def appliance_preupdate(old_version, appliance): series = appliance.version.series() update_url = "update_url_{}".format(series.replace('.', '')) """Requests appliance from sprout based on old_versions, edits partitions and adds repo file for update""" usable = [] sp = SproutClient.from_config() available_versions = set(sp.call_method('available_cfme_versions')) for a in available_versions: if a.startswith(old_version): usable.append(Version(a)) usable.sort(reverse=True) try: apps, pool_id = sp.provision_appliances(count=1, preconfigured=True, lease_time=180, version=str(usable[0])) except Exception as e: logger.exception("Couldn't provision appliance with following error:{}".format(e)) raise SproutException('No provision available') apps[0].db.extend_partition() urls = process_url(conf.cfme_data['basic_info'][update_url]) output = build_file(urls) with tempfile.NamedTemporaryFile('w') as f: f.write(output) f.flush() os.fsync(f.fileno()) apps[0].ssh_client.put_file( f.name, '/etc/yum.repos.d/update.repo') yield apps[0] apps[0].ssh_client.close() sp.destroy_pool(pool_id)
def appliance_preupdate(old_version, appliance): series = appliance.version.series() update_url = "update_url_{}".format(series.replace('.', '')) """Requests appliance from sprout based on old_versions, edits partitions and adds repo file for update""" usable = [] sp = SproutClient.from_config() available_versions = set(sp.call_method('available_cfme_versions')) for a in available_versions: if a.startswith(old_version): usable.append(Version(a)) usable.sort(reverse=True) try: apps, pool_id = sp.provision_appliances(count=1, preconfigured=True, lease_time=180, version=str(usable[0])) except Exception as e: logger.exception("Couldn't provision appliance with following error:{}".format(e)) raise SproutException('No provision available') apps[0].db.extend_partition() urls = process_url(cfme_data['basic_info'][update_url]) output = build_file(urls) with tempfile.NamedTemporaryFile('w') as f: f.write(output) f.flush() os.fsync(f.fileno()) apps[0].ssh_client.put_file( f.name, '/etc/yum.repos.d/update.repo') yield apps[0] apps[0].ssh_client.close() sp.destroy_pool(pool_id)
def test_appliance_console_scap(temp_appliance_preconfig, soft_assert): """ Commands: 1. 'ap' launches appliance_console, 2. '' clears info screen, 3. '13' Hardens appliance using SCAP configuration, 4. '' complete. Polarion: assignee: sbulage casecomponent: Configuration caseimportance: critical initialEstimate: 1/3h """ command_set = ('ap', '', '13', '') temp_appliance_preconfig.appliance_console.run_commands(command_set) with tempfile.NamedTemporaryFile('w') as f: f.write(hidden['scap.rb']) f.flush() os.fsync(f.fileno()) temp_appliance_preconfig.ssh_client.put_file(f.name, '/tmp/scap.rb') if temp_appliance_preconfig.version >= "5.8": rules = '/var/www/miq/vmdb/productization/appliance_console/config/scap_rules.yml' else: rules = '/var/www/miq/vmdb/gems/pending/appliance_console/config/scap_rules.yml' temp_appliance_preconfig.ssh_client.run_command( 'cd /tmp/ && ruby scap.rb ' '--rulesfile={rules}'.format(rules=rules)) temp_appliance_preconfig.ssh_client.get_file( '/tmp/scap-results.xccdf.xml', '/tmp/scap-results.xccdf.xml') temp_appliance_preconfig.ssh_client.get_file( '{rules}'.format(rules=rules), '/tmp/scap_rules.yml') # Get the scap rules with open('/tmp/scap_rules.yml') as f: yml = yaml.safe_load(f.read()) rules = yml['rules'] tree = lxml.etree.parse('/tmp/scap-results.xccdf.xml') root = tree.getroot() for rule in rules: elements = root.findall( './/{{http://checklists.nist.gov/xccdf/1.1}}rule-result[@idref="{}"]' .format(rule)) if elements: result = elements[0].findall( './{http://checklists.nist.gov/xccdf/1.1}result') if result: soft_assert(result[0].text == 'pass') logger.info("{}: {}".format(rule, result[0].text)) else: logger.info("{}: no result".format(rule)) else: logger.info("{}: rule not found".format(rule))
def upgrade_appliance(appliance_ip, cfme_only, update_to): """Upgrades an appliance""" supported_version_repo_map = { '5.8.z': 'update_url_58', '5.9.z': 'update_url_59' } assert update_to in supported_version_repo_map, "{} is not a supported version".format( update_to) update_url = supported_version_repo_map[update_to] if appliance_ip: print('Connecting to {}'.format(appliance_ip)) else: print('Fetching appliance from env.local.yaml') app = get_appliance(appliance_ip) print('Extending appliance partitions') app.db.extend_partition() urls = process_url(cfme_data['basic_info'][update_url]) output = build_file(urls) print('Adding update repo to appliance') with tempfile.NamedTemporaryFile('w') as f: f.write(output) f.flush() os.fsync(f.fileno()) app.ssh_client.put_file(f.name, '/etc/yum.repos.d/update.repo') ver = '95' if app.version >= '5.8' else '94' cfme = '-y' if cfme_only: cfme = 'cfme -y' print('Stopping EVM') app.evmserverd.stop() print('Running yum update') rc, out = app.ssh_client.run_command('yum update {}'.format(cfme), timeout=3600) assert rc == 0, "update failed {}".format(out) print('Running database migration') rc, out = app.ssh_client.run_rake_command("db:migrate", timeout=300) assert rc == 0, "Failed to migrate new database: {}".format(out) rc, out = app.ssh_client.run_rake_command("evm:automate:reset", timeout=300) assert rc == 0, "Failed to reset automate: {}".format(out) rc, out = app.ssh_client.run_rake_command( 'db:migrate:status 2>/dev/null | grep "^\s*down"', timeout=30) assert rc != 0, "Migration failed; migrations in 'down' state found: {}".format( out) print('Restarting postgres service') rc, out = app.ssh_client.run_command( 'systemctl restart rh-postgresql{}-postgresql'.format(ver)) assert rc == 0, "Failed to restart postgres: {}".format(out) print('Starting EVM') app.start_evm_service() print('Waiting for webui') app.wait_for_web_ui() print('Appliance upgrade completed')
def test_appliance_console_scap(temp_appliance_preconfig, soft_assert): """ Commands: 1. 'ap' launches appliance_console, 2. '' clears info screen, 3. '13' Hardens appliance using SCAP configuration, 4. '' complete. Polarion: assignee: sbulage casecomponent: Configuration caseimportance: critical initialEstimate: 1/3h """ command_set = ('ap', '', '13', '') temp_appliance_preconfig.appliance_console.run_commands(command_set) with tempfile.NamedTemporaryFile('w') as f: f.write(hidden['scap.rb']) f.flush() os.fsync(f.fileno()) temp_appliance_preconfig.ssh_client.put_file( f.name, '/tmp/scap.rb') if temp_appliance_preconfig.version >= "5.8": rules = '/var/www/miq/vmdb/productization/appliance_console/config/scap_rules.yml' else: rules = '/var/www/miq/vmdb/gems/pending/appliance_console/config/scap_rules.yml' temp_appliance_preconfig.ssh_client.run_command('cd /tmp/ && ruby scap.rb ' '--rulesfile={rules}'.format(rules=rules)) temp_appliance_preconfig.ssh_client.get_file( '/tmp/scap-results.xccdf.xml', '/tmp/scap-results.xccdf.xml') temp_appliance_preconfig.ssh_client.get_file( '{rules}'.format(rules=rules), '/tmp/scap_rules.yml') # Get the scap rules with open('/tmp/scap_rules.yml') as f: yml = yaml.safe_load(f.read()) rules = yml['rules'] tree = lxml.etree.parse('/tmp/scap-results.xccdf.xml') root = tree.getroot() for rule in rules: elements = root.findall( './/{{http://checklists.nist.gov/xccdf/1.1}}rule-result[@idref="{}"]'.format(rule)) if elements: result = elements[0].findall('./{http://checklists.nist.gov/xccdf/1.1}result') if result: soft_assert(result[0].text == 'pass') logger.info("{}: {}".format(rule, result[0].text)) else: logger.info("{}: no result".format(rule)) else: logger.info("{}: rule not found".format(rule))
def upgrade_appliance(appliance_ip, cfme_only, update_to): """Upgrades an appliance""" supported_version_repo_map = { '5.8.z': 'update_url_58', '5.8.0': 'update_url_580', '5.8.1': 'update_url_581', '5.8.2': 'update_url_582', '5.9.z': 'update_url_59', '5.9.0': 'update_url_590', '5.9.1': 'update_url_591', '5.9.2': 'update_url_592' } assert update_to in supported_version_repo_map, "{} is not a supported version".format( update_to) update_url = supported_version_repo_map[update_to] if appliance_ip: print('Connecting to {}'.format(appliance_ip)) else: print('Fetching appliance from env.local.yaml') app = get_appliance(appliance_ip) assert app.version > '5.7', "{} is not supported, must be 5.7 or higher".format( app.version) print('Extending appliance partitions') app.db.extend_partition() urls = process_url(cfme_data['basic_info'][update_url]) output = build_file(urls) print('Adding update repo to appliance') with tempfile.NamedTemporaryFile('w') as f: f.write(output) f.flush() os.fsync(f.fileno()) app.ssh_client.put_file(f.name, '/etc/yum.repos.d/update.repo') cfme = '-y' if cfme_only: cfme = 'cfme -y' print('Stopping EVM') app.evmserverd.stop() print('Running yum update') result = app.ssh_client.run_command('yum update {}'.format(cfme), timeout=3600) assert result.success, "update failed {}".format(result.output) print('Running database migration') app.db.migrate() app.db.automate_reset() print('Restarting postgres service') app.db.restart_db_service() print('Starting EVM') app.start_evm_service() print('Waiting for webui') app.wait_for_web_ui() print('Appliance upgrade completed')
def appliance_preupdate(temp_appliance_preconfig_funcscope_upgrade, appliance): '''Reconfigure appliance partitions and adds repo file for upgrade''' update_url = ('update_url_' + ''.join([i for i in get_stream(appliance.version) if i.isdigit()])) temp_appliance_preconfig_funcscope_upgrade.db.extend_partition() urls = process_url(cfme_data['basic_info'][update_url]) output = build_file(urls) with tempfile.NamedTemporaryFile('w') as f: f.write(output) f.flush() os.fsync(f.fileno()) temp_appliance_preconfig_funcscope_upgrade.ssh_client.put_file( f.name, '/etc/yum.repos.d/update.repo') return temp_appliance_preconfig_funcscope_upgrade
def appliance_preupdate(temp_appliance_preconfig_funcscope_upgrade, appliance): '''Reconfigure appliance partitions and adds repo file for upgrade''' update_url = ('update_url_' + ''.join([i for i in get_stream(appliance.version) if i.isdigit()])) temp_appliance_preconfig_funcscope_upgrade.db.extend_partition() urls = process_url(cfme_data['basic_info'][update_url]) output = build_file(urls) with tempfile.NamedTemporaryFile('w') as f: f.write(output) f.flush() os.fsync(f.fileno()) temp_appliance_preconfig_funcscope_upgrade.ssh_client.put_file( f.name, '/etc/yum.repos.d/update.repo') return temp_appliance_preconfig_funcscope_upgrade
def upgrade_appliance(appliance_ip, cfme_only, update_to): """Upgrades an appliance""" supported_version_repo_map = {'5.8.z': 'update_url_58', '5.9.z': 'update_url_59'} assert update_to in supported_version_repo_map, "{} is not a supported version".format( update_to ) update_url = supported_version_repo_map[update_to] if appliance_ip: print('Connecting to {}'.format(appliance_ip)) else: print('Fetching appliance from env.local.yaml') app = get_appliance(appliance_ip) print('Extending appliance partitions') app.db.extend_partition() urls = process_url(cfme_data['basic_info'][update_url]) output = build_file(urls) print('Adding update repo to appliance') with tempfile.NamedTemporaryFile('w') as f: f.write(output) f.flush() os.fsync(f.fileno()) app.ssh_client.put_file( f.name, '/etc/yum.repos.d/update.repo') ver = '95' if app.version >= '5.8' else '94' cfme = '-y' if cfme_only: cfme = 'cfme -y' print('Stopping EVM') app.evmserverd.stop() print('Running yum update') rc, out = app.ssh_client.run_command('yum update {}'.format(cfme), timeout=3600) assert rc == 0, "update failed {}".format(out) print('Running database migration') rc, out = app.ssh_client.run_rake_command("db:migrate", timeout=300) assert rc == 0, "Failed to migrate new database: {}".format(out) rc, out = app.ssh_client.run_rake_command("evm:automate:reset", timeout=300) assert rc == 0, "Failed to reset automate: {}".format(out) rc, out = app.ssh_client.run_rake_command( 'db:migrate:status 2>/dev/null | grep "^\s*down"', timeout=30) assert rc != 0, "Migration failed; migrations in 'down' state found: {}".format(out) print('Restarting postgres service') rc, out = app.ssh_client.run_command('systemctl restart rh-postgresql{}-postgresql'.format(ver)) assert rc == 0, "Failed to restart postgres: {}".format(out) print('Starting EVM') app.start_evm_service() print('Waiting for webui') app.wait_for_web_ui() print('Appliance upgrade completed')
def upgrade_appliance(appliance_ip, cfme_only, update_to): """Upgrades an appliance""" supported_version_repo_map = { '5.8.z': 'update_url_58', '5.8.0': 'update_url_580', '5.8.1': 'update_url_581', '5.8.2': 'update_url_582', '5.9.z': 'update_url_59', '5.9.0': 'update_url_590', '5.9.1': 'update_url_591', '5.9.2': 'update_url_592' } assert update_to in supported_version_repo_map, "{} is not a supported version".format( update_to ) update_url = supported_version_repo_map[update_to] if appliance_ip: print('Connecting to {}'.format(appliance_ip)) else: print('Fetching appliance from env.local.yaml') app = get_appliance(appliance_ip) assert app.version > '5.7', "{} is not supported, must be 5.7 or higher".format(app.version) print('Extending appliance partitions') app.db.extend_partition() urls = process_url(cfme_data['basic_info'][update_url]) output = build_file(urls) print('Adding update repo to appliance') with tempfile.NamedTemporaryFile('w') as f: f.write(output) f.flush() os.fsync(f.fileno()) app.ssh_client.put_file( f.name, '/etc/yum.repos.d/update.repo') cfme = '-y' if cfme_only: cfme = 'cfme -y' print('Stopping EVM') app.evmserverd.stop() print('Running yum update') result = app.ssh_client.run_command('yum update {}'.format(cfme), timeout=3600) assert result.success, "update failed {}".format(result.output) print('Running database migration') app.db.migrate() app.db.automate_reset() print('Restarting postgres service') app.db.restart_db_service() print('Starting EVM') app.start_evm_service() print('Waiting for webui') app.wait_for_web_ui() print('Appliance upgrade completed')