現状
# cat /etc/os-release
NAME="AlmaLinux"
VERSION="8.10 (Cerulean Leopard)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.10 (Cerulean Leopard)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"
ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.10"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"
SUPPORT_END=2029-06-01elevate-testing リポジトリをダウンロードします。
# sudo curl https://repo.almalinux.org/elevate/testing/elevate-testing.repo -o /etc/yum.repos.d/elevate-testing.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 465 100 465 0 0 750 0 --:--:-- --:--:-- --:--:-- 750
# ls /etc/yum.repos.d/elevate-testing.repo
/etc/yum.repos.d/elevate-testing.repoELevate GPG キーをインポートします。
# sudo rpm --import https://repo.almalinux.org/elevate/RPM-GPG-KEY-ELevateAlmaLinux 8 から AlmaLinux 9 にアップグレードできるようにする Leapp パッケージをインストールします。
# sudo yum install -y leapp-upgrade leapp-data-almalinux
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
ELevate Testing 651 kB/s | 258 kB 00:00
Dependencies resolved.
===============================================================================================================================================================================================================
Package Architecture Version Repository Size
===============================================================================================================================================================================================================
Installing:
leapp-data-almalinux noarch 0.5-1.el8.20241127 elevate-testing 470 k
leapp-upgrade-el8toel9 noarch 1:0.21.0-5.el8.elevate.1 elevate-testing 1.1 M
Installing dependencies:
leapp noarch 0.18.0-2.el8 elevate-testing 34 k
leapp-deps noarch 0.18.0-2.el8 elevate-testing 16 k
leapp-upgrade-el8toel9-deps noarch 1:0.21.0-5.el8.elevate.1 elevate-testing 45 k
python3-leapp noarch 0.18.0-2.el8 elevate-testing 199 k
Transaction Summary
===============================================================================================================================================================================================================
Install 6 Packages
Total download size: 1.9 M
Installed size: 31 M
Downloading Packages:
(1/6): leapp-0.18.0-2.el8.noarch.rpm 187 kB/s | 34 kB 00:00
(2/6): leapp-deps-0.18.0-2.el8.noarch.rpm 80 kB/s | 16 kB 00:00
(3/6): leapp-data-almalinux-0.5-1.el8.20241127.noarch.rpm 1.7 MB/s | 470 kB 00:00
(4/6): leapp-upgrade-el8toel9-deps-0.21.0-5.el8.elevate.1.noarch.rpm 381 kB/s | 45 kB 00:00
(5/6): leapp-upgrade-el8toel9-0.21.0-5.el8.elevate.1.noarch.rpm 5.5 MB/s | 1.1 MB 00:00
(6/6): python3-leapp-0.18.0-2.el8.noarch.rpm 269 kB/s | 199 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.8 MB/s | 1.9 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : leapp-upgrade-el8toel9-deps-1:0.21.0-5.el8.elevate.1.noarch 1/6
Installing : leapp-deps-0.18.0-2.el8.noarch 2/6
Installing : python3-leapp-0.18.0-2.el8.noarch 3/6
Installing : leapp-0.18.0-2.el8.noarch 4/6
Installing : leapp-upgrade-el8toel9-1:0.21.0-5.el8.elevate.1.noarch 5/6
Installing : leapp-data-almalinux-0.5-1.el8.20241127.noarch 6/6
Running scriptlet: leapp-data-almalinux-0.5-1.el8.20241127.noarch 6/6
Verifying : leapp-0.18.0-2.el8.noarch 1/6
Verifying : leapp-data-almalinux-0.5-1.el8.20241127.noarch 2/6
Verifying : leapp-deps-0.18.0-2.el8.noarch 3/6
Verifying : leapp-upgrade-el8toel9-1:0.21.0-5.el8.elevate.1.noarch 4/6
Verifying : leapp-upgrade-el8toel9-deps-1:0.21.0-5.el8.elevate.1.noarch 5/6
Verifying : python3-leapp-0.18.0-2.el8.noarch 6/6
Installed products updated.
Installed:
leapp-0.18.0-2.el8.noarch leapp-data-almalinux-0.5-1.el8.20241127.noarch leapp-deps-0.18.0-2.el8.noarch leapp-upgrade-el8toel9-1:0.21.0-5.el8.elevate.1.noarch
leapp-upgrade-el8toel9-deps-1:0.21.0-5.el8.elevate.1.noarch python3-leapp-0.18.0-2.el8.noarch
Complete! パッケージがインストールされたことを確認するメッセージが表示されます。次に、前の段階と同様に、次のコマンドを使用してアップグレード前のチェックを実行する必要があります。
# sudo leapp preupgrade
==> Processing phase `configuration_phase`
====> * ipu_workflow_config
IPU workflow config actor
==> Processing phase `FactsCollection`
====> * system_facts
Provides data about many facts from system.
====> * vendor_repositories_mapping
Scan the vendor repository mapping files and provide the data to other actors.
====> * check_enabled_vendor_repos
Create a list of vendors whose repositories are present on the system and enabled.
====> * vendor_repo_signature_scanner
Produce VendorSignatures messages for the vendor signature files inside the
====> * scan_systemd_source
Provides info about systemd on the source system
====> * check_custom_network_scripts
Check the existence of custom network-scripts and warn user about possible
====> * firewalld_collect_used_object_names
This actor reads firewalld's configuration and produces Model
====> * nis_scanner
Collect information about the NIS packages configuration.
====> * scanzfcp
In case of s390x architecture, check whether ZFCP is used.
====> * network_manager_connection_scanner
Scan NetworkManager connection keyfiles
====> * firewalld_collect_global_config
This actor reads firewalld's configuration and produces Model
====> * scan_grub_device_name
Find the name of the block devices where GRUB is located
====> * roce_scanner
Detect active RoCE NICs on IBM Z machines.
====> * scan_source_files
Scan files (explicitly specified) of the source system.
====> * scan_vendor_repofiles
Load and produce custom repository data from vendor-provided files.
====> * rpm_scanner
Provides data about installed RPM Packages.
====> * scan_grub_config
Scan grub configuration files for errors.
====> * get_installed_desktops
Actor checks if kde or gnome desktop environments
====> * register_ruby_irb_adjustment
Register a workaround to allow rubygem-irb's directory -> symlink conversion.
====> * scan_sap_hana
Gathers information related to SAP HANA instances on the system.
====> * get_enabled_modules
Provides data about which module streams are enabled on the source system.
====> * scan_pkg_manager
Provides data about package manager (yum/dnf)
====> * network_manager_read_config
Provides data about NetworkManager configuration.
====> * transaction_workarounds
Provides additional RPM transaction tasks based on bundled RPM packages.
====> * repository_mapping
Produces message containing repository mapping based on provided file.
====> * distribution_signed_rpm_scanner
Provide data about distribution plus vendors signed & unsigned RPM packages.
====> * scan_source_kernel
Scan the source system kernel.
====> * scandasd
In case of s390x architecture, check whether DASD is used.
====> * copy_dnf_conf_into_target_userspace
Copy dnf.conf into target userspace
====> * scan_custom_modifications_actor
Collects information about files in leapp directories that have been modified or newly added.
====> * xorgdrvfacts8to9
Check the journal logs for deprecated Xorg drivers.
====> * scanclienablerepo
Produce CustomTargetRepository based on the LEAPP_ENABLE_REPOS in config.
====> * persistentnetnames
Get network interface information for physical ethernet interfaces of the original system.
====> * scancryptopolicies
Scan information about system wide set crypto policies including:
====> * root_scanner
Scan the system root directory and produce a message containing
====> * scan_files_for_target_userspace
Scan the source system and identify files that will be copied into the target userspace when it is created.
====> * ipa_scanner
Scan system for ipa-client and ipa-server status
====> * open_ssl_config_scanner
Read an OpenSSL configuration file for further analysis.
====> * biosdevname
Enable biosdevname on the target RHEL system if all interfaces on the source RHEL
====> * checkrhui
Check if system is using RHUI infrastructure (on public cloud) and send messages to
====> * storage_scanner
Provides data about storage settings.
====> * persistentnetnamesdisable
Disable systemd-udevd persistent network naming on machine with single eth0 NIC
====> * remove_obsolete_gpg_keys
Remove obsoleted RPM GPG keys.
====> * scanmemory
Scan Memory of the machine.
====> * selinuxcontentscanner
Scan the system for any SELinux customizations
====> * sssd_facts_8to9
Check SSSD configuration for changes in RHEL9 and report them in model.
====> * trusted_gpg_keys_scanner
Scan for trusted GPG keys.
====> * udevadm_info
Produces data exported by the "udevadm info" command.
====> * scan_custom_repofile
Scan the custom /etc/leapp/files/leapp_upgrade_repositories.repo repo file.
====> * scan_subscription_manager_info
Scans the current system for subscription manager information
====> * ifcfg_scanner
Scan ifcfg files with legacy network configuration
====> * load_device_driver_deprecation_data
Loads deprecation data for drivers and devices (PCI & CPU)
====> * scan_kernel_cmdline
No documentation has been provided for the scan_kernel_cmdline actor.
====> * scan_target_os_image
Scans the provided target OS ISO image to use as a content source for the IPU, if any.
====> * scanblacklistca
Scan the file system for distrusted CA's in the blacklist directory.
====> * vdo_conversion_scanner
Provides conversion info about VDO devices.
====> * read_openssh_config
Collect information about the OpenSSH configuration.
====> * scan_dynamic_linker_configuration
Scan the dynamic linker configuration and find modifications.
====> * repositories_blacklist
Exclude target repositories provided by Red Hat without support.
====> * xfs_info_scanner
This actor scans all mounted mountpoints for XFS information
====> * rpm_transaction_config_tasks_collector
Provides additional RPM transaction tasks from /etc/leapp/transaction.
====> * scan_fips
Determine whether the source system has FIPS enabled.
====> * used_repository_scanner
Scan used enabled repositories
====> * multipath_conf_read_8to9
Read multipath configuration files and extract the necessary information
====> * luks_scanner
Provides data about active LUKS devices.
====> * detect_kernel_drivers
Matches all currently loaded kernel drivers against known deprecated and removed drivers.
====> * pci_devices_scanner
Provides data about existing PCI Devices.
====> * scancpu
Scan CPUs of the machine.
====> * satellite_upgrade_facts
Report which Satellite packages require updates and how to handle PostgreSQL data
====> * satellite_upgrade_services
Reconfigure Satellite services
====> * pes_events_scanner
Provides data about package events from Package Evolution Service.
====> * setuptargetrepos
Produces list of repositories that should be available to be used by Upgrade process.
==> Processing phase `Checks`
====> * dotnet_unsupported_versions_check
Check for installed .NET versions that are no longer supported.
====> * check_microarchitecture
Inhibit if RHEL9 microarchitecture requirements are not satisfied
====> * check_system_arch
Check if system is running at a supported architecture. If no, inhibit the upgrade process.
====> * emit_net_naming_scheme
Emit necessary modifications of the upgrade environment and target command line to use net.naming-scheme.
====> * check_target_iso
Check that the provided target ISO is a valid ISO image and is located on a persistent partition.
====> * efi_check_boot
Adjust EFI boot entry for first reboot
====> * network_deprecations
Ensures that network configuration doesn't rely on unsupported settings
====> * checkmemory
The actor check the size of RAM against RHEL8 minimal hardware requirements
====> * red_hat_signed_rpm_check
Check if there are packages not signed by Red Hat in use. If yes, warn user about it.
====> * check_arm_bootloader
Install required RPM packages for ARM system upgrades on paths with
====> * check_skipped_repositories
Produces a report if any repositories enabled on the system are going to be skipped.
====> * check_vdo
Check if VDO devices need to be migrated to lvm management.
====> * check_insights_auto_register
Checks if system can be automatically registered into Red Hat Insights
====> * bacula_check
Actor checking for presence of Bacula installation.
====> * check_nvidia_proprietary_driver
Check if NVIDIA proprietary driver is in use. If yes, inhibit the upgrade process.
====> * check_mount_options
Check for mount options preventing the upgrade.
====> * checkhybridimage
Check if the system is using Azure hybrid image.
====> * mariadb_check
Actor checking for presence of MariaDB installation.
====> * firewalld_check_service_tftp_client
This actor will inhibit if firewalld's configuration is using service
====> * firewalld_check_allow_zone_drifting
This actor will check if AllowZoneDrifiting=yes in firewalld.conf. This
====> * check_detected_devices_and_drivers
Checks whether or not detected devices and drivers are usable on the target system.
====> * check_kpatch
Carry over kpatch-dnf and it's config into the container
====> * checkblacklistca
No documentation has been provided for the checkblacklistca actor.
====> * cephvolumescan
Retrieves the list of encrypted Ceph OSD
====> * openssh_permit_root_login
OpenSSH no longer allows root logins with password.
====> * sssd_check_8to9
Check SSSD configuration for changes in RHEL9 and report them in model.
====> * check_yum_plugins_enabled
Checks that the required yum plugins are enabled.
====> * unsupported_upgrade_check
Checks environment variables and produces a warning report if the upgrade is unsupported.
====> * check_sap_hana
If SAP HANA has been detected, several checks are performed to ensure a successful upgrade.
====> * nis_check
Checks if any of NIS components is installed and configured
====> * check_rhsmsku
Ensure the system is subscribed to the subscription manager
====> * open_ssl_config_check
The OpenSSL configuration changed between RHEL8 and RHEL9 significantly with the rebase to
====> * check_nfs
Check if NFS filesystem is in use. If yes, inhibit the upgrade process.
====> * checktargetrepos
Check whether target yum repositories are specified.
====> * open_ssh_drop_in_directory_check
Trigger a notice that the main sshd_config will be updated to contain
====> * check_consumed_assets
Check whether Leapp is using correct data assets.
====> * check_installed_kernels
Inhibit IPU (in-place upgrade) when installed kernels conflict with a safe upgrade.
====> * check_etc_releasever
Check releasever info and provide a guidance based on the facts
====> * check_ifcfg
Ensures that ifcfg files are compatible with NetworkManager
====> * open_ssh_subsystem_sftp
The RHEL9 changes the SCP to use SFTP protocol internally. The both RHEL8 and RHEL9
====> * check_boot_avail_space
Check if at least 100Mib of available space on /boot. If not, inhibit the upgrade process.
====> * check_ipa_server
Check for ipa-server and inhibit upgrade
====> * check_deprecated_rpm_signature
Check whether any packages signed by RSA/SHA1 are installed
====> * check_fips
Inhibit upgrade if FIPS is detected as enabled.
====> * check_bls_grub_onppc64
Check whether GRUB config is BLS aware on RHEL 8 ppc64le systems
====> * postgresql_check
Actor checking for presence of PostgreSQL installation.
====> * detect_grub_config_error
Check grub configuration for various errors.
====> * crypto_policies_check
This actor consumes previously gathered information about crypto policies on the source
====> * check_cifs
Check if CIFS filesystem is in use. If yes, inhibit the upgrade process.
====> * check_se_linux
Check SELinux status and produce decision messages for further action.
====> * check_systemd_broken_symlinks
Check whether some systemd symlinks are broken
====> * check_fstab_mount_order
Checks order of entries in /etc/fstab based on their mount point and inhibits upgrade if overshadowing is detected.
====> * roce_check
Check whether RoCE is used on the system and well configured for the upgrade.
====> * check_persistent_mounts
Check if mounts required to be persistent are mounted in persistent fashion.
====> * check_dynamic_linker_configuration
Check for customization of dynamic linker configuration.
====> * check_grub_core
Check whether we are on legacy (BIOS) system and instruct Leapp to upgrade GRUB core
====> * check_luks
Check if any encrypted partitions are in use and whether they are supported for the upgrade.
====> * xorgdrvcheck8to9
Warn if Xorg deprecated drivers are in use.
====> * check_custom_modifications_actor
Checks CustomModifications messages and produces a report about files in leapp directories that have been
====> * check_openssl_conf
Check whether the openssl configuration and openssl-IBMCA.
====> * check_root_symlinks
Check if the symlinks /bin and /lib are relative, not absolute.
====> * check_os_release
Check if the current RHEL minor version is supported. If not, inhibit the upgrade process.
====> * multipath_conf_check_8to9
Checks if changes to the multipath configuration files are necessary
====> * check_rpm_transaction_events
Filter RPM transaction events based on installed RPM packages
====> * check_skip_phase
Skip all the subsequent phases until the report phase.
==> Processing phase `Reports`
====> * verify_check_results
Check all dialogs and notify that user needs to make some choices.
====> * verify_check_results
Check all generated results messages and notify user about them.
Debug output written to /var/log/leapp/leapp-preupgrade.log
============================================================
REPORT OVERVIEW
============================================================
Upgrade has been inhibited due to the following problems:
1. Possible problems with remote login using root account
2. Upgrade requires links in root directory to be relative
HIGH and MEDIUM severity reports:
1. Packages not signed by Red Hat found on the system
2. Leapp detected loaded kernel drivers which are no longer maintained in RHEL 9.
3. Leapp detected a processor which is no longer maintained in RHEL 9.
4. Remote root logins globally allowed using password
5. GRUB2 core will be automatically updated during the upgrade
6. Detected custom leapp actors or files.
7. MariaDB (mariadb-server) has been detected on your system
Reports summary:
Errors: 0
Inhibitors: 2
HIGH severity reports: 6
MEDIUM severity reports: 1
LOW severity reports: 1
INFO severity reports: 2
Before continuing, review the full report below for details about discovered problems and possible remediation instructions:
A report has been generated at /var/log/leapp/leapp-report.txt
A report has been generated at /var/log/leapp/leapp-report.json
============================================================
END OF REPORT OVERVIEW
============================================================
Answerfile has been generated at /var/log/leapp/answerfile結果は/var/log/leapp/leapp-report.txtに出るらしいけど0バイトだった。
SELinuxはOFFってるし、/etc/firewalld/firewalld.confはAllowZoneDrifting=noだからかな?
でも赤文字でREPORT OVERVIEWなので内容を見てみると
Upgrade has been inhibited due to the following problems: 出直せ
1. Possible problems with remote login using root account リモートでルートが使えるのは嫌い!
2. Upgrade requires links in root directory to be relative ルート直下の絶対パスのリンクは嫌い!
なので
# ls -la /
・・・
lrwxrwxrwx 1 root root 19 Sep 2 2021 snap -> /var/lib/snapd/snap
・・・があったので、
# cd /
# rm snap
rm: remove symbolic link 'snap'? y
# ln -s var/lib/snapd/snap /snapルートでログインできないようにする
# vi /etc/ssh/sshd_config
/Root
#PermitRootLogin yes にする
:wq
#rebootTeraTermではルートからログインできないからcockpit画面でルートでログインして(笑
# sudo leapp preupgrade
・・・
============================================================
REPORT OVERVIEW 黄色
============================================================
HIGH and MEDIUM severity reports:
1. Packages not signed by Red Hat found on the system
2. Detected custom leapp actors or files.
3. Leapp detected loaded kernel drivers which are no longer maintained in RHEL 9.
4. Leapp detected a processor which is no longer maintained in RHEL 9.
5. GRUB2 core will be automatically updated during the upgrade
6. MariaDB (mariadb-server) has been detected on your system
Reports summary:
Errors: 0
Inhibitors: 0
HIGH severity reports: 5
MEDIUM severity reports: 1
LOW severity reports: 2
INFO severity reports: 3
Before continuing, review the full report below for details about discovered problems and possible remediation instructions:
A report has been generated at /var/log/leapp/leapp-report.txt
A report has been generated at /var/log/leapp/leapp-report.json
============================================================
END OF REPORT OVERVIEW
============================================================
Answerfile has been generated at /var/log/leapp/answerfile
MariaDB (mariadb-server) が動いてるとダメなのか?