foreman_maintain 1.9.1 → 1.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/definitions/checks/check_sha1_certificate_authority.rb +27 -7
- data/definitions/checks/disk/postgresql_mountpoint.rb +35 -0
- data/definitions/scenarios/foreman_upgrade.rb +1 -0
- data/definitions/scenarios/satellite_upgrade.rb +1 -0
- data/lib/foreman_maintain/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 353f969fb5c1563fa146f6f5cca6a9a5c0a42e22564aa6e26d0d5d2b58d1b943
|
|
4
|
+
data.tar.gz: b9f71f13a94ffef3cf8b338faf4d43f5aa053c58f84327713581c2f8b8bc6fa8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 81316471839fc3ac86ecc96edccecdf4b6475bdd908ab79c1d55eba6d07a8bad0e75aaa83a440449fc8bf357e1c93df87e0d5f45f4211ba602172be9fde31bd4
|
|
7
|
+
data.tar.gz: ae7ae727511fe75f9c517de28a93c66231c5e6e2a362541f769a5d99c364f4b49f9bf80b178b1def23fd6f4d83596fdc0d83e06e89540a17d0751bc838347797
|
|
@@ -16,14 +16,34 @@ class Checks::CheckSha1CertificateAuthority < ForemanMaintain::Check
|
|
|
16
16
|
|
|
17
17
|
return unless server_ca
|
|
18
18
|
|
|
19
|
-
|
|
19
|
+
begin
|
|
20
|
+
certificates = load_fullchain(server_ca)
|
|
21
|
+
rescue OpenSSL::X509::CertificateError => e
|
|
22
|
+
assert(false, "Error reading server CA certificate #{server_ca}.\n #{e.message}")
|
|
23
|
+
else
|
|
24
|
+
msg = <<~MSG
|
|
25
|
+
Server CA certificate #{server_ca} signed with sha1 which will break on upgrade.
|
|
26
|
+
Update the server CA certificate with one signed with sha256 or
|
|
27
|
+
stronger then proceed with the upgrade.
|
|
28
|
+
MSG
|
|
20
29
|
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
30
|
+
assert(
|
|
31
|
+
certificates.all? { |cert| cert.signature_algorithm != 'sha1WithRSAEncryption' },
|
|
32
|
+
msg
|
|
33
|
+
)
|
|
34
|
+
end
|
|
35
|
+
end
|
|
26
36
|
|
|
27
|
-
|
|
37
|
+
def load_fullchain(bundle_pem)
|
|
38
|
+
if OpenSSL::X509::Certificate.respond_to?(:load_file)
|
|
39
|
+
OpenSSL::X509::Certificate.load_file(bundle_pem)
|
|
40
|
+
else
|
|
41
|
+
# Can be removed when only Ruby with load_file support is supported
|
|
42
|
+
File.binread(bundle_pem).
|
|
43
|
+
lines.
|
|
44
|
+
slice_after(/^-----END CERTIFICATE-----/).
|
|
45
|
+
filter { |pem| pem.join.include?('-----END CERTIFICATE-----') }.
|
|
46
|
+
map { |pem| OpenSSL::X509::Certificate.new(pem.join) }
|
|
47
|
+
end
|
|
28
48
|
end
|
|
29
49
|
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
module Checks
|
|
2
|
+
module Disk
|
|
3
|
+
class PostgresqlMountpoint < ForemanMaintain::Check
|
|
4
|
+
metadata do
|
|
5
|
+
label :postgresql_mountpoint
|
|
6
|
+
description 'Check to make sure PostgreSQL data is not on an own mountpoint'
|
|
7
|
+
confine do
|
|
8
|
+
feature(:instance).postgresql_local? && ForemanMaintain.el?
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def run
|
|
13
|
+
assert(psql_dir_device == psql_data_dir_device, warning_message)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def psql_dir_device
|
|
17
|
+
device = ForemanMaintain::Utils::Disk::Device.new('/var/lib/pgsql')
|
|
18
|
+
device.name
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def psql_data_dir_device
|
|
22
|
+
device = ForemanMaintain::Utils::Disk::Device.new('/var/lib/pgsql/data')
|
|
23
|
+
device.name
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
def warning_message
|
|
27
|
+
<<~MSG
|
|
28
|
+
PostgreSQL data (/var/lib/pgsql/data) is on a different device than /var/lib/pgsql.
|
|
29
|
+
This is not supported and breaks PostgreSQL upgrades.
|
|
30
|
+
Please ensure PostgreSQL data is on the same mountpoint as the /var/lib/pgsql.
|
|
31
|
+
MSG
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -39,6 +39,7 @@ module Scenarios::Foreman
|
|
|
39
39
|
Checks::Disk::AvailableSpace,
|
|
40
40
|
Checks::Disk::AvailableSpaceCandlepin, # if candlepin
|
|
41
41
|
Checks::Disk::AvailableSpacePostgresql13,
|
|
42
|
+
Checks::Disk::PostgresqlMountpoint,
|
|
42
43
|
Checks::Foreman::ValidateExternalDbVersion, # if external database
|
|
43
44
|
Checks::Foreman::CheckExternalDbEvrPermissions, # if external database
|
|
44
45
|
Checks::Foreman::CheckCorruptedRoles,
|
|
@@ -38,6 +38,7 @@ module Scenarios::Satellite
|
|
|
38
38
|
Checks::CheckUpstreamRepository,
|
|
39
39
|
Checks::Disk::AvailableSpace,
|
|
40
40
|
Checks::Disk::AvailableSpaceCandlepin, # if candlepin
|
|
41
|
+
Checks::Disk::PostgresqlMountpoint,
|
|
41
42
|
Checks::Foreman::ValidateExternalDbVersion, # if external database
|
|
42
43
|
Checks::Foreman::CheckExternalDbEvrPermissions, # if external database
|
|
43
44
|
Checks::Foreman::CheckCorruptedRoles,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: foreman_maintain
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.9.
|
|
4
|
+
version: 1.9.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2025-01-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: clamp
|
|
@@ -167,6 +167,7 @@ files:
|
|
|
167
167
|
- definitions/checks/disk/available_space_candlepin.rb
|
|
168
168
|
- definitions/checks/disk/available_space_postgresql13.rb
|
|
169
169
|
- definitions/checks/disk/performance.rb
|
|
170
|
+
- definitions/checks/disk/postgresql_mountpoint.rb
|
|
170
171
|
- definitions/checks/env_proxy.rb
|
|
171
172
|
- definitions/checks/foreman/check_corrupted_roles.rb
|
|
172
173
|
- definitions/checks/foreman/check_duplicate_permission.rb
|