def _update(cache_only):
"""
Update entitlement certificates and redhat.repo
:param cache_only: is True, when rhsm.full_refresh_on_yum is set to 0 in rhsm.conf
"""
logger.info(_('Updating Subscription Management repositories.'))
identity = inj.require(inj.IDENTITY)
if not identity.is_valid():
logger.info(_("Unable to read consumer identity"))
if config.in_container():
logger.info(
_("Subscription Manager is operating in container mode."))
if cache_only is True:
log.debug('DNF subscription-manager operates in cache-only mode')
if not cache_only and not config.in_container():
log.debug(
'Trying to update entitlement certificates and redhat.repo')
cert_action_invoker = EntCertActionInvoker()
cert_action_invoker.update()
else:
log.debug('Skipping updating of entitlement certificates')
log.debug('Generating redhat.repo')
repo_action_invoker = RepoActionInvoker(cache_only=cache_only)
repo_action_invoker.update()
def _update(self, cache_only):
""" update entitlement certificates """
logger.info(_('Updating Subscription Management repositories.'))
# XXX: Importing inline as you must be root to read the config file
from subscription_manager.identity import ConsumerIdentity
cert_file = str(ConsumerIdentity.certpath())
key_file = str(ConsumerIdentity.keypath())
identity = inj.require(inj.IDENTITY)
# In containers we have no identity, but we may have entitlements inherited
# from the host, which need to generate a redhat.repo.
if identity.is_valid():
try:
connection.UEPConnection(cert_file=cert_file, key_file=key_file)
# FIXME: catchall exception
except Exception:
# log
logger.info(_("Unable to connect to Subscription Management Service"))
return
else:
logger.info(_("Unable to read consumer identity"))
if config.in_container():
logger.info(_("Subscription Manager is operating in container mode."))
if not cache_only and not config.in_container():
cert_action_invoker = EntCertActionInvoker()
cert_action_invoker.update()
repo_action_invoker = RepoActionInvoker(cache_only=cache_only)
repo_action_invoker.update()
def update(conduit, cache_only):
"""
Update entitlement certificates
"""
if os.getuid() != 0:
conduit.info(
3, 'Not root, Subscription Management repositories not updated')
return
conduit.info(3, 'Updating Subscription Management repositories.')
identity = inj.require(inj.IDENTITY)
if not identity.is_valid():
conduit.info(3, "Unable to read consumer identity")
# In containers we have no identity, but we may have entitlements inherited
# from the host, which need to generate a redhat.repo.
if config.in_container():
conduit.info(3, "Subscription Manager is operating in container mode.")
if not cache_only and not config.in_container():
cert_action_invoker = EntCertActionInvoker(locker=YumRepoLocker(
conduit=conduit))
cert_action_invoker.update()
if cache_only or config.in_container():
repo_action_invoker = RepoActionInvoker(
cache_only=cache_only, locker=YumRepoLocker(conduit=conduit))
repo_action_invoker.update()
def test_in_container_off(self):
# This must be set in the test environment by CI in order to know for
# sure one way or the other whether we really are in a container.
# It must NOT be set to something other than the truth of whether we are
# in a container otherwise this test will no longer be meaningful
really_in_container = True if os.environ.get(
"SUBMAN_TEST_IN_CONTAINER", False) else False
with patch.dict(os.environ, {"SMDEV_CONTAINER_OFF": "True"}):
self.assertFalse(in_container())
self.assertEqual(in_container(), really_in_container)
def get_expansion(self):
# mem cache
if self._expansion:
return self._expansion
# See BZ 1366799.
# Do not check for any release version set for the host consumer
# if we are in a container (containers are not considered to be the
# same consumer as the host they run on. They only have the same
# access to content as the host they run on.)
result = None
if not in_container():
result = self.release_status_cache.read_status(
self.uep, self.identity.uuid)
# status cache returned None, which points to a failure.
# Since we only have one value, use the default there and cache it
# NOTE: the _expansion caches exists for the lifetime of the object,
# so a new created YumReleaseverSource needs to be created when
# you think there may be a new release set. We assume it will be
# the same for the lifetime of a RepoUpdateActionCommand
if not self.is_set(result) or result is None:
# we got a result indicating we don't know the release, use the
# default. This could be server error or just an "unset" release.
self._expansion = self.default
return self._expansion
self._expansion = result['releaseVer']
return self._expansion
def update(conduit, cache_only):
""" update entitlement certificates """
if os.getuid() != 0:
conduit.info(3, 'Not root, Subscription Management repositories not updated')
return
conduit.info(3, 'Updating Subscription Management repositories.')
# XXX: Importing inline as you must be root to read the config file
from subscription_manager.identity import ConsumerIdentity
cert_file = ConsumerIdentity.certpath()
key_file = ConsumerIdentity.keypath()
identity = inj.require(inj.IDENTITY)
# In containers we have no identity, but we may have entitlements inherited
# from the host, which need to generate a redhat.repo.
if identity.is_valid():
try:
connection.UEPConnection(cert_file=cert_file, key_file=key_file)
#FIXME: catchall exception
except Exception:
# log
conduit.info(2, "Unable to connect to Subscription Management Service")
return
else:
conduit.info(3, "Unable to read consumer identity")
if config.in_container():
conduit.info(3, "Subscription Manager is operating in container mode.")
rl = RepoActionInvoker(cache_only=cache_only, locker=YumRepoLocker(conduit=conduit))
rl.update()
def warnOrGiveUsageMessage(conduit):
# XXX: Importing inline as you must be root to read the config file
""" either output a warning, or a usage message """
msg = ""
# TODO: refactor so there are not two checks for this
if os.getuid() != 0:
return
if ClassicCheck().is_registered_with_classic():
return
try:
identity = inj.require(inj.IDENTITY)
ent_dir = inj.require(inj.ENT_DIR)
# Don't warn people to register if we see entitelements, but no identity:
if not identity.is_valid() and len(ent_dir.list_valid()) == 0:
msg = not_registered_warning
elif len(ent_dir.list_valid()) == 0:
msg = no_subs_warning
if config.in_container() and len(ent_dir.list_valid()) == 0:
msg = no_subs_container_warning
finally:
if msg:
conduit.info(2, msg)
def get_expansion(self):
# mem cache
if self._expansion:
return self._expansion
# See BZ 1366799.
# Do not check for any release version set for the host consumer
# if we are in a container (containers are not considered to be the
# same consumer as the host they run on. They only have the same
# access to content as the host they run on.)
result = None
if not in_container():
uep = self.cp_provider.get_consumer_auth_cp()
result = self.release_status_cache.read_status(uep, self.identity.uuid)
# status cache returned None, which points to a failure.
# Since we only have one value, use the default there and cache it
# NOTE: the _expansion caches exists for the lifetime of the object,
# so a new created YumReleaseverSource needs to be created when
# you think there may be a new release set. We assume it will be
# the same for the lifetime of a RepoUpdateActionCommand
if not self.is_set(result) or result is None:
# we got a result indicating we don't know the release, use the
# default. This could be server error or just an "unset" release.
self._expansion = self.default
return self._expansion
self._expansion = result['releaseVer']
return self._expansion
def _update(self, cache_only):
""" update entitlement certificates """
logger.info(_('Updating Subscription Management repositories.'))
# XXX: Importing inline as you must be root to read the config file
from subscription_manager.identity import ConsumerIdentity
cert_file = str(ConsumerIdentity.certpath())
key_file = str(ConsumerIdentity.keypath())
identity = inj.require(inj.IDENTITY)
# In containers we have no identity, but we may have entitlements inherited
# from the host, which need to generate a redhat.repo.
if identity.is_valid():
try:
connection.UEPConnection(cert_file=cert_file,
key_file=key_file)
# FIXME: catchall exception
except Exception:
# log
logger.info(
_("Unable to connect to Subscription Management Service"))
return
else:
logger.info(_("Unable to read consumer identity"))
if config.in_container():
logger.info(
_("Subscription Manager is operating in container mode."))
rl = RepoActionInvoker(cache_only=cache_only)
rl.update()
def warn_or_usage_message(conduit):
"""
Display warning message, when the system is not registered (no consumer cert) or then is no entitlement cert
"""
if os.getuid() != 0:
return
if ClassicCheck().is_registered_with_classic():
return
msg = ""
try:
identity = inj.require(inj.IDENTITY)
ent_dir = inj.require(inj.ENT_DIR)
# Don't warn people to register if we see entitlements, but no identity:
if not identity.is_valid() and len(ent_dir.list_valid()) == 0:
msg = not_registered_warning
elif len(ent_dir.list_valid()) == 0 and not is_simple_content_access(
identity=identity):
msg = no_subs_warning
if config.in_container() and len(ent_dir.list_valid()) == 0:
msg = no_subs_container_warning
finally:
if msg:
conduit.info(2, msg)
def warnOrGiveUsageMessage(conduit):
# XXX: Importing inline as you must be root to read the config file
""" either output a warning, or a usage message """
msg = ""
# TODO: refactor so there are not two checks for this
if os.getuid() != 0:
return
if ClassicCheck().is_registered_with_classic():
return
try:
identity = inj.require(inj.IDENTITY)
ent_dir = inj.require(inj.ENT_DIR)
# Don't warn people to register if we see entitelements, but no identity:
if not identity.is_valid() and len(ent_dir.list_valid()) == 0:
msg = not_registered_warning
elif len(ent_dir.list_valid()) == 0:
# XXX: Importing inline as you must be root to read the config file
from subscription_manager.identity import ConsumerIdentity
cert_file = ConsumerIdentity.certpath()
key_file = ConsumerIdentity.keypath()
# In containers we have no identity, but we may have entitlements inherited
# from the host, which need to generate a redhat.repo.
if identity.is_valid():
try:
uep = connection.UEPConnection(cert_file=cert_file,
key_file=key_file)
# FIXME: catchall exception
except Exception:
pass
else:
owner = uep.getOwner(identity.uuid)
if owner['contentAccessMode'] != "org_environment":
return
msg = no_subs_warning
if config.in_container() and len(ent_dir.list_valid()) == 0:
msg = no_subs_container_warning
finally:
if msg:
conduit.info(2, msg)