def initial_run(connection, crt="/etc/rhui/pem/ca.crt", key="/etc/rhui/pem/ca.key", cert_pw=None, days="", username="******", password="******"): ''' Do rhui-manager initial run ''' Expect.enter(connection, "rhui-manager") state = Expect.expect_list(connection, [(re.compile(".*Full path to the new signing CA certificate:.*", re.DOTALL), 1), (re.compile(".*RHUI Username:.*", re.DOTALL),2), (re.compile(".*rhui \(home\) =>.*", re.DOTALL), 3)]) if state in [1, 2]: if state == 1: # Need to answer sone first-run questions Expect.enter(connection, crt) Expect.expect(connection, "Full path to the new signing CA certificate private key:") Expect.enter(connection, key) Expect.expect(connection, "regenerated using rhui-manager.*:") Expect.enter(connection, days) Expect.expect(connection, "Enter pass phrase for.*:") if cert_pw: Expect.enter(connection, cert_pw) else: Expect.enter(connection, Util.get_ca_password(connection)) Expect.expect(connection, "RHUI Username:"******"RHUI Password:"******"rhui \(home\) =>") else: # initial step was already performed by someone pass Expect.enter(connection, "q")
def setup(self, cds_list, proxy_list, master_hostname): logger.info("Setting up RHUA instance " + self.hostname) capassword = ''.join(random.choice(string.ascii_lowercase) for x in range(10)) RHUI_Instance.setup(self) self.ephemeral_mount("/var/lib/pulp") logger.debug("Running /mnt/install_RHUA.sh") self.run_sync("cd /mnt && ./install_RHUA.sh", True) self.run_sync("chown apache.apache /var/lib/pulp", True) self.run_sync("mkdir /etc/rhui/pem ||:", True) self.run_sync("mkdir /etc/rhui/confrpm ||:", True) # Creating CA logger.debug("Creating CA") self.run_sync("echo " + capassword + " > /etc/rhui/pem/ca.pwd", True) self.run_sync("echo 10 > /etc/rhui/pem/ca.srl", True) self.run_sync("openssl req -new -x509 -extensions v3_ca -keyout /etc/rhui/pem/ca.key -subj \"/C=US/ST=NC/L=Raleigh/CN=" + self.hostname + " CA\" -out /etc/rhui/pem/ca.crt -days 365 -passout \"pass:"******"\"", True) # Creating answers logger.debug("Creating answers file") proxy_host = None if proxy_list != []: proxy_host = proxy_list[0].hostname Util.generate_answers(RS, version="1.0", generate_certs=True, proxy_host=proxy_host, proxy_port="3128", proxy_user="******", proxy_password=self.proxy_password, capassword=capassword) logger.debug("Running rhui-installer") self.run_sync("rhui-installer /etc/rhui/answers", True) for server in [self] + cds_list: #Setting conf RPM names rpmname = self.run_sync("ls -1 /etc/rhui/confrpm/" + server.hostname + "-" + self.version + "-*.rpm | head -1") server.set_confrpm_name(rpmname) # Installing coverage if args.coverage: self.install_coverage(master_hostname) # Installing RHUA logger.debug("Installing RHUI conf rpm") self.run_sync("rpm -e " + self.hostname) self.run_sync("rpm -i " + self.confrpm, True) if proxy_list != []: # Preventing access without proxy self.run_sync("iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 443 -j ACCEPT", True) for server in [self] + cds_list: # Allowing to connect to all CDSes and RHUA itself self.run_sync("iptables -A OUTPUT -d " + server.public_ip + " -j ACCEPT", True) self.run_sync("iptables -A OUTPUT -d " + server.private_ip + " -j ACCEPT", True) self.run_sync("iptables -A OUTPUT -p tcp --dport 443 -j REJECT", True) self.run_sync("service iptables save", True) logger.info("RHUA " + self.hostname + " setup finished")
def get_cds_status(connection, cdsname): ''' display CDS sync summary ''' RHUIManager.screen(connection, "sync") Expect.enter(connection, "dc") res_list = Expect.match(connection, re.compile(".*\n" + cdsname.replace(".", "\.") + "[\.\s]*\[([^\n]*)\].*" + cdsname.replace(".", "\.") + "\s*\r\n([^\n]*)\r\n", re.DOTALL), [1, 2], 60) connection.cli.exec_command("killall -s SIGINT rhui-manager") ret_list = [] for val in [res_list[0]] + res_list[1].split(" "): val = Util.uncolorify(val.strip()) ret_list.append(val) RHUIManager.quit(connection) return ret_list
def get_repo_status(connection, reponame): ''' display repo sync summary ''' RHUIManager.screen(connection, "sync") Expect.enter(connection, "dr") reponame_quoted = reponame.replace(".", "\.") res = Expect.match(connection, re.compile(".*" + reponame_quoted + "\s*\r\n([^\n]*)\r\n.*", re.DOTALL), [1], 60)[0] connection.cli.exec_command("killall -s SIGINT rhui-manager") res = Util.uncolorify(res) ret_list = res.split(" ") for i in range(len(ret_list)): ret_list[i] = ret_list[i].strip() RHUIManager.quit(connection) return ret_list
def generate_new(connection, days="", cert_pw=None): ''' generate a new identity certificate ''' RHUIManager.screen(connection, "identity") Expect.enter(connection, "g") Expect.expect(connection, "Proceed\? \[y/n\]") Expect.enter(connection, "y") Expect.expect(connection, "regenerated using rhui-manager.*:") Expect.enter(connection, days) Expect.expect(connection, "Enter pass phrase for.*:") if cert_pw: Expect.enter(connection, cert_pw) else: Expect.enter(connection, Util.get_ca_password(connection)) RHUIManager.quit(connection, "Successfully regenerated RHUI Identity certificate", 30)
def get_repo_status(connection, reponame): ''' display repo sync summary ''' RHUIManager.screen(connection, "sync") Expect.enter(connection, "dr") reponame_quoted = reponame.replace(".", "\.") res = Expect.match( connection, re.compile(".*" + reponame_quoted + "\s*\r\n([^\n]*)\r\n.*", re.DOTALL), [1], 60)[0] connection.cli.exec_command("killall -s SIGINT rhui-manager") res = Util.uncolorify(res) ret_list = res.split(" ") for i in range(len(ret_list)): ret_list[i] = ret_list[i].strip() RHUIManager.quit(connection) return ret_list
def get_cds_status(connection, cdsname): ''' display CDS sync summary ''' RHUIManager.screen(connection, "sync") Expect.enter(connection, "dc") res_list = Expect.match( connection, re.compile( ".*\n" + cdsname.replace(".", "\.") + "[\.\s]*\[([^\n]*)\].*" + cdsname.replace(".", "\.") + "\s*\r\n([^\n]*)\r\n", re.DOTALL), [1, 2], 60) connection.cli.exec_command("killall -s SIGINT rhui-manager") ret_list = [] for val in [res_list[0]] + res_list[1].split(" "): val = Util.uncolorify(val.strip()) ret_list.append(val) RHUIManager.quit(connection) return ret_list
def initial_run(connection, crt="/etc/rhui/pem/ca.crt", key="/etc/rhui/pem/ca.key", cert_pw=None, days="", username="******", password="******"): ''' Do rhui-manager initial run ''' Expect.enter(connection, "rhui-manager") state = Expect.expect_list( connection, [(re.compile(".*Full path to the new signing CA certificate:.*", re.DOTALL), 1), (re.compile(".*RHUI Username:.*", re.DOTALL), 2), (re.compile(".*rhui \(home\) =>.*", re.DOTALL), 3)]) if state in [1, 2]: if state == 1: # Need to answer sone first-run questions Expect.enter(connection, crt) Expect.expect( connection, "Full path to the new signing CA certificate private key:") Expect.enter(connection, key) Expect.expect(connection, "regenerated using rhui-manager.*:") Expect.enter(connection, days) Expect.expect(connection, "Enter pass phrase for.*:") if cert_pw: Expect.enter(connection, cert_pw) else: Expect.enter(connection, Util.get_ca_password(connection)) Expect.expect(connection, "RHUI Username:"******"RHUI Password:"******"rhui \(home\) =>") else: # initial step was already performed by someone pass Expect.enter(connection, "q")
def generate_ent_cert(connection, clustername, repolist, certname, dirname, validity_days="", cert_pw=None): ''' generate an entitlement certificate ''' RHUIManager.screen(connection, "client") Expect.enter(connection, "e") RHUIManager.select_one(connection, clustername) RHUIManager.select(connection, repolist) Expect.expect(connection, "Name of the certificate.*contained with it:") Expect.enter(connection, certname) Expect.expect(connection, "Local directory in which to save the generated certificate.*:") Expect.enter(connection, dirname) Expect.expect(connection, "Number of days the certificate should be valid.*:") Expect.enter(connection, validity_days) RHUIManager.proceed_with_check(connection, "Repositories to be included in the entitlement certificate:", repolist, ["Custom Entitlements", "Red Hat Repositories"]) Expect.expect(connection, "Enter pass phrase for.*:") if cert_pw: Expect.enter(connection, cert_pw) else: Expect.enter(connection, Util.get_ca_password(connection)) RHUIManager.quit(connection)
def check(cls, rs): """ Check """ if not 'rhrpm' in rs.config.keys(): raise nose.exc.SkipTest("can't test without RH-signed RPM") cls.rhrpm = rs.config['rhrpm'] (cls.rhrpmnvr, cls.rhrpmname) = Util.get_rpm_details(cls.rhrpm)