Risk Factor: high (error) Title: Could not check for valid GPG keys Summary: {"details": "No UsedTargetRepositories facts"} Key: f61bcffa152743596cc0b18172fd42f05f042c02 ---------------------------------------- Risk Factor: high (inhibitor) Title: There are no enabled target repositories Summary: This can happen when a system is not correctly registered with the subscription manager or, when the leapp --no-rhsm option has been used, no custom repositories have been passed on the command line. Remediation: [hint] Ensure the system is correctly registered with the subscription manager and that the current subscription is entitled to install the requested target version 8.6. If you used the --no-rhsm option (or the LEAPP_NO_RHSM=1 environment variable is set), ensure the custom repository file is provided with properly defined repositories and that the --enablerepo option for leapp is set if the repositories are defined in any repofiles under the /etc/yum.repos.d/ directory. For more information on custom repository files, see the documentation. Finally, verify that the "/etc/leapp/files/repomap.json" file is up-to-date. Key: 8a43a658c16c3712bb325e5a26f22395ba360542 ---------------------------------------- Risk Factor: high Title: Packages available in excluded repositories will not be installed Summary: 11 packages will be skipped because they are available only in target system repositories that are intentionally excluded from the list of repositories used during the upgrade. See the report message titled "Excluded target system repositories" for details. The list of these packages: - gdk-pixbuf2-xlib (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - gdk-pixbuf2-xlib-devel (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - ivy-local (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - javapackages-filesystem (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - ldns-utils (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - libgudev-devel (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - libnsl2-devel (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - python3-javapackages (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - python3-pyxattr (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - rpcgen (repoid: codeready-builder-for-rhel-8-x86_64-rpms) - rpcsvc-proto-devel (repoid: codeready-builder-for-rhel-8-x86_64-rpms) Key: 2437e204808f987477c0e9be8e4c95b3a87a9f3e ---------------------------------------- Risk Factor: high Title: GRUB2 core will be automatically updated during the upgrade Summary: On legacy (BIOS) systems, GRUB2 core (located in the gap between the MBR and the first partition) cannot be updated during the rpm transaction and Leapp has to initiate the update running "grub2-install" after the transaction. No action is needed before the upgrade. After the upgrade, it is recommended to check the GRUB configuration. Key: ac7030e05d2ee248d34f08a9fa040b352bc410a3 ---------------------------------------- Risk Factor: high Title: Packages not signed by Red Hat found on the system Summary: The following packages have not been signed by Red Hat and may be removed during the upgrade process in case Red Hat-signed packages to be removed during the upgrade depend on them: - jdk-11.0.12 Key: 13f0791ae5f19f50e7d0d606fb6501f91b1efb2c ---------------------------------------- Risk Factor: high Title: Difference in Python versions and support in RHEL 8 Summary: In RHEL 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages. If you no longer require Python 2 packages following the upgrade, please remove them. Read more here: https://red.ht/rhel-8-python Remediation: [hint] Please run "alternatives --set python /usr/bin/python3" after upgrade Key: 0c98585b1d8d252eb540bf61560094f3495351f5 ---------------------------------------- Risk Factor: medium Title: Module pam_pkcs11 will be removed from PAM configuration Summary: Module pam_pkcs11 was surpassed by SSSD and therefore it was removed from RHEL-8. Keeping it in PAM configuration may lock out the system thus it will be automatically removed from PAM configuration before upgrading to RHEL-8. Please switch to SSSD to recover the functionality of pam_pkcs11. Remediation: [hint] Configure SSSD to replace pam_pkcs11 Key: bf47e7305d6805e8bbeaa7593cf01e38030c23f3 ---------------------------------------- Risk Factor: low Title: Brltty has incompatible changes in the next major version Summary: The --message-delay brltty option has been renamed to --message-timeout. The -U [--update-interval=] brltty option has been removed. Remediation: [hint] Please update your scripts to be compatible with the changes. Key: 6bdee7a18a7b2ef8926cda49eba5bab74726b412 ---------------------------------------- Risk Factor: low Title: Grep has incompatible changes in the next major version Summary: If a file contains data improperly encoded for the current locale, and this is discovered before any of the file's contents are output, grep now treats the file as binary. The 'grep -P' no longer reports an error and exits when given invalid UTF-8 data. Instead, it considers the data to be non-matching. In locales with multibyte character encodings other than UTF-8, grep -P now reports an error and exits instead of misbehaving. When searching binary data, grep now may treat non-text bytes as line terminators. This can boost performance significantly. The 'grep -z' no longer automatically treats the byte '\200' as binary data. Context no longer excludes selected lines omitted because of -m. For example, 'grep "^" -m1 -A1' now outputs the first two input lines, not just the first line. Remediation: [hint] Please update your scripts to be compatible with the changes. Key: 94665a499e2eeee35eca3e7093a7abe183384b16 ---------------------------------------- Risk Factor: low Title: Postfix has incompatible changes in the next major version Summary: Postfix 3.x has so called "compatibility safety net" that runs Postfix programs with backwards-compatible default settings. It will log a warning whenever backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net. The backward compatibility safety net is by default turned off in Red Hat Enterprise Linux 8. It can be turned on by running: "postconf -e compatibility_level=0 It can be turned off by running: "postconf -e compatibility_level=2 In the Postfix MySQL database client, the default "option_group" value has changed to "client", i.e. it now reads options from the [client] group from the MySQL configuration file. To disable it, set "option_group" to the empty string. The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment. Postfix 3.2 enables elliptic curve negotiation. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter "tls_eecdh_auto_curves" with the names of curves that may be negotiated. The "master.cf" chroot default value has changed from "y" (yes) to "n" (no). This applies to master.cf services where chroot field is not explicitly specified. The "append_dot_mydomain" default value has changed from "yes" to "no". You may need changing it to "yes" if senders cannot use complete domain names in e-mail addresses. The "relay_domains" default value has changed from "$mydestination" to the empty value. This could result in unexpected "Relay access denied" errors or ETRN errors, because now will postfix by default relay only for the localhost. The "mynetworks_style" default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could result in unexpected "access denied" errors, because postfix will now by default trust only the local machine, not the remote SMTP clients on the same IP subnetwork. Postfix now supports dynamically loaded database plugins. Plugins are shipped in individual RPM sub-packages. Correct database plugins have to be installed, otherwise the specific database client will not work. For example for PostgreSQL map to work, the postfix-pgsql RPM package has to be installed. Key: 5721e0a07a67d82cf7e5ea6f17662cd4f82e0a33 ---------------------------------------- Risk Factor: low Title: chrony using non-default configuration Summary: chrony behavior will not change in RHEL8 Key: 9acbfcce3d310a70b602c7ab0a9c2cb94eb6b63f ---------------------------------------- Risk Factor: low Title: Dosfstools incompatible changes in the next major version Summary: The automatic alignment of data clusters that was added in 3.0.8 and broken for FAT32 starting with 3.0.20 has been reinstated. If you need to create file systems for finicky devices that have broken FAT implementations use the option -a to disable alignment. The fsck.fat now defaults to interactive repair mode which previously had to be selected with the -r option. Remediation: [hint] Please update your scripts to be compatible with the changes. Key: c75fe5e06c70d9e764703fa2611f917c75946226 ---------------------------------------- Risk Factor: low Title: The subscription-manager release is going to be set after the upgrade Summary: After the upgrade has completed the release of the subscription-manager will be set to 8.6. This will ensure that you will receive and keep the version you choose to upgrade to. Remediation: [hint] If you wish to receive updates for the latest released version of the target system, run `subscription-manager release --unset` after the upgrade. Key: 747a4ca25303eda17d1891bb85eeb226be14f252 ---------------------------------------- Risk Factor: info Title: Excluded target system repositories Summary: The following repositories are not supported by Red Hat and are excluded from the list of repositories used during the upgrade. - codeready-builder-beta-for-rhel-8-s390x-rpms - codeready-builder-beta-for-rhel-8-ppc64le-rpms - rhui-codeready-builder-for-rhel-8-x86_64-rhui-rpms - codeready-builder-for-rhel-8-aarch64-eus-rpms - codeready-builder-for-rhel-8-ppc64le-eus-rpms - codeready-builder-beta-for-rhel-8-x86_64-rpms - codeready-builder-for-rhel-8-aarch64-rpms - codeready-builder-for-rhel-8-s390x-rpms - codeready-builder-for-rhel-8-s390x-eus-rpms - codeready-builder-for-rhel-8-x86_64-eus-rpms - codeready-builder-beta-for-rhel-8-aarch64-rpms - codeready-builder-for-rhel-8-rhui-rpms - codeready-builder-for-rhel-8-x86_64-rhui-rpms - codeready-builder-for-rhel-8-x86_64-rpms - codeready-builder-for-rhel-8-x86_64-eus-rhui-rpms - codeready-builder-for-rhel-8-ppc64le-rpms Remediation: [hint] If some of excluded repositories are still required to be used during the upgrade, execute leapp with the --enablerepo option with the repoid of the repository required to be enabled as an argument (the option can be used multiple times). Key: 1b9132cb2362ae7830e48eee7811be9527747de8 ---------------------------------------- Risk Factor: info Title: Automatic registration into Red Hat Insights Summary: After the upgrade, this system will be automatically registered into Red Hat Insights. The 'insights-client' package required for the registration will be installed during the upgrade. To skip the automatic registration, use the '--no-insights-register' command line option or set the LEAPP_NO_INSIGHTS_REGISTER environment variable. Key: 693963253195f418526f045b6d630a1f4c7a193d ---------------------------------------- Risk Factor: info Title: SElinux disabled Summary: SElinux disabled, continuing... Key: 4f25fea9b15b9d1d07d52cc1de02073f295dac3d ---------------------------------------- Risk Factor: info Title: Current PAM and nsswitch.conf configuration will be kept. Summary: There is a new tool called authselect in RHEL8 that replaced authconfig. The upgrade process was unable to find an authselect profile that would be equivalent to your current configuration. Therefore your configuration will be left intact. Key: 40c4ab1da4a30dc1ca40e543f6385e1336d8810c ----------------------------------------