Bugzilla – Attachment 309 Details for
Bug 1504
Detected loaded kernel drivers which have been removed in Anolis 8. Upgrade cannot proceed
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
Support for the following Anolis 7 device drivers has been removed in Anolis 8: - mptspi
leapp-report.txt (text/plain), 13.47 KB, created by
nbyztang
on 2022-06-27 10:42:27 UTC
(
hide
)
Description:
Support for the following Anolis 7 device drivers has been removed in Anolis 8: - mptspi
Filename:
MIME Type:
Creator:
nbyztang
Created:
2022-06-27 10:42:27 UTC
Size:
13.47 KB
patch
obsolete
>Risk Factor: high (inhibitor) >Title: Not enough space on /boot >Summary: /boot needs additional 40.25390625 MiB to be able to accomodate the upgrade initramfs and new kernel. >Key: 3f12a83ef52957d6c17aa7c9c5df87cd69415b09 >---------------------------------------- >Risk Factor: high (inhibitor) >Title: Possible problems with remote login using root account >Summary: OpenSSH configuration file does not explicitly state the option PermitRootLogin in sshd_config file, which will default in Anolis8 to "prohibit-password". >Remediation: [hint] If you depend on remote root logins using passwords, consider setting up a different user for remote administration or adding "PermitRootLogin yes" to sshd_config. >Key: 3d21e8cc9e1c09dc60429de7716165787e99515f >---------------------------------------- >Risk Factor: high (inhibitor) >Title: Detected loaded kernel drivers which have been removed in Anolis 8. Upgrade cannot proceed. >Summary: Support for the following Anolis 7 device drivers has been removed in Anolis 8: > - mptspi > >Remediation: [hint] Please disable detected kernel drivers in order to proceed with the upgrade process using the rmmod or modprobe -r. >Key: ec456dcdbb0547faca7dfdc10fb2a1e5e1a1e89b >---------------------------------------- >Risk Factor: high (inhibitor) >Title: Missing required answers in the answer file >Summary: One or more sections in answerfile are missing user choices: remove_pam_pkcs11_module_check.confirm >For more information consult https://leapp.readthedocs.io/en/latest/dialogs.html >Remediation: [hint] Please register user choices with leapp answer cli command or by manually editing the answerfile. >[command] leapp answer --section remove_pam_pkcs11_module_check.confirm=True >Key: d35f6c6b1b1fa6924ef442e3670d90fa92f0d54b >---------------------------------------- >Risk Factor: high >Title: Difference in Python versions and support in Anolis 8 >Summary: In Anolis 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages. >Remediation: [hint] Please run "alternatives --set python /usr/bin/python3" after upgrade >Key: 0beebf1bd0aa0fc6d980036608e2405993598d7c >---------------------------------------- >Risk Factor: high >Title: openssl ciphers have import changes between 1.0.2 and 1.1.1 >Summary: Anolis8 will introduce openssl 1.1.1, openssl-1.1.1 remove some ciphers which are default enabled on openssl-1.0.2, these ciphers are: >DH-DSS-AES256-GCM-SHA384 >DH-RSA-AES256-GCM-SHA384 >DH-RSA-AES256-SHA256 >DH-DSS-AES256-SHA256 >DH-RSA-AES256-SHA >DH-DSS-AES256-SHA >DH-RSA-CAMELLIA256-SHA >DH-DSS-CAMELLIA256-SHA >ECDH-RSA-AES256-GCM-SHA384 >ECDH-ECDSA-AES256-GCM-SHA384 >ECDH-RSA-AES256-SHA384 >ECDH-ECDSA-AES256-SHA384 >ECDH-RSA-AES256-SHA >ECDH-ECDSA-AES256-SHA >DH-DSS-AES128-GCM-SHA256 >DH-RSA-AES128-GCM-SHA256 >DH-RSA-AES128-SHA256 >DH-DSS-AES128-SHA256 >DH-RSA-AES128-SHA >DH-DSS-AES128-SHA >DH-RSA-SEED-SHA >DH-DSS-SEED-SHA >DH-RSA-CAMELLIA128-SHA >DH-DSS-CAMELLIA128-SHA >ECDH-RSA-AES128-GCM-SHA256 >ECDH-ECDSA-AES128-GCM-SHA256 >ECDH-RSA-AES128-SHA256 >ECDH-ECDSA-AES128-SHA256 >ECDH-RSA-AES128-SHA >ECDH-ECDSA-AES128-SHA >EDH-RSA-DES-CBC3-SHA >EDH-DSS-DES-CBC3-SHA >DH-RSA-DES-CBC3-SHA >DH-DSS-DES-CBC3-SHA >ECDH-RSA-DES-CBC3-SHA >ECDH-ECDSA-DES-CBC3-SHA >KRB5-IDEA-CBC-SHA >KRB5-DES-CBC3-SHA >KRB5-IDEA-CBC-MD5 >KRB5-DES-CBC3-MD5 >ECDH-RSA-RC4-SHA >ECDH-ECDSA-RC4-SHA >RC4-MD5 >KRB5-RC4-SHA >KRB5-RC4-MD5 >Remediation: [hint] Please make sure your application do not use these ciphers and modify to use other ciphers. >Key: bf75fb7983c69074993888215d35600da270353b >---------------------------------------- >Risk Factor: high >Title: Some important changes about glibc >Summary: The GLIBC version of Anolis8 is 2.28. This version no longer supports nss related modules, no longer providing libnss_nis.so, libnss_nisplus.so. >/etc/nsswitch.conf deletes all configurations related to nis. The fast cache mechanism provided by the sssd can enhance the parsing performance of user and groups, /etc/nsswitch.conf defaults to set the preferences for passwd and group for sss. >All code that relies and uses the nis module requires rectification, you can use tirpc instead. >Key: 4a827ef2a5b9e218369ef2ce0f383ff05f8ffb86 >---------------------------------------- >Risk Factor: high >Title: GRUB core will be updated during upgrade >Summary: On legacy (BIOS) systems, GRUB core (located in the gap between the MBR and the first partition) does not get automatically updated when GRUB is upgraded. >Key: baa75fad370c42fd037481909201cde9495dacf4 >---------------------------------------- >Risk Factor: high >Title: systemd related configs have importand changes in new version >Summary: /etc/systemd/journal.conf import two options: SystemMaxFiles and RuntimeMaxFiles. These two options are used to limit the count of journal files, default is 100. So in Anolis8, the default journal files will be 100, and the journal files olderthan 100 will be removed, thus system logs will be lost when os has large number of logs. >/etc/systemd/journal.conf move option ForwordToSyslog from yes to no by default, this means that logs recevied by journal are no longer forwarded to syslog by default, Anolis8 use rsyslog by default and rsyslog reads directly journal data. >/etc/systemd/system.conf rename CrashChVT to CrashChangeVT, the old options are still compatible, but the valut meaning of CrashChangeVT has changed. Centos7 accepts int type parameters, where a positive number represents the virtual terminal corresponding to this number when systemd crashes, such as /dev/tty1, and a zero or negative number indicates that systemd does not switch virtual terminals when systemd crashes. In anolis8, it accepts positive or bool type parameters, but it is still compatible with the old parameter types. A positive number means that systemd will switch to the virtual terminal corresponding to this number when a crash occurs. A negative number /0/no/n/false/f/off means that systemd will not switch the virtual terminal when a crash occurs. The yes/y/true/t/on parameter represents the virtual terminal that switches to the kernel log printing when systemd crashes. The value of this parameter changes from 1 to no before and after the switch, indicating that the terminal will not be switched when systemd crashes. >/etc/systemd/system.conf configuration option DefaultTasksMax changes: There is no limit by default in centos7. In anolis8.2, the number of threads that each service can have is min (kernel.pid_max, kernel.threads-max, pids.max of root-cgroup) * 80% by default. > >Key: f77a08e99af1a1b39188c31c3763c635135d8dbb >---------------------------------------- >Risk Factor: high >Title: Packages not signed by Red Hat found on the system >Summary: The following packages have not been signed by Red Hat and may be removed during the upgrade process in case Red Hat-signed packages to be removed during the upgrade depend on them: >- gpg-pubkey >Key: 13f0791ae5f19f50e7d0d606fb6501f91b1efb2c >---------------------------------------- >Risk Factor: low >Title: Some enabled RPM repositories are unknown to Leapp >Summary: The following repositories with Red Hat-signed packages are unknown to Leapp: >- migration >And the following packages installed from those repositories may not be upgraded: >- python2-leapp >- leapp-repository-deps >- leapp-repository >- leapp-deps >- leapp >Remediation: [hint] You can file a request to add this repository to the scope of in-place upgrades by filing a support ticket >Key: 8e89e20c645cea600b240156071d81c64daab7ad >---------------------------------------- >Risk Factor: low >Title: Postfix has incompatible changes in the next major version >Summary: Postfix 3.x has so called "compatibility safety net" that runs Postfix programs with backwards-compatible default settings. It will log a warning whenever backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net. >The backward compatibility safety net is by default turned off in Red Hat Enterprise Linux 8. >It can be turned on by running: "postconf -e compatibility_level=0 >It can be turned off by running: "postconf -e compatibility_level=2 > >In the Postfix MySQL database client, the default "option_group" value has changed to "client", i.e. it now reads options from the [client] group from the MySQL configuration file. To disable it, set "option_group" to the empty string. > >The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment. > >Postfix 3.2 enables elliptic curve negotiation. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter "tls_eecdh_auto_curves" with the names of curves that may be negotiated. > >The "master.cf" chroot default value has changed from "y" (yes) to "n" (no). This applies to master.cf services where chroot field is not explicitly specified. > >The "append_dot_mydomain" default value has changed from "yes" to "no". You may need changing it to "yes" if senders cannot use complete domain names in e-mail addresses. > >The "relay_domains" default value has changed from "$mydestination" to the empty value. This could result in unexpected "Relay access denied" errors or ETRN errors, because now will postfix by default relay only for the localhost. > >The "mynetworks_style" default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could result in unexpected "access denied" errors, because postfix will now by default trust only the local machine, not the remote SMTP clients on the same IP subnetwork. > >Postfix now supports dynamically loaded database plugins. Plugins are shipped in individual RPM sub-packages. Correct database plugins have to be installed, otherwise the specific database client will not work. For example for PostgreSQL map to work, the postfix-pgsql RPM package has to be installed. > >Key: 5721e0a07a67d82cf7e5ea6f17662cd4f82e0a33 >---------------------------------------- >Risk Factor: low >Title: sysvinit-tools is replaced by util-linux and procps-ng >Summary: In Anolis 8, sysvinit-tools is removed, sysvinit-tools contains the following commands: last, lastb, mesg, wall, pidof and killall5. In Anolis 8 system, last, lastb, mesg and wall are provided by util-linux, pidof is provided by procps-ng. >Killall5 is a systemV command, the Centos 7 / Centos 8 are now based on systemd. In addition, pidof provided by sysvinit-tools is actually a soft link to killall5. In Anolis 8, pidof is provided by procps-ng instead. So, sysvinit-tools in Anolis 8 is replaced by util-linux and procps-ng. >Key: a1e45711615f14f4df19143de10b2208a5f0b9a3 >---------------------------------------- >Risk Factor: low >Title: SElinux will be set to permissive mode >Summary: SElinux will be set to permissive mode. Current mode: enforcing. This action is required by the upgrade process >Key: 39d7183dafba798aa4bbb1e70b0ef2bbe5b1772f >---------------------------------------- >Risk Factor: low >Title: audispd is moved from audit to audispd-plugins >Summary: In Anolis8, audispd related files is moved to audispd-plugins package, and audispd-plugins is not installed by default, if you want to use audispd, please install audispd-plugins. >Key: 644c880c9bb477a6df0d9a175d23d9f575248d05 >---------------------------------------- >Risk Factor: low >Title: Grep has incompatible changes in the next major version >Summary: If a file contains data improperly encoded for the current locale, and this is discovered before any of the file's contents are output, grep now treats the file as binary. >The 'grep -P' no longer reports an error and exits when given invalid UTF-8 data. Instead, it considers the data to be non-matching. >In locales with multibyte character encodings other than UTF-8, grep -P now reports an error and exits instead of misbehaving. >When searching binary data, grep now may treat non-text bytes as line terminators. This can boost performance significantly. >The 'grep -z' no longer automatically treats the byte '\200' as binary data. >Context no longer excludes selected lines omitted because of -m. For example, 'grep "^" -m1 -A1' now outputs the first two input lines, not just the first line. > >Remediation: [hint] Please update your scripts to be compatible with the changes. >Key: 94665a499e2eeee35eca3e7093a7abe183384b16 >---------------------------------------- >Risk Factor: low >Title: ntpd configuration will be migrated >Summary: ntpd service(s) detected to be enabled and active >Key: d4f0dd45b68c738ab3a57d77c5444e1c41ed80b0 >---------------------------------------- >Risk Factor: low >Title: man-db.cron is not enabled by default >Summary: Anolis8 move /etc/cron.d/man-db.cron from man-db to man-db-cron, man-db.cron is used to periodic update of man-db cache, if you need this feature, please instal man-db-cron. >Key: b17537db9c42ff141519da3d12da11af02270a98 >---------------------------------------- >Risk Factor: info >Title: SElinux relabeling has been scheduled >Summary: SElinux relabeling has been scheduled as the status was permissive/enforcing. >Key: c12a05a22be0b5bc0af3f1119898ea6d8639d9c4 >---------------------------------------- >Risk Factor: info >Title: Current PAM and nsswitch.conf configuration will be kept. >Summary: There is a new tool called authselect in Anolis8 that replaced authconfig. The upgrade process was unable to find an authselect profile that would be equivalent to your current configuration. Therefore your configuration will be left intact. >Key: 40c4ab1da4a30dc1ca40e543f6385e1336d8810c >----------------------------------------
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=309">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 1504
: 309