foreman_maintain 1.7.11 → 1.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/definitions/features/installer.rb +10 -8
- data/definitions/features/pulpcore.rb +1 -8
- data/definitions/features/satellite.rb +2 -8
- data/definitions/procedures/pulpcore/container_handle_image_metadata.rb +2 -1
- data/definitions/procedures/repositories/index_katello_repositories_container_metadata.rb +2 -1
- data/definitions/scenarios/foreman_upgrade.rb +0 -1
- data/definitions/scenarios/satellite_upgrade.rb +2 -4
- data/lib/foreman_maintain/concerns/downstream.rb +19 -4
- data/lib/foreman_maintain/upgrade_runner.rb +1 -0
- data/lib/foreman_maintain/version.rb +1 -1
- metadata +2 -3
- data/definitions/checks/check_sha1_certificate_authority.rb +0 -48
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: 8e99ddc1408ae68f584bbfc6e8798367e623e38f981682666f40cac91bb8f5f4
         | 
| 4 | 
            +
              data.tar.gz: 173ee0cd4fbce206437d53937eaf0489111e4c6b57eac8b04943c9468eb5ab40
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: 60a28996480d8564f5900a56d3f1494f9eb756d0a54c1bf3fee4c37fb5096a848db3a4ed2a6700e65d2fd4193bda13bebb4a50368ca0dbfd2ca1dccf9ea76d8e
         | 
| 7 | 
            +
              data.tar.gz: c323322a2e40d116c34de3ed7430742caa127250024957aa4b2579b14bbc27fb271312a6d973d82533ef091ca77ead05de0cf61c005475da8e3766e910e35562
         | 
    
        data/README.md
    CHANGED
    
    | @@ -20,6 +20,7 @@ Subcommands: | |
| 20 20 | 
             
                  check --target-version TARGET_VERSION   Run pre-upgrade checks for upgrading to specified version
         | 
| 21 21 | 
             
                        --disable-self-upgrade            Disable automatic self upgrade (default: false)
         | 
| 22 22 | 
             
                  run --target-version TARGET_VERSION     Run the full upgrade
         | 
| 23 | 
            +
                      [--phase=phase TARGET_VERSION]      Run just a specific phase of the upgrade
         | 
| 23 24 | 
             
                      --disable-self-upgrade              Disable automatic self upgrade (default: false)
         | 
| 24 25 |  | 
| 25 26 | 
             
                advanced                      Advanced tools for server maintenance
         | 
| @@ -8,7 +8,7 @@ class Features::Installer < ForemanMaintain::Feature | |
| 8 8 | 
             
              end
         | 
| 9 9 |  | 
| 10 10 | 
             
              def answers
         | 
| 11 | 
            -
                 | 
| 11 | 
            +
                YAML.load_file(answer_file)
         | 
| 12 12 | 
             
              end
         | 
| 13 13 |  | 
| 14 14 | 
             
              def configuration
         | 
| @@ -28,11 +28,13 @@ class Features::Installer < ForemanMaintain::Feature | |
| 28 28 | 
             
              end
         | 
| 29 29 |  | 
| 30 30 | 
             
              def config_files
         | 
| 31 | 
            -
                 | 
| 32 | 
            -
                   | 
| 33 | 
            -
             | 
| 34 | 
            -
             | 
| 35 | 
            -
             | 
| 31 | 
            +
                paths = [
         | 
| 32 | 
            +
                  config_directory,
         | 
| 33 | 
            +
                  '/opt/puppetlabs/puppet/cache/foreman_cache_data',
         | 
| 34 | 
            +
                  '/opt/puppetlabs/puppet/cache/pulpcore_cache_data',
         | 
| 35 | 
            +
                ]
         | 
| 36 | 
            +
                paths << answer_file unless answer_file.start_with?("#{config_directory}/")
         | 
| 37 | 
            +
                paths
         | 
| 36 38 | 
             
              end
         | 
| 37 39 |  | 
| 38 40 | 
             
              def last_scenario
         | 
| @@ -80,8 +82,8 @@ class Features::Installer < ForemanMaintain::Feature | |
| 80 82 |  | 
| 81 83 | 
             
              private
         | 
| 82 84 |  | 
| 83 | 
            -
              def  | 
| 84 | 
            -
                 | 
| 85 | 
            +
              def answer_file
         | 
| 86 | 
            +
                configuration[:answer_file]
         | 
| 85 87 | 
             
              end
         | 
| 86 88 |  | 
| 87 89 | 
             
              def last_scenario_config
         | 
| @@ -25,14 +25,7 @@ class Features::Pulpcore < ForemanMaintain::Feature | |
| 25 25 | 
             
              end
         | 
| 26 26 |  | 
| 27 27 | 
             
              def running_tasks
         | 
| 28 | 
            -
                 | 
| 29 | 
            -
                # cli() uses parse_json() which swallows JSON::ParserError and returns nil
         | 
| 30 | 
            -
                # but running_tasks should return an Array
         | 
| 31 | 
            -
                if tasks.nil?
         | 
| 32 | 
            -
                  []
         | 
| 33 | 
            -
                else
         | 
| 34 | 
            -
                  tasks
         | 
| 35 | 
            -
                end
         | 
| 28 | 
            +
                cli('task list --state-in running --state-in canceling')
         | 
| 36 29 | 
             
              rescue ForemanMaintain::Error::ExecutionError
         | 
| 37 30 | 
             
                []
         | 
| 38 31 | 
             
              end
         | 
| @@ -11,11 +11,11 @@ class Features::Satellite < ForemanMaintain::Feature | |
| 11 11 | 
             
              end
         | 
| 12 12 |  | 
| 13 13 | 
             
              def target_version
         | 
| 14 | 
            -
                 | 
| 14 | 
            +
                satellite_maintain_target_version
         | 
| 15 15 | 
             
              end
         | 
| 16 16 |  | 
| 17 17 | 
             
              def current_version
         | 
| 18 | 
            -
                @current_version ||= package_version(package_name) | 
| 18 | 
            +
                @current_version ||= package_version(package_name)
         | 
| 19 19 | 
             
              end
         | 
| 20 20 |  | 
| 21 21 | 
             
              def package_name
         | 
| @@ -25,10 +25,4 @@ class Features::Satellite < ForemanMaintain::Feature | |
| 25 25 | 
             
              def module_name
         | 
| 26 26 | 
             
                'satellite'
         | 
| 27 27 | 
             
              end
         | 
| 28 | 
            -
             | 
| 29 | 
            -
              private
         | 
| 30 | 
            -
             | 
| 31 | 
            -
              def version_from_source
         | 
| 32 | 
            -
                version(File.read('/usr/share/foreman/lib/satellite/version.rb')[/6\.\d\.\d/])
         | 
| 33 | 
            -
              end
         | 
| 34 28 | 
             
            end
         | 
| @@ -14,7 +14,8 @@ module Procedures::Pulpcore | |
| 14 14 |  | 
| 15 15 | 
             
                    feature(:service).handle_services(spinner, 'start', :only => necessary_services)
         | 
| 16 16 |  | 
| 17 | 
            -
                    spinner.update('Adding image metadata to pulp.' | 
| 17 | 
            +
                    spinner.update('Adding image metadata to pulp. You can continue using the ' \
         | 
| 18 | 
            +
                           'system normally while the task runs in the background.')
         | 
| 18 19 | 
             
                    execute!(pulpcore_manager('container-handle-image-data'))
         | 
| 19 20 | 
             
                  end
         | 
| 20 21 | 
             
                end
         | 
| @@ -8,7 +8,8 @@ module Procedures::Repositories | |
| 8 8 | 
             
                end
         | 
| 9 9 |  | 
| 10 10 | 
             
                def run
         | 
| 11 | 
            -
                  with_spinner('Adding image metadata  | 
| 11 | 
            +
                  with_spinner(('Adding image metadata. You can continue using the ' \
         | 
| 12 | 
            +
                                'system normally while the task runs in the background.')) do
         | 
| 12 13 | 
             
                    execute!('foreman-rake katello:import_container_manifest_labels')
         | 
| 13 14 | 
             
                  end
         | 
| 14 15 | 
             
                end
         | 
| @@ -4,15 +4,14 @@ module Scenarios::Satellite | |
| 4 4 | 
             
                  metadata do
         | 
| 5 5 | 
             
                    tags :upgrade_scenario
         | 
| 6 6 | 
             
                    confine do
         | 
| 7 | 
            -
                       | 
| 8 | 
            -
                        ForemanMaintain.upgrade_in_progress == '6.16')
         | 
| 7 | 
            +
                      feature(:instance).downstream&.satellite_upgrade_allowed?
         | 
| 9 8 | 
             
                    end
         | 
| 10 9 | 
             
                    instance_eval(&block)
         | 
| 11 10 | 
             
                  end
         | 
| 12 11 | 
             
                end
         | 
| 13 12 |  | 
| 14 13 | 
             
                def target_version
         | 
| 15 | 
            -
                   | 
| 14 | 
            +
                  feature(:instance).downstream&.satellite_maintain_target_version
         | 
| 16 15 | 
             
                end
         | 
| 17 16 | 
             
              end
         | 
| 18 17 |  | 
| @@ -55,7 +54,6 @@ module Scenarios::Satellite | |
| 55 54 | 
             
                    Checks::CheckIpv6Disable,
         | 
| 56 55 | 
             
                    Checks::Disk::AvailableSpacePostgresql13,
         | 
| 57 56 | 
             
                    Checks::CheckOrganizationContentAccessMode,
         | 
| 58 | 
            -
                    Checks::CheckSha1CertificateAuthority,
         | 
| 59 57 | 
             
                    Checks::Repositories::Validate.new(:version => target_version),
         | 
| 60 58 | 
             
                  )
         | 
| 61 59 | 
             
                end
         | 
| @@ -1,6 +1,8 @@ | |
| 1 1 | 
             
            module ForemanMaintain
         | 
| 2 2 | 
             
              module Concerns
         | 
| 3 3 | 
             
                module Downstream
         | 
| 4 | 
            +
                  SATELLITE_MAINTAIN_CONFIG = '/usr/share/satellite-maintain/config.yml'.freeze
         | 
| 5 | 
            +
             | 
| 4 6 | 
             
                  def current_version
         | 
| 5 7 | 
             
                    raise NotImplementedError
         | 
| 6 8 | 
             
                  end
         | 
| @@ -46,8 +48,25 @@ module ForemanMaintain | |
| 46 48 | 
             
                    %w[satellite-maintain satellite-maintain]
         | 
| 47 49 | 
             
                  end
         | 
| 48 50 |  | 
| 51 | 
            +
                  def satellite_maintain_target_version
         | 
| 52 | 
            +
                    satellite_maintain_config['current_satellite_version']
         | 
| 53 | 
            +
                  end
         | 
| 54 | 
            +
             | 
| 55 | 
            +
                  def satellite_upgrade_allowed?
         | 
| 56 | 
            +
                    current_minor_version == satellite_maintain_config['previous_satellite_version'] ||
         | 
| 57 | 
            +
                      ForemanMaintain.upgrade_in_progress == satellite_maintain_target_version
         | 
| 58 | 
            +
                  end
         | 
| 59 | 
            +
             | 
| 49 60 | 
             
                  private
         | 
| 50 61 |  | 
| 62 | 
            +
                  def satellite_maintain_config
         | 
| 63 | 
            +
                    if File.exist?(SATELLITE_MAINTAIN_CONFIG)
         | 
| 64 | 
            +
                      YAML.load_file(SATELLITE_MAINTAIN_CONFIG)
         | 
| 65 | 
            +
                    else
         | 
| 66 | 
            +
                      raise "Could not load satellite-maintain configuration file #{SATELLITE_MAINTAIN_CONFIG}."
         | 
| 67 | 
            +
                    end
         | 
| 68 | 
            +
                  end
         | 
| 69 | 
            +
             | 
| 51 70 | 
             
                  def rh_repos(server_version)
         | 
| 52 71 | 
             
                    server_version = version(server_version)
         | 
| 53 72 | 
             
                    rh_repos = main_rh_repos
         | 
| @@ -71,10 +90,6 @@ module ForemanMaintain | |
| 71 90 | 
             
                      "rhel-#{el_major_version}-for-x86_64-appstream-rpms",
         | 
| 72 91 | 
             
                    ]
         | 
| 73 92 | 
             
                  end
         | 
| 74 | 
            -
             | 
| 75 | 
            -
                  def version_from_source
         | 
| 76 | 
            -
                    raise NotImplementedError
         | 
| 77 | 
            -
                  end
         | 
| 78 93 | 
             
                end
         | 
| 79 94 | 
             
              end
         | 
| 80 95 | 
             
            end
         | 
| @@ -137,6 +137,7 @@ module ForemanMaintain | |
| 137 137 | 
             
                    @reporter.before_scenario_starts(scenario)
         | 
| 138 138 | 
             
                    @reporter.puts <<~MESSAGE
         | 
| 139 139 | 
             
                      Skipping #{skipped_phase} phase as it was already run before.
         | 
| 140 | 
            +
                      To enforce to run the phase, use `upgrade run --phase #{skipped_phase}`
         | 
| 140 141 | 
             
                    MESSAGE
         | 
| 141 142 | 
             
                    @reporter.after_scenario_finishes(scenario)
         | 
| 142 143 | 
             
                  end
         | 
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: foreman_maintain
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 1. | 
| 4 | 
            +
              version: 1.8.0
         | 
| 5 5 | 
             
            platform: ruby
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - Ivan Nečas
         | 
| 8 8 | 
             
            autorequire:
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date:  | 
| 11 | 
            +
            date: 2024-10-10 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: clamp
         | 
| @@ -162,7 +162,6 @@ files: | |
| 162 162 | 
             
            - definitions/checks/candlepin/db_up.rb
         | 
| 163 163 | 
             
            - definitions/checks/check_hotfix_installed.rb
         | 
| 164 164 | 
             
            - definitions/checks/check_ipv6_disable.rb
         | 
| 165 | 
            -
            - definitions/checks/check_sha1_certificate_authority.rb
         | 
| 166 165 | 
             
            - definitions/checks/check_tmout.rb
         | 
| 167 166 | 
             
            - definitions/checks/disk/available_space.rb
         | 
| 168 167 | 
             
            - definitions/checks/disk/available_space_candlepin.rb
         | 
| @@ -1,48 +0,0 @@ | |
| 1 | 
            -
            class Checks::CheckSha1CertificateAuthority < ForemanMaintain::Check
         | 
| 2 | 
            -
              metadata do
         | 
| 3 | 
            -
                label :check_sha1_certificate_authority
         | 
| 4 | 
            -
                description 'Check if server certificate authority is sha1 signed'
         | 
| 5 | 
            -
             | 
| 6 | 
            -
                confine do
         | 
| 7 | 
            -
                  feature(:katello) || feature(:foreman_proxy)
         | 
| 8 | 
            -
                end
         | 
| 9 | 
            -
             | 
| 10 | 
            -
                do_not_whitelist
         | 
| 11 | 
            -
              end
         | 
| 12 | 
            -
             | 
| 13 | 
            -
              def run
         | 
| 14 | 
            -
                installer_answers = feature(:installer).answers
         | 
| 15 | 
            -
                server_ca = installer_answers['certs']['server_ca_cert']
         | 
| 16 | 
            -
             | 
| 17 | 
            -
                return unless server_ca
         | 
| 18 | 
            -
             | 
| 19 | 
            -
                begin
         | 
| 20 | 
            -
                  certificates = load_fullchain(server_ca)
         | 
| 21 | 
            -
                rescue OpenSSL::X509::CertificateError
         | 
| 22 | 
            -
                  assert(false, "Error reading server CA certificate #{server_ca}.")
         | 
| 23 | 
            -
                else
         | 
| 24 | 
            -
                  msg = <<~MSG
         | 
| 25 | 
            -
                    Server CA certificate #{server_ca} signed with sha1 which will break on upgrade.
         | 
| 26 | 
            -
                    Update the server CA certificate with one signed with sha256 or
         | 
| 27 | 
            -
                    stronger then proceed with the upgrade.
         | 
| 28 | 
            -
                  MSG
         | 
| 29 | 
            -
             | 
| 30 | 
            -
                  assert(
         | 
| 31 | 
            -
                    certificates.all? { |cert| cert.signature_algorithm != 'sha1WithRSAEncryption' },
         | 
| 32 | 
            -
                    msg
         | 
| 33 | 
            -
                  )
         | 
| 34 | 
            -
                end
         | 
| 35 | 
            -
              end
         | 
| 36 | 
            -
             | 
| 37 | 
            -
              def load_fullchain(bundle_pem)
         | 
| 38 | 
            -
                if OpenSSL::X509::Certificate.respond_to?(:load_file)
         | 
| 39 | 
            -
                  OpenSSL::X509::Certificate.load_file(bundle_pem)
         | 
| 40 | 
            -
                else
         | 
| 41 | 
            -
                  # Can be removed when only Ruby with load_file support is supported
         | 
| 42 | 
            -
                  File.binread(bundle_pem).
         | 
| 43 | 
            -
                    lines.
         | 
| 44 | 
            -
                    slice_after(/END CERTIFICATE/).
         | 
| 45 | 
            -
                    map { |pem| OpenSSL::X509::Certificate.new(pem.join) }
         | 
| 46 | 
            -
                end
         | 
| 47 | 
            -
              end
         | 
| 48 | 
            -
            end
         |