rocky-linux/rocky-tools
4
0
Fork 0
mirror of https://github.com/rocky-linux/rocky-tools.git synced 2024-11-24 06:01:24 +00:00
Code Issues Projects Releases Activity

Merge remote-tracking branch 'origin/main' into set-mirror-url

Browse Source
This commit is contained in:
Maik Stuebner 2021-08-17 08:22:06 +02:00
commit dfcac6e04f
2 changed files with 499 additions and 353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
migrate2rocky/README.md
View File

@ -71,7 +71,7 @@ dnf command or the migration. You may safely ignore this message.
#### Grub still shows kernel entries from previous installation
This is normal. The running kernel cannot be safely removed when migrate2rocky
is run. The RockyLinux kernel should come up as the default highlighed kernel
is run. The RockyLinux kernel should come up as the default highlighted kernel
on reboot but the other ones will remain until they are removed or replaced by
newer kernels. If you want you can manually remove the old kernels after reboot
with dnf or rpm.
@ -96,6 +96,21 @@ fix this issue run the following command after migration:
```
ipa-server-upgrade --skip-version-check
```
> Note: Since ipa-server-upgrade is a java program you will likely have to run
> the command to mitigate the "Symbolic links to Java programs..." issue above
> before running this command.
#### CentOS SIG repositories disappear after migrating to RockyLinux.
This is because the centos-release-* packages that contain the .repo files for
the individual repositories depend on centos-release. Storage sig and related
release packages should be available soon from RockyLinux. In the meantine you
can use a command like the following to install the .repo files and continue to
use the repository from CentOS (note please substitute the URL to the release
package for the repo that you need):
```
rpm2cpio <(curl http://mirror.centos.org/centos/8/extras/x86_64/os/Packages/centos-release-gluster9-1.0-1.el8.noarch.rpm) | cpio -iD/ \*.repo
```
### Latest Version

213
migrate2rocky/migrate2rocky.sh
View File

@ -46,7 +46,8 @@ fi
# Make sure we're root.
if (( EUID != 0 )); then
printf '%s\n' "You must run this script as root. Either use sudo or 'su -c ${0}'" >&2
printf '%s\n' \
"You must run this script as root. Either use sudo or 'su -c ${0}'" >&2
exit 1
fi
@ -105,7 +106,8 @@ errmsg () {
printf '%s%s%s' "$errcolor" "$msg" "$nocolor" >&4
}
export LC_ALL=en_US.UTF-8 LANGUAGE=en_US
export LC_ALL=C.UTF-8
unset LANGUAGE
shopt -s nullglob
SUPPORTED_MAJOR="8"
@ -121,6 +123,15 @@ gpg_key_sha512="88fe66cf0a68648c2371120d56eb509835266d9efdf7c8b9ac8fc101bdf1f0e0
sm_ca_dir=/etc/rhsm/ca
unset tmp_sm_ca_dir
# The repos package for CentOS stream requires special handling.
declare -g -A stream_repos_pkgs
stream_repos_pkgs=(
[rocky-repos]=centos-stream-repos
[epel-release]=epel-next-release
)
# Prefix to add to CentOS stream repo names when renaming them.
stream_prefix=stream-
unset CDPATH
exit_message() {
@ -182,14 +193,21 @@ exit_clean () {
if [[ -d "$tmp_dir" ]]; then
rm -rf "$tmp_dir"
fi
if [[ -f "$container_macros" ]]; then
rm -f "$container_macros"
fi
}
pre_check () {
if [[ -e /etc/rhsm/ca/katello-server-ca.pem ]]; then
exit_message "Migration from Katello-modified systems is not supported by migrate2rocky. See the README file for details."
exit_message \
'Migration from Katello-modified systems is not supported by migrate2rocky. '\
'See the README file for details.'
fi
if [[ -e /etc/salt/minion.d/susemanager.conf ]]; then
exit_message "Migration from Uyuni/SUSE Manager-modified systems is not supported by migrate2rocky. See the README file for details."
exit_message \
'Migration from Uyuni/SUSE Manager-modified systems is not supported by '\
'migrate2rocky. See the README file for details.'
fi
}
@ -259,19 +277,20 @@ create_repo_files () {
# All of the binaries used by this script are available in a EL8 minimal install
# and are in /bin, so we should not encounter a system where the script doesn't
# work unless it's severly broken. This is just a simple check that will cause
# work unless it's severely broken. This is just a simple check that will cause
# the script to bail if any expected system utilities are missing.
bin_check() {
# Check the platform.
if [[ $(os-release PLATFORM_ID) != "$SUPPORTED_PLATFORM" ]]; then
exit_message "This script must be run on an EL8 distribution. Migration from other distributions is not supported."
exit_message \
'This script must be run on an EL8 distribution. Migration from other '\
'distributions is not supported.'
fi
local -a missing bins
bins=(
rpm dnf awk column tee tput mkdir
cat arch sort uniq rmdir rm head
curl sha512sum mktemp
rpm dnf awk column tee tput mkdir cat arch sort uniq rmdir
rm head curl sha512sum mktemp systemd-detect-virt sed
)
if [[ $update_efi ]]; then
bins+=(findmnt grub2-mkconfig efibootmgr grep mokutil lsblk)
@ -299,7 +318,9 @@ bin_check() {
done;
if (( ${#missing[@]} )); then
exit_message "Commands not found: ${missing[*]}. Possible bad PATH setting or corrupt installation."
exit_message \
"Commands not found: ${missing[*]}. Possible bad PATH setting or corrupt "\
"installation."
fi
}
@ -309,7 +330,7 @@ bin_check() {
repoquery () {
local name val prev result
result=$(
dnf -q --setopt=epel.excludepkgs=epel-release repoquery -i "$1" ||
dnf -y -q --setopt=epel.excludepkgs=epel-release repoquery -i "$1" ||
exit_message "Failed to fetch info for package $1."
)
if ! [[ $result ]]; then
@ -331,7 +352,7 @@ repoquery () {
# info for the resulting repository.
repoinfo () {
local name val result
result=$(dnf -q repoinfo "$1") ||
result=$(dnf -y -q repoinfo "$1") ||
exit_message "Failed to fetch info for repository $1."
if [[ $result == 'Total packages: 0' ]]; then
# We didn't match this repo.
@ -385,17 +406,17 @@ provides_pkg () (
fi
set -o pipefail
provides=$(dnf -q provides "$1" | awk '{print $1; nextfile}') ||
provides=$(dnf -y -q provides "$1" | awk '{print $1; nextfile}') ||
return 1
set +o pipefail
pkg=$(rpm -q --queryformat '%{NAME}\n' "$provides") ||
pkg=$(dnf -q repoquery --queryformat '%{NAME}\n' "$provides") ||
pkg=$(dnf -y -q repoquery --queryformat '%{NAME}\n' "$provides") ||
exit_message "Can't get package name for $provides."
printf '%s\n' "$pkg"
)
# If you pass an empty arg as one of the package specs to rpm it will match
# every package on the system. This funtion simply strips out any empty args
# every package on the system. This function simply strips out any empty args
# and passes the rest to rpm to avoid this side-effect.
saferpm () (
args=()
@ -462,7 +483,9 @@ collect_system_info () {
# check if EFI secure boot is enabled
if [[ $update_efi ]]; then
if mokutil --sb-state 2>&1 | grep -q "SecureBoot enabled"; then
exit_message "EFI Secure Boot is enabled but Rocky Linux doesn't provide a signed shim yet. Disable EFI Secure Boot and reboot."
exit_message \
"EFI Secure Boot is enabled but Rocky Linux doesn't provide a signed shim yet."\
" Disable EFI Secure Boot and reboot."
fi
fi
@ -509,10 +532,13 @@ collect_system_info () {
repo_map[$r]=${repoquery_results[Repository]}
done
printf '%s\n' '' '' "Found the following repositories which map from $PRETTY_NAME to Rocky Linux 8:"
column -t -s $'\t' -N "$PRETTY_NAME,Rocky Linux 8" < <(for r in "${!repo_map[@]}"; do
printf '%s\n' '' '' \
"Found the following repositories which map from $PRETTY_NAME to Rocky Linux 8:"
column -t -s $'\t' -N "$PRETTY_NAME,Rocky Linux 8" < <(
for r in "${!repo_map[@]}"; do
printf '%s\t%s\n' "${repo_map[$r]}" "$r"
done)
done
)
infomsg $'\n'"Getting system package names for $PRETTY_NAME"
@ -584,14 +610,20 @@ $'because continuing with the migration could cause further damage to system.'
addl_pkg_removes+=("$pkg")
done
printf '%s\n' '' '' "Found the following system packages which map from $PRETTY_NAME to Rocky Linux 8:"
column -t -s $'\t' -N "$PRETTY_NAME,Rocky Linux 8" < <(for p in "${!pkg_map[@]}"; do
printf '%s\n' '' '' \
"Found the following system packages which map from $PRETTY_NAME to Rocky "\
"Linux 8:"
column -t -s $'\t' -N "$PRETTY_NAME,Rocky Linux 8" < <(
for p in "${!pkg_map[@]}"; do
printf '%s\t%s\n' "${pkg_map[$p]}" "$p"
done)
done
)
infomsg $'\n'"Getting list of installed system packages."$'\n'
readarray -t installed_packages < <(saferpm -qa --queryformat="%{NAME}\n" "${pkg_map[@]}")
readarray -t installed_packages < <(
saferpm -qa --queryformat="%{NAME}\n" "${pkg_map[@]}"
)
declare -g -A installed_pkg_check installed_pkg_map
for p in "${installed_packages[@]}"; do
installed_pkg_check[$p]=1
@ -602,22 +634,56 @@ $'because continuing with the migration could cause further damage to system.'
fi
done;
printf '%s\n' '' "We will replace the following $PRETTY_NAME packages with their Rocky Linux 8 equivalents"
# Special Handling for CentOS Stream Repos
installed_sys_stream_repos_pkgs=()
installed_stream_repos_pkgs=()
for p in "${!stream_repos_pkgs[@]}"; do
if [[ ${installed_pkg_map[$p]} &&
${installed_pkg_map[$p]} == "${stream_repos_pkgs[$p]}" ]]
then
# System package that needs to be swapped / disabled
installed_pkg_map[$p]=
installed_sys_stream_repos_pkgs+=( ${stream_repos_pkgs[$p]} )
elif rpm --quiet -q "${stream_repos_pkgs[$p]}"; then
# Non-system package, repos just need to be disabled.
installed_stream_repos_pkgs+=( ${stream_repos_pkgs[$p]} )
fi
done
printf '%s\n' '' \
"We will replace the following $PRETTY_NAME packages with their Rocky Linux 8 "\
"equivalents"
column -t -s $'\t' -N "Packages to be Removed,Packages to be Installed" < <(
for p in "${!installed_pkg_map[@]}"; do
printf '%s\t%s\n' "${installed_pkg_map[$p]}" "$p"
done
)
if (( ${#installed_sys_stream_repos_pkgs[@]} )); then
printf '%s\n' '' \
'Also to aid the transition from CentOS Stream the following packages will be '\
'removed from the rpm database but the included repos will be renamed and '\
'retained but disabled:' \
"${installed_sys_stream_repos_pkgs[@]}"
fi
if (( ${#installed_stream_repos_pkgs[@]} )); then
printf '%s\n' '' \
'Also to aid the transition from CentOS Stream the repos included in the '\
'following packages will be renamed and retained but disabled:' \
"${installed_stream_repos_pkgs[@]}"
fi
if (( ${#addl_pkg_removes[@]} )); then
printf '%s\n' '' "In addition to the above the following system packages will be removed:" \
printf '%s\n' '' \
"In addition to the above the following system packages will be removed:" \
"${addl_pkg_removes[@]}"
fi
# Release packages that are part of SIG's should be listed below when they
# are available.
# UPDATE: We may or may not do something with SIG's here, it could just be
# left as a separate excersize to swap out the sig repos.
# left as a separate exercise to swap out the sig repos.
#sigs_to_swap=()
infomsg '%s' $'\n' \
@ -626,7 +692,7 @@ $'because continuing with the migration could cause further damage to system.'
# Get a list of system enabled modules.
readarray -t enabled_modules < <(
set -e -o pipefail
safednf -q "${repo_map[@]/#/--repo=}" module list --enabled |
safednf -y -q "${repo_map[@]/#/--repo=}" module list --enabled |
awk '
$1 == "@modulefailsafe", /^$/ {next}
$1 == "Name", /^$/ {if ($1!="Name" && !/^$/) print $1":"$2}
@ -669,13 +735,16 @@ $'because continuing with the migration could cause further damage to system.'
"${enabled_modules[@]}" ''
if (( ${#managed_repos[@]} )); then
printf '%s\n' '' "In addition, since this system uses subscription-manger the following managed repos will be disabled:" \
printf '%s\n' '' \
'In addition, since this system uses subscription-manager the following '\
'managed repos will be disabled:' \
"${managed_repos[@]}"
fi
}
convert_info_dir=/root/convert
unset convert_to_rocky reinstall_all_rpms verify_all_rpms update_efi
unset convert_to_rocky reinstall_all_rpms verify_all_rpms update_efi \
container_macros
usage() {
printf '%s\n' \
@ -697,9 +766,13 @@ usage() {
generate_rpm_info() {
mkdir /root/convert
infomsg "Creating a list of RPMs installed: $1"$'\n'
rpm -qa --qf "%{NAME}|%{VERSION}|%{RELEASE}|%{INSTALLTIME}|%{VENDOR}|%{BUILDTIME}|%{BUILDHOST}|%{SOURCERPM}|%{LICENSE}|%{PACKAGER}\n" | sort > "${convert_info_dir}/$HOSTNAME-rpm-list-$1.log"
rpm -qa --qf \
"%{NAME}|%{VERSION}|%{RELEASE}|%{INSTALLTIME}|%{VENDOR}|%{BUILDTIME}|"\
"%{BUILDHOST}|%{SOURCERPM}|%{LICENSE}|%{PACKAGER}\n" |
sort > "${convert_info_dir}/$HOSTNAME-rpm-list-$1.log"
infomsg "Verifying RPMs installed against RPM database: $1"$'\n\n'
rpm -Va | sort -k3 > "${convert_info_dir}/$HOSTNAME-rpm-list-verified-$1.log"
rpm -Va | sort -k3 > \
"${convert_info_dir}/$HOSTNAME-rpm-list-verified-$1.log"
}
# Run a dnf update before the actual migration.
@ -711,7 +784,7 @@ $'unstable state. Please correct the issues shown here and try again.'
}
package_swaps() {
# Save off any subscription-manger keys, just in case.
# Save off any subscription-manager keys, just in case.
if ( shopt -s failglob dotglob; : "$sm_ca_dir"/* ) 2>/dev/null ; then
tmp_sm_ca_dir=$tmp_dir/sm-certs
mkdir "$tmp_sm_ca_dir" ||
@ -728,6 +801,25 @@ package_swaps() {
dnfparameters+=( "--setopt=${repo}.gpgkey=file://${gpg_key_file}" )
done
# CentOS Stream specific processing
if (( ${#installed_stream_repos_pkgs[@]} )); then
# Get a list of the repo files.
local -a repos_files
readarray -t repos_files < <(
saferpm -ql "${installed_sys_stream_repos_pkgs[@]}" \
"${installed_stream_repos_pkgs[@]}" |
grep '^/etc/yum\.repos\.d/.\+\.repo$'
)
# Remove the package from the rpm db.
saferpm -e --justdb --nodeps -a "${installed_sys_stream_repos_pkgs[@]}" ||
exit_message \
"Could not remove packages from the rpm db: ${installed_sys_stream_repos_pkgs[@]}"
# Rename the stream repos with a prefix.
sed -i 's/^\[/['"$stream_prefix"'/' "${repos_files[@]}"
fi
# Use dnf shell to swap the system packages out.
safednf -y shell --disablerepo=\* --noautoremove \
--setopt=protected_packages= --setopt=keepcache=True \
@ -739,7 +831,8 @@ package_swaps() {
exit
EOF
# rocky-repos and rocky-gpg-keys are now installed, so we don't need the key file anymore
# rocky-repos and rocky-gpg-keys are now installed, so we don't need the
# key file anymore
rm -rf "$gpg_tmp_dir"
# when you want to migrate with internal mirror repo server, we create repo files
@ -838,7 +931,8 @@ EOF
if (( ${#managed_repos[@]} )); then
# Filter the managed repos for ones still in the system.
readarray -t managed_repos < <(
safednf -q repolist "${managed_repos[@]}" | awk '$1!="repo" {print $1}'
safednf -y -q repolist "${managed_repos[@]}" |
awk '$1!="repo" {print $1}'
)
if (( ${#managed_repos[@]} )); then
@ -860,7 +954,7 @@ EOF
exit_message "Can't enable modules ${enabled_modules[*]}"
fi
# Make sure that excluded repos are disabled.
# Make sure that excluded modules are disabled.
infomsg $'Disabling excluded modules\n\n'
safednf -y module disable "${module_excludes[@]}" ||
exit_message "Can't disable modules ${module_excludes[*]}"
@ -868,8 +962,39 @@ EOF
infomsg $'\nSyncing packages\n\n'
dnf -y distro-sync || exit_message "Error during distro-sync."
# Disable Stream repos.
if (( ${#installed_sys_stream_repos_pkgs[@]} ||
${#installed_stream_repos_pkgs[@]} )); then
dnf -y --enableplugin=config_manager config-manager --set-disabled \
"$stream_prefix*" ||
errmsg \
$'Failed to disable CentOS Stream repos, please check and disable manually.\n'
infomsg $'\nCentOS Stream Migration Notes:\n\n'
cat <<EOF
Because CentOS Stream leads RockyLinux by the next point release many packages
in Stream will have higher version numbers than those in RockyLinux, some will
even be rebased to a new upstream version. Downgrading these packages to the
versions in RockyLinux carries the risk that the older version may not
recognize config files, data or other files generated by the newer version in
Stream.
To avoid issues with this the newer package versions from CentOS Stream have
been retained. Also the CentOS Stream repositories have been retained but
renamed with a prefix of "stream-" to avoid clashing with RockyLinux
repositories, but these same repos have also been disabled so that future
package installs will come from the stock RockyLinux repositories.
If you do nothing except update to the next point release of RockyLinux when it
becomes available then the packages retained from Stream should be replaced at
that time. If you need to update a package from Stream (eg: to fix a bug or
security issue) then you will need to enable the appropriate repository to do
so.
EOF
fi
if rpm --quiet -q subscription-manager; then
infomsg $'Subscription Manager found on system.\n'
infomsg $'Subscription Manager found on system.\n\n'
cat <<EOF
If you're converting from a subscription-managed distribution such as RHEL then
you may no longer need subscription-manager or dnf-plugin-subscription-manager.
@ -884,7 +1009,6 @@ The subscription-manager dnf plugin may be enabled for the benefit of
Subscription Management. If no longer desired, you can use
"subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this
behavior.
EOF
fi
if [[ $tmp_sm_ca_dir ]]; then
@ -926,8 +1050,13 @@ efi_check () {
exit_message "/sys is not accessible."
fi
# Now that we know /sys is reliable, use it to check if we are running on EFI or not
if [[ -d /sys/firmware/efi/ ]]; then
# Now that we know /sys is reliable, use it to check if we are running on
# EFI or not
if systemd-detect-virt --quiet --container; then
declare -g container_macros
container_macros=$(mktemp /etc/rpm/macros.zXXXXXX)
printf '%s\n' '%_netsharedpath /sys:/proc' > "$container_macros"
elif [[ -d /sys/firmware/efi/ ]]; then
declare -g update_efi
update_efi=true
fi
@ -946,13 +1075,15 @@ fix_efi () (
# Download and verify the Rocky Linux package signing key
establish_gpg_trust () {
# create temp dir and verify it is really created and empty, so we are sure deleting it afterwards won't cause any harm
# create temp dir and verify it is really created and empty, so we are sure
# deleting it afterwards won't cause any harm
declare -g gpg_tmp_dir
gpg_tmp_dir=$tmp_dir/gpg
if ! mkdir "$gpg_tmp_dir" || [[ ! -d "$gpg_tmp_dir" ]]; then
exit_message "Error creating temp dir"
fi
# failglob makes pathname expansion fail if empty, dotglob adds files starting with . to pathname expansion
# failglob makes pathname expansion fail if empty, dotglob adds files
# starting with . to pathname expansion
if ( shopt -s failglob dotglob; : "$gpg_tmp_dir"/* ) 2>/dev/null ; then
exit_message "Temp dir not empty"
fi