foreman_maintain 1.0.3 → 1.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '092ba2224bd80eeef29cbcc522cf6ef3a438094125e8a4ad87e0c99281fdd251'
-  data.tar.gz: 0f71a35dc5325391b51a9648cd633ccf681eae203dfa9b49e6626e2b1bd6b602
+  metadata.gz: 41c40d80a596e78552a9e066e6d769db4fe57cd9e7c7368a7d64cf21f68edefa
+  data.tar.gz: 4908652d3cc57dde9b08081b0d5fa20fac5cc9f8ab41f19778243a29b0963002
 SHA512:
-  metadata.gz: 5589f427186e871ca4b0fbaba47ac450962ef2a91f72c33209b2b9f67d1c354e84c9f407cb47b686ef9867a82cbfdbc6360c1e312ba41021bc16fa08fa5e7e0c
-  data.tar.gz: 6f2f77e8fe631dee53dd3e9476868d76063d8f1c4fb4b2533c332ca88ab16af0b587901258fe4ab7558bf9fce942263b5717c7ef2717a7c0ea428de266a36991
+  metadata.gz: aa7003129978adaa2e1798c3fa191a5be628403b1d86df618bd92110829de5b8f0cd81a2f6c97b1df2befeeda693ba950acdf985c843482d2d027d333e771957
+  data.tar.gz: 1c16a69c401058063919df5c8b8a595a4b04d17c5662f93e12b9999bfa5e566f6276b1b4a1998ffb5a3d3f964af76a8275eae68554826a22b4aef8f3ca7b81fb

data/definitions/checks/check_hotfix_installed.rb

@@ -45,18 +45,24 @@ class Checks::CheckHotfixInstalled < ForemanMaintain::Check
 
   def installed_packages
     packages = []
-    repoquery_cmd = execute!('which repoquery')
-    query_format = '%{ui_from_repo} %{name}-%{evr}.%{arch}'
-    IO.popen([repoquery_cmd, '-a', '--installed', '--qf', query_format]) do |io|
+    IO.popen(['repoquery', '-a', '--installed', '--qf', query_format]) do |io|
       io.each do |line|
         repo, pkg = line.chomp.split
         next if repo.nil? || pkg.nil?
-        packages << pkg if /satellite|rhscl/ =~ repo[1..-1].downcase
+        packages << pkg if /satellite|rhscl/ =~ repo.downcase
       end
     end
     packages
   end
 
+  def query_format
+    if el7?
+      return '%{ui_from_repo} %{name}-%{evr}.%{arch}'
+    end
+
+    '%{from_repo} %{name}-%{evr}.%{arch}'
+  end
+
   def find_hotfix_packages
     output = execute!('rpm -qa release="*HOTFIX*"').strip
     return [] if output.empty?

data/definitions/checks/maintenance_mode/check_consistency.rb

@@ -22,11 +22,15 @@ module Checks::MaintenanceMode
 
     private
 
+    def firewall
+      @firewall ||= feature(:instance).firewall
+    end
+
     def verify_with_features
       procedure_arr = []
       feature_status_msgs = []
-      is_mode_on = feature(:iptables).maintenance_mode_chain_exist?
-      [:iptables, :sync_plans, :cron].each do |feature_name|
+      is_mode_on = firewall.maintenance_mode_status?
+      [firewall.label, :sync_plans, :cron].each do |feature_name|
         msg, procedures_to_run = send("check_for_#{feature_name}", is_mode_on)
         feature_status_msgs << msg
         procedure_arr.concat(procedures_to_run)
@@ -55,6 +59,10 @@ module Checks::MaintenanceMode
       feature(:iptables).status_for_maintenance_mode
     end
 
+    def check_for_nftables(_is_mode_on)
+      feature(:nftables).status_for_maintenance_mode
+    end
+
     def check_for_sync_plans(is_mode_on)
       feature(:sync_plans).status_for_maintenance_mode(is_mode_on)
     end

data/definitions/features/foreman_tasks.rb

@@ -82,15 +82,22 @@ class Features::ForemanTasks < ForemanMaintain::Feature
   def delete(state)
     tasks_condition = condition(state)
 
-    feature(:foreman_database).psql(<<-SQL)
-     BEGIN;
-       DELETE FROM dynflow_steps USING foreman_tasks_tasks WHERE (foreman_tasks_tasks.external_id = dynflow_steps.execution_plan_uuid::varchar) AND #{tasks_condition};
-       DELETE FROM dynflow_actions USING foreman_tasks_tasks WHERE (foreman_tasks_tasks.external_id = dynflow_actions.execution_plan_uuid::varchar) AND #{tasks_condition};
-       DELETE FROM dynflow_execution_plans USING foreman_tasks_tasks WHERE (foreman_tasks_tasks.external_id = dynflow_execution_plans.uuid::varchar) AND #{tasks_condition};
-       DELETE FROM foreman_tasks_tasks WHERE #{tasks_condition};
-     COMMIT;
+    sql = <<-SQL
+      DELETE FROM dynflow_steps USING foreman_tasks_tasks WHERE (foreman_tasks_tasks.external_id = dynflow_steps.execution_plan_uuid::varchar) AND #{tasks_condition};
+      DELETE FROM dynflow_actions USING foreman_tasks_tasks WHERE (foreman_tasks_tasks.external_id = dynflow_actions.execution_plan_uuid::varchar) AND #{tasks_condition};
+      DELETE FROM dynflow_execution_plans USING foreman_tasks_tasks WHERE (foreman_tasks_tasks.external_id = dynflow_execution_plans.uuid::varchar) AND #{tasks_condition};
+      DELETE FROM foreman_tasks_tasks WHERE #{tasks_condition};
+      -- Delete locks and links which may now be orphaned
+      DELETE FROM foreman_tasks_locks as ftl where ftl.task_id NOT IN (SELECT id FROM foreman_tasks_tasks);
     SQL
 
+    if check_min_version(foreman_plugin_name('foreman-tasks'), '4.0.0')
+      sql += 'DELETE FROM foreman_tasks_links as ftl ' \
+             'where ftl.task_id NOT IN (SELECT id FROM foreman_tasks_tasks);'
+    end
+
+    feature(:foreman_database).psql("BEGIN; #{sql}; COMMIT;")
+
     count(state)
   end
 

data/definitions/features/instance.rb

@@ -70,6 +70,10 @@ class Features::Instance < ForemanMaintain::Feature
     feature(:pulp2) || feature(:pulpcore)
   end
 
+  def firewall
+    feature(:nftables) || feature(:iptables)
+  end
+
   private
 
   # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
@@ -142,11 +146,15 @@ class Features::Instance < ForemanMaintain::Feature
   def component_features_map
     {
       'candlepin_auth' => %w[candlepin candlepin_database],
+      'candlepin_events' => %w[candlepin candlepin_database],
       'candlepin' => %w[candlepin candlepin_database],
       'pulp_auth' => %w[pulp2 mongo],
       'pulp' => %w[pulp2 mongo],
       'pulp3' => %w[pulpcore pulpcore_database],
-      'foreman_tasks' => %w[foreman_tasks]
+      'pulp3_content' => %w[pulpcore pulpcore_database],
+      'foreman_tasks' => %w[foreman_tasks],
+      'katello_agent' => %w[katello],
+      'katello_events' => %w[katello]
     }
   end
 
@@ -154,7 +162,7 @@ class Features::Instance < ForemanMaintain::Feature
     components = Array(components)
     cf_map = component_features_map
     # map ping components to features
-    features = components.map { |component| cf_map[component] }.flatten.uniq
+    features = components.map { |component| cf_map[component] }.flatten.uniq.compact
     # map features to existing services
     services_of_features = features.map do |name|
       feature(name.to_sym) ? feature(name.to_sym).services : []

data/definitions/features/iptables.rb

@@ -1,6 +1,10 @@
 class Features::Iptables < ForemanMaintain::Feature
+  include ForemanMaintain::Concerns::Firewall::IptablesMaintenanceMode
   metadata do
     label :iptables
+    confine do
+      find_package('iptables')
+    end
   end
 
   def add_chain(chain_name, rules, rule_chain = 'INPUT')
@@ -29,27 +33,6 @@ class Features::Iptables < ForemanMaintain::Feature
     execute?("iptables -L #{rule_chain} | tail -n +3 | grep '^#{target_name} '")
   end
 
-  def add_maintenance_mode_chain
-    add_chain(custom_chain_name,
-              ['-i lo -j ACCEPT', '-p tcp --dport 443 -j REJECT'])
-  end
-
-  def remove_maintenance_mode_chain
-    remove_chain(custom_chain_name)
-  end
-
-  def maintenance_mode_chain_exist?
-    chain_exist?(custom_chain_name)
-  end
-
-  def status_for_maintenance_mode
-    if maintenance_mode_chain_exist?
-      ['Iptables chain: present', []]
-    else
-      ['Iptables chain: absent', []]
-    end
-  end
-
   private
 
   def custom_chain_name

data/definitions/features/nftables.rb

@@ -0,0 +1,51 @@
+class Features::Nftables < ForemanMaintain::Feature
+  include ForemanMaintain::Concerns::Firewall::NftablesMaintenanceMode
+  metadata do
+    label :nftables
+    confine do
+      find_package('nftables')
+    end
+  end
+
+  def add_table(options = '')
+    options = "#{ip_family} #{table_name}" if options.empty?
+    execute!("nft add table #{options}")
+  end
+
+  def delete_table(options = '')
+    options = "#{ip_family} #{table_name}" if options.empty?
+    execute!("nft delete table #{options}")
+  end
+
+  def add_chain(options = {})
+    family = options.fetch(:family, ip_family)
+    table = options.fetch(:table, table_name)
+    chain = options.fetch(:chain, chain_name)
+    chain_options = options.fetch(:chain_options)
+    execute!("nft add chain #{family} #{table} #{chain} #{chain_options}")
+  end
+
+  def add_rule(options = {})
+    family = options.fetch(:family, ip_family)
+    table = options.fetch(:table, table_name)
+    chain = options.fetch(:chain, chain_name)
+    rule = options.fetch(:rule) # needs validation
+    execute!("nft add rule #{family} #{table} #{chain} #{rule}")
+  end
+
+  def table_exist?(name = table_name)
+    execute!('nft list tables').include?(name)
+  end
+
+  def table_name
+    'FOREMAN_MAINTAIN_TABLE'
+  end
+
+  def chain_name
+    'FOREMAN_MAINTAIN_CHAIN'
+  end
+
+  def ip_family
+    'inet'
+  end
+end

data/definitions/procedures/content/fix_pulpcore_artifact_permissions.rb

@@ -0,0 +1,30 @@
+module Procedures::Content
+  class FixPulpcoreArtifactOwnership < ForemanMaintain::Procedure
+    metadata do
+      description 'Fix Pulpcore artifact ownership to be pulp:pulp'
+      param :assumeyes, 'Do not ask for confirmation', :default => false
+
+      confine do
+        check_min_version(foreman_plugin_name('katello'), '4.0')
+      end
+    end
+
+    def ask_to_proceed
+      question = "\nWARNING: Only proceed if your system is fully switched to Pulp 3.\n"
+      question += "\n\nDo you want to proceed?"
+      answer = ask_decision(question, actions_msg: 'y(yes), q(quit)')
+      abort! if answer != :yes
+    end
+
+    def run
+      assumeyes_val = @assumeyes.nil? ? assumeyes? : @assumeyes
+
+      ask_to_proceed unless assumeyes_val
+
+      with_spinner('Updating artifact ownership for Pulp 3') do |spinner|
+        spinner.update('# chown -hR pulp.pulp /var/lib/pulp/media/artifact')
+        FileUtils.chown_R 'pulp', 'pulp', '/var/lib/pulp/media/artifact'
+      end
+    end
+  end
+end

data/definitions/procedures/maintenance_mode/disable_maintenance_mode.rb

@@ -0,0 +1,18 @@
+module Procedures::MaintenanceMode
+  class DisableMaintenanceMode < ForemanMaintain::Procedure
+    metadata do
+      label :disable_maintenance_mode
+      description 'Remove maintenance mode table/chain from nftables/iptables'
+      tags :post_migrations, :maintenance_mode_off
+      after :sync_plans_enable
+    end
+
+    def run
+      if feature(:instance).firewall
+        feature(:instance).firewall.disable_maintenance_mode
+      else
+        warn! 'Unable to find nftables or iptables'
+      end
+    end
+  end
+end

data/definitions/procedures/maintenance_mode/enable_maintenance_mode.rb

@@ -0,0 +1,48 @@
+module Procedures::MaintenanceMode
+  class EnableMaintenanceMode < ForemanMaintain::Procedure
+    metadata do
+      label :enable_maintenance_mode
+      description 'Add maintenance_mode tables/chain to nftables/iptables'
+      tags :pre_migrations, :maintenance_mode_on
+      after :sync_plans_disable
+    end
+
+    def run
+      if feature(:instance).firewall
+        feature(:instance).firewall.enable_maintenance_mode
+      else
+        notify_and_ask_to_install_firewall_utility
+      end
+    end
+
+    def notify_and_ask_to_install_firewall_utility
+      puts 'Unable to find nftables or iptables!'
+      question, pkg = question_and_pkg_name
+      answer = ask_decision(question, actions_msg: 'y(yes), q(quit)')
+      if answer == :yes
+        packages_action(:install, pkg)
+        feature(:instance).firewall.enable_maintenance_mode
+      end
+    end
+
+    def can_install_nft?
+      nft_kernel_version = Gem::Version.new('3.13')
+      installed_kernel_version = Gem::Version.new(execute!('uname -r').split('-').first)
+      installed_kernel_version >= nft_kernel_version
+    end
+
+    def question_and_pkg_name
+      question = 'Do you want to install missing netfilter utility '
+      pkg_to_install = []
+      if can_install_nft?
+        question << 'nftables?'
+        pkg_to_install << 'nftables'
+      else
+        question << 'iptables?'
+        pkg_to_install << 'iptables'
+      end
+      question << "\nand start maintenance mode?"
+      [question, pkg_to_install]
+    end
+  end
+end

data/definitions/procedures/maintenance_mode/is_enabled.rb

@@ -2,14 +2,16 @@ module Procedures::MaintenanceMode
   class IsEnabled < ForemanMaintain::Procedure
     metadata do
       description 'Showing status code for maintenance_mode'
-      for_feature :iptables
       advanced_run false
+      confine do
+        feature(:nftables) || feature(:iptables)
+      end
     end
 
     attr_reader :status_code
 
     def run
-      @status_code = feature(:iptables).maintenance_mode_chain_exist? ? 0 : 1
+      @status_code = feature(:instance).firewall.maintenance_mode_status? ? 0 : 1
       puts "Maintenance mode is #{@status_code == 1 ? 'Off' : 'On'}"
     end
   end

data/definitions/procedures/pulp/remove.rb

@@ -17,6 +17,7 @@ module Procedures::Pulp
 
     def pulp_data_dirs
       [
+        '/etc/pki/pulp/content',
         '/var/lib/pulp/published',
         '/var/lib/pulp/content',
         '/var/lib/pulp/importers',

data/definitions/procedures/repositories/enable.rb

@@ -2,11 +2,17 @@ module Procedures::Repositories
   class Enable < ForemanMaintain::Procedure
     metadata do
       param :repos, 'Array of repositories to enable'
+      param :use_rhsm, 'Use RHSM to enable repository',
+            :flag => true, :default => false
       description 'Enable repositories'
     end
     def run
       with_spinner('Enabling repositories') do
-        repository_manager.enable_repos(@repos)
+        if @use_rhsm
+          repository_manager.rhsm_enable_repos(@repos)
+        else
+          repository_manager.enable_repos(@repos)
+        end
       end
     end
   end

data/definitions/scenarios/content.rb

@@ -129,10 +129,29 @@ module ForemanMaintain::Scenarios
 
       def set_context_mapping
         context.map(:assumeyes, Procedures::Pulp::Remove => :assumeyes)
+        context.map(:assumeyes, Procedures::Content::FixPulpcoreArtifactOwnership => :assumeyes)
       end
 
       def compose
         add_step_with_context(Procedures::Pulp::Remove)
+        add_step_with_context(Procedures::Content::FixPulpcoreArtifactOwnership)
+      end
+    end
+
+    class FixPulpcoreArtifactOwnership < ContentBase
+      metadata do
+        label :content_fix_pulpcore_artifact_ownership
+        description 'Fix Pulpcore artifact ownership to be pulp:pulp'
+        param :assumeyes, 'Do not ask for confirmation'
+        manual_detection
+      end
+
+      def set_context_mapping
+        context.map(:assumeyes, Procedures::Content::FixPulpcoreArtifactOwnership => :assumeyes)
+      end
+
+      def compose
+        add_step_with_context(Procedures::Content::FixPulpcoreArtifactOwnership)
       end
     end
   end

data/definitions/scenarios/self_upgrade.rb

@@ -62,13 +62,21 @@ module ForemanMaintain::Scenarios
       repos_ids_to_reenable = stored_enabled_repos_ids - all_maintenance_repos
       repos_ids_to_reenable << maintenance_repo(maintenance_repo_version)
     end
+
+    def use_rhsm?
+      if (repo = ENV['maintenance_repo'])
+        return false unless repo.empty?
+      end
+
+      true
+    end
   end
 
   class SelfUpgrade < SelfUpgradeBase
     metadata do
       label :self_upgrade_foreman_maintain
-      description "Enables the specified version's maintenance repository and, "\
-  								'updates the foreman-maintain packages'
+      description "Enables the specified version's maintenance repository and,"\
+  								"\nupdates the satellite-maintain packages"
       manual_detection
     end
 
@@ -77,7 +85,8 @@ module ForemanMaintain::Scenarios
         pkgs_to_update = %w[satellite-maintain rubygem-foreman_maintain]
         add_step(Procedures::Repositories::BackupEnabledRepos.new)
         disable_repos
-        add_step(Procedures::Repositories::Enable.new(repos: [maintenance_repo_id(target_version)]))
+        add_step(Procedures::Repositories::Enable.new(repos: [maintenance_repo_id(target_version)],
+                                                      use_rhsm: use_rhsm?))
         add_step(Procedures::Packages::Update.new(packages: pkgs_to_update, assumeyes: true))
         enable_repos(repos_ids_to_reenable)
       end
@@ -87,8 +96,8 @@ module ForemanMaintain::Scenarios
   class SelfUpgradeRescue < SelfUpgradeBase
     metadata do
       label :rescue_self_upgrade
-      description 'Disables all version specific maintenance repos and,'\
-  		' enables the repositories which were configured prior to self upgrade'
+      description 'Disables all version specific maintenance repositories and,'\
+  		 "\nenables the repositories which were configured prior to self upgrade"
       manual_detection
       run_strategy :fail_slow
     end

data/definitions/scenarios/{upgrade_to_capsule_7_0.rb → upgrade_to_capsule_6_11.rb}

@@ -1,4 +1,4 @@
-module Scenarios::Capsule_7_0
+module Scenarios::Capsule_6_11
   class Abstract < ForemanMaintain::Scenario
     def self.upgrade_metadata(&block)
       metadata do
@@ -6,20 +6,20 @@ module Scenarios::Capsule_7_0
         confine do
           feature(:capsule) &&
             (feature(:capsule).current_minor_version == '6.10' || \
-            ForemanMaintain.upgrade_in_progress == '7.0')
+            ForemanMaintain.upgrade_in_progress == '6.11')
         end
         instance_eval(&block)
       end
     end
 
     def target_version
-      '7.0'
+      '6.11'
     end
   end
 
   class PreUpgradeCheck < Abstract
     upgrade_metadata do
-      description 'Checks before upgrading to Capsule 7.0'
+      description 'Checks before upgrading to Capsule 6.11'
       tags :pre_upgrade_checks
       run_strategy :fail_slow
     end
@@ -27,25 +27,26 @@ module Scenarios::Capsule_7_0
     def compose
       add_steps(find_checks(:default))
       add_steps(find_checks(:pre_upgrade))
-      add_step(Checks::Repositories::Validate.new(:version => '7.0'))
+      add_step(Checks::Repositories::Validate.new(:version => '6.11'))
     end
   end
 
   class PreMigrations < Abstract
     upgrade_metadata do
-      description 'Procedures before migrating to Capsule 7.0'
+      description 'Procedures before migrating to Capsule 6.11'
       tags :pre_migrations
     end
 
     def compose
       add_steps(find_procedures(:pre_migrations))
+      add_step(Procedures::Pulp::Remove.new(:assumeyes => true))
       add_step(Procedures::Service::Stop.new)
     end
   end
 
   class Migrations < Abstract
     upgrade_metadata do
-      description 'Migration scripts to Capsule 7.0'
+      description 'Migration scripts to Capsule 6.11'
       tags :migrations
     end
 
@@ -54,7 +55,7 @@ module Scenarios::Capsule_7_0
     end
 
     def compose
-      add_step(Procedures::Repositories::Setup.new(:version => '7.0'))
+      add_step(Procedures::Repositories::Setup.new(:version => '6.11'))
       add_step(Procedures::Packages::UnlockVersions.new)
       add_step(Procedures::Packages::Update.new(:assumeyes => true))
       add_step_with_context(Procedures::Installer::Upgrade)
@@ -63,7 +64,7 @@ module Scenarios::Capsule_7_0
 
   class PostMigrations < Abstract
     upgrade_metadata do
-      description 'Procedures after migrating to Capsule 7.0'
+      description 'Procedures after migrating to Capsule 6.11'
       tags :post_migrations
     end
 
@@ -76,7 +77,7 @@ module Scenarios::Capsule_7_0
 
   class PostUpgradeChecks < Abstract
     upgrade_metadata do
-      description 'Checks after upgrading to Capsule 7.0'
+      description 'Checks after upgrading to Capsule 6.11'
       tags :post_upgrade_checks
       run_strategy :fail_slow
     end

data/definitions/scenarios/{upgrade_to_capsule_7_0_z.rb → upgrade_to_capsule_6_11_z.rb}

@@ -1,25 +1,25 @@
-module Scenarios::Capsule_7_0_z
+module Scenarios::Capsule_6_11_z
   class Abstract < ForemanMaintain::Scenario
     def self.upgrade_metadata(&block)
       metadata do
         tags :upgrade_scenario
         confine do
           feature(:capsule) &&
-            (feature(:capsule).current_minor_version == '7.0' || \
-              ForemanMaintain.upgrade_in_progress == '7.0.z')
+            (feature(:capsule).current_minor_version == '6.11' || \
+              ForemanMaintain.upgrade_in_progress == '6.11.z')
         end
         instance_eval(&block)
       end
     end
 
     def target_version
-      '7.0.z'
+      '6.11.z'
     end
   end
 
   class PreUpgradeCheck < Abstract
     upgrade_metadata do
-      description 'Checks before upgrading to Capsule 7.0.z'
+      description 'Checks before upgrading to Capsule 6.11.z'
       tags :pre_upgrade_checks
       run_strategy :fail_slow
     end
@@ -27,13 +27,13 @@ module Scenarios::Capsule_7_0_z
     def compose
       add_steps(find_checks(:default))
       add_steps(find_checks(:pre_upgrade))
-      add_step(Checks::Repositories::Validate.new(:version => '7.0'))
+      add_step(Checks::Repositories::Validate.new(:version => '6.11'))
     end
   end
 
   class PreMigrations < Abstract
     upgrade_metadata do
-      description 'Procedures before migrating to Capsule 7.0.z'
+      description 'Procedures before migrating to Capsule 6.11.z'
       tags :pre_migrations
     end
 
@@ -45,7 +45,7 @@ module Scenarios::Capsule_7_0_z
 
   class Migrations < Abstract
     upgrade_metadata do
-      description 'Migration scripts to Capsule 7.0.z'
+      description 'Migration scripts to Capsule 6.11.z'
       tags :migrations
     end
 
@@ -54,7 +54,7 @@ module Scenarios::Capsule_7_0_z
     end
 
     def compose
-      add_step(Procedures::Repositories::Setup.new(:version => '7.0'))
+      add_step(Procedures::Repositories::Setup.new(:version => '6.11'))
       add_step(Procedures::Packages::UnlockVersions.new)
       add_step(Procedures::Packages::Update.new(:assumeyes => true))
       add_step_with_context(Procedures::Installer::Upgrade)
@@ -63,7 +63,7 @@ module Scenarios::Capsule_7_0_z
 
   class PostMigrations < Abstract
     upgrade_metadata do
-      description 'Procedures after migrating to Capsule 7.0.z'
+      description 'Procedures after migrating to Capsule 6.11.z'
       tags :post_migrations
     end
 
@@ -76,7 +76,7 @@ module Scenarios::Capsule_7_0_z
 
   class PostUpgradeChecks < Abstract
     upgrade_metadata do
-      description 'Checks after upgrading to Capsule 7.0.z'
+      description 'Checks after upgrading to Capsule 6.11.z'
       tags :post_upgrade_checks
       run_strategy :fail_slow
     end

data/definitions/scenarios/{upgrade_to_satellite_7_0.rb → upgrade_to_satellite_6_11.rb}

@@ -1,4 +1,4 @@
-module Scenarios::Satellite_7_0
+module Scenarios::Satellite_6_11
   class Abstract < ForemanMaintain::Scenario
     def self.upgrade_metadata(&block)
       metadata do
@@ -6,20 +6,20 @@ module Scenarios::Satellite_7_0
         confine do
           feature(:satellite) &&
             (feature(:satellite).current_minor_version == '6.10' || \
-            ForemanMaintain.upgrade_in_progress == '7.0')
+            ForemanMaintain.upgrade_in_progress == '6.11')
         end
         instance_eval(&block)
       end
     end
 
     def target_version
-      '7.0'
+      '6.11'
     end
   end
 
   class PreUpgradeCheck < Abstract
     upgrade_metadata do
-      description 'Checks before upgrading to Satellite 7.0'
+      description 'Checks before upgrading to Satellite 6.11'
       tags :pre_upgrade_checks
       run_strategy :fail_slow
     end
@@ -29,25 +29,26 @@ module Scenarios::Satellite_7_0
       add_steps(find_checks(:pre_upgrade))
 
       add_step(Checks::Foreman::CheckpointSegments)
-      add_step(Checks::Repositories::Validate.new(:version => '7.0'))
+      add_step(Checks::Repositories::Validate.new(:version => '6.11'))
     end
   end
 
   class PreMigrations < Abstract
     upgrade_metadata do
-      description 'Procedures before migrating to Satellite 7.0'
+      description 'Procedures before migrating to Satellite 6.11'
       tags :pre_migrations
     end
 
     def compose
       add_steps(find_procedures(:pre_migrations))
+      add_step(Procedures::Pulp::Remove.new(:assumeyes => true))
       add_step(Procedures::Service::Stop.new)
     end
   end
 
   class Migrations < Abstract
     upgrade_metadata do
-      description 'Migration scripts to Satellite 7.0'
+      description 'Migration scripts to Satellite 6.11'
       tags :migrations
       run_strategy :fail_fast
     end
@@ -57,7 +58,7 @@ module Scenarios::Satellite_7_0
     end
 
     def compose
-      add_step(Procedures::Repositories::Setup.new(:version => '7.0'))
+      add_step(Procedures::Repositories::Setup.new(:version => '6.11'))
       add_step(Procedures::Packages::UnlockVersions.new)
       add_step(Procedures::Packages::Update.new(:assumeyes => true))
       add_step_with_context(Procedures::Installer::Upgrade)
@@ -67,7 +68,7 @@ module Scenarios::Satellite_7_0
 
   class PostMigrations < Abstract
     upgrade_metadata do
-      description 'Procedures after migrating to Satellite 7.0'
+      description 'Procedures after migrating to Satellite 6.11'
       tags :post_migrations
     end
 
@@ -80,7 +81,7 @@ module Scenarios::Satellite_7_0
 
   class PostUpgradeChecks < Abstract
     upgrade_metadata do
-      description 'Checks after upgrading to Satellite 7.0'
+      description 'Checks after upgrading to Satellite 6.11'
       tags :post_upgrade_checks
       run_strategy :fail_slow
     end

data/definitions/scenarios/{upgrade_to_satellite_7_0_z.rb → upgrade_to_satellite_6_11_z.rb}

@@ -1,25 +1,25 @@
-module Scenarios::Satellite_7_0_z
+module Scenarios::Satellite_6_11_z
   class Abstract < ForemanMaintain::Scenario
     def self.upgrade_metadata(&block)
       metadata do
         tags :upgrade_scenario
         confine do
           feature(:satellite) &&
-            (feature(:satellite).current_minor_version == '7.0' || \
-            ForemanMaintain.upgrade_in_progress == '7.0.z')
+            (feature(:satellite).current_minor_version == '6.11' || \
+            ForemanMaintain.upgrade_in_progress == '6.11.z')
         end
         instance_eval(&block)
       end
     end
 
     def target_version
-      '7.0.z'
+      '6.11.z'
     end
   end
 
   class PreUpgradeCheck < Abstract
     upgrade_metadata do
-      description 'Checks before upgrading to Satellite 7.0.z'
+      description 'Checks before upgrading to Satellite 6.11.z'
       tags :pre_upgrade_checks
       run_strategy :fail_slow
     end
@@ -27,13 +27,13 @@ module Scenarios::Satellite_7_0_z
     def compose
       add_steps(find_checks(:default))
       add_steps(find_checks(:pre_upgrade))
-      add_step(Checks::Repositories::Validate.new(:version => '7.0'))
+      add_step(Checks::Repositories::Validate.new(:version => '6.11'))
     end
   end
 
   class PreMigrations < Abstract
     upgrade_metadata do
-      description 'Procedures before migrating to Satellite 7.0.z'
+      description 'Procedures before migrating to Satellite 6.11.z'
       tags :pre_migrations
     end
 
@@ -45,7 +45,7 @@ module Scenarios::Satellite_7_0_z
 
   class Migrations < Abstract
     upgrade_metadata do
-      description 'Migration scripts to Satellite 7.0.z'
+      description 'Migration scripts to Satellite 6.11.z'
       tags :migrations
     end
 
@@ -54,7 +54,7 @@ module Scenarios::Satellite_7_0_z
     end
 
     def compose
-      add_step(Procedures::Repositories::Setup.new(:version => '7.0'))
+      add_step(Procedures::Repositories::Setup.new(:version => '6.11'))
       add_step(Procedures::Packages::UnlockVersions.new)
       add_step(Procedures::Packages::Update.new(:assumeyes => true))
       add_step_with_context(Procedures::Installer::Upgrade)
@@ -64,7 +64,7 @@ module Scenarios::Satellite_7_0_z
 
   class PostMigrations < Abstract
     upgrade_metadata do
-      description 'Procedures after migrating to Satellite 7.0.z'
+      description 'Procedures after migrating to Satellite 6.11.z'
       tags :post_migrations
     end
 
@@ -77,7 +77,7 @@ module Scenarios::Satellite_7_0_z
 
   class PostUpgradeChecks < Abstract
     upgrade_metadata do
-      description 'Checks after upgrading to Satellite 7.0.z'
+      description 'Checks after upgrading to Satellite 6.11.z'
       tags :post_upgrade_checks
       run_strategy :fail_slow
     end

data/lib/foreman_maintain/cli/content_command.rb

@@ -54,6 +54,16 @@ module ForemanMaintain
           )
         end
       end
+
+      subcommand 'fix-pulpcore-artifact-ownership',
+                 'Update filesystem ownership for Pulpcore artifacts' do
+        interactive_option(%w[assumeyes plaintext])
+        def execute
+          run_scenarios_and_exit(
+            Scenarios::Content::FixPulpcoreArtifactOwnership.new(:assumeyes => assumeyes?)
+          )
+        end
+      end
     end
   end
 end

data/lib/foreman_maintain/cli/self_upgrade_command.rb

@@ -3,7 +3,7 @@ module ForemanMaintain
     class SelfUpgradeCommand < Base
       option ['--target-version'], 'TARGET_VERSION',\
              'Major version of the Satellite or Capsule'\
-           	', e.g 7.0', :required => true
+             ', e.g 6.11', :required => true
       def execute
         allow_major_version_upgrade_only
         run_scenario(upgrade_scenario, upgrade_rescue_scenario)
@@ -29,7 +29,8 @@ module ForemanMaintain
         end
         if current_downstream_version >= next_version
           message = "The target-version #{target_version} should be "\
-                    "greater than existing version #{current_downstream_version}!"
+                    "greater than existing version #{current_downstream_version},"\
+                    "\nand self-upgrade should be used for major version upgrades only!"
           raise Error::UsageError, message
         end
       end

data/lib/foreman_maintain/concerns/downstream.rb

@@ -116,7 +116,7 @@ module ForemanMaintain
       end
 
       def common_repos(full_version)
-        sat_maint_version = if version(full_version) >= version('7.0') && !use_beta_repos?
+        sat_maint_version = if version(full_version) >= version('6.11') && !use_beta_repos?
                               full_version
                             else
                               full_version[0]

data/lib/foreman_maintain/concerns/firewall/iptables_maintenance_mode.rb

@@ -0,0 +1,28 @@
+module ForemanMaintain
+  module Concerns
+    module Firewall
+      module IptablesMaintenanceMode
+        def disable_maintenance_mode
+          remove_chain(custom_chain_name)
+        end
+
+        def enable_maintenance_mode
+          add_chain(custom_chain_name,
+                    ['-i lo -j ACCEPT', '-p tcp --dport 443 -j REJECT'])
+        end
+
+        def maintenance_mode_status?
+          chain_exist?(custom_chain_name)
+        end
+
+        def status_for_maintenance_mode
+          if maintenance_mode_status?
+            ['Iptables chain: present', []]
+          else
+            ['Iptables chain: absent', []]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/foreman_maintain/concerns/firewall/nftables_maintenance_mode.rb

@@ -0,0 +1,39 @@
+module ForemanMaintain
+  module Concerns
+    module Firewall
+      module NftablesMaintenanceMode
+        def disable_maintenance_mode
+          delete_table if table_exist?
+        end
+
+        def enable_maintenance_mode
+          unless table_exist?
+            add_table
+            add_chain(:chain_options => nftables_chain_options)
+            add_rule(rule: nftables_rule)
+          end
+        end
+
+        def maintenance_mode_status?
+          table_exist?
+        end
+
+        def nftables_chain_options
+          '{type filter hook input priority 0\\;}'
+        end
+
+        def nftables_rule
+          'tcp dport https reject'
+        end
+
+        def status_for_maintenance_mode
+          if table_exist?
+            ['Nftables table: present', []]
+          else
+            ['Nftables table: absent', []]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/foreman_maintain/version.rb

@@ -1,3 +1,3 @@
 module ForemanMaintain
-  VERSION = '1.0.3'.freeze
+  VERSION = '1.0.6'.freeze
 end

data/lib/foreman_maintain.rb

@@ -24,6 +24,8 @@ module ForemanMaintain
   require 'foreman_maintain/concerns/downstream'
   require 'foreman_maintain/concerns/primary_checks'
   require 'foreman_maintain/concerns/pulp_common'
+  require 'foreman_maintain/concerns/firewall/iptables_maintenance_mode'
+  require 'foreman_maintain/concerns/firewall/nftables_maintenance_mode'
   require 'foreman_maintain/top_level_modules'
   require 'foreman_maintain/yaml_storage'
   require 'foreman_maintain/config'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_maintain
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 1.0.6
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-09 00:00:00.000000000 Z
+date: 2022-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: clamp
@@ -206,6 +206,7 @@ files:
 - definitions/features/iptables.rb
 - definitions/features/katello.rb
 - definitions/features/mongo.rb
+- definitions/features/nftables.rb
 - definitions/features/pulp2.rb
 - definitions/features/pulpcore.rb
 - definitions/features/pulpcore_database.rb
@@ -244,6 +245,7 @@ files:
 - definitions/procedures/backup/snapshot/mount_pulpcore_db.rb
 - definitions/procedures/backup/snapshot/prepare_mount.rb
 - definitions/procedures/candlepin/delete_orphaned_records_from_env_content.rb
+- definitions/procedures/content/fix_pulpcore_artifact_permissions.rb
 - definitions/procedures/content/migration_reset.rb
 - definitions/procedures/content/migration_stats.rb
 - definitions/procedures/content/prepare.rb
@@ -267,9 +269,9 @@ files:
 - definitions/procedures/installer/run.rb
 - definitions/procedures/installer/upgrade.rb
 - definitions/procedures/installer/upgrade_rake_task.rb
-- definitions/procedures/iptables/add_maintenance_mode_chain.rb
-- definitions/procedures/iptables/remove_maintenance_mode_chain.rb
 - definitions/procedures/knowledge_base_article.rb
+- definitions/procedures/maintenance_mode/disable_maintenance_mode.rb
+- definitions/procedures/maintenance_mode/enable_maintenance_mode.rb
 - definitions/procedures/maintenance_mode/is_enabled.rb
 - definitions/procedures/packages/check_update.rb
 - definitions/procedures/packages/enable_version_locking.rb
@@ -332,14 +334,16 @@ files:
 - definitions/scenarios/services.rb
 - definitions/scenarios/upgrade_to_capsule_6_10.rb
 - definitions/scenarios/upgrade_to_capsule_6_10_z.rb
+- definitions/scenarios/upgrade_to_capsule_6_11.rb
+- definitions/scenarios/upgrade_to_capsule_6_11_z.rb
 - definitions/scenarios/upgrade_to_capsule_6_8.rb
 - definitions/scenarios/upgrade_to_capsule_6_8_z.rb
 - definitions/scenarios/upgrade_to_capsule_6_9.rb
 - definitions/scenarios/upgrade_to_capsule_6_9_z.rb
-- definitions/scenarios/upgrade_to_capsule_7_0.rb
-- definitions/scenarios/upgrade_to_capsule_7_0_z.rb
 - definitions/scenarios/upgrade_to_satellite_6_10.rb
 - definitions/scenarios/upgrade_to_satellite_6_10_z.rb
+- definitions/scenarios/upgrade_to_satellite_6_11.rb
+- definitions/scenarios/upgrade_to_satellite_6_11_z.rb
 - definitions/scenarios/upgrade_to_satellite_6_2.rb
 - definitions/scenarios/upgrade_to_satellite_6_2_z.rb
 - definitions/scenarios/upgrade_to_satellite_6_3.rb
@@ -356,8 +360,6 @@ files:
 - definitions/scenarios/upgrade_to_satellite_6_8_z.rb
 - definitions/scenarios/upgrade_to_satellite_6_9.rb
 - definitions/scenarios/upgrade_to_satellite_6_9_z.rb
-- definitions/scenarios/upgrade_to_satellite_7_0.rb
-- definitions/scenarios/upgrade_to_satellite_7_0_z.rb
 - extras/foreman-maintain.sh
 - extras/foreman_protector/foreman-protector.conf
 - extras/foreman_protector/foreman-protector.py
@@ -389,6 +391,8 @@ files:
 - lib/foreman_maintain/concerns/directory_marker.rb
 - lib/foreman_maintain/concerns/downstream.rb
 - lib/foreman_maintain/concerns/finders.rb
+- lib/foreman_maintain/concerns/firewall/iptables_maintenance_mode.rb
+- lib/foreman_maintain/concerns/firewall/nftables_maintenance_mode.rb
 - lib/foreman_maintain/concerns/hammer.rb
 - lib/foreman_maintain/concerns/logger.rb
 - lib/foreman_maintain/concerns/metadata.rb

data/definitions/procedures/iptables/add_maintenance_mode_chain.rb

@@ -1,15 +0,0 @@
-module Procedures::Iptables
-  class AddMaintenanceModeChain < ForemanMaintain::Procedure
-    metadata do
-      label :iptables_add_maintenance_mode_chain
-      for_feature :iptables
-      description 'Add maintenance_mode chain to iptables'
-      tags :pre_migrations, :maintenance_mode_on
-      after :sync_plans_disable
-    end
-
-    def run
-      feature(:iptables).add_maintenance_mode_chain
-    end
-  end
-end

data/definitions/procedures/iptables/remove_maintenance_mode_chain.rb

@@ -1,15 +0,0 @@
-module Procedures::Iptables
-  class RemoveMaintenanceModeChain < ForemanMaintain::Procedure
-    metadata do
-      label :iptables_remove_maintenance_mode_chain
-      for_feature :iptables
-      description 'Remove maintenance_mode chain from iptables'
-      tags :post_migrations, :maintenance_mode_off
-      after :sync_plans_enable
-    end
-
-    def run
-      feature(:iptables).remove_maintenance_mode_chain
-    end
-  end
-end