https://access.redhat.com/labs/satelliteupgradehelper/
https://access.redhat.com/articles/3664871
For upgrading other hosts from Satellite:
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html/managing_hosts/upgrading_hosts_from_rhel7_to_rhel8_managing-hosts#doc-wrapper
https://www.redhat.com/en/blog/leapp-upgrade-using-red-hat-satellite-6
NOT TESTED
# yum update -y
# yum install leapp leapp-repository -y
# satellite-installer --enable-foreman-plugin-leapp
"Note that currently you need version 0.15.0 or later of the leapp package and version 0.17.0 or later of the leapp-repository package, which contains the leapp-upgrade-el7toel8 RPM package."
https://access.redhat.com/errata/RHBA-2022:6141
Upgrade Satellite to latest 6.11 (Optional based on current version):
foreman-maintain upgrade run
Reclaiming PostgreSQL Space:
https://access.redhat.com/documentation/en-us/red_hat_satellite/6.10/html-single/upgrading_and_updating_red_hat_satellite/index#reclaiming-postgresql-space-after-an-upgrade_upgrade-guide
# satellite-maintain service stop --exclude postgresql
# su - postgres -c 'vacuumdb --full --dbname=foreman'
# satellite-maintain service start
Prerequisites:
Note: Don't do this --> foreman-maintain packages install leapp (Because of this: https://bugzilla.redhat.com/show_bug.cgi?id=2104730)
# subscription-manager repos --enable rhel-7-server-rpms
# subscription-manager repos --enable rhel-7-server-extras-rpms
# subscription-manager repos --enable satellite-maintenance-6.12-for-rhel-8-x86_64-rpms
# subscription-manager release --unset
# yum versionlock clear
# foreman-maintain packages update
# foreman-maintain packages install leapp-upgrade
# leapp preupgrade
Note: If you see below, there is a good chance you forgot to delete old PostgreSQL files from satellite <6.11
Satellite >6.11 PostgreSQL 12 data moved/upgraded during Satellite 6.11 upgrade and is located at: /var/opt/rh/rh-postgresql12/lib/pgsql/data
Reference:
https://access.redhat.com/solutions/6968798
https://access.redhat.com/discussions/6967744
============================================================
UPGRADE INHIBITED
============================================================
Upgrade has been inhibited due to the following problems:
1. Inhibitor: Old PostgreSQL data found in /var/lib/pgsql/data
2. Inhibitor: Leapp detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed.
3. Inhibitor: Missing required answers in the answer file
Consult the pre-upgrade report for details and possible remediation.
Verify old PostgreSQL from Satellite <6.11 is cleaned up (Verify files/data is available at /var/opt/rh/rh-postgresql12/lib/pgsql/data before!!!):
# rm -rf /var/lib/pgsql/*
You may also need:
# chown -R postgres:postgres /var/lib/pgsql/data
# rmmod pata_acpi
# leapp answer --section remove_pam_pkcs11_module_check.confirm=True
# leapp upgrade
Complete!
====> * add_upgrade_boot_entry
Add new boot entry for Leapp provided initramfs.
A reboot is required to continue. Please reboot your system.
Debug output written to /var/log/leapp/leapp-upgrade.log
============================================================
REPORT
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
END OF REPORT
============================================================
Answerfile has been generated at /var/log/leapp/answerfile
# reboot
Note: After Leapp reboots the system, and after it upgrades to RHEL 8 via the RamDisk, if the system has Satellite installed on it, an additional reboot will be required and post RHEL upgrade additional actions will automatically be started. Be patient! :)
Below instructions taken from document here:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/upgrading_from_rhel_7_to_rhel_8/performing-post-upgrade-tasks-rhel-7-to-rhel-8_upgrading-from-rhel-7-to-rhel-8#doc-wrapper
Remove all packages from the exclude list:
# dnf config-manager --save --setopt exclude=''
Determine old kernel versions (Your versions will almost certainly varry):
# cd /lib/modules && ls -d *.el7*
Remove weak modules from the old kernel. If you have multiple old kernels, repeat this step for each kernel:
# [ -x /usr/sbin/weak-modules ] && /usr/sbin/weak-modules --remove-kernel 3.10.0-1160.71.1.el7.x86_64/
# [ -x /usr/sbin/weak-modules ] && /usr/sbin/weak-modules --remove-kernel 3.10.0-1160.76.1.el7.x86_64/
# [ -x /usr/sbin/weak-modules ] && /usr/sbin/weak-modules --remove-kernel 3.10.0-1160.80.1.el7.x86_64/
Remove the old kernel from the bootloader entry. If you have multiple old kernels, repeat this step for each kernel:
# /bin/kernel-install remove 3.10.0-1160.71.1.el7.x86_64 /lib/modules/3.10.0-1160.71.1.el7.x86_64/vmlinuz
# /bin/kernel-install remove 3.10.0-1160.76.1.el7.x86_64 /lib/modules/3.10.0-1160.76.1.el7.x86_64/vmlinuz
# /bin/kernel-install remove 3.10.0-1160.80.1.el7.x86_64 /lib/modules/3.10.0-1160.80.1.el7.x86_64/vmlinuz
Locate remaining RHEL 7 packages:
# rpm -qa | grep -e '\.el[67]' | grep -vE '^(gpg-pubkey|libmodulemd|katello-ca-consumer)' | sort
Remove remaining Leapp dependency packages:
# dnf remove leapp-deps-el8 leapp-repository-deps-el8
Remove any remaining empty directories:
# rm -rf /lib/modules/*el7*
Verify that the old kernels have been removed from the bootloader entry:
# grubby --info=ALL | grep "\.el7" || echo “Old kernels are not present in the bootloader.”
Update the system to RHEL 8.7 (Optional):
# subscription-manager release --unset
# foreman-maintain packages update
# reboot
Python (Not sure if this is really required or has been added to leapp scripts, it's still recommended in official documents):
Risk Factor: high
Title: Difference in Python versions and support in RHEL 8
Summary: In RHEL 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages. Read more here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_basic_system_settings/#using-python3
Remediation: [hint] Please run "alternatives --set python /usr/bin/python3" after upgrade
Note: For Capsule upgrades, refer below to links
https://access.redhat.com/solutions/6986053
https://access.redhat.com/labs/satelliteupgradehelper/
Disable old Satellite 6.11 repository:
# subscription-manager repos --disable satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
Enable the satellite-6.12-for-rhel-8-x86_64-rpms repository on the Red Hat Satellite server along with the satellite-maintenance-6.12-for-rhel-8-x86_64-rpms repository using the following command(s):
# subscription-manager repos --enable satellite-6.12-for-rhel-8-x86_64-rpms
# subscription-manager repos --enable satellite-maintenance-6.12-for-rhel-8-x86_64-rpms
Ensure the Satellite module is enabled:
# dnf module list | grep satellite
If not, enable it:
# dnf module enable satellite
Run the following command to list the available target versions to upgrade to:
# satellite-maintain upgrade list-versions
Checking for new version of satellite-maintain...
Nothing to update, can't find new version of satellite-maintain.
6.11.z
6.12
Note: Re-run the above command if only the satellite-maintain related packages were updated in the previous attempt.
Run an upgrade check (Optional, this is run anyway):
# satellite-maintain upgrade check --target-version 6.12
Run the Satellite 6.12 Upgrade:
# satellite-maintain upgrade run --target-version 6.12
Checking for new version of satellite-maintain...
Nothing to update, can't find new version of satellite-maintain.
Running preparation steps required to run the next scenarios
================================================================================
Check whether system has any non Red Hat repositories (e.g.: EPEL) enabled:
| Checking repositories enabled on the system [OK]
--------------------------------------------------------------------------------
Running Checks before upgrading to Satellite 6.12
================================================================================
Check number of fact names in database: [OK]
--------------------------------------------------------------------------------
Check whether all services are running: [OK]
--------------------------------------------------------------------------------
Check whether all services are running using the ping call: [OK]
--------------------------------------------------------------------------------
Check for paused tasks: [FAIL]
There are currently 5 paused tasks in the system
--------------------------------------------------------------------------------
There are multiple steps to proceed:
1) Resume paused tasks
2) Delete paused tasks
3) Investigate the tasks via UI
Select step to continue, [n(next)] 2
Delete tasks:
/ Deleted paused tasks: 5 [OK]
--------------------------------------------------------------------------------
Rerunning the check after fix procedure
Check for paused tasks: [OK]
--------------------------------------------------------------------------------
Check to verify no empty CA cert requests exist: [OK]
--------------------------------------------------------------------------------
Check whether system is self-registered or not: [OK]
--------------------------------------------------------------------------------
Check to make sure root(/) partition has enough space: [OK]
--------------------------------------------------------------------------------
Check to make sure /var/lib/candlepin has enough space: [OK]
--------------------------------------------------------------------------------
Check to validate candlepin database: [OK]
--------------------------------------------------------------------------------
Check for running tasks: [OK]
--------------------------------------------------------------------------------
Check for old tasks in paused/stopped state: [FAIL]
Found 313 paused or stopped task(s) older than 30 days
--------------------------------------------------------------------------------
Continue with step [Delete old tasks]?, [y(yes), n(no)] y
Delete tasks:
/ Deleted old tasks: 313 [OK]
--------------------------------------------------------------------------------
Rerunning the check after fix procedure
Check for old tasks in paused/stopped state: [OK]
--------------------------------------------------------------------------------
Check for pending tasks which are safe to delete: [OK]
--------------------------------------------------------------------------------
Check for tasks in planning state: [OK]
--------------------------------------------------------------------------------
Check to verify if any hotfix installed on system:
\ Checking for presence of hotfix(es). It may take some time to verify.Reading Foreman protector configuration
*** Excluded total: 0
Nothing excluded by foreman-protector!
\ Checking for presence of hotfix(es). It may take some time to verify.
[OK]
--------------------------------------------------------------------------------
Check whether system has any non Red Hat repositories (e.g.: EPEL) enabled:
- Checking repositories enabled on the system [OK]
--------------------------------------------------------------------------------
Check if TMOUT environment variable is set: [OK]
--------------------------------------------------------------------------------
Check if any upstream repositories are enabled on system:
/ Checking for presence of upstream repositories [OK]
--------------------------------------------------------------------------------
Check for roles that have filters with multiple resources attached: [OK]
--------------------------------------------------------------------------------
Check for duplicate permissions from database: [OK]
--------------------------------------------------------------------------------
Check if system has any non Red Hat RPMs installed (e.g.: Fedora): [WARNING]
Found 1 unexpected non Red Hat Package(s) installed!
Package : Vendor
kernel-workaround-0.1-1.el8.noarch : (none)
--------------------------------------------------------------------------------
Check whether reports have correct associations: [OK]
--------------------------------------------------------------------------------
Check to validate yum configuration before upgrade: [OK]
--------------------------------------------------------------------------------
Check if checkpoint_segments configuration exists on the system: [OK]
--------------------------------------------------------------------------------
Validate availability of repositories:
| Validating availability of repositories for 6.12 [OK]
--------------------------------------------------------------------------------
Scenario [Checks before upgrading to Satellite 6.12] failed.
The following steps ended up in warning state:
[non-rh-packages]
The steps in warning state itself might not mean there is an error,
but it should be reviewed to ensure the behavior is expected
Continue with [Procedures before migrating to Satellite 6.12], [y(yes), n(no), q(quit)] y
Running Procedures before migrating to Satellite 6.12
================================================================================
disable active sync plans:
/ Total 1 sync plans are now disabled. [OK]
--------------------------------------------------------------------------------
Add maintenance_mode tables/chain to nftables/iptables: [OK]
--------------------------------------------------------------------------------
Stop applicable services:
Stopping the following service(s):
redis, postgresql, pulpcore-api, pulpcore-content, qdrouterd, qpidd, pulpcore-api.socket, pulpcore-content.socket, pulpcore-worker@1.service, pulpcore-worker@2.service, pulpcore-worker@3.service, pulpcore-worker@4.service, tomcat, dynflow-sidekiq@orchestrator, foreman, httpd, puppetserver, foreman.socket, dynflow-sidekiq@worker-1, dynflow-sidekiq@worker-hosts-queue-1, foreman-proxy
\ All services stopped [OK]
--------------------------------------------------------------------------------
Running Migration scripts to Satellite 6.12
================================================================================
Setup repositories:
- Configuring repositories for 6.12 [OK]
--------------------------------------------------------------------------------
Unlock packages: [OK]
--------------------------------------------------------------------------------
Update package(s) : [OK]
--------------------------------------------------------------------------------
Procedures::Installer::Upgrade: 2022-12-02 13:38:51 [NOTICE] [root] Loading installer configuration. This will take some time.
2022-12-02 13:38:56 [NOTICE] [root] Running installer with log based terminal output at level NOTICE.
2022-12-02 13:38:56 [NOTICE] [root] Use -l to set the terminal output log level to ERROR, WARN, NOTICE, INFO, or DEBUG. See --full-help for definitions.
2022-12-02 13:39:00 [WARN ] [pre] Skipping system checks.
2022-12-02 13:39:00 [WARN ] [pre] Skipping system checks.
2022-12-02 13:39:13 [NOTICE] [configure] Starting system configuration.
2022-12-02 13:39:33 [NOTICE] [configure] 250 configuration steps out of 2073 steps complete.
2022-12-02 13:39:55 [NOTICE] [configure] 500 configuration steps out of 2077 steps complete.
2022-12-02 13:39:58 [NOTICE] [configure] 750 configuration steps out of 2082 steps complete.
2022-12-02 13:40:03 [NOTICE] [configure] 1000 configuration steps out of 2085 steps complete.
2022-12-02 13:40:06 [NOTICE] [configure] 1250 configuration steps out of 2124 steps complete.
2022-12-02 13:45:06 [NOTICE] [configure] 1500 configuration steps out of 2125 steps complete.
2022-12-02 13:45:53 [NOTICE] [configure] 1750 configuration steps out of 2977 steps complete.
2022-12-02 13:45:54 [NOTICE] [configure] 2000 configuration steps out of 2977 steps complete.
2022-12-02 13:45:55 [NOTICE] [configure] 2250 configuration steps out of 2977 steps complete.
2022-12-02 13:45:56 [NOTICE] [configure] 2500 configuration steps out of 2977 steps complete.
2022-12-02 13:46:13 [NOTICE] [configure] 2750 configuration steps out of 2977 steps complete.
2022-12-02 13:49:28 [NOTICE] [configure] System configuration has finished.
Success!
* Satellite is running at https://satellite.localdomain
* To install an additional Capsule on separate machine continue by running:
capsule-certs-generate --foreman-proxy-fqdn "$CAPSULE" --certs-tar "/root/$CAPSULE-certs.tar"
* Capsule is running at https://satellite.localdomain:9090
The full log is at /var/log/foreman-installer/satellite.log
Package versions are being locked.
[OK]
--------------------------------------------------------------------------------
Execute upgrade:run rake task: [OK]
--------------------------------------------------------------------------------
Running Procedures after migrating to Satellite 6.12
================================================================================
Refresh detected features: [OK]
--------------------------------------------------------------------------------
Start applicable services:
Starting the following service(s):
redis, postgresql, pulpcore-api, pulpcore-content, qdrouterd, qpidd, pulpcore-worker@1.service, pulpcore-worker@2.service, pulpcore-worker@3.service, pulpcore-worker@4.service, tomcat, dynflow-sidekiq@orchestrator, foreman, httpd, puppetserver, dynflow-sidekiq@worker-1, dynflow-sidekiq@worker-hosts-queue-1, foreman-proxy
- All services started [OK]
--------------------------------------------------------------------------------
re-enable sync plans:
- Total 1 sync plans are now enabled. [OK]
--------------------------------------------------------------------------------
Remove maintenance mode table/chain from nftables/iptables: [OK]
--------------------------------------------------------------------------------
Running Checks after upgrading to Satellite 6.12
================================================================================
Check number of fact names in database: [OK]
--------------------------------------------------------------------------------
Check whether all services are running: [OK]
--------------------------------------------------------------------------------
Check whether all services are running using the ping call: [OK]
--------------------------------------------------------------------------------
Check for paused tasks: [OK]
--------------------------------------------------------------------------------
Check to verify no empty CA cert requests exist: [OK]
--------------------------------------------------------------------------------
Check whether system is self-registered or not: [OK]
--------------------------------------------------------------------------------
Check if only installed assets are present on the system:
/ Checking for presence of non-original assets... [OK]
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Upgrade finished.
If using a BASH shell, after a successful or failed upgrade, enter:
# hash -d satellite-maintain service 2> /dev/null
Upgrade Virt-Who (May be already upgraded):
# yum upgrade virt-who
# systemctl restart virt-who.service
Stop Satellite and Reboot:
# satellite-maintain service stop
# reboot
Check Satellite and RHEL Version:
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
Sample Leapp pre-upgrade report
============================================================
UPGRADE INHIBITED
============================================================
Upgrade has been inhibited due to the following problems:
1. Inhibitor: Old PostgreSQL data found in /var/lib/pgsql/data
2. Inhibitor: Leapp detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed.
3. Inhibitor: Missing required answers in the answer file
Consult the pre-upgrade report for details and possible remediation.
============================================================
UPGRADE INHIBITED
============================================================
Debug output written to /var/log/leapp/leapp-upgrade.log
============================================================
REPORT
============================================================
A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt
============================================================
END OF REPORT
============================================================
Answerfile has been generated at /var/log/leapp/answerfile
[root@satellite ~]# cat /var/log/leapp/leapp-report.txt
Risk Factor: high (inhibitor)
Title: Old PostgreSQL data found in /var/lib/pgsql/data
Summary: The upgrade wants to move PostgreSQL data to /var/lib/pgsql/data,
but this directory already exists on your system.
Please make sure /var/lib/pgsql/data doesn't exist prior to the upgrade.
Key: d10f8ee9e6bc4b73daff9c33671d1516136d53d8
----------------------------------------
Risk Factor: high (inhibitor)
Title: Leapp detected loaded kernel drivers which have been removed in RHEL 8. Upgrade cannot proceed.
Summary: Support for the following RHEL 7 device drivers has been removed in RHEL 8:
- pata_acpi
Key: f08a07da902958defa4f5c2699fae9ec2eb67c5b
----------------------------------------
Risk Factor: high (inhibitor)
Title: Missing required answers in the answer file
Summary: One or more sections in answerfile are missing user choices: remove_pam_pkcs11_module_check.confirm
For more information consult https://leapp.readthedocs.io/en/latest/dialogs.html
Remediation: [hint] Please register user choices with leapp answer cli command or by manually editing the answerfile.
[command] leapp answer --section remove_pam_pkcs11_module_check.confirm=True
Key: d35f6c6b1b1fa6924ef442e3670d90fa92f0d54b
----------------------------------------
Risk Factor: high
Title: Packages available in excluded repositories will not be installed
Summary: 7 packages will be skipped because they are available only in target system repositories that are intentionally excluded from the list of repositories used during the upgrade. See the report message titled "Excluded target system repositories" for details.
The list of these packages:
- gdk-pixbuf2-xlib (repoid: codeready-builder-for-rhel-8-x86_64-rpms)
- ivy-local (repoid: codeready-builder-for-rhel-8-x86_64-rpms)
- javapackages-filesystem (repoid: codeready-builder-for-rhel-8-x86_64-rpms)
- python3-httplib2 (repoid: codeready-builder-for-rhel-8-x86_64-rpms)
- python3-javapackages (repoid: codeready-builder-for-rhel-8-x86_64-rpms)
- python3-pyxattr (repoid: codeready-builder-for-rhel-8-x86_64-rpms)
- rpcgen (repoid: codeready-builder-for-rhel-8-x86_64-rpms)
Key: 2437e204808f987477c0e9be8e4c95b3a87a9f3e
----------------------------------------
Risk Factor: high
Title: Packages not signed by Red Hat found on the system
Summary: The following packages have not been signed by Red Hat and may be removed during the upgrade process in case Red Hat-signed packages to be removed during the upgrade depend on them:
- katello-default-ca
- katello-server-ca
- localhost-tomcat
- pulp-client
- qpid_router_katello_agent-qpid-router-client
- satellite.localdomain-apache
- satellite.localdomain-foreman-client
- satellite.localdomain-foreman-proxy
- satellite.localdomain-foreman-proxy-client
- satellite.localdomain-puppet-client
- satellite.localdomain-qpid-broker
- satellite.localdomain-qpid-client-cert
- satellite.localdomain-qpid-router-client
- satellite.localdomain-qpid-router-server
- satellite.localdomain-tomcat
Key: 13f0791ae5f19f50e7d0d606fb6501f91b1efb2c
----------------------------------------
Risk Factor: high
Title: GRUB core will be updated during upgrade
Summary: On legacy (BIOS) systems, GRUB core (located in the gap between the MBR and the first partition) does not get automatically updated when GRUB is upgraded.
Key: baa75fad370c42fd037481909201cde9495dacf4
----------------------------------------
Risk Factor: high
Title: Difference in Python versions and support in RHEL 8
Summary: In RHEL 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages. Read more here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/configuring_basic_system_settings/#using-python3
Remediation: [hint] Please run "alternatives --set python /usr/bin/python3" after upgrade
Key: 0c98585b1d8d252eb540bf61560094f3495351f5
----------------------------------------
Risk Factor: medium
Title: Satellite PostgreSQL data migration
Summary: Your PostgreSQL data will be automatically migrated.
Key: 66a150516fb9a6fac8a6297cfe3f7751185b0a14
----------------------------------------
Risk Factor: medium
Title: chrony using default configuration
Summary: default chrony configuration in RHEL8 uses leapsectz directive, which cannot be used with leap smearing NTP servers, and uses a single pool directive instead of four server directives
Key: c4222ebd18730a76f6bc7b3b66df898b106e6554
----------------------------------------
Risk Factor: low
Title: Some enabled RPM repositories are unknown to Leapp
Summary: The following repositories with Red Hat-signed packages are unknown to Leapp:
- rhel-server-rhscl-7-rpms
- rhel-7-server-satellite-6.11-rpms
- rhel-7-server-ansible-2.9-rpms
And the following packages installed from those repositories may not be upgraded:
- tfm-pulpcore-python3-pygtrie
- rh-postgresql12-postgresql-contrib-syspaths
- foreman-installer-katello
- rh-postgresql12-syspaths
- katello-client-bootstrap
- tfm-rubygem-tzinfo
- tfm-pulpcore-python3-requirements-parser
- tfm-rubygem-activerecord
- tfm-pulpcore-python3-dateutil
- ansible-test
- tfm-pulpcore-python3-ansible-builder
- tfm-pulpcore-python3-psycopg2
- rh-python38-runtime
- tfm-pulpcore-python3-uritemplate
- tfm-rubygem-rainbow
- tfm-pulpcore-python3-jsonschema
- tfm-pulpcore-python3-django-lifecycle
- tfm-pulpcore-python3-yarl
- tfm-pulpcore-python3-ecdsa
- rubygem-foreman_maintain
- tfm-rubygem-foreman_discovery
- tfm-pulpcore-python3-mccabe
- tfm-rubygem-ovirt-engine-sdk
- libsolv
- tfm-rubygem-hammer_cli_foreman_tasks
- tfm-rubygem-kafo_parsers
- tfm-pulpcore-python3-asyncio-throttle
- tfm-rubygem-ldap_fluff
- tfm-pulpcore-python3-certifi
- createrepo_c-libs
- tfm-pulpcore-python3-django-import-export
- satellite-common
- foreman-openstack
- tfm-pulpcore-python3-six
- tfm-rubygem-actionpack
- tfm-pulpcore-python3-naya
- tfm-rubygem-smart_proxy_remote_execution_ssh
- tfm-rubygem-pulp_deb_client
- rh-maven36-javapackages-tools
- tfm-pulpcore-python3-packaging
- tfm-rubygem-foreman-tasks
- tfm-rubygem-bcrypt
- tfm-rubygem-pulp_file_client
- tfm-pulpcore-python3-inflection
- foreman-postgresql
- satellite-cli
- python2-ansible-runner
- tfm-rubygem-activesupport
- tfm-pulpcore-runtime
- tfm-pulpcore-python3-requests
- tfm-pulpcore-python3-setuptools
- katello-selinux
- satellite-installer
- tfm-pulpcore-python3-aiofiles
- rh-ruby27-rubygems
- katello-debug
- rubygem-highline
- ansiblerole-foreman_scap_client
- rh-maven36-runtime
- ansible-collection-redhat-satellite
- tfm-pulpcore-python3-xlwt
- tfm-rubygem-actioncable
- foreman-proxy
- tfm-pulpcore-python3-asgiref
- tfm-pulpcore-python3-gunicorn
- tfm-pulpcore-python3-defusedxml
- tfm-rubygem-foreman_ansible
- tfm-pulpcore-python3-charset-normalizer
- tfm-rubygem-smart_proxy_discovery
- tfm-pulpcore-python3-cffi
- tfm-pulpcore-python3-cchardet
- tfm-pulpcore-python3-idna
- tfm-pulpcore-python3-typing-extensions
- tfm-rubygem-msgpack
- rh-ruby27-rubygem-minitest
- foreman-cli
- tfm-pulpcore-python3-django-prometheus
- tfm-pulpcore-python3-pyOpenSSL
- candlepin-selinux
- tfm-rubygem-rails
- python2-libcomps
- tfm-rubygem-activerecord-import
- tfm-pulpcore-python3-bindep
- tfm-rubygem-nio4r
- tfm-pulpcore-python3-pulp-ansible
- tfm-pulpcore-python3-markdown
- tfm-pulpcore-python3-pulpcore
- tfm-rubygem-dynflow
- rh-python38-python-setuptools-wheel
- tfm-rubygem-sqlite3
- rh-ruby27-rubygem-io-console
- tfm-pulpcore-python3-dynaconf
- libsolv0
- tfm-pulpcore-python3-pycares
- tfm-pulpcore-python3-pyflakes
- rh-ruby27-rubygem-irb
- foreman-dynflow-sidekiq
- tfm-rubygem-fog-vsphere
- tfm-rubygem-foreman_azure_rm
- tfm-rubygem-qpid_proton
- rh-ruby27-rubygem-bigdecimal
- tfm-pulpcore-python3-prometheus-client
- tfm-pulpcore-python3-bleach-allowlist
- tfm-pulpcore-python3-pyparsing
- rh-ruby27-ruby
- rh-ruby27-rubygem-rdoc
- tfm-rubygem-foreman_bootdisk
- tfm-rubygem-hammer_cli_foreman_remote_execution
- tfm-pulpcore-python3-solv
- tfm-rubygem-actionmailbox
- tfm-pulpcore-python3-multidict
- foreman-service
- tfm-pulpcore-python3-bleach
- tfm-pulpcore-python3-attrs
- tfm-pulpcore-python3-zipp
- rh-postgresql12-runtime
- rh-postgresql12-postgresql-server-syspaths
- tfm-rubygem-pulp_python_client
- ansible-collection-redhat-satellite_operations
- tfm-pulpcore-python3-webencodings
- tfm-pulpcore-python3-click
- rh-ruby27-rubygem-psych
- foreman-debug
- tfm-pulpcore-python3-redis
- ansible-runner
- rh-ruby27-rubygem-did_you_mean
- tfm-pulpcore-python3-sqlparse
- tfm-rubygem-smart_proxy_ansible
- tfm-pulpcore-python3-whitenoise
- katello-common
- rh-ruby27-rubygem-openssl
- rh-postgresql12-postgresql-syspaths
- tfm-rubygem-hammer_cli_foreman
- rh-ruby27-rubygem-json
- tfm-rubygem-smart_proxy_pulp
- katello
- tfm-pulpcore-python3-aiohttp
- tfm-rubygem-pulp_certguard_client
- tfm-pulpcore-python3-productmd
- rh-maven36-xalan-j2
- tfm-rubygem-mqtt
- tfm-rubygem-websocket-driver
- tfm-rubygem-rubyipmi
- tfm-pulpcore-python3-brotli
- tfm-pulpcore-python3-django-guardian
- tfm-rubygem-sinatra
- tfm-pulpcore-python3-django-guid
- tfm-rubygem-hammer_cli_foreman_virt_who_configure
- tfm-rubygem-actiontext
- tfm-rubygem-katello
- rh-maven36-xml-commons-apis
- foreman-selinux
- tfm-pulpcore-python3-djangorestframework-queryfields
- tfm-rubygem-unicode
- tfm-rubygem-pulpcore_client
- tfm-pulpcore-python3-jinja2
- tfm-pulpcore-python3-pyjwt
- tfm-pulpcore-python3-pulp-certguard
- tfm-pulpcore-python3-django-readonly-field
- rubygem-clamp
- tfm-rubygem-rack
- tfm-rubygem-puma
- tfm-rubygem-foreman_openscap
- tfm-pulpcore-python3-pytz
- tfm-rubygem-foreman_virt_who_configure
- tfm-pulpcore-python3-createrepo_c
- tfm-pulpcore-python3-aiosignal
- tfm-rubygem-pulp_ansible_client
- tfm-pulpcore-python3-distro
- tfm-pulpcore-python3-async-timeout
- tfm-rubygem-hammer_cli_foreman_discovery
- rh-ruby27-rubygem-bundler
- tfm-pulpcore-python3-async-lru
- rh-python38-python-setuptools
- tfm-rubygem-railties
- tfm-rubygem-foreman_theme_satellite
- tfm-pulpcore-python3-rhsm
- puppet-agent
- tfm-rubygem-get_process_mem
- tfm-rubygem-smart_proxy_dynflow_core
- rh-ruby27-rubygem-racc
- rh-ruby27-rubygem-rake
- tfm-pulpcore-python3-pygobject
- tfm-rubygem-hammer_cli_foreman_azure_rm
- foreman-vmware
- tfm-rubygem-foreman_puppet
- tfm-pulpcore-python3-flake8
- tfm-rubygem-hammer_cli
- rh-ruby27-ruby-libs
- tfm-rubygem-openscap
- tfm-rubygem-ffi
- tfm-pulpcore-python3-importlib-resources
- tfm-rubygem-actionview
- tfm-pulpcore-python3-pyjwkest
- tfm-rubygem-pg
- tfm-rubygem-activemodel
- rh-redis5-redis
- rh-postgresql12-postgresql
- puppet-agent-oauth
- tfm-rubygem-smart_proxy_dynflow
- rh-postgresql12-postgresql-server
- tfm-pulpcore-python3-markuppy
- tfm-pulpcore-python3-aiodns
- tfm-pulpcore-python3-gnupg
- tfm-rubygem-hammer_cli_foreman_openscap
- rh-maven36-javapackages-filesystem
- tfm-pulpcore-python3-aiohttp-xmlrpc
- tfm-rubygem-foreman_leapp
- tfm-rubygem-redis
- rh-python38-python-libs
- tfm-pulpcore-python3-cryptography
- rh-postgresql12-postgresql-contrib
- tfm-pulpcore-python3-pyyaml
- rh-maven36-xerces-j2
- libmodulemd2
- rh-python38-python-pip-wheel
- tfm-rubygem-rkerberos
- tfm-pulpcore-python3-semantic-version
- tfm-rubygem-mustermann
- tfm-pulpcore-python3-pycparser
- tfm-pulpcore-python3-django-filter
- tfm-rubygem-unf_ext
- libcomps
- tfm-rubygem-foreman_rh_cloud
- tfm-pulpcore-python3-aioredis
- tfm-pulpcore-python3-et-xmlfile
- tfm-pulpcore-python3-drf-access-policy
- ansible
- rh-ruby27-runtime
- tfm-pulpcore-python3-libcomps
- tfm-pulpcore-python3-django
- tfm-rubygem-anemone
- tfm-pulpcore-python3-pulp-container
- tfm-rubygem-hammer_cli_foreman_webhooks
- tfm-rubygem-ruby2_keywords
- tfm-pulpcore-python3-future
- rh-python38-python
- ansiblerole-insights-client
- rh-maven36-xml-commons-resolver
- rh-redis5-runtime
- tfm-pulpcore-python3-xlrd
- tfm-pulpcore-python3-galaxy-importer
- katello-certs-tools
- tfm-pulpcore-python3-djangorestframework
- candlepin
- tfm-pulpcore-python3-pulp-file
- tfm-rubygem-activejob
- tfm-pulpcore-python3-iniparse
- tfm-pulpcore-python3-pycryptodomex
- tfm-pulpcore-python3-openpyxl
- tfm-pulpcore-python3-frozenlist
- tfm-pulpcore-python3-colorama
- tfm-rubygem-pulp_container_client
- foreman-ec2
- tfm-pulpcore-python3-tablib
- dynflow-utils
- tfm-rubygem-sidekiq
- foreman
- satellite
- rh-postgresql12-postgresql-libs
- foreman-installer
- tfm-pulpcore-python3-drf-nested-routers
- puppetserver
- tfm-pulpcore-python3-pycodestyle
- tfm-rubygem-ruby-libvirt
- tfm-pulpcore-python3-importlib-metadata
- foreman-ovirt
- tfm-rubygem-pulp_rpm_client
- tfm-pulpcore-python3-urlman
- foreman-libvirt
- tfm-rubygem-pulp_ostree_client
- tfm-rubygem-azure_mgmt_network
- tfm-rubygem-hammer_cli_foreman_puppet
- tfm-pulpcore-python3-urllib3
- tfm-pulpcore-python3-idna-ssl
- tfm-rubygem-foreman_remote_execution
- tfm-pulpcore-python3-lxml
- tfm-pulpcore-python3-pyrsistent
- tfm-rubygem-actionmailer
- tfm-pulpcore-python3-pycairo
- tfm-pulpcore-python3-markupsafe
- foreman-gce
- tfm-pulpcore-python3-drf-spectacular
- tfm-rubygem-hammer_cli_katello
- tfm-pulpcore-python3-backoff
- createrepo_c
- tfm-pulpcore-python3-odfpy
- tfm-pulpcore-python3-pbr
- tfm-pulpcore-python3-pulp-rpm
- pulpcore-selinux
- tfm-pulpcore-python3-diff-match-patch
- tfm-pulpcore-python3-parsley
- tfm-pulpcore-python3-django-currentuser
- tfm-pulpcore-python3-url-normalize
- tfm-rubygem-activestorage
Remediation: [hint] You can file a request to add this repository to the scope of in-place upgrades by filing a support ticket
Key: 8e89e20c645cea600b240156071d81c64daab7ad
----------------------------------------
Risk Factor: low
Title: Grep has incompatible changes in the next major version
Summary: If a file contains data improperly encoded for the current locale, and this is discovered before any of the file's contents are output, grep now treats the file as binary.
The 'grep -P' no longer reports an error and exits when given invalid UTF-8 data. Instead, it considers the data to be non-matching.
In locales with multibyte character encodings other than UTF-8, grep -P now reports an error and exits instead of misbehaving.
When searching binary data, grep now may treat non-text bytes as line terminators. This can boost performance significantly.
The 'grep -z' no longer automatically treats the byte '\200' as binary data.
Context no longer excludes selected lines omitted because of -m. For example, 'grep "^" -m1 -A1' now outputs the first two input lines, not just the first line.
Remediation: [hint] Please update your scripts to be compatible with the changes.
Key: 94665a499e2eeee35eca3e7093a7abe183384b16
----------------------------------------
Risk Factor: low
Title: SElinux will be set to permissive mode
Summary: SElinux will be set to permissive mode. Current mode: enforcing. This action is required by the upgrade process to make sure the upgraded system can boot without beinig blocked by SElinux rules.
Remediation: [hint] Make sure there are no SElinux related warnings after the upgrade and enable SElinux manually afterwards. Notice: You can ignore the "/root/tmp_leapp_py3" SElinux warnings.
Key: 39d7183dafba798aa4bbb1e70b0ef2bbe5b1772f
----------------------------------------
Risk Factor: low
Title: Dosfstools incompatible changes in the next major version
Summary: The automatic alignment of data clusters that was added in 3.0.8 and broken for FAT32 starting with 3.0.20 has been reinstated. If you need to create file systems for finicky devices that have broken FAT implementations use the option -a to disable alignment.
The fsck.fat now defaults to interactive repair mode which previously had to be selected with the -r option.
Remediation: [hint] Please update your scripts to be compatible with the changes.
Key: c75fe5e06c70d9e764703fa2611f917c75946226
----------------------------------------
Risk Factor: low
Title: Postfix has incompatible changes in the next major version
Summary: Postfix 3.x has so called "compatibility safety net" that runs Postfix programs with backwards-compatible default settings. It will log a warning whenever backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net.
The backward compatibility safety net is by default turned off in Red Hat Enterprise Linux 8.
It can be turned on by running: "postconf -e compatibility_level=0
It can be turned off by running: "postconf -e compatibility_level=2
In the Postfix MySQL database client, the default "option_group" value has changed to "client", i.e. it now reads options from the [client] group from the MySQL configuration file. To disable it, set "option_group" to the empty string.
The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment.
Postfix 3.2 enables elliptic curve negotiation. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter "tls_eecdh_auto_curves" with the names of curves that may be negotiated.
The "master.cf" chroot default value has changed from "y" (yes) to "n" (no). This applies to master.cf services where chroot field is not explicitly specified.
The "append_dot_mydomain" default value has changed from "yes" to "no". You may need changing it to "yes" if senders cannot use complete domain names in e-mail addresses.
The "relay_domains" default value has changed from "$mydestination" to the empty value. This could result in unexpected "Relay access denied" errors or ETRN errors, because now will postfix by default relay only for the localhost.
The "mynetworks_style" default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could result in unexpected "access denied" errors, because postfix will now by default trust only the local machine, not the remote SMTP clients on the same IP subnetwork.
Postfix now supports dynamically loaded database plugins. Plugins are shipped in individual RPM sub-packages. Correct database plugins have to be installed, otherwise the specific database client will not work. For example for PostgreSQL map to work, the postfix-pgsql RPM package has to be installed.
Key: 5721e0a07a67d82cf7e5ea6f17662cd4f82e0a33
----------------------------------------
Risk Factor: info
Title: Excluded target system repositories
Summary: The following repositories are not supported by Red Hat and are excluded from the list of repositories used during the upgrade.
- codeready-builder-beta-for-rhel-8-s390x-rpms
- rhui-codeready-builder-for-rhel-8-x86_64-rhui-rpms
- codeready-builder-for-rhel-8-aarch64-eus-rpms
- codeready-builder-for-rhel-8-ppc64le-eus-rpms
- codeready-builder-beta-for-rhel-8-x86_64-rpms
- codeready-builder-for-rhel-8-aarch64-rpms
- codeready-builder-for-rhel-8-s390x-rpms
- codeready-builder-for-rhel-8-s390x-eus-rpms
- codeready-builder-for-rhel-8-x86_64-eus-rpms
- codeready-builder-beta-for-rhel-8-aarch64-rpms
- codeready-builder-for-rhel-8-rhui-rpms
- codeready-builder-beta-for-rhel-8-ppc64le-rpms
- codeready-builder-for-rhel-8-x86_64-rpms
- codeready-builder-for-rhel-8-ppc64le-rpms
Remediation: [hint] If some of excluded repositories are still required to be used during the upgrade, execute leapp with the --enablerepo option with the repoid of the repository required to be enabled as an argument (the option can be used multiple times).
Key: 1b9132cb2362ae7830e48eee7811be9527747de8
----------------------------------------
Risk Factor: info
Title: SElinux relabeling will be scheduled
Summary: SElinux relabeling will be scheduled as the status is permissive/enforcing.
Key: 8fb81863f8413bd617c2a55b69b8e10ff03d7c72
----------------------------------------
Risk Factor: info
Title: Current PAM and nsswitch.conf configuration will be kept.
Summary: There is a new tool called authselect in RHEL8 that replaced authconfig. The upgrade process was unable to find an authselect profile that would be equivalent to your current configuration. Therefore your configuration will be left intact.
Key: 40c4ab1da4a30dc1ca40e543f6385e1336d8810c
----------------------------------------