Error while upgrading 8.7 to 9

[kiranrs]

While upgrading Almalinux 8.7 to 9 , I'm getting the following error. I followed this article.

Leapp report

Risk Factor: high (inhibitor)
Title: Detected RPMs with RSA/SHA1 signature
Summary: Digital signatures using SHA-1 hash algorithm are no longer considered secure and are not allowed to be used on RHEL 9 systems by default. This causes issues when using DNF/RPM to handle packages with RSA/SHA1 signatures as the signature cannot be checked with the default cryptographic policy. Any such packages cannot be installed, removed, or replaced unless the signature check is disabled in dnf/rpm or SHA-1 is enabled using non-default crypto-policies. For more information see the following documents:
  - Major changes in RHEL 9: https://red.ht/rhel-9-overview-major-changes
  - Security Considerations in adopting RHEL 9: https://red.ht/rhel-9-security-considerations
 The list of problematic packages:
    - lsphp74-pecl-mcrypt (DSA/SHA1, Thu 12 Dec 2019 12:27:16 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-imap (DSA/SHA1, Wed 26 Apr 2023 05:59:02 AM IST, Key ID 3f6f627083084d0e)
    - lsphp74-imap (DSA/SHA1, Wed 09 Nov 2022 01:49:41 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-gd (DSA/SHA1, Wed 26 Apr 2023 05:59:01 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-intl (DSA/SHA1, Wed 26 Apr 2023 05:59:03 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-pecl-msgpack (DSA/SHA1, Thu 22 Dec 2022 01:13:51 PM IST, Key ID 3f6f627083084d0e)
    - lsphp74-pdo (DSA/SHA1, Wed 09 Nov 2022 01:49:43 AM IST, Key ID 3f6f627083084d0e)
    - lsphp74-gd (DSA/SHA1, Wed 09 Nov 2022 01:49:40 AM IST, Key ID 3f6f627083084d0e)
    - lsphp74-process (DSA/SHA1, Wed 09 Nov 2022 01:49:44 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81 (DSA/SHA1, Wed 26 Apr 2023 05:58:57 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-xml (DSA/SHA1, Wed 26 Apr 2023 05:59:09 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-zip (DSA/SHA1, Wed 26 Apr 2023 05:59:10 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-pecl-memcached (DSA/SHA1, Thu 22 Dec 2022 02:24:42 PM IST, Key ID 3f6f627083084d0e)
    - lsphp82-common (DSA/SHA1, Sat 22 Apr 2023 02:24:29 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-pecl-igbinary (DSA/SHA1, Thu 22 Dec 2022 01:41:41 PM IST, Key ID 3f6f627083084d0e)
    - lsphp74-common (DSA/SHA1, Wed 09 Nov 2022 01:49:38 AM IST, Key ID 3f6f627083084d0e)
    - lsphp74 (DSA/SHA1, Wed 09 Nov 2022 01:49:37 AM IST, Key ID 3f6f627083084d0e)
    - lsphp74-mbstring (DSA/SHA1, Wed 09 Nov 2022 01:49:42 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-common (DSA/SHA1, Wed 26 Apr 2023 05:58:58 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-mbstring (DSA/SHA1, Wed 26 Apr 2023 05:59:04 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-mysqlnd (DSA/SHA1, Wed 26 Apr 2023 05:59:04 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-opcache (DSA/SHA1, Wed 26 Apr 2023 05:59:05 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-pear (DSA/SHA1, Thu 22 Dec 2022 11:35:27 AM IST, Key ID 3f6f627083084d0e)
    - lsphp82 (DSA/SHA1, Sat 22 Apr 2023 02:24:28 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-pecl-imagick (DSA/SHA1, Thu 22 Dec 2022 12:04:06 PM IST, Key ID 3f6f627083084d0e)
    - lsphp74-json (DSA/SHA1, Wed 09 Nov 2022 01:49:41 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-process (DSA/SHA1, Wed 26 Apr 2023 05:59:07 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-devel (DSA/SHA1, Wed 26 Apr 2023 05:59:00 AM IST, Key ID 3f6f627083084d0e)
    - lsphp74-mysqlnd (DSA/SHA1, Wed 09 Nov 2022 01:49:42 AM IST, Key ID 3f6f627083084d0e)
    - lsphp74-xml (DSA/SHA1, Wed 09 Nov 2022 01:49:45 AM IST, Key ID 3f6f627083084d0e)
    - lsphp81-pdo (DSA/SHA1, Wed 26 Apr 2023 05:59:06 AM IST, Key ID 3f6f627083084d0e)
Remediation: [hint] It is recommended that you contact your package vendor and ask them for new new builds signed with supported signatures and install the new packages before the upgrade. If this is not possible you may instead remove the incompatible packages.
Key: f16f40f49c2329a2691c0801b94d31b6b3d4f876
----------------------------------------
Risk Factor: high
Title: Packages not signed by Red Hat found on the system
Summary: The following packages have not been signed by Red Hat and may be removed during the upgrade process in case Red Hat-signed packages to be removed during the upgrade depend on them:
- ImageMagick
- ImageMagick-devel
- ImageMagick-libs
- bt-php81
- epel-release
- fail2ban
- fail2ban-firewalld
- fail2ban-selinux
- fail2ban-sendmail
- fail2ban-server
- fastlz
- gpg-pubkey
- htop
- leapp-data-almalinux
- leapp-upgrade-el8toel9
- leapp-upgrade-el8toel9-deps
- libargon2
- libc-client
- libmcrypt
- libraqm
- libsodium
- libsodium-devel
- litespeed-repo
- lsphp74
- lsphp74-common
- lsphp74-gd
- lsphp74-imap
- lsphp74-json
- lsphp74-mbstring
- lsphp74-mysqlnd
- lsphp74-pdo
- lsphp74-pecl-mcrypt
- lsphp74-process
- lsphp74-xml
- lsphp81
- lsphp81-common
- lsphp81-devel
- lsphp81-gd
- lsphp81-imap
- lsphp81-intl
- lsphp81-mbstring
- lsphp81-mysqlnd
- lsphp81-opcache
- lsphp81-pdo
- lsphp81-pear
- lsphp81-pecl-igbinary
- lsphp81-pecl-imagick
- lsphp81-pecl-memcached
- lsphp81-pecl-msgpack
- lsphp81-process
- lsphp81-xml
- lsphp81-zip
- lsphp82
- lsphp82-common
Key: 13f0791ae5f19f50e7d0d606fb6501f91b1efb2c
----------------------------------------
Risk Factor: high
Title: An installed web server might not be upgraded properly.
Summary: A web server is present on the system. Depending on the source of installation,  it may not upgrade to the new version correctly, since not all installation configurations are currently supported by Leapp. Failing to upgrade the webserver may result in it malfunctioning after the upgrade process finishes. Please review the list of packages that won't be upgraded in the report. If the web server packages are present in the list of packages that won't be upgraded, expect the server to be non-functional on the post-upgrade system. You may still continue with the upgrade, but you'll need to upgrade the web server manually after the process finishes. Detected webserver: LiteSpeed.
Key: d4ef1dc14e8a605d42c18940be65b9645b54f992
----------------------------------------
Risk Factor: high
Title: Leapp could not identify where GRUB core is located
Summary: We assume GRUB core is located on the same device as /boot. Leapp needs to update GRUB core as it is not done automatically on legacy (BIOS) systems. 
Remediation: [hint] Please run "grub2-install <GRUB_DEVICE> command manually after upgrade
Key: ca7a1a66906a7df3da890aa538562708d3ea6ecd
----------------------------------------
Risk Factor: high
Title: Usage of deprecated class "Tags" at /etc/leapp/repos.d/system_upgrade/common/actors/redhatsignedrpmcheck/libraries/redhatsignedrpmcheck.py:24
Summary: The primitive is deprecated as Tags and Flags have been joined into the Groups primitive.Please use Groups for report message typing instead.
Since: 2022-08-23
Location: /etc/leapp/repos.d/system_upgrade/common/actors/redhatsignedrpmcheck/libraries/redhatsignedrpmcheck.py:24
Near:         reporting.Tags(COMMON_REPORT_TAGS)

Key: b3b8d552a4464a2f0b0340e8798669b3e2af704f
----------------------------------------
Risk Factor: high
Title: Usage of deprecated class "Tags" at /etc/leapp/repos.d/system_upgrade/common/actors/detectwebservers/actor.py:50
Summary: The primitive is deprecated as Tags and Flags have been joined into the Groups primitive.Please use Groups for report message typing instead.
Since: 2022-08-23
Location: /etc/leapp/repos.d/system_upgrade/common/actors/detectwebservers/actor.py:50
Near:                         reporting.Tags.SERVICES

Key: b27033737477fc7e99878516fc9a3d9d1f72e68b
----------------------------------------
Risk Factor: high
Title: Usage of deprecated class "Tags" at /etc/leapp/repos.d/system_upgrade/common/actors/checkgrubcore/actor.py:52
Summary: The primitive is deprecated as Tags and Flags have been joined into the Groups primitive.Please use Groups for report message typing instead.
Since: 2022-08-23
Location: /etc/leapp/repos.d/system_upgrade/common/actors/checkgrubcore/actor.py:52
Near:                     reporting.Tags([reporting.Tags.BOOT]),

Key: 6d83d476441749a96937d77c68fa4f6137d15e0f
----------------------------------------
Risk Factor: high
Title: Usage of deprecated class "Tags" at /etc/leapp/repos.d/system_upgrade/el8toel9/actors/checkdeprecatedrpmsignature/libraries/checkdeprecatedrpmsignature.py:76
Summary: The primitive is deprecated as Tags and Flags have been joined into the Groups primitive.Please use Groups for report message typing instead.
Since: 2022-08-23
Location: /etc/leapp/repos.d/system_upgrade/el8toel9/actors/checkdeprecatedrpmsignature/libraries/checkdeprecatedrpmsignature.py:76
Near:             reporting.Tags([reporting.Tags.SECURITY, reporting.Tags.SANITY]),

Key: 241b68a057f0ac9d536c6e61569155a88538a435
----------------------------------------
Risk Factor: high
Title: Usage of deprecated class "Flags" at /etc/leapp/repos.d/system_upgrade/el8toel9/actors/checkdeprecatedrpmsignature/libraries/checkdeprecatedrpmsignature.py:88
Summary: The primitive is deprecated as Tags and Flags have been joined into the Groups primitive.Please use Groups for report message typing instead.
Since: 2022-08-23
Location: /etc/leapp/repos.d/system_upgrade/el8toel9/actors/checkdeprecatedrpmsignature/libraries/checkdeprecatedrpmsignature.py:88
Near:             report.append(reporting.Flags([reporting.Flags.INHIBITOR]))

Key: d737eb155c155e0e9cff18987996d7026f51486b
----------------------------------------
Risk Factor: high
Title: Usage of deprecated class "Tags" at /etc/leapp/repos.d/system_upgrade/common/actors/checkselinux/libraries/checkselinux.py:29
Summary: The primitive is deprecated as Tags and Flags have been joined into the Groups primitive.Please use Groups for report message typing instead.
Since: 2022-08-23
Location: /etc/leapp/repos.d/system_upgrade/common/actors/checkselinux/libraries/checkselinux.py:29
Near:                 reporting.Tags([reporting.Tags.SELINUX]),

Key: 29599e259616a9931a9f2a26e34bc5e38af9aa5d
----------------------------------------
Risk Factor: high
Title: Usage of deprecated class "Tags" at /etc/leapp/repos.d/system_upgrade/common/actors/checkselinux/libraries/checkselinux.py:47
Summary: The primitive is deprecated as Tags and Flags have been joined into the Groups primitive.Please use Groups for report message typing instead.
Since: 2022-08-23
Location: /etc/leapp/repos.d/system_upgrade/common/actors/checkselinux/libraries/checkselinux.py:47
Near:             reporting.Tags([reporting.Tags.SELINUX, reporting.Tags.SECURITY])

Key: 1763f7e8bdfd709914d3cf2c0116987d321a92ce
----------------------------------------
Risk Factor: info
Title: LEAPP detected SELinux disabled in "/etc/selinux/config"
Summary: On RHEL 9, disabling SELinux in "/etc/selinux/config" is no longer possible. This way, the system starts with SELinux enabled but with no policy loaded. LEAPP will automatically disable SELinux using "SELINUX=0" kernel command line parameter. However, Red Hat strongly recommends to have SELinux enabled
Key: a32598d132c02dc20fd3daf631e85770623d3f8e
----------------------------------------
Risk Factor: info
Title: SElinux disabled
Summary: SElinux disabled, continuing...
Key: 4f25fea9b15b9d1d07d52cc1de02073f295dac3d
----------------------------------------

[andrewlukoshko]

Your system has a lot of 3rd party packages which is not supported.
Most of them are from LightSpeed repo as I see. Try to add LightSpeed repo for EL9 to:

/etc/leapp/files/leapp_upgrade_repositories.repo

This could help.

[infoensv]

hello ,
I have the same problem is there any solution

[xiekunwhy]

Hi,

Here is my problem
leapp preupgrade
==> Processing phase configuration_phase
====> * ipu_workflow_config
IPU workflow config actor
==> Processing phase FactsCollection
====> * system_facts
Provides data about many facts from system.
Process Process-217:
Traceback (most recent call last):
File "/usr/lib64/python2.7/multiprocessing/process.py", line 267, in _bootstrap
self.run()
File "/usr/lib64/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python2.7/site-packages/leapp/repository/actor_definition.py", line 72, in _do_run
actor_instance.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/leapp/actors/init.py", line 290, in run
self.process(args)
File "/usr/share/leapp-repository/repositories/system_upgrade/common/actors/systemfacts/actor.py", line 57, in process
self.produce(systemfacts.get_repositories_status())
File "/usr/share/leapp-repository/repositories/system_upgrade/common/actors/systemfacts/libraries/systemfacts.py", line 194, in get_repositories_status
return RepositoriesFacts(repositories=repofileutils.get_parsed_repofiles())
File "/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/repofileutils.py", line 101, in get_parsed_repofiles
cmd = ['find', '-L'] + get_repodirs() + ['-maxdepth', '1', '-type', 'f', '-name', '.repo']
File "/usr/share/leapp-repository/repositories/system_upgrade/common/libraries/repofileutils.py", line 81, in get_repodirs
with dnf.base.Base() as base:
NameError: global name 'dnf' is not defined

=============================================================================================
Actor system_facts unexpectedly terminated with exit code: 1 - Please check the above details

Debug output written to /var/log/leapp/leapp-preupgrade.log

============================================================
REPORT

A report has been generated at /var/log/leapp/leapp-report.json
A report has been generated at /var/log/leapp/leapp-report.txt

============================================================
END OF REPORT

Answerfile has been generated at /var/log/leapp/answerfile

any suggestions?

[GMujtabaa]

This needs to follow steps post upgrade RHEL 7 to 8 then you will need to check command leapp preupgrade.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/upgrading_from_rhel_7_to_rhel_8/index#performing-post-upgrade-tasks-rhel-7-to-rhel-8_upgrading-from-rhel-7-to-rhel-8

[jaquice]

Hi all. I have been trying to solve this for 4 days now with no luck. Has anyone had this error before during a leapp upgrade from 8 to 9.

Answerfile has been generated at /var/log/leapp/answerfile
[root@otv-linuxapp01 leapp]# cat /var/log/leapp/leapp-report.txt
Risk Factor: high (error)
Title: Actor read_openssh_config unexpectedly terminated with exit code: 1
Summary: Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/leapp/repository/actor_definition.py", line 74, in _do_run
actor_instance.run(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/leapp/actors/init.py", line 289, in run
self.process(*args)
File "/etc/leapp/repos.d/system_upgrade/common/actors/opensshconfigscanner/actor.py", line 28, in process
readopensshconfig.scan_sshd(self.produce)
File "/etc/leapp/repos.d/system_upgrade/common/actors/opensshconfigscanner/libraries/readopensshconfig.py", line 102, in scan_sshd
config = parse_config(output)
File "/etc/leapp/repos.d/system_upgrade/common/actors/opensshconfigscanner/libraries/readopensshconfig.py", line 42, in parse_config
v = OpenSshPermitRootLogin(value=value, in_match=in_match)
File "/usr/lib/python3.6/site-packages/leapp/models/init.py", line 90, in init
getattr(defined_fields[field], init_method)(kwargs, field, self)
File "/usr/lib/python3.6/site-packages/leapp/models/fields/init.py", line 111, in from_initialization
self._validate_model_value(value=source_value, name=name)
File "/usr/lib/python3.6/site-packages/leapp/models/fields/init.py", line 332, in _validate_model_value
self._validate_choices(value, name)
File "/usr/lib/python3.6/site-packages/leapp/models/fields/init.py", line 342, in _validate_choices
'The value of "{name}" field must be one of "{values}"'.format(name=name, values=values))
leapp.models.fields.ModelViolationError: The value of "value" field must be one of "yes, prohibit-password, forced-commands-only, no"

Key: cbbb94dfc66307035ea5d5bad66eb1428eb6bba3

[yuravk]

Please open your /etc/ssh/sshd_config and check the PermitRootLogin option in it.
Also, the sshd -T might be useful to check the validity of the configuration file.