RubyGems - foreman_maintain - Versions diffs - 1.0.7 → 1.0.10 - Mend

foreman_maintain 1.0.7 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1db04c176ed0a5d5293dd9980db6c05e7f2c29c43f7da63d622e917c692d49ce
-  data.tar.gz: 2d41a5d195c217f7c7764b2543ed43ec3bacfac1339aad2162431052286775ca
+  metadata.gz: 6f3b029d12907c373c22b065792200ff3c8087051d1d3573da149124c4a7b9d4
+  data.tar.gz: d70220606c7f0c5af7ea9115b16d5f9cb248765f2420f01f72482031495dc980
 SHA512:
-  metadata.gz: d321a63d2e313db2694dbd70c138c498c829843b5ac891d33e91969a682494f94971b1411dbe81228f1e049bfb35b3a3ba2dc9c59d08629aa4297baff20210ad
-  data.tar.gz: a53ce7c727dbbf92d7257e7024587ba33a1e7db9b27c17fccf5e3ecc9ede63173bdcbcef2cd7f51173a3d88df661b6dd2e0f68fab05ea0983b8f657e9f02beae
+  metadata.gz: 657e8536192d1fa4ac0a9ec16161a1ce128e9747a827ea4d87869049f35d1cae8683a691efd3ab629b82fdc3ca1251153768cf208444daa412780061f0fb0862
+  data.tar.gz: '039b4a5cb9389ca78a2497f05e14bfb2ee9e7f1f4298025ee254cbbc02f4317f4bdfe9a5e71722e6bfb75e4b6679d3473fe7d080d9f55d811fe1d554549b2da1'

data/definitions/checks/package_manager/yum/validate_yum_config.rb CHANGED Viewed

@@ -41,9 +41,7 @@ module Checks::PackageManager
       def yum_config_options
         @yum_config_options ||= {
-          'exclude' => '^exclude\s*=\s*\S+.*$',
-          'clean_requirements_on_remove' =>
-            '^clean_requirements_on_remove\s*=\S*(1|yes|true)$'
+          'exclude' => '^exclude\s*=\s*\S+.*$'
         }
       end
     end

data/definitions/features/installer.rb CHANGED Viewed

@@ -64,7 +64,9 @@ class Features::Installer < ForemanMaintain::Feature
   def config_files
     Dir.glob(File.join(config_directory, '**/*')) +
       [
-        '/usr/local/bin/validate_postgresql_connection.sh'
+        '/usr/local/bin/validate_postgresql_connection.sh',
+        '/opt/puppetlabs/puppet/cache/foreman_cache_data',
+        '/opt/puppetlabs/puppet/cache/pulpcore_cache_data'
       ]
   end

data/definitions/features/nftables.rb CHANGED Viewed

@@ -25,12 +25,14 @@ class Features::Nftables < ForemanMaintain::Feature
     execute!("nft add chain #{family} #{table} #{chain} #{chain_options}")
   end
-  def add_rule(options = {})
+  def add_rules(options = {})
     family = options.fetch(:family, ip_family)
     table = options.fetch(:table, table_name)
     chain = options.fetch(:chain, chain_name)
-    rule = options.fetch(:rule) # needs validation
-    execute!("nft add rule #{family} #{table} #{chain} #{rule}")
+    rules = options.fetch(:rules) # needs validation
+    rules.each do |rule|
+      execute!("nft add rule #{family} #{table} #{chain} #{rule}")
+    end
   end
   def table_exist?(name = table_name)

data/definitions/features/puppet_server.rb CHANGED Viewed

@@ -11,8 +11,6 @@ class Features::PuppetServer < ForemanMaintain::Feature
     [
       '/etc/puppet',
       '/etc/puppetlabs',
-      '/opt/puppetlabs/puppet/cache/foreman_cache_data',
-      '/var/lib/puppet/foreman_cache_data',
       '/opt/puppetlabs/puppet/ssl/',
       '/var/lib/puppet/ssl',
       '/var/lib/puppet',

data/definitions/procedures/content/prepare.rb CHANGED Viewed

@@ -4,6 +4,7 @@ module Procedures::Content
       description 'Prepare content for Pulp 3'
       for_feature :pulpcore
       param :quiet, 'Keep the output on a single line', :flag => true, :default => false
+      do_not_whitelist
     end
     def run

data/definitions/procedures/content/switchover.rb CHANGED Viewed

@@ -9,6 +9,7 @@ module Procedures::Content
       end
       param :skip_deb, 'Do not run debian options in installer.'
+      do_not_whitelist
     end
     def run

data/definitions/procedures/packages/lock_versions.rb CHANGED Viewed

@@ -2,7 +2,9 @@ module Procedures::Packages
   class LockVersions < ForemanMaintain::Procedure
     metadata do
       description 'Lock packages'
-      preparation_steps { [Checks::VersionLockingEnabled.new] }
+      confine do
+        package_manager.version_locking_supported?
+      end
     end
     def run

data/definitions/procedures/packages/locking_status.rb CHANGED Viewed

@@ -2,7 +2,9 @@ module Procedures::Packages
   class LockingStatus < ForemanMaintain::Procedure
     metadata do
       description 'Check status of version locking of packages'
-      preparation_steps { [Checks::VersionLockingEnabled.new] }
+      confine do
+        package_manager.version_locking_supported?
+      end
     end
     def run

data/definitions/procedures/packages/unlock_versions.rb CHANGED Viewed

@@ -2,7 +2,9 @@ module Procedures::Packages
   class UnlockVersions < ForemanMaintain::Procedure
     metadata do
       description 'Unlock packages'
-      preparation_steps { [Checks::VersionLockingEnabled.new] }
+      confine do
+        package_manager.version_locking_supported?
+      end
     end
     def run

data/definitions/procedures/restore/candlepin_reset_migrations.rb ADDED Viewed

@@ -0,0 +1,14 @@
+module Procedures::Restore
+  class CandlepinResetMigrations < ForemanMaintain::Procedure
+    metadata do
+      description 'Ensure Candlepin runs all migrations after restoring the database'
+      confine do
+        feature(:candlepin_database)
+      end
+    end
+    def run
+      FileUtils.rm_f('/var/lib/candlepin/.puppet-candlepin-rpm-version')
+    end
+  end
+end

data/definitions/scenarios/restore.rb CHANGED Viewed

@@ -46,7 +46,8 @@ module ForemanMaintain::Scenarios
       end
       restore_mongo_dump(backup)
       add_steps_with_context(Procedures::Pulp::Migrate,
-                             Procedures::Pulpcore::Migrate)
+                             Procedures::Pulpcore::Migrate,
+                             Procedures::Restore::CandlepinResetMigrations)
       add_steps_with_context(Procedures::Restore::RegenerateQueues) if backup.online_backup?
       add_steps_with_context(Procedures::Service::Start,

data/definitions/scenarios/self_upgrade.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 module ForemanMaintain::Scenarios
   class SelfUpgradeBase < ForemanMaintain::Scenario
+    include ForemanMaintain::Concerns::Downstream
     def enabled_system_repos_id
       repository_manager.enabled_repos.keys
     end
@@ -67,7 +68,10 @@ module ForemanMaintain::Scenarios
     def repos_ids_to_reenable
       repos_ids_to_reenable = stored_enabled_repos_ids - all_maintenance_repos
-      repos_ids_to_reenable << maintenance_repo(maintenance_repo_version)
+      if use_rhsm?
+        repos_ids_to_reenable << maintenance_repo(maintenance_repo_version)
+      end
+      repos_ids_to_reenable
     end
     def use_rhsm?
@@ -79,6 +83,10 @@ module ForemanMaintain::Scenarios
       true
     end
+    def req_repos_to_update_pkgs
+      main_rh_repos + [maintenance_repo_id(target_version)]
+    end
   end
   class SelfUpgrade < SelfUpgradeBase
@@ -94,9 +102,10 @@ module ForemanMaintain::Scenarios
         pkgs_to_update = %w[satellite-maintain rubygem-foreman_maintain]
         add_step(Procedures::Repositories::BackupEnabledRepos.new)
         disable_repos
-        add_step(Procedures::Repositories::Enable.new(repos: [maintenance_repo_id(target_version)],
+        add_step(Procedures::Repositories::Enable.new(repos: req_repos_to_update_pkgs,
                                                       use_rhsm: use_rhsm?))
         add_step(Procedures::Packages::Update.new(packages: pkgs_to_update, assumeyes: true))
+        disable_repos('*')
         enable_repos(repos_ids_to_reenable)
       end
     end
@@ -113,6 +122,7 @@ module ForemanMaintain::Scenarios
     def compose
       if check_min_version('foreman', '2.5') || check_min_version('foreman-proxy', '2.5')
+        disable_repos('*')
         enable_repos(repos_ids_to_reenable)
       end
     end

data/extras/foreman_protector/dnf/foreman-protector.py ADDED Viewed

@@ -0,0 +1,77 @@
+import dnf
+import dnf.exceptions
+from dnfpluginscore import _, logger
+import configparser
+class ForemanProtector(dnf.Plugin):
+    name = 'foreman-protector'
+    config_name = 'foreman-protector'
+    def __init__(self,base,cli):
+        self.base = base
+        self.cli = cli
+    def _get_whitelist_file_url(self):
+        try:
+             parser = self.read_config(self.base.conf)
+        except Exception as e:
+            raise dnf.exceptions.Error(_("Parsing file failed: {}").format(str(e)))
+        if parser.has_section('main'):
+            fileurl = parser.get('main', 'whitelist')
+        else:
+            raise dnf.exceptions.Error(_('Incorrect plugin configuration!'))
+        return fileurl
+    def _load_whitelist(self):
+        fileurl = self._get_whitelist_file_url()
+        package_whitelist = set()
+        try:
+            if fileurl:
+                llfile = open(fileurl, 'r')
+                for line in llfile.readlines():
+                    if line.startswith('#') or line.strip() == '':
+                        continue
+                    package_whitelist.add(line.rstrip())
+                llfile.close()
+        except IOError as e:
+            raise dnf.exceptions.Error('Unable to read Foreman protector"s configuration: %s' % e)
+        return package_whitelist
+    def _add_obsoletes(self):
+        package_whitelist = self._load_whitelist()
+        final_query = self.base.sack.query()
+        if package_whitelist:
+        #  If anything obsoletes something that we have whitelisted ... then
+        # whitelist that too.
+            whitelist_query = self.base.sack.query().filterm(name=package_whitelist)
+            obsoletes_query = self.base.sack.query().filterm(obsoletes=list(whitelist_query))
+            final_query = whitelist_query.union(obsoletes_query)
+        return final_query
+    def sack(self):
+        whitelist_and_obsoletes = self._add_obsoletes()
+        all_available_packages = self.base.sack.query().available()
+        excluded_pkgs_query = all_available_packages.difference(whitelist_and_obsoletes)
+        total = len(excluded_pkgs_query)
+        logger.info(_('Reading Foreman protector configuration'))
+        self.base.sack.add_excludes(excluded_pkgs_query)
+        logger.info(_('*** Excluded total: %s' % total))
+        if total:
+            if total > 1:
+                suffix = 's'
+            else:
+                suffix = ''
+            logger.info(_('\n'
+                            'WARNING: Excluding %d package%s due to foreman-protector. \n'
+                            'Use foreman-maintain packages install/update <package> \n'
+                            'to safely install packages without restrictions.\n'
+                            'Use foreman-maintain upgrade run for full upgrade.\n'
+                            % (total, suffix)))
+        else:
+            logger.info(_('\n'
+                            'Nothing excluded by foreman-protector!\n'))

data/extras/foreman_protector/foreman-protector.whitelist CHANGED Viewed

@@ -17,5 +17,8 @@ boost-random
 boost-iostreams
 boost-thread
 yum-utils
+# el8 yum-utils dependencies
+dnf-plugins-core
+python3-dnf-plugins-core
 # foreman-maintain
 rubygem-foreman_maintain

data/extras/foreman_protector/{foreman-protector.py → yum/foreman-protector.py} RENAMED Viewed

File without changes

data/lib/foreman_maintain/concerns/firewall/nftables_maintenance_mode.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module ForemanMaintain
           unless table_exist?
             add_table
             add_chain(:chain_options => nftables_chain_options)
-            add_rule(rule: nftables_rule)
+            add_rules(rules: nftables_rules)
           end
         end
@@ -22,8 +22,8 @@ module ForemanMaintain
           '{type filter hook input priority 0\\;}'
         end
-        def nftables_rule
-          'tcp dport https reject'
+        def nftables_rules
+          ['iifname "lo" accept', 'tcp dport 443 reject']
         end
         def status_for_maintenance_mode

data/lib/foreman_maintain/concerns/metadata.rb CHANGED Viewed

@@ -100,6 +100,10 @@ module ForemanMaintain
           @data[:advanced_run] = advanced_run
         end
+        def do_not_whitelist
+          @data[:do_not_whitelist] = true
+        end
         def self.eval_dsl(metadata, &block)
           new(metadata).tap do |dsl|
             dsl.instance_eval(&block)

data/lib/foreman_maintain/package_manager/base.rb CHANGED Viewed

@@ -1,13 +1,8 @@
 module ForemanMaintain::PackageManager
   # rubocop:disable Lint/UnusedMethodArgument
   class Base
-    # check tools are installed and enabled
-    def version_locking_enabled?
-      raise NotImplementedError
-    end
-    # make sure the version locking tools are configured
-    def install_version_locking(assumeyes: false)
+    # confirms that Package Manager supports the locking mechanism
+    def version_locking_supported?
       raise NotImplementedError
     end

data/lib/foreman_maintain/package_manager/dnf.rb CHANGED Viewed

@@ -5,6 +5,10 @@ module ForemanMaintain::PackageManager
       super
     end
+    def version_locking_supported?
+      true
+    end
     private
     def dnf_action(action, packages, with_status: false, assumeyes: false)

data/lib/foreman_maintain/package_manager/yum.rb CHANGED Viewed

@@ -2,7 +2,6 @@ module ForemanMaintain::PackageManager
   class Yum < Base
     PROTECTOR_CONFIG_FILE = '/etc/yum/pluginconf.d/foreman-protector.conf'.freeze
     PROTECTOR_WHITELIST_FILE = '/etc/yum/pluginconf.d/foreman-protector.whitelist'.freeze
-    PROTECTOR_PLUGIN_FILE = '/usr/lib/yum-plugins/foreman-protector.py'.freeze
     def self.parse_envra(envra)
       # envra format: 0:foreman-1.20.1.10-1.el7sat.noarch
@@ -19,18 +18,17 @@ module ForemanMaintain::PackageManager
     end
     def versions_locked?
-      !!(protector_config =~ /^\s*enabled\s*=\s*1/)
+      !!(protector_config =~ /^\s*enabled\s*=\s*1/) &&
+        protector_whitelist_file_nonzero?
     end
-    def version_locking_enabled?
-      File.exist?(PROTECTOR_PLUGIN_FILE) && File.exist?(PROTECTOR_CONFIG_FILE) &&
-        File.exist?(PROTECTOR_WHITELIST_FILE)
+    def protector_whitelist_file_nonzero?
+      File.exist?(PROTECTOR_WHITELIST_FILE) &&
+        !File.zero?(PROTECTOR_WHITELIST_FILE)
     end
-    def install_version_locking(*)
-      install_extras('foreman_protector/foreman-protector.py', PROTECTOR_PLUGIN_FILE)
-      install_extras('foreman_protector/foreman-protector.conf', PROTECTOR_CONFIG_FILE)
-      install_extras('foreman_protector/foreman-protector.whitelist', PROTECTOR_WHITELIST_FILE)
+    def version_locking_supported?
+      true
     end
     def installed?(packages)
@@ -49,6 +47,10 @@ module ForemanMaintain::PackageManager
       yum_action('install', packages, :assumeyes => assumeyes)
     end
+    def reinstall(packages, assumeyes: false)
+      yum_action('reinstall', packages, :assumeyes => assumeyes)
+    end
     def remove(packages, assumeyes: false)
       yum_action('remove', packages, :assumeyes => assumeyes)
     end
@@ -129,14 +131,5 @@ module ForemanMaintain::PackageManager
                      :interactive => !assumeyes, :valid_exit_statuses => valid_exit_statuses)
       end
     end
-    def install_extras(src, dest, override: false)
-      extras_src = File.expand_path('../../../../extras', __FILE__)
-      if override ||
-         (File.directory?(dest) && !File.exist?(File.join(dest, src))) ||
-         !File.exist?(dest)
-        FileUtils.cp(File.join(extras_src, src), dest)
-      end
-    end
   end
 end

data/lib/foreman_maintain/reporter/cli_reporter.rb CHANGED Viewed

@@ -317,7 +317,11 @@ module ForemanMaintain
         steps_with_error = scenario.steps_with_error(:whitelisted => false)
         steps_with_skipped = scenario.steps_with_skipped(:whitelisted => true)
-        steps_to_whitelist = steps_with_error + steps_with_skipped
+        not_skippable_steps = scenario.steps_with_error.select do |step|
+          step.metadata[:do_not_whitelist] == true
+        end
+        steps_to_whitelist = steps_with_error + steps_with_skipped - not_skippable_steps
         unless steps_with_error.empty?
           message << format(<<-MESSAGE.strip_heredoc, format_steps(steps_with_error, "\n", 2))
           The following steps ended up in failing state:
@@ -325,11 +329,25 @@ module ForemanMaintain
           %s
           MESSAGE
           whitelist_labels = steps_to_whitelist.map(&:label_dashed).join(',')
-          recommend << format(<<-MESSAGE.strip_heredoc, whitelist_labels)
-          Resolve the failed steps and rerun
-          the command. In case the failures are false positives,
-          use --whitelist="%s"
-          MESSAGE
+          unless whitelist_labels.empty?
+            recommend << if scenario.detector.feature(:instance).downstream
+                           format(<<-MESSAGE.strip_heredoc, whitelist_labels)
+              Resolve the failed steps and rerun the command.
+              If the situation persists and, you are unclear what to do next,
+              contact Red Hat Technical Support.
+              In case the failures are false positives, use
+              --whitelist="%s"
+              MESSAGE
+                         else
+                           format(<<-MESSAGE.strip_heredoc, whitelist_labels)
+              Resolve the failed steps and rerun the command.
+              In case the failures are false positives, use
+              --whitelist="%s"
+              MESSAGE
+                         end
+          end
         end
         steps_with_warning = scenario.steps_with_warning(:whitelisted => false)

data/lib/foreman_maintain/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForemanMaintain
-  VERSION = '1.0.7'.freeze
+  VERSION = '1.0.10'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_maintain
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.10
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-04-06 00:00:00.000000000 Z
+date: 2022-05-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: clamp
@@ -184,7 +184,6 @@ files:
 - definitions/checks/server_ping.rb
 - definitions/checks/services_up.rb
 - definitions/checks/system_registration.rb
-- definitions/checks/version_locking_enabled.rb
 - definitions/features/apache.rb
 - definitions/features/candlepin.rb
 - definitions/features/candlepin_database.rb
@@ -274,7 +273,6 @@ files:
 - definitions/procedures/maintenance_mode/enable_maintenance_mode.rb
 - definitions/procedures/maintenance_mode/is_enabled.rb
 - definitions/procedures/packages/check_update.rb
-- definitions/procedures/packages/enable_version_locking.rb
 - definitions/procedures/packages/install.rb
 - definitions/procedures/packages/installer_confirmation.rb
 - definitions/procedures/packages/lock_versions.rb
@@ -299,6 +297,7 @@ files:
 - definitions/procedures/repositories/enable.rb
 - definitions/procedures/repositories/setup.rb
 - definitions/procedures/restore/candlepin_dump.rb
+- definitions/procedures/restore/candlepin_reset_migrations.rb
 - definitions/procedures/restore/configs.rb
 - definitions/procedures/restore/confirmation.rb
 - definitions/procedures/restore/drop_databases.rb
@@ -361,9 +360,10 @@ files:
 - definitions/scenarios/upgrade_to_satellite_6_9.rb
 - definitions/scenarios/upgrade_to_satellite_6_9_z.rb
 - extras/foreman-maintain.sh
+- extras/foreman_protector/dnf/foreman-protector.py
 - extras/foreman_protector/foreman-protector.conf
-- extras/foreman_protector/foreman-protector.py
 - extras/foreman_protector/foreman-protector.whitelist
+- extras/foreman_protector/yum/foreman-protector.py
 - extras/passenger-recycler.cron
 - lib/foreman_maintain.rb
 - lib/foreman_maintain/check.rb

data/definitions/checks/version_locking_enabled.rb DELETED Viewed

@@ -1,14 +0,0 @@
-module Checks
-  class VersionLockingEnabled < ForemanMaintain::Check
-    metadata do
-      description 'Check if tooling for package locking is installed'
-    end
-    def run
-      enabled = package_manager.version_locking_enabled?
-      enable_locking = Procedures::Packages::EnableVersionLocking.new(:assumeyes => assumeyes?)
-      assert(enabled, 'Tools for package version locking are not available on this system',
-             :next_steps => enable_locking)
-    end
-  end
-end

data/definitions/procedures/packages/enable_version_locking.rb DELETED Viewed

@@ -1,12 +0,0 @@
-module Procedures::Packages
-  class EnableVersionLocking < ForemanMaintain::Procedure
-    metadata do
-      description 'Install and configure tools for version locking'
-      param :assumeyes, 'Do not ask for confirmation'
-    end
-    def run
-      package_manager.install_version_locking(:assumeyes => @assumeyes)
-    end
-  end
-end