def __init__(self, manifest_path, cert_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) # Satellite 5 certificate c = open(cert_path, 'r') try: self.sat5_cert = SatelliteCert() content = c.read() self.sat5_cert.load(content) finally: if c is not None: c.close() # Channel families metadata f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') try: self.families = json.load(f) finally: if f is not None: f.close() # product to family mapping p = open(constants.PRODUCT_FAMILY_MAPPING_PATH, 'r') try: self.products = json.load(p) finally: if p is not None: p.close() self.families_to_import = []
def __init__(self, manifest_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) self.sat5_cert = SatelliteCert() self.sat5_cert.load(self.manifest.get_satellite_certificate()) verify_mappings() # Channel families metadata f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') try: self.families = json.load(f) finally: if f is not None: f.close() self.families_to_import = []
def _extract_certificate(self, zip_file): files = zip_file.namelist() certificates_names = [] for f in files: if f.startswith(self.CERTIFICATE_PATH) and f.endswith(".xml"): certificates_names.append(f) if len(certificates_names) >= 1: # take only first file cert_file = zip_file.open(certificates_names[0]) # take only first file self.sat5_certificate = cert_file.read().strip() cert_file.close() # Save version too sat5_cert = SatelliteCert() sat5_cert.load(self.sat5_certificate) self.satellite_version = getattr(sat5_cert, 'satellite-version') else: raise MissingSatelliteCertificateError("Satellite Certificate was not found in manifest.")
def __init__(self, manifest_path, cert_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) # Satellite 5 certificate with open(cert_path, 'r') as f: self.sat5_cert = SatelliteCert() content = f.read() self.sat5_cert.load(content) # Channel families metadata with open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') as f: self.families = json.load(f) with open(constants.PRODUCT_FAMILY_MAPPING_PATH, 'r') as f: self.products = json.load(f) self.families_to_import = []
def _extract_certificate(self, zip_file): files = zip_file.namelist() certificates_names = [] for f in files: if f.startswith(self.CERTIFICATE_PATH) and f.endswith(".xml"): certificates_names.append(f) if len(certificates_names) >= 1: # take only first file cert_file = zip_file.open( certificates_names[0]) # take only first file self.sat5_certificate = cert_file.read().strip() cert_file.close() # Save version too sat5_cert = SatelliteCert() sat5_cert.load(self.sat5_certificate) self.satellite_version = getattr(sat5_cert, 'satellite-version') else: raise MissingSatelliteCertificateError( "Satellite Certificate was not found in manifest.")
def __init__(self, manifest_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) self.sat5_cert = SatelliteCert() self.sat5_cert.load(self.manifest.get_satellite_certificate()) verify_mappings() f = None # Channel families metadata try: f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') self.families = json.load(f) f.close() except IOError: e = sys.exc_info()[1] print "Ignoring channel mappings: %s" % e self.families = {} finally: if f is not None: f.close() self.families_to_import = []
def __init__(self, manifest_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) self.sat5_cert = SatelliteCert() self.sat5_cert.load(self.manifest.get_satellite_certificate()) verify_mappings() f = None # Channel families metadata try: try: f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') self.families = json.load(f) f.close() except IOError: e = sys.exc_info()[1] log(1, "Ignoring channel mappings: %s" % e) self.families = {} finally: if f is not None: f.close() self.families_to_import = []
class Activation(object): """Class inserting channel families and SSL metadata into DB.""" def __init__(self, manifest_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) self.sat5_cert = SatelliteCert() self.sat5_cert.load(self.manifest.get_satellite_certificate()) verify_mappings() f = None # Channel families metadata try: try: f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') self.families = json.load(f) f.close() except IOError: e = sys.exc_info()[1] log(1, "Ignoring channel mappings: %s" % e) self.families = {} finally: if f is not None: f.close() self.families_to_import = [] @staticmethod def _remove_certificates(): for description_prefix in (constants.CA_CERT_NAME, constants.CLIENT_CERT_PREFIX, constants.CLIENT_KEY_PREFIX): satCerts.delete_rhnCryptoKey_null_org(description_prefix) def _update_certificates(self): """Delete and insert certificates needed for syncing from CDN repositories.""" # Remove all previously used certs/keys self._remove_certificates() # Read RHSM cert f = open(constants.CA_CERT_PATH, 'r') try: ca_cert = f.read() finally: if f is not None: f.close() if not satCerts.verify_certificate_dates(str(ca_cert)): log2(0, 0, "WARNING: '%s' certificate is not valid." % constants.CA_CERT_PATH, stream=sys.stderr) # Insert RHSM cert and certs from manifest into DB satCerts.store_rhnCryptoKey( constants.CA_CERT_NAME, ca_cert, None) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() cert_name = constants.CLIENT_CERT_PREFIX + creds.get_id() key_name = constants.CLIENT_KEY_PREFIX + creds.get_id() if not satCerts.verify_certificate_dates(str(creds.get_cert())): log2(0, 0, "WARNING: '%s' certificate is not valid." % cert_name, stream=sys.stderr) satCerts.store_rhnCryptoKey(cert_name, creds.get_cert(), None) satCerts.store_rhnCryptoKey(key_name, creds.get_key(), None) def import_channel_families(self): """Insert channel family data into DB.""" log(1, "Channel families in manifest: %d" % len(self.sat5_cert.channel_families)) # pylint: disable=E1101 batch = [] for cf in self.sat5_cert.channel_families: # pylint: disable=E1101 label = cf.name try: family = self.families[label] family_object = ChannelFamily() for k in family.keys(): family_object[k] = family[k] family_object['label'] = label batch.append(family_object) self.families_to_import.append(label) except KeyError: # While channel mappings are not consistent with certificate generated on RHN... msg = ("WARNING: Channel family '%s' is provided by manifest but " "was not found in cdn-sync mappings." % label) log2(0, 1, msg, stream=sys.stderr) log(1, "Channel families to import: %d" % len(batch)) # Perform import backend = SQLBackend() importer = ChannelFamilyImport(batch, backend) importer.run() @staticmethod def _remove_repositories(): """This method removes repositories obtained from manifest""" hdel_repos = rhnSQL.prepare(""" delete from rhnContentSource where label like :prefix || '%%' and org_id is null """) hdel_repos.execute(prefix=constants.MANIFEST_REPOSITORY_DB_PREFIX) rhnSQL.commit() def _update_repositories(self): """Setup SSL credential to access repositories We do this in 2 steps: 1. Fetching provided repositories from manifest - URL contains variables to substitute 2. Assigning one certificate/key set to each repository""" # First delete all repositories from previously used manifests self._remove_repositories() backend = SQLBackend() type_id = backend.lookupContentSourceType('yum') # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) content_sources_batch = {} for entitlement in self.manifest.get_all_entitlements(): # Lookup SSL certificates and keys creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) content_source_ssl = ContentSourceSsl() content_source_ssl['ssl_ca_cert_id'] = ca_cert_id content_source_ssl['ssl_client_cert_id'] = client_cert_id content_source_ssl['ssl_client_key_id'] = client_key_id # Loop provided products for product in entitlement.get_products(): repositories = product.get_repositories() for repository in repositories: if repository not in content_sources_batch: content_source = ContentSource() content_source['label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository content_source['source_url'] = repositories[repository] content_source['org_id'] = None content_source['type_id'] = type_id content_source['ssl-sets'] = [content_source_ssl] content_sources_batch[repository] = content_source # There may be more SSL certs to one repository, append it elif content_source_ssl not in content_sources_batch[repository]['ssl-sets']: content_sources_batch[repository]['ssl-sets'].append(content_source_ssl) importer = ContentSourcesImport(content_sources_batch.values(), backend) importer.run() def activate(self): if self.manifest.check_signature(): log(0, "Populating channel families...") self.import_channel_families() log(0, "Updating certificates...") self._update_certificates() log(0, "Updating manifest repositories...") self._update_repositories() else: raise ManifestValidationError("Manifest validation failed! Make sure the specified manifest is correct.") @staticmethod def deactivate(): """Function to remove certificates and manifest repositories from DB""" rhnSQL.initDB() log(0, "Removing certificates...") Activation._remove_certificates() log(0, "Removing manifest repositories...") Activation._remove_repositories() @staticmethod def manifest_info(manifest_path): manifest = Manifest(manifest_path) log(0, "Name: %s" % manifest.get_name(), cleanYN=1) log(0, "UUID: %s" % manifest.get_uuid(), cleanYN=1) log(0, "Owner ID: %s" % manifest.get_ownerid(), cleanYN=1) log(0, "Satellite version: %s" % manifest.get_satellite_version(), cleanYN=1) log(0, "Created: %s" % manifest.get_created(), cleanYN=1) log(0, "API URL: %s" % manifest.get_api_url(), cleanYN=1) @staticmethod def download_manifest(old_manifest_path, http_proxy=None, http_proxy_username=None, http_proxy_password=None): manifest = Manifest(old_manifest_path) candlepin_api = CandlepinApi(current_manifest=manifest, http_proxy=http_proxy, http_proxy_username=http_proxy_username, http_proxy_password=http_proxy_password) return candlepin_api.export_manifest() @staticmethod def refresh_manifest(old_manifest_path, http_proxy=None, http_proxy_username=None, http_proxy_password=None): manifest = Manifest(old_manifest_path) candlepin_api = CandlepinApi(current_manifest=manifest, http_proxy=http_proxy, http_proxy_username=http_proxy_username, http_proxy_password=http_proxy_password) return candlepin_api.refresh_manifest()
class Activation(object): """Class inserting channel families and SSL metadata into DB.""" def __init__(self, manifest_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) self.sat5_cert = SatelliteCert() self.sat5_cert.load(self.manifest.get_satellite_certificate()) verify_mappings() # Channel families metadata f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') try: self.families = json.load(f) finally: if f is not None: f.close() self.families_to_import = [] @staticmethod def _remove_certificates(): for description_prefix in (constants.CA_CERT_NAME, constants.CLIENT_CERT_PREFIX, constants.CLIENT_KEY_PREFIX): satCerts.delete_rhnCryptoKey_null_org(description_prefix) def _update_certificates(self): """Delete and insert certificates needed for syncing from CDN repositories.""" # Remove all previously used certs/keys self._remove_certificates() # Read RHSM cert f = open(constants.CA_CERT_PATH, 'r') try: ca_cert = f.read() finally: if f is not None: f.close() # Insert RHSM cert and certs from manifest into DB satCerts.store_rhnCryptoKey( constants.CA_CERT_NAME, ca_cert, None) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() satCerts.store_rhnCryptoKey( constants.CLIENT_CERT_PREFIX + creds.get_id(), creds.get_cert(), None) satCerts.store_rhnCryptoKey( constants.CLIENT_KEY_PREFIX + creds.get_id(), creds.get_key(), None) def import_channel_families(self): """Insert channel family data into DB.""" # Debug print("Channel families in cert: %d" % len(self.sat5_cert.channel_families)) # pylint: disable=E1101 batch = [] for cf in self.sat5_cert.channel_families: # pylint: disable=E1101 label = cf.name try: family = self.families[label] family_object = ChannelFamily() for k in family.keys(): family_object[k] = family[k] family_object['label'] = label batch.append(family_object) self.families_to_import.append(label) except KeyError: print("ERROR: Channel family '%s' was not found in mapping" % label) # Perform import backend = SQLBackend() importer = ChannelFamilyImport(batch, backend) importer.run() @staticmethod def _remove_repositories(): """This method removes repositories obtained from manifest""" hdel_repos = rhnSQL.prepare(""" delete from rhnContentSource where label like :prefix || '%%' and org_id is null """) hdel_repos.execute(prefix=constants.MANIFEST_REPOSITORY_DB_PREFIX) rhnSQL.commit() def _update_repositories(self): """Setup SSL credential to access repositories We do this in 2 steps: 1. Fetching provided repositories from manifest - URL contains variables to substitute 2. Assigning one certificate/key set to each repository""" # First delete all repositories from previously used manifests self._remove_repositories() backend = SQLBackend() type_id = backend.lookupContentSourceType('yum') # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) content_sources_batch = {} for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) for product in entitlement.get_products(): repositories = product.get_repositories() for repository in repositories: if repository not in content_sources_batch: content_source = ContentSource() content_source['label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository content_source['source_url'] = repositories[repository] content_source['org_id'] = None content_source['type_id'] = type_id content_source['ssl_ca_cert_id'] = ca_cert_id content_source['ssl_client_cert_id'] = client_cert_id content_source['ssl_client_key_id'] = client_key_id content_sources_batch[repository] = content_source importer = ContentSourcesImport(content_sources_batch.values(), backend) importer.run() def activate(self): if self.manifest.check_signature(): print("Populating channel families...") self.import_channel_families() print("Updating certificates...") self._update_certificates() print("Updating manifest repositories...") self._update_repositories() else: raise ManifestValidationError("Manifest validation failed! Make sure the specified manifest is correct.") @staticmethod def deactivate(): """Function to remove certificates and manifest repositories from DB""" rhnSQL.initDB() print("Removing certificates...") Activation._remove_certificates() print("Removing manifest repositories...") Activation._remove_repositories()
class Activation(object): """Class inserting channel families and SSL metadata into DB.""" def __init__(self, manifest_path, cert_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) # Satellite 5 certificate c = open(cert_path, 'r') try: self.sat5_cert = SatelliteCert() content = c.read() self.sat5_cert.load(content) finally: if c is not None: c.close() # Channel families metadata f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') try: self.families = json.load(f) finally: if f is not None: f.close() # product to family mapping p = open(constants.PRODUCT_FAMILY_MAPPING_PATH, 'r') try: self.products = json.load(p) finally: if p is not None: p.close() self.families_to_import = [] def _update_certificates(self): """Delete and insert certificates needed for syncing from CDN repositories.""" # Read RHSM cert f = open(constants.CA_CERT_PATH, 'r') try: ca_cert = f.read() finally: if f is not None: f.close() # Insert RHSM cert and certs from manifest into DB satCerts.store_rhnCryptoKey(constants.CA_CERT_NAME, ca_cert, None) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() satCerts.store_rhnCryptoKey( constants.CLIENT_CERT_PREFIX + creds.get_id(), creds.get_cert(), None) satCerts.store_rhnCryptoKey( constants.CLIENT_KEY_PREFIX + creds.get_id(), creds.get_key(), None) def _update_channel_families(self): """Insert channel family data into DB""" families_in_mapping = [] for entitlement in self.manifest.get_all_entitlements(): for product_id in entitlement.get_product_ids(): try: product = self.products[product_id] families_in_mapping.extend(product['families']) # Some product cannot be mapped into channel families except KeyError: print("Cannot map product '%s' into channel families" % product_id) families_in_mapping = set(families_in_mapping) # Debug print("Channel families mapped from products: %d" % len(self.families_to_import)) print("Channel families in cert: %d" % len(self.sat5_cert.channel_families)) # pylint: disable=E1101 batch = [] for cf in self.sat5_cert.channel_families: # pylint: disable=E1101 label = cf.name if label not in families_in_mapping: print( "Skipping channel family from certificate, not in the mapping: %s" % label) continue try: family = self.families[label] family_object = ChannelFamily() for k in family.keys(): family_object[k] = family[k] family_object['label'] = label batch.append(family_object) self.families_to_import.append(label) except KeyError: print("ERROR: Channel family '%s' was not found in mapping" % label) # Perform import backend = SQLBackend() importer = ChannelFamilyImport(batch, backend) importer.run() def _update_families_ssl(self): """Link channel families with certificates inserted in _update_certificates method""" family_ids = {} for family in self.families_to_import: family_ids[family] = None # Populate with IDs backend = SQLBackend() backend.lookupChannelFamilies(family_ids) # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) # Queries for updating relation between channel families and certificates hdel = rhnSQL.prepare(""" delete from rhnContentSsl where channel_family_id = :cfid """) hins = rhnSQL.prepare(""" insert into rhnContentSsl (channel_family_id, ssl_ca_cert_id, ssl_client_cert_id, ssl_client_key_id) values (:cfid, :ca_cert_id, :client_cert_id, :client_key_id) """) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert( constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert( constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) family_ids_to_link = [] for product_id in entitlement.get_product_ids(): try: product = self.products[product_id] for family in product['families']: if family in family_ids: family_ids_to_link.append(family_ids[family]) except KeyError: print("Cannot map product '%s' into channel families" % product_id) family_ids_to_link = set(family_ids_to_link) for cfid in family_ids_to_link: hdel.execute(cfid=cfid) hins.execute(cfid=cfid, ca_cert_id=ca_cert_id, client_cert_id=client_cert_id, client_key_id=client_key_id) rhnSQL.commit() def run(self): if self.manifest.check_signature(): print("Updating certificates...") self._update_certificates() print("Updating channel families...") self._update_channel_families() print("Updating certificates for channel families...") self._update_families_ssl() else: print("Manifest validation failed!")
class Activation(object): """Class inserting channel families and SSL metadata into DB.""" def __init__(self, manifest_path, cert_path): rhnSQL.initDB() self.manifest = Manifest(manifest_path) # Satellite 5 certificate c = open(cert_path, 'r') try: self.sat5_cert = SatelliteCert() content = c.read() self.sat5_cert.load(content) finally: if c is not None: c.close() # Channel families metadata f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') try: self.families = json.load(f) finally: if f is not None: f.close() self.families_to_import = [] @staticmethod def _remove_certificates(): for description_prefix in (constants.CA_CERT_NAME, constants.CLIENT_CERT_PREFIX, constants.CLIENT_KEY_PREFIX): satCerts.delete_rhnCryptoKey_null_org(description_prefix) def _update_certificates(self): """Delete and insert certificates needed for syncing from CDN repositories.""" # Remove all previously used certs/keys self._remove_certificates() # Read RHSM cert f = open(constants.CA_CERT_PATH, 'r') try: ca_cert = f.read() finally: if f is not None: f.close() # Insert RHSM cert and certs from manifest into DB satCerts.store_rhnCryptoKey( constants.CA_CERT_NAME, ca_cert, None) for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() satCerts.store_rhnCryptoKey( constants.CLIENT_CERT_PREFIX + creds.get_id(), creds.get_cert(), None) satCerts.store_rhnCryptoKey( constants.CLIENT_KEY_PREFIX + creds.get_id(), creds.get_key(), None) def import_channel_families(self): """Insert channel family data into DB.""" # Debug print("Channel families in cert: %d" % len(self.sat5_cert.channel_families)) # pylint: disable=E1101 batch = [] for cf in self.sat5_cert.channel_families: # pylint: disable=E1101 label = cf.name try: family = self.families[label] family_object = ChannelFamily() for k in family.keys(): family_object[k] = family[k] family_object['label'] = label batch.append(family_object) self.families_to_import.append(label) except KeyError: print("ERROR: Channel family '%s' was not found in mapping" % label) # Perform import backend = SQLBackend() importer = ChannelFamilyImport(batch, backend) importer.run() @staticmethod def _remove_repositories(): """This method removes repositories obtained from manifest""" hdel_repos = rhnSQL.prepare(""" delete from rhnContentSource where label like :prefix || '%%' and org_id is null """) hdel_repos.execute(prefix=constants.MANIFEST_REPOSITORY_DB_PREFIX) rhnSQL.commit() def _update_repositories(self): """Setup SSL credential to access repositories We do this in 2 steps: 1. Fetching provided repositories from manifest - URL contains variables to substitute 2. Assigning one certificate/key set to each repository""" # First delete all repositories from previously used manifests self._remove_repositories() backend = SQLBackend() type_id = backend.lookupContentSourceType('yum') # Lookup CA cert ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) ca_cert_id = int(ca_cert['id']) content_sources_batch = {} for entitlement in self.manifest.get_all_entitlements(): creds = entitlement.get_credentials() client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX + creds.get_id(), None) client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX + creds.get_id(), None) client_cert_id = int(client_cert['id']) client_key_id = int(client_key['id']) for product in entitlement.get_products(): repositories = product.get_repositories() for repository in repositories: if repository not in content_sources_batch: content_source = ContentSource() content_source['label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository content_source['source_url'] = repositories[repository] content_source['org_id'] = None content_source['type_id'] = type_id content_source['ssl_ca_cert_id'] = ca_cert_id content_source['ssl_client_cert_id'] = client_cert_id content_source['ssl_client_key_id'] = client_key_id content_sources_batch[repository] = content_source importer = ContentSourcesImport(content_sources_batch.values(), backend) importer.run() def activate(self): if self.manifest.check_signature(): print("Updating certificates...") self._update_certificates() print("Updating manifest repositories...") self._update_repositories() else: print("Manifest validation failed!") @staticmethod def deactivate(): """Function to remove certificates and manifest repositories from DB""" rhnSQL.initDB() print("Removing certificates...") Activation._remove_certificates() print("Removing manifest repositories...") Activation._remove_repositories()