foreman_maintain 1.12.3 → 1.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b5e95ad904a84a122e5c9d82120299674f55998997acab8c8d29af3848a78d42
-  data.tar.gz: 66e3dbc6a9f9862a23d8c9ec0dd82f5fd3e3b856fbf5d3844eadbf448b762284
+  metadata.gz: e99fd5f893ec24f16eaea4c20b8260cd2878bf63149ddf830c29e15f0324cda0
+  data.tar.gz: 5f1e7e90783d76b45231d393e204f2588d5b4daf46723792186aaa14d9c525d9
 SHA512:
-  metadata.gz: ab607c39722607f8e80a56ffe3406d34bed7c72335bcba543b5fe76c339bc5e12216a588d5dacbc665f943f79b07cd00c293496425c925932d2a6dd9130efc91
-  data.tar.gz: '0290ebaa45d7c32847a1d0f92b23dd12f98e0b951c486c10f2cc043d8f53c488085a3f1095e585b70e2db60b9dbb12ad5ee60bcd9eec1741cb269e5ce2b08830'
+  metadata.gz: d5c950a2a4b110d1425f071a5532010f4b704267e3bde1d082ea1bed209ccf6f82bf5d2682ebbe444679edf85eb03e4b216ed7ba298dd3a6fd73904390ddce77
+  data.tar.gz: cccf743480372ef3b39e54ab995a9be077006dfe991a799021378371b3f58db1a04cac263f70e21bcd75b87e30892d55d390af17bb59cf0c57aee63030ae0543

data/definitions/checks/candlepin/db_index.rb

@@ -0,0 +1,25 @@
+module Checks
+  module Candlepin
+    class DBIndex < ForemanMaintain::Check
+      metadata do
+        description 'Make sure Candlepin DB indexes are OK'
+        label :candlepin_db_index
+        tags :db_index
+        for_feature :candlepin_database
+        confine do
+          feature(:candlepin_database)&.local?
+        end
+      end
+
+      def run
+        status, output = feature(:candlepin_database).amcheck
+
+        if !status.nil?
+          assert(status == 0, "Candlepin DB indexes have issues:\n#{output}")
+        else
+          skip 'amcheck is not available in this setup'
+        end
+      end
+    end
+  end
+end

data/definitions/checks/foreman/db_index.rb

@@ -0,0 +1,25 @@
+module Checks
+  module Foreman
+    class DBIndex < ForemanMaintain::Check
+      metadata do
+        description 'Make sure Foreman DB indexes are OK'
+        label :foreman_db_index
+        tags :db_index
+        for_feature :foreman_database
+        confine do
+          feature(:foreman_database)&.local?
+        end
+      end
+
+      def run
+        status, output = feature(:foreman_database).amcheck
+
+        if !status.nil?
+          assert(status == 0, "Foreman DB indexes have issues:\n#{output}")
+        else
+          skip 'amcheck is not available in this setup'
+        end
+      end
+    end
+  end
+end

data/definitions/checks/pulpcore/db_index.rb

@@ -0,0 +1,25 @@
+module Checks
+  module Pulpcore
+    class DBIndex < ForemanMaintain::Check
+      metadata do
+        description 'Make sure Pulpcore DB indexes are OK'
+        label :pulpcore_db_index
+        tags :db_index
+        for_feature :pulpcore_database
+        confine do
+          feature(:pulpcore_database)&.local?
+        end
+      end
+
+      def run
+        status, output = feature(:pulpcore_database).amcheck
+
+        if !status.nil?
+          assert(status == 0, "Pulpcore DB indexes have issues:\n#{output}")
+        else
+          skip 'amcheck is not available in this setup'
+        end
+      end
+    end
+  end
+end

data/definitions/checks/restore/validate_backup.rb

@@ -41,31 +41,26 @@ module Checks::Restore
 
     def required_katello_files(backup)
       backup_files_message(
-        backup.katello_online_files.join(', '),
-        backup.katello_offline_files.join(', ')
+        backup.katello_online_files.join(', ')
       )
     end
 
     def required_fpc_files(backup)
       backup_files_message(
-        backup.fpc_online_files.join(', '),
-        backup.fpc_offline_files.join(', ')
+        backup.fpc_online_files.join(', ')
       )
     end
 
     def required_foreman_files(backup)
       backup_files_message(
-        backup.foreman_online_files.join(', '),
-        backup.foreman_offline_files.join(', ')
+        backup.foreman_online_files.join(', ')
       )
     end
 
-    def backup_files_message(online_files, offline_files)
+    def backup_files_message(online_files)
       message = ''
-      message += 'An online or remote database backup directory contains: '
+      message += 'A backup directory contains: '
       message += "#{online_files}\n"
-      message += 'An offline backup directory contains: '
-      message += "#{offline_files}\n"
       message
     end
   end

data/definitions/checks/system_registration.rb

@@ -10,9 +10,11 @@ class Checks::SystemRegistration < ForemanMaintain::Check
   end
 
   def run
-    if rhsm_hostname_eql_hostname?
-      warn! 'System is self registered'
-    end
+    assert(!rhsm_hostname_eql_hostname?, 'System is self registered',
+      {
+        :warn => true,
+        :next_steps => [Procedures::KnowledgeBaseArticle.new(:doc => 'self_registered')],
+      })
   end
 
   def rhsm_hostname

data/definitions/features/iop.rb

@@ -8,6 +8,22 @@ class Features::Iop < ForemanMaintain::Feature
     end
   end
 
+  CONTAINER_NAMES =
+    [
+      'insights-engine',
+      'gateway',
+      'host-inventory',
+      'ingress',
+      'puptoo',
+      'yuptoo',
+      'advisor-backend',
+      'advisor-frontend',
+      'remediations',
+      'vmaas',
+      'vulnerability-engine',
+      'vulnerability-frontend',
+    ].freeze
+
   def config_files
     [
       '/var/lib/containers/storage/volumes/iop-core-kafka-data',
@@ -42,4 +58,32 @@ class Features::Iop < ForemanMaintain::Feature
     ]
   end
   # rubocop:enable Metrics/MethodLength
+
+  def timers
+    [
+      system_service('iop-service-vuln-vmaas-sync.timer', 20),
+    ]
+  end
+
+  def container_base
+    if feature(:instance).downstream
+      'registry.redhat.io/satellite'
+    else
+      'quay.io/iop'
+    end
+  end
+
+  def container_names
+    if feature(:instance).downstream
+      CONTAINER_NAMES.map { |container_name| "#{container_name}-rhel9" }
+    else
+      CONTAINER_NAMES
+    end
+  end
+
+  def container_images(container_version)
+    container_names.map do |container_name|
+      "#{container_base}/#{container_name}:#{container_version}"
+    end
+  end
 end

data/definitions/features/service.rb

@@ -1,4 +1,7 @@
+require 'foreman_maintain/concerns/systemd'
+
 class Features::Service < ForemanMaintain::Feature
+  include ForemanMaintain::Concerns::Systemd
   metadata do
     label :service
   end
@@ -13,10 +16,7 @@ class Features::Service < ForemanMaintain::Feature
 
   def existing_services
     ForemanMaintain.available_features.flat_map(&:services).
-      sort.
-      inject([]) do |pool, service| # uniq(&:to_s) for ruby 1.8.7
-        (pool.last.nil? || !pool.last.matches?(service)) ? pool << service : pool
-      end.
+      sort.uniq(&:to_s).
       select(&:exist?)
   end
 
@@ -30,14 +30,6 @@ class Features::Service < ForemanMaintain::Feature
     Hash[services.sort_by { |k, _| k.to_i }.reverse]
   end
 
-  def action_noun(action)
-    action_word_modified(action) + 'ing'
-  end
-
-  def action_past_tense(action)
-    action_word_modified(action) + 'ed'
-  end
-
   def filter_disabled_services!(action, service_list)
     if %w[start stop restart status].include?(action)
       service_list.select! { |service| !service.respond_to?(:enabled?) || service.enabled? }
@@ -45,13 +37,6 @@ class Features::Service < ForemanMaintain::Feature
     service_list
   end
 
-  def unit_file_available?(name)
-    cmd = "systemctl --no-legend --no-pager list-unit-files --type=service #{name} |\
-           grep --word-regexp --quiet #{name}"
-    exit_status, = execute_with_status(cmd)
-    exit_status == 0
-  end
-
   private
 
   def use_system_service(action, options, spinner)
@@ -96,28 +81,6 @@ class Features::Service < ForemanMaintain::Feature
     services_and_statuses.map! { |service, status| [service, status.value] }
   end
 
-  def format_status(output, exit_code, options)
-    status = ''
-    if !options[:failing] || exit_code > 0
-      if options[:brief]
-        status += format_brief_status(exit_code)
-      elsif !(output.nil? || output.empty?)
-        status += "\n" + output
-      end
-    end
-    status
-  end
-
-  def format_brief_status(exit_code)
-    result = (exit_code == 0) ? reporter.status_label(:success) : reporter.status_label(:fail)
-    padding = reporter.max_length - reporter.last_line.to_s.length - 30
-    "#{' ' * padding} #{result}"
-  end
-
-  def allowed_action?(action)
-    %w[start stop restart status enable disable].include?(action)
-  end
-
   def extend_service_list_with_sockets(service_list, options)
     return service_list unless options[:include_sockets]
 
@@ -162,21 +125,4 @@ class Features::Service < ForemanMaintain::Feature
     service_list.concat(unregistered_service_list)
     service_list
   end
-
-  def action_word_modified(action)
-    case action
-    when 'status'
-      'display'
-    when 'enable', 'disable'
-      action.chomp('e')
-    when 'stop'
-      action + 'p'
-    else
-      action
-    end
-  end
-
-  def exclude_services_only(options)
-    existing_services - filtered_services(options)
-  end
 end

data/definitions/features/timer.rb

@@ -0,0 +1,96 @@
+require 'foreman_maintain/concerns/systemd'
+
+class Features::Timer < ForemanMaintain::Feature
+  include ForemanMaintain::Concerns::Systemd
+  metadata do
+    label :timer
+  end
+
+  def handle_timers(spinner, action, options = {})
+    # options is used to handle "exclude" and "only" i.e.
+    # { :only => ["httpd"] }
+    # { :exclude => ["pulp-workers", "tomcat"] }
+    use_system_timer(action, options, spinner)
+  end
+
+  def existing_timers
+    ForemanMaintain.available_features.flat_map(&:timers).
+      sort.uniq(&:to_s).
+      select(&:exist?)
+  end
+
+  def filtered_timers(options, action = '')
+    timers = filter_timers(existing_timers, options, action)
+
+    raise 'No timers found matching your parameters' unless timers.any?
+    return timers unless options[:reverse]
+
+    Hash[timers.sort_by { |k, _| k.to_i }.reverse]
+  end
+
+  def filter_disabled_timers!(action, timer_list)
+    if %w[start stop restart status].include?(action)
+      timer_list.select! { |timer| !timer.respond_to?(:enabled?) || timer.enabled? }
+    end
+    timer_list
+  end
+
+  private
+
+  def use_system_timer(action, options, spinner)
+    options[:reverse] = action == 'stop'
+    raise 'Unsupported action detected' unless allowed_action?(action)
+
+    status, failed_timers = run_action_on_timers(action, options, spinner)
+
+    spinner.update("All timers #{action_past_tense(action)}")
+    if action == 'status'
+      raise "Some timers are not running (#{failed_timers.join(', ')})" if status > 0
+
+      spinner.update('All timers are running')
+    end
+  end
+
+  def run_action_on_timers(action, options, spinner)
+    status = 0
+    failed_timers = []
+    filtered_timers(options, action).each_value do |group|
+      fork_threads_for_timers(action, group, spinner).each do |timer, status_and_output|
+        spinner.update("#{action_noun(action)} #{timer}") if action == 'status'
+        item_status, output = status_and_output
+        formatted = format_status(output, item_status, options)
+        puts formatted unless formatted.empty?
+
+        if item_status > 0
+          status = item_status
+          failed_timers << timer
+        end
+      end
+    end
+    [status, failed_timers]
+  end
+
+  def fork_threads_for_timers(action, timers, spinner)
+    timers_and_statuses = []
+    timers.each do |timer|
+      spinner.update("#{action_noun(action)} #{timer}") if action != 'status'
+      timers_and_statuses << [timer, Thread.new { timer.send(action.to_sym) }]
+    end
+    timers_and_statuses.map! { |timer, status| [timer, status.value] }
+  end
+
+  def filter_timers(timer_list, options, action)
+    if options[:only]&.any?
+      timer_list = timer_list.select do |timer|
+        options[:only].any? { |opt| timer.matches?(opt) }
+      end
+    end
+
+    if options[:exclude]&.any?
+      timer_list = timer_list.reject { |timer| options[:exclude].include?(timer.name) }
+    end
+
+    timer_list = filter_disabled_timers!(action, timer_list)
+    timer_list.group_by(&:priority).to_h
+  end
+end

data/definitions/procedures/iop/image_prune.rb

@@ -0,0 +1,19 @@
+module Procedures::Iop
+  class ImagePrune < ForemanMaintain::Procedure
+    metadata do
+      description 'Prune unused IoP container images'
+
+      confine do
+        feature(:iop)
+      end
+    end
+
+    def run
+      prune_images
+    end
+
+    def prune_images
+      execute!("podman image prune --force")
+    end
+  end
+end

data/definitions/procedures/iop/update.rb

@@ -0,0 +1,25 @@
+module Procedures::Iop
+  class Update < ForemanMaintain::Procedure
+    metadata do
+      description 'Update IoP containers'
+
+      confine do
+        feature(:iop) && (feature(:satellite)&.connected? || !feature(:satellite))
+      end
+
+      param :version,
+        'Version of the containers to pull',
+        :required => true
+    end
+
+    def run
+      pull_images
+    end
+
+    def pull_images
+      feature(:iop).container_images(@version).each do |container_image|
+        execute!("podman pull #{container_image}")
+      end
+    end
+  end
+end

data/definitions/procedures/knowledge_base_article.rb

@@ -26,6 +26,7 @@ class Procedures::KnowledgeBaseArticle < ForemanMaintain::Procedure
       'fix_cpdb_validate_failure' => 'https://access.redhat.com/solutions/3362821',
       'fix_db_migrate_failure_on_duplicate_roles' => 'https://access.redhat.com/solutions/3998941',
       'many_fact_values' => 'https://access.redhat.com/solutions/4163891',
+      'self_registered' => 'https://access.redhat.com/solutions/3225941',
     }
   end
 end

data/definitions/procedures/restore/extract_files.rb

@@ -15,10 +15,6 @@ module Procedures::Restore
           spinner.update('Extracting pulp data')
           extract_pulp_data(backup)
         end
-        if backup.file_map[:pgsql_data][:present]
-          spinner.update('Extracting pgsql data')
-          extract_pgsql_data(backup)
-        end
       end
     end
 
@@ -51,19 +47,5 @@ module Procedures::Restore
     def any_database
       feature(:foreman_database) || feature(:candlepin_database) || feature(:pulpcore_database)
     end
-
-    def extract_pgsql_data(backup)
-      pgsql_data_tar = base_tar.merge(
-        :archive => backup.file_map[:pgsql_data][:path],
-        :gzip => true
-      )
-      feature(:tar).run(pgsql_data_tar)
-      del_data_dir_param if el?
-    end
-
-    def del_data_dir_param
-      # workaround for https://tickets.puppetlabs.com/browse/MODULES-11160
-      execute("sed -i '/data_directory/d' #{any_database.postgresql_conf}")
-    end
   end
 end

data/definitions/procedures/timer/start.rb

@@ -0,0 +1,20 @@
+module Procedures::Timer
+  class Start < ForemanMaintain::Procedure
+    metadata do
+      description 'Start systemd timers'
+
+      for_feature :timer
+      confine do
+        feature(:timer)&.existing_timers&.any?
+      end
+
+      tags :post_migrations
+    end
+
+    def run
+      with_spinner('Starting systemd timers') do |spinner|
+        feature(:timer).handle_timers(spinner, 'start')
+      end
+    end
+  end
+end

data/definitions/procedures/timer/stop.rb

@@ -0,0 +1,20 @@
+module Procedures::Timer
+  class Stop < ForemanMaintain::Procedure
+    metadata do
+      description 'Stop systemd timers'
+
+      for_feature :timer
+      confine do
+        feature(:timer)&.existing_timers&.any?
+      end
+
+      tags :pre_migrations
+    end
+
+    def run
+      with_spinner('Stopping systemd timers') do |spinner|
+        feature(:timer).handle_timers(spinner, 'stop')
+      end
+    end
+  end
+end

data/definitions/reports/bookmarks.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Reports
+  class Bookmarks < ForemanMaintain::Report
+    metadata do
+      description 'Report about bookmark usage'
+    end
+
+    def run
+      public_count = bookmarks_custom_public_count
+      private_count = bookmarks_custom_private_count
+
+      data_field('bookmarks_custom_public_count') { public_count }
+      data_field('bookmarks_custom_private_count') { private_count }
+      data_field('bookmarks_custom_count') { public_count + private_count }
+    end
+
+    private
+
+    def bookmarks_custom_public_count
+      # Count public bookmarks that are NOT owned by internal users
+      bookmarks_not_owned_by_internal_users(public: true)
+    end
+
+    def bookmarks_custom_private_count
+      # Count private bookmarks that are NOT owned by internal users
+      bookmarks_not_owned_by_internal_users(public: false)
+    end
+
+    def bookmarks_not_owned_by_internal_users(public:)
+      # Helper method to count bookmarks not owned by internal users with optional public filter
+      public_condition = public ? 'AND b.public = true' : 'AND b.public = false'
+
+      sql_count(
+        <<~SQL
+          bookmarks b
+          WHERE (
+            b.owner_type = 'User'
+            #{public_condition}
+            AND b.owner_id NOT IN (
+              SELECT u.id
+              FROM users u
+              INNER JOIN auth_sources a ON u.auth_source_id = a.id
+              WHERE a.type = 'AuthSourceHidden'
+            )
+          )
+        SQL
+      )
+    end
+  end
+end

data/definitions/reports/disconnected_environment.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Reports
+  class DisconnectedEnvironment < ForemanMaintain::Report
+    metadata do
+      description 'Checks if the instance is in a disconnected environment'
+    end
+
+    def run
+      data_field('disconnected_environment') do
+        subscription_connection_setting = sql_setting('subscription_connection_enabled')
+
+        # If setting doesn't exist, assume connected (not disconnected)
+        if subscription_connection_setting.nil?
+          false
+        else
+          # disconnected when subscription_connection_enabled is false
+          YAML.safe_load(subscription_connection_setting) == false
+        end
+      end
+    end
+  end
+end

data/definitions/reports/grouping.rb

@@ -4,6 +4,7 @@ module Reports
       description 'Check how resources are grouped'
     end
 
+    # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
     def run
       self.data = {}
       data_field('host_collections_count') { sql_count('katello_host_collections') }
@@ -26,6 +27,63 @@ module Reports
       if table_exists('config_groups')
         data_field('config_group_count') { sql_count('config_groups') }
       end
+
+      data_field('usergroup_max_nesting_level') { usergroup_max_nesting_level }
+
+      usergroup_roles_stats = usergroup_roles_statistics
+      data['user_group_roles_max_count'] = usergroup_roles_stats[:max_count]
+      data['user_group_roles_min_count'] = usergroup_roles_stats[:min_count]
+    end
+    # rubocop:enable Metrics/AbcSize, Metrics/MethodLength
+
+    private
+
+    def usergroup_max_nesting_level
+      # Use recursive CTE to find maximum nesting level of usergroups
+      cte_sql = <<~SQL
+        WITH RECURSIVE usergroup_hierarchy AS (
+          -- Base case: root usergroups (not members of any other usergroup)
+          SELECT id, 1 as level
+          FROM usergroups
+          WHERE id NOT IN (
+            SELECT member_id
+            FROM usergroup_members
+            WHERE member_type = 'Usergroup'
+          )
+          UNION ALL
+          -- Recursive case: usergroups that are members of other usergroups
+          SELECT ug.id, uh.level + 1
+          FROM usergroups ug
+          INNER JOIN usergroup_members ugm ON ug.id = ugm.member_id
+          INNER JOIN usergroup_hierarchy uh ON ugm.usergroup_id = uh.id
+          WHERE ugm.member_type = 'Usergroup'
+        )
+      SQL
+
+      sql_as_count('COALESCE(MAX(level) - 1, 0)', 'usergroup_hierarchy', cte: cte_sql)
+    end
+
+    def usergroup_roles_statistics
+      # Query to get role counts per usergroup, including usergroups with 0 roles
+      roles_per_usergroup = query(
+        <<~SQL
+          SELECT ug.id, COALESCE(ur.role_count, 0) as role_count
+          FROM usergroups ug
+          LEFT JOIN (
+            SELECT owner_id, COUNT(*) as role_count
+            FROM user_roles
+            WHERE owner_type = 'Usergroup'
+            GROUP BY owner_id
+          ) ur ON ug.id = ur.owner_id
+        SQL
+      )
+
+      if roles_per_usergroup.empty?
+        { max_count: 0, min_count: 0 }
+      else
+        role_counts = roles_per_usergroup.map { |row| row['role_count'].to_i }
+        { max_count: role_counts.max, min_count: role_counts.min }
+      end
     end
   end
 end