def manifest_info(manifest_path): manifest = Manifest(manifest_path) log(0, "Name: %s" % manifest.get_name(), cleanYN=1) log(0, "UUID: %s" % manifest.get_uuid(), cleanYN=1) log(0, "Owner ID: %s" % manifest.get_ownerid(), cleanYN=1) log(0, "Satellite version: %s" % manifest.get_satellite_version(), cleanYN=1) log(0, "Created: %s" % manifest.get_created(), cleanYN=1) log(0, "API URL: %s" % manifest.get_api_url(), cleanYN=1)
def refresh_manifest(old_manifest_path, http_proxy=None, http_proxy_username=None, http_proxy_password=None): manifest = Manifest(old_manifest_path) candlepin_api = CandlepinApi(current_manifest=manifest, http_proxy=http_proxy, http_proxy_username=http_proxy_username, http_proxy_password=http_proxy_password) return candlepin_api.refresh_manifest()
def __init__(self, manifest_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) self.sat5_cert = SatelliteCert() self.sat5_cert.load(self.manifest.get_satellite_certificate()) verify_mappings() f = None # Channel families metadata try: try: f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') self.families = json.load(f) f.close() except IOError: e = sys.exc_info()[1] log(1, "Ignoring channel mappings: %s" % e) self.families = {} finally: if f is not None: f.close() self.families_to_import = []
class Activation(object): """Class inserting channel families and SSL metadata into DB.""" def __init__(self, manifest_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) self.sat5_cert = SatelliteCert() self.sat5_cert.load(self.manifest.get_satellite_certificate()) verify_mappings() f = None # Channel families metadata try: try: f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') self.families = json.load(f) f.close() except IOError: e = sys.exc_info()[1] log(1, "Ignoring channel mappings: %s" % e) self.families = {} finally: if f is not None: f.close() self.families_to_import = [] @staticmethod def _remove_certificates(): for description_prefix in (constants.CA_CERT_NAME, constants.CLIENT_CERT_PREFIX, constants.CLIENT_KEY_PREFIX): satCerts.delete_rhnCryptoKey_null_org(description_prefix) def _update_certificates(self): """Delete and insert certificates needed for syncing from CDN repositories.""" # Remove all previously used certs/keys self._remove_certificates() # Read RHSM cert f = open(constants.CA_CERT_PATH, 'r') try: ca_cert = f.read() finally: if f is not None: f.close() if not satCerts.verify_certificate_dates(str(ca_cert)): log2(0, 0, "WARNING: '%s' certificate is not valid." % constants.CA_CERT_PATH, stream=sys.stderr) # Insert RHSM cert and certs from manifest into DB satCerts.store_rhnCryptoKey( constants.CA_CERT_NAME, ca_cert, None) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() cert_name = constants.CLIENT_CERT_PREFIX + creds.get_id() key_name = constants.CLIENT_KEY_PREFIX + creds.get_id() if not satCerts.verify_certificate_dates(str(creds.get_cert())): log2(0, 0, "WARNING: '%s' certificate is not valid." % cert_name, stream=sys.stderr) satCerts.store_rhnCryptoKey(cert_name, creds.get_cert(), None) satCerts.store_rhnCryptoKey(key_name, creds.get_key(), None) def import_channel_families(self): """Insert channel family data into DB.""" log(1, "Channel families in manifest: %d" % len(self.sat5_cert.channel_families)) # pylint: disable=E1101 batch = [] for cf in self.sat5_cert.channel_families: # pylint: disable=E1101 label = cf.name try: family = self.families[label] family_object = ChannelFamily() for k in family.keys(): family_object[k] = family[k] family_object['label'] = label batch.append(family_object) self.families_to_import.append(label) except KeyError: # While channel mappings are not consistent with certificate generated on RHN... msg = ("WARNING: Channel family '%s' is provided by manifest but " "was not found in cdn-sync mappings." % label) log2(0, 1, msg, stream=sys.stderr) log(1, "Channel families to import: %d" % len(batch)) # Perform import backend = SQLBackend() importer = ChannelFamilyImport(batch, backend) importer.run() @staticmethod def _remove_repositories(): """This method removes repositories obtained from manifest""" hdel_repos = rhnSQL.prepare(""" delete from rhnContentSource where label like :prefix || '%%' and org_id is null """) hdel_repos.execute(prefix=constants.MANIFEST_REPOSITORY_DB_PREFIX) rhnSQL.commit() def _update_repositories(self): """Setup SSL credential to access repositories We do this in 2 steps: 1. Fetching provided repositories from manifest - URL contains variables to substitute 2. Assigning one certificate/key set to each repository""" # First delete all repositories from previously used manifests self._remove_repositories() backend = SQLBackend() type_id = backend.lookupContentSourceType('yum') # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) content_sources_batch = {} for entitlement in self.manifest.get_all_entitlements(): # Lookup SSL certificates and keys creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) content_source_ssl = ContentSourceSsl() content_source_ssl['ssl_ca_cert_id'] = ca_cert_id content_source_ssl['ssl_client_cert_id'] = client_cert_id content_source_ssl['ssl_client_key_id'] = client_key_id # Loop provided products for product in entitlement.get_products(): repositories = product.get_repositories() for repository in repositories: if repository not in content_sources_batch: content_source = ContentSource() content_source['label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository content_source['source_url'] = repositories[repository] content_source['org_id'] = None content_source['type_id'] = type_id content_source['ssl-sets'] = [content_source_ssl] content_sources_batch[repository] = content_source # There may be more SSL certs to one repository, append it elif content_source_ssl not in content_sources_batch[repository]['ssl-sets']: content_sources_batch[repository]['ssl-sets'].append(content_source_ssl) importer = ContentSourcesImport(content_sources_batch.values(), backend) importer.run() def activate(self): if self.manifest.check_signature(): log(0, "Populating channel families...") self.import_channel_families() log(0, "Updating certificates...") self._update_certificates() log(0, "Updating manifest repositories...") self._update_repositories() else: raise ManifestValidationError("Manifest validation failed! Make sure the specified manifest is correct.") @staticmethod def deactivate(): """Function to remove certificates and manifest repositories from DB""" rhnSQL.initDB() log(0, "Removing certificates...") Activation._remove_certificates() log(0, "Removing manifest repositories...") Activation._remove_repositories() @staticmethod def manifest_info(manifest_path): manifest = Manifest(manifest_path) log(0, "Name: %s" % manifest.get_name(), cleanYN=1) log(0, "UUID: %s" % manifest.get_uuid(), cleanYN=1) log(0, "Owner ID: %s" % manifest.get_ownerid(), cleanYN=1) log(0, "Satellite version: %s" % manifest.get_satellite_version(), cleanYN=1) log(0, "Created: %s" % manifest.get_created(), cleanYN=1) log(0, "API URL: %s" % manifest.get_api_url(), cleanYN=1) @staticmethod def download_manifest(old_manifest_path, http_proxy=None, http_proxy_username=None, http_proxy_password=None): manifest = Manifest(old_manifest_path) candlepin_api = CandlepinApi(current_manifest=manifest, http_proxy=http_proxy, http_proxy_username=http_proxy_username, http_proxy_password=http_proxy_password) return candlepin_api.export_manifest() @staticmethod def refresh_manifest(old_manifest_path, http_proxy=None, http_proxy_username=None, http_proxy_password=None): manifest = Manifest(old_manifest_path) candlepin_api = CandlepinApi(current_manifest=manifest, http_proxy=http_proxy, http_proxy_username=http_proxy_username, http_proxy_password=http_proxy_password) return candlepin_api.refresh_manifest()
def processCommandline(): options = [ Option('--systemid', action='store', help='(FOR TESTING ONLY) alternative systemid path/filename. ' + 'The system default is used if not specified.'), Option('--rhn-cert', action='store', help='new RHN certificate path/filename (default is' + ' %s - the saved RHN cert).' % DEFAULT_RHN_CERT_LOCATION), Option('--no-ssl', action='store_true', help='(FOR TESTING ONLY) disables SSL'), Option('--sanity-only', action='store_true', help="confirm certificate sanity. Does not activate" + "the Red Hat Satellite locally or remotely."), Option('--ignore-expiration', action='store_true', help='execute regardless of the expiration' + 'of the RHN Certificate (not recommended).'), Option('--ignore-version-mismatch', action='store_true', help='execute regardless of version ' + 'mismatch of existing and new certificate.'), Option('-v', '--verbose', action='count', help='be verbose ' + '(accumulable: -vvv means "be *really* verbose").'), Option('--dump-version', action='store', help="requested version of XML dump"), Option('--manifest', action='store', help='the RHSM manifest path/filename to activate for CDN'), ] options, args = OptionParser(option_list=options).parse_args() # we take no extra commandline arguments that are not linked to an option if args: msg = "ERROR: these arguments make no sense in this context (try --help): %s\n" % repr( args) raise ValueError(msg) initCFG('server.satellite') # systemid if not options.systemid: options.systemid = DEFAULT_SYSTEMID_LOCATION options.systemid = fileutils.cleanupAbsPath(options.systemid) if not options.rhn_cert and not options.manifest: print "NOTE: using backup cert as default: %s" % DEFAULT_RHN_CERT_LOCATION options.rhn_cert = DEFAULT_RHN_CERT_LOCATION if options.manifest: if not cdn_activation: sys.stderr.write( "ERROR: Package spacewalk-backend-cdn has to be installed for using --manifest.\n" ) sys.exit(1) cdn_manifest = Manifest(options.manifest) tmp_cert_path = cdn_manifest.get_certificate_path() if tmp_cert_path is not None: options.rhn_cert = tmp_cert_path options.rhn_cert = fileutils.cleanupAbsPath(options.rhn_cert) if not os.path.exists(options.rhn_cert): sys.stderr.write("ERROR: RHN Cert (%s) does not exist\n" % options.rhn_cert) sys.exit(1) if not options.sanity_only and CFG.DISCONNECTED: sys.stderr.write( """ERROR: Satellite server has been setup to run in disconnected mode. Correct server configuration in /etc/rhn/rhn.conf. """) sys.exit(1) options.server = '' if not options.sanity_only: if not CFG.RHN_PARENT: sys.stderr.write( "ERROR: rhn_parent is not set in /etc/rhn/rhn.conf\n") sys.exit(1) options.server = idn_ascii_to_puny( rhnLib.parseUrl(CFG.RHN_PARENT)[1].split(':')[0]) print 'RHN_PARENT: %s' % options.server options.http_proxy = idn_ascii_to_puny(CFG.HTTP_PROXY) options.http_proxy_username = CFG.HTTP_PROXY_USERNAME options.http_proxy_password = CFG.HTTP_PROXY_PASSWORD options.ca_cert = CFG.CA_CHAIN if options.verbose: print 'HTTP_PROXY: %s' % options.http_proxy print 'HTTP_PROXY_USERNAME: %s' % options.http_proxy_username print 'HTTP_PROXY_PASSWORD: <password>' if not options.no_ssl: print 'CA_CERT: %s' % options.ca_cert return options
def processCommandline(): options = [ Option('--systemid', action='store', help='(FOR TESTING ONLY) alternative systemid path/filename. ' + 'The system default is used if not specified.'), Option('--rhn-cert', action='store', help='new RHN certificate path/filename (default is' + ' %s - the saved RHN cert).' % DEFAULT_RHN_CERT_LOCATION), Option('--no-ssl', action='store_true', help='(FOR TESTING ONLY) disables SSL'), Option('--sanity-only', action='store_true', help="confirm certificate sanity. Does not activate" + "the Red Hat Satellite locally or remotely."), Option('--ignore-expiration', action='store_true', help='execute regardless of the expiration' + 'of the RHN Certificate (not recommended).'), Option('--ignore-version-mismatch', action='store_true', help='execute regardless of version ' + 'mismatch of existing and new certificate.'), Option('-v', '--verbose', action='count', help='be verbose ' + '(accumulable: -vvv means "be *really* verbose").'), Option('--dump-version', action='store', help="requested version of XML dump"), Option('--manifest', action='store', help='the RHSM manifest path/filename to activate for CDN'), ] options, args = OptionParser(option_list=options).parse_args() # we take no extra commandline arguments that are not linked to an option if args: msg = "ERROR: these arguments make no sense in this context (try --help): %s\n" % repr(args) raise ValueError(msg) initCFG('server.satellite') # systemid if not options.systemid: options.systemid = DEFAULT_SYSTEMID_LOCATION options.systemid = fileutils.cleanupAbsPath(options.systemid) if not options.rhn_cert and not options.manifest: print "NOTE: using backup cert as default: %s" % DEFAULT_RHN_CERT_LOCATION options.rhn_cert = DEFAULT_RHN_CERT_LOCATION if options.manifest: if not cdn_activation: sys.stderr.write("ERROR: Package spacewalk-backend-cdn has to be installed for using --manifest.\n") sys.exit(1) cdn_manifest = Manifest(options.manifest) tmp_cert_path = cdn_manifest.get_certificate_path() if tmp_cert_path is not None: options.rhn_cert = tmp_cert_path options.rhn_cert = fileutils.cleanupAbsPath(options.rhn_cert) if not os.path.exists(options.rhn_cert): sys.stderr.write("ERROR: RHN Cert (%s) does not exist\n" % options.rhn_cert) sys.exit(1) if not options.sanity_only and CFG.DISCONNECTED: sys.stderr.write("""ERROR: Satellite server has been setup to run in disconnected mode. Correct server configuration in /etc/rhn/rhn.conf. """) sys.exit(1) options.server = '' if not options.sanity_only: if not CFG.RHN_PARENT: sys.stderr.write("ERROR: rhn_parent is not set in /etc/rhn/rhn.conf\n") sys.exit(1) options.server = idn_ascii_to_puny(rhnLib.parseUrl(CFG.RHN_PARENT)[1].split(':')[0]) print 'RHN_PARENT: %s' % options.server options.http_proxy = idn_ascii_to_puny(CFG.HTTP_PROXY) options.http_proxy_username = CFG.HTTP_PROXY_USERNAME options.http_proxy_password = CFG.HTTP_PROXY_PASSWORD options.ca_cert = CFG.CA_CHAIN if options.verbose: print 'HTTP_PROXY: %s' % options.http_proxy print 'HTTP_PROXY_USERNAME: %s' % options.http_proxy_username print 'HTTP_PROXY_PASSWORD: <password>' if not options.no_ssl: print 'CA_CERT: %s' % options.ca_cert return options