foreman_maintain 0.0.6 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cc75bb9cfa1bb98c97e017ca86a5eb283be27ebc
-  data.tar.gz: ca4c72fb28c52a0a87e592730954d5b5c1d87106
+  metadata.gz: f06770124cbd3e2be20090877be87d6180a42eb5
+  data.tar.gz: ac4527d5767a4a83ac0a261acb7fc909e52e7388
 SHA512:
-  metadata.gz: 9acd9ac4a3df158361684415bf94e0c82a7d582b0fb98313a6d1b9a111ea9ab65d4476a7098b7dc9f3cca66e3363ed44ae14cae6113c846212d602e27607a413
-  data.tar.gz: 365618e5ab301e0ed0bcc530189e35d86525ac5707573d221e58f9540ca7779b2cbc1bb9cea7ed0bba2c8cb952cd47dfdfcf9e47d1c9218f30df21673cea7fc6
+  metadata.gz: e0ac14d818c8eef103783ac56812c86961c4e159cd7cadb1ee18a21391d754a62af9171b7162b5aa6f6ab0bfc0056ed21c52931cbe092cea95485b4329111e58
+  data.tar.gz: 78c4598b243767017b594f7ee3819843025f4c5c314a3713515a6333e4ffbcecdc3e25629eba63b347716e1136de8f87941b911d2180678614cc3dd5020a581c

data/README.md

@@ -1,4 +1,4 @@
-# Foreman Maintenance
+# Foreman Maintenance [![Build Status](https://travis-ci.org/theforeman/foreman_maintain.svg?branch=master)](https://travis-ci.org/theforeman/foreman_maintain)
 
 `foreman_maintain` aims to provide various features that helps keeping the
 Foreman/Satellite up and running. It supports multiple versions and subparts
@@ -17,8 +17,80 @@ Subcommands:
         --tags tags                 Limit only for specific set of tags
 
     upgrade                       Upgrade related commands
-      list-versions                List versions this system is upgradable to
-      check TARGET_VERSION         Run pre-upgrade checks for upgradeing to specified version
+      list-versions                 List versions this system is upgradable to
+      check --target-version TARGET_VERSION   Run pre-upgrade checks for upgradeing to specified version
+      run --target-version TARGET_VERSION     Run the full upgrade
+          [--phase=phase TARGET_VERSION]      Run just a specific phase of the upgrade
+```
+
+### Upgrades
+
+Foreman-maintain implements upgrade tooling that helps the administrator to go
+through the upgrade process.
+
+Foreman-maintain scans the system to know, what version are available
+to upgrade to for the particular system. To see what versions are available
+for upgrade, run:
+
+```
+foreman-maintain upgrade list-versions
+```
+
+To perform just the pre-upgrade checks for the system, run:
+
+```
+foreman-maintain upgrade check --target-version TARGET_VERSION
+```
+
+The upgrade tooling is able to handle the full end-to-end upgrade via:
+
+```
+foreman-maintain upgrade run --target-version TARGET_VERSION
+```
+
+The upgrade is split into several phases with different level of impact the run
+of the system:
+
+  * **pre-upgrade check** - this phase performs the checks to ensure that the system is
+    in ready state before the upgrade. The system should still be operational
+    at the current version, while this phase runs.
+
+  * **pre-migrations** - these steps perform changes on the system before
+    the actual upgrade stars. An example is disabling access to the system from
+    external sources, a.k.a. maintenance mode or disabling sync plans during the run.
+
+    After this phase ends, the system is still running the old version, and it's possible
+    to revert the changes by running the post-migrations steps.
+
+  * **migrations** - this phase performs the actual migrations, starting with
+    configuring new repositories, updated the packages and running the installer.
+
+    At the end of this phase, the system should be fully migrated to the new version.
+    However, the system is not fully operational yet, as the post-migrations steps
+    need to revert the pre-migrations steps.
+
+  * **post-migrations** - these steps revert the changes made in pre-migrations phase,
+    turning the system into fully-operational again.
+
+  * **post-upgrade checks** - this steps should perform sanity check of the system
+    to ensure the system is valid and ready to be used again.
+
+
+The state of the upgrade is kept between runs, allowing to re-run the `upgrade run`
+in case of failure. The tool should start at the appropriate point. For example,
+in case the upgrade is already in *migrations* phase, there is no point in running
+the *pre-upgrade check* phase. In case the upgrade failed before **migrations**
+phase made some modifying changes, the tool tries to rollback to the previous
+state of the system.
+
+#### Satellite notes
+
+To use custom organzation/activation key for configuring repositories during
+upgrade, set the following environment variables
+
+```
+export EXTERNAL_SAT_ORG='Sat6-CI'
+export EXTERNAL_SAT_ACTIVATION_KEY='Satellite QA RHEL7'
 ```
 
 ## Implementation

data/config/foreman_maintain.yml.example

@@ -5,6 +5,9 @@
 # Logger levels: mention one of debug, info, warning, error, fatal
 :log_level: 'error'
 
+# Mention log file size in KB. Default set to 10000KB.
+# :log_file_size: 10000
+
 # Mention definitions directories. Default
 # :definitions_dirs:
 
@@ -13,3 +16,6 @@
 
 # Mention directory to store whole backup data
 # :backup_dir: '/lib/foreman-maintain'
+
+# Mention path where foreman-proxy certificates stored on filesystem
+# :foreman_proxy_cert_path: '/etc/foreman'

data/config/foreman_maintain.yml.packaging

@@ -5,6 +5,9 @@
 # Logger levels: mention one of debug, info, warning, error, fatal
 # :log_level: 'error'
 
+# Mention log file size in KB. Default set to 10000KB.
+# :log_file_size: 10000
+
 # Mention definitions directories. Default
 # :definitions_dirs:
 
@@ -14,3 +17,6 @@
 # Mention directory to store whole backup data
 :backup_dir: '/var/lib/foreman-maintain'
 
+# Mention path where foreman-proxy certificates stored on filesystem
+# :foreman_proxy_cert_path: '/etc/foreman'
+

data/definitions/checks/disk_speed_minimal.rb

@@ -3,7 +3,7 @@ class Checks::DiskSpeedMinimal < ForemanMaintain::Check
     label :disk_io
     description 'Check for recommended disk speed of pulp, mongodb, pgsql dir.'
     tags :pre_upgrade
-    preparation_steps { Procedures::InstallPackage.new(:packages => %w[hdparm fio]) }
+    preparation_steps { Procedures::Packages::Install.new(:packages => %w[hdparm fio]) }
   end
 
   EXPECTED_IO = 80

data/definitions/checks/foreman_proxy/verify_dhcp_config_syntax.rb

@@ -0,0 +1,17 @@
+module Checks::ForemanProxy
+  class VerifyDhcpConfigSyntax < ForemanMaintain::Check
+    metadata do
+      for_feature :foreman_proxy
+      description 'Check for verifying syntax for ISP DHCP configurations'
+      tags :default
+      confine do
+        file_exists?('/etc/dhcp/dhcpd.conf')
+      end
+    end
+
+    def run
+      success = feature(:foreman_proxy).valid_dhcp_configs?
+      assert(success, 'Please check and verify DHCP configurations.')
+    end
+  end
+end

data/definitions/checks/system_registration.rb

@@ -11,7 +11,7 @@ class Checks::SystemRegistration < ForemanMaintain::Check
 
   def run
     if system_is_self_registerd?
-      raise ForemanMaintain::Error::Warn, 'System is self registered'
+      warn! 'System is self registered'
     else
       puts 'System is not self registered'
     end

data/definitions/features/downstream.rb

@@ -11,8 +11,39 @@ class Features::Downstream < ForemanMaintain::Feature
     @current_version ||= rpm_version('satellite') || version_from_source
   end
 
+  def current_minor_version
+    current_version.to_s[/^\d+\.\d+/]
+  end
+
+  def setup_repositories(version)
+    activation_key = ENV['EXTERNAL_SAT_ACTIVATION_KEY']
+    org = ENV['EXTERNAL_SAT_ORG']
+    if activation_key
+      org_options = org ? %(--org #{shellescape(org)}) : ''
+      execute!(%(subscription-manager register #{org_options}\
+                  --activationkey #{shellescape(activation_key)} --force))
+    else
+      execute!(%(subscription-manager repos --disable '*'))
+      enable_options = rh_repos(version).map { |r| "--enable=#{r}" }.join(' ')
+      execute!(%(subscription-manager repos #{enable_options}))
+    end
+  end
+
   private
 
+  def rh_repos(sat_version)
+    sat_version = version(sat_version)
+    ["rhel-#{rh_version.major}-server-rpms",
+     "rhel-#{rh_version.major}-rhscl-#{rh_version.major}-rpms",
+     "rhel-#{rh_version.major}-server-satellite-#{sat_version.major}.#{sat_version.minor}-rpms"]
+  end
+
+  def rh_version
+    return @rh_version if defined? @rh_version
+    release_package = execute!('rpm -qf /etc/redhat-release')
+    @rh_version = rpm_version(release_package, 'RELEASE')
+  end
+
   def version_from_source
     version(File.read('/usr/share/foreman/lib/satellite/version.rb')[/6\.\d\.\d/])
   end

data/definitions/features/foreman_1_7_x.rb

@@ -6,4 +6,37 @@ class Features::Foreman_1_7_x < ForemanMaintain::Feature
       check_min_version('foreman', '1.7')
     end
   end
+
+  def maintenance_mode(enable_disable)
+    case enable_disable
+    when :enable
+      custom_iptables_chain('FOREMAN_MAINTAIN',
+                            ['-i lo -j ACCEPT',
+                             '-p tcp --dport 443 -j REJECT'])
+    when :disable
+      del_custom_iptables_chain('FOREMAN_MAINTAIN')
+    else
+      raise "Unexpected argument #{enable_disable}"
+    end
+  end
+
+  private
+
+  def custom_iptables_chain(name, rules)
+    # if the chain already exists, we assume it was set before: we're not touching
+    # it again
+    return if execute?("iptables -L #{name}")
+    execute!("iptables -N #{name}")
+    rules.each do |rule|
+      execute!("iptables -A #{name} #{rule}")
+    end
+    execute!("iptables -I INPUT -j #{name}")
+  end
+
+  def del_custom_iptables_chain(name)
+    return unless execute?("iptables -L #{name}") # the chain is already gone
+    execute!("iptables -D INPUT -j #{name}")
+    execute!("iptables -F #{name}")
+    execute!("iptables -X #{name}")
+  end
 end

data/definitions/features/foreman_proxy.rb

@@ -0,0 +1,72 @@
+class Features::ForemanProxy < ForemanMaintain::Feature
+  metadata do
+    label :foreman_proxy
+  end
+
+  attr_reader :dhcpd_conf_file, :cert_path
+
+  def initialize
+    @dhcpd_conf_file = '/etc/dhcp/dhcpd.conf'
+    @cert_path = ForemanMaintain.config.foreman_proxy_cert_path
+  end
+
+  def valid_dhcp_configs?
+    dhcp_req_pass? && !syntax_error_exists?
+  end
+
+  private
+
+  def dhcp_curl_cmd
+    "curl -w '\n%{http_code}' -slient -ks --cert #{cert_path}/client_cert.pem \
+      --key #{cert_path}/client_key.pem \
+      --cacert #{cert_path}/proxy_ca.pem https://$(hostname):9090/dhcp"
+  end
+
+  def find_http_error_msg(array_output, curl_http_status)
+    http_line = ''
+    array_output.each do |str|
+      next unless str.include?('HTTP')
+      http_line = str
+    end
+    http_line.split(curl_http_status.to_s).last.strip
+  end
+
+  def run_dhcp_curl
+    curl_resp = execute(dhcp_curl_cmd)
+    array_output = curl_resp.split(/\r\n/)
+    result_array = array_output.last.split(/\n/)
+    curl_http_status = result_array.delete_at(result_array.length - 1).strip.to_i
+    curl_http_resp = json_parse(result_array.join(''))
+    ForemanMaintain::Utils::CurlResponse.new(
+      curl_http_resp,
+      curl_http_status,
+      find_http_error_msg(array_output, curl_http_status)
+    )
+  end
+
+  def dhcp_req_pass?
+    dhcp_curl_resp = run_dhcp_curl
+    success = true
+    if dhcp_curl_resp.http_code.eql?(200)
+      if dhcp_curl_resp.result.empty?
+        success = false
+        puts "Verify DHCP Settings. Response: #{dhcp_curl_resp.result.inspect}"
+      end
+    else
+      success = false
+      puts dhcp_curl_resp.error_msg
+    end
+    success
+  end
+
+  def syntax_error_exists?
+    cmd = "dhcpd -t -cf #{dhcpd_conf_file}"
+    output = execute(cmd)
+    is_error = output.include?('Configuration file errors encountered')
+    if is_error
+      puts "\nFound syntax error in file #{dhcpd_conf_file}:"
+      puts output
+    end
+    is_error
+  end
+end

data/definitions/features/sync_plans.rb

@@ -20,10 +20,6 @@ class Features::SyncPlans < ForemanMaintain::Feature
     ).map { |r| r['id'].to_i }
   end
 
-  def disabled_plans_count
-    data[:disabled].length
-  end
-
   def make_disable(ids)
     update_records(ids, false)
   end
@@ -32,6 +28,14 @@ class Features::SyncPlans < ForemanMaintain::Feature
     update_records(data[:disabled], true)
   end
 
+  def load_from_storage(storage)
+    @data = storage.data.fetch(:sync_plans, :enabled => [], :disabled => [])
+  end
+
+  def save_to_storage(storage)
+    storage[:sync_plans] = @data
+  end
+
   private
 
   def update_records(ids, enabled)
@@ -46,30 +50,20 @@ class Features::SyncPlans < ForemanMaintain::Feature
     end
     updated_record_ids
   ensure
-    new_data = sync_plan_data(enabled, updated_record_ids)
-    save_state(new_data)
+    update_data(enabled, updated_record_ids)
   end
 
   def data
-    upgrade_storage = ForemanMaintain.storage(:upgrade)
-    @data ||= upgrade_storage.data.fetch(:sync_plans, :enabled => [], :disabled => [])
+    raise 'Use load_from_storage before accessing the data' unless defined? @data
     @data
   end
 
-  def sync_plan_data(enabled, new_ids)
-    sync_plan_hash = data
+  def update_data(enabled, new_ids)
     if enabled
-      sync_plan_hash[:disabled] -= new_ids
-      sync_plan_hash[:enabled] = new_ids
+      @data[:disabled] -= new_ids
+      @data[:enabled] = new_ids
     else
-      sync_plan_hash[:disabled].concat(new_ids)
+      @data[:disabled].concat(new_ids)
     end
-    sync_plan_hash
-  end
-
-  def save_state(sync_plan_hash = {})
-    storage = ForemanMaintain.storage(:upgrade)
-    storage[:sync_plans] = sync_plan_hash
-    storage.save
   end
 end

data/definitions/features/upstream.rb

@@ -6,4 +6,8 @@ class Features::Upstream < ForemanMaintain::Feature
       !downstream_installation?
     end
   end
+
+  def setup_repositories(_version)
+    raise NotImplementedError
+  end
 end

data/definitions/procedures/foreman_tasks/delete.rb

@@ -2,6 +2,7 @@ module Procedures::ForemanTasks
   class Delete < ForemanMaintain::Procedure
     metadata do
       param :state, 'In what state should the task be deleted'
+      description 'delete tasks'
     end
 
     def run
@@ -26,7 +27,7 @@ module Procedures::ForemanTasks
       end
     end
 
-    def description
+    def runtime_message
       "Delete #{@state} tasks"
     end
   end

data/definitions/procedures/hammer_setup.rb

@@ -1,4 +1,8 @@
 class Procedures::HammerSetup < ForemanMaintain::Procedure
+  metadata do
+    description 'setup hammer'
+  end
+
   def run
     setup_from_default || setup_from_answers
     puts "New settings saved into #{hammer.config_file}"
@@ -9,10 +13,6 @@ class Procedures::HammerSetup < ForemanMaintain::Procedure
     !hammer.ready?
   end
 
-  def description
-    'Setup hammer'
-  end
-
   private
 
   def setup_from_default

data/definitions/procedures/installer/upgrade.rb

@@ -0,0 +1,19 @@
+module Procedures::Installer
+  class Upgrade < ForemanMaintain::Procedure
+    def run
+      execute!("#{installer_command} --upgrade", :interactive => true)
+    end
+
+    private
+
+    def installer_command
+      if package_version('satellite-installer')
+        'satellite-installer'
+      elsif package_version('katello-installer')
+        'katello-installer'
+      else
+        'foreman-installer'
+      end
+    end
+  end
+end