def _get_rhsm_cert_on_centos_7(): """There's a RHSM-related bug on CentOS 7: https://bugs.centos.org/view.php?id=14785 - The subscription-manager-rhsm-certificates is missing the necessary /etc/rhsm/ca/redhat-uep.pem. - This cert is still available in the python-rhsm-certificates package which is not possible to install (because it is obsoleted by the subscription-manager-rhsm-certificates). The workaround is to download the python-rhsm-certificates and extract the certificate from it. """ loggerinst = logging.getLogger(__name__) cert_pkg_path = utils.download_pkg(pkg="python-rhsm-certificates", dest=_RHSM_TMP_DIR, reposdir=_RHSM_TMP_DIR) exit_on_failed_download([cert_pkg_path]) output, ret_code = utils.run_subprocess("rpm2cpio %s" % cert_pkg_path, print_output=False) if ret_code != 0: loggerinst.critical( "Failed to extract cpio archive from the %s package." % cert_pkg_path) cpio_filepath = cert_pkg_path + ".cpio" utils.store_content_to_file(filename=cpio_filepath, content=output) cert_path = "/etc/rhsm/ca/redhat-uep.pem" utils.mkdir_p("/etc/rhsm/ca/") output, ret_code = utils.run_subprocess( "cpio --quiet -F %s -iv --to-stdout .%s" % (cpio_filepath, cert_path), print_output=False) # cpio return code 0 even if the requested file is not in the archive - but then the output is 0 chars if ret_code != 0 or not output: loggerinst.critical( "Failed to extract the %s certificate from the %s archive." % (cert_path, cpio_filepath)) utils.store_content_to_file(cert_path, output)
def perform_java_openjdk_workaround(): """Resolve a yum transaction failure on CentOS/OL 6 related to the java-1.7.0-openjdk package. The java-1.7.0-openjdk package expects that the /var/lib/rpm-state/ directory is present. Yet, it may be missing. This directory is supposed to be created by the copy-jdk-configs package during the system installation, but it does not do that: https://bugzilla.redhat.com/show_bug.cgi?id=1620053#c14. If the original system has an older version of copy-jdk-configs installed than the one available in RHEL repos, the issue does not occur because the copy-jdk-configs is updated together with the java-1.7.0-openjdk package and a pretrans script of the copy-jdk-configs creates the dir. In case there's no newer version of copy-jdk-configs available in RHEL but a newer version of java-1.7.0-openjdk is available, we need to create the /var/lib/rpm-state/ directory as suggested in https://access.redhat.com/solutions/3573891. """ logger.info("Checking if java-1.7.0-openjdk is installed.") if system_info.is_rpm_installed(name="java-1.7.0-openjdk"): logger.info( "Package java-1.7.0-openjdk found. Applying workaround in" "accordance with https://access.redhat.com/solutions/3573891.") try: mkdir_p(OPENJDK_RPM_STATE_DIR) except OSError: logger.warning("Unable to create the %s directory." % OPENJDK_RPM_STATE_DIR) else: logger.info("openjdk workaround applied successfully.") else: logger.info("java-1.7.0-openjdk not installed.")
def download_rhsm_pkgs(): """Download all the packages necessary for a successful registration to the Red Hat Subscription Management. The packages are available in non-standard repositories, so additional repofiles need to be used. The downloaded RPMs are to be installed in a later stage of the conversion. """ utils.mkdir_p(_RHSM_TMP_DIR) pkgs_to_download = [ "subscription-manager", "subscription-manager-rhsm-certificates" ] if system_info.version.major == 6: pkgs_to_download.append("subscription-manager-rhsm") _download_rhsm_pkgs(pkgs_to_download, _CENTOS_6_REPO_PATH, _CENTOS_6_REPO_CONTENT) elif system_info.version.major == 7: pkgs_to_download += ["subscription-manager-rhsm", "python-syspurpose"] _download_rhsm_pkgs(pkgs_to_download, _CENTOS_7_REPO_PATH, _CENTOS_7_REPO_CONTENT) _get_rhsm_cert_on_centos_7() elif system_info.version.major == 8: pkgs_to_download += [ "python3-subscription-manager-rhsm", "dnf-plugin-subscription-manager", "python3-syspurpose" ] _download_rhsm_pkgs(pkgs_to_download, _UBI_8_REPO_PATH, _UBI_8_REPO_CONTENT)
def download_rhsm_pkgs(): """Download all the packages necessary for a successful registration to the Red Hat Subscription Management. The packages are available in non-standard repositories, so additional repofiles need to be used. The downloaded RPMs are to be installed in a later stage of the conversion. """ if tool_opts.keep_rhsm: loggerinst.info("Skipping due to the use of --keep-rhsm.") return utils.mkdir_p(_RHSM_TMP_DIR) pkgs_to_download = [ "subscription-manager", "subscription-manager-rhsm-certificates", ] if system_info.version.major == 6: pkgs_to_download.append("subscription-manager-rhsm") _download_rhsm_pkgs(pkgs_to_download, _CENTOS_6_REPO_PATH, _CENTOS_6_REPO_CONTENT) elif system_info.version.major == 7: pkgs_to_download += ["subscription-manager-rhsm", "python-syspurpose"] _download_rhsm_pkgs(pkgs_to_download, _UBI_7_REPO_PATH, _UBI_7_REPO_CONTENT) elif system_info.version.major == 8: pkgs_to_download += [ "python3-subscription-manager-rhsm", "dnf-plugin-subscription-manager", "python3-syspurpose", "python3-cloud-what", "json-c.x86_64", # there's also an i686 version which we don't need ] _download_rhsm_pkgs(pkgs_to_download, _UBI_8_REPO_PATH, _UBI_8_REPO_CONTENT)
def test_get_cert_path_missing_cert(self): # Create temporary directory that has no certificate cert_dir = os.path.join(utils.DATA_DIR, "rhel-certs", system_info.arch) utils.mkdir_p(cert_dir) # Check response for the non-existing certificate in the temporary dir self.assertRaises(SystemExit, cert.SystemCert._get_cert) self.assertEqual(len(cert.loggerinst.critical_msgs), 1) # Remove the temporary directory tree shutil.rmtree(os.path.join(utils.DATA_DIR, "rhel-certs"))
def install(self): """RHEL certificate (.pem) is used by subscription-manager to determine the running system type/version. """ try: utils.mkdir_p(self._target_cert_dir) shutil.copy(self._source_cert_path, self._target_cert_dir) except OSError as err: loggerinst.critical("OSError({0}): {1}".format(err.errno, err.strerror)) loggerinst.info("Certificate %s copied to %s." % (self._cert_filename, self._target_cert_dir))
def copy_cert_for_rhel_5(): """RHEL certificate (.pem) is used by subscription-manager to determine the running system type/version. On RHEL 5, subscription-manager looks for the certificates in /etc/pki/product/ even though the redhat-release package installs it in /etc/pki/product-default/. This discrepancy has been reported in https://bugzilla.redhat.com/show_bug.cgi?id=1321012 with WONTFIX status. """ if system_info.version == "5": for cert in glob.glob(_REDHAT_RELEASE_CERT_DIR + "*.pem"): utils.mkdir_p(_SUBSCRIPTION_MANAGER_CERT_DIR) shutil.copy(cert, _SUBSCRIPTION_MANAGER_CERT_DIR)
def perform_java_openjdk_workaround(): if system_info.is_rpm_installed(name="java-1.7.0-openjdk"): logger.info( "Package java-1.7.0-openjdk found. Applying workaround in" "accordance with https://access.redhat.com/solutions/3573891") try: mkdir_p(OPENJDK_RPM_STATE_DIR) except OSError: logger.warning("Can't create %s directory." % OPENJDK_RPM_STATE_DIR) else: logger.info("openjdk workaround applied successfully.")
def install(self): """RHEL certificate (.pem) is used by subscription-manager to determine the running system type/version. """ loggerinst.info("Installing RHEL certificate to the system.") try: utils.mkdir_p(self._system_cert_dir) shutil.copy(self._cert_path, self._system_cert_dir) except OSError as err: loggerinst.critical("OSError({0}): {1}".format(err.errno, err.strerror)) loggerinst.debug("Certificate copied to %s." % self._system_cert_dir)
def resolve_system_info(self): self.logger = logging.getLogger(__name__) self.system_release_file_content = self._get_system_release_file_content() self.name = self._get_system_name() self.id = self.name.split()[0].lower() self.version = self._get_system_version() self.arch = self._get_architecture() utils.mkdir_p(utils.TMP_DIR) self.cfg_filename = self._get_cfg_filename() self.cfg_content = self._get_cfg_content() self.pkg_blacklist = self._get_pkg_blacklist() self.default_repository_id = self._get_default_repository_id() self.fingerprints_orig_os = self._get_gpg_key_fingerprints() self._generate_rpm_va()