def test_get_product_type_invalid_product(monkeypatch):
for sys_type, envar in [('source', 'LEAPP_DEVEL_SOURCE_PRODUCT_TYPE'),
('target', 'LEAPP_DEVEL_TARGET_PRODUCT_TYPE')]:
monkeypatch.setattr(api, 'current_actor',
CurrentActorMocked({envar: 'wrong'}))
with pytest.raises(ValueError) as err:
get_product_type(sys_type)
assert 'Invalid value in the {} envar'.format(envar) in str(err)
def switched_certificate(context, rhsm_info, cert_path, version):
"""
Performs all actions needed to switch the product certificate passed.
This function will copy the certificate to /etc/pki/product and if necessary /etc/pki/product-default and
removes other product certificates from there. Unsets the release and refreshes the subscription-manager.
:param context: An instance of a mounting.IsolatedActions class
:type context: mounting.IsolatedActions class
:param rhsm_info: An instance of a RHSMInfo derived model.
:type rhsm_info: RHSMInfo derived model
:param cert_path: Path to the product certificate to switch to.
:type cert_path: string
"""
if skip_rhsm():
yield TargetRHSMInfo()
return
# Make a backup of product certificates
pki_path = '/etc/pki'
pki_backup_path = '/etc/pki.bak'
context.call(['rm', '-rf', pki_backup_path], checked=False)
context.call(['cp', '-a', pki_path, pki_backup_path], checked=False)
for existing in rhsm_info.existing_product_certificates:
try:
context.remove(existing)
except OSError:
api.current_logger().warn(
'Failed to remove existing certificate: %s',
existing,
exc_info=True)
for path in ('/etc/pki/product', '/etc/pki/product-default'):
if os.path.isdir(context.full_path(path)):
context.copy_to(cert_path,
os.path.join(path, os.path.basename(cert_path)))
unset_release(context)
try:
refresh(context)
# only ga has releases in rhsm
if get_product_type('target') == 'ga':
set_release(context, version)
target_rhsm_info = TargetRHSMInfo()
scan_rhsm_info(context, target_rhsm_info)
yield target_rhsm_info
finally:
# Restore backup of product certificates
context.call(['rm', '-rf', pki_path], checked=False)
context.call(['cp', '-a', pki_backup_path, pki_path], checked=False)
unset_release(context)
# Restore release - only ga has releases in rhsm
if get_product_type('source') == 'ga':
restore_release(context, rhsm_info)
def scan_repositories(read_repofile_func=_read_repofile):
"""
Scan the repository mapping file and produce RepositoriesMap msg.
See the description of the actor for more details.
"""
_exp_src_prod_type = config.get_product_type('source')
_exp_dst_prod_type = config.get_product_type('target')
repositories = []
line_num = 0
for line in read_repofile_func(REPOMAP_FILE)[1:]:
line_num += 1
# skip empty lines and comments
if not line or line.startswith('#'):
continue
try:
(from_repoid, to_repoid, to_pes_repo, from_minor_version,
to_minor_version, arch, repo_type, src_prod_type,
dst_prod_type) = line.split(',')
# filter out records irrelevant for this run
if (arch != api.current_actor().configuration.architecture
or _exp_src_prod_type != src_prod_type
or _exp_dst_prod_type != dst_prod_type):
continue
repositories.append(
RepositoryMap(
from_repoid=from_repoid,
to_repoid=to_repoid,
to_pes_repo=to_pes_repo,
from_minor_version=from_minor_version,
to_minor_version=to_minor_version,
arch=arch,
repo_type=repo_type,
))
except (ModelViolationError, ValueError) as err:
_inhibit_upgrade(
'The repository mapping file is invalid, offending line number: {} ({}).'
' It is possible the file is out of date.'.format(
line_num, err))
if not repositories:
_inhibit_upgrade(
'The repository mapping file is invalid. Could not find any repository mapping record.'
)
api.produce(RepositoriesMap(repositories=repositories))
def test_get_product_type_valid(monkeypatch):
prod_types = ('ga', 'beta', 'htb', 'GA', 'BETA', 'HTB', '')
for src, dst in [(i, j) for i in prod_types for j in prod_types]:
envars = {
'LEAPP_DEVEL_SOURCE_PRODUCT_TYPE': src,
'LEAPP_DEVEL_TARGET_PRODUCT_TYPE': dst
}
exp_src = 'ga' if not src else src.lower()
exp_dst = 'ga' if not dst else dst.lower()
monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(envars))
assert exp_src == get_product_type('source')
assert exp_dst == get_product_type('target')
# return 'ga' if envars are not specified
monkeypatch.setattr(api, 'current_actor', CurrentActorMocked())
assert get_product_type('source') == 'ga'
assert get_product_type('target') == 'ga'
def _get_product_certificate_path():
"""
Retrieves the required / used product certificate for RHSM.
"""
architecture = api.current_actor().configuration.architecture
target_version = api.current_actor().configuration.version.target
target_product_type = get_product_type('target')
certs_dir = api.get_common_folder_path(PROD_CERTS_FOLDER)
# TODO: do we need EUS/... here or is it ga one enough to get eus repos?
prod_certs = {
'x86_64': {
'ga': '479.pem',
'beta': '486.pem',
'htb': '230.pem',
},
'aarch64': {
'ga': '419.pem',
'beta': '363.pem',
'htb': '489.pem',
},
'ppc64le': {
'ga': '279.pem',
'beta': '362.pem',
'htb': '233.pem',
},
's390x': {
'ga': '72.pem',
'beta': '433.pem',
'htb': '232.pem',
}
}
try:
cert = prod_certs[architecture][target_product_type]
except KeyError as e:
raise StopActorExecutionError(message=(
'Failed to determine what certificate to use for {}.'.format(e)))
cert_path = os.path.join(certs_dir, target_version, cert)
if not os.path.isfile(cert_path):
details = {'missing certificate': cert, 'path': cert_path}
if target_product_type != 'ga':
details['hint'] = (
'You chose to upgrade to beta or htb system but probably'
' chose version for which beta/htb certificates are not'
' attached (e.g. because the GA has been released already).'
' Set the target os version for which the {} certificate'
' is provided using the LEAPP_DEVEL_TARGET_RELEASE envar.'.
format(cert))
details['search cmd'] = 'find {} | grep {}'.format(certs_dir, cert)
raise StopActorExecutionError(
message=
'Cannot find the product certificate file for the chosen target system.',
details=details)
return cert_path
def set_rhsm_release():
"""Set the RHSM release to the target RHEL minor version."""
if rhsm.skip_rhsm():
api.current_logger().debug(
'Skipping setting the RHSM release due to --no-rhsm or environment variables.'
)
return
if config.get_product_type('target') != 'ga':
api.current_logger().debug(
'Skipping setting the RHSM release as target product is set to beta/htb'
)
return
target_version = api.current_actor().configuration.version.target
try:
rhsm.set_release(mounting.NotIsolatedActions(base_dir='/'),
target_version)
except CalledProcessError as err:
api.current_logger().warning(
'Unable to set the {0} release through subscription-manager. When using dnf,'
' content of the latest RHEL {1} minor version will be downloaded.\n{2}'
.format(target_version, get_target_major_version(), str(err)))
def test_get_product_type_invalid_param():
with pytest.raises(ValueError) as err:
get_product_type('fail')
assert 'Given invalid sys_type.' in str(err)
def _is_optional_repo(repo):
sys_type = get_product_type('source')
suffix = 'optional-rpms'
if sys_type != 'ga':
suffix = 'optional-{}-rpms'.format(sys_type)
return repo.from_repoid.endswith(suffix)
def _get_product_certificate_path():
"""
Retrieve the required / used product certificate for RHSM.
"""
architecture = api.current_actor().configuration.architecture
target_version = api.current_actor().configuration.version.target
target_product_type = get_product_type('target')
certs_dir = api.get_common_folder_path(PROD_CERTS_FOLDER)
# We do not need any special certificates to reach repos from non-ga channels, only beta requires special cert.
if target_product_type != 'beta':
target_product_type = 'ga'
prod_certs = {
'x86_64': {
'ga': '479.pem',
'beta': '486.pem',
},
'aarch64': {
'ga': '419.pem',
'beta': '363.pem',
},
'ppc64le': {
'ga': '279.pem',
'beta': '362.pem',
},
's390x': {
'ga': '72.pem',
'beta': '433.pem',
}
}
try:
cert = prod_certs[architecture][target_product_type]
except KeyError as e:
raise StopActorExecutionError(message=(
'Failed to determine what certificate to use for {}.'.format(e)))
cert_path = os.path.join(certs_dir, target_version, cert)
if not os.path.isfile(cert_path):
additional_summary = ''
if target_product_type != 'ga':
additional_summary = (
' This can happen when upgrading a beta system and the chosen target version does not have'
' beta certificates attached (for example, because the GA has been released already).'
)
reporting.create_report([
reporting.Title(
'Cannot find the product certificate file for the chosen target system.'
),
reporting.Summary(
'Expected certificate: {cert} with path {path} but it could not be found.{additional}'
.format(cert=cert,
path=cert_path,
additional=additional_summary)),
reporting.Tags([reporting.Tags.REPOSITORY]),
reporting.Flags([reporting.Flags.INHIBITOR]),
reporting.Severity(reporting.Severity.HIGH),
reporting.Remediation(hint=(
'Set the corresponding target os version in the LEAPP_DEVEL_TARGET_RELEASE environment variable for'
'which the {cert} certificate is provided'.format(cert=cert))),
])
raise StopActorExecution()
return cert_path
