foreman_maintain 1.9.1 → 1.9.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/definitions/checks/check_sha1_certificate_authority.rb +27 -7
- data/definitions/checks/disk/postgresql_mountpoint.rb +35 -0
- data/definitions/scenarios/foreman_upgrade.rb +1 -0
- data/definitions/scenarios/satellite_upgrade.rb +1 -0
- data/lib/foreman_maintain/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 353f969fb5c1563fa146f6f5cca6a9a5c0a42e22564aa6e26d0d5d2b58d1b943
|
|
4
|
+
data.tar.gz: b9f71f13a94ffef3cf8b338faf4d43f5aa053c58f84327713581c2f8b8bc6fa8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 81316471839fc3ac86ecc96edccecdf4b6475bdd908ab79c1d55eba6d07a8bad0e75aaa83a440449fc8bf357e1c93df87e0d5f45f4211ba602172be9fde31bd4
|
|
7
|
+
data.tar.gz: ae7ae727511fe75f9c517de28a93c66231c5e6e2a362541f769a5d99c364f4b49f9bf80b178b1def23fd6f4d83596fdc0d83e06e89540a17d0751bc838347797
|
|
@@ -16,14 +16,34 @@ class Checks::CheckSha1CertificateAuthority < ForemanMaintain::Check
|
|
|
16
16
|
|
|
17
17
|
return unless server_ca
|
|
18
18
|
|
|
19
|
-
|
|
19
|
+
begin
|
|
20
|
+
certificates = load_fullchain(server_ca)
|
|
21
|
+
rescue OpenSSL::X509::CertificateError => e
|
|
22
|
+
assert(false, "Error reading server CA certificate #{server_ca}.\n #{e.message}")
|
|
23
|
+
else
|
|
24
|
+
msg = <<~MSG
|
|
25
|
+
Server CA certificate #{server_ca} signed with sha1 which will break on upgrade.
|
|
26
|
+
Update the server CA certificate with one signed with sha256 or
|
|
27
|
+
stronger then proceed with the upgrade.
|
|
28
|
+
MSG
|
|
20
29
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
30
|
+
assert(
|
|
31
|
+
certificates.all? { |cert| cert.signature_algorithm != 'sha1WithRSAEncryption' },
|
|
32
|
+
msg
|
|
33
|
+
)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
26
36
|
|
|
27
|
-
|
|
37
|
+
def load_fullchain(bundle_pem)
|
|
38
|
+
if OpenSSL::X509::Certificate.respond_to?(:load_file)
|
|
39
|
+
OpenSSL::X509::Certificate.load_file(bundle_pem)
|
|
40
|
+
else
|
|
41
|
+
# Can be removed when only Ruby with load_file support is supported
|
|
42
|
+
File.binread(bundle_pem).
|
|
43
|
+
lines.
|
|
44
|
+
slice_after(/^-----END CERTIFICATE-----/).
|
|
45
|
+
filter { |pem| pem.join.include?('-----END CERTIFICATE-----') }.
|
|
46
|
+
map { |pem| OpenSSL::X509::Certificate.new(pem.join) }
|
|
47
|
+
end
|
|
28
48
|
end
|
|
29
49
|
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
module Checks
|
|
2
|
+
module Disk
|
|
3
|
+
class PostgresqlMountpoint < ForemanMaintain::Check
|
|
4
|
+
metadata do
|
|
5
|
+
label :postgresql_mountpoint
|
|
6
|
+
description 'Check to make sure PostgreSQL data is not on an own mountpoint'
|
|
7
|
+
confine do
|
|
8
|
+
feature(:instance).postgresql_local? && ForemanMaintain.el?
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def run
|
|
13
|
+
assert(psql_dir_device == psql_data_dir_device, warning_message)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def psql_dir_device
|
|
17
|
+
device = ForemanMaintain::Utils::Disk::Device.new('/var/lib/pgsql')
|
|
18
|
+
device.name
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def psql_data_dir_device
|
|
22
|
+
device = ForemanMaintain::Utils::Disk::Device.new('/var/lib/pgsql/data')
|
|
23
|
+
device.name
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def warning_message
|
|
27
|
+
<<~MSG
|
|
28
|
+
PostgreSQL data (/var/lib/pgsql/data) is on a different device than /var/lib/pgsql.
|
|
29
|
+
This is not supported and breaks PostgreSQL upgrades.
|
|
30
|
+
Please ensure PostgreSQL data is on the same mountpoint as the /var/lib/pgsql.
|
|
31
|
+
MSG
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -39,6 +39,7 @@ module Scenarios::Foreman
|
|
|
39
39
|
Checks::Disk::AvailableSpace,
|
|
40
40
|
Checks::Disk::AvailableSpaceCandlepin, # if candlepin
|
|
41
41
|
Checks::Disk::AvailableSpacePostgresql13,
|
|
42
|
+
Checks::Disk::PostgresqlMountpoint,
|
|
42
43
|
Checks::Foreman::ValidateExternalDbVersion, # if external database
|
|
43
44
|
Checks::Foreman::CheckExternalDbEvrPermissions, # if external database
|
|
44
45
|
Checks::Foreman::CheckCorruptedRoles,
|
|
@@ -38,6 +38,7 @@ module Scenarios::Satellite
|
|
|
38
38
|
Checks::CheckUpstreamRepository,
|
|
39
39
|
Checks::Disk::AvailableSpace,
|
|
40
40
|
Checks::Disk::AvailableSpaceCandlepin, # if candlepin
|
|
41
|
+
Checks::Disk::PostgresqlMountpoint,
|
|
41
42
|
Checks::Foreman::ValidateExternalDbVersion, # if external database
|
|
42
43
|
Checks::Foreman::CheckExternalDbEvrPermissions, # if external database
|
|
43
44
|
Checks::Foreman::CheckCorruptedRoles,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_maintain
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.9.
|
|
4
|
+
version: 1.9.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: clamp
|
|
@@ -167,6 +167,7 @@ files:
|
|
|
167
167
|
- definitions/checks/disk/available_space_candlepin.rb
|
|
168
168
|
- definitions/checks/disk/available_space_postgresql13.rb
|
|
169
169
|
- definitions/checks/disk/performance.rb
|
|
170
|
+
- definitions/checks/disk/postgresql_mountpoint.rb
|
|
170
171
|
- definitions/checks/env_proxy.rb
|
|
171
172
|
- definitions/checks/foreman/check_corrupted_roles.rb
|
|
172
173
|
- definitions/checks/foreman/check_duplicate_permission.rb
|