foreman_maintain 1.0.2 → 1.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/definitions/checks/check_hotfix_installed.rb +11 -3
- data/definitions/checks/foreman_proxy/check_tftp_storage.rb +5 -5
- data/definitions/checks/maintenance_mode/check_consistency.rb +10 -2
- data/definitions/features/instance.rb +10 -2
- data/definitions/features/iptables.rb +4 -21
- data/definitions/features/nftables.rb +51 -0
- data/definitions/procedures/content/fix_pulpcore_artifact_permissions.rb +30 -0
- data/definitions/procedures/maintenance_mode/disable_maintenance_mode.rb +18 -0
- data/definitions/procedures/maintenance_mode/enable_maintenance_mode.rb +48 -0
- data/definitions/procedures/maintenance_mode/is_enabled.rb +4 -2
- data/definitions/procedures/pulp/remove.rb +1 -0
- data/definitions/procedures/puppet/remove_puppet_data.rb +3 -1
- data/definitions/procedures/repositories/enable.rb +7 -1
- data/definitions/scenarios/content.rb +19 -0
- data/definitions/scenarios/puppet.rb +1 -0
- data/definitions/scenarios/self_upgrade.rb +14 -5
- data/definitions/scenarios/upgrade_to_capsule_7_0.rb +1 -0
- data/definitions/scenarios/upgrade_to_satellite_7_0.rb +1 -0
- data/lib/foreman_maintain/cli/content_command.rb +10 -0
- data/lib/foreman_maintain/cli/self_upgrade_command.rb +2 -1
- data/lib/foreman_maintain/concerns/firewall/iptables_maintenance_mode.rb +28 -0
- data/lib/foreman_maintain/concerns/firewall/nftables_maintenance_mode.rb +39 -0
- data/lib/foreman_maintain/version.rb +1 -1
- data/lib/foreman_maintain.rb +2 -0
- metadata +8 -4
- data/definitions/procedures/iptables/add_maintenance_mode_chain.rb +0 -15
- data/definitions/procedures/iptables/remove_maintenance_mode_chain.rb +0 -15
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bda89886170f69276ffe2a0fcca046581c62096011e59251f199d451a6e49ddb
|
|
4
|
+
data.tar.gz: 5f63a1d69ab49281d15e1d4004f1726d9c7b45eccbeeaa0015615176c7973e01
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a2e1859b3479357698652f5b448e97e9ebe4977b6f71a851efc7498ae8f9e622d4a0a69a6589a8206d00071129345bceacececf04133fb958f85924c9c5ba79b
|
|
7
|
+
data.tar.gz: 4db6f08840e3767357d0d57a9b32ff61779627e03118396ca41c99f2ea3f7ea355596e7d353dc1352b56290b7c4fc6b81a17bf74dad09cadf76b52af660cfc32
|
|
@@ -45,16 +45,24 @@ class Checks::CheckHotfixInstalled < ForemanMaintain::Check
|
|
|
45
45
|
|
|
46
46
|
def installed_packages
|
|
47
47
|
packages = []
|
|
48
|
-
|
|
49
|
-
IO.popen([repoquery_cmd, '-a', '--installed', '--qf', '%{ui_from_repo} %{nvra}']) do |io|
|
|
48
|
+
IO.popen(['repoquery', '-a', '--installed', '--qf', query_format]) do |io|
|
|
50
49
|
io.each do |line|
|
|
51
50
|
repo, pkg = line.chomp.split
|
|
52
|
-
|
|
51
|
+
next if repo.nil? || pkg.nil?
|
|
52
|
+
packages << pkg if /satellite|rhscl/ =~ repo.downcase
|
|
53
53
|
end
|
|
54
54
|
end
|
|
55
55
|
packages
|
|
56
56
|
end
|
|
57
57
|
|
|
58
|
+
def query_format
|
|
59
|
+
if el7?
|
|
60
|
+
return '%{ui_from_repo} %{name}-%{evr}.%{arch}'
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
'%{from_repo} %{name}-%{evr}.%{arch}'
|
|
64
|
+
end
|
|
65
|
+
|
|
58
66
|
def find_hotfix_packages
|
|
59
67
|
output = execute!('rpm -qa release="*HOTFIX*"').strip
|
|
60
68
|
return [] if output.empty?
|
|
@@ -6,12 +6,12 @@ module Checks::ForemanProxy
|
|
|
6
6
|
tags :default
|
|
7
7
|
confine do
|
|
8
8
|
feature(:satellite) && feature(:foreman_proxy) &&
|
|
9
|
-
feature(:foreman_proxy).features.include?('tftp')
|
|
9
|
+
feature(:foreman_proxy).features.include?('tftp')
|
|
10
10
|
end
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def run
|
|
14
|
-
if Dir.exist?(tftp_boot_directory)
|
|
14
|
+
if non_zero_token_duration? && Dir.exist?(tftp_boot_directory)
|
|
15
15
|
files = old_files_from_tftp_boot
|
|
16
16
|
assert(files.empty?,
|
|
17
17
|
'There are old initrd and vmlinuz files present in tftp',
|
|
@@ -29,7 +29,7 @@ module Checks::ForemanProxy
|
|
|
29
29
|
end.compact
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
def
|
|
32
|
+
def non_zero_token_duration?
|
|
33
33
|
lookup_token_duration != 0
|
|
34
34
|
end
|
|
35
35
|
|
|
@@ -38,10 +38,10 @@ module Checks::ForemanProxy
|
|
|
38
38
|
end
|
|
39
39
|
|
|
40
40
|
def token_duration
|
|
41
|
-
@token_duration ||=
|
|
41
|
+
@token_duration ||= lookup_token_duration
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
-
def
|
|
44
|
+
def lookup_token_duration
|
|
45
45
|
data = feature(:foreman_database). \
|
|
46
46
|
query("select s.value, s.default from settings s \
|
|
47
47
|
where category IN ('Setting::Provisioning','Setting') \
|
|
@@ -22,11 +22,15 @@ module Checks::MaintenanceMode
|
|
|
22
22
|
|
|
23
23
|
private
|
|
24
24
|
|
|
25
|
+
def firewall
|
|
26
|
+
@firewall ||= feature(:instance).firewall
|
|
27
|
+
end
|
|
28
|
+
|
|
25
29
|
def verify_with_features
|
|
26
30
|
procedure_arr = []
|
|
27
31
|
feature_status_msgs = []
|
|
28
|
-
is_mode_on =
|
|
29
|
-
[
|
|
32
|
+
is_mode_on = firewall.maintenance_mode_status?
|
|
33
|
+
[firewall.label, :sync_plans, :cron].each do |feature_name|
|
|
30
34
|
msg, procedures_to_run = send("check_for_#{feature_name}", is_mode_on)
|
|
31
35
|
feature_status_msgs << msg
|
|
32
36
|
procedure_arr.concat(procedures_to_run)
|
|
@@ -55,6 +59,10 @@ module Checks::MaintenanceMode
|
|
|
55
59
|
feature(:iptables).status_for_maintenance_mode
|
|
56
60
|
end
|
|
57
61
|
|
|
62
|
+
def check_for_nftables(_is_mode_on)
|
|
63
|
+
feature(:nftables).status_for_maintenance_mode
|
|
64
|
+
end
|
|
65
|
+
|
|
58
66
|
def check_for_sync_plans(is_mode_on)
|
|
59
67
|
feature(:sync_plans).status_for_maintenance_mode(is_mode_on)
|
|
60
68
|
end
|
|
@@ -70,6 +70,10 @@ class Features::Instance < ForemanMaintain::Feature
|
|
|
70
70
|
feature(:pulp2) || feature(:pulpcore)
|
|
71
71
|
end
|
|
72
72
|
|
|
73
|
+
def firewall
|
|
74
|
+
feature(:nftables) || feature(:iptables)
|
|
75
|
+
end
|
|
76
|
+
|
|
73
77
|
private
|
|
74
78
|
|
|
75
79
|
# rubocop:disable Metrics/MethodLength, Metrics/AbcSize
|
|
@@ -142,11 +146,15 @@ class Features::Instance < ForemanMaintain::Feature
|
|
|
142
146
|
def component_features_map
|
|
143
147
|
{
|
|
144
148
|
'candlepin_auth' => %w[candlepin candlepin_database],
|
|
149
|
+
'candlepin_events' => %w[candlepin candlepin_database],
|
|
145
150
|
'candlepin' => %w[candlepin candlepin_database],
|
|
146
151
|
'pulp_auth' => %w[pulp2 mongo],
|
|
147
152
|
'pulp' => %w[pulp2 mongo],
|
|
148
153
|
'pulp3' => %w[pulpcore pulpcore_database],
|
|
149
|
-
'
|
|
154
|
+
'pulp3_content' => %w[pulpcore pulpcore_database],
|
|
155
|
+
'foreman_tasks' => %w[foreman_tasks],
|
|
156
|
+
'katello_agent' => %w[katello],
|
|
157
|
+
'katello_events' => %w[katello]
|
|
150
158
|
}
|
|
151
159
|
end
|
|
152
160
|
|
|
@@ -154,7 +162,7 @@ class Features::Instance < ForemanMaintain::Feature
|
|
|
154
162
|
components = Array(components)
|
|
155
163
|
cf_map = component_features_map
|
|
156
164
|
# map ping components to features
|
|
157
|
-
features = components.map { |component| cf_map[component] }.flatten.uniq
|
|
165
|
+
features = components.map { |component| cf_map[component] }.flatten.uniq.compact
|
|
158
166
|
# map features to existing services
|
|
159
167
|
services_of_features = features.map do |name|
|
|
160
168
|
feature(name.to_sym) ? feature(name.to_sym).services : []
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
class Features::Iptables < ForemanMaintain::Feature
|
|
2
|
+
include ForemanMaintain::Concerns::Firewall::IptablesMaintenanceMode
|
|
2
3
|
metadata do
|
|
3
4
|
label :iptables
|
|
5
|
+
confine do
|
|
6
|
+
find_package('iptables')
|
|
7
|
+
end
|
|
4
8
|
end
|
|
5
9
|
|
|
6
10
|
def add_chain(chain_name, rules, rule_chain = 'INPUT')
|
|
@@ -29,27 +33,6 @@ class Features::Iptables < ForemanMaintain::Feature
|
|
|
29
33
|
execute?("iptables -L #{rule_chain} | tail -n +3 | grep '^#{target_name} '")
|
|
30
34
|
end
|
|
31
35
|
|
|
32
|
-
def add_maintenance_mode_chain
|
|
33
|
-
add_chain(custom_chain_name,
|
|
34
|
-
['-i lo -j ACCEPT', '-p tcp --dport 443 -j REJECT'])
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
def remove_maintenance_mode_chain
|
|
38
|
-
remove_chain(custom_chain_name)
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
def maintenance_mode_chain_exist?
|
|
42
|
-
chain_exist?(custom_chain_name)
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
def status_for_maintenance_mode
|
|
46
|
-
if maintenance_mode_chain_exist?
|
|
47
|
-
['Iptables chain: present', []]
|
|
48
|
-
else
|
|
49
|
-
['Iptables chain: absent', []]
|
|
50
|
-
end
|
|
51
|
-
end
|
|
52
|
-
|
|
53
36
|
private
|
|
54
37
|
|
|
55
38
|
def custom_chain_name
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
class Features::Nftables < ForemanMaintain::Feature
|
|
2
|
+
include ForemanMaintain::Concerns::Firewall::NftablesMaintenanceMode
|
|
3
|
+
metadata do
|
|
4
|
+
label :nftables
|
|
5
|
+
confine do
|
|
6
|
+
find_package('nftables')
|
|
7
|
+
end
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def add_table(options = '')
|
|
11
|
+
options = "#{ip_family} #{table_name}" if options.empty?
|
|
12
|
+
execute!("nft add table #{options}")
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def delete_table(options = '')
|
|
16
|
+
options = "#{ip_family} #{table_name}" if options.empty?
|
|
17
|
+
execute!("nft delete table #{options}")
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def add_chain(options = {})
|
|
21
|
+
family = options.fetch(:family, ip_family)
|
|
22
|
+
table = options.fetch(:table, table_name)
|
|
23
|
+
chain = options.fetch(:chain, chain_name)
|
|
24
|
+
chain_options = options.fetch(:chain_options)
|
|
25
|
+
execute!("nft add chain #{family} #{table} #{chain} #{chain_options}")
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def add_rule(options = {})
|
|
29
|
+
family = options.fetch(:family, ip_family)
|
|
30
|
+
table = options.fetch(:table, table_name)
|
|
31
|
+
chain = options.fetch(:chain, chain_name)
|
|
32
|
+
rule = options.fetch(:rule) # needs validation
|
|
33
|
+
execute!("nft add rule #{family} #{table} #{chain} #{rule}")
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def table_exist?(name = table_name)
|
|
37
|
+
execute!('nft list tables').include?(name)
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def table_name
|
|
41
|
+
'FOREMAN_MAINTAIN_TABLE'
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
def chain_name
|
|
45
|
+
'FOREMAN_MAINTAIN_CHAIN'
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def ip_family
|
|
49
|
+
'inet'
|
|
50
|
+
end
|
|
51
|
+
end
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
module Procedures::Content
|
|
2
|
+
class FixPulpcoreArtifactOwnership < ForemanMaintain::Procedure
|
|
3
|
+
metadata do
|
|
4
|
+
description 'Fix Pulpcore artifact ownership to be pulp:pulp'
|
|
5
|
+
param :assumeyes, 'Do not ask for confirmation', :default => false
|
|
6
|
+
|
|
7
|
+
confine do
|
|
8
|
+
check_min_version(foreman_plugin_name('katello'), '4.0')
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def ask_to_proceed
|
|
13
|
+
question = "\nWARNING: Only proceed if your system is fully switched to Pulp 3.\n"
|
|
14
|
+
question += "\n\nDo you want to proceed?"
|
|
15
|
+
answer = ask_decision(question, actions_msg: 'y(yes), q(quit)')
|
|
16
|
+
abort! if answer != :yes
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def run
|
|
20
|
+
assumeyes_val = @assumeyes.nil? ? assumeyes? : @assumeyes
|
|
21
|
+
|
|
22
|
+
ask_to_proceed unless assumeyes_val
|
|
23
|
+
|
|
24
|
+
with_spinner('Updating artifact ownership for Pulp 3') do |spinner|
|
|
25
|
+
spinner.update('# chown -hR pulp.pulp /var/lib/pulp/media/artifact')
|
|
26
|
+
FileUtils.chown_R 'pulp', 'pulp', '/var/lib/pulp/media/artifact'
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
module Procedures::MaintenanceMode
|
|
2
|
+
class DisableMaintenanceMode < ForemanMaintain::Procedure
|
|
3
|
+
metadata do
|
|
4
|
+
label :disable_maintenance_mode
|
|
5
|
+
description 'Remove maintenance mode table/chain from nftables/iptables'
|
|
6
|
+
tags :post_migrations, :maintenance_mode_off
|
|
7
|
+
after :sync_plans_enable
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def run
|
|
11
|
+
if feature(:instance).firewall
|
|
12
|
+
feature(:instance).firewall.disable_maintenance_mode
|
|
13
|
+
else
|
|
14
|
+
warn! 'Unable to find nftables or iptables'
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
module Procedures::MaintenanceMode
|
|
2
|
+
class EnableMaintenanceMode < ForemanMaintain::Procedure
|
|
3
|
+
metadata do
|
|
4
|
+
label :enable_maintenance_mode
|
|
5
|
+
description 'Add maintenance_mode tables/chain to nftables/iptables'
|
|
6
|
+
tags :pre_migrations, :maintenance_mode_on
|
|
7
|
+
after :sync_plans_disable
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def run
|
|
11
|
+
if feature(:instance).firewall
|
|
12
|
+
feature(:instance).firewall.enable_maintenance_mode
|
|
13
|
+
else
|
|
14
|
+
notify_and_ask_to_install_firewall_utility
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def notify_and_ask_to_install_firewall_utility
|
|
19
|
+
puts 'Unable to find nftables or iptables!'
|
|
20
|
+
question, pkg = question_and_pkg_name
|
|
21
|
+
answer = ask_decision(question, actions_msg: 'y(yes), q(quit)')
|
|
22
|
+
if answer == :yes
|
|
23
|
+
packages_action(:install, pkg)
|
|
24
|
+
feature(:instance).firewall.enable_maintenance_mode
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def can_install_nft?
|
|
29
|
+
nft_kernel_version = Gem::Version.new('3.13')
|
|
30
|
+
installed_kernel_version = Gem::Version.new(execute!('uname -r').split('-').first)
|
|
31
|
+
installed_kernel_version >= nft_kernel_version
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def question_and_pkg_name
|
|
35
|
+
question = 'Do you want to install missing netfilter utility '
|
|
36
|
+
pkg_to_install = []
|
|
37
|
+
if can_install_nft?
|
|
38
|
+
question << 'nftables?'
|
|
39
|
+
pkg_to_install << 'nftables'
|
|
40
|
+
else
|
|
41
|
+
question << 'iptables?'
|
|
42
|
+
pkg_to_install << 'iptables'
|
|
43
|
+
end
|
|
44
|
+
question << "\nand start maintenance mode?"
|
|
45
|
+
[question, pkg_to_install]
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
@@ -2,14 +2,16 @@ module Procedures::MaintenanceMode
|
|
|
2
2
|
class IsEnabled < ForemanMaintain::Procedure
|
|
3
3
|
metadata do
|
|
4
4
|
description 'Showing status code for maintenance_mode'
|
|
5
|
-
for_feature :iptables
|
|
6
5
|
advanced_run false
|
|
6
|
+
confine do
|
|
7
|
+
feature(:nftables) || feature(:iptables)
|
|
8
|
+
end
|
|
7
9
|
end
|
|
8
10
|
|
|
9
11
|
attr_reader :status_code
|
|
10
12
|
|
|
11
13
|
def run
|
|
12
|
-
@status_code = feature(:
|
|
14
|
+
@status_code = feature(:instance).firewall.maintenance_mode_status? ? 0 : 1
|
|
13
15
|
puts "Maintenance mode is #{@status_code == 1 ? 'Off' : 'On'}"
|
|
14
16
|
end
|
|
15
17
|
end
|
|
@@ -2,11 +2,17 @@ module Procedures::Repositories
|
|
|
2
2
|
class Enable < ForemanMaintain::Procedure
|
|
3
3
|
metadata do
|
|
4
4
|
param :repos, 'Array of repositories to enable'
|
|
5
|
+
param :use_rhsm, 'Use RHSM to enable repository',
|
|
6
|
+
:flag => true, :default => false
|
|
5
7
|
description 'Enable repositories'
|
|
6
8
|
end
|
|
7
9
|
def run
|
|
8
10
|
with_spinner('Enabling repositories') do
|
|
9
|
-
|
|
11
|
+
if @use_rhsm
|
|
12
|
+
repository_manager.rhsm_enable_repos(@repos)
|
|
13
|
+
else
|
|
14
|
+
repository_manager.enable_repos(@repos)
|
|
15
|
+
end
|
|
10
16
|
end
|
|
11
17
|
end
|
|
12
18
|
end
|
|
@@ -129,10 +129,29 @@ module ForemanMaintain::Scenarios
|
|
|
129
129
|
|
|
130
130
|
def set_context_mapping
|
|
131
131
|
context.map(:assumeyes, Procedures::Pulp::Remove => :assumeyes)
|
|
132
|
+
context.map(:assumeyes, Procedures::Content::FixPulpcoreArtifactOwnership => :assumeyes)
|
|
132
133
|
end
|
|
133
134
|
|
|
134
135
|
def compose
|
|
135
136
|
add_step_with_context(Procedures::Pulp::Remove)
|
|
137
|
+
add_step_with_context(Procedures::Content::FixPulpcoreArtifactOwnership)
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
class FixPulpcoreArtifactOwnership < ContentBase
|
|
142
|
+
metadata do
|
|
143
|
+
label :content_fix_pulpcore_artifact_ownership
|
|
144
|
+
description 'Fix Pulpcore artifact ownership to be pulp:pulp'
|
|
145
|
+
param :assumeyes, 'Do not ask for confirmation'
|
|
146
|
+
manual_detection
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
def set_context_mapping
|
|
150
|
+
context.map(:assumeyes, Procedures::Content::FixPulpcoreArtifactOwnership => :assumeyes)
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
def compose
|
|
154
|
+
add_step_with_context(Procedures::Content::FixPulpcoreArtifactOwnership)
|
|
136
155
|
end
|
|
137
156
|
end
|
|
138
157
|
end
|
|
@@ -14,6 +14,7 @@ module ForemanMaintain::Scenarios
|
|
|
14
14
|
add_step(Checks::CheckPuppetCapsules) if server?
|
|
15
15
|
add_step(Procedures::Puppet::RemovePuppet)
|
|
16
16
|
add_step(Procedures::Puppet::RemovePuppetData) if context.get(:remove_data)
|
|
17
|
+
add_step(Procedures::Service::Restart)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
end
|
|
@@ -62,13 +62,21 @@ module ForemanMaintain::Scenarios
|
|
|
62
62
|
repos_ids_to_reenable = stored_enabled_repos_ids - all_maintenance_repos
|
|
63
63
|
repos_ids_to_reenable << maintenance_repo(maintenance_repo_version)
|
|
64
64
|
end
|
|
65
|
+
|
|
66
|
+
def use_rhsm?
|
|
67
|
+
if (repo = ENV['maintenance_repo'])
|
|
68
|
+
return false unless repo.empty?
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
true
|
|
72
|
+
end
|
|
65
73
|
end
|
|
66
74
|
|
|
67
75
|
class SelfUpgrade < SelfUpgradeBase
|
|
68
76
|
metadata do
|
|
69
77
|
label :self_upgrade_foreman_maintain
|
|
70
|
-
description "Enables the specified version's maintenance repository and,
|
|
71
|
-
|
|
78
|
+
description "Enables the specified version's maintenance repository and,"\
|
|
79
|
+
"\nupdates the satellite-maintain packages"
|
|
72
80
|
manual_detection
|
|
73
81
|
end
|
|
74
82
|
|
|
@@ -77,7 +85,8 @@ module ForemanMaintain::Scenarios
|
|
|
77
85
|
pkgs_to_update = %w[satellite-maintain rubygem-foreman_maintain]
|
|
78
86
|
add_step(Procedures::Repositories::BackupEnabledRepos.new)
|
|
79
87
|
disable_repos
|
|
80
|
-
add_step(Procedures::Repositories::Enable.new(repos: [maintenance_repo_id(target_version)]
|
|
88
|
+
add_step(Procedures::Repositories::Enable.new(repos: [maintenance_repo_id(target_version)],
|
|
89
|
+
use_rhsm: use_rhsm?))
|
|
81
90
|
add_step(Procedures::Packages::Update.new(packages: pkgs_to_update, assumeyes: true))
|
|
82
91
|
enable_repos(repos_ids_to_reenable)
|
|
83
92
|
end
|
|
@@ -87,8 +96,8 @@ module ForemanMaintain::Scenarios
|
|
|
87
96
|
class SelfUpgradeRescue < SelfUpgradeBase
|
|
88
97
|
metadata do
|
|
89
98
|
label :rescue_self_upgrade
|
|
90
|
-
description 'Disables all version specific maintenance
|
|
91
|
-
|
|
99
|
+
description 'Disables all version specific maintenance repositories and,'\
|
|
100
|
+
"\nenables the repositories which were configured prior to self upgrade"
|
|
92
101
|
manual_detection
|
|
93
102
|
run_strategy :fail_slow
|
|
94
103
|
end
|
|
@@ -54,6 +54,16 @@ module ForemanMaintain
|
|
|
54
54
|
)
|
|
55
55
|
end
|
|
56
56
|
end
|
|
57
|
+
|
|
58
|
+
subcommand 'fix-pulpcore-artifact-ownership',
|
|
59
|
+
'Update filesystem ownership for Pulpcore artifacts' do
|
|
60
|
+
interactive_option(%w[assumeyes plaintext])
|
|
61
|
+
def execute
|
|
62
|
+
run_scenarios_and_exit(
|
|
63
|
+
Scenarios::Content::FixPulpcoreArtifactOwnership.new(:assumeyes => assumeyes?)
|
|
64
|
+
)
|
|
65
|
+
end
|
|
66
|
+
end
|
|
57
67
|
end
|
|
58
68
|
end
|
|
59
69
|
end
|
|
@@ -29,7 +29,8 @@ module ForemanMaintain
|
|
|
29
29
|
end
|
|
30
30
|
if current_downstream_version >= next_version
|
|
31
31
|
message = "The target-version #{target_version} should be "\
|
|
32
|
-
"greater than existing version #{current_downstream_version}
|
|
32
|
+
"greater than existing version #{current_downstream_version},"\
|
|
33
|
+
"\nand self-upgrade should be used for major version upgrades only!"
|
|
33
34
|
raise Error::UsageError, message
|
|
34
35
|
end
|
|
35
36
|
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module ForemanMaintain
|
|
2
|
+
module Concerns
|
|
3
|
+
module Firewall
|
|
4
|
+
module IptablesMaintenanceMode
|
|
5
|
+
def disable_maintenance_mode
|
|
6
|
+
remove_chain(custom_chain_name)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def enable_maintenance_mode
|
|
10
|
+
add_chain(custom_chain_name,
|
|
11
|
+
['-i lo -j ACCEPT', '-p tcp --dport 443 -j REJECT'])
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def maintenance_mode_status?
|
|
15
|
+
chain_exist?(custom_chain_name)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def status_for_maintenance_mode
|
|
19
|
+
if maintenance_mode_status?
|
|
20
|
+
['Iptables chain: present', []]
|
|
21
|
+
else
|
|
22
|
+
['Iptables chain: absent', []]
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module ForemanMaintain
|
|
2
|
+
module Concerns
|
|
3
|
+
module Firewall
|
|
4
|
+
module NftablesMaintenanceMode
|
|
5
|
+
def disable_maintenance_mode
|
|
6
|
+
delete_table if table_exist?
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def enable_maintenance_mode
|
|
10
|
+
unless table_exist?
|
|
11
|
+
add_table
|
|
12
|
+
add_chain(:chain_options => nftables_chain_options)
|
|
13
|
+
add_rule(rule: nftables_rule)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
def maintenance_mode_status?
|
|
18
|
+
table_exist?
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def nftables_chain_options
|
|
22
|
+
'{type filter hook input priority 0\\;}'
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
def nftables_rule
|
|
26
|
+
'tcp dport https reject'
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
def status_for_maintenance_mode
|
|
30
|
+
if table_exist?
|
|
31
|
+
['Nftables table: present', []]
|
|
32
|
+
else
|
|
33
|
+
['Nftables table: absent', []]
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
data/lib/foreman_maintain.rb
CHANGED
|
@@ -24,6 +24,8 @@ module ForemanMaintain
|
|
|
24
24
|
require 'foreman_maintain/concerns/downstream'
|
|
25
25
|
require 'foreman_maintain/concerns/primary_checks'
|
|
26
26
|
require 'foreman_maintain/concerns/pulp_common'
|
|
27
|
+
require 'foreman_maintain/concerns/firewall/iptables_maintenance_mode'
|
|
28
|
+
require 'foreman_maintain/concerns/firewall/nftables_maintenance_mode'
|
|
27
29
|
require 'foreman_maintain/top_level_modules'
|
|
28
30
|
require 'foreman_maintain/yaml_storage'
|
|
29
31
|
require 'foreman_maintain/config'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_maintain
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-03-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: clamp
|
|
@@ -206,6 +206,7 @@ files:
|
|
|
206
206
|
- definitions/features/iptables.rb
|
|
207
207
|
- definitions/features/katello.rb
|
|
208
208
|
- definitions/features/mongo.rb
|
|
209
|
+
- definitions/features/nftables.rb
|
|
209
210
|
- definitions/features/pulp2.rb
|
|
210
211
|
- definitions/features/pulpcore.rb
|
|
211
212
|
- definitions/features/pulpcore_database.rb
|
|
@@ -244,6 +245,7 @@ files:
|
|
|
244
245
|
- definitions/procedures/backup/snapshot/mount_pulpcore_db.rb
|
|
245
246
|
- definitions/procedures/backup/snapshot/prepare_mount.rb
|
|
246
247
|
- definitions/procedures/candlepin/delete_orphaned_records_from_env_content.rb
|
|
248
|
+
- definitions/procedures/content/fix_pulpcore_artifact_permissions.rb
|
|
247
249
|
- definitions/procedures/content/migration_reset.rb
|
|
248
250
|
- definitions/procedures/content/migration_stats.rb
|
|
249
251
|
- definitions/procedures/content/prepare.rb
|
|
@@ -267,9 +269,9 @@ files:
|
|
|
267
269
|
- definitions/procedures/installer/run.rb
|
|
268
270
|
- definitions/procedures/installer/upgrade.rb
|
|
269
271
|
- definitions/procedures/installer/upgrade_rake_task.rb
|
|
270
|
-
- definitions/procedures/iptables/add_maintenance_mode_chain.rb
|
|
271
|
-
- definitions/procedures/iptables/remove_maintenance_mode_chain.rb
|
|
272
272
|
- definitions/procedures/knowledge_base_article.rb
|
|
273
|
+
- definitions/procedures/maintenance_mode/disable_maintenance_mode.rb
|
|
274
|
+
- definitions/procedures/maintenance_mode/enable_maintenance_mode.rb
|
|
273
275
|
- definitions/procedures/maintenance_mode/is_enabled.rb
|
|
274
276
|
- definitions/procedures/packages/check_update.rb
|
|
275
277
|
- definitions/procedures/packages/enable_version_locking.rb
|
|
@@ -389,6 +391,8 @@ files:
|
|
|
389
391
|
- lib/foreman_maintain/concerns/directory_marker.rb
|
|
390
392
|
- lib/foreman_maintain/concerns/downstream.rb
|
|
391
393
|
- lib/foreman_maintain/concerns/finders.rb
|
|
394
|
+
- lib/foreman_maintain/concerns/firewall/iptables_maintenance_mode.rb
|
|
395
|
+
- lib/foreman_maintain/concerns/firewall/nftables_maintenance_mode.rb
|
|
392
396
|
- lib/foreman_maintain/concerns/hammer.rb
|
|
393
397
|
- lib/foreman_maintain/concerns/logger.rb
|
|
394
398
|
- lib/foreman_maintain/concerns/metadata.rb
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
module Procedures::Iptables
|
|
2
|
-
class AddMaintenanceModeChain < ForemanMaintain::Procedure
|
|
3
|
-
metadata do
|
|
4
|
-
label :iptables_add_maintenance_mode_chain
|
|
5
|
-
for_feature :iptables
|
|
6
|
-
description 'Add maintenance_mode chain to iptables'
|
|
7
|
-
tags :pre_migrations, :maintenance_mode_on
|
|
8
|
-
after :sync_plans_disable
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def run
|
|
12
|
-
feature(:iptables).add_maintenance_mode_chain
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
module Procedures::Iptables
|
|
2
|
-
class RemoveMaintenanceModeChain < ForemanMaintain::Procedure
|
|
3
|
-
metadata do
|
|
4
|
-
label :iptables_remove_maintenance_mode_chain
|
|
5
|
-
for_feature :iptables
|
|
6
|
-
description 'Remove maintenance_mode chain from iptables'
|
|
7
|
-
tags :post_migrations, :maintenance_mode_off
|
|
8
|
-
after :sync_plans_enable
|
|
9
|
-
end
|
|
10
|
-
|
|
11
|
-
def run
|
|
12
|
-
feature(:iptables).remove_maintenance_mode_chain
|
|
13
|
-
end
|
|
14
|
-
end
|
|
15
|
-
end
|