RubyGems - foreman_maintain - Versions diffs - 0.4.6 → 0.4.8 - Mend

foreman_maintain 0.4.6 → 0.4.8

Files changed (27) hide show

checksums.yaml +4 -4
data/definitions/checks/version_locking_enabled.rb +1 -1
data/definitions/features/installer.rb +12 -2
data/definitions/features/package_manager.rb +1 -2
data/definitions/procedures/installer/run.rb +15 -0
data/definitions/procedures/packages/enable_version_locking.rb +1 -6
data/definitions/procedures/packages/install.rb +13 -2
data/definitions/procedures/packages/installer_confirmation.rb +18 -0
data/definitions/procedures/packages/lock_versions.rb +2 -6
data/definitions/procedures/packages/locking_status.rb +25 -3
data/definitions/procedures/packages/unlock_versions.rb +1 -1
data/definitions/procedures/packages/update.rb +10 -1
data/definitions/scenarios/packages.rb +90 -0
data/extras/foreman-maintain.sh +14 -0
data/extras/foreman_protector/foreman-protector.conf +3 -0
data/extras/foreman_protector/foreman-protector.py +85 -0
data/extras/foreman_protector/foreman-protector.whitelist +19 -0
data/extras/passenger-recycler.cron +3 -0
data/lib/foreman_maintain/cli/packages_command.rb +36 -8
data/lib/foreman_maintain/cli.rb +1 -1
data/lib/foreman_maintain/package_manager/base.rb +3 -13
data/lib/foreman_maintain/package_manager/yum.rb +45 -62
data/lib/foreman_maintain/runner.rb +11 -8
data/lib/foreman_maintain/upgrade_runner.rb +6 -2
data/lib/foreman_maintain/version.rb +1 -1
metadata +10 -3
data/definitions/scenarios/version_locking.rb +0 -39

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0ec1d3cb6c78f4404fb0983479df446a46a5814428842c630f9723be36e58863
-  data.tar.gz: b156422372ca41f5ebec896fe24c929c96cef1577576f4abf768938b6776d910
+  metadata.gz: 0d748d16a88ff4ea39bdefe64acb950f12838579e8b32bf4077c2ce600ee69ee
+  data.tar.gz: fbbdc32ce0d5b282c3c330a7cd6660126f8b07ba732ed323f91f433141f7d306
 SHA512:
-  metadata.gz: 2df8afaa92f8871b3f3b59db30ec321af277059f0631a3ad2a54f064bf5067463160a209b7d7c1bc6fb15b83b30ac15015977fdf96621200b0eec87d690bcfd1
-  data.tar.gz: c30552fdc8e0c3ae64625d5504bbf894b134c50f77be98d3c42c3cfb751c61104f4ad391d88e4dc63b2b86163cb2b2a3e610e636d6be43d33253e463145e93dd
+  metadata.gz: 870a8eec52a19ce134968b45435b0913efc3e950ec9cba783528b8588b5830098bd48c864c6916a9bc3e378b57c7ac7056066323914c1beca5fccaa9237c257b
+  data.tar.gz: 0d9c910b5ec28449a47a89615e7df4d1665d178aa7c6b79c24f238ededc751b85a5582889cad8d1a8a235931bf909c136ce9d457d8be946ca9ffe77085c93cd4

data/definitions/checks/version_locking_enabled.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Checks
   class VersionLockingEnabled < ForemanMaintain::Check
     metadata do
-      description 'Check if tooling for package version locking is installed'
+      description 'Check if tooling for package locking is installed'
     end
     def run

data/definitions/features/installer.rb CHANGED Viewed

@@ -24,7 +24,7 @@ class Features::Installer < ForemanMaintain::Feature
   end
   def configuration
-    YAML.load_file(config_file)
+    @configuration ||= YAML.load_file(config_file)
   end
   def config_file
@@ -85,7 +85,9 @@ class Features::Installer < ForemanMaintain::Feature
   end
   def run(arguments = '', exec_options = {})
-    execute!("LANG=en_US.utf-8 #{installer_command} #{arguments}".strip, exec_options)
+    out = execute!("LANG=en_US.utf-8 #{installer_command} #{arguments}".strip, exec_options)
+    @configuration = nil
+    out
   end
   def upgrade(exec_options = {})
@@ -103,6 +105,14 @@ class Features::Installer < ForemanMaintain::Feature
       feature(:installer).answers['foreman']['admin_password']
   end
+  def lock_package_versions?
+    !!(configuration[:custom] && configuration[:custom][:lock_package_versions])
+  end
+  def lock_package_versions_supported?
+    !(configuration[:custom] && configuration[:custom][:lock_package_versions]).nil?
+  end
   private
   def load_answers(config)

data/definitions/features/package_manager.rb CHANGED Viewed

@@ -6,8 +6,7 @@ class Features::PackageManager < ForemanMaintain::Feature
   extend Forwardable
   def_delegators :manager, :lock_versions, :unlock_versions,
                  :installed?, :find_installed_package, :install, :update,
-                 :version_locking_enabled?, :configure_version_locking,
-                 :foreman_related_packages, :version_locking_packages,
+                 :version_locking_enabled?, :install_version_locking,
                  :versions_locked?, :clean_cache, :remove, :files_not_owned_by_package
   def self.type

data/definitions/procedures/installer/run.rb ADDED Viewed

@@ -0,0 +1,15 @@
+module Procedures::Installer
+  class Run < ForemanMaintain::Procedure
+    metadata do
+      param :arguments, 'Arguments passed to installer'
+    end
+    def run
+      feature(:installer).run(@arguments, :interactive => true)
+    end
+    def description
+      "Running #{feature(:installer).installer_command} #{@arguments}"
+    end
+  end
+end

data/definitions/procedures/packages/enable_version_locking.rb CHANGED Viewed

@@ -6,12 +6,7 @@ module Procedures::Packages
     end
     def run
-      packages = feature(:package_manager).version_locking_packages
-      feature(:package_manager).install(packages, :assumeyes => @assumeyes)
-      unless feature(:package_manager).installed?(packages)
-        raise "Unable to install some of the required dependences:  #{packages.join(' ')}"
-      end
-      feature(:package_manager).configure_version_locking
+      feature(:package_manager).install_version_locking(:assumeyes => @assumeyes)
     end
   end
 end

data/definitions/procedures/packages/install.rb CHANGED Viewed

@@ -1,16 +1,27 @@
 module Procedures::Packages
   class Install < ForemanMaintain::Procedure
     metadata do
+      description 'Install packages'
       param :packages, 'List of packages to install', :array => true
       param :assumeyes, 'Do not ask for confirmation'
+      param :force, 'Do not skip if package is installed', :flag => true, :default => false
+      param :warn_on_errors, 'Do not interrupt scenario on failure',
+            :flag => true, :default => false
     end
     def run
-      packages_action(:install, @packages, :assumeyes => @assumeyes.nil? ? assumeyes? : @assumeyes)
+      assumeyes_val = @assumeyes.nil? ? assumeyes? : @assumeyes
+      packages_action(:install, @packages, :assumeyes => assumeyes_val)
+    rescue ForemanMaintain::Error::ExecutionError => e
+      if @warn_on_errors
+        set_status(:warning, e.message)
+      else
+        raise
+      end
     end
     def necessary?
-      @packages.any? { |package| package_version(package).nil? }
+      @force || @packages.any? { |package| package_version(package).nil? }
     end
     def runtime_message

data/definitions/procedures/packages/installer_confirmation.rb ADDED Viewed

@@ -0,0 +1,18 @@
+module Procedures::Packages
+  class InstallerConfirmation < ForemanMaintain::Procedure
+    metadata do
+      description 'Confirm installer run is allowed'
+    end
+    def run
+      question = "WARNING: This script runs #{feature(:installer).installer_command} " \
+        "after the yum execution \n" \
+        "to ensure the #{feature(:instance).product_name} " \
+        "is in a consistent state.\n" \
+        "As a result some of your services may be restarted. \n\n" \
+        'Do you want to proceed?'
+      answer = ask_decision(question, 'y(yes), q(quit)')
+      abort! unless answer == :yes
+    end
+  end
+end

data/definitions/procedures/packages/lock_versions.rb CHANGED Viewed

@@ -2,16 +2,12 @@ module Procedures::Packages
   class LockVersions < ForemanMaintain::Procedure
     metadata do
       for_feature :package_manager
-      description 'Lock versions of Foreman-related packages'
+      description 'Lock packages'
       preparation_steps { [Checks::VersionLockingEnabled.new] }
     end
     def run
-      with_spinner('Collecting list of packages to lock') do |spinner|
-        package_list = feature(:package_manager).foreman_related_packages
-        spinner.update('Locking packages')
-        feature(:package_manager).lock_versions(package_list)
-      end
+      feature(:package_manager).lock_versions
     end
   end
 end

data/definitions/procedures/packages/locking_status.rb CHANGED Viewed

@@ -2,15 +2,37 @@ module Procedures::Packages
   class LockingStatus < ForemanMaintain::Procedure
     metadata do
       for_feature :package_manager
-      description 'Check status of version locking of Foreman-related packages'
+      description 'Check status of version locking of packages'
       preparation_steps { [Checks::VersionLockingEnabled.new] }
     end
     def run
+      check_automatic_locking
+      check_version_locked
+    end
+    private
+    def check_version_locked
       if feature(:package_manager).versions_locked?
-        puts 'Packages are locked.'
+        puts '  Packages are locked.'
+      else
+        puts '  Packages are not locked.'
+        puts "  WARNING: When locking is disabled there is a risk of unwanted update\n" \
+             "  of #{feature(:instance).product_name}' and its components and possible " \
+             'data inconsistency'
+      end
+    end
+    def check_automatic_locking
+      if feature(:installer).lock_package_versions_supported?
+        if feature(:installer).lock_package_versions?
+          puts '  Automatic locking of package versions is enabled in installer.'
+        else
+          puts '  Automatic locking of package versions is disabled in installer.'
+        end
       else
-        puts 'Packages are not locked.'
+        puts '  Automatic locking of package versions is not supported by installer.'
       end
     end
   end

data/definitions/procedures/packages/unlock_versions.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Procedures::Packages
   class UnlockVersions < ForemanMaintain::Procedure
     metadata do
       for_feature :package_manager
-      description 'Unlock versions of Foreman-related packages'
+      description 'Unlock packages'
       preparation_steps { [Checks::VersionLockingEnabled.new] }
     end

data/definitions/procedures/packages/update.rb CHANGED Viewed

@@ -3,16 +3,25 @@ module Procedures::Packages
     metadata do
       param :packages, 'List of packages to update', :array => true
       param :assumeyes, 'Do not ask for confirmation'
+      param :force, 'Do not skip if package is installed', :flag => true, :default => false
+      param :warn_on_errors, 'Do not interrupt scenario on failure',
+            :flag => true, :default => false
     end
     def run
       assumeyes_val = @assumeyes.nil? ? assumeyes? : @assumeyes
       feature(:package_manager).clean_cache
       packages_action(:update, @packages, :assumeyes => assumeyes_val)
+    rescue ForemanMaintain::Error::ExecutionError => e
+      if @warn_on_errors
+        set_status(:warning, e.message)
+      else
+        raise
+      end
     end
     def necessary?
-      @packages.any? { |package| package_version(package).nil? }
+      @force || @packages.any? { |package| package_version(package).nil? }
     end
     def description

data/definitions/scenarios/packages.rb ADDED Viewed

@@ -0,0 +1,90 @@
+module ForemanMaintain::Scenarios
+  module Packages
+    class Status < ForemanMaintain::Scenario
+      metadata do
+        label :packages_status
+        description 'detection of status of package version locking'
+        manual_detection
+      end
+      def compose
+        add_step(Procedures::Packages::LockingStatus)
+      end
+    end
+    class Unlock < ForemanMaintain::Scenario
+      metadata do
+        label :packages_unlock
+        description 'unlocking of package versions'
+        manual_detection
+      end
+      def compose
+        add_step(Procedures::Packages::UnlockVersions)
+      end
+    end
+    class Lock < ForemanMaintain::Scenario
+      metadata do
+        label :packages_lock
+        description 'locking of package versions'
+        manual_detection
+      end
+      def compose
+        add_step(Procedures::Packages::LockVersions)
+      end
+    end
+    class Install < ForemanMaintain::Scenario
+      metadata do
+        description 'install packages in unlocked session'
+        param :packages, 'List of packages to install', :array => true
+        param :assumeyes, 'Do not ask for confirmation'
+        manual_detection
+      end
+      def compose
+        add_step_with_context(Procedures::Packages::InstallerConfirmation)
+        add_step_with_context(Procedures::Packages::UnlockVersions)
+        add_step_with_context(Procedures::Packages::Install,
+                              :force => true, :warn_on_errors => true)
+        add_step_with_context(Procedures::Installer::Run,
+                              :arguments => '--upgrade --disable-system-checks')
+        add_step(Procedures::Packages::LockingStatus)
+      end
+      def set_context_mapping
+        context.map(:packages,
+                    Procedures::Packages::Install => :packages)
+        context.map(:assumeyes,
+                    Procedures::Packages::Install => :assumeyes)
+      end
+    end
+    class Update < ForemanMaintain::Scenario
+      metadata do
+        description 'update packages in unlocked session'
+        param :packages, 'List of packages to Update', :array => true
+        param :assumeyes, 'Do not ask for confirmation'
+        manual_detection
+      end
+      def compose
+        add_step_with_context(Procedures::Packages::InstallerConfirmation)
+        add_step_with_context(Procedures::Packages::UnlockVersions)
+        add_step_with_context(Procedures::Packages::Update, :force => true, :warn_on_errors => true)
+        add_step_with_context(Procedures::Installer::Run,
+                              :arguments => '--upgrade --disable-system-checks')
+        add_step(Procedures::Packages::LockingStatus)
+      end
+      def set_context_mapping
+        context.map(:packages,
+                    Procedures::Packages::Update => :packages)
+        context.map(:assumeyes,
+                    Procedures::Packages::Update => :assumeyes)
+      end
+    end
+  end
+end

data/extras/foreman-maintain.sh ADDED Viewed

@@ -0,0 +1,14 @@
+#!/bin/bash
+function quit_if_in_maintenance_mode {
+  /usr/bin/foreman-maintain maintenance-mode is-enabled
+  if [ $? -eq 0 ]
+  then
+    echo "Maintenance mode is on can not continue"
+    exit 1
+  fi
+}
+function is_maintenance_mode_enabled {
+  /usr/bin/foreman-maintain maintenance-mode is-enabled
+  echo $?
+}

data/extras/foreman_protector/foreman-protector.conf ADDED Viewed

@@ -0,0 +1,3 @@
+[main]
+enabled = 0
+whitelist = /etc/yum/pluginconf.d/foreman-protector.whitelist

data/extras/foreman_protector/foreman-protector.py ADDED Viewed

@@ -0,0 +1,85 @@
+from yum.plugins import PluginYumExit
+from yum.plugins import TYPE_CORE
+from rpmUtils.miscutils import splitFilename
+from yum.packageSack import packagesNewestByName
+import urlgrabber
+import urlgrabber.grabber
+import os
+import fnmatch
+import tempfile
+import time
+requires_api_version = '2.1'
+plugin_type = (TYPE_CORE,)
+_package_whitelist = set()
+fileurl = None
+def _load_whitelist():
+    try:
+      if fileurl:
+        llfile = urlgrabber.urlopen(fileurl)
+        for line in llfile.readlines():
+            if line.startswith('#') or line.strip() == '':
+                continue
+            _package_whitelist.add(line.rstrip().lower())
+        llfile.close()
+    except urlgrabber.grabber.URLGrabError, e:
+        raise PluginYumExit('Unable to read Foreman protector"s configuration: %s' % e)
+def _add_obsoletes(conduit):
+    if _package_whitelist:
+        #  If anything obsoletes something that we have whitelisted ... then
+        # whitelist that too.
+        for (pkgtup, instTup) in conduit._base.up.getObsoletesTuples():
+            if instTup[0] not in _package_whitelist:
+                continue
+            _package_whitelist.add(pkgtup[0].lower())
+def _get_updates(base):
+    updates = {}
+    for p in base.pkgSack.returnNewestByName():
+        if p.name in _package_whitelist:
+            # This one is whitelisted, skip
+            continue
+        updates[p.name] = p
+    return updates
+def config_hook(conduit):
+    global fileurl
+    fileurl = conduit.confString('main', 'whitelist')
+def _add_package_whitelist_excluders(conduit):
+    if hasattr(conduit, 'registerPackageName'):
+        conduit.registerPackageName("yum-plugin-foreman-protector")
+    ape = conduit._base.pkgSack.addPackageExcluder
+    exid = 'foreman-protector.W.'
+    ape(None, exid + str(1), 'mark.washed')
+    ape(None, exid + str(2), 'wash.name.in', _package_whitelist)
+    ape(None, exid + str(3), 'exclude.marked')
+def exclude_hook(conduit):
+    conduit.info(3, 'Reading Foreman protector configuration')
+    _load_whitelist()
+    _add_obsoletes(conduit)
+    total = len(_get_updates(conduit._base))
+    conduit.info(3, '*** Excluded total: %s' % total)
+    if total:
+        if total > 1:
+            suffix = 's'
+        else:
+            suffix = ''
+        conduit.info(1, '\n'
+                        'WARNING: Excluding %d update%s due to foreman-protector. \n'
+                        'Use foreman-maintain packages install/update <package> \n'
+                        'to safely install packages without restrictions.\n'
+                        % (total, suffix))
+    _add_package_whitelist_excluders(conduit)

data/extras/foreman_protector/foreman-protector.whitelist ADDED Viewed

@@ -0,0 +1,19 @@
+# list of packages allowed to be installed and updated freely
+# foreman-maintain runtime installed deps
+# fio and deps
+fio
+libaio
+libibverbs
+librbd1
+libpmem
+numactl-libs
+ndctl-libs
+daxctl-libs
+libpmemblk
+librados2
+librdmacm
+rdma-core
+boost-random
+boost-iostreams
+# foreman-maintain
+rubygem-foreman_maintain

data/extras/passenger-recycler.cron ADDED Viewed

@@ -0,0 +1,3 @@
+# Configuration file /etc/cron.d/passenger-recycler to run passenger-recycler
+# every 15 minutes.
+*/15 * * * * root /usr/bin/passenger-recycler

data/lib/foreman_maintain/cli/packages_command.rb CHANGED Viewed

@@ -1,32 +1,60 @@
 module ForemanMaintain
   module Cli
     class PackagesCommand < Base
-      subcommand 'lock', 'Prevent Foreman-related packages from automatic update' do
+      subcommand 'lock', 'Prevent packages from automatic update' do
         interactive_option
         def execute
-          run_scenarios_and_exit(Scenarios::VersionLocking::Lock.new)
+          run_scenarios_and_exit(Scenarios::Packages::Lock.new)
         end
       end
-      subcommand 'unlock', 'Enable Foreman-related packages for automatic update' do
+      subcommand 'unlock', 'Enable packages for automatic update' do
         interactive_option
         def execute
-          run_scenarios_and_exit(Scenarios::VersionLocking::Unlock.new)
+          run_scenarios_and_exit(Scenarios::Packages::Unlock.new)
         end
       end
-      subcommand 'status', 'Check if Foreman-related packages are protected against update' do
+      subcommand 'status', 'Check if packages are protected against update' do
         interactive_option
         def execute
-          run_scenarios_and_exit(Scenarios::VersionLocking::Status.new)
+          run_scenarios_and_exit(Scenarios::Packages::Status.new)
         end
       end
-      subcommand 'is-locked', 'Check if update of Foreman-related packages is allowed' do
+      subcommand 'install', 'Install packages in an unlocked session' do
+        interactive_option
+        parameter 'PACKAGES ...', 'packages to install', :attribute_name => :packages
+        def execute
+          run_scenarios_and_exit(
+            Scenarios::Packages::Install.new(
+              :packages => packages,
+              :assumeyes => assumeyes?
+            )
+          )
+        end
+      end
+      subcommand 'update', 'Update packages in an unlocked session' do
+        interactive_option
+        parameter 'PACKAGES ...', 'packages to update', :attribute_name => :packages
+        def execute
+          run_scenarios_and_exit(
+            Scenarios::Packages::Update.new(
+              :packages => packages,
+              :assumeyes => assumeyes?
+            )
+          )
+        end
+      end
+      subcommand 'is-locked', 'Check if update of packages is allowed' do
         interactive_option
         def execute
           locked = feature(:package_manager).versions_locked?
-          puts "Foreman related packages are#{locked ? '' : ' not'} locked"
+          puts "Packages are#{locked ? '' : ' not'} locked"
           exit_code = locked ? 0 : 1
           exit exit_code
         end

data/lib/foreman_maintain/cli.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module ForemanMaintain
       subcommand 'service', 'Control applicable services', ServiceCommand
       subcommand 'backup', 'Backup server', BackupCommand
       subcommand 'restore', 'Restore a backup', RestoreCommand
-      subcommand 'packages', 'Lock/Unlock installed packages', PackagesCommand
+      subcommand 'packages', 'Lock/Unlock package protection, install, update', PackagesCommand
       subcommand 'advanced', 'Advanced tools for server maintenance', AdvancedCommand
       subcommand 'maintenance-mode', 'Control maintenance-mode for application',
                  MaintenanceModeCommand

data/lib/foreman_maintain/package_manager/base.rb CHANGED Viewed

@@ -1,23 +1,13 @@
 module ForemanMaintain::PackageManager
   # rubocop:disable Lint/UnusedMethodArgument
   class Base
-    def foreman_related_packages
-      raise NotImplementedError
-    end
-    # list of packages providing the version locking
-    def version_locking_packages
-      raise NotImplementedError
-    end
     # check tools are installed and enabled
     def version_locking_enabled?
       raise NotImplementedError
     end
     # make sure the version locking tools are configured
-    # we can assume it is already installed
-    def configure_version_locking
+    def install_version_locking(assumeyes: false)
       raise NotImplementedError
     end
@@ -46,8 +36,8 @@ module ForemanMaintain::PackageManager
       raise NotImplementedError
     end
-    # prevent listed packages from update
-    def lock_versions(package_list)
+    # prevent selected packages from update or install
+    def lock_versions
       raise NotImplementedError
     end

data/lib/foreman_maintain/package_manager/yum.rb CHANGED Viewed

@@ -1,77 +1,36 @@
 module ForemanMaintain::PackageManager
   class Yum < Base
-    VERSIONLOCK_START_CLAUSE = '## foreman-maintain - start'.freeze
-    VERSIONLOCK_END_CLAUSE = '## foreman-maintain - end'.freeze
-    VERSIONLOCK_CONFIG_FILE = '/etc/yum/pluginconf.d/versionlock.conf'.freeze
-    VERSIONLOCK_DEFAULT_LIST_FILE = '/etc/yum/pluginconf.d/versionlock.list'.freeze
+    PROTECTOR_CONFIG_FILE = '/etc/yum/pluginconf.d/foreman-protector.conf'.freeze
+    PROTECTOR_WHITELIST_FILE = '/etc/yum/pluginconf.d/foreman-protector.whitelist'.freeze
+    PROTECTOR_PLUGIN_FILE = '/usr/lib/yum-plugins/foreman-protector.py'.freeze
     def self.parse_envra(envra)
       # envra format: 0:foreman-1.20.1.10-1.el7sat.noarch
       parsed = envra.match(/\d*:?(?<name>.*)-[^-]+-[^-]+\.[^.]+/)
-      parsed ? Hash[parsed.names.zip(parsed.captures)].merge(:envra => envra) : nil
+      parsed ? Hash[parsed.names.map(&:to_sym).zip(parsed.captures)].merge(:envra => envra) : nil
     end
-    def foreman_related_packages
-      query = "repoquery -a --qf='%{envra} %{repo.id}' --search foreman-installer |head -n1"
-      foreman_repo = sys.execute(query).split[1]
-      query_installed = "repoquery -a --qf='%{envra}' --repoid='#{foreman_repo}'"
-      sys.execute(query_installed). split("\n").map do |pkg|
-        self.class.parse_envra(pkg)
-      end
-    end
-    def version_locking_packages
-      %w[yum-utils yum-plugin-versionlock]
-    end
-    def lock_versions(package_list)
-      unlock_versions
-      File.open(versionlock_file, 'a') do |f|
-        f.puts VERSIONLOCK_START_CLAUSE
-        f.puts '# The following packages are locked by foreman-maintain. Do not modify!'
-        package_list.each { |package| f.puts "#{package[:envra]}.*" }
-        f.puts '# End of list of packages locked by foreman-maintain'
-        f.puts VERSIONLOCK_END_CLAUSE
-      end
+    def lock_versions
+      enable_protector
     end
     def unlock_versions
-      lock_file = versionlock_file
-      content = File.read(lock_file)
-      content = content.gsub(/#{VERSIONLOCK_START_CLAUSE}.*#{VERSIONLOCK_END_CLAUSE}\n/m, '')
-      File.open(lock_file, 'w') { |f| f.write content }
+      disable_protector
     end
     def versions_locked?
-      lock_file = versionlock_file
-      return false if lock_file.nil?
-      content = File.read(lock_file)
-      !!content.match(/#{VERSIONLOCK_START_CLAUSE}.*#{VERSIONLOCK_END_CLAUSE}\n/m)
+      !!(protector_config =~ /^\s*enabled\s*=\s*1/)
     end
     def version_locking_enabled?
-      installed?(version_locking_packages) && versionlock_config =~ /^\s*enabled\s+=\s+1/ \
-        && File.exist?(versionlock_file)
+      File.exist?(PROTECTOR_PLUGIN_FILE) && File.exist?(PROTECTOR_CONFIG_FILE) &&
+        File.exist?(PROTECTOR_WHITELIST_FILE)
     end
-    # make sure the version locking tools are configured
-    #  enabled = 1
-    #  locklist = <list file>
-    # we can assume it is already installed
-    def configure_version_locking
-      config = versionlock_config
-      config += "\n" unless config[-1] == "\n"
-      enabled_re = /^\s*enabled\s*=.*$/
-      if enabled_re.match(config)
-        config = config.gsub(enabled_re, 'enabled = 1')
-      else
-        config += "enabled = 1\n"
-      end
-      unless config =~ /^\s*locklist\s*=.*$/
-        config += "locklist = #{VERSIONLOCK_DEFAULT_LIST_FILE}\n"
-      end
-      File.open(versionlock_config_file, 'w') { |file| file.puts config }
-      FileUtils.touch(versionlock_file)
+    def install_version_locking(*)
+      install_extras('foreman_protector/foreman-protector.py', PROTECTOR_PLUGIN_FILE)
+      install_extras('foreman_protector/foreman-protector.conf', PROTECTOR_CONFIG_FILE)
+      install_extras('foreman_protector/foreman-protector.whitelist', PROTECTOR_WHITELIST_FILE)
     end
     def installed?(packages)
@@ -109,17 +68,32 @@ module ForemanMaintain::PackageManager
     private
-    def versionlock_config
-      File.exist?(versionlock_config_file) ? File.read(versionlock_config_file) : ''
+    def protector_config
+      File.exist?(protector_config_file) ? File.read(protector_config_file) : ''
     end
-    def versionlock_config_file
-      VERSIONLOCK_CONFIG_FILE
+    def protector_config_file
+      PROTECTOR_CONFIG_FILE
     end
-    def versionlock_file
-      result = versionlock_config.match(/^\s*locklist\s*=\s*(\S+)/)
-      result.nil? ? nil : File.expand_path(result.captures[0])
+    def enable_protector
+      setup_protector(true)
+    end
+    def disable_protector
+      setup_protector(false)
+    end
+    def setup_protector(enabled)
+      config = protector_config
+      config += "\n" unless config[-1] == "\n"
+      enabled_re = /^\s*enabled\s*=.*$/
+      if enabled_re.match(config)
+        config = config.gsub(enabled_re, "enabled = #{enabled ? '1' : '0'}")
+      else
+        config += "enabled = #{enabled ? '1' : '0'}\n"
+      end
+      File.open(protector_config_file, 'w') { |file| file.puts config }
     end
     def yum_action(action, packages, assumeyes: false)
@@ -131,5 +105,14 @@ module ForemanMaintain::PackageManager
       sys.execute!("yum#{yum_options_s} #{action}#{packages_s}",
                    :interactive => true)
     end
+    def install_extras(src, dest, override: false)
+      extras_src = File.expand_path('../../../../extras', __FILE__)
+      if override ||
+         (File.directory?(dest) && !File.exist?(File.join(dest, src))) ||
+         !File.exist?(dest)
+        FileUtils.cp(File.join(extras_src, src), dest)
+      end
+    end
   end
 end

data/lib/foreman_maintain/runner.rb CHANGED Viewed

@@ -16,6 +16,7 @@ module ForemanMaintain
       @scenarios = Array(scenarios)
       @quit = false
       @last_scenario = nil
+      @last_scenario_continuation_confirmed = false
       @exit_code = 0
     end
@@ -40,18 +41,19 @@ module ForemanMaintain
       end
     end
-    def run_scenario(scenario, confirm = true)
+    def run_scenario(scenario)
       return if scenario.steps.empty?
       raise 'The runner is already in quit state' if quit?
-      if confirm
-        confirm_scenario(scenario)
-        return if quit?
-      end
+      confirm_scenario(scenario)
+      return if quit?
       execute_scenario_steps(scenario)
     ensure
-      @last_scenario = scenario unless scenario.steps.empty?
+      unless scenario.steps.empty?
+        @last_scenario = scenario
+        @last_scenario_continuation_confirmed = false
+      end
       @exit_code = 1 if scenario.failed?
     end
@@ -60,12 +62,13 @@ module ForemanMaintain
     end
     def confirm_scenario(scenario)
-      return unless @last_scenario
+      return if @last_scenario.nil? || @last_scenario_continuation_confirmed
       decision = if @last_scenario.steps_with_error(:whitelisted => false).any? ||
                     @last_scenario.steps_with_abort(:whitelisted => false).any?
                    :quit
                  elsif @last_scenario.steps_with_warning(:whitelisted => false).any?
+                   @last_scenario_continuation_confirmed = true
                    reporter.ask_decision("Continue with [#{scenario.description}]")
                  end
@@ -94,7 +97,7 @@ module ForemanMaintain
     def execute_scenario_steps(scenario, force = false)
       scenario.before_scenarios.flatten.each { |before_scenario| run_scenario(before_scenario) }
-      confirm_scenario(scenario) if @rescue_scenario
+      confirm_scenario(scenario)
       return if !force && quit? # the before scenarios caused the stop of the execution
       @reporter.before_scenario_starts(scenario)

data/lib/foreman_maintain/upgrade_runner.rb CHANGED Viewed

@@ -135,7 +135,7 @@ module ForemanMaintain
         confirm_scenario(scenario)
         return if quit?
         self.phase = phase
-        run_scenario(scenario, false)
+        run_scenario(scenario)
         # if we started from the :pre_upgrade_checks, ensure to ask before
         # continuing with the rest of the upgrade
         @ask_to_confirm_upgrade = phase == :pre_upgrade_checks
@@ -155,12 +155,15 @@ module ForemanMaintain
     private
+    # rubocop:disable Metrics/MethodLength
     def rollback_pre_migrations
       raise "Unexpected phase #{phase}, expecting pre_migrations" unless phase == :pre_migrations
       rollback_needed = scenario(:pre_migrations).steps.any? { |s| s.executed? && s.success? }
       if rollback_needed
         @quit = false
-        @last_scenario = nil # to prevent the unnecessary confirmation questions
+        # prevent the unnecessary confirmation questions
+        @last_scenario = nil
+        @last_scenario_continuation_confirmed = true
         [:post_migrations, :post_upgrade_checks].each do |phase|
           if quit? && phase == :post_upgrade_checks
             self.phase = :pre_migrations
@@ -174,6 +177,7 @@ module ForemanMaintain
         The upgrade failed and system was restored to pre-upgrade state.
       MESSAGE
     end
+    # rubocop:enable Metrics/MethodLength
     def with_non_empty_scenario(phase)
       next_scenario = scenario(phase)

data/lib/foreman_maintain/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ForemanMaintain
-  VERSION = '0.4.6'.freeze
+  VERSION = '0.4.8'.freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: foreman_maintain
 version: !ruby/object:Gem::Version
-  version: 0.4.6
+  version: 0.4.8
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-29 00:00:00.000000000 Z
+date: 2019-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: clamp
@@ -219,6 +219,7 @@ files:
 - definitions/procedures/foreman_tasks/resume.rb
 - definitions/procedures/foreman_tasks/ui_investigate.rb
 - definitions/procedures/hammer_setup.rb
+- definitions/procedures/installer/run.rb
 - definitions/procedures/installer/upgrade.rb
 - definitions/procedures/iptables/add_maintenance_mode_chain.rb
 - definitions/procedures/iptables/remove_maintenance_mode_chain.rb
@@ -226,6 +227,7 @@ files:
 - definitions/procedures/maintenance_mode/is_enabled.rb
 - definitions/procedures/packages/enable_version_locking.rb
 - definitions/procedures/packages/install.rb
+- definitions/procedures/packages/installer_confirmation.rb
 - definitions/procedures/packages/lock_versions.rb
 - definitions/procedures/packages/locking_status.rb
 - definitions/procedures/packages/unlock_versions.rb
@@ -261,6 +263,7 @@ files:
 - definitions/procedures/sync_plans/enable.rb
 - definitions/scenarios/backup.rb
 - definitions/scenarios/maintenance_mode.rb
+- definitions/scenarios/packages.rb
 - definitions/scenarios/restore.rb
 - definitions/scenarios/services.rb
 - definitions/scenarios/upgrade_to_satellite_6_2.rb
@@ -273,7 +276,11 @@ files:
 - definitions/scenarios/upgrade_to_satellite_6_5_z.rb
 - definitions/scenarios/upgrade_to_satellite_6_6.rb
 - definitions/scenarios/upgrade_to_satellite_6_6_z.rb
-- definitions/scenarios/version_locking.rb
+- extras/foreman-maintain.sh
+- extras/foreman_protector/foreman-protector.conf
+- extras/foreman_protector/foreman-protector.py
+- extras/foreman_protector/foreman-protector.whitelist
+- extras/passenger-recycler.cron
 - lib/foreman_maintain.rb
 - lib/foreman_maintain/check.rb
 - lib/foreman_maintain/cli.rb

data/definitions/scenarios/version_locking.rb DELETED Viewed

@@ -1,39 +0,0 @@
-module ForemanMaintain::Scenarios
-  module VersionLocking
-    class Status < ForemanMaintain::Scenario
-      metadata do
-        label :version_locking_status
-        description 'detection of status of package version locking'
-        manual_detection
-      end
-      def compose
-        add_step(Procedures::Packages::LockingStatus)
-      end
-    end
-    class Unlock < ForemanMaintain::Scenario
-      metadata do
-        label :version_locking_unlock
-        description 'unlocking of package versions'
-        manual_detection
-      end
-      def compose
-        add_step(Procedures::Packages::UnlockVersions)
-      end
-    end
-    class Lock < ForemanMaintain::Scenario
-      metadata do
-        label :version_locking_lock
-        description 'locking of package versions'
-        manual_detection
-      end
-      def compose
-        add_step(Procedures::Packages::LockVersions)
-      end
-    end
-  end
-end