phase 1)
* Tue Feb 13 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.20.0-1
- Rebase to new upstream v0.20.0.
- Fix semanage import issue
- Fix handling of libvirt's systemd services
- Add a dracut breakpoint for the pre-upgrade step.
- Drop obsoleted upgrade paths (obsoleted releases: 8.6, 8.9, 9.0, 9.3)
- Resolves: RHEL-16729
* Tue Jan 23 2024 Toshio Kuratomi <toshio@fedoraproject.org> - 0.19.0-10
- Print nice error msg when device and driver deprecation data is malformed
- Fix another cornercase when preserving symlinks to certificates in /etc/pki
- Update the leapp upgrade data files - fixing upgrades with idm-tomcatjss
- Resolves: RHEL-16729
* Fri Jan 19 2024 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-9
- Do not try to download data files anymore when missing as the service
is obsoleted since the data is part of installed packages
- Update error messages and reports when installed upgrade data files
are malformed or missing to instruct user how to resolve it
- Update the leapp upgrade data files - bump data stream to "3.0"
- Resolves: RHEL-16729
* Fri Jan 12 2024 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-7
- Add detection of possible usage of OpenSSL IBMCA engine on IBM Z machines
- Add detection of modified /etc/pki/tls/openssl.cnf file
- Update the leapp upgrade data files
- Fix handling of symlinks under /etc/pki with relative paths specified
- Report custom actors and modifications of the upgrade tooling
- Requires xfsprogs and e2fsprogs to ensure that Ext4 and XFS tools are installed
- Bump leapp-repository-dependencies to 10
- Resolves: RHEL-1774, RHEL-16729
* Thu Nov 16 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-5
- Enable new upgrade path for RHEL 8.10 -> RHEL 9.4 (including RHEL with SAP HANA)
- Introduce generic transition of systemd services states during the IPU
- Introduce possibility to upgrade with local repositories
- Improve possibilities of upgrade when a proxy is configured in DNF configutation file
- Fix handling of symlinks under /etc/pki when managing certificates
- Fix the upgrade with custom https repositories
- Default to the NO_RHSM mode when subscription-manager is not installed
- Detect customized configuration of dynamic linker
- Drop the invalid `tuv` target channel for the --channel option
- Fix the issue of going out of bounds in the isccfg parser
- Fix traceback when saving the rhsm facts results and the /etc/rhsm/facts directory doesnt exist yet
- Load all rpm repository substitutions that dnf knows about, not just "releasever" only
- Simplify handling of upgrades on systems using RHUI, reducing the maintenance burden for cloud providers
- Detect possible unexpected RPM GPG keys has been installed during RPM transaction
- Resolves: RHEL-16729
* Thu Nov 02 2023 Petr Stodulka <pstodulk@redhat.com> - 0.19.0-4
- Fix the upgrade for systems without subscription-manager package