-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide upgrade inhibitor for ipa-server #765
Conversation
Thank you for contributing to the Leapp project!Please note that every PR needs to comply with the Leapp Guidelines and must pass all tests in order to be mergable.
Please open ticket in case you experience technical problem with the CI. (RH internal only) Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please consider rerunning the CI by commenting leapp-ci build (might require several comments). If the problem persists, contact leapp-infra. |
review please |
This PR has been linked in issue tracker (#OAMG-6120). |
repos/system_upgrade/el8toel9/actors/checkipaserver/libraries/checkipaserver.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the IpaScanner8to9 looks same as ipascanner for 7 to 8 - is it correct? In such a case, do not create new scanner actor and model and just move the stuff from system_upgrades/el7toel8
repository to the system_upgrades/common
repository.
I am sorry I haven't done complete review now regarding limited time, but at least something for the start
93282c8
to
468bcc4
Compare
@pirat89 thanks for your review comments. I moved the actors to |
review please |
Review requested from oamg/developers team. |
leapp-ci build |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello, thank you for contributing.
I've went through the changes introduced in this PR. The code looks OK, and except the raised concerns about providing a link to IdM 7->8 migration guide even if upgrading from rhel8 to rhel9, I see no problems. I've also manually tested this patch and the upgrade gets inhibited on both rhel7 and rhel8.
The source branch is a bit behind the master, could you please rebase it? The failed CI tests are due to us recently introducing import order enforcing and the linting errors causing the CI to fail are already fixed in the master.
), | ||
reporting.Remediation( | ||
hint="Please follow the IdM RHEL 7 to 8 migration guide lines." | ||
hint="Follow the IdM RHEL migration guide lines." | ||
), | ||
reporting.ExternalLink( | ||
url=MIGRATION_GUIDE, title="Migrating IdM from RHEL 7 to 8", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This external link might be misleading when upgrading from RHEL8 to RHEL9 and inhibition conditions are met.
Is there a IdM 8 to 9 migration guide?
If yes, the global variable MIGRATION_GUIDE
could be changed to be a dictionary mapping source OS major version to the migration guides:
MIGRATION_GUIDES = {
'7': 'link-to-7to8-guide',
'8': 'link-to-8to9-guide'
}
The source OS major version can be determined using the get_source_major_version
function implemented in the leapp.libraries.common.config.version
module.
Then the report creation could look for example in the following fashion:
url=MIGRATION_GUIDE, title="Migrating IdM from RHEL 7 to 8", | |
url=MIGRATION_GUIDES[get_source_major_version()], title="IdM migration guide", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately we don't have any 8->9 migration guide yet.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After a discussion with @Rezney, we've arrived at conclusion that we will track the missing documentation link internally and modify the code accordingly once the guide becomes available. As we would like to avoid providing a link to incorrect migration guide when upgrading from 8 to 9, could you please change the code according to the suggestions above and use TBA
for the missing upgrade link?
468bcc4
to
eb45b57
Compare
Thanks for the review. I rebased my PR to the master. |
leapp-ci build |
review please |
Hi 👋 I've left a comment about the missing migration guide link. Code-wise the patch looks OK, and once the comment is resolved, there should be nothing preventing merging this patch into the master. |
@flo-renaud Hi, actually, feel free to make a shortener URL and add it instead of "TBA". It can be something like this (used in different PR): |
IdM (ipa-server) does not support in-place upgrade from RHEL 8 to 9. Instead IdM servers must be upgraded by creating a new RHEL 9 machine and installing a replica. Since there is already an inhibitor for el7to8 migration, this commit - moves the code from system_upgrades/el7toel8 to system_upgrades/common - fixes lint issues - removes specific references to "7 to 8 migration" to make the messages more generic Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
eb45b57
to
66c3ea5
Compare
leap-ci build |
leapp-ci build |
1 similar comment
leapp-ci build |
@Rezney thanks for the suggestion, I followed your advice in the latest update. |
@flo-renaud No, e2e test failure is not your fault, we are having some infra issues unfortunately but we are on it :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, once the infra issue is resolved I will launch regression tests.
@fernflower the tests are now green |
The requested changes have been implemented (code was migrated to common
repository)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Tested on rhel8 with ipa-server installled & configured - the upgrade gets correctly inhibited.
The used link to the documentation is tracked internally in order to check its validity before the release. As the current link is a placeholder allowing for the code to be merged, please let us know when you release the guide and share the link, as it is important for us that all documentation links are pointing to existing docs. |
@MichalHe The documentation team will track a jira issue in order to update your team with the new url as soon as it's available. Thanks for the merge! |
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833)
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (#849) - Filter out unrelated PES data for the particular IPU path (#789) - Fix bug with existing symlink when migrating YUM configuration files (#811) - Fix creating invalid answerfile in "authselectcheck" actor (#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (#838) - Fix getting device attribute through udev on Python 3 (#758) - Fix parsing of sysctl output (#793) - Fix processing of merge events from PES data (#768, #825) - Fix random crashes when printing DNF output (#745) - Fix scanning "/etc/default/grub" with empty line (#845) - Fix scanning information about mounted devices (#711) - Fix severities in the "targetuserspacecreator" actor (#751) - Fix the "rerun" command after adding the "--channel" option (#750) - Fix the execution order for the dnf dry run actor (#801) - Skip checking the flavor and target_version upon leapp --resume (#781) - Use more accurate tense in the SELinux messaging (#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (#776, #794) - Add detection of enabled YUM & DNF plugins (#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (#749) - Generalize checking of device drivers (#835) - Improve the performance of the leapp execution for "pre first reboot" phases (#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (#841) - Introduce DNF modularity support (#672, #799) - Introduce the --report-schema option to control the version of the generated report format (#696) - Introduce the --target option to specify the version of the target system (#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (#816) - [IPU 7 -> 8]: bind configuration check (#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (#753) - Refactor "transactionworkarounds" actor and fix tests (#759) - Several actors moved to the system_upgrade/common repository (#800, #803, #805, #833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
IdM (ipa-server) does not support in-place upgrade from RHEL 8 to 9.
Instead IdM servers must be upgraded by creating a new RHEL 9 machine
and installing a replica.
The new IpaScanner actor scans for the system for IdM packages and
client/server instances. The new CheckIPAServer prohibits upgrades when
an IdM server is installed and warns the user when ipa-server package is
present.
Code largely taken from the el7toel8 existing inhibitor (credits to
cheimes@redhat.com)
Signed-off-by: Florence Blanc-Renaud flo@redhat.com