foreman_maintain 1.0.7 → 1.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1db04c176ed0a5d5293dd9980db6c05e7f2c29c43f7da63d622e917c692d49ce
4
- data.tar.gz: 2d41a5d195c217f7c7764b2543ed43ec3bacfac1339aad2162431052286775ca
3
+ metadata.gz: 6f3b029d12907c373c22b065792200ff3c8087051d1d3573da149124c4a7b9d4
4
+ data.tar.gz: d70220606c7f0c5af7ea9115b16d5f9cb248765f2420f01f72482031495dc980
5
5
  SHA512:
6
- metadata.gz: d321a63d2e313db2694dbd70c138c498c829843b5ac891d33e91969a682494f94971b1411dbe81228f1e049bfb35b3a3ba2dc9c59d08629aa4297baff20210ad
7
- data.tar.gz: a53ce7c727dbbf92d7257e7024587ba33a1e7db9b27c17fccf5e3ecc9ede63173bdcbcef2cd7f51173a3d88df661b6dd2e0f68fab05ea0983b8f657e9f02beae
6
+ metadata.gz: 657e8536192d1fa4ac0a9ec16161a1ce128e9747a827ea4d87869049f35d1cae8683a691efd3ab629b82fdc3ca1251153768cf208444daa412780061f0fb0862
7
+ data.tar.gz: '039b4a5cb9389ca78a2497f05e14bfb2ee9e7f1f4298025ee254cbbc02f4317f4bdfe9a5e71722e6bfb75e4b6679d3473fe7d080d9f55d811fe1d554549b2da1'
@@ -41,9 +41,7 @@ module Checks::PackageManager
41
41
 
42
42
  def yum_config_options
43
43
  @yum_config_options ||= {
44
- 'exclude' => '^exclude\s*=\s*\S+.*$',
45
- 'clean_requirements_on_remove' =>
46
- '^clean_requirements_on_remove\s*=\S*(1|yes|true)$'
44
+ 'exclude' => '^exclude\s*=\s*\S+.*$'
47
45
  }
48
46
  end
49
47
  end
@@ -64,7 +64,9 @@ class Features::Installer < ForemanMaintain::Feature
64
64
  def config_files
65
65
  Dir.glob(File.join(config_directory, '**/*')) +
66
66
  [
67
- '/usr/local/bin/validate_postgresql_connection.sh'
67
+ '/usr/local/bin/validate_postgresql_connection.sh',
68
+ '/opt/puppetlabs/puppet/cache/foreman_cache_data',
69
+ '/opt/puppetlabs/puppet/cache/pulpcore_cache_data'
68
70
  ]
69
71
  end
70
72
 
@@ -25,12 +25,14 @@ class Features::Nftables < ForemanMaintain::Feature
25
25
  execute!("nft add chain #{family} #{table} #{chain} #{chain_options}")
26
26
  end
27
27
 
28
- def add_rule(options = {})
28
+ def add_rules(options = {})
29
29
  family = options.fetch(:family, ip_family)
30
30
  table = options.fetch(:table, table_name)
31
31
  chain = options.fetch(:chain, chain_name)
32
- rule = options.fetch(:rule) # needs validation
33
- execute!("nft add rule #{family} #{table} #{chain} #{rule}")
32
+ rules = options.fetch(:rules) # needs validation
33
+ rules.each do |rule|
34
+ execute!("nft add rule #{family} #{table} #{chain} #{rule}")
35
+ end
34
36
  end
35
37
 
36
38
  def table_exist?(name = table_name)
@@ -11,8 +11,6 @@ class Features::PuppetServer < ForemanMaintain::Feature
11
11
  [
12
12
  '/etc/puppet',
13
13
  '/etc/puppetlabs',
14
- '/opt/puppetlabs/puppet/cache/foreman_cache_data',
15
- '/var/lib/puppet/foreman_cache_data',
16
14
  '/opt/puppetlabs/puppet/ssl/',
17
15
  '/var/lib/puppet/ssl',
18
16
  '/var/lib/puppet',
@@ -4,6 +4,7 @@ module Procedures::Content
4
4
  description 'Prepare content for Pulp 3'
5
5
  for_feature :pulpcore
6
6
  param :quiet, 'Keep the output on a single line', :flag => true, :default => false
7
+ do_not_whitelist
7
8
  end
8
9
 
9
10
  def run
@@ -9,6 +9,7 @@ module Procedures::Content
9
9
  end
10
10
 
11
11
  param :skip_deb, 'Do not run debian options in installer.'
12
+ do_not_whitelist
12
13
  end
13
14
 
14
15
  def run
@@ -2,7 +2,9 @@ module Procedures::Packages
2
2
  class LockVersions < ForemanMaintain::Procedure
3
3
  metadata do
4
4
  description 'Lock packages'
5
- preparation_steps { [Checks::VersionLockingEnabled.new] }
5
+ confine do
6
+ package_manager.version_locking_supported?
7
+ end
6
8
  end
7
9
 
8
10
  def run
@@ -2,7 +2,9 @@ module Procedures::Packages
2
2
  class LockingStatus < ForemanMaintain::Procedure
3
3
  metadata do
4
4
  description 'Check status of version locking of packages'
5
- preparation_steps { [Checks::VersionLockingEnabled.new] }
5
+ confine do
6
+ package_manager.version_locking_supported?
7
+ end
6
8
  end
7
9
 
8
10
  def run
@@ -2,7 +2,9 @@ module Procedures::Packages
2
2
  class UnlockVersions < ForemanMaintain::Procedure
3
3
  metadata do
4
4
  description 'Unlock packages'
5
- preparation_steps { [Checks::VersionLockingEnabled.new] }
5
+ confine do
6
+ package_manager.version_locking_supported?
7
+ end
6
8
  end
7
9
 
8
10
  def run
@@ -0,0 +1,14 @@
1
+ module Procedures::Restore
2
+ class CandlepinResetMigrations < ForemanMaintain::Procedure
3
+ metadata do
4
+ description 'Ensure Candlepin runs all migrations after restoring the database'
5
+ confine do
6
+ feature(:candlepin_database)
7
+ end
8
+ end
9
+
10
+ def run
11
+ FileUtils.rm_f('/var/lib/candlepin/.puppet-candlepin-rpm-version')
12
+ end
13
+ end
14
+ end
@@ -46,7 +46,8 @@ module ForemanMaintain::Scenarios
46
46
  end
47
47
  restore_mongo_dump(backup)
48
48
  add_steps_with_context(Procedures::Pulp::Migrate,
49
- Procedures::Pulpcore::Migrate)
49
+ Procedures::Pulpcore::Migrate,
50
+ Procedures::Restore::CandlepinResetMigrations)
50
51
 
51
52
  add_steps_with_context(Procedures::Restore::RegenerateQueues) if backup.online_backup?
52
53
  add_steps_with_context(Procedures::Service::Start,
@@ -1,5 +1,6 @@
1
1
  module ForemanMaintain::Scenarios
2
2
  class SelfUpgradeBase < ForemanMaintain::Scenario
3
+ include ForemanMaintain::Concerns::Downstream
3
4
  def enabled_system_repos_id
4
5
  repository_manager.enabled_repos.keys
5
6
  end
@@ -67,7 +68,10 @@ module ForemanMaintain::Scenarios
67
68
 
68
69
  def repos_ids_to_reenable
69
70
  repos_ids_to_reenable = stored_enabled_repos_ids - all_maintenance_repos
70
- repos_ids_to_reenable << maintenance_repo(maintenance_repo_version)
71
+ if use_rhsm?
72
+ repos_ids_to_reenable << maintenance_repo(maintenance_repo_version)
73
+ end
74
+ repos_ids_to_reenable
71
75
  end
72
76
 
73
77
  def use_rhsm?
@@ -79,6 +83,10 @@ module ForemanMaintain::Scenarios
79
83
 
80
84
  true
81
85
  end
86
+
87
+ def req_repos_to_update_pkgs
88
+ main_rh_repos + [maintenance_repo_id(target_version)]
89
+ end
82
90
  end
83
91
 
84
92
  class SelfUpgrade < SelfUpgradeBase
@@ -94,9 +102,10 @@ module ForemanMaintain::Scenarios
94
102
  pkgs_to_update = %w[satellite-maintain rubygem-foreman_maintain]
95
103
  add_step(Procedures::Repositories::BackupEnabledRepos.new)
96
104
  disable_repos
97
- add_step(Procedures::Repositories::Enable.new(repos: [maintenance_repo_id(target_version)],
105
+ add_step(Procedures::Repositories::Enable.new(repos: req_repos_to_update_pkgs,
98
106
  use_rhsm: use_rhsm?))
99
107
  add_step(Procedures::Packages::Update.new(packages: pkgs_to_update, assumeyes: true))
108
+ disable_repos('*')
100
109
  enable_repos(repos_ids_to_reenable)
101
110
  end
102
111
  end
@@ -113,6 +122,7 @@ module ForemanMaintain::Scenarios
113
122
 
114
123
  def compose
115
124
  if check_min_version('foreman', '2.5') || check_min_version('foreman-proxy', '2.5')
125
+ disable_repos('*')
116
126
  enable_repos(repos_ids_to_reenable)
117
127
  end
118
128
  end
@@ -0,0 +1,77 @@
1
+ import dnf
2
+ import dnf.exceptions
3
+ from dnfpluginscore import _, logger
4
+
5
+ import configparser
6
+
7
+ class ForemanProtector(dnf.Plugin):
8
+ name = 'foreman-protector'
9
+ config_name = 'foreman-protector'
10
+
11
+ def __init__(self,base,cli):
12
+ self.base = base
13
+ self.cli = cli
14
+
15
+ def _get_whitelist_file_url(self):
16
+ try:
17
+ parser = self.read_config(self.base.conf)
18
+ except Exception as e:
19
+ raise dnf.exceptions.Error(_("Parsing file failed: {}").format(str(e)))
20
+
21
+ if parser.has_section('main'):
22
+ fileurl = parser.get('main', 'whitelist')
23
+ else:
24
+ raise dnf.exceptions.Error(_('Incorrect plugin configuration!'))
25
+ return fileurl
26
+
27
+ def _load_whitelist(self):
28
+ fileurl = self._get_whitelist_file_url()
29
+ package_whitelist = set()
30
+ try:
31
+ if fileurl:
32
+ llfile = open(fileurl, 'r')
33
+ for line in llfile.readlines():
34
+ if line.startswith('#') or line.strip() == '':
35
+ continue
36
+
37
+ package_whitelist.add(line.rstrip())
38
+ llfile.close()
39
+ except IOError as e:
40
+ raise dnf.exceptions.Error('Unable to read Foreman protector"s configuration: %s' % e)
41
+ return package_whitelist
42
+
43
+ def _add_obsoletes(self):
44
+ package_whitelist = self._load_whitelist()
45
+ final_query = self.base.sack.query()
46
+ if package_whitelist:
47
+ # If anything obsoletes something that we have whitelisted ... then
48
+ # whitelist that too.
49
+ whitelist_query = self.base.sack.query().filterm(name=package_whitelist)
50
+ obsoletes_query = self.base.sack.query().filterm(obsoletes=list(whitelist_query))
51
+
52
+ final_query = whitelist_query.union(obsoletes_query)
53
+ return final_query
54
+
55
+ def sack(self):
56
+ whitelist_and_obsoletes = self._add_obsoletes()
57
+ all_available_packages = self.base.sack.query().available()
58
+ excluded_pkgs_query = all_available_packages.difference(whitelist_and_obsoletes)
59
+ total = len(excluded_pkgs_query)
60
+ logger.info(_('Reading Foreman protector configuration'))
61
+ self.base.sack.add_excludes(excluded_pkgs_query)
62
+
63
+ logger.info(_('*** Excluded total: %s' % total))
64
+ if total:
65
+ if total > 1:
66
+ suffix = 's'
67
+ else:
68
+ suffix = ''
69
+ logger.info(_('\n'
70
+ 'WARNING: Excluding %d package%s due to foreman-protector. \n'
71
+ 'Use foreman-maintain packages install/update <package> \n'
72
+ 'to safely install packages without restrictions.\n'
73
+ 'Use foreman-maintain upgrade run for full upgrade.\n'
74
+ % (total, suffix)))
75
+ else:
76
+ logger.info(_('\n'
77
+ 'Nothing excluded by foreman-protector!\n'))
@@ -17,5 +17,8 @@ boost-random
17
17
  boost-iostreams
18
18
  boost-thread
19
19
  yum-utils
20
+ # el8 yum-utils dependencies
21
+ dnf-plugins-core
22
+ python3-dnf-plugins-core
20
23
  # foreman-maintain
21
24
  rubygem-foreman_maintain
@@ -10,7 +10,7 @@ module ForemanMaintain
10
10
  unless table_exist?
11
11
  add_table
12
12
  add_chain(:chain_options => nftables_chain_options)
13
- add_rule(rule: nftables_rule)
13
+ add_rules(rules: nftables_rules)
14
14
  end
15
15
  end
16
16
 
@@ -22,8 +22,8 @@ module ForemanMaintain
22
22
  '{type filter hook input priority 0\\;}'
23
23
  end
24
24
 
25
- def nftables_rule
26
- 'tcp dport https reject'
25
+ def nftables_rules
26
+ ['iifname "lo" accept', 'tcp dport 443 reject']
27
27
  end
28
28
 
29
29
  def status_for_maintenance_mode
@@ -100,6 +100,10 @@ module ForemanMaintain
100
100
  @data[:advanced_run] = advanced_run
101
101
  end
102
102
 
103
+ def do_not_whitelist
104
+ @data[:do_not_whitelist] = true
105
+ end
106
+
103
107
  def self.eval_dsl(metadata, &block)
104
108
  new(metadata).tap do |dsl|
105
109
  dsl.instance_eval(&block)
@@ -1,13 +1,8 @@
1
1
  module ForemanMaintain::PackageManager
2
2
  # rubocop:disable Lint/UnusedMethodArgument
3
3
  class Base
4
- # check tools are installed and enabled
5
- def version_locking_enabled?
6
- raise NotImplementedError
7
- end
8
-
9
- # make sure the version locking tools are configured
10
- def install_version_locking(assumeyes: false)
4
+ # confirms that Package Manager supports the locking mechanism
5
+ def version_locking_supported?
11
6
  raise NotImplementedError
12
7
  end
13
8
 
@@ -5,6 +5,10 @@ module ForemanMaintain::PackageManager
5
5
  super
6
6
  end
7
7
 
8
+ def version_locking_supported?
9
+ true
10
+ end
11
+
8
12
  private
9
13
 
10
14
  def dnf_action(action, packages, with_status: false, assumeyes: false)
@@ -2,7 +2,6 @@ module ForemanMaintain::PackageManager
2
2
  class Yum < Base
3
3
  PROTECTOR_CONFIG_FILE = '/etc/yum/pluginconf.d/foreman-protector.conf'.freeze
4
4
  PROTECTOR_WHITELIST_FILE = '/etc/yum/pluginconf.d/foreman-protector.whitelist'.freeze
5
- PROTECTOR_PLUGIN_FILE = '/usr/lib/yum-plugins/foreman-protector.py'.freeze
6
5
 
7
6
  def self.parse_envra(envra)
8
7
  # envra format: 0:foreman-1.20.1.10-1.el7sat.noarch
@@ -19,18 +18,17 @@ module ForemanMaintain::PackageManager
19
18
  end
20
19
 
21
20
  def versions_locked?
22
- !!(protector_config =~ /^\s*enabled\s*=\s*1/)
21
+ !!(protector_config =~ /^\s*enabled\s*=\s*1/) &&
22
+ protector_whitelist_file_nonzero?
23
23
  end
24
24
 
25
- def version_locking_enabled?
26
- File.exist?(PROTECTOR_PLUGIN_FILE) && File.exist?(PROTECTOR_CONFIG_FILE) &&
27
- File.exist?(PROTECTOR_WHITELIST_FILE)
25
+ def protector_whitelist_file_nonzero?
26
+ File.exist?(PROTECTOR_WHITELIST_FILE) &&
27
+ !File.zero?(PROTECTOR_WHITELIST_FILE)
28
28
  end
29
29
 
30
- def install_version_locking(*)
31
- install_extras('foreman_protector/foreman-protector.py', PROTECTOR_PLUGIN_FILE)
32
- install_extras('foreman_protector/foreman-protector.conf', PROTECTOR_CONFIG_FILE)
33
- install_extras('foreman_protector/foreman-protector.whitelist', PROTECTOR_WHITELIST_FILE)
30
+ def version_locking_supported?
31
+ true
34
32
  end
35
33
 
36
34
  def installed?(packages)
@@ -49,6 +47,10 @@ module ForemanMaintain::PackageManager
49
47
  yum_action('install', packages, :assumeyes => assumeyes)
50
48
  end
51
49
 
50
+ def reinstall(packages, assumeyes: false)
51
+ yum_action('reinstall', packages, :assumeyes => assumeyes)
52
+ end
53
+
52
54
  def remove(packages, assumeyes: false)
53
55
  yum_action('remove', packages, :assumeyes => assumeyes)
54
56
  end
@@ -129,14 +131,5 @@ module ForemanMaintain::PackageManager
129
131
  :interactive => !assumeyes, :valid_exit_statuses => valid_exit_statuses)
130
132
  end
131
133
  end
132
-
133
- def install_extras(src, dest, override: false)
134
- extras_src = File.expand_path('../../../../extras', __FILE__)
135
- if override ||
136
- (File.directory?(dest) && !File.exist?(File.join(dest, src))) ||
137
- !File.exist?(dest)
138
- FileUtils.cp(File.join(extras_src, src), dest)
139
- end
140
- end
141
134
  end
142
135
  end
@@ -317,7 +317,11 @@ module ForemanMaintain
317
317
 
318
318
  steps_with_error = scenario.steps_with_error(:whitelisted => false)
319
319
  steps_with_skipped = scenario.steps_with_skipped(:whitelisted => true)
320
- steps_to_whitelist = steps_with_error + steps_with_skipped
320
+ not_skippable_steps = scenario.steps_with_error.select do |step|
321
+ step.metadata[:do_not_whitelist] == true
322
+ end
323
+
324
+ steps_to_whitelist = steps_with_error + steps_with_skipped - not_skippable_steps
321
325
  unless steps_with_error.empty?
322
326
  message << format(<<-MESSAGE.strip_heredoc, format_steps(steps_with_error, "\n", 2))
323
327
  The following steps ended up in failing state:
@@ -325,11 +329,25 @@ module ForemanMaintain
325
329
  %s
326
330
  MESSAGE
327
331
  whitelist_labels = steps_to_whitelist.map(&:label_dashed).join(',')
328
- recommend << format(<<-MESSAGE.strip_heredoc, whitelist_labels)
329
- Resolve the failed steps and rerun
330
- the command. In case the failures are false positives,
331
- use --whitelist="%s"
332
- MESSAGE
332
+ unless whitelist_labels.empty?
333
+ recommend << if scenario.detector.feature(:instance).downstream
334
+ format(<<-MESSAGE.strip_heredoc, whitelist_labels)
335
+ Resolve the failed steps and rerun the command.
336
+
337
+ If the situation persists and, you are unclear what to do next,
338
+ contact Red Hat Technical Support.
339
+
340
+ In case the failures are false positives, use
341
+ --whitelist="%s"
342
+ MESSAGE
343
+ else
344
+ format(<<-MESSAGE.strip_heredoc, whitelist_labels)
345
+ Resolve the failed steps and rerun the command.
346
+ In case the failures are false positives, use
347
+ --whitelist="%s"
348
+ MESSAGE
349
+ end
350
+ end
333
351
  end
334
352
 
335
353
  steps_with_warning = scenario.steps_with_warning(:whitelisted => false)
@@ -1,3 +1,3 @@
1
1
  module ForemanMaintain
2
- VERSION = '1.0.7'.freeze
2
+ VERSION = '1.0.10'.freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: foreman_maintain
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.7
4
+ version: 1.0.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ivan Nečas
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-06 00:00:00.000000000 Z
11
+ date: 2022-05-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: clamp
@@ -184,7 +184,6 @@ files:
184
184
  - definitions/checks/server_ping.rb
185
185
  - definitions/checks/services_up.rb
186
186
  - definitions/checks/system_registration.rb
187
- - definitions/checks/version_locking_enabled.rb
188
187
  - definitions/features/apache.rb
189
188
  - definitions/features/candlepin.rb
190
189
  - definitions/features/candlepin_database.rb
@@ -274,7 +273,6 @@ files:
274
273
  - definitions/procedures/maintenance_mode/enable_maintenance_mode.rb
275
274
  - definitions/procedures/maintenance_mode/is_enabled.rb
276
275
  - definitions/procedures/packages/check_update.rb
277
- - definitions/procedures/packages/enable_version_locking.rb
278
276
  - definitions/procedures/packages/install.rb
279
277
  - definitions/procedures/packages/installer_confirmation.rb
280
278
  - definitions/procedures/packages/lock_versions.rb
@@ -299,6 +297,7 @@ files:
299
297
  - definitions/procedures/repositories/enable.rb
300
298
  - definitions/procedures/repositories/setup.rb
301
299
  - definitions/procedures/restore/candlepin_dump.rb
300
+ - definitions/procedures/restore/candlepin_reset_migrations.rb
302
301
  - definitions/procedures/restore/configs.rb
303
302
  - definitions/procedures/restore/confirmation.rb
304
303
  - definitions/procedures/restore/drop_databases.rb
@@ -361,9 +360,10 @@ files:
361
360
  - definitions/scenarios/upgrade_to_satellite_6_9.rb
362
361
  - definitions/scenarios/upgrade_to_satellite_6_9_z.rb
363
362
  - extras/foreman-maintain.sh
363
+ - extras/foreman_protector/dnf/foreman-protector.py
364
364
  - extras/foreman_protector/foreman-protector.conf
365
- - extras/foreman_protector/foreman-protector.py
366
365
  - extras/foreman_protector/foreman-protector.whitelist
366
+ - extras/foreman_protector/yum/foreman-protector.py
367
367
  - extras/passenger-recycler.cron
368
368
  - lib/foreman_maintain.rb
369
369
  - lib/foreman_maintain/check.rb
@@ -1,14 +0,0 @@
1
- module Checks
2
- class VersionLockingEnabled < ForemanMaintain::Check
3
- metadata do
4
- description 'Check if tooling for package locking is installed'
5
- end
6
-
7
- def run
8
- enabled = package_manager.version_locking_enabled?
9
- enable_locking = Procedures::Packages::EnableVersionLocking.new(:assumeyes => assumeyes?)
10
- assert(enabled, 'Tools for package version locking are not available on this system',
11
- :next_steps => enable_locking)
12
- end
13
- end
14
- end
@@ -1,12 +0,0 @@
1
- module Procedures::Packages
2
- class EnableVersionLocking < ForemanMaintain::Procedure
3
- metadata do
4
- description 'Install and configure tools for version locking'
5
- param :assumeyes, 'Do not ask for confirmation'
6
- end
7
-
8
- def run
9
- package_manager.install_version_locking(:assumeyes => @assumeyes)
10
- end
11
- end
12
- end