def host_uuid(self):
"""
Determine host UUID and if there is no existing /etc/vdsm/vdsm.id
it will genereate UUID and save/persist in /etc/vdsm/vdsm.id
"""
if self.vdsm_uuid:
self.uuid = self.vdsm_uuid
else:
self.uuid = host.uuid()
self.url_reg += "&uniqueId={u}".format(u=self.uuid)
self.logger.debug("Registration via: {u}".format(u=self.url_reg))
__VDSM_ID = "/etc/vdsm/vdsm.id"
if self.vdsm_uuid and os.path.exists(__VDSM_ID):
if utils.isOvirtNode():
from ovirt.node.utils.fs import Config
Config().unpersist(__VDSM_ID)
os.unlink(__VDSM_ID)
if not os.path.exists(__VDSM_ID):
with open(__VDSM_ID, 'w') as f:
f.write(self.uuid)
if utils.isOvirtNode():
from ovirt.node.utils.fs import Config
Config().persist(__VDSM_ID)
self.logger.info("Host UUID: {u}".format(u=self.uuid))
def commit(self):
def scrub(f):
if Config().exists(f):
Config().unpersist(f)
# Unlinking causes problems with satellite5. Why?
# os.unlink(f)
# find old SAM/Sat 6 registrations
if Config().exists("/etc/rhsm/rhsm.conf"):
try:
process.call(["subscription-manager",
"remove", "--all"])
process.call(["subscription-manager", "clean"])
Config().unpersist("/etc/rhsm/rhsm.conf")
except process.CalledProcessError:
raise RuntimeError("Couldn't remove old configuration!"
" Check the output of "
"subscription-manager remove --all")
# First two are Sat5/RHN classic, last two are SAM/Sat6
configs = ["/etc/sysconfig/rhn/systemid",
"/etc/sysconfig/rhn/up2date",
"/var/lib/rhsm/cache/installed_products.json",
"/var/lib/rhsm/facts/facts.json"]
configs.extend(glob.glob("/etc/pki/consumer/*pem*"))
[scrub(f) for f in configs]
# Don't rely on Vars.location, since it may not be set, but we
# should remove this regardless
cert_path = "/etc/rhsm/ca/candlepin-local.pem"
if os.path.exists(cert_path):
Config().unpersist(cert_path)
os.unlink(cert_path)
Config().unpersist("/etc/cron.d/rhn-virtualization.cron")
def commit(self):
from ovirtnode.storage import storage_auto
if storage_auto():
# store /etc/shadow if adminpw/rootpw are set,
# handled already in ovirt-early
args = File("/proc/cmdline").read()
if "adminpw" in args or "rootpw" in args:
print "Storing /etc/shadow"
Config().persist("/etc/passwd")
Config().persist("/etc/shadow")
else:
raise RuntimeError("Automatic installation failed. " +
"Please review /var/log/ovirt.log")
def download_ca(self):
"""
Download CA from Engine and save self.ca_engine
"""
self.logger.info("Collecting CA data from Engine...")
# If engine CA dir doesnt exist create it and download the ca.pem
temp_ca_file = None
if os.path.exists(self.ca_engine):
calculated_fprint = self._calculate_fingerprint(self.ca_engine)
else:
if not os.path.exists(self.ca_dir):
os.makedirs(self.ca_dir, 0o755)
self._silent_restorecon(self.ca_dir)
if utils.isOvirtNode():
from ovirt.node.utils.fs import Config
Config().persist(self.ca_dir)
res = self._execute_http_request(self.url_CA,
cert_validation=False)
with tempfile.NamedTemporaryFile(dir=os.path.dirname(self.ca_dir),
delete=False) as f:
f.write(res)
calculated_fprint = self._calculate_fingerprint(f.name)
temp_ca_file = True
if self.fprint and self.fprint.lower() != calculated_fprint.lower():
msg = "The fingeprints doesn't match:\n" \
"Calculated fingerprint: [{c}]\n" \
"Attribute fingerprint: [{a}]".format(c=calculated_fprint,
a=self.fprint)
self.logger.debug(msg)
if temp_ca_file:
os.unlink(f.name)
raise RuntimeError(msg)
if temp_ca_file:
os.rename(f.name, self.ca_engine)
self.fprint = calculated_fprint
self.logger.info("Calculated fingerprint: {f}".format(f=self.fprint))
if utils.isOvirtNode():
from ovirt.node.utils.fs import Config
Config().persist(self.ca_engine)
def persist(path):
try:
from ovirt.node.utils.fs import Config
cfg = Config()
cfg.persist(path)
except ImportError:
raise RuntimeError(
'Use ohostedcons.CoreEnv.NODE_SETUP for ensuring module '
'availability')
def commit(self):
from ovirt.node.utils import AugeasWrapper
aug = AugeasWrapper()
if OVIRT_VARS["OVIRT_SSH_PWAUTH"] == "yes":
aug.set("/files/etc/ssh/sshd_config/PasswordAuthentication", "yes")
elif OVIRT_VARS["OVIRT_SSH_PWAUTH"] == "no":
aug.set("/files/etc/ssh/sshd_config/PasswordAuthentication", "no")
Config().persist("/etc/ssh/sshd_config")
process.call("service sshd restart &> /dev/null", shell=True)
def commit(self):
initial_args = ["subscription-manager"]
initial_args.extend(["config"])
host = None
port = None
prefix = None
if cfg["url"]:
host, port, prefix = RHN().parse_host_uri(cfg["url"])
# Default to /rhsm for Satellite 6
if cfg["ca_cert"] and \
DEFAULT_CA_SAT6 in cfg["ca_cert"] and \
cfg["rhntype"] == "satellite":
prefix = "/rhsm"
else:
# Default values for public SAM
host = "subscription.rhn.redhat.com"
prefix = "/subscription"
# Assume https unless we matched another scheme, probably http
port = str(port) if port else "443"
mapping = {"--server.hostname": host,
"--server.port": port,
}
# Figure out what other arguments need to be set
# If there's a ca certificate or it's satellite, it's sat6
if cfg["ca_cert"] and DEFAULT_CA_SAT6 in cfg["ca_cert"] and \
cfg["rhntype"] and cfg["rhntype"] == "satellite":
mapping["--server.prefix"] = prefix
else:
prefix = "%s/%s" % (host, prefix) if prefix else \
"%s/pulp/repos" % host
mapping["--rhsm.baseurl"] = prefix
# FIXME: Why are we setting a default value if this was set?
# Feels like it should be the other way. Investigate
if cfg["ca_cert"]:
mapping["--rhsm.repo_ca_cert"] = \
"/etc/rhsm/ca/candlepin-local.pem"
ab = ArgBuilder(initial_args, mapping)
try:
process.check_call(ab.get_commandlist())
Config().persist("/etc/rhsm/rhsm.conf")
except process.CalledProcessError:
self.logger.debug("Calling subscription-manager with "
"'%s' failed!" % ab.get_commandlist(
string=True))
raise RuntimeError("Error updating subscription manager "
"configuration")
def unpersist(self, fname):
"""
Execute the unpersist command in ovirt-node
"""
try:
if self.check() and fname is not None:
from ovirt.node.utils.fs import Config
Config().unpersist(fname)
except Exception as e:
self.logger.exception("Exception: {exp}".format(exp=e))
raise RuntimeError("Cannot unpersist {f}:\n {exc}".format(f=fname,
exc=e))
def commit(self):
self.logger.info("Registering to RHN account...")
# Filter out passwords from the log
logged_args = Vars.argbuilder.get_commandlist(string=True,
filtered=True)
self.logger.debug(logged_args)
try:
process.check_call(Vars.argbuilder.get_commandlist())
Config().persist("/etc/sysconfig/rhn/up2date")
Config().persist("/etc/sysconfig/rhn/systemid")
if cfg["url"]:
self.logger.info("System %s successfully registered to"
" %s" % (cfg["profile"], cfg["url"]))
else:
self.logger.info("System successfully registered to"
"RHN classic")
except process.CalledProcessError:
self.logger.exception("Failed to call: %s" % logged_args)
raise RuntimeError("Error registering to RHN account")
def download_ssh(self):
"""
Download ssh authorized keys and save it in the node
"""
self.logger.info("Collecting ssh pub key data...")
_uid = pwd.getpwnam(self.ssh_user).pw_uid
_auth_keys_dir = pwd.getpwuid(_uid).pw_dir + "/.ssh"
_auth_keys = _auth_keys_dir + "/authorized_keys"
self.logger.debug("auth_key is located {f}".format(f=_auth_keys))
if not os.path.exists(_auth_keys_dir):
os.makedirs(_auth_keys_dir, 0o700)
self._silent_restorecon(_auth_keys_dir)
if utils.isOvirtNode():
from ovirt.node.utils.fs import Config
Config().persist(_auth_keys_dir)
os.chown(_auth_keys_dir, _uid, _uid)
res = self._execute_http_request(self.url_ssh_key)
with tempfile.NamedTemporaryFile(dir=_auth_keys_dir,
delete=False) as f:
f.write(res)
# If ssh key is new append it into autorized_keys
with open(f.name, "r") as f_ro:
content = f_ro.read()
with open(_auth_keys, "a+") as f_w:
if content not in f_w.read():
f_w.write(content)
os.chmod(_auth_keys, 0o600)
self._silent_restorecon(_auth_keys)
os.chown(_auth_keys, _uid, _uid)
os.unlink(f.name)
if utils.isOvirtNode():
from ovirt.node.utils.fs import Config
Config().persist(_auth_keys)
def commit(self):
if not os.path.exists(Vars.location):
def build_proxies():
if cfg["proxyuser"] and proxypass:
proxy_prefix = "%s:%s" % (cfg["proxyuser"],
proxypass)
elif cfg["proxyuser"]:
proxy_prefix = "%s" % cfg["proxyuser"]
cfg["proxy"] = cfg["proxy"] if ":" in cfg["proxy"] \
else cfg["proxy"] + ":3128"
proxy_str = "http://%s@%s" % (proxy_prefix,
cfg["proxy"])
proxylist = {
"http": proxy_str,
"https": proxy_str,
"ftp": proxy_str
}
return proxylist
proxies = None
if cfg["proxy"]:
proxies = build_proxies()
self.logger.info("Downloading CA cert from: %s as %s" %
(Vars.ca_cert, Vars.location))
RHN().retrieve_cert(Vars.ca_cert, Vars.location, proxies)
if os.stat(Vars.location).st_size == 0:
os.unlink(Vars.location)
raise RuntimeError("SSL certificate %s has has zero size, "
"can't use it. Please check the URL" %
Vars.location)
else:
Config().persist(Vars.location)
def _determine_migration_func(self):
"""Determins if a migration and which migration is necessary
"""
migration_func = None
cfgver = defaults.ConfigVersion().retrieve()["ver"]
if not Config().exists("/etc/default/ovirt"):
# If the cfg file is not persisted, then this is probably
# a fresh installation, no migration needed
self.logger.info("No migration needed during installation")
elif cfgver is None:
# config is persisted, but no version set, we assume it is an
# update from pre ovirt-node-3 to ovirt-node-3
def importConfigs():
self.logger.info("Assuming pre ovirt-node-3.0 config")
ImportConfigs().translate_all()
migration_func = importConfigs
return migration_func
def scrub(f):
if Config().exists(f):
Config().unpersist(f)
import time
import vdsm.infra.zombiereaper as zombiereaper
from cpopen import CPopen
from . import cmdutils
from . import constants
try:
# If failing to import old code, then try importing the legacy code
from ovirtnode import ovirtfunctions
persist = ovirtfunctions.ovirt_store_config
unpersist = ovirtfunctions.remove_config
except ImportError:
try:
from ovirt.node.utils.fs import Config
persist = Config().persist
unpersist = Config().unpersist
except ImportError:
persist = lambda name: None
unpersist = lambda name: None
# Buffsize is 1K because I tested it on some use cases and 1K was fastest. If
# you find this number to be a bottleneck in any way you are welcome to change
# it
BUFFSIZE = 1024
_THP_STATE_PATH = '/sys/kernel/mm/transparent_hugepage/enabled'
if not os.path.exists(_THP_STATE_PATH):
_THP_STATE_PATH = '/sys/kernel/mm/redhat_transparent_hugepage/enabled'
keys_to_model = {"rhn_type": "rhn.rhntype",
"rhn_url": "rhn.url",
"rhn_ca_cert": "rhn.ca_cert",
"rhn_username": "******",
"rhn_profile": "rhn.profile",
"rhn_activationkey": "rhn.activationkey",
"rhn_org": "rhn.org",
"rhn_environment": "rhn.environment",
"rhn_proxy": "rhn.proxy",
"rhn_proxyuser": "******",
}
changes = dict((keys_to_model[key], args[key]) for key in keys if key in args)
if __name__ == "__main__":
cfg = Config()
if cfg.exists(RHSM_CONF) or cfg.exists(SYSTEMID):
# skip rerunning again
exit()
rhn = rhn_model.RHN()
cfg = rhn.retrieve()
rhn_password = _functions.OVIRT_VARS["OVIRT_RHN_PASSWORD"] \
if "OVIRT_RHN_PASSWORD" in _functions.OVIRT_VARS else ""
rhn_proxypassword = _functions.OVIRT_VARS["OVIRT_RHN_PROXYPASSWORD"] \
if "OVIRT_RHN_PROXYPASSWORD" in _functions.OVIRT_VARS \
else ""
cfg['rhntype'] = cfg['rhntype'] or 'rhn'
effective_model = Changeset({
"rhn.rhntype": cfg['rhntype'],
"rhn.url": cfg['url'],
def commit(self):
def check_for_errors(smreg_output):
mapping = {"Invalid credentials": "Invalid username"
"/password combination",
"already been taken": "This hostname is "
"already registered",
"Organization": "Organization not found "
"on Satellite 6"}
for k, v in mapping.items():
if k in smreg_output:
raise RuntimeError(v)
# Fallthrough
raise RuntimeError("Registration Failed")
self.logger.info("Registering with subscription-manager")
self.logger.info(Vars.argbuilder.get_commandlist(string=True,
filtered=True)
)
# This may block if waiting for input with check_output.
# pipe doesn't block
smreg_output = process.pipe(
Vars.argbuilder.get_commandlist())
if "been registered" not in smreg_output:
check_for_errors(smreg_output)
# If we made it down here, we registered successfully
else:
# Truncate the classic rhn cron job in favor of RHSM
rhn_cronjob = "/etc/cron.d/rhn-virtualization.cron"
with open(rhn_cronjob, "w"):
pass
Config().persist(rhn_cronjob)
system.service("rhsmcertd", "start")
configs = ["/var/lib/rhsm/cache/installed_products.json",
"/var/lib/rhsm/facts/facts.json"]
for conf in configs:
Config().persist(conf)
Config().persist("/etc/pki/consumer/key.pem")
Config().persist("/etc/pki/consumer/cert.pem")
if cfg["url"]:
self.logger.info("System %s successfully "
"registered to %s" %
(cfg["profile"],
cfg["url"]))
else:
self.logger.info("System %s successfully "
"registered to RHSM" %
cfg["profile"])
# This isn't strictly necessary
if RHN().retrieve()["activationkey"]:
cmd = ["subscription-manager", "auto-attach"]
try:
process.check_call(cmd)
except process.CalledProcessError:
raise RuntimeError("Registration succeded, but "
"there was a problem while "
"auto-attaching with the "
"provided key")
def _persist1(f):
Config().persist(f)
def __is_persisted(self, path):
return Config().exists(path)
def __persist_configs(self):
dirs = ["/etc/ovirt-hosted-engine", "/etc/ovirt-hosted-engine-ha",
"/etc/ovirt-hosted-engine-setup.env.d"]
[Config().persist(d) for d in dirs]