Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inhibit upgrades with unsupported XFS #1318

Merged
merged 1 commit into from
Jan 29, 2025
Merged

Inhibit upgrades with unsupported XFS #1318

merged 1 commit into from
Jan 29, 2025

Conversation

dkubek
Copy link
Member

@dkubek dkubek commented Dec 9, 2024
edited by pirat89
Loading

Kernel in RHEL 10 drops support of XFS v4 format file systems and such file systems will not be possible to mount there anymore. Also, RHEL 10 systems will be challenged by Y2K38 problem. XFS file system resolves that by bigtime feature, however, this feature could be manually disabled when creating the file system and mainly it's available since RHEL 9. So all XFS file systems created earlier will not have this enabled - unless users do it on RHEL 9 manually. Note that this will be problem for all systems with XFS which upgraded from previous RHEL versions.

For this reason, inhibit the upgrade if any mounted XFS file systems have old XFS v4 format (detect crc=0).

Instead of inhibiting upgrade when the bigtime feature is disabled (bigtime=0 or missing) a low severity report is created as there is still time until this issue will be present and other solutions are being worked on.

Introduces new model XFSInfoFacts which collects parsed information about all mounted XFS file systems. Note that as we use only a few values from xfs_info utility, models specify now just this limited amount of values as well to limit the burden of maintanance and risk of issues. However expected design of the model is already prepared and other expected fields are commented out in the code to make the further extension in future more simple for others. All values of XFS attributes are now represented as strings.

Introduce shortened-urls:

JIRA:
RHELMISC-8212 (spike)
RHEL-60034
RHEL-52309

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 9, 2024

Thank you for contributing to the Leapp project!

Please note that every PR needs to comply with the Leapp Guidelines and must pass all tests in order to be mergeable.
If you want to request a review or rebuild a package in copr, you can use following commands as a comment:

  • review please @oamg/developers to notify leapp developers of the review request
  • /packit copr-build to submit a public copr build using packit

Packit will automatically schedule regression tests for this PR's build and latest upstream leapp build.
However, here are additional useful commands for packit:

  • /packit test to re-run manually the default tests
  • /packit retest-failed to re-run failed tests manually
  • /packit test oamg/leapp#42 to run tests with leapp builds for the leapp PR#42 (default is latest upstream - main - build)

Note that first time contributors cannot run tests automatically - they need to be started by a reviewer.

It is possible to schedule specific on-demand tests as well. Currently 2 test sets are supported, beaker-minimal and kernel-rt, both can be used to be run on all upgrade paths or just a couple of specific ones.
To launch on-demand tests with packit:

  • /packit test --labels kernel-rt to schedule kernel-rt tests set for all upgrade paths
  • /packit test --labels beaker-minimal-8.10to9.4,kernel-rt-8.10to9.4 to schedule kernel-rt and beaker-minimal test sets for 8.10->9.4 upgrade path

See other labels for particular jobs defined in the .packit.yaml file.

Please open ticket in case you experience technical problem with the CI. (RH internal only)

Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please contact leapp-infra.

@dkubek dkubek marked this pull request as draft December 9, 2024 12:00
@dkubek dkubek force-pushed the inhibit_xfs branch 2 times, most recently from 3dc52ca to 2bedbf8 Compare December 16, 2024 11:19
@dkubek
Copy link
Member Author

dkubek commented Dec 16, 2024

Note for reviewers. To test the code using different XFS configurations you can create the filesystem in a file:

# 1. Create a sparse file
fallocate -l 500M test_xfs.img

# 2. Format the file with an XFS filesystem (for example, with crc 0)
mkfs.xfs -f test_xfs.img  -m crc=0

# 3. Create a mount point
mkdir -p /mnt/test_xfs

# 4. Attach the file to a loop device
LOOP_DEVICE=$(losetup -f --show test_xfs.img)

# 5. Mount the loop device
mount $LOOP_DEVICE /mnt/test_xfs

@dkubek dkubek marked this pull request as ready for review December 16, 2024 11:33
@pirat89 pirat89 added this to the 8.10/9.6 milestone Jan 9, 2025
@dkubek dkubek force-pushed the inhibit_xfs branch 2 times, most recently from 43326a9 to e703137 Compare January 13, 2025 16:08
@pirat89 pirat89 added the shortened-urls PR is introducing new shortened red.ht URLs label Jan 13, 2025
@dkubek dkubek force-pushed the inhibit_xfs branch 3 times, most recently from 28cfde5 to b9eb6b5 Compare January 22, 2025 21:05
@dkubek dkubek force-pushed the inhibit_xfs branch 3 times, most recently from a762c4b to fb5c731 Compare January 24, 2025 08:40
@pirat89
Copy link
Member

pirat89 commented Jan 24, 2025
edited
Loading

Seems that errors in tests are caused by tests or infrastructure.

@dkubek dkubek force-pushed the inhibit_xfs branch 2 times, most recently from 253c8e9 to b2d51e7 Compare January 29, 2025 10:29
pirat89
pirat89 previously approved these changes Jan 29, 2025
View reviewed changes
Copy link
Member

@pirat89 pirat89 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - great job! I am doing some manual testing yet, I will merge it when I finish it, but giving approval already as I expect it will be ok

@dkubek
Add inhibitor for unsupported XFS
e24cc53 
Kernel in RHEL 10 drops support of XFS v4 format file systems and such
file systems will not be possible to mount there anymore. Also, RHEL 10
systems will be challenged by Y2K38 problem. XFS file system resolves
that by `bigtime` feature, however, this feature could be manually
disabled when creating the file system and mainly it's available since
RHEL 9. So all XFS file systems created earlier will not have this
enabled - unless users do it on RHEL 9 manually. Note that this will be
problem for all systems with XFS which upgraded from previous RHEL
versions.

For this reason, inhibit the upgrade if any mounted XFS file systems
have old XFS v4 format (detect `crc=0`).

Instead of inhibiting upgrade when the `bigtime` feature is disabled
(`bigtime=0` or missing) a low severity report is created as there is
still time until this issue will be present and other solutions are
being worked on.

Introduces new model `XFSInfoFacts` which collects parsed information
about all mounted XFS file systems. Note that as we use
only a few values from `xfs_info` utility, models specify now just this
limited amount of values as well to limit the burden of maintanance and
risk of issues. However expected design of the model is already prepared
and other expected fields are commented out in the code to make the
further extension in future more simple for others. All values of XFS
attributes are now represented as strings.

JIRA: RHELMISC-8212, RHEL-60034, RHEL-52309
@pirat89
Copy link
Member

pirat89 commented Jan 29, 2025

Initial setup (orig system is EXT4). Create and mount various XFS file systems

fallocate -l 500M test_xfs_nocrc.img
fallocate -l 500M test_xfs_crc_nobtime.img
fallocate -l 500M test_xfs_crc_btime.img

mkfs.xfs -f test_xfs_nocrc.img  -m crc=0
mkfs.xfs -f test_xfs_crc_nobtime.img  -m crc=1,bigtime=0
mkfs.xfs -f test_xfs_crc_btime.img  -m crc=1,bigtime=1

mkdir -p /mnt/test_xfs_{nocrc,crc_nobtime,crc_btime}
mount "$(losetup -f --show test_xfs_nocrc.img)" /mnt/test_xfs_nocrc
mount "$(losetup -f --show test_xfs_crc_nobtime.img)" /mnt/test_xfs_crc_nobtime/
mount "$(losetup -f --show test_xfs_crc_btime.img)" /mnt/test_xfs_crc_btime/

The report:

Risk Factor: high (inhibitor)
Title: Detected XFS filesystems incompatible with target kernel.
Summary: XFS v4 format has been deprecated and it has been removed from the target kernel. Such filesystems cannot be mounted by target system kernel and so the upgrade cannot proceed successfully. Following XFS filesystems have v4 format:
    - /mnt/test_xfs_nocrc
Related links:
    - Backing up an XFS file system: https://red.ht/rhel-9-xfs-backup
    - Restoring an XFS file system from backup: https://red.ht/rhel-9-xfs-restore-from-backup
Remediation: [hint] Migrate XFS v4 filesystems to new XFS v5 format. For filesystems hosting data, perform a back up, reformat, and restore procedure. Refer to official documentation for details. For filesystems hosting the system a clean installation is recommended instead.
Key: 32aa06fdac823fbaf1b7aee96956f869b402c9a9
----------------------------------------
Risk Factor: low
Title: Detected XFS filesystems without bigtime feature.
Summary: The XFS v5 filesystem format introduced the "bigtime" feature in RHEL 9, to support timestamps beyond the year 2038. XFS filesystems that do not have the "bigtime" feature enabled remain vulnerable to timestamp overflow issues. It is recommended to enable this feature on all XFS filesystems to ensure long-term compatibility and prevent potential failures. Following XFS file systems have not enabled the "bigtime" feature:
    - /mnt/test_xfs_crc_nobtime
    - /mnt/test_xfs_nocrc
Related links:
    - XFS supports bigtime feature: https://red.ht/rhel-9-xfs-bigtime
Remediation: [hint] Enable the "bigtime" feature on XFS v5 filesystems using the command:
        xfs_admin -O bigtime=1 <filesystem_device>

Note that for older XFS v5 filesystems this step can only be done offline right now (i.e. without the filesystem mounted).
Key: efdddcf24f48b61eabf1bac6592f6abba92182b1
----------------------------------------

@pirat89 pirat89 added enhancement New feature or request changelog-checked The merger/reviewer checked the changelog draft document and updated it when relevant labels Jan 29, 2025
pirat89
pirat89 reviewed Jan 29, 2025
View reviewed changes
repos/system_upgrade/el9toel10/actors/checkoldxfs/libraries/checkoldxfs.py
from leapp.libraries.stdlib import api
from leapp.models import XFSInfoFacts

RHEL_9_TO_10_BACKUP_RESTORE_LINK = 'https://red.ht/rhel_9_to_10_backup_restore_xfs'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah :D we forgot to drop it. nevermind. merging anyway. can be cleaned in furure.

@pirat89 pirat89 merged commit c5accf4 into oamg:main Jan 29, 2025
18 of 23 checks passed
pirat89 added a commit to pirat89/leapp-repository that referenced this pull request Feb 14, 2025
@pirat89
# Release 0.22.0
686adf4 
## Announce
This is the last upstream release covering IPU 7 -> 8. The
system_upgrade_el7toel8 repository is going to be removed from further
releases. Other artifacts related to IPU 7 -> 8 are going to be removed too.

In the same time it's the last release compatible with Python 2.7. Since now
we are going to develope and test the code only for Python 3.6 and newer.

## Packaging
- [IPU 9 -> 10] Require libdb-utils on RHEL 9 (oamg#1289)
- Require leapp-framework 6.0+ (oamg#1142)
- Update leapp-deps package to satisfy leapp_framework_deps 6 (oamg#1142)

## Upgrade handling
### Fixes
- Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs (oamg#1329)
- Cap max size of the sparse files to 1TiB when storage with large amount of space (oamg#1294)
- Fix IPU being blocked by resource limitations (oamg#1256)
- Fix pes events scanner crashing when there are duplicate packages in the received instructions (oamg#1296)
- Fix pes events scanner not respecting user’s transaction configuration (oamg#1296)
- Fix storage scanner crashing when command outputs contain colon character (oamg#1258)
- Fix the report when handling broken parsing of kernel cmdline (oamg#1290)
- Generate proper error message instead ModelViolationError when parsing invalid repository definition (oamg#1266)
- Handle default kernel cmdline when multiple boot entries for the default kernel are defined (oamg#1302)
- Load all available obsoleted keys (oamg#1286)
- Prevent a possible crash with LiveMode when adding the upgrade boot entry on LVM systems (oamg#1313)
- Prevent failure for upgrade paths when obsoleted keys are not defined (oamg#1285)
- [IPU 7 -> 8] Ignore invalid firewalld configuration (oamg#1341)
- [IPU 7 -> 8] scangrubdevpartitionlayout: Skip warning msgs from fdisk (oamg#1306)
- [IPU 8 -> 9] Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM (oamg#1275, oamg#1331, oamg#1339)
- [IPU 9 -> 10] Fix output of commands executed inside systemd-nspawn containers (oamg#1323)
- [IPU 9 -> 10] Fix remediation instructions for deprecated NM configuration (oamg#1330)
- [IPU 9 -> 10] Obsolete RHEL9 GPG key signed with SHA1 (oamg#1325)

### Enhancements
- Add RHEL 9.6 and 10.0 product certificates (oamg#1287, oamg#1309)
- Introduce new IPU paths 8.10 -> 9.6 and 9.6 -> 10.0 (oamg#1309)
- Add possibility to use net.naming-scheme (for IPU 8 -> 9 only for now) (oamg#1215, oamg#1312)
- Drop upgrade paths related to RHEL 8.8, 9.2, and 9.5 (oamg#1309, oamg#1344)
- Enable upgrade for EL8+ systems with LUKS bound to Clevis with TPM 2.0 token (oamg#1200)
- Enable upgrade with RHUI on Alibaba cloud for ARM machines (oamg#1277)
- Introduce a possibility to configure leapp actors covering RHUI on clouds (oamg#1142)
- Minor improvements in preupgrade reports (oamg#1315, oamg#1326, oamg#1342)
- Raise an inhibitor if unsupported target version supplied instead of error (oamg#1328)
- Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs (oamg#1297)
- Update leapp upgrade data files (oamg#1307)
- [IPU 9 -> 10] Cover upgrades for MySQL and PostgreSQL databases (oamg#1316, oamg#1343)
- [IPU 9 -> 10] Detect OpenSSL engines configured in /etc/pki/tls/openssl.cnf (oamg#1338)
- [IPU 9 -> 10] Detect XFS file systems with problematic parameters (oamg#1318)
- [IPU 9 -> 10] Detect deprecated network-scripts (ifcfg) files (oamg#1332, oamg#1347)
- [IPU 9 -> 10] Detect whether subscribed systems are using SCA (oamg#1333)
- [IPU 9 -> 10] Handle correctly switch of symlink to directory when upgrading Ruby IRB (oamg#1304)
- [IPU 9 -> 10] Inform user about Libdb removal if present (oamg#1319)
- [IPU 9 -> 10] Inhibit the upgrade for Intel CPUs with microarchitecture x86_64-v2 (oamg#1196)
- [IPU 9 -> 10] Move crypto-policies related actors to the system_upgrade_common repository to apply it for IPU 9 -> 10 as well
- [IPU 9 -> 10] Update checks for SAP HANA (oamg#1346)
- [IPU 9 -> 10] Update pam_userdb database backend for RHEL10 (oamg#1289)
pirat89 added a commit to pirat89/leapp-repository that referenced this pull request Feb 14, 2025
@pirat89
# Release 0.22.0
2975cde 
## Announce
This is the last upstream release covering IPU 7 -> 8. The
system_upgrade_el7toel8 repository is going to be removed from further
releases. Other artifacts related to IPU 7 -> 8 are going to be removed too.

In the same time it's the last release compatible with Python 2.7. Since now
we are going to develope and test the code only for Python 3.6 and newer.

## Packaging
- [IPU 9 -> 10] Require libdb-utils on RHEL 9 (oamg#1289)
- Require leapp-framework 6.0+ (oamg#1142)
- Update leapp-deps package to satisfy leapp_framework_deps 6 (oamg#1142)

## Upgrade handling
### Fixes
- Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs (oamg#1329)
- Cap max size of the sparse files to 1TiB when storage with large amount of space (oamg#1294)
- Fix IPU being blocked by resource limitations (oamg#1256)
- Fix pes events scanner crashing when there are duplicate packages in the received instructions (oamg#1296)
- Fix pes events scanner not respecting user’s transaction configuration (oamg#1296)
- Fix storage scanner crashing when command outputs contain colon character (oamg#1258)
- Fix the report when handling broken parsing of kernel cmdline (oamg#1290)
- Generate proper error message instead ModelViolationError when parsing invalid repository definition (oamg#1266)
- Handle default kernel cmdline when multiple boot entries for the default kernel are defined (oamg#1302)
- Load all available obsoleted keys (oamg#1286)
- Prevent a possible crash with LiveMode when adding the upgrade boot entry on LVM systems (oamg#1313)
- Prevent failure for upgrade paths when obsoleted keys are not defined (oamg#1285)
- [IPU 7 -> 8] Ignore invalid firewalld configuration (oamg#1341)
- [IPU 7 -> 8] scangrubdevpartitionlayout: Skip warning msgs from fdisk (oamg#1306)
- [IPU 8 -> 9] Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM (oamg#1275, oamg#1331, oamg#1339)
- [IPU 9 -> 10] Fix output of commands executed inside systemd-nspawn containers (oamg#1323)
- [IPU 9 -> 10] Fix remediation instructions for deprecated NM configuration (oamg#1330)
- [IPU 9 -> 10] Obsolete RHEL9 GPG key signed with SHA1 (oamg#1325)

### Enhancements
- Add RHEL 9.6 and 10.0 product certificates (oamg#1287, oamg#1309)
- Introduce new IPU paths 8.10 -> 9.6 and 9.6 -> 10.0 (oamg#1309)
- Add possibility to use net.naming-scheme (for IPU 8 -> 9 only for now) (oamg#1215, oamg#1312)
- Drop upgrade paths related to RHEL 8.8, 9.2, and 9.5 (oamg#1309, oamg#1344)
- Enable upgrade for EL8+ systems with LUKS bound to Clevis with TPM 2.0 token (oamg#1200)
- Enable upgrade with RHUI on Alibaba cloud for ARM machines (oamg#1277)
- Introduce a possibility to configure leapp actors covering RHUI on clouds (oamg#1142)
- Minor improvements in preupgrade reports (oamg#1315, oamg#1326, oamg#1342)
- Raise an inhibitor if unsupported target version supplied instead of error (oamg#1328)
- Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs (oamg#1297)
- Update leapp upgrade data files (oamg#1307)
- [IPU 9 -> 10] Cover upgrades for MySQL and PostgreSQL databases (oamg#1316, oamg#1343)
- [IPU 9 -> 10] Detect OpenSSL engines configured in /etc/pki/tls/openssl.cnf (oamg#1338)
- [IPU 9 -> 10] Detect XFS file systems with problematic parameters (oamg#1318)
- [IPU 9 -> 10] Detect deprecated network-scripts (ifcfg) files (oamg#1332, oamg#1347)
- [IPU 9 -> 10] Detect whether subscribed systems are using SCA (oamg#1333)
- [IPU 9 -> 10] Handle correctly switch of symlink to directory when upgrading Ruby IRB (oamg#1304)
- [IPU 9 -> 10] Inform user about Libdb removal if present (oamg#1319)
- [IPU 9 -> 10] Inhibit the upgrade for Intel CPUs with microarchitecture x86_64-v2 (oamg#1196)
- [IPU 9 -> 10] Move crypto-policies related actors to the system_upgrade_common repository to apply it for IPU 9 -> 10 as well
- [IPU 9 -> 10] Update checks for SAP HANA (oamg#1346)
- [IPU 9 -> 10] Update pam_userdb database backend for RHEL10 (oamg#1289)

## Additional changes interesting for devels
- Introducing new upstream documentation focused on the leapp-repository
  project at https://leapp-repository.readthedocs.io/introduce-docs/.
  The documentation is still under reconstruction at this time, however we
  consider it a big step. All PRs impacting stuff that should be documented
  will be required to do so before they could be merged.
@pirat89 pirat89 mentioned this pull request Feb 14, 2025
Merged
pirat89 added a commit to pirat89/leapp-repository that referenced this pull request Feb 14, 2025
@pirat89
# Release 0.22.0
ec65b72 
## Announce
This is the last upstream release covering IPU 7 -> 8. The
system_upgrade_el7toel8 repository is going to be removed from further
releases. Other artifacts related to IPU 7 -> 8 are going to be removed too.

In the same time it's the last release compatible with Python 2.7. Since now
we are going to develope and test the code only for Python 3.6 and newer.

## Packaging
- [IPU 9 -> 10] Require libdb-utils on RHEL 9 (oamg#1289)
- Require leapp-framework 6.0+ (oamg#1142)
- Update leapp-deps package to satisfy leapp_framework_deps 6 (oamg#1142)

## Upgrade handling
### Fixes
- Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs (oamg#1329)
- Cap max size of the sparse files to 1TiB when storage with large amount of space (oamg#1294)
- Fix IPU being blocked by resource limitations (oamg#1256)
- Fix pes events scanner crashing when there are duplicate packages in the received instructions (oamg#1296)
- Fix pes events scanner not respecting user’s transaction configuration (oamg#1296)
- Fix storage scanner crashing when command outputs contain colon character (oamg#1258)
- Fix the report when handling broken parsing of kernel cmdline (oamg#1290)
- Generate proper error message instead ModelViolationError when parsing invalid repository definition (oamg#1266)
- Handle default kernel cmdline when multiple boot entries for the default kernel are defined (oamg#1302)
- Load all available obsoleted keys (oamg#1286)
- Prevent a possible crash with LiveMode when adding the upgrade boot entry on LVM systems (oamg#1313)
- Prevent failure for upgrade paths when obsoleted keys are not defined (oamg#1285)
- [IPU 7 -> 8] Ignore invalid firewalld configuration (oamg#1341)
- [IPU 7 -> 8] scangrubdevpartitionlayout: Skip warning msgs from fdisk (oamg#1306)
- [IPU 8 -> 9] Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM (oamg#1275, oamg#1331, oamg#1339)
- [IPU 9 -> 10] Fix output of commands executed inside systemd-nspawn containers (oamg#1323)
- [IPU 9 -> 10] Fix remediation instructions for deprecated NM configuration (oamg#1330)
- [IPU 9 -> 10] Obsolete RHEL9 GPG key signed with SHA1 (oamg#1325)

### Enhancements
- Add RHEL 9.6 and 10.0 product certificates (oamg#1287, oamg#1309)
- Introduce new IPU paths 8.10 -> 9.6 and 9.6 -> 10.0 (oamg#1309)
- Add possibility to use net.naming-scheme (for IPU 8 -> 9 only for now) (oamg#1215, oamg#1312)
- Drop upgrade paths related to RHEL 8.8, 9.2, and 9.5 (oamg#1309, oamg#1344)
- Enable upgrade for EL8+ systems with LUKS bound to Clevis with TPM 2.0 token (oamg#1200)
- Enable upgrade with RHUI on Alibaba cloud for ARM machines (oamg#1277)
- Introduce a possibility to configure leapp actors covering RHUI on clouds (oamg#1142)
- Minor improvements in preupgrade reports (oamg#1315, oamg#1326, oamg#1342)
- Raise an inhibitor if unsupported target version supplied instead of error (oamg#1328)
- Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs (oamg#1297)
- Update leapp upgrade data files (oamg#1307)
- [IPU 9 -> 10] Cover upgrades for MySQL and PostgreSQL databases (oamg#1316, oamg#1343)
- [IPU 9 -> 10] Detect OpenSSL engines configured in /etc/pki/tls/openssl.cnf (oamg#1338)
- [IPU 9 -> 10] Detect XFS file systems with problematic parameters (oamg#1318)
- [IPU 9 -> 10] Detect deprecated network-scripts (ifcfg) files (oamg#1332, oamg#1347)
- [IPU 9 -> 10] Detect whether subscribed systems are using SCA (oamg#1333)
- [IPU 9 -> 10] Handle correctly switch of symlink to directory when upgrading Ruby IRB (oamg#1304)
- [IPU 9 -> 10] Inform user about Libdb removal if present (oamg#1319)
- [IPU 9 -> 10] Inhibit the upgrade for Intel CPUs with microarchitecture x86_64-v2 (oamg#1196)
- [IPU 9 -> 10] Move crypto-policies related actors to the system_upgrade_common repository to apply it for IPU 9 -> 10 as well
- [IPU 9 -> 10] Update checks for SAP HANA (oamg#1346)
- [IPU 9 -> 10] Update pam_userdb database backend for RHEL10 (oamg#1289)

## Additional changes interesting for devels
- Introducing new upstream documentation focused on the leapp-repository
  project at https://leapp-repository.readthedocs.io/introduce-docs/.
  The documentation is still under reconstruction at this time, however we
  consider it a big step. All PRs impacting stuff that should be documented
  will be required to do so before they could be merged.
pirat89 added a commit that referenced this pull request Feb 14, 2025
@pirat89
# Release 0.22.0
5187220 
## Announce
This is the last upstream release covering IPU 7 -> 8. The
system_upgrade_el7toel8 repository is going to be removed from further
releases. Other artifacts related to IPU 7 -> 8 are going to be removed too.

In the same time it's the last release compatible with Python 2.7. Since now
we are going to develope and test the code only for Python 3.6 and newer.

## Packaging
- [IPU 9 -> 10] Require libdb-utils on RHEL 9 (#1289)
- Require leapp-framework 6.0+ (#1142)
- Update leapp-deps package to satisfy leapp_framework_deps 6 (#1142)

## Upgrade handling
### Fixes
- Activate LVM VGs with `--sysinit` option to correct the use in the upgrade initramfs (#1329)
- Cap max size of the sparse files to 1TiB when storage with large amount of space (#1294)
- Fix IPU being blocked by resource limitations (#1256)
- Fix pes events scanner crashing when there are duplicate packages in the received instructions (#1296)
- Fix pes events scanner not respecting user’s transaction configuration (#1296)
- Fix storage scanner crashing when command outputs contain colon character (#1258)
- Fix the report when handling broken parsing of kernel cmdline (#1290)
- Generate proper error message instead ModelViolationError when parsing invalid repository definition (#1266)
- Handle default kernel cmdline when multiple boot entries for the default kernel are defined (#1302)
- Load all available obsoleted keys (#1286)
- Prevent a possible crash with LiveMode when adding the upgrade boot entry on LVM systems (#1313)
- Prevent failure for upgrade paths when obsoleted keys are not defined (#1285)
- [IPU 7 -> 8] Ignore invalid firewalld configuration (#1341)
- [IPU 7 -> 8] scangrubdevpartitionlayout: Skip warning msgs from fdisk (#1306)
- [IPU 8 -> 9] Fix problems with the bootloader when upgrading to RHEL 9.6 on ARM (#1275, #1331, #1339)
- [IPU 9 -> 10] Fix output of commands executed inside systemd-nspawn containers (#1323)
- [IPU 9 -> 10] Fix remediation instructions for deprecated NM configuration (#1330)
- [IPU 9 -> 10] Obsolete RHEL9 GPG key signed with SHA1 (#1325)

### Enhancements
- Add RHEL 9.6 and 10.0 product certificates (#1287, #1309)
- Introduce new IPU paths 8.10 -> 9.6 and 9.6 -> 10.0 (#1309)
- Add possibility to use net.naming-scheme (for IPU 8 -> 9 only for now) (#1215, #1312)
- Drop upgrade paths related to RHEL 8.8, 9.2, and 9.5 (#1309, #1344)
- Enable upgrade for EL8+ systems with LUKS bound to Clevis with TPM 2.0 token (#1200)
- Enable upgrade with RHUI on Alibaba cloud for ARM machines (#1277)
- Introduce a possibility to configure leapp actors covering RHUI on clouds (#1142)
- Minor improvements in preupgrade reports (#1315, #1326, #1342)
- Raise an inhibitor if unsupported target version supplied instead of error (#1328)
- Skip checking of (PKI) `directory-hash` dir to speedup the upgrade process and clean logs (#1297)
- Update leapp upgrade data files (#1307)
- [IPU 9 -> 10] Cover upgrades for MySQL and PostgreSQL databases (#1316, #1343)
- [IPU 9 -> 10] Detect OpenSSL engines configured in /etc/pki/tls/openssl.cnf (#1338)
- [IPU 9 -> 10] Detect XFS file systems with problematic parameters (#1318)
- [IPU 9 -> 10] Detect deprecated network-scripts (ifcfg) files (#1332, #1347)
- [IPU 9 -> 10] Detect whether subscribed systems are using SCA (#1333)
- [IPU 9 -> 10] Handle correctly switch of symlink to directory when upgrading Ruby IRB (#1304)
- [IPU 9 -> 10] Inform user about Libdb removal if present (#1319)
- [IPU 9 -> 10] Inhibit the upgrade for Intel CPUs with microarchitecture x86_64-v2 (#1196)
- [IPU 9 -> 10] Move crypto-policies related actors to the system_upgrade_common repository to apply it for IPU 9 -> 10 as well
- [IPU 9 -> 10] Update checks for SAP HANA (#1346)
- [IPU 9 -> 10] Update pam_userdb database backend for RHEL10 (#1289)

## Additional changes interesting for devels
- Introducing new upstream documentation focused on the leapp-repository
  project at https://leapp-repository.readthedocs.io/introduce-docs/.
  The documentation is still under reconstruction at this time, however we
  consider it a big step. All PRs impacting stuff that should be documented
  will be required to do so before they could be merged.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pirat89 pirat89 pirat89 approved these changes

Assignees
No one assigned
Labels
changelog-checked The merger/reviewer checked the changelog draft document and updated it when relevant enhancement New feature or request shortened-urls PR is introducing new shortened red.ht URLs
Projects
None yet
Milestone
8.10/9.6
Development

Successfully merging this pull request may close these issues.
2 participants
@dkubek @pirat89