Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

missinggpgkeys: Generate more reports in unusual situations instead of only logging #1025

Merged
merged 6 commits into from
Feb 21, 2023
Merged

missinggpgkeys: Generate more reports in unusual situations instead of only logging #1025

merged 6 commits into from
Feb 21, 2023

Conversation

Jakuje
Copy link
Contributor

@Jakuje Jakuje commented Jan 31, 2023

No description provided.

@github-actions
Copy link

Thank you for contributing to the Leapp project!

Please note that every PR needs to comply with the Leapp Guidelines and must pass all tests in order to be mergeable.
If you want to request a review or rebuild a package in copr, you can use following commands as a comment:

  • review please to notify leapp developers of review request
  • /packit copr-build to submit a public copr build using packit

To launch regression testing public members of oamg organization can leave the following comment:

  • /rerun to schedule basic regression tests using this pr build and leapp*master* as artifacts
  • /rerun 42 to schedule basic regression tests using this pr build and leapp*PR42* as artifacts
  • /rerun-sst to schedule sst tests using this pr build and leapp*master* as artifacts
  • /rerun-sst 42 to schedule sst tests using this pr build and leapp*PR42* as artifacts

Please open ticket in case you experience technical problem with the CI. (RH internal only)

Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please consider rerunning the CI by commenting leapp-ci build (might require several comments). If the problem persists, contact leapp-infra.

@Jakuje Jakuje force-pushed the gpg-report branch 3 times, most recently from 799f18b to 6896002 Compare January 31, 2023 21:11
@leapp-bot
Copy link
Collaborator

This PR has been linked in issue tracker (OAMG-8403).

@pirat89 pirat89 added this to the 8.8/9.2 milestone Feb 6, 2023
@pirat89 pirat89 self-assigned this Feb 6, 2023
pirat89
pirat89 reviewed Feb 8, 2023
View reviewed changes
Copy link
Member

@pirat89 pirat89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done a fast overview and it seems good. I will focus on this more later this week (fri?)

@Jakuje
missinggpgkeys: Generate more reports
5cd32c6 
This adds new non-inhibiting reports in unusual situations instead
of only logging warnings, which might get lost. Also removes some
outdated TODO comments and improves test coverage and comments in
the actor.

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
@Jakuje
missinggpgkeysinhibitor: Add test coverage for _get_abs_file_path
345eb7c 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
@Jakuje
missinggpgkeysinhibitor: Fall back to the file in host system if it i…
2339c45 
…s not available in the container

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
@pirat89
Copy link
Member

pirat89 commented Feb 9, 2023
edited

@Jakuje Currently it's crashing as it is trying to get info about gpgkey even when gpgcheck is 0 and gpgkey is not specified:

2023-02-09 15:51:15.572 DEBUG    PID: 18267 leapp.workflow.TargetTransactionCheck.missing_gpg_keys_inhibitor: External command has started: ['gpg2', '--show-keys', '--with-colons', '/etc/leapp/repos.d/system_upgrade/common/files/rpm-gpg/9/RPM-GPG-KEY-redhat-release']
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' crepub:-:4096:1:199E2F91FD431D51:1256212795:::-:::scSC::::::23::0:
fpr:::::::::567Eated
gpg: /root/.gnupg/trustdb.gpg: trustdb created
347AD0044ADE55BA8A5F199E2F91FD431D51:
uid:-::::1256212795::DC1CAEC7997B3575101BB0FCAAC6191792660D8F::Red Hat, Inc. (release key 2) <security@redhat.com>::::::::::0:
pub:-:4096:1:5054E4A45A6340B3:1646863006:::-:::scSC::::::23::0:
fpr:::::::::7E4624258C406535D56D6F135054E4A45A6340B3:
uid:-::::1646863006::DA7F68E3872D6E7BDCE05225E7EB5F3ACDD9699F::Red Hat, Inc. (auxiliary key 3) <security@redhat.com>::::::::::0:
2023-02-09 15:51:15.589 DEBUG    PID: 18267 leapp.workflow.TargetTransactionCheck.missing_gpg_keys_inhibitor: External command has finished: ['gpg2', '--show-keys', '--with-colons', '/etc/leapp/repos.d/system_upgrade/common/files/rpm-gpg/9/RPM-GPG-KEY-redhat-release']
Process Process-383:
Traceback (most recent call last):
  File "/usr/lib64/python3.6/multiprocessing/process.py", line 258, in _bootstrap
    self.run()
  File "/usr/lib64/python3.6/multiprocessing/process.py", line 93, in run
    self._target(*self._args, **self._kwargs)
  File "/usr/lib/python3.6/site-packages/leapp/repository/actor_definition.py", line 74, in _do_run
    actor_instance.run(*args, **kwargs)
  File "/usr/lib/python3.6/site-packages/leapp/actors/__init__.py", line 289, in run
    self.process(*args)
  File "/etc/leapp/repos.d/system_upgrade/common/actors/missinggpgkeysinhibitor/actor.py", line 40, in process
    missinggpgkey.process()
  File "/usr/lib/python3.6/site-packages/leapp/utils/deprecation.py", line 42, in process_wrapper
    return target_item(*args, **kwargs)
  File "/etc/leapp/repos.d/system_upgrade/common/actors/missinggpgkeysinhibitor/libraries/missinggpgkey.py", line 431, in process
    for gpgkey_url in gpgkeys:
TypeError: 'NoneType' object is not iterable


===========================================================================================================
Actor missing_gpg_keys_inhibitor unexpectedly terminated with exit code: 1 - Please check the above details
===========================================================================================================
2023-02-09 15:51:15.626 INFO     PID: 12037 leapp: Answerfile will be created at /var/log/leapp/answerfile

Debug output written to /var/log/leapp/leapp-preupgrade.log

example of the file:

[root@localhost ~]# cat /etc/leapp/files/leapp_upgrade_repositories.repo 
[APPSTREAM]
name=APPSTREAM
baseurl=http://foo.com/bar
enabled=0
gpgcheck=0

[BASEOS]
name=BASEOS
baseurl=http://foo.com/bar
enabled=0
gpgcheck=0

(you can generate the file using prepare_test_env.sh library: customer_repos_hack)

@Jakuje
missinggpgkeysinhibitor: Test case for missing gpgkey= option in targ…
b339da1 
…et repository

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
@Jakuje
missinggpgkeysinhibitor: Differentiate missing gpgkey and disabled gp…
5d4ab08 
…gcheck in repository

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
@Jakuje
missinggpgkeysinhibitor: Report inconsistent repository without GPG keys
9800681 
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
@Jakuje
Copy link
Contributor Author

Jakuje commented Feb 9, 2023

Sorry, I got lost in the None and [] comparisons (which probably means it is weird API regardless how much it is covered with tests and documented.

@pirat89
Copy link
Member

pirat89 commented Feb 20, 2023

/rerun

@github-actions
Copy link

Copr build succeeded: https://copr.fedorainfracloud.org/coprs/build/5548873

@github-actions
Copy link

Testing Farm request for RHEL-8.6-rhui/5548873 regression testing has been created.
Once finished, results should be available here.
Full pipeline log.

@github-actions
Copy link

Testing Farm request for RHEL-7.9-rhui/5548873 regression testing has been created.
Once finished, results should be available here.
Full pipeline log.

@github-actions
Copy link

Testing Farm request for RHEL-8.7.0-Nightly/5548873 regression testing has been created.
Once finished, results should be available here.
Full pipeline log.

@github-actions
Copy link

Testing Farm request for RHEL-8.6.0-Nightly/5548873 regression testing has been created.
Once finished, results should be available here.
Full pipeline log.

@github-actions
Copy link

Testing Farm request for RHEL-7.9-ZStream/5548873 regression testing has been created.
Once finished, results should be available here.
Full pipeline log.

@github-actions
Copy link

Testing Farm request for RHEL-7.9-ZStream/5548873 regression testing has been created.
Once finished, results should be available here.
Full pipeline log.

pirat89
pirat89 approved these changes Feb 20, 2023
View reviewed changes
Copy link
Member

@pirat89 pirat89 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

after spending a time trying various scenarios, it seems to be working! :-)

@pirat89 pirat89 merged commit 6945580 into oamg:master Feb 21, 2023
@pirat89 pirat89 added the changelog-checked The merger/reviewer checked the changelog draft document and updated it when relevant label Feb 21, 2023
pirat89 added a commit to pirat89/leapp-repository that referenced this pull request Feb 21, 2023
@pirat89
# Release 0.18.0
422e3f6 
## Packaging
- Requires cpio (oamg#979)
- Requires python3-gobject-base, NetworkManager-libnm (oamg#969)
- Bump leapp-repository-dependencies to 9 (oamg#969, oamg#979)

## Upgrade handling
### Fixes
- Add leapp RHUI packages to an allowlist to drop confusing reports (oamg#995)
- Check only mounted XFS partitions (oamg#1027)
- Detect the kernel-core RPM instead of kernel to prevent an error during post-upgrade phases (oamg#1024)
- Disable the amazon-id DNF plugin on AWS during the upgrade stage to omit error messages during the upgrade process caused by missing network connection (oamg#990)
- Do not create new *pyc files when running leapp after the DNF upgrade transaction (oamg#1017)
- Enable upgrades on s390x when /boot is part of rootfs (oamg#991)
- Extend the allow list of RHUI clients by azure-sap-apps to omit confusing report (oamg#974)
- Filter out PES events unrelated for the used upgrade path and handle overlapping events (oamg#1008)
- Fix scan of ceph volumes on systems without ceph-osd (oamg#1011)
- Fix scan of ceph volumes when ceph-osd container is not found (oamg#986)
- Fix systemd symlinks that become incorrect during the IPU (oamg#972)
- Fix the check of memory (RAM) limits (oamg#984)
- Fix the upgrade of IBM Z machines configured with ZFCP (oamg#983)
- Ignore external accounts in /etc/passwd (oamg#958)
- Inhibit the upgrade when entries in /etc/fstab cause overshadowing during the upgrade (oamg#1009)
- Prevent leapp failures caused by re-run of leapp in the upgrade initramfs after previous failure, which causes additional confusing error message hiding original bugs (oamg#996)
- Prevent the upgrade with RHSM when a baseos and an appstream target repositories are not discovered (oamg#1001)
- RHUI(Azure) handle correctly various SAP images (oamg#1037)
- Rework the network configuration handling and parse the configuration data properly (oamg#969)
- Set RHSM release for non-ga and non-beta channels (oamg#1033)
- Use the "grub" library to find the GRUB device (oamg#989)
- [IPU 7 -> 8] Detect corrupted grubenv file (oamg#1012)
- [IPU 7 -> 8] Ensure that rsyncd stays enabled if it is enabled prior the upgrade(oamg#1043)
- [IPU 7 -> 8] Ensure that satellite metapackages are installed after the upgrade (oamg#994)
- [IPU 7 -> 8] Ensure the device_cio_free service stays enabled on s390x after the upgrade (oamg#977)
- [IPU 7 -> 8] Fixed checks for RHEL SAP IPU 7.9 -> 8.6 (oamg#978)
- [IPU 7 -> 8] Fixed migration of ntp to chrony when the ntp service is masked (oamg#966)
- [IPU 7 -> 8] Prevent the traceback during migration of sendmail configuration files when the package is not installed (oamg#1041)
- [IPU 7 -> 8] Satellite: reindex all related databases to fix issues due to new locales in RHEL 8 (oamg#1007, oamg#1018)
- [IPU 7 -> 8] Use the correct domain name in SSSD reports (oamg#1040)
- [IPU 8 -> 9] Added checks for RHEL SAP IPU 8.6 -> 9.0 (oamg#978)
- [IPU 8 -> 9] CheckVDO: Ask user for the confirmation only on failures and undetermined devices (oamg#961)
- [IPU 8 -> 9] Fix the kernel detection during initramfs creation for new kernel on RHEL 9.2+ (oamg#1048)
- [IPU 8 -> 9] Fix the upgrade on Azure using RHUI for SAP Apps images (oamg#975)
- [IPU 8 -> 9] Handle correctly firewalld version 0.8 (oamg#963)

### Enhancements
- Set new upgrade paths (oamg#988):
-- RHEL 7.9 -> 8.8, 8.6 (default: 8.8)
-- RHEL 8.6 -> 9.0
-- RHEL 8.8 -> 9.2
- Check that used leapp data are valid and compatible with the installed leapp-repository (oamg#1003)
- Detect a proxy configuration in YUM/DNF and adjust an error msg on issues caused by the configuration (oamg#914)
- Detect and report systemd symlinks that are broken before the upgrade (oamg#972)
- Drop obsoleted upgrade paths (oamg#1047)
- Improve remediation instructions for packages in unknown repositories (oamg#1010)
- Improve the error message to guide users when discovered more space is needed (oamg#956)
- Introduce --nogpgcheck option to skip checking of RPM signatures (oamg#910)
- Introduced an option to use an ISO file as a target RHEL version content source (oamg#979)
- Introduced possibility to specify what systemd services should be enabled/disabled on the upgraded system (oamg#964)
- Map the target repositories also based on the installed content (oamg#967)
- Provide common information about systemd services (oamg#959)
- Register subscribed systems automatically to Red Hat Insights unless --no-insights-register is used (oamg#1000)
- Remove obsoleted GPG keys provided by RH after the upgrade to prevent errors (oamg#1022)
- Run upgrade process with checking RPM signatures by default (oamg#910, oamg#993, oamg#1025)
- Save breadcrumbs results as RHSM facts (oamg#1002)
- Small improvements in various reports (oamg#1038, oamg#1039, oamg#1032)
- [IPU 8 -> 9] Detect CIFS also when upgrading from RHEL8 to RHEL9 (PR1035)
- [IPU 8 -> 9] Detect RoCE on IBM Z machines and check the configuration is safe for the upgrade (oamg#1030)
- [IPU 8 -> 9] Enable upgrades of RHEL 8 for SAP HANA to RHEL 9 on ppc64le (oamg#1042)
- [IPU 8 -> 9] Improve the handling of blocklisted certificates (oamg#992)

## Additional changes interesting for devels
- Started work on bringing up networking inside the upgrade initramfs - currently available for testing and development purposes when LEAPP_DEVEL_INITRAM_NETWORK is set (oamg#960)
- Add leapp debug tools to the upgrade initramfs - dracut upgrade module (oamg#997)
- Enable disabling of DNF plugins in the dnfplugin library (oamg#990)
@pirat89 pirat89 mentioned this pull request Feb 21, 2023
Merged
pirat89 added a commit that referenced this pull request Feb 21, 2023
@pirat89
# Release 0.18.0
21b592a 
## Packaging
- Requires cpio (#979)
- Requires python3-gobject-base, NetworkManager-libnm (#969)
- Bump leapp-repository-dependencies to 9 (#969, #979)

## Upgrade handling
### Fixes
- Add leapp RHUI packages to an allowlist to drop confusing reports (#995)
- Check only mounted XFS partitions (#1027)
- Detect the kernel-core RPM instead of kernel to prevent an error during post-upgrade phases (#1024)
- Disable the amazon-id DNF plugin on AWS during the upgrade stage to omit error messages during the upgrade process caused by missing network connection (#990)
- Do not create new *pyc files when running leapp after the DNF upgrade transaction (#1017)
- Enable upgrades on s390x when /boot is part of rootfs (#991)
- Extend the allow list of RHUI clients by azure-sap-apps to omit confusing report (#974)
- Filter out PES events unrelated for the used upgrade path and handle overlapping events (#1008)
- Fix scan of ceph volumes on systems without ceph-osd (#1011)
- Fix scan of ceph volumes when ceph-osd container is not found (#986)
- Fix systemd symlinks that become incorrect during the IPU (#972)
- Fix the check of memory (RAM) limits (#984)
- Fix the upgrade of IBM Z machines configured with ZFCP (#983)
- Ignore external accounts in /etc/passwd (#958)
- Inhibit the upgrade when entries in /etc/fstab cause overshadowing during the upgrade (#1009)
- Prevent leapp failures caused by re-run of leapp in the upgrade initramfs after previous failure, which causes additional confusing error message hiding original bugs (#996)
- Prevent the upgrade with RHSM when a baseos and an appstream target repositories are not discovered (#1001)
- RHUI(Azure) handle correctly various SAP images (#1037)
- Rework the network configuration handling and parse the configuration data properly (#969)
- Set RHSM release for non-ga and non-beta channels (#1033)
- Use the "grub" library to find the GRUB device (#989)
- [IPU 7 -> 8] Detect corrupted grubenv file (#1012)
- [IPU 7 -> 8] Ensure that rsyncd stays enabled if it is enabled prior the upgrade(#1043)
- [IPU 7 -> 8] Ensure that satellite metapackages are installed after the upgrade (#994)
- [IPU 7 -> 8] Ensure the device_cio_free service stays enabled on s390x after the upgrade (#977)
- [IPU 7 -> 8] Fixed checks for RHEL SAP IPU 7.9 -> 8.6 (#978)
- [IPU 7 -> 8] Fixed migration of ntp to chrony when the ntp service is masked (#966)
- [IPU 7 -> 8] Prevent the traceback during migration of sendmail configuration files when the package is not installed (#1041)
- [IPU 7 -> 8] Satellite: reindex all related databases to fix issues due to new locales in RHEL 8 (#1007, #1018)
- [IPU 7 -> 8] Use the correct domain name in SSSD reports (#1040)
- [IPU 8 -> 9] Added checks for RHEL SAP IPU 8.6 -> 9.0 (#978)
- [IPU 8 -> 9] CheckVDO: Ask user for the confirmation only on failures and undetermined devices (#961)
- [IPU 8 -> 9] Fix the kernel detection during initramfs creation for new kernel on RHEL 9.2+ (#1048)
- [IPU 8 -> 9] Fix the upgrade on Azure using RHUI for SAP Apps images (#975)
- [IPU 8 -> 9] Handle correctly firewalld version 0.8 (#963)

### Enhancements
- Set new upgrade paths (#988):
-- RHEL 7.9 -> 8.8, 8.6 (default: 8.8)
-- RHEL 8.6 -> 9.0
-- RHEL 8.8 -> 9.2
- Check that used leapp data are valid and compatible with the installed leapp-repository (#1003)
- Detect a proxy configuration in YUM/DNF and adjust an error msg on issues caused by the configuration (#914)
- Detect and report systemd symlinks that are broken before the upgrade (#972)
- Drop obsoleted upgrade paths (#1047)
- Improve remediation instructions for packages in unknown repositories (#1010)
- Improve the error message to guide users when discovered more space is needed (#956)
- Introduce --nogpgcheck option to skip checking of RPM signatures (#910)
- Introduced an option to use an ISO file as a target RHEL version content source (#979)
- Introduced possibility to specify what systemd services should be enabled/disabled on the upgraded system (#964)
- Map the target repositories also based on the installed content (#967)
- Provide common information about systemd services (#959)
- Register subscribed systems automatically to Red Hat Insights unless --no-insights-register is used (#1000)
- Remove obsoleted GPG keys provided by RH after the upgrade to prevent errors (#1022)
- Run upgrade process with checking RPM signatures by default (#910, #993, #1025)
- Save breadcrumbs results as RHSM facts (#1002)
- Small improvements in various reports (#1038, #1039, #1032)
- [IPU 8 -> 9] Detect CIFS also when upgrading from RHEL8 to RHEL9 (PR1035)
- [IPU 8 -> 9] Detect RoCE on IBM Z machines and check the configuration is safe for the upgrade (#1030)
- [IPU 8 -> 9] Enable upgrades of RHEL 8 for SAP HANA to RHEL 9 on ppc64le (#1042)
- [IPU 8 -> 9] Improve the handling of blocklisted certificates (#992)

## Additional changes interesting for devels
- Started work on bringing up networking inside the upgrade initramfs - currently available for testing and development purposes when LEAPP_DEVEL_INITRAM_NETWORK is set (#960)
- Add leapp debug tools to the upgrade initramfs - dracut upgrade module (#997)
- Enable disabling of DNF plugins in the dnfplugin library (#990)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pirat89 pirat89 pirat89 approved these changes

Assignees

@pirat89 pirat89

Labels
changelog-checked The merger/reviewer checked the changelog draft document and updated it when relevant
Projects
None yet
Milestone
8.8/9.2
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Jakuje @leapp-bot @pirat89