Source Code for Module backend.cdn_tools.activation

  1  # Copyright (c) 2016--2017 Red Hat, Inc. 
  2  # 
  3  # This software is licensed to you under the GNU General Public License, 
  4  # version 2 (GPLv2). There is NO WARRANTY for this software, express or 
  5  # implied, including the implied warranties of MERCHANTABILITY or FITNESS 
  6  # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 
  7  # along with this software; if not, see 
  8  # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. 
  9  # 
 10  # Red Hat trademarks are not licensed under GPLv2. No permission is 
 11  # granted to use or replicate Red Hat trademarks that are incorporated 
 12  # in this software or its documentation. 
 13  # 
 14   
 15  import sys 
 16  import json 
 17   
 18  from spacewalk.cdn_tools import constants 
 19  from spacewalk.cdn_tools.candlepin_api import CandlepinApi 
 20  from spacewalk.cdn_tools.common import verify_mappings 
 21  from spacewalk.cdn_tools.manifest import Manifest, ManifestValidationError 
 22  from spacewalk.satellite_tools import satCerts 
 23  from spacewalk.satellite_tools.syncLib import log, log2 
 24  from spacewalk.server import rhnSQL 
 25  from spacewalk.server.importlib.backendOracle import SQLBackend 
 26  from spacewalk.server.importlib.channelImport import ChannelFamilyImport 
 27  from spacewalk.server.importlib.importLib import ChannelFamily, ContentSource, ContentSourceSsl 
 28  from spacewalk.server.importlib.contentSourcesImport import ContentSourcesImport 
 29  from spacewalk.server.rhnServer.satellite_cert import SatelliteCert 
 30   
 31   
 32 -class Activation(object): 
 33      """Class inserting channel families and SSL metadata into DB.""" 
 34   
 35 -    def __init__(self, manifest_path): 
 36          rhnSQL.initDB() 
 37          self.manifest = Manifest(manifest_path) 
 38          self.sat5_cert = SatelliteCert() 
 39          self.sat5_cert.load(self.manifest.get_satellite_certificate()) 
 40   
 41          verify_mappings() 
 42   
 43          f = None 
 44          # Channel families metadata 
 45          try: 
 46              try: 
 47                  f = open(constants.CHANNEL_FAMILY_MAPPING_PATH, 'r') 
 48                  self.families = json.load(f) 
 49                  f.close() 
 50              except IOError: 
 51                  e = sys.exc_info()[1] 
 52                  log(1, "Ignoring channel mappings: %s" % e) 
 53                  self.families = {} 
 54          finally: 
 55              if f is not None: 
 56                  f.close() 
 57   
 58          self.families_to_import = [] 
 59   
 60      @staticmethod 
 61 -    def _remove_certificates(): 
 62          for description_prefix in (constants.CA_CERT_NAME, 
 63                                     constants.CLIENT_CERT_PREFIX, 
 64                                     constants.CLIENT_KEY_PREFIX): 
 65   
 66              satCerts.delete_rhnCryptoKey_null_org(description_prefix) 
 67   
 68 -    def _update_certificates(self): 
 69          """Delete and insert certificates needed for syncing from CDN repositories.""" 
 70   
 71          # Remove all previously used certs/keys 
 72          self._remove_certificates() 
 73   
 74          # Read RHSM cert 
 75          f = open(constants.CA_CERT_PATH, 'r') 
 76          try: 
 77              ca_cert = f.read() 
 78          finally: 
 79              if f is not None: 
 80                  f.close() 
 81   
 82          if not satCerts.verify_certificate_dates(str(ca_cert)): 
 83              log2(0, 0, "WARNING: '%s' certificate is not valid." % constants.CA_CERT_PATH, stream=sys.stderr) 
 84          # Insert RHSM cert and certs from manifest into DB 
 85          satCerts.store_rhnCryptoKey( 
 86              constants.CA_CERT_NAME, ca_cert, None) 
 87   
 88          for entitlement in self.manifest.get_all_entitlements(): 
 89              creds = entitlement.get_credentials() 
 90              cert_name = constants.CLIENT_CERT_PREFIX + creds.get_id() 
 91              key_name = constants.CLIENT_KEY_PREFIX + creds.get_id() 
 92              if not satCerts.verify_certificate_dates(str(creds.get_cert())): 
 93                  log2(0, 0, "WARNING: '%s' certificate is not valid." % cert_name, stream=sys.stderr) 
 94              satCerts.store_rhnCryptoKey(cert_name, creds.get_cert(), None) 
 95              satCerts.store_rhnCryptoKey(key_name, creds.get_key(), None) 
 96   
 97 -    def import_channel_families(self): 
 98          """Insert channel family data into DB.""" 
 99   
100          log(1, "Channel families in manifest: %d" % len(self.sat5_cert.channel_families))  # pylint: disable=E1101 
101   
102          batch = [] 
103          for cf in self.sat5_cert.channel_families:  # pylint: disable=E1101 
104              label = cf.name 
105              try: 
106                  family = self.families[label] 
107                  family_object = ChannelFamily() 
108                  for k in family.keys(): 
109                      family_object[k] = family[k] 
110                  family_object['label'] = label 
111                  batch.append(family_object) 
112                  self.families_to_import.append(label) 
113              except KeyError: 
114                  # While channel mappings are not consistent with certificate generated on RHN... 
115                  msg = ("WARNING: Channel family '%s' is provided by manifest but " 
116                         "was not found in cdn-sync mappings." % label) 
117                  log2(0, 1, msg, stream=sys.stderr) 
118   
119          log(1, "Channel families to import: %d" % len(batch)) 
120          # Perform import 
121          backend = SQLBackend() 
122          importer = ChannelFamilyImport(batch, backend) 
123          importer.run() 
124   
125      @staticmethod 
126 -    def _remove_repositories(): 
127          """This method removes repositories obtained from manifest""" 
128          hdel_repos = rhnSQL.prepare(""" 
129              delete from rhnContentSource where 
130              label like :prefix || '%%' 
131              and org_id is null 
132          """) 
133          hdel_repos.execute(prefix=constants.MANIFEST_REPOSITORY_DB_PREFIX) 
134          rhnSQL.commit() 
135   
136 -    def _update_repositories(self): 
137          """Setup SSL credential to access repositories 
138             We do this in 2 steps: 
139             1. Fetching provided repositories from manifest - URL contains variables to substitute 
140             2. Assigning one certificate/key set to each repository""" 
141   
142          # First delete all repositories from previously used manifests 
143          self._remove_repositories() 
144   
145          backend = SQLBackend() 
146          type_id = backend.lookupContentSourceType('yum') 
147   
148          # Lookup CA cert 
149          ca_cert = satCerts.lookup_cert(constants.CA_CERT_NAME, None) 
150          ca_cert_id = int(ca_cert['id']) 
151   
152          content_sources_batch = {} 
153          for entitlement in self.manifest.get_all_entitlements(): 
154              # Lookup SSL certificates and keys 
155              creds = entitlement.get_credentials() 
156              client_cert = satCerts.lookup_cert(constants.CLIENT_CERT_PREFIX + 
157                                                 creds.get_id(), None) 
158              client_key = satCerts.lookup_cert(constants.CLIENT_KEY_PREFIX + 
159                                                creds.get_id(), None) 
160              client_cert_id = int(client_cert['id']) 
161              client_key_id = int(client_key['id']) 
162              content_source_ssl = ContentSourceSsl() 
163              content_source_ssl['ssl_ca_cert_id'] = ca_cert_id 
164              content_source_ssl['ssl_client_cert_id'] = client_cert_id 
165              content_source_ssl['ssl_client_key_id'] = client_key_id 
166              # Loop provided products 
167              for product in entitlement.get_products(): 
168                  repositories = product.get_repositories() 
169                  for repository in repositories: 
170                      if repository not in content_sources_batch: 
171                          content_source = ContentSource() 
172                          content_source['label'] = constants.MANIFEST_REPOSITORY_DB_PREFIX + repository 
173                          content_source['source_url'] = repositories[repository] 
174                          content_source['org_id'] = None 
175                          content_source['type_id'] = type_id 
176                          content_source['ssl-sets'] = [content_source_ssl] 
177                          content_sources_batch[repository] = content_source 
178                      # There may be more SSL certs to one repository, append it 
179                      elif content_source_ssl not in content_sources_batch[repository]['ssl-sets']: 
180                          content_sources_batch[repository]['ssl-sets'].append(content_source_ssl) 
181   
182          importer = ContentSourcesImport(content_sources_batch.values(), backend) 
183          importer.run() 
184   
185 -    def activate(self): 
186          if self.manifest.check_signature(): 
187              log(0, "Populating channel families...") 
188              self.import_channel_families() 
189              log(0, "Updating certificates...") 
190              self._update_certificates() 
191              log(0, "Updating manifest repositories...") 
192              self._update_repositories() 
193          else: 
194              raise ManifestValidationError("Manifest validation failed! Make sure the specified manifest is correct.") 
195   
196      @staticmethod 
197 -    def deactivate(): 
198          """Function to remove certificates and manifest repositories from DB""" 
199          rhnSQL.initDB() 
200          log(0, "Removing certificates...") 
201          Activation._remove_certificates() 
202          log(0, "Removing manifest repositories...") 
203          Activation._remove_repositories() 
204   
205      @staticmethod 
206 -    def manifest_info(manifest_path): 
207          manifest = Manifest(manifest_path) 
208          log(0, "Name: %s" % manifest.get_name(), cleanYN=1) 
209          log(0, "UUID: %s" % manifest.get_uuid(), cleanYN=1) 
210          log(0, "Owner ID: %s" % manifest.get_ownerid(), cleanYN=1) 
211          log(0, "Satellite version: %s" % manifest.get_satellite_version(), cleanYN=1) 
212          log(0, "Created: %s" % manifest.get_created(), cleanYN=1) 
213          log(0, "API URL: %s" % manifest.get_api_url(), cleanYN=1) 
214   
215      @staticmethod 
216 -    def download_manifest(old_manifest_path, http_proxy=None, http_proxy_username=None, 
217                            http_proxy_password=None): 
218          manifest = Manifest(old_manifest_path) 
219          candlepin_api = CandlepinApi(current_manifest=manifest, http_proxy=http_proxy, 
220                                       http_proxy_username=http_proxy_username, 
221                                       http_proxy_password=http_proxy_password) 
222          return candlepin_api.export_manifest() 
223   
224      @staticmethod 
225 -    def refresh_manifest(old_manifest_path, http_proxy=None, http_proxy_username=None, 
226                           http_proxy_password=None): 
227          manifest = Manifest(old_manifest_path) 
228          candlepin_api = CandlepinApi(current_manifest=manifest, http_proxy=http_proxy, 
229                                       http_proxy_username=http_proxy_username, 
230                                       http_proxy_password=http_proxy_password) 
231          return candlepin_api.refresh_manifest() 
232