foreman_maintain 1.1.1 → 1.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 38a7ae9f24c88731e052acb62c13b25d29074a07ad852daa258bed6322c1d22d
-  data.tar.gz: e0420aa7dc1935c61ef479aed3a43069281797ca41f131048902c727676c6634
+  metadata.gz: a54e65aa9144d233ab256305556eebb5467cfd5c4fd9aa99b7971a13fdd81bac
+  data.tar.gz: ce6c5012139cc01bb4dee7f7cdb30a569ce3f05399d14d81d1c1cbf835588b31
 SHA512:
-  metadata.gz: e0b38e2d2819e152a508874b060b22f161aa4b56523d9b6869b714f9186920fa7d61fd10b09840158c94e4b55a7c18a718307e9a02f4320426f54baa9bdfdd9f
-  data.tar.gz: d53fb1934cdc2cbbc2cad92e43a4132ff0f8ea8eec1435bd930be575d3e2284a48278809b7576bdf24b8d7df36ac39fe2dcb223813dc9f8c3b57632e08e030e5
+  metadata.gz: b94662b70f86ed91889688a3288dbe67d44ec46c9b1d3830f5a9687b0293500048ffd2df86162964e417a0ffa1514d78a43a0c4a1f7168848986bb92abe9828e
+  data.tar.gz: 0f2351eddc6236e7be70c44bc94e0ac4ae24b19b8f21dcf9d0a726a8897c4bea34bcb5bd5562827d1efb3400c421e2807288d56d1f5a03d5685ab2c402aa21b7

data/definitions/features/foreman_database.rb

@@ -16,7 +16,13 @@ class Features::ForemanDatabase < ForemanMaintain::Feature
   end
 
   def config_files
-    [postgresql_conf]
+    el? ? [postgresql_conf] : []
+  end
+
+  def config_dirs
+    # On Debian config files reside in /etc/postgresql/#{version}/main/
+    # There could be more than on config dir because of multiple versions
+    deb_postgresql_config_dirs
   end
 
   def services

data/definitions/features/installer.rb

@@ -64,7 +64,9 @@ class Features::Installer < ForemanMaintain::Feature
   def config_files
     Dir.glob(File.join(config_directory, '**/*')) +
       [
-        '/usr/local/bin/validate_postgresql_connection.sh'
+        '/usr/local/bin/validate_postgresql_connection.sh',
+        '/opt/puppetlabs/puppet/cache/foreman_cache_data',
+        '/opt/puppetlabs/puppet/cache/pulpcore_cache_data'
       ]
   end
 

data/definitions/features/nftables.rb

@@ -25,12 +25,14 @@ class Features::Nftables < ForemanMaintain::Feature
     execute!("nft add chain #{family} #{table} #{chain} #{chain_options}")
   end
 
-  def add_rule(options = {})
+  def add_rules(options = {})
     family = options.fetch(:family, ip_family)
     table = options.fetch(:table, table_name)
     chain = options.fetch(:chain, chain_name)
-    rule = options.fetch(:rule) # needs validation
-    execute!("nft add rule #{family} #{table} #{chain} #{rule}")
+    rules = options.fetch(:rules) # needs validation
+    rules.each do |rule|
+      execute!("nft add rule #{family} #{table} #{chain} #{rule}")
+    end
   end
 
   def table_exist?(name = table_name)

data/definitions/features/puppet_server.rb

@@ -11,8 +11,6 @@ class Features::PuppetServer < ForemanMaintain::Feature
     [
       '/etc/puppet',
       '/etc/puppetlabs',
-      '/opt/puppetlabs/puppet/cache/foreman_cache_data',
-      '/var/lib/puppet/foreman_cache_data',
       '/opt/puppetlabs/puppet/ssl/',
       '/var/lib/puppet/ssl',
       '/var/lib/puppet',

data/definitions/procedures/backup/config_files.rb

@@ -45,10 +45,22 @@ module Procedures::Backup
         end
       end
     end
-    # rubocop:enable Metrics/MethodLength
 
-    # rubocop:disable Metrics/AbcSize
     def config_files
+      configs, exclude_configs = available_features_config
+
+      if feature(:foreman_proxy)
+        configs += foreman_proxy_configs
+        exclude_configs += foreman_proxy_exclude_configs
+      end
+
+      configs += config_dirs
+      configs.compact.select { |path| Dir.glob(path).any? }
+      exclude_configs.compact.select { |path| Dir.glob(path).any? }
+      [configs, exclude_configs]
+    end
+
+    def available_features_config
       configs = []
       exclude_configs = []
       ForemanMaintain.available_features.each do |feature|
@@ -59,17 +71,20 @@ module Procedures::Backup
         exclude_configs += feature.config_files_to_exclude
         exclude_configs += feature.config_files_exclude_for_online if @online_backup
       end
+      [configs, exclude_configs]
+    end
 
-      if feature(:foreman_proxy)
-        configs += feature(:foreman_proxy).config_files(@proxy_features)
-        exclude_configs += feature(:foreman_proxy).config_files_to_exclude(@proxy_features)
-      end
+    def foreman_proxy_configs
+      feature(:foreman_proxy).config_files(@proxy_features)
+    end
 
-      configs.compact.select { |path| Dir.glob(path).any? }
-      exclude_configs.compact.select { |path| Dir.glob(path).any? }
-      [configs, exclude_configs]
+    def foreman_proxy_exclude_configs
+      feature(:foreman_proxy).config_files_to_exclude(@proxy_features)
+    end
+
+    def config_dirs
+      debian_or_ubuntu? ? feature(:foreman_database).config_dirs : []
     end
-    # rubocop:enable Metrics/AbcSize
 
     private
 

data/definitions/procedures/backup/metadata.rb

@@ -17,7 +17,7 @@ module Procedures::Backup
         metadata['os_version'] = release_info(spinner)
         metadata['plugin_list'] = plugin_list(spinner) || []
         metadata['proxy_features'] = proxy_feature_list(spinner) || []
-        metadata['rpms'] = rpms(spinner)
+        installed_pkgs(metadata)
         metadata['incremental'] = @incremental_dir || false
         metadata['online'] = @online_backup
         metadata['hostname'] = hostname
@@ -28,6 +28,15 @@ module Procedures::Backup
 
     private
 
+    def installed_pkgs(metadata)
+      installed_pkgs = package_manager.list_installed_packages
+      if el?
+        metadata[:rpms] = installed_pkgs
+      else
+        metadata[:debs] = installed_pkgs
+      end
+    end
+
     def save_metadata(metadata, spinner)
       spinner.update('Saving metadata to metadata.yml')
       File.open(File.join(@backup_dir, 'metadata.yml'), 'w') do |metadata_file|
@@ -37,12 +46,7 @@ module Procedures::Backup
 
     def release_info(spinner)
       spinner.update('Collecting system release info')
-      execute!('cat /etc/redhat-release').chomp
-    end
-
-    def rpms(spinner)
-      spinner.update('Collecting installed RPMs')
-      execute!('rpm -qa').split("\n")
+      "#{os_name} #{os_version}"
     end
 
     def plugin_list(spinner)

data/definitions/procedures/backup/offline/foreman_db.rb

@@ -20,7 +20,7 @@ module Procedures::Backup
             local_backup
           end
         else
-          puts "Backup of #{pg_data_dir} is not supported for remote databases." \
+          puts "Backup of #{pg_data_dirs.join(',')} is not supported for remote databases." \
             ' Doing postgres dump instead...'
           with_spinner('Getting Foreman DB dump') do
             feature(:foreman_database).dump_db(File.join(@backup_dir, 'foreman.dump'))
@@ -31,22 +31,43 @@ module Procedures::Backup
       private
 
       def local_backup
-        with_spinner("Collecting data from #{pg_data_dir}") do
-          feature(:foreman_database).backup_local(
-            pg_backup_file,
-            :listed_incremental => File.join(@backup_dir, '.postgres.snar'),
-            :volume_size => @tar_volume_size,
-            :data_dir => pg_data_dir
-          )
+        with_spinner("Collecting data from #{pg_data_dirs.join(',')}") do
+          pg_data_dirs.each_with_index do |pg_dir, index|
+            do_backup(pg_dir, index == 0 ? 'create' : 'append')
+          end
         end
       end
 
+      def do_backup(pg_dir, cmd)
+        feature(:foreman_database).backup_local(
+          pg_backup_file,
+          :listed_incremental => File.join(@backup_dir, '.postgres.snar'),
+          :volume_size => @tar_volume_size,
+          :data_dir => pg_dir,
+          :command => cmd
+        )
+      end
+
       def pg_backup_file
         File.join(@backup_dir, 'pgsql_data.tar')
       end
 
-      def pg_data_dir
+      def pg_data_dirs
+        el? ? [pg_data_dir_el] : pg_data_dirs_deb
+      end
+
+      def pg_data_dirs_deb
+        # The Debian based OSes support multiple installations of Postgresql
+        # There could be situations where Foreman db is either of these versions
+        # To be sure we backup the system correctly without missing anything
+        # we backup all of the Postgresql dirs
+        # Yet to implement the snapshot backup!
+        feature(:foreman_database).data_dir
+      end
+
+      def pg_data_dir_el
         return feature(:foreman_database).data_dir if @mount_dir.nil?
+
         mount_point = File.join(@mount_dir, 'pgsql')
         dir = feature(:foreman_database).find_base_directory(mount_point)
         fail!("Snapshot of Foreman DB was not found mounted in #{mount_point}") if dir.nil?

data/definitions/procedures/content/prepare.rb

@@ -4,6 +4,7 @@ module Procedures::Content
       description 'Prepare content for Pulp 3'
       for_feature :pulpcore
       param :quiet, 'Keep the output on a single line', :flag => true, :default => false
+      do_not_whitelist
     end
 
     def run

data/definitions/procedures/content/switchover.rb

@@ -9,6 +9,7 @@ module Procedures::Content
       end
 
       param :skip_deb, 'Do not run debian options in installer.'
+      do_not_whitelist
     end
 
     def run

data/definitions/procedures/foreman/apipie_cache.rb

@@ -6,7 +6,7 @@ module Procedures::Foreman
     end
 
     def run
-      execute!('foreman-rake apipie:cache')
+      execute!('FOREMAN_APIPIE_LANGS=en foreman-rake apipie:cache')
     end
   end
 end

data/definitions/procedures/installer/run_for_6_11.rb

@@ -0,0 +1,52 @@
+module Procedures::Installer
+  class RunFor6_11 < ForemanMaintain::Procedure
+    metadata do
+      description 'Run installer with Candlepin SSL CA'\
+                  ' when using external database with SSL'
+      param :assumeyes, 'Do not ask for confirmation'
+      manual_detection
+    end
+
+    def run
+      if extdb_and_ssl?
+        run_installer_with_extra_option
+      else
+        run_installer
+      end
+    end
+
+    def ext_db?
+      !feature(:foreman_database).local?
+    end
+
+    def installer_answers
+      @installer_answers ||= feature(:installer).answers
+    end
+
+    def server_db_with_ssl?
+      installer_answers.fetch('katello')['candlepin_db_ssl']
+    end
+
+    def extdb_and_ssl?
+      ext_db? && server_db_with_ssl?
+    end
+
+    def run_installer_with_extra_option
+      ssl_ca_path = installer_answers.fetch('foreman')['db_root_cert']
+      spinner_msg = "Running installer with --katello-candlepin-db-ssl-ca #{ssl_ca_path} argument!"
+      with_spinner(spinner_msg) do
+        installer_args = feature(:installer).installer_arguments
+        new_ssl_arg = " --katello-candlepin-db-ssl-ca #{ssl_ca_path}"
+        installer_args << new_ssl_arg
+        feature(:installer).run(installer_args)
+      end
+    end
+
+    def run_installer
+      with_spinner('Executing installer') do
+        assumeyes_val = @assumeyes.nil? ? assumeyes? : @assumeyes
+        feature(:installer).upgrade(:interactive => !assumeyes_val)
+      end
+    end
+  end
+end

data/definitions/procedures/maintenance_mode/disable_maintenance_mode.rb

@@ -1,5 +1,6 @@
 module Procedures::MaintenanceMode
   class DisableMaintenanceMode < ForemanMaintain::Procedure
+    include ForemanMaintain::Concerns::Firewall::MaintenanceMode
     metadata do
       label :disable_maintenance_mode
       description 'Remove maintenance mode table/chain from nftables/iptables'
@@ -11,7 +12,7 @@ module Procedures::MaintenanceMode
       if feature(:instance).firewall
         feature(:instance).firewall.disable_maintenance_mode
       else
-        warn! 'Unable to find nftables or iptables'
+        notify_and_ask_to_install_firewall_utility
       end
     end
   end

data/definitions/procedures/maintenance_mode/enable_maintenance_mode.rb

@@ -1,5 +1,6 @@
 module Procedures::MaintenanceMode
   class EnableMaintenanceMode < ForemanMaintain::Procedure
+    include ForemanMaintain::Concerns::Firewall::MaintenanceMode
     metadata do
       label :enable_maintenance_mode
       description 'Add maintenance_mode tables/chain to nftables/iptables'
@@ -14,35 +15,5 @@ module Procedures::MaintenanceMode
         notify_and_ask_to_install_firewall_utility
       end
     end
-
-    def notify_and_ask_to_install_firewall_utility
-      puts 'Unable to find nftables or iptables!'
-      question, pkg = question_and_pkg_name
-      answer = ask_decision(question, actions_msg: 'y(yes), q(quit)')
-      if answer == :yes
-        packages_action(:install, pkg)
-        feature(:instance).firewall.enable_maintenance_mode
-      end
-    end
-
-    def can_install_nft?
-      nft_kernel_version = Gem::Version.new('3.13')
-      installed_kernel_version = Gem::Version.new(execute!('uname -r').split('-').first)
-      installed_kernel_version >= nft_kernel_version
-    end
-
-    def question_and_pkg_name
-      question = 'Do you want to install missing netfilter utility '
-      pkg_to_install = []
-      if can_install_nft?
-        question << 'nftables?'
-        pkg_to_install << 'nftables'
-      else
-        question << 'iptables?'
-        pkg_to_install << 'iptables'
-      end
-      question << "\nand start maintenance mode?"
-      [question, pkg_to_install]
-    end
   end
 end

data/definitions/procedures/packages/update.rb

@@ -6,12 +6,14 @@ module Procedures::Packages
       param :force, 'Do not skip if package is installed', :flag => true, :default => false
       param :warn_on_errors, 'Do not interrupt scenario on failure',
             :flag => true, :default => false
+      param :yum_options, 'Extra yum options if any', :array => true, :default => []
     end
 
     def run
       assumeyes_val = @assumeyes.nil? ? assumeyes? : @assumeyes
       package_manager.clean_cache(:assumeyes => assumeyes_val)
-      packages_action(:update, @packages, :assumeyes => assumeyes_val)
+      opts = { :assumeyes => assumeyes_val, :yum_options => @yum_options }
+      packages_action(:update, @packages, opts)
     rescue ForemanMaintain::Error::ExecutionError => e
       if @warn_on_errors
         set_status(:warning, e.message)

data/definitions/procedures/restore/extract_files.rb

@@ -71,6 +71,10 @@ module Procedures::Restore
         :transform => any_database.restore_transform
       )
       feature(:tar).run(pgsql_data_tar)
+      del_data_dir_param if el?
+    end
+
+    def del_data_dir_param
       # workaround for https://tickets.puppetlabs.com/browse/MODULES-11160
       execute("sed -i '/data_directory/d' #{any_database.postgresql_conf}")
     end

data/definitions/procedures/selinux/set_file_security.rb

@@ -7,6 +7,9 @@ module Procedures::Selinux
             'Is the backup incremental?',
             :required => true
       manual_detection
+      confine do
+        File.directory?('/sys/fs/selinux')
+      end
     end
 
     def run

data/definitions/scenarios/backup.rb

@@ -19,6 +19,7 @@ module ForemanMaintain::Scenarios
       param :tar_volume_size, 'Size of tar volume (indicates splitting)'
     end
 
+    # rubocop:disable Metrics/MethodLength
     def compose
       check_valid_startegy
       safety_confirmation
@@ -33,10 +34,19 @@ module ForemanMaintain::Scenarios
       when :offline
         add_offline_backup_steps
       when :snapshot
+        deb_snapshot_msg
         add_snapshot_backup_steps
       end
       add_step_with_context(Procedures::Backup::CompressData)
     end
+    # rubocop:enable Metrics/MethodLength
+
+    def deb_snapshot_msg
+      if debian_or_ubuntu?
+        puts 'The snapshot backup is not yet available for Debian based OSes!'
+        exit 0
+      end
+    end
 
     # rubocop:disable  Metrics/MethodLength
     def set_context_mapping

data/definitions/scenarios/packages.rb

@@ -107,9 +107,9 @@ module ForemanMaintain::Scenarios
         else
           add_steps_with_context(
             Procedures::Packages::UpdateAllConfirmation,
-            Procedures::Packages::InstallerConfirmation,
-            Procedures::Packages::UnlockVersions
+            Procedures::Packages::InstallerConfirmation
           )
+          add_step_with_context(Procedures::Packages::UnlockVersions)
           add_step_with_context(Procedures::Packages::Update,
                                 :force => true, :warn_on_errors => true)
           add_step_with_context(Procedures::Installer::Upgrade)

data/definitions/scenarios/puppet.rb

@@ -15,6 +15,9 @@ module ForemanMaintain::Scenarios
           add_step(Procedures::Puppet::RemovePuppet)
           add_step(Procedures::Puppet::RemovePuppetData) if context.get(:remove_data)
           add_step(Procedures::Service::Restart)
+          if server?
+            add_step(Procedures::Foreman::ApipieCache)
+          end
         end
       end
     end

data/definitions/scenarios/self_upgrade.rb

@@ -1,17 +1,6 @@
 module ForemanMaintain::Scenarios
   class SelfUpgradeBase < ForemanMaintain::Scenario
-    def enabled_system_repos_id
-      repository_manager.enabled_repos.keys
-    end
-
-    def enable_repos(repo_ids = stored_enabled_repos_ids)
-      add_step(Procedures::Repositories::Enable.new(repos: repo_ids))
-    end
-
-    def disable_repos(repo_ids = stored_enabled_repos_ids)
-      add_step(Procedures::Repositories::Disable.new(repos: repo_ids))
-    end
-
+    include ForemanMaintain::Concerns::Downstream
     def target_version
       current_full_version = feature(:instance).downstream.current_version
       @target_version ||= current_full_version.bump
@@ -43,33 +32,6 @@ module ForemanMaintain::Scenarios
       end
     end
 
-    def maintenance_repo_version
-      return '6' if current_version == '6.10'
-
-      current_version
-    end
-
-    def stored_enabled_repos_ids
-      @stored_enabled_repos_ids ||= begin
-        path = File.expand_path('enabled_repos.yml', ForemanMaintain.config.backup_dir)
-        @stored_enabled_repos_ids = File.file?(path) ? YAML.load(File.read(path)) : []
-      end
-    end
-
-    def all_maintenance_repos
-      repo_regex = if el7?
-                     /rhel-\d-server-satellite-maintenance-\d.\d-rpms/
-                   else
-                     /satellite-maintenance-\d.\d-for-rhel-\d-x86_64-rpms/
-                   end
-      stored_enabled_repos_ids.select { |id| !id.match(repo_regex).nil? }
-    end
-
-    def repos_ids_to_reenable
-      repos_ids_to_reenable = stored_enabled_repos_ids - all_maintenance_repos
-      repos_ids_to_reenable << maintenance_repo(maintenance_repo_version)
-    end
-
     def use_rhsm?
       return false if maintenance_repo_label
 
@@ -79,6 +41,14 @@ module ForemanMaintain::Scenarios
 
       true
     end
+
+    def req_repos_to_update_pkgs
+      if use_rhsm?
+        main_rh_repos + [maintenance_repo_id(target_version)]
+      else
+        [maintenance_repo_id(target_version)]
+      end
+    end
   end
 
   class SelfUpgrade < SelfUpgradeBase
@@ -92,28 +62,11 @@ module ForemanMaintain::Scenarios
     def compose
       if check_min_version('foreman', '2.5') || check_min_version('foreman-proxy', '2.5')
         pkgs_to_update = %w[satellite-maintain rubygem-foreman_maintain]
-        add_step(Procedures::Repositories::BackupEnabledRepos.new)
-        disable_repos
-        add_step(Procedures::Repositories::Enable.new(repos: [maintenance_repo_id(target_version)],
-                                                      use_rhsm: use_rhsm?))
-        add_step(Procedures::Packages::Update.new(packages: pkgs_to_update, assumeyes: true))
-        enable_repos(repos_ids_to_reenable)
-      end
-    end
-  end
-
-  class SelfUpgradeRescue < SelfUpgradeBase
-    metadata do
-      label :rescue_self_upgrade
-      description 'Disables all version specific maintenance repositories and,'\
-  		 "\nenables the repositories which were configured prior to self upgrade"
-      manual_detection
-      run_strategy :fail_slow
-    end
-
-    def compose
-      if check_min_version('foreman', '2.5') || check_min_version('foreman-proxy', '2.5')
-        enable_repos(repos_ids_to_reenable)
+        yum_options = req_repos_to_update_pkgs.map do |id|
+          "--enablerepo=#{id}"
+        end
+        add_step(Procedures::Packages::Update.new(packages: pkgs_to_update, assumeyes: true,
+                                                  yum_options: yum_options))
       end
     end
   end

data/definitions/scenarios/upgrade_to_satellite_6_11.rb

@@ -61,7 +61,7 @@ module Scenarios::Satellite_6_11
       add_step(Procedures::Repositories::Setup.new(:version => '6.11'))
       add_step(Procedures::Packages::UnlockVersions.new)
       add_step(Procedures::Packages::Update.new(:assumeyes => true))
-      add_step_with_context(Procedures::Installer::Upgrade)
+      add_step_with_context(Procedures::Installer::RunFor6_11)
       add_step(Procedures::Installer::UpgradeRakeTask)
     end
   end

data/lib/foreman_maintain/cli/packages_command.rb

@@ -2,23 +2,32 @@ module ForemanMaintain
   module Cli
     class PackagesCommand < Base
       subcommand 'lock', 'Prevent packages from automatic update' do
+        # This command is not implemented for Debian based operating systems
         interactive_option(['assumeyes'])
         def execute
-          run_scenarios_and_exit(Scenarios::Packages::Lock.new)
+          run_scenario_or_rescue do
+            run_scenarios_and_exit(Scenarios::Packages::Lock.new)
+          end
         end
       end
 
       subcommand 'unlock', 'Enable packages for automatic update' do
+        # This command is not implemented for Debian based operating systems
         interactive_option(['assumeyes'])
         def execute
-          run_scenarios_and_exit(Scenarios::Packages::Unlock.new)
+          run_scenario_or_rescue do
+            run_scenarios_and_exit(Scenarios::Packages::Unlock.new)
+          end
         end
       end
 
       subcommand 'status', 'Check if packages are protected against update' do
+        # This command is not implemented for Debian based operating systems
         interactive_option(['assumeyes'])
         def execute
-          run_scenarios_and_exit(Scenarios::Packages::Status.new)
+          run_scenario_or_rescue do
+            run_scenarios_and_exit(Scenarios::Packages::Status.new)
+          end
         end
       end
 
@@ -58,14 +67,24 @@ module ForemanMaintain
       end
 
       subcommand 'is-locked', 'Check if update of packages is allowed' do
+        # This command is not implemented for Debian based operating systems
         interactive_option(['assumeyes'])
         def execute
-          locked = ForemanMaintain.package_manager.versions_locked?
-          puts "Packages are#{locked ? '' : ' not'} locked"
-          exit_code = locked ? 0 : 1
-          exit exit_code
+          run_scenario_or_rescue do
+            locked = ForemanMaintain.package_manager.versions_locked?
+            puts "Packages are#{locked ? '' : ' not'} locked"
+            exit_code = locked ? 0 : 1
+            exit exit_code
+          end
         end
       end
+
+      def run_scenario_or_rescue
+        yield
+      rescue NotImplementedError
+        puts 'Command is not implemented for Debian based operating systems!'
+        exit 0
+      end
     end
   end
 end

data/lib/foreman_maintain/cli/self_upgrade_command.rb

@@ -5,7 +5,7 @@ module ForemanMaintain
              'Repository label from which packages should be updated.'\
              'This can be used when standard CDN repositories are unavailable.'
       def execute
-        run_scenario(upgrade_scenario, upgrade_rescue_scenario)
+        run_scenario(upgrade_scenario)
       end
 
       def upgrade_scenario
@@ -13,12 +13,6 @@ module ForemanMaintain
           maintenance_repo_label: maintenance_repo_label
         )
       end
-
-      def upgrade_rescue_scenario
-        Scenarios::SelfUpgradeRescue.new(
-          maintenance_repo_label: maintenance_repo_label
-        )
-      end
     end
   end
 end

data/lib/foreman_maintain/concerns/base_database.rb

@@ -4,13 +4,39 @@ module ForemanMaintain
       def data_dir
         if el7? && package_manager.installed?('rh-postgresql12-postgresql-server-syspaths')
           '/var/opt/rh/rh-postgresql12/lib/pgsql/data/'
+        elsif debian_or_ubuntu?
+          deb_postgresql_data_dir
         else
           '/var/lib/pgsql/data/'
         end
       end
 
+      def deb_postgresql_data_dir
+        deb_postgresql_versions.map do |ver|
+          "/var/lib/postgresql/#{ver}/main/"
+        end
+      end
+
+      def deb_postgresql_versions
+        installed_pkgs = package_manager.list_installed_packages('${binary:Package}\n')
+        @deb_postgresql_versions ||= installed_pkgs.grep(/^postgresql-\d+$/).map do |name|
+          name.split('-').last
+        end
+        @deb_postgresql_versions
+      end
+
       def postgresql_conf
-        "#{data_dir}/postgresql.conf"
+        return "#{data_dir}/postgresql.conf" if el?
+
+        deb_postgresql_config_dirs.map do |conf_dir|
+          "#{conf_dir}postgresql.conf"
+        end
+      end
+
+      def deb_postgresql_config_dirs
+        deb_postgresql_versions.map do |ver|
+          "/etc/postgresql/#{ver}/main/"
+        end
       end
 
       def restore_transform
@@ -89,11 +115,13 @@ module ForemanMaintain
 
       def backup_local(backup_file, extra_tar_options = {})
         dir = extra_tar_options.fetch(:data_dir, data_dir)
+        command = extra_tar_options.fetch(:command, 'create')
+
         FileUtils.cd(dir) do
           tar_options = {
             :archive => backup_file,
-            :command => 'create',
-            :transform => "s,^,#{data_dir[1..-1]},S",
+            :command => command,
+            :transform => "s,^,#{dir[1..-1]},S",
             :files => '*'
           }.merge(extra_tar_options)
           feature(:tar).run(tar_options)

data/lib/foreman_maintain/concerns/downstream.rb

@@ -66,7 +66,8 @@ module ForemanMaintain
         server_version_full = "#{server_version.major}.#{server_version.minor}"
         rh_repos.concat(product_specific_repos(server_version_full))
         if server_version > version('6.3')
-          rh_repos << ansible_repo(server_version)
+          ansible_repo = ansible_repo(server_version)
+          rh_repos << ansible_repo if ansible_repo
         end
 
         rh_repos
@@ -83,8 +84,6 @@ module ForemanMaintain
 
         if el7?
           "rhel-#{el_major_version}-server-ansible-#{ansible_version}-rpms"
-        else
-          "ansible-#{ansible_version}-for-rhel-#{el_major_version}-x86_64-rpms"
         end
       end
 

data/lib/foreman_maintain/concerns/firewall/maintenance_mode.rb

@@ -0,0 +1,31 @@
+module ForemanMaintain
+  module Concerns
+    module Firewall
+      module MaintenanceMode
+        def notify_and_ask_to_install_firewall_utility
+          puts 'Unable to find nftables or iptables!'
+          question, pkg = question_and_pkg_name
+          answer = ask_decision(question, actions_msg: 'y(yes), q(quit)')
+          if answer == :yes
+            packages_action(:install, pkg)
+            feature(:instance).firewall.enable_maintenance_mode
+          end
+        end
+
+        def can_install_nft?
+          # The nftables is default from EL8 and Debian 10(Buster)
+          (el? && el_major_version >= 8) ||
+            (debian? && deb_major_version >= 10) ||
+            (ubuntu? && ubuntu_major_version.to_i >= 22)
+        end
+
+        def question_and_pkg_name
+          pkg_to_install = can_install_nft? ? 'nftables' : 'iptables'
+          question = "Do you want to install missing netfilter utility #{pkg_to_install}?"\
+                     "\nand start maintenance mode?"
+          [question, [pkg_to_install]]
+        end
+      end
+    end
+  end
+end

data/lib/foreman_maintain/concerns/firewall/nftables_maintenance_mode.rb

@@ -10,7 +10,7 @@ module ForemanMaintain
           unless table_exist?
             add_table
             add_chain(:chain_options => nftables_chain_options)
-            add_rule(rule: nftables_rule)
+            add_rules(rules: nftables_rules)
           end
         end
 
@@ -22,8 +22,8 @@ module ForemanMaintain
           '{type filter hook input priority 0\\;}'
         end
 
-        def nftables_rule
-          'tcp dport https reject'
+        def nftables_rules
+          ['iifname "lo" accept', 'tcp dport 443 reject']
         end
 
         def status_for_maintenance_mode

data/lib/foreman_maintain/concerns/metadata.rb

@@ -100,6 +100,10 @@ module ForemanMaintain
           @data[:advanced_run] = advanced_run
         end
 
+        def do_not_whitelist
+          @data[:do_not_whitelist] = true
+        end
+
         def self.eval_dsl(metadata, &block)
           new(metadata).tap do |dsl|
             dsl.instance_eval(&block)

data/lib/foreman_maintain/concerns/os_facts.rb

@@ -46,12 +46,20 @@ module ForemanMaintain
         facts.fetch('ID_LIKE', '').split
       end
 
+      def os_name
+        facts.fetch('NAME')
+      end
+
       def el?
         File.exist?('/etc/redhat-release')
       end
 
       def debian?
-        File.exist?('/etc/debian_version')
+        os_id == 'debian'
+      end
+
+      def ubuntu?
+        os_id == 'ubuntu'
       end
 
       def el7?
@@ -63,7 +71,23 @@ module ForemanMaintain
       end
 
       def el_major_version
-        return os_version_id.to_i if el?
+        os_version_id.to_i if el?
+      end
+
+      def deb_major_version
+        os_version_id.to_i if debian?
+      end
+
+      def ubuntu_major_version
+        os_version_id if ubuntu?
+      end
+
+      def debian_or_ubuntu?
+        debian? || ubuntu?
+      end
+
+      def os_version
+        facts.fetch('VERSION')
       end
     end
   end

data/lib/foreman_maintain/concerns/system_helpers.rb

@@ -100,12 +100,13 @@ module ForemanMaintain
       end
 
       def packages_action(action, packages, options = {})
-        options.validate_options!(:assumeyes)
+        options.validate_options!(:assumeyes, :yum_options)
         case action
         when :install
           package_manager.install(packages, :assumeyes => options[:assumeyes])
         when :update
-          package_manager.update(packages, :assumeyes => options[:assumeyes])
+          package_manager.update(packages, :assumeyes => options[:assumeyes],
+                                           :yum_options => options[:yum_options])
         when :remove
           package_manager.remove(packages, :assumeyes => options[:assumeyes])
         else
@@ -114,8 +115,12 @@ module ForemanMaintain
       end
 
       def package_version(name)
-        # space for extension to support non-rpm distributions
-        pkg = package_manager.find_installed_package(name, '%{VERSION}')
+        ver = if el?
+                '%{VERSION}'
+              elsif debian_or_ubuntu?
+                '${VERSION}'
+              end
+        pkg = package_manager.find_installed_package(name, ver)
         version(pkg) unless pkg.nil?
       end
 
@@ -184,7 +189,7 @@ module ForemanMaintain
       end
 
       def ruby_prefix(scl = true)
-        if debian?
+        if debian_or_ubuntu?
           'ruby-'
         elsif el7? && scl
           'tfm-rubygem-'
@@ -194,12 +199,12 @@ module ForemanMaintain
       end
 
       def foreman_plugin_name(plugin)
-        plugin = plugin.tr('_', '-') if debian?
+        plugin = plugin.tr('_', '-') if debian_or_ubuntu?
         ruby_prefix + plugin
       end
 
       def proxy_plugin_name(plugin)
-        if debian?
+        if debian_or_ubuntu?
           plugin = plugin.tr('_', '-')
           proxy_plugin_prefix = 'smart-proxy-'
         else
@@ -210,12 +215,12 @@ module ForemanMaintain
       end
 
       def hammer_plugin_name(plugin)
-        plugin = plugin.tr('_', '-') if debian?
-        [hammer_package, plugin].join(debian? ? '-' : '_')
+        plugin = plugin.tr('_', '-') if debian_or_ubuntu?
+        [hammer_package, plugin].join(debian_or_ubuntu? ? '-' : '_')
       end
 
       def hammer_package
-        hammer_prefix = if debian?
+        hammer_prefix = if debian_or_ubuntu?
                           'hammer-cli'
                         else
                           'hammer_cli'

data/lib/foreman_maintain/package_manager/apt.rb

@@ -0,0 +1,71 @@
+module ForemanMaintain::PackageManager
+  class Apt < Base
+    def installed?(packages)
+      packages_list = [packages].flatten(1).map { |pkg| "'#{pkg}'" }.join(' ')
+      status, output = sys.execute_with_status(%(dpkg --status #{packages_list}))
+      return false if status != 0
+
+      status_of_pkg = output.split("\n").grep(/^Status:/).first
+      status_of_pkg.include?('installed')
+    end
+
+    def install(packages, assumeyes: false)
+      apt_action('install', packages, :assumeyes => assumeyes)
+    end
+
+    def remove(packages, assumeyes: false)
+      apt_action('remove', packages, :assumeyes => assumeyes)
+    end
+
+    def update(packages = [], assumeyes: false)
+      action = packages.any? ? '--only-upgrade install' : 'upgrade'
+      apt_action(action, packages, :assumeyes => assumeyes)
+    end
+
+    def clean_cache(assumeyes: false)
+      apt_action('clean', :assumeyes => assumeyes)
+    end
+
+    def find_installed_package(name, queryfm = '')
+      return unless installed?(name)
+
+      dpkg_cmd = "dpkg-query --show #{name}"
+      unless queryfm.empty?
+        dpkg_cmd = "dpkg-query --showformat='#{queryfm}' --show #{name}"
+      end
+      _, result = sys.execute_with_status(dpkg_cmd)
+      result
+    end
+
+    def check_update(packages: nil, with_status: false)
+      apt_action('upgrade --dry-run', packages, :with_status => with_status)
+    end
+
+    def list_installed_packages(queryfm = '${binary:Package}-${VERSION}\n')
+      # The queryfm should only include valid tag(s) as per `dpkg-query` man page.
+      # If any special formatting is required with querytag then it should be provided with tag i.e,
+      # querytag = "--%{VERSION}"
+      # The queryfm string must end with '\n'
+      sys.execute!("dpkg-query --showformat='#{queryfm}' -W").split("\n")
+    end
+
+    def version_locking_supported?
+      false
+    end
+
+    def apt_action(action, packages, with_status: false, assumeyes: false, valid_exit_statuses: [0])
+      apt_options = []
+      packages = [packages].flatten(1)
+      apt_options << '-y' if assumeyes
+      apt_options_s = apt_options.empty? ? '' : ' ' + apt_options.join(' ')
+      packages_s = packages.empty? ? '' : ' ' + packages.join(' ')
+      if with_status
+        sys.execute_with_status("apt-get#{apt_options_s} #{action}#{packages_s}",
+                                :interactive => !assumeyes)
+      else
+        sys.execute!("apt-get#{apt_options_s} #{action}#{packages_s}",
+                     :interactive => !assumeyes, :valid_exit_statuses => valid_exit_statuses)
+      end
+    end
+  end
+end

data/lib/foreman_maintain/package_manager/yum.rb

@@ -59,8 +59,8 @@ module ForemanMaintain::PackageManager
       yum_action('remove', packages, :assumeyes => assumeyes)
     end
 
-    def update(packages = [], assumeyes: false)
-      yum_action('update', packages, :assumeyes => assumeyes)
+    def update(packages = [], assumeyes: false, yum_options: [])
+      yum_action('update', packages, :assumeyes => assumeyes, :yum_options => yum_options)
     end
 
     def clean_cache(assumeyes: false)
@@ -120,8 +120,12 @@ module ForemanMaintain::PackageManager
       File.open(protector_config_file, 'w') { |file| file.puts config }
     end
 
-    def yum_action(action, packages, with_status: false, assumeyes: false, valid_exit_statuses: [0])
-      yum_options = []
+    # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+    def yum_action(action, packages, options)
+      with_status = options.fetch(:with_status, false)
+      assumeyes = options.fetch(:assumeyes, false)
+      valid_exit_statuses = options.fetch(:valid_exit_statuses, [0])
+      yum_options = options.fetch(:yum_options, [])
       packages = [packages].flatten(1)
       yum_options << '-y' if assumeyes
       yum_options << '--disableplugin=foreman-protector'

data/lib/foreman_maintain/package_manager.rb

@@ -1,14 +1,16 @@
 require 'foreman_maintain/package_manager/base'
 require 'foreman_maintain/package_manager/yum'
 require 'foreman_maintain/package_manager/dnf'
+require 'foreman_maintain/package_manager/apt'
 
 module ForemanMaintain
   def self.package_manager
-    @package_manager ||= case (%w[dnf yum apt].find { |manager| !`command -v #{manager}`.empty? })
-                         when 'dnf'
-                           ForemanMaintain::PackageManager::Dnf.new
-                         when 'yum'
+    @package_manager ||= if el7?
                            ForemanMaintain::PackageManager::Yum.new
+                         elsif el?
+                           ForemanMaintain::PackageManager::Dnf.new
+                         elsif debian_or_ubuntu?
+                           ForemanMaintain::PackageManager::Apt.new
                          else
                            raise 'No supported package manager was found'
                          end

data/lib/foreman_maintain/reporter/cli_reporter.rb

@@ -317,7 +317,11 @@ module ForemanMaintain
 
         steps_with_error = scenario.steps_with_error(:whitelisted => false)
         steps_with_skipped = scenario.steps_with_skipped(:whitelisted => true)
-        steps_to_whitelist = steps_with_error + steps_with_skipped
+        not_skippable_steps = scenario.steps_with_error.select do |step|
+          step.metadata[:do_not_whitelist] == true
+        end
+
+        steps_to_whitelist = steps_with_error + steps_with_skipped - not_skippable_steps
         unless steps_with_error.empty?
           message << format(<<-MESSAGE.strip_heredoc, format_steps(steps_with_error, "\n", 2))
           The following steps ended up in failing state:
@@ -325,11 +329,25 @@ module ForemanMaintain
           %s
           MESSAGE
           whitelist_labels = steps_to_whitelist.map(&:label_dashed).join(',')
-          recommend << format(<<-MESSAGE.strip_heredoc, whitelist_labels)
-          Resolve the failed steps and rerun
-          the command. In case the failures are false positives,
-          use --whitelist="%s"
-          MESSAGE
+          unless whitelist_labels.empty?
+            recommend << if scenario.detector.feature(:instance).downstream
+                           format(<<-MESSAGE.strip_heredoc, whitelist_labels)
+              Resolve the failed steps and rerun the command.
+
+              If the situation persists and, you are unclear what to do next,
+              contact Red Hat Technical Support.
+
+              In case the failures are false positives, use
+              --whitelist="%s"
+              MESSAGE
+                         else
+                           format(<<-MESSAGE.strip_heredoc, whitelist_labels)
+              Resolve the failed steps and rerun the command.
+              In case the failures are false positives, use
+              --whitelist="%s"
+              MESSAGE
+                         end
+          end
         end
 
         steps_with_warning = scenario.steps_with_warning(:whitelisted => false)

data/lib/foreman_maintain/repository_manager/el.rb

@@ -76,10 +76,21 @@ module ForemanMaintain::RepositoryManager
     end
 
     def hash_of_repoids_urls(repos, regex)
-      Hash[*repos.split("\n").grep(regex).map do |entry|
-             entry.split(':', 2).last.strip
-           end
-      ]
+      ids_urls = Hash[*repos.split("\n").grep(regex).map do |entry|
+                        entry.split(':', 2).last.strip
+                      end]
+
+      # The EL7 yum repolist output includes extra info in the output,
+      # as example
+      # rhel-7-server-rpms/7Server/x86_64
+      # rhel-server-rhscl-7-rpms/7Server/x86_64
+      # This trims anything after first '/' to get correct repo label
+      trimmed_hash = {}
+      ids_urls.each do |id, url|
+        trimmed_id = id.split('/').first
+        trimmed_hash[trimmed_id] = url
+      end
+      trimmed_hash
     end
   end
 end

data/lib/foreman_maintain/repository_manager.rb

@@ -4,7 +4,7 @@ module ForemanMaintain
   def self.repository_manager
     @repository_manager ||= if el?
                               ForemanMaintain::RepositoryManager::El.new
-                            elsif debian?
+                            elsif debian_or_ubuntu?
                               raise 'Not implemented!'
                             else
                               raise 'No supported repository manager was found'

data/lib/foreman_maintain/version.rb

@@ -1,3 +1,3 @@
 module ForemanMaintain
-  VERSION = '1.1.1'.freeze
+  VERSION = '1.1.2'.freeze
 end

data/lib/foreman_maintain.rb

@@ -26,6 +26,7 @@ module ForemanMaintain
   require 'foreman_maintain/concerns/pulp_common'
   require 'foreman_maintain/concerns/firewall/iptables_maintenance_mode'
   require 'foreman_maintain/concerns/firewall/nftables_maintenance_mode'
+  require 'foreman_maintain/concerns/firewall/maintenance_mode'
   require 'foreman_maintain/top_level_modules'
   require 'foreman_maintain/yaml_storage'
   require 'foreman_maintain/config'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_maintain
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.2
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-04-26 00:00:00.000000000 Z
+date: 2022-06-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: clamp
@@ -266,6 +266,7 @@ files:
 - definitions/procedures/foreman_tasks/ui_investigate.rb
 - definitions/procedures/hammer_setup.rb
 - definitions/procedures/installer/run.rb
+- definitions/procedures/installer/run_for_6_11.rb
 - definitions/procedures/installer/upgrade.rb
 - definitions/procedures/installer/upgrade_rake_task.rb
 - definitions/procedures/knowledge_base_article.rb
@@ -392,6 +393,7 @@ files:
 - lib/foreman_maintain/concerns/downstream.rb
 - lib/foreman_maintain/concerns/finders.rb
 - lib/foreman_maintain/concerns/firewall/iptables_maintenance_mode.rb
+- lib/foreman_maintain/concerns/firewall/maintenance_mode.rb
 - lib/foreman_maintain/concerns/firewall/nftables_maintenance_mode.rb
 - lib/foreman_maintain/concerns/hammer.rb
 - lib/foreman_maintain/concerns/logger.rb
@@ -413,6 +415,7 @@ files:
 - lib/foreman_maintain/executable.rb
 - lib/foreman_maintain/feature.rb
 - lib/foreman_maintain/package_manager.rb
+- lib/foreman_maintain/package_manager/apt.rb
 - lib/foreman_maintain/package_manager/base.rb
 - lib/foreman_maintain/package_manager/dnf.rb
 - lib/foreman_maintain/package_manager/yum.rb