foreman_maintain 1.1.1 → 1.1.4

data/definitions/scenarios/upgrade_to_capsule_6_12_z.rb

@@ -0,0 +1,90 @@
+module Scenarios::Capsule_6_12_z
+  class Abstract < ForemanMaintain::Scenario
+    def self.upgrade_metadata(&block)
+      metadata do
+        tags :upgrade_scenario
+        confine do
+          feature(:capsule) &&
+            (feature(:capsule).current_minor_version == '6.12' || \
+              ForemanMaintain.upgrade_in_progress == '6.12.z')
+        end
+        instance_eval(&block)
+      end
+    end
+
+    def target_version
+      '6.12.z'
+    end
+  end
+
+  class PreUpgradeCheck < Abstract
+    upgrade_metadata do
+      description 'Checks before upgrading to Capsule 6.12.z'
+      tags :pre_upgrade_checks
+      run_strategy :fail_slow
+    end
+
+    def compose
+      add_steps(find_checks(:default))
+      add_steps(find_checks(:pre_upgrade))
+      add_step(Checks::Foreman::CheckpointSegments)
+      add_step(Checks::Repositories::Validate.new(:version => '6.12'))
+    end
+  end
+
+  class PreMigrations < Abstract
+    upgrade_metadata do
+      description 'Procedures before migrating to Capsule 6.12.z'
+      tags :pre_migrations
+    end
+
+    def compose
+      add_steps(find_procedures(:pre_migrations))
+      add_step(Procedures::Service::Stop.new)
+    end
+  end
+
+  class Migrations < Abstract
+    upgrade_metadata do
+      description 'Migration scripts to Capsule 6.12.z'
+      tags :migrations
+    end
+
+    def set_context_mapping
+      context.map(:assumeyes, Procedures::Installer::Upgrade => :assumeyes)
+    end
+
+    def compose
+      add_step(Procedures::Repositories::Setup.new(:version => '6.12'))
+      add_step(Procedures::Packages::UnlockVersions.new)
+      add_step(Procedures::Packages::Update.new(:assumeyes => true))
+      add_step_with_context(Procedures::Installer::Upgrade)
+    end
+  end
+
+  class PostMigrations < Abstract
+    upgrade_metadata do
+      description 'Procedures after migrating to Capsule 6.12.z'
+      tags :post_migrations
+    end
+
+    def compose
+      add_step(Procedures::RefreshFeatures)
+      add_step(Procedures::Service::Start.new)
+      add_steps(find_procedures(:post_migrations))
+    end
+  end
+
+  class PostUpgradeChecks < Abstract
+    upgrade_metadata do
+      description 'Checks after upgrading to Capsule 6.12.z'
+      tags :post_upgrade_checks
+      run_strategy :fail_slow
+    end
+
+    def compose
+      add_steps(find_checks(:default))
+      add_steps(find_checks(:post_upgrade))
+    end
+  end
+end

data/definitions/scenarios/upgrade_to_satellite_6_11.rb

@@ -61,7 +61,7 @@ module Scenarios::Satellite_6_11
       add_step(Procedures::Repositories::Setup.new(:version => '6.11'))
       add_step(Procedures::Packages::UnlockVersions.new)
       add_step(Procedures::Packages::Update.new(:assumeyes => true))
-      add_step_with_context(Procedures::Installer::Upgrade)
+      add_step_with_context(Procedures::Installer::RunFor6_11)
       add_step(Procedures::Installer::UpgradeRakeTask)
     end
   end

data/definitions/scenarios/upgrade_to_satellite_6_12.rb

@@ -0,0 +1,92 @@
+module Scenarios::Satellite_6_12
+  class Abstract < ForemanMaintain::Scenario
+    def self.upgrade_metadata(&block)
+      metadata do
+        tags :upgrade_scenario
+        confine do
+          feature(:satellite) &&
+            (feature(:satellite).current_minor_version == '6.11' || \
+            ForemanMaintain.upgrade_in_progress == '6.12')
+        end
+        instance_eval(&block)
+      end
+    end
+
+    def target_version
+      '6.12'
+    end
+  end
+
+  class PreUpgradeCheck < Abstract
+    upgrade_metadata do
+      description 'Checks before upgrading to Satellite 6.12'
+      tags :pre_upgrade_checks
+      run_strategy :fail_slow
+    end
+
+    def compose
+      add_steps(find_checks(:default))
+      add_steps(find_checks(:pre_upgrade))
+      add_step(Checks::Foreman::CheckpointSegments)
+      add_step(Checks::Repositories::Validate.new(:version => '6.12'))
+    end
+  end
+
+  class PreMigrations < Abstract
+    upgrade_metadata do
+      description 'Procedures before migrating to Satellite 6.12'
+      tags :pre_migrations
+    end
+
+    def compose
+      add_steps(find_procedures(:pre_migrations))
+      add_step(Procedures::Service::Stop.new)
+    end
+  end
+
+  class Migrations < Abstract
+    upgrade_metadata do
+      description 'Migration scripts to Satellite 6.12'
+      tags :migrations
+      run_strategy :fail_fast
+    end
+
+    def set_context_mapping
+      context.map(:assumeyes, Procedures::Installer::Upgrade => :assumeyes)
+    end
+
+    def compose
+      add_step(Procedures::Repositories::Setup.new(:version => '6.12'))
+      add_step(Procedures::Packages::UnlockVersions.new)
+      add_step(Procedures::Packages::Update.new(:assumeyes => true))
+      add_step_with_context(Procedures::Installer::Upgrade)
+      add_step(Procedures::Installer::UpgradeRakeTask)
+    end
+  end
+
+  class PostMigrations < Abstract
+    upgrade_metadata do
+      description 'Procedures after migrating to Satellite 6.12'
+      tags :post_migrations
+    end
+
+    def compose
+      add_step(Procedures::RefreshFeatures)
+      add_step(Procedures::Service::Start.new)
+      add_steps(find_procedures(:post_migrations))
+    end
+  end
+
+  class PostUpgradeChecks < Abstract
+    upgrade_metadata do
+      description 'Checks after upgrading to Satellite 6.12'
+      tags :post_upgrade_checks
+      run_strategy :fail_slow
+    end
+
+    def compose
+      add_steps(find_checks(:default))
+      add_steps(find_checks(:post_upgrade))
+    end
+  end
+end

data/definitions/scenarios/upgrade_to_satellite_6_12_z.rb

@@ -0,0 +1,91 @@
+module Scenarios::Satellite_6_12_z
+  class Abstract < ForemanMaintain::Scenario
+    def self.upgrade_metadata(&block)
+      metadata do
+        tags :upgrade_scenario
+        confine do
+          feature(:satellite) &&
+            (feature(:satellite).current_minor_version == '6.12' || \
+            ForemanMaintain.upgrade_in_progress == '6.12.z')
+        end
+        instance_eval(&block)
+      end
+    end
+
+    def target_version
+      '6.12.z'
+    end
+  end
+
+  class PreUpgradeCheck < Abstract
+    upgrade_metadata do
+      description 'Checks before upgrading to Satellite 6.12.z'
+      tags :pre_upgrade_checks
+      run_strategy :fail_slow
+    end
+
+    def compose
+      add_steps(find_checks(:default))
+      add_steps(find_checks(:pre_upgrade))
+      add_step(Checks::Foreman::CheckpointSegments)
+      add_step(Checks::Repositories::Validate.new(:version => '6.12'))
+    end
+  end
+
+  class PreMigrations < Abstract
+    upgrade_metadata do
+      description 'Procedures before migrating to Satellite 6.12.z'
+      tags :pre_migrations
+    end
+
+    def compose
+      add_steps(find_procedures(:pre_migrations))
+      add_step(Procedures::Service::Stop.new)
+    end
+  end
+
+  class Migrations < Abstract
+    upgrade_metadata do
+      description 'Migration scripts to Satellite 6.12.z'
+      tags :migrations
+    end
+
+    def set_context_mapping
+      context.map(:assumeyes, Procedures::Installer::Upgrade => :assumeyes)
+    end
+
+    def compose
+      add_step(Procedures::Repositories::Setup.new(:version => '6.12'))
+      add_step(Procedures::Packages::UnlockVersions.new)
+      add_step(Procedures::Packages::Update.new(:assumeyes => true))
+      add_step_with_context(Procedures::Installer::Upgrade)
+      add_step(Procedures::Installer::UpgradeRakeTask)
+    end
+  end
+
+  class PostMigrations < Abstract
+    upgrade_metadata do
+      description 'Procedures after migrating to Satellite 6.12.z'
+      tags :post_migrations
+    end
+
+    def compose
+      add_step(Procedures::RefreshFeatures)
+      add_step(Procedures::Service::Start.new)
+      add_steps(find_procedures(:post_migrations))
+    end
+  end
+
+  class PostUpgradeChecks < Abstract
+    upgrade_metadata do
+      description 'Checks after upgrading to Satellite 6.12.z'
+      tags :post_upgrade_checks
+      run_strategy :fail_slow
+    end
+
+    def compose
+      add_steps(find_checks(:default))
+      add_steps(find_checks(:post_upgrade))
+    end
+  end
+end

data/lib/foreman_maintain/cli/packages_command.rb

@@ -2,23 +2,32 @@ module ForemanMaintain
   module Cli
     class PackagesCommand < Base
       subcommand 'lock', 'Prevent packages from automatic update' do
+        # This command is not implemented for Debian based operating systems
         interactive_option(['assumeyes'])
         def execute
-          run_scenarios_and_exit(Scenarios::Packages::Lock.new)
+          run_scenario_or_rescue do
+            run_scenarios_and_exit(Scenarios::Packages::Lock.new)
+          end
         end
       end
 
       subcommand 'unlock', 'Enable packages for automatic update' do
+        # This command is not implemented for Debian based operating systems
         interactive_option(['assumeyes'])
         def execute
-          run_scenarios_and_exit(Scenarios::Packages::Unlock.new)
+          run_scenario_or_rescue do
+            run_scenarios_and_exit(Scenarios::Packages::Unlock.new)
+          end
         end
       end
 
       subcommand 'status', 'Check if packages are protected against update' do
+        # This command is not implemented for Debian based operating systems
         interactive_option(['assumeyes'])
         def execute
-          run_scenarios_and_exit(Scenarios::Packages::Status.new)
+          run_scenario_or_rescue do
+            run_scenarios_and_exit(Scenarios::Packages::Status.new)
+          end
         end
       end
 
@@ -58,14 +67,24 @@ module ForemanMaintain
       end
 
       subcommand 'is-locked', 'Check if update of packages is allowed' do
+        # This command is not implemented for Debian based operating systems
         interactive_option(['assumeyes'])
         def execute
-          locked = ForemanMaintain.package_manager.versions_locked?
-          puts "Packages are#{locked ? '' : ' not'} locked"
-          exit_code = locked ? 0 : 1
-          exit exit_code
+          run_scenario_or_rescue do
+            locked = ForemanMaintain.package_manager.versions_locked?
+            puts "Packages are#{locked ? '' : ' not'} locked"
+            exit_code = locked ? 0 : 1
+            exit exit_code
+          end
         end
       end
+
+      def run_scenario_or_rescue
+        yield
+      rescue NotImplementedError
+        puts 'Command is not implemented for Debian based operating systems!'
+        exit 0
+      end
     end
   end
 end

data/lib/foreman_maintain/cli/self_upgrade_command.rb

@@ -5,7 +5,7 @@ module ForemanMaintain
              'Repository label from which packages should be updated.'\
              'This can be used when standard CDN repositories are unavailable.'
       def execute
-        run_scenario(upgrade_scenario, upgrade_rescue_scenario)
+        run_scenario(upgrade_scenario)
       end
 
       def upgrade_scenario
@@ -13,12 +13,6 @@ module ForemanMaintain
           maintenance_repo_label: maintenance_repo_label
         )
       end
-
-      def upgrade_rescue_scenario
-        Scenarios::SelfUpgradeRescue.new(
-          maintenance_repo_label: maintenance_repo_label
-        )
-      end
     end
   end
 end

data/lib/foreman_maintain/concerns/base_database.rb

@@ -4,13 +4,39 @@ module ForemanMaintain
       def data_dir
         if el7? && package_manager.installed?('rh-postgresql12-postgresql-server-syspaths')
           '/var/opt/rh/rh-postgresql12/lib/pgsql/data/'
+        elsif debian_or_ubuntu?
+          deb_postgresql_data_dir
         else
           '/var/lib/pgsql/data/'
         end
       end
 
+      def deb_postgresql_data_dir
+        deb_postgresql_versions.map do |ver|
+          "/var/lib/postgresql/#{ver}/main/"
+        end
+      end
+
+      def deb_postgresql_versions
+        installed_pkgs = package_manager.list_installed_packages('${binary:Package}\n')
+        @deb_postgresql_versions ||= installed_pkgs.grep(/^postgresql-\d+$/).map do |name|
+          name.split('-').last
+        end
+        @deb_postgresql_versions
+      end
+
       def postgresql_conf
-        "#{data_dir}/postgresql.conf"
+        return "#{data_dir}/postgresql.conf" if el?
+
+        deb_postgresql_config_dirs.map do |conf_dir|
+          "#{conf_dir}postgresql.conf"
+        end
+      end
+
+      def deb_postgresql_config_dirs
+        deb_postgresql_versions.map do |ver|
+          "/etc/postgresql/#{ver}/main/"
+        end
       end
 
       def restore_transform
@@ -89,11 +115,13 @@ module ForemanMaintain
 
       def backup_local(backup_file, extra_tar_options = {})
         dir = extra_tar_options.fetch(:data_dir, data_dir)
+        command = extra_tar_options.fetch(:command, 'create')
+
         FileUtils.cd(dir) do
           tar_options = {
             :archive => backup_file,
-            :command => 'create',
-            :transform => "s,^,#{data_dir[1..-1]},S",
+            :command => command,
+            :transform => "s,^,#{dir[1..-1]},S",
             :files => '*'
           }.merge(extra_tar_options)
           feature(:tar).run(tar_options)

data/lib/foreman_maintain/concerns/downstream.rb

@@ -66,7 +66,8 @@ module ForemanMaintain
         server_version_full = "#{server_version.major}.#{server_version.minor}"
         rh_repos.concat(product_specific_repos(server_version_full))
         if server_version > version('6.3')
-          rh_repos << ansible_repo(server_version)
+          ansible_repo = ansible_repo(server_version)
+          rh_repos << ansible_repo if ansible_repo
         end
 
         rh_repos
@@ -83,8 +84,6 @@ module ForemanMaintain
 
         if el7?
           "rhel-#{el_major_version}-server-ansible-#{ansible_version}-rpms"
-        else
-          "ansible-#{ansible_version}-for-rhel-#{el_major_version}-x86_64-rpms"
         end
       end
 

data/lib/foreman_maintain/concerns/firewall/maintenance_mode.rb

@@ -0,0 +1,31 @@
+module ForemanMaintain
+  module Concerns
+    module Firewall
+      module MaintenanceMode
+        def notify_and_ask_to_install_firewall_utility
+          puts 'Unable to find nftables or iptables!'
+          question, pkg = question_and_pkg_name
+          answer = ask_decision(question, actions_msg: 'y(yes), q(quit)')
+          if answer == :yes
+            packages_action(:install, pkg)
+            feature(:instance).firewall.enable_maintenance_mode
+          end
+        end
+
+        def can_install_nft?
+          # The nftables is default from EL8 and Debian 10(Buster)
+          (el? && el_major_version >= 8) ||
+            (debian? && deb_major_version >= 10) ||
+            (ubuntu? && ubuntu_major_version.to_i >= 22)
+        end
+
+        def question_and_pkg_name
+          pkg_to_install = can_install_nft? ? 'nftables' : 'iptables'
+          question = "Do you want to install missing netfilter utility #{pkg_to_install}?"\
+                     "\nand start maintenance mode?"
+          [question, [pkg_to_install]]
+        end
+      end
+    end
+  end
+end

data/lib/foreman_maintain/concerns/firewall/nftables_maintenance_mode.rb

@@ -10,7 +10,7 @@ module ForemanMaintain
           unless table_exist?
             add_table
             add_chain(:chain_options => nftables_chain_options)
-            add_rule(rule: nftables_rule)
+            add_rules(rules: nftables_rules)
           end
         end
 
@@ -22,8 +22,8 @@ module ForemanMaintain
           '{type filter hook input priority 0\\;}'
         end
 
-        def nftables_rule
-          'tcp dport https reject'
+        def nftables_rules
+          ['iifname "lo" accept', 'tcp dport 443 reject']
         end
 
         def status_for_maintenance_mode

data/lib/foreman_maintain/concerns/metadata.rb

@@ -100,6 +100,10 @@ module ForemanMaintain
           @data[:advanced_run] = advanced_run
         end
 
+        def do_not_whitelist
+          @data[:do_not_whitelist] = true
+        end
+
         def self.eval_dsl(metadata, &block)
           new(metadata).tap do |dsl|
             dsl.instance_eval(&block)

data/lib/foreman_maintain/concerns/os_facts.rb

@@ -46,12 +46,20 @@ module ForemanMaintain
         facts.fetch('ID_LIKE', '').split
       end
 
+      def os_name
+        facts.fetch('NAME')
+      end
+
       def el?
         File.exist?('/etc/redhat-release')
       end
 
       def debian?
-        File.exist?('/etc/debian_version')
+        os_id == 'debian'
+      end
+
+      def ubuntu?
+        os_id == 'ubuntu'
       end
 
       def el7?
@@ -63,7 +71,23 @@ module ForemanMaintain
       end
 
       def el_major_version
-        return os_version_id.to_i if el?
+        os_version_id.to_i if el?
+      end
+
+      def deb_major_version
+        os_version_id.to_i if debian?
+      end
+
+      def ubuntu_major_version
+        os_version_id if ubuntu?
+      end
+
+      def debian_or_ubuntu?
+        debian? || ubuntu?
+      end
+
+      def os_version
+        facts.fetch('VERSION')
       end
     end
   end

data/lib/foreman_maintain/concerns/system_helpers.rb

@@ -100,12 +100,13 @@ module ForemanMaintain
       end
 
       def packages_action(action, packages, options = {})
-        options.validate_options!(:assumeyes)
+        options.validate_options!(:assumeyes, :yum_options)
         case action
         when :install
           package_manager.install(packages, :assumeyes => options[:assumeyes])
         when :update
-          package_manager.update(packages, :assumeyes => options[:assumeyes])
+          package_manager.update(packages, :assumeyes => options[:assumeyes],
+                                           :yum_options => options[:yum_options])
         when :remove
           package_manager.remove(packages, :assumeyes => options[:assumeyes])
         else
@@ -114,8 +115,12 @@ module ForemanMaintain
       end
 
       def package_version(name)
-        # space for extension to support non-rpm distributions
-        pkg = package_manager.find_installed_package(name, '%{VERSION}')
+        ver = if el?
+                '%{VERSION}'
+              elsif debian_or_ubuntu?
+                '${VERSION}'
+              end
+        pkg = package_manager.find_installed_package(name, ver)
         version(pkg) unless pkg.nil?
       end
 
@@ -138,6 +143,9 @@ module ForemanMaintain
       end
 
       def version(value)
+        # packages versions, especially on Debian, sometimes include a + or a ~,
+        # but Gem::Version can't handle that.
+        value.gsub!(/[+~]/, '-')
         Version.new(value)
       end
 
@@ -184,7 +192,7 @@ module ForemanMaintain
       end
 
       def ruby_prefix(scl = true)
-        if debian?
+        if debian_or_ubuntu?
           'ruby-'
         elsif el7? && scl
           'tfm-rubygem-'
@@ -194,12 +202,12 @@ module ForemanMaintain
       end
 
       def foreman_plugin_name(plugin)
-        plugin = plugin.tr('_', '-') if debian?
+        plugin = plugin.tr('_', '-') if debian_or_ubuntu?
         ruby_prefix + plugin
       end
 
       def proxy_plugin_name(plugin)
-        if debian?
+        if debian_or_ubuntu?
           plugin = plugin.tr('_', '-')
           proxy_plugin_prefix = 'smart-proxy-'
         else
@@ -210,12 +218,12 @@ module ForemanMaintain
       end
 
       def hammer_plugin_name(plugin)
-        plugin = plugin.tr('_', '-') if debian?
-        [hammer_package, plugin].join(debian? ? '-' : '_')
+        plugin = plugin.tr('_', '-') if debian_or_ubuntu?
+        [hammer_package, plugin].join(debian_or_ubuntu? ? '-' : '_')
       end
 
       def hammer_package
-        hammer_prefix = if debian?
+        hammer_prefix = if debian_or_ubuntu?
                           'hammer-cli'
                         else
                           'hammer_cli'