def _update(cache_only):
"""
Update entitlement certificates and redhat.repo
:param cache_only: is True, when rhsm.full_refresh_on_yum is set to 0 in rhsm.conf
"""
logger.info(_('Updating Subscription Management repositories.'))
identity = inj.require(inj.IDENTITY)
if not identity.is_valid():
logger.info(_("Unable to read consumer identity"))
if config.in_container():
logger.info(
_("Subscription Manager is operating in container mode."))
if cache_only is True:
log.debug('DNF subscription-manager operates in cache-only mode')
if not cache_only and not config.in_container():
log.debug(
'Trying to update entitlement certificates and redhat.repo')
cert_action_invoker = EntCertActionInvoker()
cert_action_invoker.update()
else:
log.debug('Skipping updating of entitlement certificates')
log.debug('Generating redhat.repo')
repo_action_invoker = RepoActionInvoker(cache_only=cache_only)
repo_action_invoker.update()
def _get_libset(self):
self.entcertlib = EntCertActionInvoker()
self.repolib = RepoActionInvoker()
lib_set = [self.entcertlib, self.repolib]
return lib_set
def _get_libset(self):
self.entcertlib = EntCertActionInvoker()
self.content_action_client = ContentActionClient()
lib_set = [self.entcertlib, self.content_action_client]
return lib_set
def _get_libset(self):
# TODO: replace with FSM thats progress through this async and wait/joins if needed
self.entcertlib = EntCertActionInvoker()
self.content_client = ContentActionClient()
self.factlib = FactsActionInvoker()
self.profilelib = PackageProfileActionInvoker()
self.installedprodlib = InstalledProductsActionInvoker()
self.idcertlib = IdentityCertActionInvoker()
self.syspurposelib = SyspurposeSyncActionInvoker()
# WARNING: order is important here, we need to update a number
# of things before attempting to autoheal, and we need to autoheal
# before attempting to fetch our certificates:
lib_set = [
self.entcertlib,
self.idcertlib,
self.content_client,
self.factlib,
self.profilelib,
self.installedprodlib,
self.syspurposelib,
]
return lib_set
def update(conduit, cache_only):
"""
Update entitlement certificates
"""
if os.getuid() != 0:
conduit.info(
3, 'Not root, Subscription Management repositories not updated')
return
conduit.info(3, 'Updating Subscription Management repositories.')
identity = inj.require(inj.IDENTITY)
if not identity.is_valid():
conduit.info(3, "Unable to read consumer identity")
# In containers we have no identity, but we may have entitlements inherited
# from the host, which need to generate a redhat.repo.
if config.in_container():
conduit.info(3, "Subscription Manager is operating in container mode.")
if not cache_only and not config.in_container():
cert_action_invoker = EntCertActionInvoker(locker=YumRepoLocker(
conduit=conduit))
cert_action_invoker.update()
if cache_only or config.in_container():
repo_action_invoker = RepoActionInvoker(
cache_only=cache_only, locker=YumRepoLocker(conduit=conduit))
repo_action_invoker.update()
def RegisterWithActivationKeys(self, org, activation_keys, options,
connection_options, locale):
"""
Note this method is registration ONLY. Auto-attach is a separate process.
"""
connection_options = dbus_utils.dbus_to_python(connection_options,
expected_type=dict)
options = dbus_utils.dbus_to_python(options, expected_type=dict)
options["activation_keys"] = dbus_utils.dbus_to_python(
activation_keys, expected_type=list)
org = dbus_utils.dbus_to_python(org, expected_type=str)
locale = dbus_utils.dbus_to_python(locale, expected_type=str)
with DBusSender() as dbus_sender:
dbus_sender.set_cmd_line(sender=self.sender,
cmd_line=self.cmd_line)
Locale.set(locale)
cp = self.build_uep(connection_options)
register_service = RegisterService(cp)
consumer = register_service.register(org, **options)
log.debug("System registered, updating entitlements if needed")
ent_cert_lib = EntCertActionInvoker()
ent_cert_lib.update()
dbus_sender.reset_cmd_line()
return json.dumps(consumer)
def _get_libset(self):
self.entcertlib = EntCertActionInvoker()
self.installedprodlib = InstalledProductsActionInvoker()
self.healinglib = HealingActionInvoker()
lib_set = [self.installedprodlib, self.healinglib, self.entcertlib]
return lib_set
def create_uep(self):
# Re-initialize our connection:
self.cp_provider.set_connection_info()
# These objects hold a reference to the old uep and must be updated:
# FIXME: We should find a way to update the connection so that the
# conncection objects are refreshed rather than recreated.
self.certlib = EntCertActionInvoker()
self.overrides = Overrides()
def __init__(self):
self.identity = require(IDENTITY)
self.cp_provider = require(CP_PROVIDER)
self.update()
self.product_dir = inj.require(inj.PROD_DIR)
self.entitlement_dir = inj.require(inj.ENT_DIR)
self.certlib = EntCertActionInvoker()
self.overrides = Overrides()
self.cs = require(CERT_SORTER)
def _get_libset(self):
self.entcertlib = EntCertActionInvoker()
self.repolib = RepoActionInvoker()
self.factlib = FactsActionInvoker()
self.profilelib = PackageProfileActionInvoker()
self.installedprodlib = InstalledProductsActionInvoker()
self.idcertlib = IdentityCertActionInvoker()
# WARNING: order is important here, we need to update a number
# of things before attempting to autoheal, and we need to autoheal
# before attempting to fetch our certificates:
lib_set = [
self.entcertlib, self.idcertlib, self.repolib, self.factlib,
self.profilelib, self.installedprodlib
]
return lib_set
def update(conduit, cache_only):
"""
Update entitlement certificates
"""
if os.getuid() != 0:
conduit.info(
3, 'Not root, Subscription Management repositories not updated')
return
conduit.info(3, 'Updating Subscription Management repositories.')
# XXX: Importing inline as you must be root to read the config file
from subscription_manager.identity import ConsumerIdentity
cert_file = ConsumerIdentity.certpath()
key_file = ConsumerIdentity.keypath()
identity = inj.require(inj.IDENTITY)
# In containers we have no identity, but we may have entitlements inherited
# from the host, which need to generate a redhat.repo.
if identity.is_valid():
if not cache_only:
try:
connection.UEPConnection(cert_file=cert_file,
key_file=key_file)
except Exception:
# log
conduit.info(
2, "Unable to connect to Subscription Management Service")
return
else:
conduit.info(3, "Unable to read consumer identity")
if config.in_container():
conduit.info(3, "Subscription Manager is operating in container mode.")
if not cache_only and not config.in_container():
cert_action_invoker = EntCertActionInvoker(locker=YumRepoLocker(
conduit=conduit))
cert_action_invoker.update()
repo_action_invoker = RepoActionInvoker(
cache_only=cache_only, locker=YumRepoLocker(conduit=conduit))
repo_action_invoker.update()
def _update(self, cache_only):
""" update entitlement certificates """
logger.info(_('Updating Subscription Management repositories.'))
# XXX: Importing inline as you must be root to read the config file
from subscription_manager.identity import ConsumerIdentity
cert_file = str(ConsumerIdentity.certpath())
key_file = str(ConsumerIdentity.keypath())
identity = inj.require(inj.IDENTITY)
# In containers we have no identity, but we may have entitlements inherited
# from the host, which need to generate a redhat.repo.
if identity.is_valid():
try:
connection.UEPConnection(cert_file=cert_file,
key_file=key_file)
# FIXME: catchall exception
except Exception:
# log
logger.info(
_("Unable to connect to Subscription Management Service"))
return
else:
logger.info(_("Unable to read consumer identity"))
if config.in_container():
logger.info(
_("Subscription Manager is operating in container mode."))
if not cache_only and not config.in_container():
cert_action_invoker = EntCertActionInvoker()
cert_action_invoker.update()
repo_action_invoker = RepoActionInvoker(cache_only=cache_only)
repo_action_invoker.update()
def main(self, args=None):
# TODO: For now, we disable the CLI entirely. We may want to allow some commands in the future.
if rhsm.config.in_container():
system_exit(
os.EX_CONFIG,
_("subscription-manager is disabled when running inside a container. Please refer to your host system for subscription management.\n"
))
config_changed = False
# In testing we sometimes specify args, otherwise use the default:
if not args:
args = sys.argv[1:]
(self.options, self.args) = self.parser.parse_known_args(args)
# we dont need argv[0] in this list...
self.args = self.args[1:]
# check for unparsed arguments
if self.args:
for arg in self.args:
print(_("cannot parse argument: {}").format(arg))
system_exit(os.EX_USAGE)
if hasattr(self.options, "insecure") and self.options.insecure:
conf["server"]["insecure"] = "1"
config_changed = True
if hasattr(self.options, "server_url") and self.options.server_url:
try:
(self.server_hostname, self.server_port,
self.server_prefix) = parse_server_info(
self.options.server_url, conf)
except ServerUrlParseError as e:
print(_("Error parsing serverurl:"))
handle_exception("Error parsing serverurl:", e)
conf["server"]["hostname"] = self.server_hostname
conf["server"]["port"] = self.server_port
conf["server"]["prefix"] = self.server_prefix
if self.server_port:
self.server_port = int(self.server_port)
config_changed = True
if hasattr(self.options, "base_url") and self.options.base_url:
try:
(baseurl_server_hostname, baseurl_server_port,
baseurl_server_prefix) = parse_baseurl_info(
self.options.base_url)
except ServerUrlParseError as e:
print(_("Error parsing baseurl:"))
handle_exception("Error parsing baseurl:", e)
conf["rhsm"]["baseurl"] = format_baseurl(baseurl_server_hostname,
baseurl_server_port,
baseurl_server_prefix)
config_changed = True
# support foo.example.com:3128 format
if hasattr(self.options, "proxy_url") and self.options.proxy_url:
parts = remove_scheme(self.options.proxy_url).split(':')
self.proxy_hostname = parts[0]
# no ':'
if len(parts) > 1:
self.proxy_port = int(parts[1])
else:
# if no port specified, use the one from the config, or fallback to the default
self.proxy_port = conf['server'].get_int(
'proxy_port') or rhsm.config.DEFAULT_PROXY_PORT
config_changed = True
if hasattr(self.options, "proxy_user") and self.options.proxy_user:
self.proxy_user = self.options.proxy_user
if hasattr(self.options,
"proxy_password") and self.options.proxy_password:
self.proxy_password = self.options.proxy_password
if hasattr(self.options, "no_proxy") and self.options.no_proxy:
self.no_proxy = self.options.no_proxy
# Proxy information isn't written to the config, so we have to make sure
# the sorter gets it
connection_info = {}
if self.proxy_hostname:
connection_info['proxy_hostname_arg'] = self.proxy_hostname
if self.proxy_port:
connection_info['proxy_port_arg'] = self.proxy_port
if self.proxy_user:
connection_info['proxy_user_arg'] = self.proxy_user
if self.proxy_password:
connection_info['proxy_password_arg'] = self.proxy_password
if self.server_hostname:
connection_info['host'] = self.server_hostname
if self.server_port:
connection_info['ssl_port'] = self.server_port
if self.server_prefix:
connection_info['handler'] = self.server_prefix
if self.no_proxy:
connection_info['no_proxy_arg'] = self.no_proxy
self.cp_provider = inj.require(inj.CP_PROVIDER)
self.cp_provider.set_connection_info(**connection_info)
self.log.debug("X-Correlation-ID: {id}".format(id=self.correlation_id))
self.cp_provider.set_correlation_id(self.correlation_id)
self.log_client_version()
if self.require_connection():
# make sure we pass in the new server info, otherwise we
# we use the defaults from connection module init
# we've set self.proxy* here, so we'll use them if they
# are set
self.cp = self.cp_provider.get_consumer_auth_cp()
# no auth cp for get / (resources) and
# get /status (status and versions)
self.no_auth_cp = self.cp_provider.get_no_auth_cp()
self.entcertlib = EntCertActionInvoker()
if config_changed:
try:
# catch host/port issues; does not catch auth issues
if not self.test_proxy_connection():
system_exit(
os.EX_UNAVAILABLE,
_("Proxy connection failed, please check your settings."
))
# this tries to actually connect to the server and ping it
if not is_valid_server_info(self.no_auth_cp):
system_exit(
os.EX_UNAVAILABLE,
_("Unable to reach the server at {host}:{port}{handler}"
).format(host=self.no_auth_cp.host,
port=self.no_auth_cp.ssl_port,
handler=self.no_auth_cp.handler))
except MissingCaCertException:
system_exit(
os.EX_CONFIG,
_("Error: CA certificate for subscription service has not been installed."
))
except ProxyException:
system_exit(
os.EX_UNAVAILABLE,
_("Proxy connection failed, please check your settings."
))
else:
self.cp = None
# do the work, catch most common errors here:
try:
return_code = self._do_command()
# Only persist the config changes if there was no exception
if config_changed and self.persist_server_options():
conf.persist()
if return_code is not None:
return return_code
except (CertificateException, ssl.SSLError) as e:
log.error(e)
system_exit(os.EX_SOFTWARE,
_('System certificates corrupted. Please reregister.'))
except connection.GoneException as ge:
if ge.deleted_id == self.identity.uuid:
log.critical(
"Consumer profile \"{uuid}\" has been deleted from the server."
.format(uuid=self.identity.uuid))
system_exit(
os.EX_UNAVAILABLE,
_("Consumer profile \"{uuid}\" has been deleted from the server. You can use command clean or unregister to remove local profile."
).format(uuid=self.identity.uuid))
else:
raise ge
except InvalidCLIOptionError as err:
# This exception is handled in cli module
raise err
except Exception as err:
handle_exception("exception caught in subscription-manager", err)
def __init__(self, cp=None):
self.cp = cp
self.identity = inj.require(inj.IDENTITY)
self.product_dir = inj.require(inj.PROD_DIR)
self.entitlement_dir = inj.require(inj.ENT_DIR)
self.entcertlib = EntCertActionInvoker()