def _get_product_certificate_path():
"""
Retrieves the required / used product certificate for RHSM.
"""
architecture = api.current_actor().configuration.architecture
target_version = api.current_actor().configuration.version.target
target_product_type = get_product_type('target')
certs_dir = api.get_common_folder_path(PROD_CERTS_FOLDER)
# TODO: do we need EUS/... here or is it ga one enough to get eus repos?
prod_certs = {
'x86_64': {
'ga': '479.pem',
'beta': '486.pem',
'htb': '230.pem',
},
'aarch64': {
'ga': '419.pem',
'beta': '363.pem',
'htb': '489.pem',
},
'ppc64le': {
'ga': '279.pem',
'beta': '362.pem',
'htb': '233.pem',
},
's390x': {
'ga': '72.pem',
'beta': '433.pem',
'htb': '232.pem',
}
}
try:
cert = prod_certs[architecture][target_product_type]
except KeyError as e:
raise StopActorExecutionError(message=(
'Failed to determine what certificate to use for {}.'.format(e)))
cert_path = os.path.join(certs_dir, target_version, cert)
if not os.path.isfile(cert_path):
details = {'missing certificate': cert, 'path': cert_path}
if target_product_type != 'ga':
details['hint'] = (
'You chose to upgrade to beta or htb system but probably'
' chose version for which beta/htb certificates are not'
' attached (e.g. because the GA has been released already).'
' Set the target os version for which the {} certificate'
' is provided using the LEAPP_DEVEL_TARGET_RELEASE envar.'.
format(cert))
details['search cmd'] = 'find {} | grep {}'.format(certs_dir, cert)
raise StopActorExecutionError(
message=
'Cannot find the product certificate file for the chosen target system.',
details=details)
return cert_path
def copy_rhui_data(context, provider):
rhui_dir = api.get_common_folder_path('rhui')
data_dir = os.path.join(rhui_dir, provider)
context.call(['mkdir', '-p', RHUI_PKI_PRODUCT_DIR])
context.call(['mkdir', '-p', RHUI_PKI_PRIVATE_DIR])
for path_ in gen_rhui_files_map().get(provider, ()):
context.copy_to(os.path.join(data_dir, path_[0]), path_[1])
def copy_rhui_data(context, provider):
"""
Copy relevant RHUI cerificates and key into the target userspace container
"""
rhui_dir = api.get_common_folder_path('rhui')
data_dir = os.path.join(rhui_dir, provider)
context.call(['mkdir', '-p', RHUI_PKI_PRODUCT_DIR])
context.call(['mkdir', '-p', RHUI_PKI_PRIVATE_DIR])
for path_ in gen_rhui_files_map().get(provider, ()):
context.copy_to(os.path.join(data_dir, path_[0]), path_[1])
def _get_product_certificate_path():
"""
Retrieves the required / used product certificate for RHSM.
"""
variant = api.current_actor().configuration.os_release.variant_id
architecture = api.current_actor().configuration.architecture
target_version = api.current_actor().configuration.version.target
# TODO: so far only base channel is available in rhel8
target_channel = 'base'
certs_folder = api.get_common_folder_path(PROD_CERTS_FOLDER)
prod_certs = {
'server': {
'x86_64': {
'base': '479.pem',
# 'EUS': TBD
},
'aarch64': {
'base': '419.pem',
# 'EUS': TBD
},
'ppc64le': {
'base': '279.pem',
# 'EUS': TBD
},
's390x': {
'base': '72.pem',
# 'EUS': TBD
}
}
}
try:
cert = prod_certs[variant][architecture][target_channel]
except KeyError as e:
raise StopActorExecutionError(message=(
'Failed to determine what certificate to use for {}.'.format(e)))
return os.path.join(certs_folder, target_version, cert)
def _get_product_certificate_path():
"""
Retrieve the required / used product certificate for RHSM.
"""
architecture = api.current_actor().configuration.architecture
target_version = api.current_actor().configuration.version.target
target_product_type = get_product_type('target')
certs_dir = api.get_common_folder_path(PROD_CERTS_FOLDER)
# We do not need any special certificates to reach repos from non-ga channels, only beta requires special cert.
if target_product_type != 'beta':
target_product_type = 'ga'
prod_certs = {
'x86_64': {
'ga': '479.pem',
'beta': '486.pem',
},
'aarch64': {
'ga': '419.pem',
'beta': '363.pem',
},
'ppc64le': {
'ga': '279.pem',
'beta': '362.pem',
},
's390x': {
'ga': '72.pem',
'beta': '433.pem',
}
}
try:
cert = prod_certs[architecture][target_product_type]
except KeyError as e:
raise StopActorExecutionError(message=(
'Failed to determine what certificate to use for {}.'.format(e)))
cert_path = os.path.join(certs_dir, target_version, cert)
if not os.path.isfile(cert_path):
additional_summary = ''
if target_product_type != 'ga':
additional_summary = (
' This can happen when upgrading a beta system and the chosen target version does not have'
' beta certificates attached (for example, because the GA has been released already).'
)
reporting.create_report([
reporting.Title(
'Cannot find the product certificate file for the chosen target system.'
),
reporting.Summary(
'Expected certificate: {cert} with path {path} but it could not be found.{additional}'
.format(cert=cert,
path=cert_path,
additional=additional_summary)),
reporting.Tags([reporting.Tags.REPOSITORY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Severity(reporting.Severity.HIGH),
reporting.Remediation(hint=(
'Set the corresponding target os version in the LEAPP_DEVEL_TARGET_RELEASE environment variable for'
'which the {cert} certificate is provided'.format(cert=cert))),
])
raise StopActorExecution()
return cert_path