Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:mbussolotto:branches:systemsmanagement:Uyuni:Master
spacewalk-admin
spacewalk-admin-git-128.9cec52f.obscpio
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File spacewalk-admin-git-128.9cec52f.obscpio of Package spacewalk-admin
07070100000000000041ED000003E80000006400000002662798DF00000000000000000000000000000000000000000000001000000000spacewalk-admin07070100000001000081A4000003E80000006400000001662798DF000046AC000000000000000000000000000000000000001800000000spacewalk-admin/LICENSE GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. <one line to give the program's name and a brief idea of what it does.> Copyright (C) <year> <name of author> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. <signature of Ty Coon>, 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. 07070100000002000081A4000003E80000006400000001662798DF00000BB5000000000000000000000000000000000000001F00000000spacewalk-admin/Makefile.admin# # Copyright (c) 2008--2012 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # # # Makefile for Red Hat Satellite admin scripts # BINDIR = /usr/bin SBINDIR = /usr/sbin CONFDIR = /etc/rhn GPGKEYDIR = /usr/share/rhn SYSTEMDDIR = /usr/lib/systemd/system VERSION = $(shell echo `awk '{ print $$1 }' version`) PERL_DEST = $(PREFIX)/$(BINDIR) SBIN_DEST = $(PREFIX)/$(SBINDIR) CONF_DEST = $(PREFIX)/$(CONFDIR) SYSTEMD_DEST = $(PREFIX)/$(SYSTEMDDIR) SCRIPTS = rhn-config-satellite.pl \ rhn-config-schema.pl \ rhn-deploy-ca-cert.pl \ rhn-install-ssl-cert.pl \ salt-secrets-config.py SBIN_SCRIPTS = rhn-sat-restart-silent spacewalk-service spacewalk-startup-helper mgr-monitoring-ctl uyuni-update-config \ import-suma-build-keys CONF_FILES = SYSTEMD_FILES = spacewalk.target spacewalk-wait-for-tomcat.service spacewalk-wait-for-salt.service \ spacewalk-wait-for-taskomatic.service salt-secrets-config.service \ mgr-websockify.service uyuni-check-database.service uyuni-update-config.service cobbler-refresh-mkloaders.service \ mgr-check-payg.service SYSTEMD_OVERRIDE_SERVICES = tomcat.service apache2.service salt-master.service salt-api.service rhn-search.service \ taskomatic.service salt-secrets-config.service cobbler-refresh-mkloaders.service BIN_INSTALL = install -m 755 CONF_INSTALL = install -m 644 GPGKEY_INSTALL = install -m 644 SYSTEMD_INSTALL = install -m 644 DIR_INSTALL = install -d -m 755 # install scripts all: install: $(SCRIPTS) $(PERL_DEST) $(CONF_FILES) $(CONF_DEST) $(SBIN_SCRIPTS) $(SBIN_DEST) $(SYSTEMD_DEST) $(SYSTEMD_FILES) $(BIN_INSTALL) $(SCRIPTS) $(PERL_DEST) #$(CONF_INSTALL) $(CONF_FILES) $(CONF_DEST) $(BIN_INSTALL) $(SBIN_SCRIPTS) $(SBIN_DEST) $(SYSTEMD_INSTALL) $(SYSTEMD_FILES) $(SYSTEMD_DEST) for service in $(SYSTEMD_OVERRIDE_SERVICES); do \ $(DIR_INSTALL) $(SYSTEMD_DEST)/$$service.d; \ $(SYSTEMD_INSTALL) uyuni-service-override.conf $(SYSTEMD_DEST)/$$service.d/override.conf; \ done $(PERL_DEST): $(DIR_INSTALL) $@ $(CONF_DEST): $(DIR_INSTALL) $@ $(SBIN_DEST): $(DIR_INSTALL) $@ $(SYSTEMD_DEST): $(DIR_INSTALL) $@ clean:: @rm -fv *~ *.rpm *.tar.gz @find . -name .\#\* -exec rm -fv {} \; tardist: clean rm -Rfv /tmp/rhn-satellite-admin-$(VERSION) cp -fapRdv . /tmp/rhn-satellite-admin-$(VERSION) tar zcfv rhn-satellite-admin-$(VERSION).tar.gz --exclude CVS -C /tmp rhn-satellite-admin-$(VERSION) 07070100000003000081A4000003E80000006400000001662798DF00000338000000000000000000000000000000000000002000000000spacewalk-admin/Makefile.pythonTHIS_MAKEFILE := $(realpath $(lastword $(MAKEFILE_LIST))) CURRENT_DIR := $(dir $(THIS_MAKEFILE)) include $(CURRENT_DIR)../../rel-eng/Makefile.python # Docker tests variables DOCKER_CONTAINER_BASE = uyuni-master DOCKER_REGISTRY = registry.mgr.suse.de DOCKER_RUN_EXPORT = "PYTHONPATH=$PYTHONPATH" DOCKER_VOLUMES = -v "$(CURDIR)/../../:/manager" __pylint :: $(call update_pip_env) pylint --rcfile=pylintrc $(shell find -name '*.py') > reports/pylint.log || true docker_pylint :: docker run --rm -e $(DOCKER_RUN_EXPORT) $(DOCKER_VOLUMES) $(DOCKER_REGISTRY)/$(DOCKER_CONTAINER_BASE)-pgsql /bin/sh -c "cd /manager/spacewalk/admin; make -f Makefile.python __pylint" docker_shell :: docker run -t -i --rm -e $(DOCKER_RUN_EXPORT) $(DOCKER_VOLUMES) $(DOCKER_REGISTRY)/$(DOCKER_CONTAINER_BASE)-pgsql /bin/bash 07070100000004000081A4000003E80000006400000001662798DF000000B0000000000000000000000000000000000000003200000000spacewalk-admin/cobbler-refresh-mkloaders.service[Unit] Description=Refresh Cobbler bootloaders After=cobblerd.service After=taskomatic.service [Service] ExecStart=/usr/bin/cobbler mkloaders Type=oneshot RemainAfterExit=yes 07070100000005000081A4000003E80000006400000001662798DF00001092000000000000000000000000000000000000002700000000spacewalk-admin/import-suma-build-keys#! /bin/bash PUBRINGDIR="/var/lib/spacewalk/gpgdir" PUBRING="${PUBRINGDIR}/pubring.gpg" PRODUCTRING="/usr/lib/susemanager/susemanager-build-keys.gpg" ALTPRODUCTRING="/usr/lib/uyuni/uyuni-build-keys.gpg" CUSTRING="/var/spacewalk/gpg/customer-build-keys.gpg" if [ ! -f ${PUBRING} ]; then touch ${PUBRING} fi if [ ! -f ${PRODUCTRING} -a ! -f ${ALTPRODUCTRING} ]; then echo "cannot find product ring" exit -1 fi if [ ! -f ${PRODUCTRING} ]; then PRODUCTRING=${ALTPRODUCTRING} fi echo -n "importing SUSE Manager build key to rpm keyring... " TF=`mktemp /tmp/gpg.XXXXXX` if [ -z "$TF" ]; then echo "import-suma-build-keys: cannot make temporary file. Fatal error." exit 20 fi if [ -z "$HOME" ]; then HOME=/root export HOME fi if [ ! -d "$HOME" ]; then mkdir "$HOME" fi gpg -q --batch --no-options < /dev/null > /dev/null 2>&1 || true # no kidding... gpg won't initialize correctly without being called twice. gpg < /dev/null > /dev/null 2>&1 || true gpg < /dev/null > /dev/null 2>&1 || true gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ --keyring ${PRODUCTRING} --export -a > $TF a="$?" gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ --keyring ${PUBRING} --import < $TF b="$?" rm -f "$TF" if [ "$a" = 0 -a "$b" = 0 ]; then echo "done." else echo "importing the key from the file ${PRODUCTRING}" echo "returned an error. This should not happen. It may not be possible" echo "to properly verify the authenticity of rpm packages from SUSE sources." exit -1 fi # we need to trust them, otherwise the verify will fail echo -n "Trusting SUSE Manager build keys... " TF=`mktemp /tmp/gpg.XXXXXX` if [ -z "$TF" ]; then echo "import-suma-build-keys: cannot make temporary file. Fatal error." exit 20 fi gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ --keyring ${PRODUCTRING} --list-keys --with-fingerprint \ --with-colons | awk -F: '/fpr/ {printf("%s:6:\n", $10);}' > $TF c="$?" gpg -q --batch --no-default-keyring --no-permission-warning \ --homedir ${PUBRINGDIR} --import-ownertrust < $TF d="$?" rm -f "$TF" if [ "$c" = 0 -a "$d" = 0 ]; then echo "done." else echo "trusting the key from the file ${PRODUCTRING}" echo "returned an error. This should not happen. It may not be possible" echo "to properly sync repositories using spacewalk-repo-sync." exit -1 fi if [ ! -s ${CUSTRING} ]; then echo "No customer keyring to import" exit 0 fi echo -n "importing Customers build key to rpm keyring... " TF=`mktemp /tmp/gpg.XXXXXX` if [ -z "$TF" ]; then echo "import-suma-build-keys: cannot make temporary file. Fatal error." exit 20 fi if [ -z "$HOME" ]; then HOME=/root export HOME fi if [ ! -d "$HOME" ]; then mkdir "$HOME" fi gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ --keyring ${CUSTRING} --export -a > $TF e="$?" gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ --keyring ${PUBRING} --import < $TF f="$?" rm -f "$TF" if [ "$e" = 0 -a "$f" = 0 ]; then echo "done." else echo "importing the key from the file ${CUSTRING}" echo "returned an error. This should not happen. It may not be possible" echo "to properly verify the authenticity of rpm packages from 3rd party sources." exit -1 fi # we need to trust them, otherwise the verify will fail echo -n "Trusting Customers build keys... " TF=`mktemp /tmp/gpg.XXXXXX` if [ -z "$TF" ]; then echo "import-suma-build-keys: cannot make temporary file. Fatal error." exit 20 fi gpg -q --batch --no-options --no-default-keyring --no-permission-warning \ --keyring ${CUSTRING} --list-keys --with-fingerprint \ --with-colons | awk -F: '/fpr/ {printf("%s:6:\n", $10);}' > $TF g="$?" gpg -q --batch --no-default-keyring --no-permission-warning \ --homedir ${PUBRINGDIR} --import-ownertrust < $TF h="$?" rm -f "$TF" if [ "$g" = 0 -a "$h" = 0 ]; then echo "done." else echo "trusting the key from the file ${CUSTRING}" echo "returned an error. This should not happen. It may not be possible" echo "to properly sync repositories using spacewalk-repo-sync." exit -1 fi 07070100000006000041ED000003E80000006400000002662798DF00000000000000000000000000000000000000000000001400000000spacewalk-admin/man07070100000007000081A4000003E80000006400000001662798DF00000258000000000000000000000000000000000000002E00000000spacewalk-admin/man/rhn-deploy-ca-cert.pl.pod=head1 NAME rhn-deploy-ca-cert.pl - utility to move CA certificates to Spacewalk public folder. This tool is used internally by spacewalk-setup. You should not call it directly. =head2 SYNOPSIS B<rhn-deploy-ca-cert.pl> B<--source-dir=DIR> B<--targer-dir=DIR> [B<--help>] =head1 OPTIONS =over 5 =item B<--source-dir=DIR> Specify directory where is you CA certificates. Usually /root/ssl-build/. =item B<--target-dir=DIR> Destination directory. Usually /var/www/html/pub. =item B<--help> Display reference to this man page. =back =head1 SEE ALSO B<spacewalk-setup>(1), B<rhn-ssl-tool>(1) 07070100000008000081A4000003E80000006400000001662798DF000001F3000000000000000000000000000000000000003000000000spacewalk-admin/man/rhn-install-ssl-cert.pl.pod=head1 NAME rhn-install-ssl-cert.pl - utility to install latest certificate mentioned in DIR/latest.txt This tool is used internally by spacewalk-setup. You should not call it directly. =head2 SYNOPSIS B<rhn-install-ssl-cert.pl> B<--dir=DIR> [B<--help>] =head1 OPTIONS =over 5 =item B<--dir=DIR> Specify directory where is you CA certificates. Usually /root/ssl-build/. =item B<--help> Display reference to this man page. =back =head1 SEE ALSO B<spacewalk-setup>(1), B<rhn-ssl-tool>(1) 07070100000009000081A4000003E80000006400000001662798DF00000191000000000000000000000000000000000000002F00000000spacewalk-admin/man/rhn-sat-restart-silent.pod=pod =head1 NAME rhn-sat-restart-silent - restart Spacewalk silently =head1 SYNOPSIS B<rhn-sat-restart-silent> =head1 DESCRIPTION This command will restart all Spacewalk services and omit all output. Including errors! This script is used internally by Spacewalk server. You should never call it directly. You should use B<spacewalk-service>(8) instead. =head1 SEE ALSO B<spacewalk-service>(8) 0707010000000A000081A4000003E80000006400000001662798DF0000048C000000000000000000000000000000000000002A00000000spacewalk-admin/man/spacewalk-service.pod=head1 NAME spacewalk-service - Script to control Spacewalk server. =head2 SYNOPSIS B<spacewalk-service> {B<start>|B<stop>|B<status>|B<reload>|B<restart>|B<enable>|B<disable>|B<list>} =head2 DESCRIPTION Spacewalk server consist from several services. While each of such service has its own init.d script and you can start/stop each service separately, you usually want to control all services together. This script does exactly this. =head1 OPTIONS =over 5 =item B<start>|B<stop>|B<status>|B<reload>|B<restart> Behave exactly as B<service> for every Spacewalk service. =item B<enable>|B<disable> Behave exactly as B<chkconfig> on/off for every Spacewalk service. =item B<list> List all Spacewalk services and if it is enabled or disabled. =item B<--no-wait-for-tomcat> By default, spacewalk-service wait until tomcat is able to answer requests. If you specify this option, spacewalk-service will continue immediately when tomcat service will start. =item B<--exclude> SERVICE It will not start/stop SERVICE. =item B<--level> LEVEL Pass LEVEL to chkconfig when you specify option B<enable>. =back =head1 SEE ALSO B<service>(8) B<chkconfig>(8) 0707010000000B000081A4000003E80000006400000001662798DF000000DA000000000000000000000000000000000000002700000000spacewalk-admin/mgr-check-payg.service[Unit] Description=Check and install payg billing service. Before=tomcat.service Before=taskomatic.service [Service] ExecStart=/usr/sbin/spacewalk-startup-helper check-billing-service Type=oneshot RemainAfterExit=yes 0707010000000C000081A4000003E80000006400000001662798DF000003B5000000000000000000000000000000000000002300000000spacewalk-admin/mgr-monitoring-ctl#!/bin/bash if [[ $1 == "status" || $1 == "enable" || $1 == "disable" ]]; then [[ -z $2 ]] && PILLAR="" || PILLAR="pillar=$2" /usr/bin/salt-call --out=json --log-level=error --local --file-root=/usr/share/susemanager/salt state.apply srvmonitoring.$1 $PILLAR elif [[ $1 == "--help" ]]; then echo "Usage: ${0} {enable|status|disable} [pillar_data]" echo "" echo "Actions:" echo " enable Enable server monitoring" echo " disable Disable server monitoring" echo " status Show status of monitored server components" echo "" echo "To enable PostgreSQL monitoring additional connection details have to be provided by setting 'pillar_data'." echo "It is expected to be a JSON object with following keys:" echo " db_user Username" echo " db_pass Password" echo " db_host Hostname" echo " db_port Port number" echo " db_name Database name" else echo "Invalid argument. Try --help." fi exit 0 0707010000000D000081A4000003E80000006400000001662798DF0000017D000000000000000000000000000000000000002700000000spacewalk-admin/mgr-websockify.service[Unit] Description=TCP to WebSocket proxy [Service] ExecStartPre=/usr/bin/sh -c "grep secret_key /etc/rhn/rhn.conf | tr -d ' ' | cut -f2 -d '=' | perl -ne 's/([0-9a-f]{2})/print chr hex $1/gie' > /etc/rhn/websockify.key" ExecStart=/usr/bin/websockify \ --token-plugin JWTTokenApi \ --token-source /etc/rhn/websockify.key \ localhost:8050 ExecReload=/bin/kill -USR1 $MAINPID 0707010000000E000081ED000003E80000006400000001662798DF0000106E000000000000000000000000000000000000002800000000spacewalk-admin/rhn-config-satellite.pl#!/usr/bin/perl # # Copyright (c) 2008--2015 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # # use strict; use warnings; use Time::Piece; use Time::HiRes; use Getopt::Long; use English; my $usage = "usage: $0 --target=<target_file> --option=<key,value> " . "[ --option=<key,value> ] [ --remove=<key>] [ --help ]\n"; my $target = ''; my @options = (); my @removals = (); my $help = ''; # bsc#1190040 my @allowed_target_files = qw(/etc/rhn/rhn.conf /var/lib/rhn/rhn-satellite-prep/satellite-local-rules.conf /var/lib/rhn/rhn-satellite-prep/etc/rhn/rhn.conf); GetOptions("target=s" => \$target, "option=s" => \@options, "remove=s" => \@removals, "help" => \$help) or die $usage; if ($help) { die $usage; } unless ($target and (@options || @removals)) { die $usage; } my %options = map { split(/=/,$_, 2) } @options; my $tmpfile = $target . ".bak.${PID}"; if (! grep { $_ eq $target} @allowed_target_files) { die("Cannot modify a file that is not a spacewalk config file: " . $target); } my ($seconds,$microseconds) = Time::HiRes::gettimeofday; my $current_time = sprintf '%s.%06d', gmtime($seconds)->strftime('%Y-%m-%d_%H:%M:%S'), $microseconds; if (-e $target) { link($target, $target . "." . $current_time) or die "Could not rename $target to ${target}.${current_time}: $OS_ERROR"; open(TARGET, "< $target") or die "Could not open $target: $OS_ERROR"; } unlink $tmpfile if -e $tmpfile; umask 0027; open(TMP, "> $tmpfile") or die "Could not open $tmpfile for writing: $OS_ERROR"; if ($tmpfile =~ m!^/etc/rhn/!) { # Chown for different potential apache group names (SUSE/RHEL) my $apache_group = getgrnam(`grep -hsoP "(?<=Group ).*" /etc/httpd/conf/*.conf /etc/apache2/*.conf | tr -d '\n'`); chown 0, $apache_group, $tmpfile; } while (my $line = <TARGET>) { my $removed = 0; if ($line =~ /\[prompt\]/ or $line =~ /^#/) { print TMP $line; next; } foreach my $opt_name (keys %options) { if ($line =~ /^(\S*)\Q$opt_name\E( *)=( *)/) { my $prefix = defined $1 ? $1 : ''; my $s1 = $2 || ''; my $s2 = $3 || ''; chomp($options{$opt_name}); $line = "${prefix}${opt_name}${s1}=${s2}" . $options{$opt_name} . "\n"; delete $options{$opt_name}; } } foreach (@removals) { if ($line =~ /^(\S*)\Q$_\E( *)=( *)/) { $removed = 1; delete $options{$_}; } } if (!$removed) { print TMP $line; } } # For the options that didn't exist in the file # we need to append these to the end. foreach my $opt_name (keys %options) { print $opt_name . "\n"; chomp($options{$opt_name}); my $line = "$opt_name=$options{$opt_name}\n\n"; print TMP "#option generated from rhn-config-satellite.pl\n"; print TMP $line; } close(TMP); close(TARGET); rename($tmpfile, $target) or die "Could not rename $tmpfile to $target: $OS_ERROR";; exit 0; =pod =head1 NAME rhn-config-satellite.pl - generate config files for Spacewalk server =head1 SYNOPSIS B<rhn-config-satellite.pl> --target=<target_file> --option=<key,value> [ --option=<key,value> ...] [ --help ] =head1 DESCRIPTION This script will make sure that in F<target_file> are present configuration variables in format C<key=value>. If such key already exist there, it is removed and new variables are put at the end of the F<target_file>. Original file is preserved as F<target_file.CURRENT_TIME> This script is used internally by B<spacewalk-setup>(1) =head1 OPTIONS =over 5 =item B<--option=<key,value>> Specify configuration variable and its value. It will be written to config file as C<key=value>. =item B<--help> Write out short help. =back =head1 SEE ALSO B<spacewalk-setup>(1) =cut 0707010000000F000081ED000003E80000006400000001662798DF000016FA000000000000000000000000000000000000002500000000spacewalk-admin/rhn-config-schema.pl#!/usr/bin/perl # # Copyright (c) 2008--2015 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # # use strict; use warnings; use Getopt::Long; use English; $ENV{PATH} = '/bin:/usr/bin'; my $usage = "usage: $0 --source=<source_file> --target=<target_file> " . "--tablespace-name=<tablespace> [ --help ]\n"; my $source = ''; my $target = ''; my $tablespace_name = ''; my $help = ''; GetOptions("source=s" => \$source, "target=s" => \$target, "tablespace-name=s" => \$tablespace_name, "help" => \$help) or die $usage; if ($help or not ($source and $target and $tablespace_name)) { die $usage; } my $backend = 'oracle'; if ($source =~ m!/postgres(ql)?/!) { $backend = 'postgresql'; } open(SOURCE, "< $source") or die "Could not open $source: $OS_ERROR"; open(TARGET, "> $target") or die "Could not open $target for writing: $OS_ERROR"; my $subdir_name = 'schema-override'; my $exception_dir; ($exception_dir = $source) =~ s!/[^/]+$!/$subdir_name!; my %exception_files; my @exception_queue = ( '' ); while (@exception_queue) { my $d = shift @exception_queue; if ($d ne '') { $d .= '/'; } my $full_path = "$exception_dir/$d"; if (-d $full_path) { if (opendir DIR, $full_path) { for (sort readdir DIR) { next if /^\.\.?$/; if (-d "$full_path$_") { push @exception_queue, "$d$_"; } else { $exception_files{"$d$_"} = 1; } } closedir DIR; } } } my $marker_re = qr/^-- Source: (.+?)$|^select '(.+?)' sql_file from dual;$/; my $line; my %exception_seen; while ($line = <SOURCE>) { if ($line =~ $marker_re) { my $filename = $1; if (not defined $filename) { $filename = $2; $filename =~ s!^.+/([^/]+/[^/]+)$!$1!; } my $full_file = undef; if (exists $exception_files{"$filename.$backend"}) { $full_file = "$exception_dir/$filename.$backend"; } elsif (exists $exception_files{$filename}) { $full_file = "$exception_dir/$filename"; } if (defined $full_file) { for my $e ( '', '.oracle', '.postgresql' ) { $exception_seen{"$filename$e"}++ if exists $exception_files{"$filename$e"}; } open OVERRIDE, $full_file or die "Error reading file [$full_file]: $!\n"; print TARGET "-- Source: $subdir_name/$filename\n\n"; while (<OVERRIDE>) { s/\[\[.*\]\]/$tablespace_name/g; s/__.*__/$tablespace_name/g; print TARGET $_; } close OVERRIDE; while ($line = <SOURCE>) { if ($line =~ $marker_re) { last; } } print TARGET "\n"; redo; } } $line =~ s/\[\[.*\]\]/$tablespace_name/g; $line =~ s/__.*__/$tablespace_name/g; print TARGET $line; } close(SOURCE); close(TARGET); my $error = 0; for (sort keys %exception_seen) { if ($exception_seen{$_} > 1) { warn "Schema source [$source] loaded override [$_] more than once.\n"; $error = 1; } } for (sort keys %exception_files) { if (not exists $exception_seen{$_}) { warn "Schema source [$source] did not use override [$_].\n"; $error = 1; } } system('/usr/sbin/selinuxenabled'); if ($? >> 8 == 0) { if (-x '/usr/sbin/restorecon') { system('/usr/sbin/restorecon', '-F', $target); } elsif (-x '/sbin/restorecon') { system('/sbin/restorecon', '-F', $target); } } exit $error; =pod =head1 NAME rhn-config-schema.pl - utility to populate Spacewalk database tablespacee. =head2 SYNOPSIS B<rhn-config-schema.pl> B<--source=SOURCE> B<--target=TARGET> B<--tablespace-name=TABLESPACE> B<rhn-config-schema.pl> [B<--help>] =head1 DESCRIPTION This script is intended to run from inside of B<spacewalk-setup>. You do not want to run it directly unless you really knows what are you doing. =head1 OPTIONS =over 5 =item B<--source=SOURCE> Full path to main.sql file. Usually /usr/share/susemanager/db/I<backend>/main.sql =item B<--target=TARGET> Full path to deploy.sql. Usually /usr/share/susemanager/db/I<backend>/deploy.sql =item B<--tablespace-name=TABLESPACE> Which tablespace will be populated. This does nothing with database itself, this script just substitute template variables with given value of I<TABLESPACE>. =item B<--help> Display allowed parameters. =back =head1 SEE ALSO B<rhn-schema-version>(8), B<satellite-debug>(8), B<send-satellite-debug>(8) =cut 07070100000010000081ED000003E80000006400000001662798DF000009AE000000000000000000000000000000000000002600000000spacewalk-admin/rhn-deploy-ca-cert.pl#!/usr/bin/perl # # Copyright (c) 2008--2015 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # # use strict; use warnings; use Getopt::Long; use English; use File::Spec; $ENV{PATH} = '/bin:/usr/bin'; my $usage = "usage: $0 --source-dir=<source-directory> --target-dir=<target-directory> --trust-dir=<ca-trust-directory> [ --help ]\n"; my $source_dir = ''; my $target_dir = ''; my $trust_dir = ''; my $help = ''; GetOptions("source-dir=s" => \$source_dir, "target-dir=s" => \$target_dir, "trust-dir=s" => \$trust_dir, "help" => \$help) or die $usage; if ($help or not ($source_dir and $target_dir)) { die $usage; } foreach my $dir ($source_dir, $target_dir) { unless (-d $dir) { die "$dir is not a directory"; } } my $latest_file = File::Spec->catfile($source_dir, 'latest.txt'); unless (-r $latest_file) { die "Could not read ${latest_file}."; } my $rpm; my $cert; my $cert_target_file; open(LATEST, $latest_file) or die "Could not open '$latest_file' for reading: $OS_ERROR"; while (my $line = <LATEST>) { chomp($line); $rpm = File::Spec->catfile($source_dir, $line) if ($line =~ /(?<!src)\.rpm$/); if ($line =~ /CERT$/) { $cert = File::Spec->catfile($source_dir, $line); $cert_target_file = File::Spec->catfile($target_dir, $line); } } close(LATEST); unless ($cert) { die "Could not find cert file in $latest_file"; } unless ($rpm) { die "Could not find cert rpm in $latest_file"; } my $ret = system('cp', $cert, $target_dir); if ($ret) { die "Could not copy $cert to $target_dir"; } $ret = system('cp', $rpm, $target_dir); if ($ret) { die "Could not copy $rpm to $target_dir"; } $ret = system('cp', $cert_target_file, $trust_dir); if ($ret) { die "Could not link $cert_target_file to $trust_dir"; } # give systemd timer a bit time to finish sleep(3); $ret = system('/usr/share/rhn/certs/update-ca-cert-trust.sh'); if ($ret) { die "Could not update CA trusts."; } exit 0; 07070100000011000081ED000003E80000006400000001662798DF00000636000000000000000000000000000000000000002800000000spacewalk-admin/rhn-install-ssl-cert.pl#!/usr/bin/perl # # Copyright (c) 2008--2013 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # # use strict; use warnings; use Getopt::Long; use English; use File::Spec; $ENV{PATH} = '/bin:/usr/bin'; my $usage = "usage: $0 --dir=<directory> [ --help ]\n"; my $dir = ''; my $help = ''; GetOptions("dir=s" => \$dir, "help" => \$help) or die $usage; if ($help or not $dir) { die $usage; } unless (-d $dir) { die "$dir is not a directory"; } my $latest_file = File::Spec->catfile($dir, 'latest.txt'); unless (-r $latest_file) { die "Could not read ${latest_file}."; } my @rpms; open(LATEST, $latest_file) or die "Could not open '$latest_file' for reading: $OS_ERROR"; while (my $line = <LATEST>) { chomp $line; push @rpms, $line if ($line =~ /(?<!src)\.rpm$/); } close(LATEST); foreach my $rpm (@rpms) { my $rpm_file = File::Spec->catfile($dir, $rpm); die "Could not read $rpm_file" unless (-r $rpm_file); my $ret = system('/bin/rpm', '-Uv', $rpm_file); if ($ret) { die "Could not install $rpm_file"; } } exit 0; 07070100000012000081A4000003E80000006400000001662798DF000003C1000000000000000000000000000000000000002700000000spacewalk-admin/rhn-sat-restart-silent#!/bin/sh # # Copyright (c) 2008--2013 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # # # We do this, because Runtime.exec in the java code seems to only allocate a buffer so big for stdout # and since we are restarting ourself, we can not flush the buffer in order # to keep the process running, so now we use this script to rid ourselves of output! :{ # /usr/sbin/spacewalk-service restart &> /dev/null < /dev/null 07070100000013000081ED000003E80000006400000001662798DF000013A9000000000000000000000000000000000000002700000000spacewalk-admin/salt-secrets-config.py#!/usr/bin/python3 # pylint: disable=missing-module-docstring,invalid-name # -*- coding: utf-8 -*- import grp import io import os import os.path import pwd import shutil import yaml import hashlib from contextlib import redirect_stderr from uyuni.common.context_managers import cfg_component uyuni_roster_config = {} with cfg_component("java") as CFG: thread_pool_size = CFG.salt_event_thread_pool_size try: uyuni_roster_config.update( { "ssh_connect_timeout": CFG.SALT_SSH_CONNECT_TIMEOUT, } ) except (AttributeError, ValueError): pass # To be moved into a config file in future cert_location = "/etc/pki/trust/anchors" if not os.path.isdir(cert_location): cert_location = "/etc/pki/ca-trust/source/anchors" with cfg_component(component=None) as CFG: mgr_events_config = { "engines": [ { "mgr_events": { "postgres_db": { "host": CFG.db_host, "port": CFG.db_port, "dbname": CFG.db_name, "user": CFG.db_user, "password": CFG.db_password, }, "events": {"thread_pool_size": thread_pool_size}, } } ] } salt_postgres_pillar = { "postgres": { "host": CFG.db_host, "port": CFG.db_port, "db": CFG.db_name, "user": CFG.db_user, "pass": CFG.db_password, } } with cfg_component("web") as CFG: uyuni_roster_config.update( { "ssh_push_port_https": CFG.SSH_PUSH_PORT_HTTPS, "ssh_pre_flight_script": CFG.SSH_SALT_PRE_FLIGHT_SCRIPT, "ssh_use_salt_thin": CFG.SSH_USE_SALT_THIN == "true", } ) if CFG.SSH_PUSH_SUDO_USER: uyuni_roster_config.update( { "ssh_push_sudo_user": CFG.SSH_PUSH_SUDO_USER, } ) with redirect_stderr(io.StringIO()) as f, cfg_component("java") as CFG: try: uyuni_roster_config.update( { "host": CFG.HOSTNAME, } ) except AttributeError: pass with cfg_component("server") as CFG: secret_hash = hashlib.sha512(CFG.secret_key.encode("ascii")).hexdigest() os.umask(0o66) # pylint: disable-next=unspecified-encoding with open("/etc/salt/master.d/susemanager_engine.conf", "w") as f: f.write( yaml.safe_dump(mgr_events_config, default_flow_style=False, allow_unicode=True) ) os.fchown(f.fileno(), pwd.getpwnam("salt").pw_uid, grp.getgrnam("salt").gr_gid) os.fchmod(f.fileno(), 0o640) # pylint: disable-next=unspecified-encoding with open("/etc/salt/master.d/susemanager_db.conf", "w") as f: f.write( yaml.safe_dump( salt_postgres_pillar, default_flow_style=False, allow_unicode=True ) ) os.fchown(f.fileno(), pwd.getpwnam("salt").pw_uid, grp.getgrnam("salt").gr_gid) os.fchmod(f.fileno(), 0o640) # pylint: disable-next=unspecified-encoding with open("/etc/salt/master.d/uyuni_roster.conf", "w") as f: uyuni_roster_cfg = {"uyuni_roster": uyuni_roster_config} if "ssh_pre_flight_script" in uyuni_roster_config: uyuni_roster_cfg.update({"ssh_run_pre_flight": True}) f.write( yaml.safe_dump(uyuni_roster_cfg, default_flow_style=False, allow_unicode=True) ) os.fchown(f.fileno(), pwd.getpwnam("salt").pw_uid, grp.getgrnam("salt").gr_gid) os.fchmod(f.fileno(), 0o640) # pylint: disable-next=unspecified-encoding with open("/etc/salt/master.d/susemanager-users.txt", "w") as f: f.write("admin:" + secret_hash) os.fchown(f.fileno(), pwd.getpwnam("salt").pw_uid, grp.getgrnam("salt").gr_gid) os.fchmod(f.fileno(), 0o400) if not os.path.isdir("/etc/salt/pki/api"): os.mkdir("/etc/salt/pki/api") os.chown( "/etc/salt/pki/api", pwd.getpwnam("salt").pw_uid, grp.getgrnam("salt").gr_gid ) os.chmod("/etc/salt/pki/api", 0o750) if not all( [ os.path.isfile(f) for f in [ "/etc/salt/pki/api/salt-api.crt", "/etc/pki/trust/anchors/salt-api.crt", "/etc/salt/pki/api/salt-api.key", ] ] ): os.system( "openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out /etc/salt/pki/api/salt-api.crt -keyout /etc/salt/pki/api/salt-api.key -subj '/CN=localhost'" ) os.chown( "/etc/salt/pki/api/salt-api.crt", pwd.getpwnam("salt").pw_uid, grp.getgrnam("salt").gr_gid, ) os.chmod("/etc/salt/pki/api/salt-api.crt", 0o600) os.chown( "/etc/salt/pki/api/salt-api.key", pwd.getpwnam("salt").pw_uid, grp.getgrnam("salt").gr_gid, ) os.chmod("/etc/salt/pki/api/salt-api.key", 0o600) shutil.copyfile("/etc/salt/pki/api/salt-api.crt", cert_location + "/salt-api.crt") os.system("/usr/share/rhn/certs/update-ca-cert-trust.sh") 07070100000014000081A4000003E80000006400000001662798DF000000BE000000000000000000000000000000000000002C00000000spacewalk-admin/salt-secrets-config.service[Unit] Description=Configures secrets between salt-master and other services Before=salt-master.service [Service] ExecStart=/usr/bin/salt-secrets-config.py Type=oneshot RemainAfterExit=yes 07070100000015000081A4000003E80000006400000001662798DF00003811000000000000000000000000000000000000002800000000spacewalk-admin/spacewalk-admin.changes------------------------------------------------------------------- Thu Apr 04 18:47:06 CEST 2024 - marina.latini@suse.com - version 5.0.5-0 * Use java.hostname for Uyuni roster configuration * uyuni-update-config: trigger synchronization of configuration files if uyuni-configfiles-sync is available ------------------------------------------------------------------- Tue Feb 13 17:12:44 CET 2024 - marina.latini@suse.com - version 5.0.4-1 * Import SUSE Manager Build Keys into the RPM keyring * Copy CA certificate to Salt filesystem during startup (bsc#1219577) ------------------------------------------------------------------- Mon Jan 29 11:56:24 CET 2024 - rosuna@suse.com - version 5.0.3-1 * Apply Black and Pylint to enforce Python style ------------------------------------------------------------------- Thu Jan 18 11:05:39 CET 2024 - jgonzalez@suse.com - version 5.0.2-1 * schema dir moved to /usr/share/susemanager/db ------------------------------------------------------------------- Tue Jan 16 08:16:30 CET 2024 - jgonzalez@suse.com - version 5.0.1-1 * Bump version to 5.0.0 ------------------------------------------------------------------- Fri Dec 15 17:04:21 CET 2023 - rosuna@suse.com - version 4.4.8-1 * Remove unused makefiles ------------------------------------------------------------------- Wed Nov 01 20:52:06 CET 2023 - marina.latini@suse.com - version 4.4.7-1 * Call service ca-certificates as a dependency for database check ------------------------------------------------------------------- Mon Sep 18 14:25:35 CEST 2023 - rosuna@suse.com - version 4.4.6-1 * add mgr-check-payg service * remove python2 leftovers * integrate instance-flavor-check to detect if the instance is PAYG * add checks for csp-billing-adapter in case of a PAYG instance * remove unused GPG keyfile * Fix to detect correct Apache group instead of assuming it (gh#7092) * Added missing python3-websockify runtime requirement. ------------------------------------------------------------------- Wed Apr 19 12:50:23 CEST 2023 - marina.latini@suse.com - version 4.4.5-1 * change backup file extension from .orig to .current_time (bsc#1206783) ------------------------------------------------------------------- Tue Feb 21 12:39:12 CET 2023 - jgonzalez@suse.com - version 4.4.4-1 * Readded httpd variant for Enterprise Linux. ------------------------------------------------------------------- Wed Dec 14 14:12:08 CET 2022 - jgonzalez@suse.com - version 4.4.3-1 * remove jabberd and osa-dispatcher ------------------------------------------------------------------- Fri Nov 18 15:04:15 CET 2022 - jgonzalez@suse.com - version 4.4.2-1 * Make sure the networking is started, so any network management network management can be used ------------------------------------------------------------------- Wed Sep 28 11:01:29 CEST 2022 - jgonzalez@suse.com - version 4.4.1-1 * Ensure "cobbler mkloaders" is executed after restarting services * Add --help option to mgr-monitoring-ctl * reportdb access: force new report_db_sslrootcert if previous default is set ------------------------------------------------------------------- Fri May 20 00:16:12 CEST 2022 - jgonzalez@suse.com - version 4.3.9-1 * clarify schema upgrade check message (bsc#1198999) ------------------------------------------------------------------- Tue Apr 19 11:56:46 CEST 2022 - jgonzalez@suse.com - version 4.3.8-1 * spacewalk-startup-helper check status of reportdb creation * hide test result from terminal output ------------------------------------------------------------------- Fri Mar 11 14:46:16 CET 2022 - jgonzalez@suse.com - version 4.3.7-1 * Reuse certificate update code. ------------------------------------------------------------------- Mon Feb 21 12:07:21 CET 2022 - jgonzalez@suse.com - version 4.3.6-1 * migrate postgresql auth to scram-sha-256 * fix autogeneration of the reportdb password ------------------------------------------------------------------- Tue Feb 15 10:01:05 CET 2022 - jgonzalez@suse.com - version 4.3.5-1 * integrate check for the reporting database into the startup procedure * Generate uyuni_roster.conf with salt-secrets-config ------------------------------------------------------------------- Tue Jan 18 13:38:15 CET 2022 - jgonzalez@suse.com - version 4.3.4-1 * check the database version on SUSE Linux Enterprise 15 SP4 ------------------------------------------------------------------- Fri Nov 05 14:13:23 CET 2021 - jgonzalez@suse.com - version 4.3.3-1 * Add connection details for postgresql salt pillar * replaced pidof with pgrep and removed sysvinit-tools dependency ------------------------------------------------------------------- Thu Oct 28 12:16:53 CEST 2021 - jgonzalez@suse.com - version 4.3.2-1 * Fix setup with rhn-config-satellite (bsc#1190300) * Allow admins to modify only spacewalk config files with rhn-config-satellite.pl (bsc#1190040) (CVE-2021-40348) ------------------------------------------------------------------- Mon Aug 09 10:57:26 CEST 2021 - jgonzalez@suse.com - version 4.3.1-1 - added pidof requirement for RHEL (bsc#1186129). ------------------------------------------------------------------- Mon May 17 17:21:16 CEST 2021 - jgonzalez@suse.com - version 4.2.7-1 - require sysvinit-tools to have pidof available (bsc#1186129) ------------------------------------------------------------------- Wed May 05 16:32:08 CEST 2021 - jgonzalez@suse.com - version 4.2.6-1 - add service to update configfile and introduce a backup scc user - stop jabberd when osa-dispatcher is enabled (bsc#1185042) - change deprecated path /var/run into /run for systemd (bsc#1185059) ------------------------------------------------------------------- Tue Apr 20 16:27:53 CEST 2021 - jgonzalez@suse.com - version 4.2.5-1 - check db schema version against the current schema only (bsc#1185027) ------------------------------------------------------------------- Fri Apr 16 13:18:00 CEST 2021 - jgonzalez@suse.com - version 4.2.4-1 - check minimal required DB schema version during startup ------------------------------------------------------------------- Wed Jan 27 13:00:30 CET 2021 - jgonzalez@suse.com - version 4.2.3-1 - Update to postgresql13 (jsc#SLE-17030) - Added salt-secrets-config to the default service list. - Updated salt certificate script to use variable certificate path and alternative certificate manager. - Updated source URL in spec file. - Added RHEL Apache permissions. ------------------------------------------------------------------- Wed Nov 25 12:18:40 CET 2020 - jgonzalez@suse.com - version 4.2.2-1 - use the license macro to mark the LICENSE in the package so that when installing without docs, it does install the LICENSE file - prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE Manager 3.2 (bsc#1177435) - show info message when applying schema upgrade ------------------------------------------------------------------- Fri Sep 18 12:33:58 CEST 2020 - jgonzalez@suse.com - version 4.2.1-1 - Update package version to 4.2.0 ------------------------------------------------------------------- Wed Sep 16 16:46:57 CEST 2020 - jgonzalez@suse.com - version 4.1.6-1 - Use the Salt API in authenticated and encrypted form (bsc#1175884, CVE-2020-8028) ------------------------------------------------------------------- Tue Jun 23 17:19:35 CEST 2020 - jgonzalez@suse.com - version 4.1.5-1 - Restrict websockify to server localhost only (bsc#1149644) ------------------------------------------------------------------- Mon Apr 13 09:31:58 CEST 2020 - jgonzalez@suse.com - version 4.1.4-1 - run DB schema upgrade automatically on startup - add DB check service and prevent service start with wrong DB version ------------------------------------------------------------------- Mon Feb 17 12:47:29 CET 2020 - jgonzalez@suse.com - version 4.1.3-1 - spell correctly "successful" and "successfully" - Remove auditlog-keeper ------------------------------------------------------------------- Wed Jan 22 12:10:17 CET 2020 - jgonzalez@suse.com - version 4.1.2-1 - separate osa-dispatcher and jabberd so it can be disabled independently ------------------------------------------------------------------- Wed Nov 27 16:57:56 CET 2019 - jgonzalez@suse.com - version 4.1.1-1 - Bump version to 4.1.0 (bsc#1154940) - avoid a "Permission denied" salt error when publisher_acl is set (bsc#1150154) - Require uyuni-base-common for /etc/rhn ------------------------------------------------------------------- Wed May 15 15:07:09 CEST 2019 - jgonzalez@suse.com - version 4.0.7-1 - SPEC cleanup - Process salt events of a single minion on the same thread - Add utility for internal use to enable/disable server monitoring: mgr-monitoring-ctl ------------------------------------------------------------------- Mon Apr 22 12:07:00 CEST 2019 - jgonzalez@suse.com - version 4.0.6-1 - add makefile and pylint configuration - fix encoding bug in salt event processing (bsc#1129851) ------------------------------------------------------------------- Mon Mar 25 16:41:21 CET 2019 - jgonzalez@suse.com - version 4.0.5-1 - Add websockify service for VNC/Spice display ------------------------------------------------------------------- Thu Jan 31 09:40:30 CET 2019 - jgonzalez@suse.com - version 4.0.4-1 - Add compatibility with Python 3 ------------------------------------------------------------------- Mon Dec 17 14:34:09 CET 2018 - jgonzalez@suse.com - version 4.0.3-1 - use a Salt engine to process return results (bsc#1099988) ------------------------------------------------------------------- Fri Oct 26 10:05:50 CEST 2018 - jgonzalez@suse.com - version 4.0.2-1 - Add Uyuni URL to package ------------------------------------------------------------------- Fri Aug 10 15:12:26 CEST 2018 - jgonzalez@suse.com - version 4.0.1-1 - Bump version to 4.0.0 (bsc#1104034) - Fix copyright for the package specfile (bsc#1103696) ------------------------------------------------------------------- Mon Mar 05 08:44:45 CET 2018 - jgonzalez@suse.com - version 2.8.4.2-1 - remove empty clean section from spec (bsc#1083294) ------------------------------------------------------------------- Wed Feb 28 09:18:02 CET 2018 - jgonzalez@suse.com - version 2.8.4.1-1 - Sync with upstream ------------------------------------------------------------------- Wed Jan 17 10:27:57 CET 2018 - jgonzalez@suse.com - version 2.8.3.1-1 - 1524221 - ship systemd target on RHEL 7 too - don't use systemctl pager for output as we have "| less" - Bumping package versions for 2.8. ------------------------------------------------------------------- Mon Mar 06 16:46:58 CET 2017 - mc@suse.de - version 2.7.0.2-1 - Updated links to github in spec files ------------------------------------------------------------------- Wed Jan 11 15:48:32 CET 2017 - michele.bologna@suse.com - version 2.7.0.1-1 - Version 2.7 ------------------------------------------------------------------- Wed Mar 09 10:52:57 CET 2016 - mc@suse.de - version 2.5.1.2-1 - handle auditlog-keeper in the spacewalk-service command ------------------------------------------------------------------- Mon Nov 30 11:18:41 CET 2015 - mc@suse.de - version 2.5.1.1-1 - spacewalk-admin.spec: incorrect cd removed - spacewalk-admin: drop validate-sat-cert.pl ------------------------------------------------------------------- Wed Oct 07 13:36:42 CEST 2015 - mc@suse.de - version 2.5.0.1-1 - replace upstream subscription counting with new subscription matching (FATE#311619) - integrate SaltStack for configuration management (FATE#312447) - drop monitoring - Update certificate installation for SLE12 ------------------------------------------------------------------- Tue Feb 03 13:20:53 CET 2015 - mc@suse.de - version 2.1.2.4-1 - Getting rid of Tabs and trailing spaces ------------------------------------------------------------------- Tue May 06 15:23:51 CEST 2014 - mc@suse.de - version 2.1.2.3-1 - Add support to ConfigureSatelliteCommand to remove keys ------------------------------------------------------------------- Fri Feb 07 14:01:46 CET 2014 - mc@suse.de - version 2.1.2.2-1 - use always our own link - add timeout to wait_for_tomcat ------------------------------------------------------------------- Mon Dec 09 16:41:40 CET 2013 - mc@suse.de - version 2.1.2.1-1 - find correct lsof path on SUSE systems - switch to 2.1 ------------------------------------------------------------------- Wed Aug 21 15:36:41 CEST 2013 - mc@suse.de - version 1.7.4.5-1 - give CA a unique name (FATE#312371) ------------------------------------------------------------------- Mon Jul 16 15:13:58 CEST 2012 - ug@suse.de - version 1.7.4.4-1 - remove database start from spacewalk-service ------------------------------------------------------------------- Tue Jun 26 11:40:52 CEST 2012 - mantel@suse.de - remove database start from spacewalk-service ------------------------------------------------------------------- Mon May 14 10:55:43 CEST 2012 - mc@suse.de - version 1.7.4.3-1 - Add support for database-specific override files. ------------------------------------------------------------------- Fri Apr 20 15:40:14 CEST 2012 - mc@suse.de - version 1.7.4.2-1 - change service startup order so jabberd can finish before osa- dispatcher starts - add man page for rhn-install-ssl-cert.pl - add man page for rhn-deploy-ca-cert.pl - add man page for rhn-generate-pem.pl - sudo and restorecon is not needed any more - using packages rather than filedesps ------------------------------------------------------------------- Wed Mar 21 17:30:29 CET 2012 - mc@suse.de - version 1.7.4.1-1 - Bumping package version ------------------------------------------------------------------- Tue Nov 8 13:55:19 CET 2011 - jrenner@suse.de - Add support for audit logging in init script (fate#312607) ------------------------------------------------------------------- Sun Jan 30 15:31:25 CET 2011 - mc@suse.de - backport upstrem fixes ------------------------------------------------------------------- Wed Sep 15 08:37:43 CEST 2010 - mantel@suse.de - Initial release of spacewalk-admin ------------------------------------------------------------------- 07070100000016000081A4000003E80000006400000001662798DF0000003D000000000000000000000000000000000000003B00000000spacewalk-admin/spacewalk-admin.changes.mbussolotto.master- use uyuni-build-keys.gpg is suma-build-keys.gpg is missing 07070100000017000081A4000003E80000006400000001662798DF00000F7D000000000000000000000000000000000000002500000000spacewalk-admin/spacewalk-admin.spec# # spec file for package spacewalk-admin # # Copyright (c) 2024 SUSE LLC # Copyright (c) 2008-2018 Red Hat, Inc. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # Summary: Various utility scripts and data files for Spacewalk installations License: GPL-2.0-only Group: Applications/Internet Name: spacewalk-admin URL: https://github.com/uyuni-project/uyuni Version: 5.0.5 Release: 0 Source0: https://github.com/uyuni-project/uyuni/archive/%{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: lsof Requires: procps Requires: python3 Requires: python3-websockify Requires: spacewalk-base Requires: perl(MIME::Base64) BuildRequires: /usr/bin/pod2man BuildRequires: make BuildRequires: systemd BuildArch: noarch BuildRequires: spacewalk-config BuildRequires: uyuni-base-common Requires(pre): uyuni-base-common Requires: susemanager-schema-utility Requires: uyuni-setup-reportdb %description Various utility scripts and data files for Spacewalk installations. %prep %setup -q %build %install %if 0%{?rhel} sed -i 's/apache2.service/httpd.service/g' spacewalk.target sed -i 's/apache2.service/httpd.service/g' spacewalk-wait-for-tomcat.service sed -i 's/apache2.service/httpd.service/g' uyuni-check-database.service %endif make -f Makefile.admin install PREFIX=$RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT%{_mandir}/man8/ %{_bindir}/pod2man --section=8 rhn-config-schema.pl > $RPM_BUILD_ROOT%{_mandir}/man8/rhn-config-schema.pl.8 %{_bindir}/pod2man --section=8 man/spacewalk-service.pod > $RPM_BUILD_ROOT%{_mandir}/man8/spacewalk-service.8 %{_bindir}/pod2man --section=8 man/rhn-sat-restart-silent.pod > $RPM_BUILD_ROOT%{_mandir}/man8/rhn-sat-restart-silent.8 %{_bindir}/pod2man --section=8 rhn-config-satellite.pl > $RPM_BUILD_ROOT%{_mandir}/man8/rhn-config-satellite.pl.8 %{_bindir}/pod2man --section=8 man/rhn-deploy-ca-cert.pl.pod > $RPM_BUILD_ROOT%{_mandir}/man8/rhn-deploy-ca-cert.pl.8 %{_bindir}/pod2man --section=8 man/rhn-install-ssl-cert.pl.pod > $RPM_BUILD_ROOT%{_mandir}/man8/rhn-install-ssl-cert.pl.8 chmod 0644 $RPM_BUILD_ROOT%{_mandir}/man8/*.8* %post if [ -x /usr/bin/systemctl ]; then /usr/bin/systemctl daemon-reload || : fi %files %license LICENSE %{_sbindir}/spacewalk-startup-helper %{_sbindir}/spacewalk-service %{_sbindir}/uyuni-update-config %{_sbindir}/import-suma-build-keys %{_bindir}/rhn-config-satellite.pl %{_bindir}/rhn-config-schema.pl %{_bindir}/rhn-deploy-ca-cert.pl %{_bindir}/rhn-install-ssl-cert.pl %{_bindir}/salt-secrets-config.py %{_sbindir}/rhn-sat-restart-silent %{_sbindir}/mgr-monitoring-ctl %{_mandir}/man8/rhn-config-schema.pl.8* %{_mandir}/man8/spacewalk-service.8* %{_mandir}/man8/rhn-sat-restart-silent.8* %{_mandir}/man8/rhn-config-satellite.pl.8* %{_mandir}/man8/rhn-deploy-ca-cert.pl.8* %{_mandir}/man8/rhn-install-ssl-cert.pl.8* %{_unitdir}/spacewalk.target %{_unitdir}/spacewalk-wait-for-tomcat.service %{_unitdir}/spacewalk-wait-for-salt.service %{_unitdir}/spacewalk-wait-for-taskomatic.service %{_unitdir}/salt-secrets-config.service %{_unitdir}/cobbler-refresh-mkloaders.service %{_unitdir}/mgr-websockify.service %{_unitdir}/mgr-check-payg.service %{_unitdir}/uyuni-check-database.service %{_unitdir}/uyuni-update-config.service %{_unitdir}/*.service.d %changelog 07070100000018000081ED000003E80000006400000001662798DF000010D4000000000000000000000000000000000000002200000000spacewalk-admin/spacewalk-service#!/bin/sh # # Copyright (c) 2008--2012 Red Hat, Inc. # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # if [ $EUID -ne 0 ]; then echo -e "This script must be run as root!\n" exit 1 fi spacewalk_target_services() { FEXISTS="" for t in /usr/lib/systemd/system/*.service; do FEXISTS="$FEXISTS $(basename $t)" done awk -F= 'BEGIN {split("'"$EXCLUDE"'", keys, / +/); split("'"$FEXISTS"'", srvs, / +/); for (i in keys) {exclude[keys[i]]}; for (j in srvs) {fexists[srvs[j]]} } /Requires=/ {if (!($2 in exclude)) {print $2}} /Wants=/ {if (($2 in fexists) && !($2 in exclude)) {print $2}}' \ /usr/lib/systemd/system/spacewalk.target } turn_on() { echo "Enabling spacewalk services..." spacewalk_target_services | xargs systemctl enable --quiet systemctl enable --quiet spacewalk.target echo "Done" return 0 } turn_off() { echo "Disabling spacewalk services..." spacewalk_target_services | xargs systemctl disable --quiet systemctl disable --quiet spacewalk.target echo "Done" return 0 } list() { echo "Listing spacewalk services..." systemctl list-unit-files --type=service | grep -F "$(spacewalk_target_services)" echo "Done" return 0 } start() { echo "Starting spacewalk services..." DISABLE_FILE=/run/spacewalk-wait-for-tomcat-disable if [ "$WAIT_FOR_TOMCAT" == "1" ] ; then rm -f $DISABLE_FILE else touch $DISABLE_FILE fi echo " Checking DB schema and running DB schema upgrade if needed. This may take a while." echo " Call the following command to see progress: journalctl -f -u uyuni-check-database.service" if grep -E -m1 "^db_host[[:space:]]*=[[:space:]]*localhost" /etc/rhn/rhn.conf >/dev/null && \ grep "md5" `runuser -l postgres -c env | grep PGDATA | cut -f2- -d=`/pg_hba.conf >/dev/null; then echo echo "INFO: Migrating password encryption mechanism to scram-sha-256" fi MSG1=$(systemctl start spacewalk.target 2>&1) || { MSG2=$(systemctl status uyuni-check-database.service) if [ $? -ne 0 ]; then echo -e "$MSG2" else echo -e "$MSG1" fi echo "FAILED" return 1 } rm -f $DISABLE_FILE echo "Done." return 0 } stop() { echo "Shutting down spacewalk services..." spacewalk_target_services | xargs systemctl stop echo "Done." return 0 } status() { spacewalk_target_services | xargs systemctl status --no-pager -n0 systemctl status -n0 spacewalk.target return $? } OPTS=$(getopt --longoptions=exclude:,level:,no-wait-for-tomcat -n ${0##*/} -- e:l:T "$@") if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi eval set -- "$OPTS" WAIT_FOR_TOMCAT=1 while true ; do case "$1" in -e|--exclude) EXCLUDE=$2 shift ;; -l|--level) LEVEL="--level $2" shift ;; -T|--no-wait-for-tomcat) WAIT_FOR_TOMCAT=0 ;; --) shift break ;; *) echo "Internal error [$1]!" >&2 exit 1 ;; esac shift done case "$1" in start) start ;; stop) stop ;; enable) turn_on $LEVEL ;; disable) turn_off $LEVEL ;; list) list ;; status) status ;; restart|reload) stop /usr/sbin/spacewalk-startup-helper ensure-httpd-down start ;; *) echo "Usage: $(basename $0) {start|stop|status|reload|restart|enable|disable}" exit 1 ;; esac exit $? 07070100000019000081ED000003E80000006400000001662798DF00002536000000000000000000000000000000000000002900000000spacewalk-admin/spacewalk-startup-helper#!/bin/bash LSOF="/usr/sbin/lsof" if [ -x "/usr/bin/lsof" ]; then LSOF="/usr/bin/lsof" fi REPORTDB_EXISTS='n' perform_db_schema_upgrade() { /usr/bin/spacewalk-schema-upgrade -y if [ $? -ne 0 ]; then echo "Database schema upgrade failed. Please check the logs." exit 1 fi } perform_report_db_schema_upgrade() { if [ $REPORTDB_EXISTS == 'y' ]; then /usr/bin/spacewalk-schema-upgrade -y --reportdb if [ $? -ne 0 ]; then echo "Report Database schema upgrade failed. Please check the logs." exit 1 fi fi } isPayg() { if [ ! -x /usr/bin/instance-flavor-check ]; then return 1 fi TYPE=$(/usr/bin/instance-flavor-check) [ "$TYPE" == "PAYG" ] } enforce_service_installed_running() { PACKAGE_NAME=$1 SERVICE_NAME=$2 isPayg if [ $? -eq 0 ]; then rpm -q $PACKAGE_NAME if [ $? -ne 0 ]; then echo "$PACKAGE_NAME not installed. Installing now..." zypper --non-interactive install $PACKAGE_NAME systemctl start $SERVICE_NAME fi systemctl is-active --quiet $SERVICE_NAME if [ $? -ne 0 ]; then echo "$SERVICE_NAME needs to be running." exit 1 fi fi } check_billing_service() { enforce_service_installed_running billing-data-service billing-data-service enforce_service_installed_running csp-billing-adapter-service csp-billing-adapter } check_schema_version() { MIN_JAVA_SCHEMA=$( egrep -m1 "^java.min_schema_version[[:space:]]*=" /usr/share/rhn/config-defaults/rhn_java.conf | sed 's/^java.min_schema_version[[:space:]]*=[[:space:]]*\(.*\)/\1/' || echo "" ) CMP=$(echo "select evr_t_compare(X.evr, evr_t('0', '$MIN_JAVA_SCHEMA', '0', 'rpm')) from (select PE.evr from rhnVersionInfo vi join rhnPackageEVR pe on vi.evr_id = pe.id where vi.label = 'schema') X;" | spacewalk-sql --select-mode - | sed -n 3p | xargs) if [ $CMP -lt 0 ]; then echo "Incompatible database schema version detected! Minimal schema version required by Java: $MIN_JAVA_SCHEMA" exit 1 fi MIN_BACK_SCHEMA=$( egrep -m1 "^min_schema_version[[:space:]]*=" /usr/share/rhn/config-defaults/rhn_server_xmlrpc.conf | sed 's/^min_schema_version[[:space:]]*=[[:space:]]*\(.*\)/\1/' || echo "" ) CMP=$(echo "select evr_t_compare(X.evr, evr_t('0', '$MIN_BACK_SCHEMA', '0', 'rpm')) from (select PE.evr from rhnVersionInfo vi join rhnPackageEVR pe on vi.evr_id = pe.id where vi.label = 'schema') X;" | spacewalk-sql --select-mode - | sed -n 3p | xargs) if [ $CMP -lt 0 ]; then echo "Incompatible database schema version detected! Minimal schema version required by Backend: $MIN_BACK_SCHEMA" exit 1 fi if [ $REPORTDB_EXISTS == 'y' ]; then MIN_JAVA_REPORT_SCHEMA=$( egrep -m1 "^java.min_report_schema_version[[:space:]]*=" /usr/share/rhn/config-defaults/rhn_java.conf | sed 's/^java.min_report_schema_version[[:space:]]*=[[:space:]]*\(.*\)/\1/' || echo "" ) CMP=$(echo "select rpm.vercmp(null, X.version, X.release, null, '$MIN_JAVA_REPORT_SCHEMA', '0') from (select version, release from VersionInfo where label = 'schema') X;" | spacewalk-sql --select-mode --reportdb - | sed -n 3p | xargs) if [ $CMP -lt 0 ]; then echo "Incompatible database schema version detected! Minimal report schema version required by Java: $MIN_JAVA_REPORT_SCHEMA" exit 1 fi fi } check_db_version() { RETRIES=10 while [ $RETRIES -gt 0 ]; do IFS="." read -ra VARR <<< $(echo "show server_version;" | spacewalk-sql --select-mode $1 - | sed -n 3p | xargs) if [ $? -eq 0 ]; then echo "${VARR[0]}" return 0 fi ((RETRIES--)) sleep 1 done return 1 } parse_rhn_property() { ATTRIBUTE="$1" VAR="$2" VALUE=$(grep "^$ATTRIBUTE" /etc/rhn/rhn.conf |cut -d'=' -f2 | tail -n1 | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' | tr -d '\n') eval "$(printf "%q=%q" "$VAR" "$VALUE")" } db_migrate_md5_to_scram() { PGDATAVAR=$(runuser -l postgres -c env | grep PGDATA | cut -f2- -d=) if ! grep "md5" ${PGDATAVAR}/pg_hba.conf >/dev/null; then return fi logger -p user.notice "Migrate database password encryption from md5 to scram-sha256" if ! grep -E "^password_encryption[[:space:]]*=[[:space:]]*scram-sha-256" ${PGDATAVAR}/postgresql.conf >/dev/null; then logger -p user.notice "Set database password encryption default to scram-sha256" echo "password_encryption = scram-sha-256" >> ${PGDATAVAR}/postgresql.conf systemctl reload postgresql fi parse_rhn_property "db_name" DBNAME parse_rhn_property "db_user" DBUSER parse_rhn_property "db_password" DBPASSWD logger -p user.notice "Reset database password for user: $DBUSER" runuser - postgres -c "echo \"ALTER USER $DBUSER WITH PASSWORD '$DBPASSWD';\" | psql" logger -p user.notice "Change encryption in pg_hba.conf to scram-sha-256" sed -i 's|md5|scram-sha-256|g' ${PGDATAVAR}/pg_hba.conf } check_database() { # Check, if we use the correct database version source /etc/os-release DB_VERSION=$(check_db_version) if [ $? -ne 0 ]; then echo "Cannot access the Database" exit 1 elif [ $VERSION_ID == "15.3" -a "$DB_VERSION" != "13" ]; then echo "Database version '$DB_VERSION' is not supported for SUSE Manager/Uyuni on $PRETTY_NAME. Perform database migration." exit 1 elif [ $VERSION_ID == "15.4" -a "$DB_VERSION" != "14" ]; then echo "Database version '$DB_VERSION' is not supported for SUSE Manager/Uyuni on $PRETTY_NAME. Perform database migration." exit 1 fi # Check, if the report DB was already setup if egrep -m1 "^report_db_host[[:space:]]*=[[:space:]]*[a-zA-Z0-9_-]+" /etc/rhn/rhn.conf; then REPORTDB_EXISTS='y' else # Check, if the DB is local and we should setup the reporting DB automated if egrep -m1 "^db_host[[:space:]]*=[[:space:]]*localhost" /etc/rhn/rhn.conf; then # Do not use 'md5' auth anymore, migrate to 'scram-sha-256' if needed db_migrate_md5_to_scram # if the main database is local, we setup the report DB automatically /usr/bin/uyuni-setup-reportdb create --db reportdb --user pythia_susemanager --autogenpw \ --address '*' --remote '0.0.0.0/0,::/0' && { REPORTDB_EXISTS='y' } if [ $? -ne 0 ]; then echo "Report Database creation has failed. Please check the logs." exit 1 fi else logger -p user.notice "Database not local - skipping setup of report database" fi fi if [ $REPORTDB_EXISTS == 'y' ]; then REPORT_DB_VERSION=$(check_db_version --reportdb) if [ $? -ne 0 ]; then echo "Cannot access the Report Database" exit 1 elif [ $VERSION_ID == "15.3" -a "$REPORT_DB_VERSION" != "13" ]; then echo "Report Database version '$REPORT_DB_VERSION' is not supported for SUSE Manager/Uyuni on $PRETTY_NAME. Perform database migration." exit 1 elif [ $VERSION_ID == "15.4" -a "$REPORT_DB_VERSION" != "14" ]; then echo "Report Database version '$REPORT_DB_VERSION' is not supported for SUSE Manager/Uyuni on $PRETTY_NAME. Perform database migration." exit 1 fi fi perform_db_schema_upgrade perform_report_db_schema_upgrade check_schema_version exit 0 } wait_for_tomcat() { if [ -x /etc/init.d/tomcat5 ]; then TOMCAT_PID=$(cat /var/run/tomcat5.pid 2>/dev/null) elif [ -x /etc/init.d/tomcat6 ]; then TOMCAT_PID=$(cat /var/run/tomcat6.pid 2>/dev/null) elif [ -e /usr/lib/systemd/system/tomcat.service ]; then TOMCAT_PID=$(systemctl show --property=MainPID tomcat.service | sed 's/^MainPID=0*//') elif [ -e /usr/lib/systemd/system/tomcat.service ]; then TOMCAT_PID=$(systemctl show --property=MainPID tomcat.service | sed 's/^MainPID=0*//') else echo "No tomcat service found." exit 0; fi if [ -x $LSOF ]; then echo "Waiting for tomcat to be ready ..." RETRIES=30 while [ -n "$TOMCAT_PID" ] ; do $LSOF -t -i TCP:8005 | grep "^$TOMCAT_PID$" > /dev/null \ && $LSOF -t -i TCP:8009 | grep "^$TOMCAT_PID$" > /dev/null \ && break [ $RETRIES -gt 0 ] || break ((RETRIES--)) sleep 1 done else echo "No lsof found, not waiting for tomcat." fi } wait_for_taskomatic() { if [ -x $LSOF ]; then echo "Waiting for taskomatic to be ready ..." RETRIES=30 while [ $RETRIES -gt 0 ] do $LSOF -t -i TCP:2829 > /dev/null && break ((RETRIES--)) sleep 3 done if [ $RETRIES -eq 0 ]; then echo "taskomatic still not up and running" >&2 fi else echo "No lsof found, not waiting for taskomatic." fi } ensure_httpd_down() { COUNT=0 LIMIT=10 while [ "$(pgrep -c httpd)" -gt 0 ] && [ "$COUNT" -lt "$LIMIT" ] do sleep 1 ((COUNT++)) done if [ "$COUNT" -eq "$LIMIT" ]; then killall -9 httpd sleep 4 fi return 0 } case $1 in ensure-httpd-down) ensure_httpd_down;; wait-for-tomcat) wait_for_tomcat;; wait-for-database) check_database;; check-database) check_database;; wait-for-taskomatic) wait_for_taskomatic;; check-billing-service) check_billing_service;; esac 0707010000001A000081A4000003E80000006400000001662798DF000000C5000000000000000000000000000000000000003000000000spacewalk-admin/spacewalk-wait-for-salt.service[Unit] Description=Make sure that salt is started before httpd After=salt-master.service After=salt-api.service Before=httpd.service [Service] ExecStart=/bin/true Type=oneshot RemainAfterExit=yes 0707010000001B000081A4000003E80000006400000001662798DF000000B7000000000000000000000000000000000000003600000000spacewalk-admin/spacewalk-wait-for-taskomatic.service[Unit] Description=Spacewalk wait for taskomatic After=taskomatic.service [Service] ExecStart=/usr/sbin/spacewalk-startup-helper wait-for-taskomatic Type=oneshot RemainAfterExit=yes 0707010000001C000081A4000003E80000006400000001662798DF000000FE000000000000000000000000000000000000003200000000spacewalk-admin/spacewalk-wait-for-tomcat.service[Unit] Description=Spacewalk wait for tomcat After=tomcat.service Before=apache2.service ConditionPathExists=!/run/spacewalk-wait-for-tomcat-disable [Service] ExecStart=/usr/sbin/spacewalk-startup-helper wait-for-tomcat Type=oneshot RemainAfterExit=yes 0707010000001D000081A4000003E80000006400000001662798DF0000025B000000000000000000000000000000000000002100000000spacewalk-admin/spacewalk.target[Unit] Description=Spacewalk Requires=mgr-check-payg.service Requires=uyuni-update-config.service Requires=uyuni-check-database.service Requires=tomcat.service Requires=spacewalk-wait-for-tomcat.service Requires=salt-master.service Requires=salt-api.service Requires=spacewalk-wait-for-salt.service Requires=apache2.service Requires=rhn-search.service Requires=cobblerd.service Requires=taskomatic.service Requires=spacewalk-wait-for-taskomatic.service Requires=salt-secrets-config.service Requires=mgr-websockify.service Requires=cobbler-refresh-mkloaders.service [Install] WantedBy=multi-user.target 0707010000001E000081A4000003E80000006400000001662798DF000001A8000000000000000000000000000000000000002D00000000spacewalk-admin/uyuni-check-database.service[Unit] Description=Uyuni check database Before=tomcat.service apache2.service salt-master.service salt-api.service rhn-search.service cobblerd.service taskomatic.service mgr-events-config.service mgr-websockify.service After=network-online.target postgresql.service Requires=ca-certificates.service [Service] ExecStart=/usr/sbin/spacewalk-startup-helper check-database Type=oneshot IgnoreSIGPIPE=false RemainAfterExit=yes 0707010000001F000081A4000003E80000006400000001662798DF0000002D000000000000000000000000000000000000002C00000000spacewalk-admin/uyuni-service-override.conf[Unit] Requires=uyuni-check-database.service 07070100000020000081ED000003E80000006400000001662798DF00000A54000000000000000000000000000000000000002400000000spacewalk-admin/uyuni-update-config#!/usr/bin/python3 # -*- coding: utf-8 -*- import sys import os.path import uuid import subprocess from spacewalk.common.rhnConfig import initCFG, CFG initCFG('server.susemanager') def run_uyuni_configfiles_sync(): if not os.path.isfile("/usr/bin/uyuni-configfiles-sync"): return result = subprocess.run( ["/usr/bin/uyuni-configfiles-sync", "sync"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, encoding='utf-8') if result.stdout: sys.stdout.write("{}\n".format(result.stdout)) sys.stdout.flush() if result.returncode: sys.stdout.write("Failed to synchronize files to persistent volumes. Aborting!\n") sys.stdout.flush() sys.exit(1) def initSccLogin(): try: if CFG.scc_backup_srv_usr: # nothing to do return except AttributeError: # key does not exist, we need to create it pass scc_cred_file = "/etc/zypp/credentials.d/SCCcredentials" uuidNum = None if os.path.exists(scc_cred_file): with open(scc_cred_file, "r") as f: for line in f: if line.startswith("username"): _k, v = line.split("=", 2) uuidNum = v.strip() break if not uuidNum: # scc expects either a SCC machine login (must exists in SCC) # or a UUID4 following rfc4122 to identify a anonyme proxy uuidNum = str(uuid.uuid4()) with open("/etc/rhn/rhn.conf", "a") as r: r.write("\n") r.write("server.susemanager.scc_backup_srv_usr = {}\n".format(uuidNum)) def importSumaGPGKeyring(): result = subprocess.run( ["/usr/sbin/import-suma-build-keys"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, encoding='utf-8') if result.returncode: sys.stdout.write("Failed to import SUSE Manager Build Keys\n") if result.stdout: sys.stdout.write("{}\n".format(result.stdout)) sys.stdout.flush() def copyCA(): result = subprocess.run( ["cp", "/etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT", "/usr/share/susemanager/salt/certs/RHN-ORG-TRUSTED-SSL-CERT"], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, encoding='utf-8') if result.returncode: sys.stdout.write("Failed to copy the CA certificate to the Salt Filesystem\n") if result.stdout: sys.stdout.write("{}\n".format(result.stdout)) sys.stdout.flush() run_uyuni_configfiles_sync() initSccLogin() importSumaGPGKeyring() copyCA() sys.exit(0) 07070100000021000081A4000003E80000006400000001662798DF0000010D000000000000000000000000000000000000002C00000000spacewalk-admin/uyuni-update-config.service[Unit] Description=Uyuni update config Before=uyuni-check-database.service tomcat.service apache2.service rhn-search.service taskomatic.service postfix.service After=postgresql.service [Service] ExecStart=/usr/sbin/uyuni-update-config Type=oneshot RemainAfterExit=yes 07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor