When Upgrading the Alma or RedHat Linux, Leapp tool give error or warning like "Inhibitor: LUKS encrypted Partition Detected."
If Upgrading on CEPH node where using LUKS encryption then you may face
# Error: Inhibitor: LUKS encrypted partition detected
# Take backup of your actor file and create new with below code and then edit answerfile too and re-run leapp preupgrade will resolve your issue.
mv /usr/share/leapp-repository/repositories/system_upgrade/common/actors/inhibitwhenluks/actor.py /usr/share/leapp-repository/repositories/system_upgrade/common/actors/inhibitwhenluks/actor.py.org
cat << EOF > /usr/share/leapp-repository/repositories/system_upgrade/common/actors/inhibitwhenluks/actor.py
from leapp import reporting
from leapp.actors import Actor
from leapp.models import CephInfo, StorageInfo
from leapp.reporting import create_report, Report
from leapp.tags import ChecksPhaseTag, IPUWorkflowTag
from leapp.libraries.stdlib import api
class InhibitWhenLuks(Actor):
"""
Check if any encrypted partition is in use. If yes, inhibit the upgrade process.
Upgrading system with encrypted partitions is not supported unless ignored via answer file.
"""
name = 'check_luks_and_inhibit'
consumes = (StorageInfo, CephInfo)
produces = (Report,)
tags = (ChecksPhaseTag, IPUWorkflowTag)
def process(self):
# Read user answer to ignore LUKS inhibitor
ignore_luks = api.get_answer('luks.ignore', default=False)
if ignore_luks:
api.current_logger().info('LUKS inhibitor ignored via answer file.')
return
ceph_vol = []
try:
ceph_info = next(self.consume(CephInfo))
if ceph_info:
ceph_vol = ceph_info.encrypted_volumes[:]
except StopIteration:
ceph_vol = []
# Check all block devices for LUKS encryption
for storage_info in self.consume(StorageInfo):
for blk in storage_info.lsblk:
if blk.tp == 'crypt' and blk.name not in ceph_vol:
create_report([
reporting.Title('LUKS encrypted partition detected'),
reporting.Summary(
'Upgrading system with encrypted partitions is not supported'
),
reporting.Severity(reporting.Severity.HIGH),
reporting.Groups([
reporting.Groups.BOOT,
reporting.Groups.ENCRYPTION,
reporting.Groups.INHIBITOR
]),
])
# Only report once
break
EOF
# Also update leap anaswer file
cat << EOF > /var/log/leapp/answerfile
[check_vdo]
confirm = True
[luks]
ignore = True
EOF
Then re-run leap preupgrade, it will resolve your error.
Other errors you face too when doing major ugrade Alma from 8 to 9 as below are also with their solution..
############ ERROR Handling ################
# import any missing key using
# 1. Disable zone drift
sed -i 's/AllowZoneDrifting=yes/AllowZoneDrifting=no/' /etc/firewalld/firewalld.conf
systemctl restart firewalld
# 2. vdo package if vm
yum install vdo -y
# leapp answer --section check_vdo.confirm=True
# 3. Update /var/log/leapp/answerfile with confirm = True
# 4. Always have interface using NetowrkManager as ifcfg-eth0 is not supported.
# /etc/NetworkManager/system-connections/ens18.nmconnection
# Install Below package on 8.10 before upgrading to 9.
rpm -ivh rhel-net-naming-sysattrs-252-51.el9_6.2.alma.2.noarch.rpm
# 5. If any extra key found during leapp pre-upgrade then install it
sudo rpm --import /etc/leapp/repos.d/system_upgrade/common/files/rpm-gpg/9/RPM-GPG-KEY-AlmaLinux-9
#6. If you cancelled yum update then use below to fix and make system bootable after reboot.
sudo rm -f /var/run/yum.pid
sudo dnf clean all
sudo rpm --rebuilddb
sudo dnf distro-sync
sudo dnf update