RubyGems - foreman_maintain - Versions diffs - 0.4.6 → 0.4.8 - Mend

foreman_maintain 0.4.6 → 0.4.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

checksums.yaml +4 -4
data/definitions/checks/version_locking_enabled.rb +1 -1
data/definitions/features/installer.rb +12 -2
data/definitions/features/package_manager.rb +1 -2
data/definitions/procedures/installer/run.rb +15 -0
data/definitions/procedures/packages/enable_version_locking.rb +1 -6
data/definitions/procedures/packages/install.rb +13 -2
data/definitions/procedures/packages/installer_confirmation.rb +18 -0
data/definitions/procedures/packages/lock_versions.rb +2 -6
data/definitions/procedures/packages/locking_status.rb +25 -3
data/definitions/procedures/packages/unlock_versions.rb +1 -1
data/definitions/procedures/packages/update.rb +10 -1
data/definitions/scenarios/packages.rb +90 -0
data/extras/foreman-maintain.sh +14 -0
data/extras/foreman_protector/foreman-protector.conf +3 -0
data/extras/foreman_protector/foreman-protector.py +85 -0
data/extras/foreman_protector/foreman-protector.whitelist +19 -0
data/extras/passenger-recycler.cron +3 -0
data/lib/foreman_maintain/cli/packages_command.rb +36 -8
data/lib/foreman_maintain/cli.rb +1 -1
data/lib/foreman_maintain/package_manager/base.rb +3 -13
data/lib/foreman_maintain/package_manager/yum.rb +45 -62
data/lib/foreman_maintain/runner.rb +11 -8
data/lib/foreman_maintain/upgrade_runner.rb +6 -2
data/lib/foreman_maintain/version.rb +1 -1
metadata +10 -3
data/definitions/scenarios/version_locking.rb +0 -39

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ec1d3cb6c78f4404fb0983479df446a46a5814428842c630f9723be36e58863
-  data.tar.gz: b156422372ca41f5ebec896fe24c929c96cef1577576f4abf768938b6776d910
+  metadata.gz: 0d748d16a88ff4ea39bdefe64acb950f12838579e8b32bf4077c2ce600ee69ee
+  data.tar.gz: fbbdc32ce0d5b282c3c330a7cd6660126f8b07ba732ed323f91f433141f7d306
 SHA512:
-  metadata.gz: 2df8afaa92f8871b3f3b59db30ec321af277059f0631a3ad2a54f064bf5067463160a209b7d7c1bc6fb15b83b30ac15015977fdf96621200b0eec87d690bcfd1
-  data.tar.gz: c30552fdc8e0c3ae64625d5504bbf894b134c50f77be98d3c42c3cfb751c61104f4ad391d88e4dc63b2b86163cb2b2a3e610e636d6be43d33253e463145e93dd
+  metadata.gz: 870a8eec52a19ce134968b45435b0913efc3e950ec9cba783528b8588b5830098bd48c864c6916a9bc3e378b57c7ac7056066323914c1beca5fccaa9237c257b
+  data.tar.gz: 0d9c910b5ec28449a47a89615e7df4d1665d178aa7c6b79c24f238ededc751b85a5582889cad8d1a8a235931bf909c136ce9d457d8be946ca9ffe77085c93cd4

data/definitions/checks/version_locking_enabled.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Checks
   class VersionLockingEnabled < ForemanMaintain::Check
     metadata do
-      description 'Check if tooling for package version locking is installed'
+      description 'Check if tooling for package locking is installed'
     end
     def run

data/definitions/features/installer.rb CHANGED Viewed

@@ -24,7 +24,7 @@ class Features::Installer < ForemanMaintain::Feature
   end
   def configuration
-    YAML.load_file(config_file)
+    @configuration ||= YAML.load_file(config_file)
   end
   def config_file
@@ -85,7 +85,9 @@ class Features::Installer < ForemanMaintain::Feature
   end
   def run(arguments = '', exec_options = {})
-    execute!("LANG=en_US.utf-8 #{installer_command} #{arguments}".strip, exec_options)
+    out = execute!("LANG=en_US.utf-8 #{installer_command} #{arguments}".strip, exec_options)
+    @configuration = nil
+    out
   end
   def upgrade(exec_options = {})
@@ -103,6 +105,14 @@ class Features::Installer < ForemanMaintain::Feature
       feature(:installer).answers['foreman']['admin_password']
   end
+  def lock_package_versions?
+    !!(configuration[:custom] && configuration[:custom][:lock_package_versions])
+  end
+  def lock_package_versions_supported?
+    !(configuration[:custom] && configuration[:custom][:lock_package_versions]).nil?
+  end
   private
   def load_answers(config)

data/definitions/features/package_manager.rb CHANGED Viewed

@@ -6,8 +6,7 @@ class Features::PackageManager < ForemanMaintain::Feature
   extend Forwardable
   def_delegators :manager, :lock_versions, :unlock_versions,
                  :installed?, :find_installed_package, :install, :update,
-                 :version_locking_enabled?, :configure_version_locking,
-                 :foreman_related_packages, :version_locking_packages,
+                 :version_locking_enabled?, :install_version_locking,
                  :versions_locked?, :clean_cache, :remove, :files_not_owned_by_package
   def self.type

data/definitions/procedures/installer/run.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Procedures::Installer
+  class Run < ForemanMaintain::Procedure
+    metadata do
+      param :arguments, 'Arguments passed to installer'
+    end
+    def run
+      feature(:installer).run(@arguments, :interactive => true)
+    end
+    def description
+      "Running #{feature(:installer).installer_command} #{@arguments}"
+    end
+  end
+end

data/definitions/procedures/packages/enable_version_locking.rb CHANGED Viewed

@@ -6,12 +6,7 @@ module Procedures::Packages
     end
     def run
-      packages = feature(:package_manager).version_locking_packages
-      feature(:package_manager).install(packages, :assumeyes => @assumeyes)
-      unless feature(:package_manager).installed?(packages)
-        raise "Unable to install some of the required dependences:  #{packages.join(' ')}"
-      end
-      feature(:package_manager).configure_version_locking
+      feature(:package_manager).install_version_locking(:assumeyes => @assumeyes)
     end
   end
 end

data/definitions/procedures/packages/install.rb CHANGED Viewed

@@ -1,16 +1,27 @@
 module Procedures::Packages
   class Install < ForemanMaintain::Procedure
     metadata do
+      description 'Install packages'
       param :packages, 'List of packages to install', :array => true
       param :assumeyes, 'Do not ask for confirmation'
+      param :force, 'Do not skip if package is installed', :flag => true, :default => false
+      param :warn_on_errors, 'Do not interrupt scenario on failure',
+            :flag => true, :default => false
     end
     def run
-      packages_action(:install, @packages, :assumeyes => @assumeyes.nil? ? assumeyes? : @assumeyes)
+      assumeyes_val = @assumeyes.nil? ? assumeyes? : @assumeyes
+      packages_action(:install, @packages, :assumeyes => assumeyes_val)
+    rescue ForemanMaintain::Error::ExecutionError => e
+      if @warn_on_errors
+        set_status(:warning, e.message)
+      else
+        raise
+      end
     end
     def necessary?
-      @packages.any? { |package| package_version(package).nil? }
+      @force || @packages.any? { |package| package_version(package).nil? }
     end
     def runtime_message

data/definitions/procedures/packages/installer_confirmation.rb ADDED Viewed

@@ -0,0 +1,18 @@
+module Procedures::Packages
+  class InstallerConfirmation < ForemanMaintain::Procedure
+    metadata do
+      description 'Confirm installer run is allowed'
+    end
+    def run
+      question = "WARNING: This script runs #{feature(:installer).installer_command} " \
+        "after the yum execution \n" \
+        "to ensure the #{feature(:instance).product_name} " \
+        "is in a consistent state.\n" \
+        "As a result some of your services may be restarted. \n\n" \
+        'Do you want to proceed?'
+      answer = ask_decision(question, 'y(yes), q(quit)')
+      abort! unless answer == :yes
+    end
+  end
+end

data/definitions/procedures/packages/lock_versions.rb CHANGED Viewed

@@ -2,16 +2,12 @@ module Procedures::Packages
   class LockVersions < ForemanMaintain::Procedure
     metadata do
       for_feature :package_manager
-      description 'Lock versions of Foreman-related packages'
+      description 'Lock packages'
       preparation_steps { [Checks::VersionLockingEnabled.new] }
     end
     def run
-      with_spinner('Collecting list of packages to lock') do |spinner|
-        package_list = feature(:package_manager).foreman_related_packages
-        spinner.update('Locking packages')
-        feature(:package_manager).lock_versions(package_list)
-      end
+      feature(:package_manager).lock_versions
     end
   end
 end

data/definitions/procedures/packages/locking_status.rb CHANGED Viewed

@@ -2,15 +2,37 @@ module Procedures::Packages
   class LockingStatus < ForemanMaintain::Procedure
     metadata do
       for_feature :package_manager
-      description 'Check status of version locking of Foreman-related packages'
+      description 'Check status of version locking of packages'
       preparation_steps { [Checks::VersionLockingEnabled.new] }
     end
     def run
+      check_automatic_locking
+      check_version_locked
+    end
+    private
+    def check_version_locked
       if feature(:package_manager).versions_locked?
-        puts 'Packages are locked.'
+        puts '  Packages are locked.'
+      else
+        puts '  Packages are not locked.'
+        puts "  WARNING: When locking is disabled there is a risk of unwanted update\n" \
+             "  of #{feature(:instance).product_name}' and its components and possible " \
+             'data inconsistency'
+      end
+    end
+    def check_automatic_locking
+      if feature(:installer).lock_package_versions_supported?
+        if feature(:installer).lock_package_versions?
+          puts '  Automatic locking of package versions is enabled in installer.'
+        else
+          puts '  Automatic locking of package versions is disabled in installer.'
+        end
       else
-        puts 'Packages are not locked.'
+        puts '  Automatic locking of package versions is not supported by installer.'
       end
     end
   end

data/definitions/procedures/packages/unlock_versions.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Procedures::Packages
   class UnlockVersions < ForemanMaintain::Procedure
     metadata do
       for_feature :package_manager
-      description 'Unlock versions of Foreman-related packages'
+      description 'Unlock packages'
       preparation_steps { [Checks::VersionLockingEnabled.new] }
     end

data/definitions/procedures/packages/update.rb CHANGED Viewed

@@ -3,16 +3,25 @@ module Procedures::Packages
     metadata do
       param :packages, 'List of packages to update', :array => true
       param :assumeyes, 'Do not ask for confirmation'
+      param :force, 'Do not skip if package is installed', :flag => true, :default => false
+      param :warn_on_errors, 'Do not interrupt scenario on failure',
+            :flag => true, :default => false
     end
     def run
       assumeyes_val = @assumeyes.nil? ? assumeyes? : @assumeyes
       feature(:package_manager).clean_cache
       packages_action(:update, @packages, :assumeyes => assumeyes_val)
+    rescue ForemanMaintain::Error::ExecutionError => e
+      if @warn_on_errors
+        set_status(:warning, e.message)
+      else
+        raise
+      end
     end
     def necessary?
-      @packages.any? { |package| package_version(package).nil? }
+      @force || @packages.any? { |package| package_version(package).nil? }
     end
     def description

data/definitions/scenarios/packages.rb ADDED Viewed

@@ -0,0 +1,90 @@
+module ForemanMaintain::Scenarios
+  module Packages
+    class Status < ForemanMaintain::Scenario
+      metadata do
+        label :packages_status
+        description 'detection of status of package version locking'
+        manual_detection
+      end
+      def compose
+        add_step(Procedures::Packages::LockingStatus)
+      end
+    end
+    class Unlock < ForemanMaintain::Scenario
+      metadata do
+        label :packages_unlock
+        description 'unlocking of package versions'
+        manual_detection
+      end
+      def compose
+        add_step(Procedures::Packages::UnlockVersions)
+      end
+    end
+    class Lock < ForemanMaintain::Scenario
+      metadata do
+        label :packages_lock
+        description 'locking of package versions'
+        manual_detection
+      end
+      def compose
+        add_step(Procedures::Packages::LockVersions)
+      end
+    end
+    class Install < ForemanMaintain::Scenario
+      metadata do
+        description 'install packages in unlocked session'
+        param :packages, 'List of packages to install', :array => true
+        param :assumeyes, 'Do not ask for confirmation'
+        manual_detection
+      end
+      def compose
+        add_step_with_context(Procedures::Packages::InstallerConfirmation)
+        add_step_with_context(Procedures::Packages::UnlockVersions)
+        add_step_with_context(Procedures::Packages::Install,
+                              :force => true, :warn_on_errors => true)
+        add_step_with_context(Procedures::Installer::Run,
+                              :arguments => '--upgrade --disable-system-checks')
+        add_step(Procedures::Packages::LockingStatus)
+      end
+      def set_context_mapping
+        context.map(:packages,
+                    Procedures::Packages::Install => :packages)
+        context.map(:assumeyes,
+                    Procedures::Packages::Install => :assumeyes)
+      end
+    end
+    class Update < ForemanMaintain::Scenario
+      metadata do
+        description 'update packages in unlocked session'
+        param :packages, 'List of packages to Update', :array => true
+        param :assumeyes, 'Do not ask for confirmation'
+        manual_detection
+      end
+      def compose
+        add_step_with_context(Procedures::Packages::InstallerConfirmation)
+        add_step_with_context(Procedures::Packages::UnlockVersions)
+        add_step_with_context(Procedures::Packages::Update, :force => true, :warn_on_errors => true)
+        add_step_with_context(Procedures::Installer::Run,
+                              :arguments => '--upgrade --disable-system-checks')
+        add_step(Procedures::Packages::LockingStatus)
+      end
+      def set_context_mapping
+        context.map(:packages,
+                    Procedures::Packages::Update => :packages)
+        context.map(:assumeyes,
+                    Procedures::Packages::Update => :assumeyes)
+      end
+    end
+  end
+end

data/extras/foreman-maintain.sh ADDED Viewed

@@ -0,0 +1,14 @@
+#!/bin/bash
+function quit_if_in_maintenance_mode {
+  /usr/bin/foreman-maintain maintenance-mode is-enabled
+  if [ $? -eq 0 ]
+  then
+    echo "Maintenance mode is on can not continue"
+    exit 1
+  fi
+}
+function is_maintenance_mode_enabled {
+  /usr/bin/foreman-maintain maintenance-mode is-enabled
+  echo $?
+}

data/extras/foreman_protector/foreman-protector.conf ADDED Viewed

@@ -0,0 +1,3 @@
+[main]
+enabled = 0
+whitelist = /etc/yum/pluginconf.d/foreman-protector.whitelist

data/extras/foreman_protector/foreman-protector.py ADDED Viewed

@@ -0,0 +1,85 @@
+from yum.plugins import PluginYumExit
+from yum.plugins import TYPE_CORE
+from rpmUtils.miscutils import splitFilename
+from yum.packageSack import packagesNewestByName
+import urlgrabber
+import urlgrabber.grabber
+import os
+import fnmatch
+import tempfile
+import time
+requires_api_version = '2.1'
+plugin_type = (TYPE_CORE,)
+_package_whitelist = set()
+fileurl = None
+def _load_whitelist():
+    try:
+      if fileurl:
+        llfile = urlgrabber.urlopen(fileurl)
+        for line in llfile.readlines():
+            if line.startswith('#') or line.strip() == '':
+                continue
+            _package_whitelist.add(line.rstrip().lower())
+        llfile.close()
+    except urlgrabber.grabber.URLGrabError, e:
+        raise PluginYumExit('Unable to read Foreman protector"s configuration: %s' % e)
+def _add_obsoletes(conduit):
+    if _package_whitelist:
+        #  If anything obsoletes something that we have whitelisted ... then
+        # whitelist that too.
+        for (pkgtup, instTup) in conduit._base.up.getObsoletesTuples():
+            if instTup[0] not in _package_whitelist:
+                continue
+            _package_whitelist.add(pkgtup[0].lower())
+def _get_updates(base):
+    updates = {}
+    for p in base.pkgSack.returnNewestByName():
+        if p.name in _package_whitelist:
+            # This one is whitelisted, skip
+            continue
+        updates[p.name] = p
+    return updates
+def config_hook(conduit):
+    global fileurl
+    fileurl = conduit.confString('main', 'whitelist')
+def _add_package_whitelist_excluders(conduit):
+    if hasattr(conduit, 'registerPackageName'):
+        conduit.registerPackageName("yum-plugin-foreman-protector")
+    ape = conduit._base.pkgSack.addPackageExcluder
+    exid = 'foreman-protector.W.'
+    ape(None, exid + str(1), 'mark.washed')
+    ape(None, exid + str(2), 'wash.name.in', _package_whitelist)
+    ape(None, exid + str(3), 'exclude.marked')
+def exclude_hook(conduit):
+    conduit.info(3, 'Reading Foreman protector configuration')
+    _load_whitelist()
+    _add_obsoletes(conduit)
+    total = len(_get_updates(conduit._base))
+    conduit.info(3, '*** Excluded total: %s' % total)
+    if total:
+        if total > 1:
+            suffix = 's'
+        else:
+            suffix = ''
+        conduit.info(1, '\n'
+                        'WARNING: Excluding %d update%s due to foreman-protector. \n'
+                        'Use foreman-maintain packages install/update <package> \n'
+                        'to safely install packages without restrictions.\n'
+                        % (total, suffix))
+    _add_package_whitelist_excluders(conduit)

data/extras/foreman_protector/foreman-protector.whitelist ADDED Viewed

@@ -0,0 +1,19 @@
+# list of packages allowed to be installed and updated freely
+# foreman-maintain runtime installed deps
+# fio and deps
+fio
+libaio
+libibverbs
+librbd1
+libpmem
+numactl-libs
+ndctl-libs
+daxctl-libs
+libpmemblk
+librados2
+librdmacm
+rdma-core
+boost-random
+boost-iostreams
+# foreman-maintain
+rubygem-foreman_maintain

data/extras/passenger-recycler.cron ADDED Viewed

@@ -0,0 +1,3 @@
+# Configuration file /etc/cron.d/passenger-recycler to run passenger-recycler
+# every 15 minutes.
+*/15 * * * * root /usr/bin/passenger-recycler

data/lib/foreman_maintain/cli/packages_command.rb CHANGED Viewed

@@ -1,32 +1,60 @@
 module ForemanMaintain
   module Cli
     class PackagesCommand < Base
-      subcommand 'lock', 'Prevent Foreman-related packages from automatic update' do
+      subcommand 'lock', 'Prevent packages from automatic update' do
         interactive_option
         def execute
-          run_scenarios_and_exit(Scenarios::VersionLocking::Lock.new)
+          run_scenarios_and_exit(Scenarios::Packages::Lock.new)
         end
       end
-      subcommand 'unlock', 'Enable Foreman-related packages for automatic update' do
+      subcommand 'unlock', 'Enable packages for automatic update' do
         interactive_option
         def execute
-          run_scenarios_and_exit(Scenarios::VersionLocking::Unlock.new)
+          run_scenarios_and_exit(Scenarios::Packages::Unlock.new)
         end
       end
-      subcommand 'status', 'Check if Foreman-related packages are protected against update' do
+      subcommand 'status', 'Check if packages are protected against update' do
         interactive_option
         def execute
-          run_scenarios_and_exit(Scenarios::VersionLocking::Status.new)
+          run_scenarios_and_exit(Scenarios::Packages::Status.new)
         end
       end
-      subcommand 'is-locked', 'Check if update of Foreman-related packages is allowed' do
+      subcommand 'install', 'Install packages in an unlocked session' do
+        interactive_option
+        parameter 'PACKAGES ...', 'packages to install', :attribute_name => :packages
+        def execute
+          run_scenarios_and_exit(
+            Scenarios::Packages::Install.new(
+              :packages => packages,
+              :assumeyes => assumeyes?
+            )
+          )
+        end
+      end
+      subcommand 'update', 'Update packages in an unlocked session' do
+        interactive_option
+        parameter 'PACKAGES ...', 'packages to update', :attribute_name => :packages
+        def execute
+          run_scenarios_and_exit(
+            Scenarios::Packages::Update.new(
+              :packages => packages,
+              :assumeyes => assumeyes?
+            )
+          )
+        end
+      end
+      subcommand 'is-locked', 'Check if update of packages is allowed' do
         interactive_option
         def execute
           locked = feature(:package_manager).versions_locked?
-          puts "Foreman related packages are#{locked ? '' : ' not'} locked"
+          puts "Packages are#{locked ? '' : ' not'} locked"
           exit_code = locked ? 0 : 1
           exit exit_code
         end

data/lib/foreman_maintain/cli.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module ForemanMaintain
       subcommand 'service', 'Control applicable services', ServiceCommand
       subcommand 'backup', 'Backup server', BackupCommand
       subcommand 'restore', 'Restore a backup', RestoreCommand
-      subcommand 'packages', 'Lock/Unlock installed packages', PackagesCommand
+      subcommand 'packages', 'Lock/Unlock package protection, install, update', PackagesCommand
       subcommand 'advanced', 'Advanced tools for server maintenance', AdvancedCommand
       subcommand 'maintenance-mode', 'Control maintenance-mode for application',
                  MaintenanceModeCommand

data/lib/foreman_maintain/package_manager/base.rb CHANGED Viewed

@@ -1,23 +1,13 @@
 module ForemanMaintain::PackageManager
   # rubocop:disable Lint/UnusedMethodArgument
   class Base
-    def foreman_related_packages
-      raise NotImplementedError
-    end
-    # list of packages providing the version locking
-    def version_locking_packages
-      raise NotImplementedError
-    end
     # check tools are installed and enabled
     def version_locking_enabled?
       raise NotImplementedError
     end
     # make sure the version locking tools are configured
-    # we can assume it is already installed
-    def configure_version_locking
+    def install_version_locking(assumeyes: false)
       raise NotImplementedError
     end
@@ -46,8 +36,8 @@ module ForemanMaintain::PackageManager
       raise NotImplementedError
     end
-    # prevent listed packages from update
-    def lock_versions(package_list)
+    # prevent selected packages from update or install
+    def lock_versions
       raise NotImplementedError
     end

data/lib/foreman_maintain/package_manager/yum.rb CHANGED Viewed

@@ -1,77 +1,36 @@
 module ForemanMaintain::PackageManager
   class Yum < Base
-    VERSIONLOCK_START_CLAUSE = '## foreman-maintain - start'.freeze
-    VERSIONLOCK_END_CLAUSE = '## foreman-maintain - end'.freeze
-    VERSIONLOCK_CONFIG_FILE = '/etc/yum/pluginconf.d/versionlock.conf'.freeze
-    VERSIONLOCK_DEFAULT_LIST_FILE = '/etc/yum/pluginconf.d/versionlock.list'.freeze
+    PROTECTOR_CONFIG_FILE = '/etc/yum/pluginconf.d/foreman-protector.conf'.freeze
+    PROTECTOR_WHITELIST_FILE = '/etc/yum/pluginconf.d/foreman-protector.whitelist'.freeze
+    PROTECTOR_PLUGIN_FILE = '/usr/lib/yum-plugins/foreman-protector.py'.freeze
     def self.parse_envra(envra)
       # envra format: 0:foreman-1.20.1.10-1.el7sat.noarch
       parsed = envra.match(/\d*:?(?<name>.*)-[^-]+-[^-]+\.[^.]+/)
-      parsed ? Hash[parsed.names.zip(parsed.captures)].merge(:envra => envra) : nil
+      parsed ? Hash[parsed.names.map(&:to_sym).zip(parsed.captures)].merge(:envra => envra) : nil
     end
-    def foreman_related_packages
-      query = "repoquery -a --qf='%{envra} %{repo.id}' --search foreman-installer |head -n1"
-      foreman_repo = sys.execute(query).split[1]
-      query_installed = "repoquery -a --qf='%{envra}' --repoid='#{foreman_repo}'"
-      sys.execute(query_installed). split("\n").map do |pkg|
-        self.class.parse_envra(pkg)
-      end
-    end
-    def version_locking_packages
-      %w[yum-utils yum-plugin-versionlock]
-    end
-    def lock_versions(package_list)
-      unlock_versions
-      File.open(versionlock_file, 'a') do |f|
-        f.puts VERSIONLOCK_START_CLAUSE
-        f.puts '# The following packages are locked by foreman-maintain. Do not modify!'
-        package_list.each { |package| f.puts "#{package[:envra]}.*" }
-        f.puts '# End of list of packages locked by foreman-maintain'
-        f.puts VERSIONLOCK_END_CLAUSE
-      end
+    def lock_versions
+      enable_protector
     end
     def unlock_versions
-      lock_file = versionlock_file
-      content = File.read(lock_file)
-      content = content.gsub(/#{VERSIONLOCK_START_CLAUSE}.*#{VERSIONLOCK_END_CLAUSE}\n/m, '')
-      File.open(lock_file, 'w') { |f| f.write content }
+      disable_protector
     end
     def versions_locked?
-      lock_file = versionlock_file
-      return false if lock_file.nil?
-      content = File.read(lock_file)
-      !!content.match(/#{VERSIONLOCK_START_CLAUSE}.*#{VERSIONLOCK_END_CLAUSE}\n/m)
+      !!(protector_config =~ /^\s*enabled\s*=\s*1/)
     end
     def version_locking_enabled?
-      installed?(version_locking_packages) && versionlock_config =~ /^\s*enabled\s+=\s+1/ \
-        && File.exist?(versionlock_file)
+      File.exist?(PROTECTOR_PLUGIN_FILE) && File.exist?(PROTECTOR_CONFIG_FILE) &&
+        File.exist?(PROTECTOR_WHITELIST_FILE)
     end
-    # make sure the version locking tools are configured
-    #  enabled = 1
-    #  locklist = <list file>
-    # we can assume it is already installed
-    def configure_version_locking
-      config = versionlock_config
-      config += "\n" unless config[-1] == "\n"
-      enabled_re = /^\s*enabled\s*=.*$/
-      if enabled_re.match(config)
-        config = config.gsub(enabled_re, 'enabled = 1')
-      else
-        config += "enabled = 1\n"
-      end
-      unless config =~ /^\s*locklist\s*=.*$/
-        config += "locklist = #{VERSIONLOCK_DEFAULT_LIST_FILE}\n"
-      end
-      File.open(versionlock_config_file, 'w') { |file| file.puts config }
-      FileUtils.touch(versionlock_file)
+    def install_version_locking(*)
+      install_extras('foreman_protector/foreman-protector.py', PROTECTOR_PLUGIN_FILE)
+      install_extras('foreman_protector/foreman-protector.conf', PROTECTOR_CONFIG_FILE)
+      install_extras('foreman_protector/foreman-protector.whitelist', PROTECTOR_WHITELIST_FILE)
     end
     def installed?(packages)
@@ -109,17 +68,32 @@ module ForemanMaintain::PackageManager
     private
-    def versionlock_config
-      File.exist?(versionlock_config_file) ? File.read(versionlock_config_file) : ''
+    def protector_config
+      File.exist?(protector_config_file) ? File.read(protector_config_file) : ''
     end
-    def versionlock_config_file
-      VERSIONLOCK_CONFIG_FILE
+    def protector_config_file
+      PROTECTOR_CONFIG_FILE
     end
-    def versionlock_file
-      result = versionlock_config.match(/^\s*locklist\s*=\s*(\S+)/)
-      result.nil? ? nil : File.expand_path(result.captures[0])
+    def enable_protector
+      setup_protector(true)
+    end
+    def disable_protector
+      setup_protector(false)
+    end
+    def setup_protector(enabled)
+      config = protector_config
+      config += "\n" unless config[-1] == "\n"
+      enabled_re = /^\s*enabled\s*=.*$/
+      if enabled_re.match(config)
+        config = config.gsub(enabled_re, "enabled = #{enabled ? '1' : '0'}")
+      else
+        config += "enabled = #{enabled ? '1' : '0'}\n"
+      end
+      File.open(protector_config_file, 'w') { |file| file.puts config }
     end
     def yum_action(action, packages, assumeyes: false)
@@ -131,5 +105,14 @@ module ForemanMaintain::PackageManager
       sys.execute!("yum#{yum_options_s} #{action}#{packages_s}",
                    :interactive => true)
     end
+    def install_extras(src, dest, override: false)
+      extras_src = File.expand_path('../../../../extras', __FILE__)
+      if override ||
+         (File.directory?(dest) && !File.exist?(File.join(dest, src))) ||
+         !File.exist?(dest)
+        FileUtils.cp(File.join(extras_src, src), dest)
+      end
+    end
   end
 end

data/lib/foreman_maintain/runner.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module ForemanMaintain
       @scenarios = Array(scenarios)
       @quit = false
       @last_scenario = nil
+      @last_scenario_continuation_confirmed = false
       @exit_code = 0
     end
@@ -40,18 +41,19 @@ module ForemanMaintain
       end
     end
-    def run_scenario(scenario, confirm = true)
+    def run_scenario(scenario)
       return if scenario.steps.empty?
       raise 'The runner is already in quit state' if quit?
-      if confirm
-        confirm_scenario(scenario)
-        return if quit?
-      end
+      confirm_scenario(scenario)
+      return if quit?
       execute_scenario_steps(scenario)
     ensure
-      @last_scenario = scenario unless scenario.steps.empty?
+      unless scenario.steps.empty?
+        @last_scenario = scenario
+        @last_scenario_continuation_confirmed = false
+      end
       @exit_code = 1 if scenario.failed?
     end
@@ -60,12 +62,13 @@ module ForemanMaintain
     end
     def confirm_scenario(scenario)
-      return unless @last_scenario
+      return if @last_scenario.nil? || @last_scenario_continuation_confirmed
       decision = if @last_scenario.steps_with_error(:whitelisted => false).any? ||
                     @last_scenario.steps_with_abort(:whitelisted => false).any?
                    :quit
                  elsif @last_scenario.steps_with_warning(:whitelisted => false).any?
+                   @last_scenario_continuation_confirmed = true
                    reporter.ask_decision("Continue with [#{scenario.description}]")
                  end
@@ -94,7 +97,7 @@ module ForemanMaintain
     def execute_scenario_steps(scenario, force = false)
       scenario.before_scenarios.flatten.each { |before_scenario| run_scenario(before_scenario) }
-      confirm_scenario(scenario) if @rescue_scenario
+      confirm_scenario(scenario)
       return if !force && quit? # the before scenarios caused the stop of the execution
       @reporter.before_scenario_starts(scenario)

data/lib/foreman_maintain/upgrade_runner.rb CHANGED Viewed

@@ -135,7 +135,7 @@ module ForemanMaintain
         confirm_scenario(scenario)
         return if quit?
         self.phase = phase
-        run_scenario(scenario, false)
+        run_scenario(scenario)
         # if we started from the :pre_upgrade_checks, ensure to ask before
         # continuing with the rest of the upgrade
         @ask_to_confirm_upgrade = phase == :pre_upgrade_checks
@@ -155,12 +155,15 @@ module ForemanMaintain
     private
+    # rubocop:disable Metrics/MethodLength
     def rollback_pre_migrations
       raise "Unexpected phase #{phase}, expecting pre_migrations" unless phase == :pre_migrations
       rollback_needed = scenario(:pre_migrations).steps.any? { |s| s.executed? && s.success? }
       if rollback_needed
         @quit = false
-        @last_scenario = nil # to prevent the unnecessary confirmation questions
+        # prevent the unnecessary confirmation questions
+        @last_scenario = nil
+        @last_scenario_continuation_confirmed = true
         [:post_migrations, :post_upgrade_checks].each do |phase|
           if quit? && phase == :post_upgrade_checks
             self.phase = :pre_migrations
@@ -174,6 +177,7 @@ module ForemanMaintain
         The upgrade failed and system was restored to pre-upgrade state.
       MESSAGE
     end
+    # rubocop:enable Metrics/MethodLength
     def with_non_empty_scenario(phase)
       next_scenario = scenario(phase)

data/lib/foreman_maintain/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForemanMaintain
-  VERSION = '0.4.6'.freeze
+  VERSION = '0.4.8'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_maintain
 version: !ruby/object:Gem::Version
-  version: 0.4.6
+  version: 0.4.8
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-29 00:00:00.000000000 Z
+date: 2019-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: clamp
@@ -219,6 +219,7 @@ files:
 - definitions/procedures/foreman_tasks/resume.rb
 - definitions/procedures/foreman_tasks/ui_investigate.rb
 - definitions/procedures/hammer_setup.rb
+- definitions/procedures/installer/run.rb
 - definitions/procedures/installer/upgrade.rb
 - definitions/procedures/iptables/add_maintenance_mode_chain.rb
 - definitions/procedures/iptables/remove_maintenance_mode_chain.rb
@@ -226,6 +227,7 @@ files:
 - definitions/procedures/maintenance_mode/is_enabled.rb
 - definitions/procedures/packages/enable_version_locking.rb
 - definitions/procedures/packages/install.rb
+- definitions/procedures/packages/installer_confirmation.rb
 - definitions/procedures/packages/lock_versions.rb
 - definitions/procedures/packages/locking_status.rb
 - definitions/procedures/packages/unlock_versions.rb
@@ -261,6 +263,7 @@ files:
 - definitions/procedures/sync_plans/enable.rb
 - definitions/scenarios/backup.rb
 - definitions/scenarios/maintenance_mode.rb
+- definitions/scenarios/packages.rb
 - definitions/scenarios/restore.rb
 - definitions/scenarios/services.rb
 - definitions/scenarios/upgrade_to_satellite_6_2.rb
@@ -273,7 +276,11 @@ files:
 - definitions/scenarios/upgrade_to_satellite_6_5_z.rb
 - definitions/scenarios/upgrade_to_satellite_6_6.rb
 - definitions/scenarios/upgrade_to_satellite_6_6_z.rb
-- definitions/scenarios/version_locking.rb
+- extras/foreman-maintain.sh
+- extras/foreman_protector/foreman-protector.conf
+- extras/foreman_protector/foreman-protector.py
+- extras/foreman_protector/foreman-protector.whitelist
+- extras/passenger-recycler.cron
 - lib/foreman_maintain.rb
 - lib/foreman_maintain/check.rb
 - lib/foreman_maintain/cli.rb

data/definitions/scenarios/version_locking.rb DELETED Viewed

@@ -1,39 +0,0 @@
-module ForemanMaintain::Scenarios
-  module VersionLocking
-    class Status < ForemanMaintain::Scenario
-      metadata do
-        label :version_locking_status
-        description 'detection of status of package version locking'
-        manual_detection
-      end
-      def compose
-        add_step(Procedures::Packages::LockingStatus)
-      end
-    end
-    class Unlock < ForemanMaintain::Scenario
-      metadata do
-        label :version_locking_unlock
-        description 'unlocking of package versions'
-        manual_detection
-      end
-      def compose
-        add_step(Procedures::Packages::UnlockVersions)
-      end
-    end
-    class Lock < ForemanMaintain::Scenario
-      metadata do
-        label :version_locking_lock
-        description 'locking of package versions'
-        manual_detection
-      end
-      def compose
-        add_step(Procedures::Packages::LockVersions)
-      end
-    end
-  end
-end