Bug report for Ansible Workshops - Satellite (Exercise 4: RHEL In-Place-Upgrade)

[adelahozredhat]

Problem Summary

This workshops many problems in my execution.

First in RHEL Console Web only show one machine.

When Execute Step to Upgrade Machines playbook execute with fails tasks:

Tasks fail to all hosts is:

TASK [infra.leapp.upgrade : Verify no inhibitor results found during preupgrade] ***

With the same error msg:

TASK [infra.leapp.upgrade : Verify no inhibitor results found during preupgrade] ***
fatal: []: FAILED! => {
"assertion": "not upgrade_inhibited",
"changed": false,
"evaluated_to": false,
"msg": "Inhibitors found, please investigate and rerun analysis."
}

Extra vars file

{
"org_id": "Default_Organization",
"lvm_snapshots_action": "create",
"dynamic_inventory_group": "RHEL7_Dev"
}

Ansible Playbook Output

Identity added: /runner/artifacts/76/ssh_key_data (root@c974bab01a93)

PLAY [Leapp upgrade] ***********************************************************
Thursday 11 September 2025 11:58:15 +0000 (0:00:00.033) 0:00:00.033 ****
Thursday 11 September 2025 11:58:15 +0000 (0:00:00.010) 0:00:00.043 ****
Thursday 11 September 2025 11:58:15 +0000 (0:00:00.010) 0:00:00.054 ****

TASK [Gathering Facts] *********************************************************
ok: [node2.example.com]
Thursday 11 September 2025 11:58:16 +0000 (0:00:01.683) 0:00:01.737 ****
ok: [node1.example.com]
ok: [node3.example.com]

TASK [Include randomized delay before beginning upgrade] ***********************
skipping: [node2.example.com]
Thursday 11 September 2025 11:58:17 +0000 (0:00:00.051) 0:00:01.789 ****
Thursday 11 September 2025 11:58:17 +0000 (0:00:00.072) 0:00:01.862 ****
Thursday 11 September 2025 11:58:17 +0000 (0:00:00.017) 0:00:01.880 ****
skipping: [node1.example.com]
Thursday 11 September 2025 11:58:17 +0000 (0:00:00.019) 0:00:01.899 ****
skipping: [node3.example.com]
Thursday 11 September 2025 11:58:17 +0000 (0:00:00.021) 0:00:01.921 ****

TASK [infra.leapp.common : Log directory exists] *******************************
ok: [node2.example.com]
Thursday 11 September 2025 11:58:17 +0000 (0:00:00.386) 0:00:02.308 ****
ok: [node1.example.com]
ok: [node3.example.com]
Thursday 11 September 2025 11:58:17 +0000 (0:00:00.020) 0:00:02.329 ****
Thursday 11 September 2025 11:58:17 +0000 (0:00:00.018) 0:00:02.347 ****

TASK [infra.leapp.common : Check for existing log file] ************************
ok: [node2.example.com]
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.453) 0:00:02.800 ****
ok: [node1.example.com]
ok: [node3.example.com]
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.021) 0:00:02.821 ****
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.018) 0:00:02.840 ****

TASK [infra.leapp.common : Fail if log file already exists] ********************
skipping: [node2.example.com]
skipping: [node1.example.com]
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.048) 0:00:02.888 ****
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.018) 0:00:02.907 ****
skipping: [node3.example.com]
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.021) 0:00:02.929 ****

TASK [infra.leapp.common : Create new log file] ********************************
changed: [node1.example.com]
changed: [node2.example.com]
changed: [node3.example.com]
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.762) 0:00:03.691 ****

TASK [infra.leapp.upgrade : Include tasks for upgrade using redhat-upgrade-tool] ***
skipping: [node1.example.com]
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.042) 0:00:03.734 ****
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.019) 0:00:03.754 ****
Thursday 11 September 2025 11:58:18 +0000 (0:00:00.017) 0:00:03.772 ****

TASK [infra.leapp.upgrade : Include tasks for leapp upgrade] *******************

TASK [infra.leapp.upgrade : Include tasks for upgrade using redhat-upgrade-tool] ***
skipping: [node2.example.com]
[WARNING]: Collection community.general does not support Ansible version
2.15.11
included: /runner/requirements_collections/ansible_collections/infra/leapp/roles/upgrade/tasks/leapp-upgrade.yml for node1.example.com
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.058) 0:00:03.830 ****
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.017) 0:00:03.848 ****
skipping: [node3.example.com]

TASK [Include the parse_leapp_report role to check for inhibitors] *************
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.049) 0:00:03.897 ****
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.020) 0:00:03.917 ****

TASK [infra.leapp.upgrade : Include tasks for leapp upgrade] *******************

TASK [infra.leapp.parse_leapp_report : Default upgrade_inhibited to false] *****
ok: [node1.example.com]
included: /runner/requirements_collections/ansible_collections/infra/leapp/roles/upgrade/tasks/leapp-upgrade.yml for node2.example.com
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.049) 0:00:03.967 ****
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.020) 0:00:03.987 ****

TASK [infra.leapp.upgrade : Include tasks for leapp upgrade] *******************
included: /runner/requirements_collections/ansible_collections/infra/leapp/roles/upgrade/tasks/leapp-upgrade.yml for node3.example.com
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.049) 0:00:04.036 ****

TASK [Include the parse_leapp_report role to check for inhibitors] *************
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.048) 0:00:04.085 ****

TASK [Include the parse_leapp_report role to check for inhibitors] *************
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.049) 0:00:04.134 ****

TASK [infra.leapp.parse_leapp_report : Default upgrade_inhibited to false] *****
ok: [node2.example.com]
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.022) 0:00:04.157 ****

TASK [infra.leapp.parse_leapp_report : Default upgrade_inhibited to false] *****
ok: [node3.example.com]
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.022) 0:00:04.179 ****

TASK [infra.leapp.parse_leapp_report : Collect human readable report results] ***
ok: [node1.example.com]
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.298) 0:00:04.477 ****

TASK [infra.leapp.parse_leapp_report : Collect human readable report results] ***
ok: [node2.example.com]
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.038) 0:00:04.516 ****

TASK [infra.leapp.parse_leapp_report : Collect human readable report results] ***
ok: [node3.example.com]
Thursday 11 September 2025 11:58:19 +0000 (0:00:00.060) 0:00:04.577 ****

TASK [infra.leapp.parse_leapp_report : Collect JSON report results] ************
ok: [node1.example.com]
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.264) 0:00:04.842 ****

TASK [infra.leapp.parse_leapp_report : Parse report results] *******************
ok: [node1.example.com]
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.044) 0:00:04.886 ****

TASK [infra.leapp.parse_leapp_report : Collect JSON report results] ************
ok: [node2.example.com]
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.022) 0:00:04.909 ****

TASK [infra.leapp.parse_leapp_report : Collect JSON report results] ************
ok: [node3.example.com]

TASK [infra.leapp.parse_leapp_report : Check for inhibitors] *******************
skipping: [node1.example.com] => (item={'title': 'Excluded target system repositories', 'timeStamp': '2025-09-11T11:37:13.051504Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'If some of excluded repositories are still required to be used during the upgrade, execute leapp with the --enablerepo option with the repoid of the repository required to be enabled as an argument (the option can be used multiple times).'}]}, 'actor': 'repositories_blacklist', 'summary': 'The following repositories are not supported by Red Hat and are excluded from the list of repositories used during the upgrade.\n- codeready-builder-beta-for-rhel-8-s390x-rpms\n- codeready-builder-beta-for-rhel-8-ppc64le-rpms\n- rhui-codeready-builder-for-rhel-8-x86_64-rhui-rpms\n- codeready-builder-for-rhel-8-aarch64-eus-rpms\n- codeready-builder-for-rhel-8-ppc64le-eus-rpms\n- codeready-builder-beta-for-rhel-8-x86_64-rpms\n- codeready-builder-for-rhel-8-aarch64-rpms\n- codeready-builder-for-rhel-8-s390x-rpms\n- codeready-builder-for-rhel-8-s390x-eus-rpms\n- codeready-builder-for-rhel-8-x86_64-eus-rpms\n- rhui-codeready-builder-for-rhel-8-aarch64-rhui-rpms\n- codeready-builder-beta-for-rhel-8-aarch64-rpms\n- codeready-builder-for-rhel-8-rhui-rpms\n- codeready-builder-for-rhel-8-x86_64-rhui-rpms\n- codeready-builder-for-rhel-8-x86_64-rpms\n- codeready-builder-for-rhel-8-x86_64-eus-rhui-rpms\n- codeready-builder-for-rhel-8-ppc64le-rpms', 'audience': 'sysadmin', 'flags': ['failure'], 'key': '1b9132cb2362ae7830e48eee7811be9527747de8', 'id': '10deabbb669382e0fd6dead748a7cb152f0acd38278c75bd3e1c706a0cb47bb7', 'tags': ['repository'], 'severity': 'info'})
skipping: [node1.example.com] => (item={'title': 'Packages available in excluded repositories will not be installed', 'timeStamp': '2025-09-11T11:37:16.230172Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'python3-pyxattr'}, {'scheme': 'package', 'title': 'rpcgen'}]}, 'actor': 'pes_events_scanner', 'summary': '2 packages will be skipped because they are available only in target system repositories that are intentionally excluded from the list of repositories used during the upgrade. See the report message titled "Excluded target system repositories" for details.\nThe list of these packages:\n- python3-pyxattr (repoid: codeready-builder-for-rhel-8-x86_64-rpms)\n- rpcgen (repoid: codeready-builder-for-rhel-8-x86_64-rpms)', 'audience': 'sysadmin', 'flags': [], 'key': '2437e204808f987477c0e9be8e4c95b3a87a9f3e', 'id': 'd6f794fd3aaa8f34a3237e659daf295adc70ae232004a66c50a4d67bdb66851b', 'tags': ['repository'], 'severity': 'high'})
skipping: [node1.example.com] => (item={'title': 'Difference in Python versions and support in RHEL 8', 'timeStamp': '2025-09-11T11:37:16.634719Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'python'}, {'scheme': 'package', 'title': 'python2'}, {'scheme': 'package', 'title': 'python3'}], 'external': [{'url': 'https://red.ht/rhel-8-python', 'title': 'Difference in Python versions and support in RHEL 8'}], 'remediations': [{'type': 'hint', 'context': 'Please run "alternatives --set python /usr/bin/python3" after upgrade'}]}, 'actor': 'python_inform_user', 'summary': "In RHEL 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages. If you no longer require Python 2 packages following the upgrade, please remove them. Read more here: https://red.ht/rhel-8-python", 'audience': 'developer', 'flags': [], 'key': '0c98585b1d8d252eb540bf61560094f3495351f5', 'id': '0923a53d591c1a818fc572d9a7771f6ee4dfc1e2aa42ef1ff198cb7988eeeb47', 'tags': ['python'], 'severity': 'high'})
ok: [node1.example.com] => (item={'title': 'Possible problems with remote login using root account', 'timeStamp': '2025-09-11T11:37:16.959981Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'openssh-server'}, {'scheme': 'file', 'title': '/etc/ssh/sshd_config'}], 'remediations': [{'type': 'hint', 'context': 'If you depend on remote root logins using passwords, consider setting up a different user for remote administration or adding "PermitRootLogin yes" to sshd_config. If this change is ok for you, add explicit "PermitRootLogin prohibit-password" to your sshd_config to ignore this inhibitor'}]}, 'actor': 'openssh_permit_root_login', 'summary': 'OpenSSH configuration file does not explicitly state the option PermitRootLogin in sshd_config file, which will default in RHEL8 to "prohibit-password".', 'audience': 'sysadmin', 'flags': ['inhibitor'], 'key': '3d21e8cc9e1c09dc60429de7716165787e99515f', 'id': '060b8e1e4772a0e9dc53f9fafb099d414c156f9c96079dfaace7b9aed79885ab', 'tags': ['authentication', 'security', 'network', 'services'], 'severity': 'high'})
skipping: [node1.example.com] => (item={'title': 'SElinux relabeling will be scheduled', 'timeStamp': '2025-09-11T11:37:17.093082Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'actor': 'check_se_linux', 'summary': 'SElinux relabeling will be scheduled as the status is permissive/enforcing.', 'audience': 'sysadmin', 'flags': [], 'key': '8fb81863f8413bd617c2a55b69b8e10ff03d7c72', 'id': 'b14de41c7d005e8cc7e9b2217561bf5af270649ffd0d88792d41167996ec9a68', 'tags': ['selinux', 'security'], 'severity': 'info'})
skipping: [node1.example.com] => (item={'title': 'SElinux will be set to permissive mode', 'timeStamp': '2025-09-11T11:37:17.098706Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'Make sure there are no SElinux related warnings after the upgrade and enable SElinux manually afterwards. Notice: You can ignore the "/root/tmp_leapp_py3" SElinux warnings.'}]}, 'actor': 'check_se_linux', 'summary': 'SElinux will be set to permissive mode. Current mode: enforcing. This action is required by the upgrade process to make sure the upgraded system can boot without beinig blocked by SElinux rules.', 'audience': 'sysadmin', 'flags': [], 'key': '39d7183dafba798aa4bbb1e70b0ef2bbe5b1772f', 'id': '8ebbbf6f924047bfa16c144aa9fa9362415aff21b705abdfca67ff5098b02a34', 'tags': ['selinux', 'security'], 'severity': 'low'})
skipping: [node1.example.com] => (item={'title': 'Postfix has incompatible changes in the next major version', 'timeStamp': '2025-09-11T11:37:17.401114Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'postfix'}]}, 'actor': 'check_postfix', 'summary': 'Postfix 3.x has so called "compatibility safety net" that runs Postfix programs with backwards-compatible default settings. It will log a warning whenever backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net.\nThe backward compatibility safety net is by default turned off in Red Hat Enterprise Linux 8.\nIt can be turned on by running: "postconf -e compatibility_level=0\nIt can be turned off by running: "postconf -e compatibility_level=2\n\nIn the Postfix MySQL database client, the default "option_group" value has changed to "client", i.e. it now reads options from the [client] group from the MySQL configuration file. To disable it, set "option_group" to the empty string.\n\nThe postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment.\n\nPostfix 3.2 enables elliptic curve negotiation. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter "tls_eecdh_auto_curves" with the names of curves that may be negotiated.\n\nThe "master.cf" chroot default value has changed from "y" (yes) to "n" (no). This applies to master.cf services where chroot field is not explicitly specified.\n\nThe "append_dot_mydomain" default value has changed from "yes" to "no". You may need changing it to "yes" if senders cannot use complete domain names in e-mail addresses.\n\nThe "relay_domains" default value has changed from "$mydestination" to the empty value. This could result in unexpected "Relay access denied" errors or ETRN errors, because now will postfix by default relay only for the localhost.\n\nThe "mynetworks_style" default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could result in unexpected "access denied" errors, because postfix will now by default trust only the local machine, not the remote SMTP clients on the same IP subnetwork.\n\nPostfix now supports dynamically loaded database plugins. Plugins are shipped in individual RPM sub-packages. Correct database plugins have to be installed, otherwise the specific database client will not work. For example for PostgreSQL map to work, the postfix-pgsql RPM package has to be installed.\n', 'audience': 'sysadmin', 'flags': [], 'key': '5721e0a07a67d82cf7e5ea6f17662cd4f82e0a33', 'id': '53b6a7727727d9f3963043897b52699d5dd7bf4b653cfac9a924570373f63ad0', 'tags': ['services', 'email'], 'severity': 'low'})
skipping: [node1.example.com] => (item={'title': 'Grep has incompatible changes in the next major version', 'timeStamp': '2025-09-11T11:37:17.585519Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'grep'}], 'remediations': [{'type': 'hint', 'context': 'Please update your scripts to be compatible with the changes.'}]}, 'actor': 'checkgrep', 'summary': 'If a file contains data improperly encoded for the current locale, and this is discovered before any of the file\'s contents are output, grep now treats the file as binary.\nThe \'grep -P\' no longer reports an error and exits when given invalid UTF-8 data. Instead, it considers the data to be non-matching.\nIn locales with multibyte character encodings other than UTF-8, grep -P now reports an error and exits instead of misbehaving.\nWhen searching binary data, grep now may treat non-text bytes as line terminators. This can boost performance significantly.\nThe \'grep -z\' no longer automatically treats the byte \'\\200\' as binary data.\nContext no longer excludes selected lines omitted because of -m. For example, \'grep "^" -m1 -A1\' now outputs the first two input lines, not just the first line.\n', 'audience': 'sysadmin', 'flags': [], 'key': '94665a499e2eeee35eca3e7093a7abe183384b16', 'id': 'd0c19573f95731e9c3c621d9592a5f52a4200c6e4ed621944a0b1d637482ad88', 'tags': ['tools'], 'severity': 'low'})
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.097) 0:00:05.007 ****
skipping: [node1.example.com] => (item={'title': 'Automatic registration into Red Hat Insights', 'timeStamp': '2025-09-11T11:37:18.310465Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'actor': 'check_insights_auto_register', 'summary': "After the upgrade, this system will be automatically registered into Red Hat Insights. The 'insights-client' package required for the registration will be installed during the upgrade. To skip the automatic registration, use the '--no-insights-register' command line option or set the LEAPP_NO_INSIGHTS_REGISTER environment variable.", 'audience': 'sysadmin', 'flags': [], 'key': '693963253195f418526f045b6d630a1f4c7a193d', 'id': '69528ad2a25672ffb8ee1f9e25ef4ec382814065f5ba82e1d8cffeb35379c98f', 'tags': ['services'], 'severity': 'info'})
skipping: [node1.example.com] => (item={'title': 'GRUB2 core will be automatically updated during the upgrade', 'timeStamp': '2025-09-11T11:37:19.710022Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'actor': 'check_grub_core', 'summary': 'On legacy (BIOS) systems, GRUB2 core (located in the gap between the MBR and the first partition) cannot be updated during the rpm transaction and Leapp has to initiate the update running "grub2-install" after the transaction. No action is needed before the upgrade. After the upgrade, it is recommended to check the GRUB configuration.', 'audience': 'sysadmin', 'flags': [], 'key': 'ac7030e05d2ee248d34f08a9fa040b352bc410a3', 'id': '976734d2335af787597604812ac326240800743ef2320eba466e0465592793f8', 'tags': ['boot'], 'severity': 'high'})

TASK [infra.leapp.parse_leapp_report : Parse report results] *******************
ok: [node2.example.com]

TASK [infra.leapp.parse_leapp_report : Check for inhibitors] *******************
skipping: [node1.example.com] => (item={'title': 'chrony using default configuration', 'timeStamp': '2025-09-11T11:37:20.715309Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'ntpd'}, {'scheme': 'package', 'title': 'chrony'}, {'scheme': 'file', 'title': '/etc/chrony.conf'}]}, 'actor': 'check_chrony', 'summary': 'default chrony configuration in RHEL8 uses leapsectz directive, which cannot be used with leap smearing NTP servers, and uses a single pool directive instead of four server directives', 'audience': 'sysadmin', 'flags': [], 'key': 'c4222ebd18730a76f6bc7b3b66df898b106e6554', 'id': '55053074f010af9f0006bc45455b06a803976136665aa3eae9a45f232134c488', 'tags': ['services', 'time management'], 'severity': 'medium'})
skipping: [node1.example.com] => (item={'title': 'Detected modified files of the in-place upgrade tooling.', 'timeStamp': '2025-09-11T11:37:21.119262Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'To restore original files reinstall related packages.'}]}, 'actor': 'check_custom_modifications_actor', 'summary': 'We have detected that some files of the tooling processing the in-place upgrade have been modified. Note that such modifications can be allowed only after consultation with Red Hat - e.g. when support suggests the change to resolve discovered problem. If these changes have not been approved by Red Hat, the in-place upgrade is unsupported.\nFollowing files have been modified:\n - /var/log/leapp', 'audience': 'sysadmin', 'flags': [], 'key': '5532a4fe27dc0b05de1e9e77bda407ea47ad6971', 'id': 'aad7cddfb2d36ad7c13516ccc15b9581046ac2193870cd49497fdfd23e837fb5', 'tags': ['upgrade process'], 'severity': 'high'})
skipping: [node1.example.com] => (item={'title': 'Current PAM and nsswitch.conf configuration will be kept.', 'timeStamp': '2025-09-11T11:37:22.042556Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'authselect'}, {'scheme': 'package', 'title': 'authconfig'}, {'scheme': 'file', 'title': '/etc/nsswitch.conf'}]}, 'actor': 'authselect_check', 'summary': 'There is a new tool called authselect in RHEL8 that replaced authconfig. The upgrade process was unable to find an authselect profile that would be equivalent to your current configuration. Therefore your configuration will be left intact.', 'audience': 'sysadmin', 'flags': [], 'key': '40c4ab1da4a30dc1ca40e543f6385e1336d8810c', 'id': '57cf6eff55ed88566fb1b282b4883404dfbce03adabcf0eea99f504039b92397', 'tags': ['authentication', 'security', 'tools'], 'severity': 'info'})
ok: [node1.example.com] => (item={'title': 'Missing required answers in the answer file', 'timeStamp': '2025-09-11T11:37:24.047762Z', 'hostname': 'ip-192-168-0-209.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'dialog', 'title': 'remove_pam_pkcs11_module_check.confirm'}], 'external': [{'url': 'https://access.redhat.com/solutions/7035321', 'title': 'Leapp upgrade fail with error "Inhibitor: Missing required answers in the answer file."'}], 'remediations': [{'type': 'hint', 'context': 'Please register user choices with leapp answer cli command or by manually editing the answerfile.'}, {'type': 'command', 'context': ['leapp', 'answer', '--section', 'remove_pam_pkcs11_module_check.confirm=True']}]}, 'actor': 'verify_check_results', 'summary': 'One or more sections in answerfile are missing user choices: remove_pam_pkcs11_module_check.confirm\nFor more information consult https://red.ht/leapp-dialogs.', 'audience': 'sysadmin', 'flags': ['inhibitor'], 'key': 'd35f6c6b1b1fa6924ef442e3670d90fa92f0d54b', 'id': '44cce5fac01b912e5779d2535a87d6df4bdc010d541e83766e70f7e192e7242d', 'tags': [], 'severity': 'high'})
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.030) 0:00:05.037 ****

TASK [infra.leapp.parse_leapp_report : Parse report results] *******************
ok: [node3.example.com]

TASK [infra.leapp.parse_leapp_report : Check for inhibitors] *******************
skipping: [node2.example.com] => (item={'title': 'Excluded target system repositories', 'timeStamp': '2025-09-11T11:37:10.915484Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'If some of excluded repositories are still required to be used during the upgrade, execute leapp with the --enablerepo option with the repoid of the repository required to be enabled as an argument (the option can be used multiple times).'}]}, 'actor': 'repositories_blacklist', 'summary': 'The following repositories are not supported by Red Hat and are excluded from the list of repositories used during the upgrade.\n- codeready-builder-beta-for-rhel-8-s390x-rpms\n- codeready-builder-beta-for-rhel-8-ppc64le-rpms\n- rhui-codeready-builder-for-rhel-8-x86_64-rhui-rpms\n- codeready-builder-for-rhel-8-aarch64-eus-rpms\n- codeready-builder-for-rhel-8-ppc64le-eus-rpms\n- codeready-builder-beta-for-rhel-8-x86_64-rpms\n- codeready-builder-for-rhel-8-aarch64-rpms\n- codeready-builder-for-rhel-8-s390x-rpms\n- codeready-builder-for-rhel-8-s390x-eus-rpms\n- codeready-builder-for-rhel-8-x86_64-eus-rpms\n- rhui-codeready-builder-for-rhel-8-aarch64-rhui-rpms\n- codeready-builder-beta-for-rhel-8-aarch64-rpms\n- codeready-builder-for-rhel-8-rhui-rpms\n- codeready-builder-for-rhel-8-x86_64-rhui-rpms\n- codeready-builder-for-rhel-8-x86_64-rpms\n- codeready-builder-for-rhel-8-x86_64-eus-rhui-rpms\n- codeready-builder-for-rhel-8-ppc64le-rpms', 'audience': 'sysadmin', 'flags': ['failure'], 'key': '1b9132cb2362ae7830e48eee7811be9527747de8', 'id': 'dc89091aee2ee0c486a101706a0186d60f6fd735ee9d053c46eaf17e68d73424', 'tags': ['repository'], 'severity': 'info'})
skipping: [node2.example.com] => (item={'title': 'Packages available in excluded repositories will not be installed', 'timeStamp': '2025-09-11T11:37:16.694045Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'gdk-pixbuf2-xlib'}, {'scheme': 'package', 'title': 'ivy-local'}, {'scheme': 'package', 'title': 'javapackages-filesystem'}, {'scheme': 'package', 'title': 'python3-javapackages'}, {'scheme': 'package', 'title': 'python3-pyxattr'}, {'scheme': 'package', 'title': 'rpcgen'}]}, 'actor': 'pes_events_scanner', 'summary': '6 packages will be skipped because they are available only in target system repositories that are intentionally excluded from the list of repositories used during the upgrade. See the report message titled "Excluded target system repositories" for details.\nThe list of these packages:\n- gdk-pixbuf2-xlib (repoid: codeready-builder-for-rhel-8-x86_64-rpms)\n- ivy-local (repoid: codeready-builder-for-rhel-8-x86_64-rpms)\n- javapackages-filesystem (repoid: codeready-builder-for-rhel-8-x86_64-rpms)\n- python3-javapackages (repoid: codeready-builder-for-rhel-8-x86_64-rpms)\n- python3-pyxattr (repoid: codeready-builder-for-rhel-8-x86_64-rpms)\n- rpcgen (repoid: codeready-builder-for-rhel-8-x86_64-rpms)', 'audience': 'sysadmin', 'flags': [], 'key': '2437e204808f987477c0e9be8e4c95b3a87a9f3e', 'id': '187fff8c61975a1c755e97b28f48fa58dd5c3efdc6f36c09ad94e980094a1e7b', 'tags': ['repository'], 'severity': 'high'})
skipping: [node2.example.com] => (item={'title': 'Current PAM and nsswitch.conf configuration will be kept.', 'timeStamp': '2025-09-11T11:37:17.189232Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'authselect'}, {'scheme': 'package', 'title': 'authconfig'}, {'scheme': 'file', 'title': '/etc/nsswitch.conf'}]}, 'actor': 'authselect_check', 'summary': 'There is a new tool called authselect in RHEL8 that replaced authconfig. The upgrade process was unable to find an authselect profile that would be equivalent to your current configuration. Therefore your configuration will be left intact.', 'audience': 'sysadmin', 'flags': [], 'key': '40c4ab1da4a30dc1ca40e543f6385e1336d8810c', 'id': '14565db6f43bcb1a1bb3ba25a14d26d86ae7fa855415a396b739990db6848180', 'tags': ['authentication', 'security', 'tools'], 'severity': 'info'})
skipping: [node2.example.com] => (item={'title': 'Grep has incompatible changes in the next major version', 'timeStamp': '2025-09-11T11:37:17.393690Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'grep'}], 'remediations': [{'type': 'hint', 'context': 'Please update your scripts to be compatible with the changes.'}]}, 'actor': 'checkgrep', 'summary': 'If a file contains data improperly encoded for the current locale, and this is discovered before any of the file\'s contents are output, grep now treats the file as binary.\nThe \'grep -P\' no longer reports an error and exits when given invalid UTF-8 data. Instead, it considers the data to be non-matching.\nIn locales with multibyte character encodings other than UTF-8, grep -P now reports an error and exits instead of misbehaving.\nWhen searching binary data, grep now may treat non-text bytes as line terminators. This can boost performance significantly.\nThe \'grep -z\' no longer automatically treats the byte \'\\200\' as binary data.\nContext no longer excludes selected lines omitted because of -m. For example, \'grep "^" -m1 -A1\' now outputs the first two input lines, not just the first line.\n', 'audience': 'sysadmin', 'flags': [], 'key': '94665a499e2eeee35eca3e7093a7abe183384b16', 'id': 'd04986f878c0c7534c68d816fee531c50947345abc643b2e2ef462e75e0fb38a', 'tags': ['tools'], 'severity': 'low'})
skipping: [node2.example.com] => (item={'title': 'chrony using default configuration', 'timeStamp': '2025-09-11T11:37:17.946941Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'ntpd'}, {'scheme': 'package', 'title': 'chrony'}, {'scheme': 'file', 'title': '/etc/chrony.conf'}]}, 'actor': 'check_chrony', 'summary': 'default chrony configuration in RHEL8 uses leapsectz directive, which cannot be used with leap smearing NTP servers, and uses a single pool directive instead of four server directives', 'audience': 'sysadmin', 'flags': [], 'key': 'c4222ebd18730a76f6bc7b3b66df898b106e6554', 'id': 'b42b760cd54de5b0051e96f4d11eb629da5d4239ba7b64f977847cc5dda8e21b', 'tags': ['services', 'time management'], 'severity': 'medium'})
ok: [node2.example.com] => (item={'title': 'Possible problems with remote login using root account', 'timeStamp': '2025-09-11T11:37:18.357633Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'openssh-server'}, {'scheme': 'file', 'title': '/etc/ssh/sshd_config'}], 'remediations': [{'type': 'hint', 'context': 'If you depend on remote root logins using passwords, consider setting up a different user for remote administration or adding "PermitRootLogin yes" to sshd_config. If this change is ok for you, add explicit "PermitRootLogin prohibit-password" to your sshd_config to ignore this inhibitor'}]}, 'actor': 'openssh_permit_root_login', 'summary': 'OpenSSH configuration file does not explicitly state the option PermitRootLogin in sshd_config file, which will default in RHEL8 to "prohibit-password".', 'audience': 'sysadmin', 'flags': ['inhibitor'], 'key': '3d21e8cc9e1c09dc60429de7716165787e99515f', 'id': '693158e89da7353089622994768bc764112efe54196ef7813b7d8688510d3a0f', 'tags': ['authentication', 'security', 'network', 'services'], 'severity': 'high'})
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.049) 0:00:05.087 ****
skipping: [node2.example.com] => (item={'title': 'SElinux relabeling will be scheduled', 'timeStamp': '2025-09-11T11:37:18.555119Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'actor': 'check_se_linux', 'summary': 'SElinux relabeling will be scheduled as the status is permissive/enforcing.', 'audience': 'sysadmin', 'flags': [], 'key': '8fb81863f8413bd617c2a55b69b8e10ff03d7c72', 'id': 'fe6ec1f9dd23dfd66fc1c37b7344d75ebcbe14b67a0cc915b2faff0a5859263b', 'tags': ['selinux', 'security'], 'severity': 'info'})
skipping: [node2.example.com] => (item={'title': 'SElinux will be set to permissive mode', 'timeStamp': '2025-09-11T11:37:18.562849Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'Make sure there are no SElinux related warnings after the upgrade and enable SElinux manually afterwards. Notice: You can ignore the "/root/tmp_leapp_py3" SElinux warnings.'}]}, 'actor': 'check_se_linux', 'summary': 'SElinux will be set to permissive mode. Current mode: enforcing. This action is required by the upgrade process to make sure the upgraded system can boot without beinig blocked by SElinux rules.', 'audience': 'sysadmin', 'flags': [], 'key': '39d7183dafba798aa4bbb1e70b0ef2bbe5b1772f', 'id': '92e65ed10d508922197649e109260cbb2795ba111ed73ca59b5660ba1c0aa346', 'tags': ['selinux', 'security'], 'severity': 'low'})
skipping: [node2.example.com] => (item={'title': 'Difference in Python versions and support in RHEL 8', 'timeStamp': '2025-09-11T11:37:20.073681Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'python'}, {'scheme': 'package', 'title': 'python2'}, {'scheme': 'package', 'title': 'python3'}], 'external': [{'url': 'https://red.ht/rhel-8-python', 'title': 'Difference in Python versions and support in RHEL 8'}], 'remediations': [{'type': 'hint', 'context': 'Please run "alternatives --set python /usr/bin/python3" after upgrade'}]}, 'actor': 'python_inform_user', 'summary': "In RHEL 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages. If you no longer require Python 2 packages following the upgrade, please remove them. Read more here: https://red.ht/rhel-8-python", 'audience': 'developer', 'flags': [], 'key': '0c98585b1d8d252eb540bf61560094f3495351f5', 'id': '14a563ae2c09df2e70f35e703e55fee3722dbbd426298b7e93914594cb9a747a', 'tags': ['python'], 'severity': 'high'})
skipping: [node2.example.com] => (item={'title': 'Automatic registration into Red Hat Insights', 'timeStamp': '2025-09-11T11:37:21.894885Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'actor': 'check_insights_auto_register', 'summary': "After the upgrade, this system will be automatically registered into Red Hat Insights. The 'insights-client' package required for the registration will be installed during the upgrade. To skip the automatic registration, use the '--no-insights-register' command line option or set the LEAPP_NO_INSIGHTS_REGISTER environment variable.", 'audience': 'sysadmin', 'flags': [], 'key': '693963253195f418526f045b6d630a1f4c7a193d', 'id': '00b7f3e7475799b30e46784265d2ff6d8912a191b8c9ad1e24dee975f9933790', 'tags': ['services'], 'severity': 'info'})
skipping: [node2.example.com] => (item={'title': 'GRUB2 core will be automatically updated during the upgrade', 'timeStamp': '2025-09-11T11:37:23.072515Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'actor': 'check_grub_core', 'summary': 'On legacy (BIOS) systems, GRUB2 core (located in the gap between the MBR and the first partition) cannot be updated during the rpm transaction and Leapp has to initiate the update running "grub2-install" after the transaction. No action is needed before the upgrade. After the upgrade, it is recommended to check the GRUB configuration.', 'audience': 'sysadmin', 'flags': [], 'key': 'ac7030e05d2ee248d34f08a9fa040b352bc410a3', 'id': '607b6326688160c5b6d0c80ba495b0fd73996682bbfcd64f70c25d0237a0b96e', 'tags': ['boot'], 'severity': 'high'})
skipping: [node2.example.com] => (item={'title': 'Postfix has incompatible changes in the next major version', 'timeStamp': '2025-09-11T11:37:23.794352Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'postfix'}]}, 'actor': 'check_postfix', 'summary': 'Postfix 3.x has so called "compatibility safety net" that runs Postfix programs with backwards-compatible default settings. It will log a warning whenever backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net.\nThe backward compatibility safety net is by default turned off in Red Hat Enterprise Linux 8.\nIt can be turned on by running: "postconf -e compatibility_level=0\nIt can be turned off by running: "postconf -e compatibility_level=2\n\nIn the Postfix MySQL database client, the default "option_group" value has changed to "client", i.e. it now reads options from the [client] group from the MySQL configuration file. To disable it, set "option_group" to the empty string.\n\nThe postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment.\n\nPostfix 3.2 enables elliptic curve negotiation. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter "tls_eecdh_auto_curves" with the names of curves that may be negotiated.\n\nThe "master.cf" chroot default value has changed from "y" (yes) to "n" (no). This applies to master.cf services where chroot field is not explicitly specified.\n\nThe "append_dot_mydomain" default value has changed from "yes" to "no". You may need changing it to "yes" if senders cannot use complete domain names in e-mail addresses.\n\nThe "relay_domains" default value has changed from "$mydestination" to the empty value. This could result in unexpected "Relay access denied" errors or ETRN errors, because now will postfix by default relay only for the localhost.\n\nThe "mynetworks_style" default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could result in unexpected "access denied" errors, because postfix will now by default trust only the local machine, not the remote SMTP clients on the same IP subnetwork.\n\nPostfix now supports dynamically loaded database plugins. Plugins are shipped in individual RPM sub-packages. Correct database plugins have to be installed, otherwise the specific database client will not work. For example for PostgreSQL map to work, the postfix-pgsql RPM package has to be installed.\n', 'audience': 'sysadmin', 'flags': [], 'key': '5721e0a07a67d82cf7e5ea6f17662cd4f82e0a33', 'id': '2dbf14ee3502f03b2ee443e8c9d66dfc50d503b5d5577c498cfca02bee3ecb79', 'tags': ['services', 'email'], 'severity': 'low'})
skipping: [node2.example.com] => (item={'title': 'Detected modified files of the in-place upgrade tooling.', 'timeStamp': '2025-09-11T11:37:24.116192Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'To restore original files reinstall related packages.'}]}, 'actor': 'check_custom_modifications_actor', 'summary': 'We have detected that some files of the tooling processing the in-place upgrade have been modified. Note that such modifications can be allowed only after consultation with Red Hat - e.g. when support suggests the change to resolve discovered problem. If these changes have not been approved by Red Hat, the in-place upgrade is unsupported.\nFollowing files have been modified:\n - /var/log/leapp', 'audience': 'sysadmin', 'flags': [], 'key': '5532a4fe27dc0b05de1e9e77bda407ea47ad6971', 'id': '4115ddcd94f2460cd39757f350fcea1e110103aed16a7f07b57692e8cf4ecc9a', 'tags': ['upgrade process'], 'severity': 'high'})
ok: [node2.example.com] => (item={'title': 'Missing required answers in the answer file', 'timeStamp': '2025-09-11T11:37:24.837133Z', 'hostname': 'ip-192-168-0-179.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'dialog', 'title': 'remove_pam_pkcs11_module_check.confirm'}], 'external': [{'url': 'https://access.redhat.com/solutions/7035321', 'title': 'Leapp upgrade fail with error "Inhibitor: Missing required answers in the answer file."'}], 'remediations': [{'type': 'hint', 'context': 'Please register user choices with leapp answer cli command or by manually editing the answerfile.'}, {'type': 'command', 'context': ['leapp', 'answer', '--section', 'remove_pam_pkcs11_module_check.confirm=True']}]}, 'actor': 'verify_check_results', 'summary': 'One or more sections in answerfile are missing user choices: remove_pam_pkcs11_module_check.confirm\nFor more information consult https://red.ht/leapp-dialogs.', 'audience': 'sysadmin', 'flags': ['inhibitor'], 'key': 'd35f6c6b1b1fa6924ef442e3670d90fa92f0d54b', 'id': '4674ae7be8f157284bc4cfcdb7c7d6cd971dc255cdd19f14f82853c6153865d3', 'tags': [], 'severity': 'high'})
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.031) 0:00:05.119 ****

TASK [infra.leapp.parse_leapp_report : Check for inhibitors] *******************
skipping: [node3.example.com] => (item={'title': 'Excluded target system repositories', 'timeStamp': '2025-09-11T11:37:38.054049Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'If some of excluded repositories are still required to be used during the upgrade, execute leapp with the --enablerepo option with the repoid of the repository required to be enabled as an argument (the option can be used multiple times).'}]}, 'actor': 'repositories_blacklist', 'summary': 'The following repositories are not supported by Red Hat and are excluded from the list of repositories used during the upgrade.\n- codeready-builder-beta-for-rhel-8-s390x-rpms\n- codeready-builder-beta-for-rhel-8-ppc64le-rpms\n- rhui-codeready-builder-for-rhel-8-x86_64-rhui-rpms\n- codeready-builder-for-rhel-8-aarch64-eus-rpms\n- codeready-builder-for-rhel-8-ppc64le-eus-rpms\n- codeready-builder-beta-for-rhel-8-x86_64-rpms\n- codeready-builder-for-rhel-8-aarch64-rpms\n- codeready-builder-for-rhel-8-s390x-rpms\n- codeready-builder-for-rhel-8-s390x-eus-rpms\n- codeready-builder-for-rhel-8-x86_64-eus-rpms\n- rhui-codeready-builder-for-rhel-8-aarch64-rhui-rpms\n- codeready-builder-beta-for-rhel-8-aarch64-rpms\n- codeready-builder-for-rhel-8-rhui-rpms\n- codeready-builder-for-rhel-8-x86_64-rhui-rpms\n- codeready-builder-for-rhel-8-x86_64-rpms\n- codeready-builder-for-rhel-8-x86_64-eus-rhui-rpms\n- codeready-builder-for-rhel-8-ppc64le-rpms', 'audience': 'sysadmin', 'flags': ['failure'], 'key': '1b9132cb2362ae7830e48eee7811be9527747de8', 'id': '13b1c472df981a39452ce533a20d3cc99c7aaec02f818b8cbfea69aa77ffce20', 'tags': ['repository'], 'severity': 'info'})
skipping: [node3.example.com] => (item={'title': 'Packages available in excluded repositories will not be installed', 'timeStamp': '2025-09-11T11:37:41.432153Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'python3-pyxattr'}, {'scheme': 'package', 'title': 'rpcgen'}]}, 'actor': 'pes_events_scanner', 'summary': '2 packages will be skipped because they are available only in target system repositories that are intentionally excluded from the list of repositories used during the upgrade. See the report message titled "Excluded target system repositories" for details.\nThe list of these packages:\n- python3-pyxattr (repoid: codeready-builder-for-rhel-8-x86_64-rpms)\n- rpcgen (repoid: codeready-builder-for-rhel-8-x86_64-rpms)', 'audience': 'sysadmin', 'flags': [], 'key': '2437e204808f987477c0e9be8e4c95b3a87a9f3e', 'id': '79290d2714a3c10ae331091e86f0f03347fb88e75c6bfbe79ab9c3f387fa44c9', 'tags': ['repository'], 'severity': 'high'})

TASK [infra.leapp.parse_leapp_report : Check for inhibitors] *******************

TASK [infra.leapp.parse_leapp_report : Check for inhibitors] *******************
skipping: [node3.example.com] => (item={'title': 'Detected modified files of the in-place upgrade tooling.', 'timeStamp': '2025-09-11T11:37:41.870853Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'To restore original files reinstall related packages.'}]}, 'actor': 'check_custom_modifications_actor', 'summary': 'We have detected that some files of the tooling processing the in-place upgrade have been modified. Note that such modifications can be allowed only after consultation with Red Hat - e.g. when support suggests the change to resolve discovered problem. If these changes have not been approved by Red Hat, the in-place upgrade is unsupported.\nFollowing files have been modified:\n - /var/log/leapp', 'audience': 'sysadmin', 'flags': [], 'key': '5532a4fe27dc0b05de1e9e77bda407ea47ad6971', 'id': '6916c44d906dec8c2564cad4685904c5356666c04ba9a26338bcb6d011c7526c', 'tags': ['upgrade process'], 'severity': 'high'})
ok: [node3.example.com] => (item={'title': 'Possible problems with remote login using root account', 'timeStamp': '2025-09-11T11:37:42.395071Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'openssh-server'}, {'scheme': 'file', 'title': '/etc/ssh/sshd_config'}], 'remediations': [{'type': 'hint', 'context': 'If you depend on remote root logins using passwords, consider setting up a different user for remote administration or adding "PermitRootLogin yes" to sshd_config. If this change is ok for you, add explicit "PermitRootLogin prohibit-password" to your sshd_config to ignore this inhibitor'}]}, 'actor': 'openssh_permit_root_login', 'summary': 'OpenSSH configuration file does not explicitly state the option PermitRootLogin in sshd_config file, which will default in RHEL8 to "prohibit-password".', 'audience': 'sysadmin', 'flags': ['inhibitor'], 'key': '3d21e8cc9e1c09dc60429de7716165787e99515f', 'id': 'e9d956f4c03e82158f86d0594144686ae15e3ccd7b939329b8f03bba395f1e27', 'tags': ['authentication', 'security', 'network', 'services'], 'severity': 'high'})
skipping: [node3.example.com] => (item={'title': 'SElinux relabeling will be scheduled', 'timeStamp': '2025-09-11T11:37:42.521641Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'actor': 'check_se_linux', 'summary': 'SElinux relabeling will be scheduled as the status is permissive/enforcing.', 'audience': 'sysadmin', 'flags': [], 'key': '8fb81863f8413bd617c2a55b69b8e10ff03d7c72', 'id': '9a1a33406af4624a91c8b49e707ae2f45345ff537fc48129c77139d6a6a8aa76', 'tags': ['selinux', 'security'], 'severity': 'info'})
skipping: [node3.example.com] => (item={'title': 'SElinux will be set to permissive mode', 'timeStamp': '2025-09-11T11:37:42.527200Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'remediations': [{'type': 'hint', 'context': 'Make sure there are no SElinux related warnings after the upgrade and enable SElinux manually afterwards. Notice: You can ignore the "/root/tmp_leapp_py3" SElinux warnings.'}]}, 'actor': 'check_se_linux', 'summary': 'SElinux will be set to permissive mode. Current mode: enforcing. This action is required by the upgrade process to make sure the upgraded system can boot without beinig blocked by SElinux rules.', 'audience': 'sysadmin', 'flags': [], 'key': '39d7183dafba798aa4bbb1e70b0ef2bbe5b1772f', 'id': '18459676b7d4361ce3005dd0a05e4d13a72a7f121863747efa9a7a4637e26b57', 'tags': ['selinux', 'security'], 'severity': 'low'})
skipping: [node3.example.com] => (item={'title': 'chrony using default configuration', 'timeStamp': '2025-09-11T11:37:42.865055Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'ntpd'}, {'scheme': 'package', 'title': 'chrony'}, {'scheme': 'file', 'title': '/etc/chrony.conf'}]}, 'actor': 'check_chrony', 'summary': 'default chrony configuration in RHEL8 uses leapsectz directive, which cannot be used with leap smearing NTP servers, and uses a single pool directive instead of four server directives', 'audience': 'sysadmin', 'flags': [], 'key': 'c4222ebd18730a76f6bc7b3b66df898b106e6554', 'id': '2d471118354439e9fed132d90d1166bba1f9f24949fabf9e6529b7b13a55a8f0', 'tags': ['services', 'time management'], 'severity': 'medium'})
skipping: [node3.example.com] => (item={'title': 'PostgreSQL (postgresql-server) has been detected on your system', 'timeStamp': '2025-09-11T11:37:45.199774Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'postgresql-server'}], 'external': [{'url': 'https://red.ht/rhel-8-migrate-postgresql-server', 'title': 'Migrating to a RHEL 8 version of PostgreSQL'}], 'remediations': [{'type': 'hint', 'context': 'Back up your data before proceeding with the upgrade and follow steps in the documentation section "Migrating to a RHEL 8 version of PostgreSQL" after the upgrade.'}]}, 'actor': 'postgresql_check', 'summary': 'PostgreSQL server component will be upgraded. Since RHEL-8 includes PostgreSQL server 10 by default, which is incompatible with 9.2 included in RHEL-7, it is necessary to proceed with additional steps for the complete upgrade of the PostgreSQL data.', 'audience': 'sysadmin', 'flags': [], 'key': '6966486bbbf49710d1d9f4e4f6b612217aca38a1', 'id': 'f83ce8dd6032bf2d0f1a727c1f5a5dffb847857234cb530541b892b57cee9707', 'tags': ['services'], 'severity': 'medium'})
skipping: [node3.example.com] => (item={'title': 'Automatic registration into Red Hat Insights', 'timeStamp': '2025-09-11T11:37:46.487400Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'actor': 'check_insights_auto_register', 'summary': "After the upgrade, this system will be automatically registered into Red Hat Insights. The 'insights-client' package required for the registration will be installed during the upgrade. To skip the automatic registration, use the '--no-insights-register' command line option or set the LEAPP_NO_INSIGHTS_REGISTER environment variable.", 'audience': 'sysadmin', 'flags': [], 'key': '693963253195f418526f045b6d630a1f4c7a193d', 'id': '40ab15810c0c6aba08ac4142136ba6101b6faddc2c39e90fac3ee7f30d8cb84d', 'tags': ['services'], 'severity': 'info'})
skipping: [node3.example.com] => (item={'title': 'Current PAM and nsswitch.conf configuration will be kept.', 'timeStamp': '2025-09-11T11:37:46.600029Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'authselect'}, {'scheme': 'package', 'title': 'authconfig'}, {'scheme': 'file', 'title': '/etc/nsswitch.conf'}]}, 'actor': 'authselect_check', 'summary': 'There is a new tool called authselect in RHEL8 that replaced authconfig. The upgrade process was unable to find an authselect profile that would be equivalent to your current configuration. Therefore your configuration will be left intact.', 'audience': 'sysadmin', 'flags': [], 'key': '40c4ab1da4a30dc1ca40e543f6385e1336d8810c', 'id': '87263968733955b4751c6140da3635491c499f72ea11578c8878d9b355437c08', 'tags': ['authentication', 'security', 'tools'], 'severity': 'info'})
skipping: [node3.example.com] => (item={'title': 'GRUB2 core will be automatically updated during the upgrade', 'timeStamp': '2025-09-11T11:37:47.128783Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'actor': 'check_grub_core', 'summary': 'On legacy (BIOS) systems, GRUB2 core (located in the gap between the MBR and the first partition) cannot be updated during the rpm transaction and Leapp has to initiate the update running "grub2-install" after the transaction. No action is needed before the upgrade. After the upgrade, it is recommended to check the GRUB configuration.', 'audience': 'sysadmin', 'flags': [], 'key': 'ac7030e05d2ee248d34f08a9fa040b352bc410a3', 'id': '50534ca7c37c3d8d3fad7f23273cfbb10621351debdc75b14d7d8fd02d4f3d26', 'tags': ['boot'], 'severity': 'high'})
skipping: [node3.example.com] => (item={'title': 'Difference in Python versions and support in RHEL 8', 'timeStamp': '2025-09-11T11:37:47.538191Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'python'}, {'scheme': 'package', 'title': 'python2'}, {'scheme': 'package', 'title': 'python3'}], 'external': [{'url': 'https://red.ht/rhel-8-python', 'title': 'Difference in Python versions and support in RHEL 8'}], 'remediations': [{'type': 'hint', 'context': 'Please run "alternatives --set python /usr/bin/python3" after upgrade'}]}, 'actor': 'python_inform_user', 'summary': "In RHEL 8, there is no 'python' command. Python 3 (backward incompatible) is the primary Python version and Python 2 is available with limited support and limited set of packages. If you no longer require Python 2 packages following the upgrade, please remove them. Read more here: https://red.ht/rhel-8-python", 'audience': 'developer', 'flags': [], 'key': '0c98585b1d8d252eb540bf61560094f3495351f5', 'id': '68d20bbec6835b420f6d2416458799c684bfe59390199ebc212af90928251e9b', 'tags': ['python'], 'severity': 'high'})
skipping: [node3.example.com] => (item={'title': 'Grep has incompatible changes in the next major version', 'timeStamp': '2025-09-11T11:37:48.228751Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'grep'}], 'remediations': [{'type': 'hint', 'context': 'Please update your scripts to be compatible with the changes.'}]}, 'actor': 'checkgrep', 'summary': 'If a file contains data improperly encoded for the current locale, and this is discovered before any of the file\'s contents are output, grep now treats the file as binary.\nThe \'grep -P\' no longer reports an error and exits when given invalid UTF-8 data. Instead, it considers the data to be non-matching.\nIn locales with multibyte character encodings other than UTF-8, grep -P now reports an error and exits instead of misbehaving.\nWhen searching binary data, grep now may treat non-text bytes as line terminators. This can boost performance significantly.\nThe \'grep -z\' no longer automatically treats the byte \'\\200\' as binary data.\nContext no longer excludes selected lines omitted because of -m. For example, \'grep "^" -m1 -A1\' now outputs the first two input lines, not just the first line.\n', 'audience': 'sysadmin', 'flags': [], 'key': '94665a499e2eeee35eca3e7093a7abe183384b16', 'id': '4ce02380187299e8e97bbd67f855c122db44fe986f7dd4a7a71b75ed52503b6b', 'tags': ['tools'], 'severity': 'low'})

TASK [infra.leapp.upgrade : Verify no inhibitor results found during preupgrade] ***
fatal: [node1.example.com]: FAILED! => {
"assertion": "not upgrade_inhibited",
"changed": false,
"evaluated_to": false,
"msg": "Inhibitors found, please investigate and rerun analysis."
}

TASK [infra.leapp.parse_leapp_report : Check for inhibitors] *******************
skipping: [node3.example.com] => (item={'title': 'Postfix has incompatible changes in the next major version', 'timeStamp': '2025-09-11T11:37:48.816894Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'package', 'title': 'postfix'}]}, 'actor': 'check_postfix', 'summary': 'Postfix 3.x has so called "compatibility safety net" that runs Postfix programs with backwards-compatible default settings. It will log a warning whenever backwards-compatible default setting may be required for continuity of service. Based on this logging the system administrator can decide if any backwards-compatible settings need to be made permanent in main.cf or master.cf, before turning off the backwards-compatibility safety net.\nThe backward compatibility safety net is by default turned off in Red Hat Enterprise Linux 8.\nIt can be turned on by running: "postconf -e compatibility_level=0\nIt can be turned off by running: "postconf -e compatibility_level=2\n\nIn the Postfix MySQL database client, the default "option_group" value has changed to "client", i.e. it now reads options from the [client] group from the MySQL configuration file. To disable it, set "option_group" to the empty string.\n\nThe postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set TZ=UTC in main.cf:import_environment.\n\nPostfix 3.2 enables elliptic curve negotiation. This changes the default smtpd_tls_eecdh_grade setting to "auto", and introduces a new parameter "tls_eecdh_auto_curves" with the names of curves that may be negotiated.\n\nThe "master.cf" chroot default value has changed from "y" (yes) to "n" (no). This applies to master.cf services where chroot field is not explicitly specified.\n\nThe "append_dot_mydomain" default value has changed from "yes" to "no". You may need changing it to "yes" if senders cannot use complete domain names in e-mail addresses.\n\nThe "relay_domains" default value has changed from "$mydestination" to the empty value. This could result in unexpected "Relay access denied" errors or ETRN errors, because now will postfix by default relay only for the localhost.\n\nThe "mynetworks_style" default value has changed from "subnet" to "host". This parameter is used to implement the "permit_mynetworks" feature. The change could result in unexpected "access denied" errors, because postfix will now by default trust only the local machine, not the remote SMTP clients on the same IP subnetwork.\n\nPostfix now supports dynamically loaded database plugins. Plugins are shipped in individual RPM sub-packages. Correct database plugins have to be installed, otherwise the specific database client will not work. For example for PostgreSQL map to work, the postfix-pgsql RPM package has to be installed.\n', 'audience': 'sysadmin', 'flags': [], 'key': '5721e0a07a67d82cf7e5ea6f17662cd4f82e0a33', 'id': '46ef3e5e4d23e93adcdf22a05c1ac479cccbfd4e96ba2285325eec0ef0793ee2', 'tags': ['services', 'email'], 'severity': 'low'})
ok: [node3.example.com] => (item={'title': 'Missing required answers in the answer file', 'timeStamp': '2025-09-11T11:37:49.463556Z', 'hostname': 'ip-192-168-0-153.us-east-2.compute.internal', 'detail': {'related_resources': [{'scheme': 'dialog', 'title': 'remove_pam_pkcs11_module_check.confirm'}], 'external': [{'url': 'https://access.redhat.com/solutions/7035321', 'title': 'Leapp upgrade fail with error "Inhibitor: Missing required answers in the answer file."'}], 'remediations': [{'type': 'hint', 'context': 'Please register user choices with leapp answer cli command or by manually editing the answerfile.'}, {'type': 'command', 'context': ['leapp', 'answer', '--section', 'remove_pam_pkcs11_module_check.confirm=True']}]}, 'actor': 'verify_check_results', 'summary': 'One or more sections in answerfile are missing user choices: remove_pam_pkcs11_module_check.confirm\nFor more information consult https://red.ht/leapp-dialogs.', 'audience': 'sysadmin', 'flags': ['inhibitor'], 'key': 'd35f6c6b1b1fa6924ef442e3670d90fa92f0d54b', 'id': 'f9e757a10bec732e4a76160355f878687f6fd7afad0ab768702a410cceb6a002', 'tags': [], 'severity': 'high'})
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.087) 0:00:05.206 ****
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.027) 0:00:05.233 ****

TASK [infra.leapp.upgrade : Verify no inhibitor results found during preupgrade] ***
fatal: [node2.example.com]: FAILED! => {
"assertion": "not upgrade_inhibited",
"changed": false,
"evaluated_to": false,
"msg": "Inhibitors found, please investigate and rerun analysis."
}
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.068) 0:00:05.301 ****
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.020) 0:00:05.322 ****

TASK [infra.leapp.upgrade : Verify no inhibitor results found during preupgrade] ***
fatal: [node3.example.com]: FAILED! => {
"assertion": "not upgrade_inhibited",
"changed": false,
"evaluated_to": false,
"msg": "Inhibitors found, please investigate and rerun analysis."
}
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.045) 0:00:05.367 ****

RUNNING HANDLER [infra.leapp.common : Add end time to log file] ****************
changed: [node1.example.com]
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.340) 0:00:05.708 ****
changed: [node2.example.com]
Thursday 11 September 2025 11:58:20 +0000 (0:00:00.020) 0:00:05.729 ****
changed: [node3.example.com]
Thursday 11 September 2025 11:58:21 +0000 (0:00:00.060) 0:00:05.789 ****

RUNNING HANDLER [infra.leapp.common : Slurp ripu.log file] *********************
ok: [node1.example.com]
Thursday 11 September 2025 11:58:21 +0000 (0:00:00.270) 0:00:06.060 ****
ok: [node2.example.com]
Thursday 11 September 2025 11:58:21 +0000 (0:00:00.025) 0:00:06.086 ****

RUNNING HANDLER [infra.leapp.common : Decode ripu.log file] ********************
ok: [node1.example.com]
Thursday 11 September 2025 11:58:21 +0000 (0:00:00.020) 0:00:06.106 ****
ok: [node2.example.com]
Thursday 11 September 2025 11:58:21 +0000 (0:00:00.020) 0:00:06.126 ****

RUNNING HANDLER [infra.leapp.common : Slurp ripu.log file] *********************
ok: [node3.example.com]
Thursday 11 September 2025 11:58:21 +0000 (0:00:00.045) 0:00:06.172 ****

RUNNING HANDLER [infra.leapp.common : Decode ripu.log file] ********************
ok: [node3.example.com]
Thursday 11 September 2025 11:58:21 +0000 (0:00:00.036) 0:00:06.208 ****

RUNNING HANDLER [infra.leapp.common : Rename log file] *************************
changed: [node2.example.com]
changed: [node1.example.com]
changed: [node3.example.com]

PLAY RECAP *********************************************************************
node1.example.com : ok=14 changed=3 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
node2.example.com : ok=14 changed=3 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0
node3.example.com : ok=14 changed=3 unreachable=0 failed=1 skipped=3 rescued=0 ignored=0

PLAYBOOK RECAP *****************************************************************
Playbook run took 0 days, 0 hours, 0 minutes, 6 seconds

TASKS RECAP ********************************************************************
Thursday 11 September 2025 11:58:21 +0000 (0:00:00.437) 0:00:06.646 ****

Gathering Facts --------------------------------------------------------- 1.70s
infra.leapp.common : Create new log file -------------------------------- 0.80s
infra.leapp.common : Rename log file ------------------------------------ 0.50s
infra.leapp.common : Check for existing log file ------------------------ 0.49s
infra.leapp.common : Log directory exists ------------------------------- 0.48s
infra.leapp.common : Add end time to log file --------------------------- 0.45s
infra.leapp.common : Slurp ripu.log file -------------------------------- 0.35s
infra.leapp.parse_leapp_report : Collect human readable report results --- 0.30s
infra.leapp.parse_leapp_report : Collect JSON report results ------------ 0.26s
infra.leapp.upgrade : Include tasks for leapp upgrade ------------------- 0.12s
infra.leapp.upgrade : Include tasks for upgrade using redhat-upgrade-tool --- 0.12s
infra.leapp.parse_leapp_report : Parse report results ------------------- 0.10s
Include randomized delay before beginning upgrade ----------------------- 0.09s
infra.leapp.common : Fail if log file already exists -------------------- 0.09s
infra.leapp.upgrade : Verify no inhibitor results found during preupgrade --- 0.09s
infra.leapp.common : Decode ripu.log file ------------------------------- 0.08s
infra.leapp.parse_leapp_report : Collect JSON report results ------------ 0.06s
infra.leapp.parse_leapp_report : Default upgrade_inhibited to false ----- 0.05s
infra.leapp.parse_leapp_report : Check for inhibitors ------------------- 0.05s
Include the parse_leapp_report role to check for inhibitors ------------- 0.05s

[IPvSean]

are you running this workshop from demo.redhat.com? or are you provisioning it yourself on your own AWS account?

[adelahozredhat]

Running on demo.redhat.com