def upload_tracer_profile(conduit=False):
data = json.dumps({"traces": get_apps(conduit)})
headers = {"Content-type": "application/json"}
conn = httplib.HTTPSConnection(
RhsmConfigParser.get(initConfig(), "server", "hostname"),
RhsmConfigParser.get(initConfig(), "server", "port"),
key_file=ConsumerIdentity.keypath(),
cert_file=ConsumerIdentity.certpath(),
)
conn.request("PUT", "/rhsm/consumers/%s/tracer" % (ConsumerIdentity.read().getConsumerId()), data, headers=headers)
response = conn.getresponse()
def upload_tracer_profile(conduit=False):
data = json.dumps({ "traces": get_apps(conduit) })
headers = { "Content-type": "application/json" }
conn = httplib.HTTPSConnection(
RhsmConfigParser.get(initConfig() ,'server', 'hostname'),
RhsmConfigParser.get(initConfig() ,'server', 'port'),
key_file = ConsumerIdentity.keypath(),
cert_file = ConsumerIdentity.certpath()
)
conn.request('PUT', '/rhsm/consumers/%s/tracer' % (ConsumerIdentity.read().getConsumerId()), data, headers=headers)
response = conn.getresponse()
def __init__(self, options):
self.rhncfg = initUp2dateConfig()
self.rhsmcfg = config.Config(initConfig())
# Sometimes we need to send up the entire contents of the system id file
# which is referred to in Satellite 5 nomenclature as a "certificate"
# although it is not an X509 certificate.
try:
self.system_id_contents = open(self.rhncfg["systemIdPath"],
'r').read()
except IOError:
system_exit(
os.EX_IOERR,
_("Could not read legacy system id at %s") %
self.rhncfg["systemIdPath"])
self.system_id = self.get_system_id(self.system_id_contents)
self.proxy_host = None
self.proxy_port = None
self.proxy_user = None
self.proxy_pass = None
self.cp = None
self.db = ProductDatabase()
self.consumer_id = None
self.options = options
self.is_hosted = is_hosted()
def postconfig_hook(conduit):
""" update """
# register rpm name for yum history recording"
# yum on 5.7 doesn't have this method, so check for it
from subscription_manager import logutil
logutil.init_logger_for_yum()
from subscription_manager.injectioninit import init_dep_injection
init_dep_injection()
# If a tool (it's, e.g., Mock) manages a chroot via 'yum --installroot',
# we must update entitlements in that directory.
chroot(conduit.getConf().installroot)
cfg = config.initConfig()
cache_only = not bool(cfg.get_int('rhsm', 'full_refresh_on_yum'))
if hasattr(conduit, 'registerPackageName'):
conduit.registerPackageName("subscription-manager")
try:
update(conduit, cache_only)
warnOrGiveUsageMessage(conduit)
warnExpired(conduit)
except Exception, e:
conduit.error(2, str(e))
def __init__(self, options):
self.rhncfg = initUp2dateConfig()
self.rhsmcfg = config.Config(initConfig())
# Sometimes we need to send up the entire contents of the system id file
# which is referred to in Satellite 5 nomenclature as a "certificate"
# although it is not an X509 certificate.
try:
self.system_id_contents = open(self.rhncfg["systemIdPath"], 'r').read()
except IOError:
system_exit(os.EX_IOERR, _("Could not read legacy system id at %s") % self.rhncfg["systemIdPath"])
self.system_id = self.get_system_id(self.system_id_contents)
self.proxy_host = None
self.proxy_port = None
self.proxy_user = None
self.proxy_pass = None
self.cp = None
self.db = ProductDatabase()
self.consumer_id = None
self.options = options
self.is_hosted = is_hosted()
def _try_satellite6_configuration():
"""
Try to autoconfigure for Satellite 6
"""
try:
from rhsm.config import initConfig
rhsm_config = initConfig()
logger.debug('Trying to autoconfigure...')
cert = open(rhsmCertificate.certpath(), 'r').read()
key = open(rhsmCertificate.keypath(), 'r').read()
rhsm = rhsmCertificate(key, cert)
# This will throw an exception if we are not registered
logger.debug('Checking if system is subscription-manager registered')
rhsm.getConsumerId()
logger.debug('System is subscription-manager registered')
rhsm_hostname = rhsm_config.get('server', 'hostname')
rhsm_hostport = rhsm_config.get('server', 'port')
rhsm_proxy_hostname = rhsm_config.get('server',
'proxy_hostname').strip()
rhsm_proxy_port = rhsm_config.get('server', 'proxy_port').strip()
rhsm_proxy_user = rhsm_config.get('server', 'proxy_user').strip()
rhsm_proxy_pass = rhsm_config.get('server', 'proxy_password').strip()
proxy = None
if rhsm_proxy_hostname != "":
logger.debug("Found rhsm_proxy_hostname %s", rhsm_proxy_hostname)
proxy = "http://"
if rhsm_proxy_user != "" and rhsm_proxy_pass != "":
logger.debug("Found user and password for rhsm_proxy")
proxy = proxy + rhsm_proxy_user + ":" + rhsm_proxy_pass + "@"
proxy = proxy + rhsm_proxy_hostname + ':' + rhsm_proxy_port
logger.debug("RHSM Proxy: %s", proxy)
logger.debug(
"Found %sHost: %s, Port: %s",
('' if _is_rhn_or_rhsm(rhsm_hostname) else 'Satellite 6 Server '),
rhsm_hostname, rhsm_hostport)
rhsm_ca = rhsm_config.get('rhsm', 'repo_ca_cert')
logger.debug("Found CA: %s", rhsm_ca)
logger.debug("Setting authmethod to CERT")
config['authmethod'] = 'CERT'
# Directly connected to Red Hat, use cert auth directly with the api
if _is_rhn_or_rhsm(rhsm_hostname):
logger.debug("Connected to Red Hat Directly, using cert-api")
rhsm_hostname = 'cert-api.access.redhat.com'
rhsm_ca = None
else:
# Set the host path
# 'rhsm_hostname' should really be named ~ 'rhsm_host_base_url'
rhsm_hostname = rhsm_hostname + ':' + rhsm_hostport + '/redhat_access'
logger.debug("Trying to set auto_configuration")
set_auto_configuration(rhsm_hostname, rhsm_ca, proxy)
return True
except Exception as e:
logger.debug(e)
logger.debug('System is NOT subscription-manager registered')
return False
def __init__(self, logger, options):
self.logger = logger
self.options = options
self.cert_uuid = None
self.rhsm_config = rhsm_config.initConfig(rhsm_config.DEFAULT_CONFIG_PATH)
self.readConfig()
def _try_satellite6_configuration(config):
"""
Try to autoconfigure for Satellite 6
"""
try:
from rhsm.config import initConfig
rhsm_config = initConfig()
logger.debug('Trying to autoconf Satellite 6')
cert = file(rhsmCertificate.certpath(), 'r').read()
key = file(rhsmCertificate.keypath(), 'r').read()
rhsm = rhsmCertificate(key, cert)
# This will throw an exception if we are not registered
logger.debug('Checking if system is subscription-manager registered')
rhsm.getConsumerId()
logger.debug('System is subscription-manager registered')
rhsm_hostname = rhsm_config.get('server', 'hostname')
rhsm_hostport = rhsm_config.get('server', 'port')
rhsm_proxy_hostname = rhsm_config.get('server', 'proxy_hostname').strip()
rhsm_proxy_port = rhsm_config.get('server', 'proxy_port').strip()
rhsm_proxy_user = rhsm_config.get('server', 'proxy_user').strip()
rhsm_proxy_pass = rhsm_config.get('server', 'proxy_password').strip()
proxy = None
if rhsm_proxy_hostname != "":
logger.debug("Found rhsm_proxy_hostname %s", rhsm_proxy_hostname)
proxy = "http://"
if rhsm_proxy_user != "" and rhsm_proxy_pass != "":
logger.debug("Found user and password for rhsm_proxy")
proxy = proxy + rhsm_proxy_user + ":" + rhsm_proxy_pass + "@"
proxy = proxy + rhsm_proxy_hostname + rhsm_proxy_port
else:
proxy = proxy + rhsm_proxy_hostname + ':' + rhsm_proxy_port
logger.debug("RHSM Proxy: %s", proxy)
logger.debug("Found Satellite Server Host: %s, Port: %s",
rhsm_hostname, rhsm_hostport)
rhsm_ca = rhsm_config.get('rhsm', 'repo_ca_cert')
logger.debug("Found CA: %s", rhsm_ca)
logger.debug("Setting authmethod to CERT")
config.set(APP_NAME, 'authmethod', 'CERT')
# Directly connected to Red Hat, use cert auth directly with the api
if rhsm_hostname == 'subscription.rhn.redhat.com':
logger.debug("Connected to Red Hat Directly, using cert-api")
rhsm_hostname = 'cert-api.access.redhat.com'
rhsm_ca = None
else:
# Set the host path
# 'rhsm_hostname' should really be named ~ 'rhsm_host_base_url'
rhsm_hostname = rhsm_hostname + ':' + rhsm_hostport + '/redhat_access'
logger.debug("Trying to set auto_configuration")
set_auto_configuration(config, rhsm_hostname, rhsm_ca, proxy)
return True
except Exception as e:
logger.debug(e)
logger.debug('System is NOT subscription-manager registered')
return False
def __init__(self, logger, options, addJob=None):
self.logger = logger
self.options = options
self.cert_uuid = None
self.addJob = addJob
self.rhsm_config = rhsm_config.initConfig(rhsm_config.DEFAULT_CONFIG_PATH)
self.readConfig()
def __init__(self, logger):
self.logger = logger
self.cert_uuid = None
self.config = rhsm_config.initConfig(rhsm_config.DEFAULT_CONFIG_PATH)
self.readConfig()
# Consumer ID obtained from consumer certificate
self.cert_uuid = self.uuid()
def __init__(self, logger):
self.logger = logger
self.cert_uuid = None
self.config = rhsm_config.initConfig(rhsm_config.DEFAULT_CONFIG_PATH)
self.readConfig()
# Consumer ID obtained from consumer certificate
self.cert_uuid = self.uuid()
def readConfig(self):
""" Parse rhsm.conf in order to obtain consumer
certificate and key paths. """
self.rhsm_config = rhsm_config.initConfig(
rhsm_config.DEFAULT_CONFIG_PATH)
consumer_cert_dir = self.rhsm_config.get("rhsm", "consumerCertDir")
cert = 'cert.pem'
key = 'key.pem'
self.cert_file = os.path.join(consumer_cert_dir, cert)
self.key_file = os.path.join(consumer_cert_dir, key)
def readConfig(self):
""" Parse rhsm.conf in order to obtain consumer
certificate and key paths. """
self.rhsm_config = rhsm_config.initConfig(
rhsm_config.DEFAULT_CONFIG_PATH)
consumer_cert_dir = self.rhsm_config.get("rhsm", "consumerCertDir")
cert = 'cert.pem'
key = 'key.pem'
self.cert_file = os.path.join(consumer_cert_dir, cert)
self.key_file = os.path.join(consumer_cert_dir, key)
def transaction(self):
"""
Call Package Profile
"""
cfg = config.initConfig()
if '1' == cfg.get('rhsm', 'package_profile_on_trans'):
package_profile_client = ProfileActionClient()
package_profile_client.update()
else:
# do nothing
return
def __init__(self, logger, username=None, password=None):
self.logger = logger
self.cert_uuid = None
self.username = username
self.password = password
self.config = rhsm_config.initConfig(rhsm_config.DEFAULT_CONFIG_PATH)
self.readConfig()
# Consumer ID obtained from consumer certificate
self.cert_uuid = self.uuid()
def posttrans_hook(conduit):
"""
Upload package profile after transactions if run as a yum plugin (BZ 1742208)
:param conduit:
:return: None
"""
cfg = config.initConfig()
if '1' == cfg.get('rhsm', 'package_profile_on_trans'):
conduit.info(3, "Updating package profile")
package_profile_client = ProfileActionClient()
package_profile_client.update()
def transaction(self):
"""
Call Package Profile
"""
cfg = config.initConfig()
if '1' == cfg.get('rhsm', 'package_profile_on_trans'):
package_profile_client = ProfileActionClient()
package_profile_client.update()
else:
# do nothing
return
def __init__(self, logger, username=None, password=None):
self.logger = logger
self.cert_uuid = None
self.username = username
self.password = password
self.config = rhsm_config.initConfig(rhsm_config.DEFAULT_CONFIG_PATH)
self.readConfig()
# Consumer ID obtained from consumer certificate
self.cert_uuid = self.uuid()
def prereposetup_hook(conduit):
"""
Try to update configuration of redhat.repo, before yum tries to load configuration of repositories.
:param conduit: Reference on conduit object used by yum plugin API
:return: None
"""
cfg = config.initConfig()
cache_only = not bool(cfg.get_int('rhsm', 'full_refresh_on_yum'))
try:
update(conduit, cache_only)
except Exception as e:
conduit.error(2, str(e))
def __init__(self):
self.config_name = None
self.smType = None
self.smType_label = None
self.encrypt_pass = True
self.sat_encrypt_pass = True
self.rhsm_encrypt_pass = True
self._rhsm_config = rhsm_config.initConfig(
rhsm_config.DEFAULT_CONFIG_PATH)
self.all_fields = self.VIRT_FIELDS + self.SAT_FIELDS + self.RHSM_FIELDS
# pre-populate all the fields to empty string
for field in self.all_fields:
setattr(self, field, None)
self.logger = logging.getLogger('virt-who-tui')
hdlr = logging.FileHandler(self.LOG_FILE)
self.logger.addHandler(hdlr)
self.logger.setLevel(logging.DEBUG)
def config(self):
""" update """
logutil.init_logger_for_yum()
init_dep_injection()
chroot(self.base.conf.installroot)
cfg = config.initConfig()
cache_only = not bool(cfg.get_int('rhsm', 'full_refresh_on_yum'))
try:
if os.getuid() == 0:
self._update(cache_only)
self._warnOrGiveUsageMessage()
else:
logger.info(_('Not root, Subscription Management repositories not updated'))
self._warnExpired()
except Exception as e:
logger.error(str(e))
def config(self):
""" update """
logutil.init_logger_for_yum()
init_dep_injection()
chroot(self.base.conf.installroot)
cfg = config.initConfig()
cache_only = not bool(cfg.get_int('rhsm', 'full_refresh_on_yum'))
try:
if os.getuid() == 0:
self._update(cache_only)
self._warnOrGiveUsageMessage()
else:
logger.info(_('Not root, Subscription Management repositories not updated'))
self._warnExpired()
except Exception as e:
logger.error(str(e))
def _try_satellite6_configuration(config):
"""
Try to autoconfigure for Satellite 6
"""
try:
from rhsm.config import initConfig
RHSM_CONFIG = initConfig()
logger.debug('Trying to autoconf Satellite 6')
cert = file(rhsmCertificate.certpath(), 'r').read()
key = file(rhsmCertificate.keypath(), 'r').read()
rhsm = rhsmCertificate(key, cert)
# This will throw an exception if we are not registered
logger.debug('Checking if system is subscription-manager registered')
rhsm.getConsumerId()
logger.debug('System is subscription-manager registered')
rhsm_hostname = RHSM_CONFIG.get('server', 'hostname')
logger.debug("Found Satellite Server: %s", rhsm_hostname)
rhsm_ca = RHSM_CONFIG.get('rhsm', 'repo_ca_cert')
logger.debug("Found CA: %s", rhsm_ca)
logger.debug("Setting authmethod to CERT")
config.set(APP_NAME, 'authmethod', 'CERT')
# Directly connected to Red Hat, use cert auth directly with the api
if rhsm_hostname == 'subscription.rhn.redhat.com':
logger.debug("Connected to RH Directly, using cert-api")
rhsm_hostname = 'cert-api.access.redhat.com'
rhsm_ca = None
else:
# Set the cert verify CA, and path
rhsm_hostname = rhsm_hostname + '/redhat_access'
logger.debug("Trying to set auto_configuration")
set_auto_configuration(config, rhsm_hostname, rhsm_ca)
return True
except:
logger.debug('System is NOT subscription-manager registered')
return False
def config_hook(conduit):
""" update """
# register rpm name for yum history recording"
# yum on 5.7 doesn't have this method, so check for it
from subscription_manager import logutil
logutil.init_logger_for_yum()
from subscription_manager.injectioninit import init_dep_injection
init_dep_injection()
cfg = config.initConfig()
cache_only = not bool(cfg.get_int('rhsm', 'full_refresh_on_yum'))
if hasattr(conduit, 'registerPackageName'):
conduit.registerPackageName("subscription-manager")
try:
update(conduit, cache_only)
warnOrGiveUsageMessage(conduit)
warnExpired(conduit)
except Exception, e:
conduit.error(2, str(e))
def config_hook(conduit):
""" update """
# register rpm name for yum history recording"
# yum on 5.7 doesn't have this method, so check for it
from subscription_manager import logutil
logutil.init_logger_for_yum()
from subscription_manager.injectioninit import init_dep_injection
init_dep_injection()
cfg = config.initConfig()
cache_only = not bool(cfg.get_int('rhsm', 'full_refresh_on_yum'))
if hasattr(conduit, 'registerPackageName'):
conduit.registerPackageName("subscription-manager")
try:
update(conduit, cache_only)
warnOrGiveUsageMessage(conduit)
warnExpired(conduit)
except Exception, e:
conduit.error(2, str(e))
return list(items_from_store.items())
return config.RhsmConfigParser.items(self, section)
def save(self, config_file=None):
if self.raise_io:
raise IOError
return None
def stubInitConfig():
return StubConfig()
# create a global CFG object,then replace it with our own that candlepin
# read from a stringio
config.initConfig(config_file="test/rhsm.conf")
config.CFG = StubConfig()
# we are not actually reading test/rhsm.conf, it's just a placeholder
config.CFG.read("test/rhsm.conf")
class MockActionLock(ActionLock):
PATH = tempfile.mkstemp()[1]
class StubProduct(Product):
def __init__(self, product_id, name=None, version=None,
architectures=None, provided_tags=None,
os=None, brand_name=None):
import os
import string
import logging
from urllib import basejoin
from iniparse import ConfigParser
from rhsm.config import initConfig
from rhsm.connection import RemoteServerException, RestlibException
from certlib import ActionLock, DataLib, ConsumerIdentity
from certdirectory import Path, EntitlementDirectory, ProductDirectory
log = logging.getLogger('rhsm-app.' + __name__)
CFG = initConfig()
class RepoLib(DataLib):
def __init__(self, lock=ActionLock(), uep=None):
DataLib.__init__(self, lock, uep)
def _do_update(self):
action = UpdateAction(uep=self.uep)
return action.perform()
def get_repos(self):
print "get_repos"
current = set()
action = UpdateAction(uep=self.uep)
def save(self, config_file=None):
if self.raise_io:
raise IOError
return None
# replace read with readfp on stringio
def stubInitConfig():
return StubConfig()
# create a global CFG object,then replace it with out own that candlepin
# read from a stringio
config.initConfig(config_file="test/rhsm.conf")
config.CFG = StubConfig()
# we are not actually reading test/rhsm.conf, it's just a placeholder
config.CFG.read("test/rhsm.conf")
from datetime import datetime, timedelta
from subscription_manager.certdirectory import EntitlementDirectory, ProductDirectory
from rhsm.certificate import parse_tags
from rhsm.certificate2 import EntitlementCertificate, ProductCertificate, \
Product, Content, Order
from rhsm import profile
def __init__(self,
backend=None,
ent_dir=None,
prod_dir=None,
auto_launch_registration=False):
super(MainWindow, self).__init__()
rhsm_cfg = config.initConfig()
proxy_server = rhsm_cfg.get("server", "proxy_hostname")
proxy_port = int(
rhsm_cfg.get("server", "proxy_port") or config.DEFAULT_PROXY_PORT)
def show_proxy_error_dialog(proxy_auth_required=False):
"""
When proxy server is set in configuration and it is not
possible to connect to proxy server, then open dialog
for setting proxy server.
"""
if proxy_auth_required:
proxy_user = rhsm_cfg.get("server", "proxy_user")
proxy_password = rhsm_cfg.get("server", "proxy_password")
if proxy_user or proxy_password:
err_msg = _(
"Wrong proxy username or password, please check your settings."
)
else:
err_msg = _(
"Proxy authentication required, please check your settings."
)
else:
err_msg = _(
"Proxy connection failed, please check your settings.")
print_error(err_msg)
error_dialog = messageWindow.ContinueDialog(
err_msg, self._get_window())
error_dialog.connect("response",
self._on_proxy_error_dialog_response)
self.network_config_dialog = networkConfig.NetworkConfigDialog()
# Sub-man gui will be terminated after saving settings and it is
# necessary to start it once again.
self.network_config_dialog.saveButton.connect(
"clicked", self._exit)
self.network_config_dialog.cancelButton.connect(
"clicked", self._exit)
self.backend = backend or Backend()
cp = self.backend.cp_provider.get_consumer_auth_cp()
if proxy_server:
if not utils.test_proxy_reachability(proxy_server, proxy_port):
show_proxy_error_dialog()
return
try:
# Try to send to the simplest Rest API call to Candlepin server.
# This result will be used for getting version of Candlepin server.
# See self.log_server_version.
cp.supports_resource("status")
except socket.error as err:
# See https://tools.ietf.org/html/rfc7235#section-4.3
if "407 Proxy Authentication Required" in err.message:
show_proxy_error_dialog(proxy_auth_required=True)
return
self.identity = require(IDENTITY)
log.debug("Client Versions: %s " % get_client_versions())
ga_GLib.idle_add(self.log_server_version, cp)
settings = self.main_window.get_settings()
# prevent gtk from trying to save a list of recently used files, which
# as root, causes gtk warning:
# "Attempting to set the permissions of `/root/.local/share/recently-used.xbel'
# The __name__ use is just for the 'origin' value gtk uses to store
# where a Gtk.Settings value was set.
settings.set_long_property('gtk-recent-files-max-age', 0,
"%s:%s" % (__name__, type(self).__name__))
ga_Gtk.Window.set_default_icon_name("subscription-manager")
self.product_dir = prod_dir or self.backend.product_dir
self.entitlement_dir = ent_dir or self.backend.entitlement_dir
self.system_facts_dialog = factsgui.SystemFactsDialog(
update_callback=self._handle_facts_updated)
self.preferences_dialog = PreferencesDialog(self.backend,
self._get_window())
self.repos_dialog = RepositoriesDialog(self.backend,
self._get_window())
self.import_sub_dialog = ImportSubDialog()
self.network_config_dialog = networkConfig.NetworkConfigDialog()
self.network_config_dialog.saveButton.connect("clicked",
self._config_changed)
self.redeem_dialog = redeem.RedeemDialog(self.backend)
self.installed_tab_icon = ga_Gtk.Image()
self.installed_tab_icon.set_from_stock(ga_Gtk.STOCK_YES,
ga_Gtk.IconSize.MENU)
self.installed_tab = InstalledProductsTab(self.backend,
self.installed_tab_icon,
self,
ent_dir=self.entitlement_dir,
prod_dir=self.product_dir)
self.my_subs_tab = MySubscriptionsTab(self.backend,
self.main_window,
ent_dir=self.entitlement_dir,
prod_dir=self.product_dir)
self.all_subs_tab = AllSubscriptionsTab(self.backend, self.main_window)
hbox = ga_Gtk.HBox(spacing=6)
hbox.pack_start(self.installed_tab_icon, False, False, 0)
hbox.pack_start(ga_Gtk.Label(self.installed_tab.get_label()), False,
False, 0)
self.notebook.append_page(self.installed_tab.get_content(), hbox)
hbox.show_all()
self.notebook.append_page(self.my_subs_tab.get_content(),
ga_Gtk.Label(self.my_subs_tab.get_label()))
self.connect_signals({
"on_register_menu_item_activate": self._register_item_clicked,
"on_unregister_menu_item_activate": self._unregister_item_clicked,
"on_import_cert_menu_item_activate":
self._import_cert_item_clicked,
"on_view_facts_menu_item_activate": self._facts_item_clicked,
"on_proxy_config_menu_item_activate":
self._proxy_config_item_clicked,
"on_redeem_menu_item_activate": self._redeem_item_clicked,
"on_preferences_menu_item_activate":
self._preferences_item_clicked,
"on_repos_menu_item_activate": self._repos_item_clicked,
"on_about_menu_item_activate": self._about_item_clicked,
"on_getting_started_menu_item_activate":
self._getting_started_item_clicked,
"on_online_docs_menu_item_activate":
self._online_docs_item_clicked,
"on_quit_menu_item_activate": ga_Gtk.main_quit,
})
# various state tracking for async operations
self._show_overrides = False
self._can_redeem = False
self.backend.cs.add_callback(self.on_cert_sorter_cert_change)
self.main_window.show_all()
# Check to see if already registered to old RHN/Spacewalk
# and show dialog if so
self._check_rhn_classic()
# Update everything with compliance data
self.backend.cs.notify()
# managergui needs cert_sort.cert_monitor.run_check() to run
# on a timer to detect cert changes from outside the gui
# (via rhsmdd for example, or manually provisioned).
cert_monitor_thread = threading.Thread(target=self._cert_check_timer,
name="CertMonitorThread")
cert_monitor_thread.daemon = True
cert_monitor_thread.start()
if auto_launch_registration and not self.registered():
self._register_item_clicked(None)
enabled_yum_plugins = YumPluginManager.enable_pkg_plugins()
if len(enabled_yum_plugins) > 0:
messageWindow.InfoDialog(
YumPluginManager.warning_message(enabled_yum_plugins),
self._get_window(),
_("Warning - subscription-manager plugins were automatically enabled"
))
from subscription_manager.gui.mysubstab import MySubscriptionsTab
from subscription_manager.gui.preferences import PreferencesDialog
from subscription_manager.gui.utils import handle_gui_exception, linkify
from subscription_manager.gui.reposgui import RepositoriesDialog
from subscription_manager.overrides import Overrides
_ = gettext.gettext
gettext.textdomain("rhsm")
#Gtk.glade.bindtextdomain("rhsm")
#Gtk.Window.set_default_icon_name("subscription-manager")
log = logging.getLogger('rhsm-app.' + __name__)
cfg = config.initConfig()
ONLINE_DOC_URL_TEMPLATE = "https://access.redhat.com/knowledge/docs/Red_Hat_Subscription_Management/?locale=%s"
ONLINE_DOC_FALLBACK_URL = "https://access.redhat.com/knowledge/docs/Red_Hat_Subscription_Management/"
class Backend(object):
"""
Wrapper for sharing UEP connections to Candlepin.
Reference to a Backend object will be passed around UI components, so
the UEP connection it contains can be modified/recreated and all
components will have the updated connection.
This also serves as a common wrapper for certifcate directories and methods
to monitor those directories for changes.
POOLTYPE_CACHE, RELEASE_STATUS_CACHE, FACTS, POOL_STATUS_CACHE
from subscription_manager import isodate
from subscription_manager.jsonwrapper import PoolWrapper
from subscription_manager.repolib import RepoActionInvoker
from subscription_manager.syspurposelib import SyncedStore
from subscription_manager import utils
# FIXME FIXME
from subscription_manager.identity import ConsumerIdentity
from dateutil.tz import tzlocal
from subscription_manager.i18n import ugettext as _
log = logging.getLogger(__name__)
cfg = initConfig()
ENT_CONFIG_DIR = cfg.get('rhsm', 'entitlementCertDir')
# Expected permissions for identity certificates:
ID_CERT_PERMS = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP
def system_log(message, priority=syslog.LOG_NOTICE):
utils.system_log(message, priority)
# FIXME: move me to identity.py
def persist_consumer_cert(consumerinfo):
"""
Calls the consumerIdentity, persists and gets consumer info
"""
def _importInitConfig():
from rhsm.config import initConfig
return initConfig()
PROD_STATUS_CACHE, ENT_DIR, PROD_DIR, CP_PROVIDER, OVERRIDE_STATUS_CACHE, \
POOLTYPE_CACHE
from subscription_manager import isodate
from subscription_manager.jsonwrapper import PoolWrapper
from subscription_manager.repolib import RepoActionInvoker
from subscription_manager import utils
# FIXME FIXME
from subscription_manager.identity import ConsumerIdentity
from dateutil.tz import tzlocal
log = logging.getLogger('rhsm-app.' + __name__)
_ = gettext.gettext
cfg = initConfig()
ENT_CONFIG_DIR = cfg.get('rhsm', 'entitlementCertDir')
# Expected permissions for identity certificates:
ID_CERT_PERMS = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP
def system_log(message, priority=syslog.LOG_NOTICE):
utils.system_log(message, priority)
# FIXME: move me to identity.py
def persist_consumer_cert(consumerinfo):
"""
Calls the consumerIdentity, persists and gets consumer info
"""
def is_hosted():
rhsmcfg = config.Config(initConfig())
hostname = rhsmcfg['server']['hostname']
return bool(re.search('subscription\.rhn\.(.*\.)*redhat\.com', hostname) or
re.search('subscription\.rhsm\.(.*\.)*redhat\.com', hostname))
def __init__(self):
super(CallbackModule, self).__init__()
self.items = defaultdict(list)
self.insights_system_ids = defaultdict(list)
self.start_time = int(time.time())
possible_conf_paths = [
"/etc/redhat-access-insights/redhat-access-insights.conf",
"/etc/insights-client/insights-client.conf",
os.path.expanduser('~/.insights.conf'),
]
possible_conf_sections = [
"insights-client",
"redhat-access-insights",
"redhat_access_insights",
]
path = os.getenv('INSIGHTS_CONF')
if path:
possible_conf_paths.append(path)
self.insights_config = self.parse_config_file(possible_conf_paths)
self.base_url = "https://cert-api.access.redhat.com/r/insights"
self.v3("Searching for Insights config sections from: %s" %
possible_conf_sections)
self.insights_config_section = None
for each in possible_conf_sections:
if self.insights_config.has_section(each):
self.insights_config_section = each
break
self.v3("Using Insights config section: %s" %
self.insights_config_section)
username = None
password = None
cert = None
if self.insights_config_section:
username = self.insights_config.get(self.insights_config_section,
"username")
password = self.insights_config.get(self.insights_config_section,
"password")
if username:
self.v3(
"Found 'username' in configuration, using BASIC AUTH to login to Insights"
)
if password == None:
password = ""
self.warning(
"Found NO 'password' in configuration, using BASIC AUTH with empty password"
)
else:
self.v3(
"Not using BASIC AUTH to login to Insights, could not find 'username' in configuration"
)
try:
from rhsm.config import initConfig
rhsm_config = initConfig()
rhsm_consumerCertDir = rhsm_config.get('rhsm',
'consumerCertDir')
cert_filename = os.path.join(rhsm_consumerCertDir, "cert.pem")
rhsm_key_filename = os.path.join(rhsm_consumerCertDir,
"key.pem")
def try_open(file, file_kind):
try:
self.v3("Found %s: %s" % (file_kind, file))
open(file).close()
except Exception as ex:
self.v3("Could not open %s %s: %s" %
(file_kind, file, ex))
raise ex
try_open(cert_filename, "RHSM CERT")
try_open(rhsm_key_filename, "RHSM KEY")
cert = (cert_filename, rhsm_key_filename)
except Exception as ex:
self.v3(
"Not using CERT AUTH to login to Insights, could not load RHSM CERT or KEY: %s"
% ex)
self.session = None
if username or cert:
self.v3("Setting up HTTP Session")
self.session = requests.Session()
self.session.auth = (username, password)
self.session.cert = cert
possible_CA_VERIFY_files = [
"/etc/rhsm/ca/redhat-uep.pem",
"/etc/redhat-access-insights/cert-api.access.redhat.com.pem",
"/etc/insights-client/cert-api.access.redhat.com.pem",
]
self.session.verify = False
for filename in possible_CA_VERIFY_files:
try:
with open(filename):
self.session.verify = filename
break
except:
pass
self.v3("HTTP Session VERIFY %s" % self.session.verify)
self.session.headers = {
'Content-Type': 'application/json',
'User-Agent': 'notify_insights',
'Accept': 'application/json',
}
if not self.get(self.base_url + "/v1/branch_info", [200]):
self.session = None
else:
self.error(
"Not sending results to Insights, not registered and username/password not available"
)
def subman_profile_enabled():
cfg = rhsmConfig.initConfig()
try:
return cfg.get('rhsm', 'package_profile_on_trans') == '1'
except NoOptionError:
return False
"""
Module to interact with Satellite Based Certificates
"""
from __future__ import print_function
import os
import logging
logger = logging.getLogger(__name__)
# RHSM and Subscription Manager
RHSM_CONFIG = None
try:
from rhsm.config import initConfig
from rhsm.certificate import create_from_pem
RHSM_CONFIG = initConfig()
except ImportError:
logger.debug("Could not load RHSM modules")
# Class for dealing with rhsmCertificates
class rhsmCertificate:
try:
PATH = RHSM_CONFIG.get('rhsm', 'consumerCertDir')
except:
pass
KEY = 'key.pem'
CERT = 'cert.pem'
@classmethod
ServiceLevelNotSupportedException, AllProductsCoveredException, \
NoProductsException
from subscription_manager.gui.messageWindow import InfoDialog, OkDialog
from subscription_manager.jsonwrapper import PoolWrapper
_ = lambda x: gettext.ldgettext("rhsm", x)
gettext.textdomain("rhsm")
gtk.glade.bindtextdomain("rhsm")
gtk.glade.textdomain("rhsm")
log = logging.getLogger('rhsm-app.' + __name__)
CFG = config.initConfig()
REGISTERING = 0
SUBSCRIBING = 1
state = REGISTERING
def get_state():
global state
return state
def set_state(new_state):
global state
state = new_state
"""
Module to interact with Satellite Based Certificates
"""
import os
import logging
from constants import InsightsConstants as constants
logger = logging.getLogger(constants.app_name)
# RHSM and Subscription Manager
RHSM_CONFIG = None
try:
from rhsm.config import initConfig
from rhsm.certificate import create_from_pem
RHSM_CONFIG = initConfig()
except ImportError:
logger.debug("Could not load RHSM modules")
# Class for dealing with rhsmCertificates
class rhsmCertificate:
try:
PATH = RHSM_CONFIG.get('rhsm', 'consumerCertDir')
except:
pass
KEY = 'key.pem'
CERT = 'cert.pem'
@classmethod
import subscription_manager.injection as inj
from subscription_manager.cache import OverrideStatusCache, WrittenOverrideCache
from subscription_manager import utils
from subscription_manager import model
from subscription_manager.model import ent_cert
from rhsm.config import initConfig
# FIXME: local imports
from subscription_manager.certlib import ActionReport, BaseActionInvoker
from subscription_manager.certdirectory import Path
log = logging.getLogger('rhsm-app.' + __name__)
CFG = initConfig()
ALLOWED_CONTENT_TYPES = ["yum"]
_ = gettext.gettext
def manage_repos_enabled():
manage_repos = True
try:
manage_repos = CFG.get_int('rhsm', 'manage_repos')
except ValueError, e:
log.exception(e)
return True
except ConfigParserError, e:
log.exception(e)
except ImportError as e:
HAS_DEB822 = False
from subscription_manager import utils
from subscription_manager.certdirectory import Path
from six.moves import configparser
from six.moves.urllib.parse import parse_qs, urlparse, urlunparse, urlencode
from rhsm.config import initConfig
from rhsmlib.services import config
log = logging.getLogger(__name__)
conf = config.Config(initConfig())
repo_files = []
class Repo(dict):
# (name, mutable, default) - The mutability information is only used in disconnected cases
PROPERTIES = {
'name': (0, None),
'baseurl': (0, None),
'enabled': (1, '1'),
'gpgcheck': (1, '1'),
'gpgkey': (0, None),
'sslverify': (1, '1'),
'sslcacert': (0, None),
'sslclientkey': (0, None),
def is_hosted():
rhsmcfg = config.Config(initConfig())
hostname = rhsmcfg['server']['hostname']
return bool(
re.search('subscription\.rhn\.(.*\.)*redhat\.com', hostname)
or re.search('subscription\.rhsm\.(.*\.)*redhat\.com', hostname))
import rhsm.connection as connection
from rhsm.profile import get_profile
import subscription_manager.injection as inj
from subscription_manager.jsonwrapper import PoolWrapper
from rhsm import ourjson as json
from subscription_manager.isodate import parse_date
from rhsmlib.services import config, syspurpose
from subscription_manager.i18n import ugettext as _
log = logging.getLogger(__name__)
PACKAGES_RESOURCE = "packages"
conf = config.Config(initConfig())
class CacheManager(object):
"""
Parent class used for common logic in a number of collections
where we need to push some consumer JSON up to the server,
maintain a local cache of that data, and check if anything has
changed on subsequent runs.
"""
# Fields the subclass must override:
CACHE_FILE = None
def to_dict(self):
"""
import re
# iniparse.utils isn't in old versions
# but it's always there if ostree is
iniparse_tidy = None
try:
from iniparse.utils import tidy as iniparse_tidy
except ImportError:
pass
from rhsm import config
from subscription_manager import utils
log = logging.getLogger("rhsm-app." + __name__)
CFG = config.initConfig()
"""Ostree has two config files, both based on the freedesktop.org
Desktop Entry spec. This defines a file format based on "ini" style
config files. Ostree refers to these as "key files".
One config file is the "repo" config, that defines some
core config options, and the ostree "remotes".
The other is an "origin" file that includes a refspec
for a given ostree sha.
We base the config parser on rhsm.config.RhsmConfigParser,
except with "defaults" support removed.
We has a KeyFileConfigParser, and two subclasses of it
for RepoFileConfigParser and OriginFileConfigParser.
from subscription_manager.gui.allsubs import AllSubscriptionsTab
from subscription_manager.gui.importsub import ImportSubDialog
from subscription_manager.gui.installedtab import InstalledProductsTab
from subscription_manager.gui.mysubstab import MySubscriptionsTab
from subscription_manager.gui.preferences import PreferencesDialog
from subscription_manager.gui.utils import handle_gui_exception, linkify
from subscription_manager.gui.reposgui import RepositoriesDialog
from subscription_manager.gui.networkConfig import reset_resolver
from subscription_manager.overrides import Overrides
from subscription_manager.cli import system_exit
from subscription_manager.i18n import ugettext as _
log = logging.getLogger(__name__)
cfg = config.initConfig()
ONLINE_DOC_URL_TEMPLATE = "https://access.redhat.com/documentation/%s/red_hat_subscription_management/"
ONLINE_DOC_FALLBACK_URL = "https://access.redhat.com/documentation/en-us/red_hat_subscription_management/"
# every GUI browser from https://docs.python.org/2/library/webbrowser.html with updates within last 2 years of writing
PREFERRED_BROWSERS = [
"mozilla",
"firefox",
"epiphany",
"konqueror",
"opera",
"google-chrome",
"chrome",
"chromium",
"chromium-browser",
def __init__(self, backend=None,
ent_dir=None, prod_dir=None,
auto_launch_registration=False):
super(MainWindow, self).__init__()
rhsm_cfg = config.initConfig()
proxy_server = rhsm_cfg.get("server", "proxy_hostname")
proxy_port = int(rhsm_cfg.get("server", "proxy_port") or config.DEFAULT_PROXY_PORT)
def show_proxy_error_dialog(proxy_auth_required=False):
"""
When proxy server is set in configuration and it is not
possible to connect to proxy server, then open dialog
for setting proxy server.
"""
if proxy_auth_required:
proxy_user = rhsm_cfg.get("server", "proxy_user")
proxy_password = rhsm_cfg.get("server", "proxy_password")
if proxy_user or proxy_password:
err_msg = _("Wrong proxy username or password, please check your settings.")
else:
err_msg = _("Proxy authentication required, please check your settings.")
else:
err_msg = _("Proxy connection failed, please check your settings.")
print_error(err_msg)
error_dialog = messageWindow.ContinueDialog(err_msg, self._get_window())
error_dialog.connect("response", self._on_proxy_error_dialog_response)
self.network_config_dialog = networkConfig.NetworkConfigDialog()
# Sub-man gui will be terminated after saving settings and it is
# necessary to start it once again.
self.network_config_dialog.saveButton.connect("clicked", self._exit)
self.network_config_dialog.cancelButton.connect("clicked", self._exit)
self.backend = backend or Backend()
cp = self.backend.cp_provider.get_consumer_auth_cp()
if proxy_server:
if not utils.test_proxy_reachability(proxy_server, proxy_port):
show_proxy_error_dialog()
return
try:
# Try to send to the simplest Rest API call to Candlepin server.
# This result will be used for getting version of Candlepin server.
# See self.log_server_version.
cp.supports_resource("status")
except socket.error as err:
# See https://tools.ietf.org/html/rfc7235#section-4.3
if "407 Proxy Authentication Required" in err.message:
show_proxy_error_dialog(proxy_auth_required=True)
return
self.identity = require(IDENTITY)
log.debug("Client Versions: %s " % get_client_versions())
ga_GLib.idle_add(self.log_server_version, cp)
settings = self.main_window.get_settings()
# prevent gtk from trying to save a list of recently used files, which
# as root, causes gtk warning:
# "Attempting to set the permissions of `/root/.local/share/recently-used.xbel'
# The __name__ use is just for the 'origin' value gtk uses to store
# where a Gtk.Settings value was set.
settings.set_long_property('gtk-recent-files-max-age', 0,
"%s:%s" % (__name__, type(self).__name__))
ga_Gtk.Window.set_default_icon_name("subscription-manager")
self.product_dir = prod_dir or self.backend.product_dir
self.entitlement_dir = ent_dir or self.backend.entitlement_dir
self.system_facts_dialog = factsgui.SystemFactsDialog(update_callback=self._handle_facts_updated)
self.preferences_dialog = PreferencesDialog(self.backend,
self._get_window())
self.repos_dialog = RepositoriesDialog(self.backend, self._get_window())
self.import_sub_dialog = ImportSubDialog()
self.network_config_dialog = networkConfig.NetworkConfigDialog()
self.network_config_dialog.saveButton.connect("clicked", self._config_changed)
self.redeem_dialog = redeem.RedeemDialog(self.backend)
self.installed_tab_icon = ga_Gtk.Image()
self.installed_tab_icon.set_from_stock(ga_Gtk.STOCK_YES,
ga_Gtk.IconSize.MENU)
self.installed_tab = InstalledProductsTab(self.backend,
self.installed_tab_icon,
self,
ent_dir=self.entitlement_dir,
prod_dir=self.product_dir)
self.my_subs_tab = MySubscriptionsTab(self.backend,
self.main_window,
ent_dir=self.entitlement_dir,
prod_dir=self.product_dir)
self.all_subs_tab = AllSubscriptionsTab(self.backend,
self.main_window)
hbox = ga_Gtk.HBox(spacing=6)
hbox.pack_start(self.installed_tab_icon, False, False, 0)
hbox.pack_start(ga_Gtk.Label(self.installed_tab.get_label()), False, False, 0)
self.notebook.append_page(self.installed_tab.get_content(), hbox)
hbox.show_all()
self.notebook.append_page(self.my_subs_tab.get_content(),
ga_Gtk.Label(self.my_subs_tab.get_label()))
self.connect_signals({
"on_register_menu_item_activate": self._register_item_clicked,
"on_unregister_menu_item_activate": self._unregister_item_clicked,
"on_import_cert_menu_item_activate": self._import_cert_item_clicked,
"on_view_facts_menu_item_activate": self._facts_item_clicked,
"on_proxy_config_menu_item_activate": self._proxy_config_item_clicked,
"on_redeem_menu_item_activate": self._redeem_item_clicked,
"on_preferences_menu_item_activate": self._preferences_item_clicked,
"on_repos_menu_item_activate": self._repos_item_clicked,
"on_about_menu_item_activate": self._about_item_clicked,
"on_getting_started_menu_item_activate": self._getting_started_item_clicked,
"on_online_docs_menu_item_activate": self._online_docs_item_clicked,
"on_quit_menu_item_activate": ga_Gtk.main_quit,
})
# various state tracking for async operations
self._show_overrides = False
self._can_redeem = False
self.backend.cs.add_callback(self.on_cert_sorter_cert_change)
self.main_window.show_all()
# Check to see if already registered to old RHN/Spacewalk
# and show dialog if so
self._check_rhn_classic()
# Update everything with compliance data
self.backend.cs.notify()
# managergui needs cert_sort.cert_monitor.run_check() to run
# on a timer to detect cert changes from outside the gui
# (via rhsmdd for example, or manually provisioned).
cert_monitor_thread = threading.Thread(target=self._cert_check_timer, name="CertMonitorThread")
cert_monitor_thread.daemon = True
cert_monitor_thread.start()
if auto_launch_registration and not self.registered():
self._register_item_clicked(None)
enabled_yum_plugins = YumPluginManager.enable_pkg_plugins()
if len(enabled_yum_plugins) > 0:
messageWindow.InfoDialog(
YumPluginManager.warning_message(enabled_yum_plugins),
self._get_window(),
_("Warning - subscription-manager plugins were automatically enabled")
)
def _main(options, log):
# Set default mainloop
dbus.mainloop.glib.DBusGMainLoop(set_as_default=True)
# exit on SIGTERM, otherwise finally statements don't run (one explanation: http://stackoverflow.com/a/41840796)
# SIGTERM happens for example when systemd wants the service to stop
# without finally statements, we get confusing behavior (ex. see bz#1431659)
signal.signal(signal.SIGTERM, exit_on_signal)
cp_provider = inj.require(inj.CP_PROVIDER)
correlation_id = generate_correlation_id()
log.info('X-Correlation-ID: %s', correlation_id)
cp_provider.set_correlation_id(correlation_id)
cfg = config.initConfig()
log.debug('check for rhsmcertd disable')
if '1' == cfg.get('rhsmcertd', 'disable') and not options.force:
log.warning('The rhsmcertd process has been disabled by configuration.')
sys.exit(-1)
if not ConsumerIdentity.existsAndValid():
log.error('Either the consumer is not registered or the certificates' +
' are corrupted. Certificate update using daemon failed.')
sys.exit(-1)
print(_('Updating entitlement certificates & repositories'))
cp = cp_provider.get_consumer_auth_cp()
cp.supports_resource(None) # pre-load supported resources; serves as a way of failing before locking the repos
try:
if options.autoheal:
actionclient = action_client.HealingActionClient()
else:
actionclient = action_client.ActionClient()
actionclient.update(options.autoheal)
for update_report in actionclient.update_reports:
# FIXME: make sure we don't get None reports
if update_report:
print(update_report)
except connection.ExpiredIdentityCertException as e:
log.critical(_("Your identity certificate has expired"))
raise e
except connection.GoneException as ge:
uuid = ConsumerIdentity.read().getConsumerId()
# This code is to prevent an errant 410 response causing consumer cert deletion.
#
# If a server responds with a 410, we want to very that it's not just a 410 http status, but
# also that the response is from candlepin, and include the right info about the consumer.
#
# A connection to the entitlement server could get an unintentional 410 response. A common
# cause for that kind of error would be a bug or crash or misconfiguration of a reverse proxy
# in front of candlepin. Most error codes we treat as temporary and transient, and they don't
# cause any action to be taken (aside from error handling). But since consumer deletion is tied
# to the 410 status code, and that is difficult to recover from, we try to be a little bit
# more paranoid about that case.
#
# So we look for both the 410 status, and the expected response body. If we get those
# then python-rhsm will create a GoneException that includes the deleted_id. If we get
# A GoneException and the deleted_id matches, then we actually delete the consumer.
#
# However... If we get a GoneException and it's deleted_id does not match the current
# consumer uuid, we do not delete the consumer. That would require using a valid consumer
# cert, but making a request for a different consumer uuid, so unlikely. Could register
# with --consumerid get there?
if ge.deleted_id == uuid:
log.critical("Consumer profile \"%s\" has been deleted from the server. Its local certificates will now be archived", uuid)
managerlib.clean_all_data()
log.critical("Certificates archived to '/etc/pki/consumer.old'. Contact your system administrator if you need more information.")
raise ge
def subman_profile_enabled():
cfg = rhsmConfig.initConfig()
try:
return cfg.get('rhsm', 'package_profile_on_trans') == '1'
except NoOptionError:
return False
