[Spacewalk-devel] Replacement for tanukiwrapper
Premature notice: I discovered free fork of tanukiwrapper: https://bitbucket.org/ivertex/java-service-wrapper And I have intention to replace tanukiwrapper with java-service-wrapper as soon as it pass package review: https://bugzilla.redhat.com/show_bug.cgi?id=707132 Mirek ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Replacement for tanukiwrapper
On Tue, May 24, 2011 at 09:39:16AM +0200, Miroslav Suchy wrote: > Premature notice: > I discovered free fork of tanukiwrapper: > https://bitbucket.org/ivertex/java-service-wrapper > And I have intention to replace tanukiwrapper with > java-service-wrapper as soon as it pass package review: > https://bugzilla.redhat.com/show_bug.cgi?id=707132 Do we need it at all? Wouldn't two startup scripts (taskomatic and the search server) plus log4j achieve the same, without a dependency on the external piece of software? -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Replacement for tanukiwrapper
Dne 24.5.2011 09:52, Jan Pazdziora napsal(a): Do we need it at all? Wouldn't two startup scripts (taskomatic and the search server) plus log4j achieve the same, without a dependency on the external piece of software? It is not as easy as it looks(*). At least for me. I tried that and after 15 minutes of investigation I gave up and find out that keeping tanukiwrapper in place is not bad option. (*) It is wired in some classes as well. E.g. look into java/code/src/com/redhat/rhn/taskomatic/core/BaseDaemon.java and search-server/spacewalk-search/src/java/com/redhat/satellite/search/Main.java Mirek ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Replacement for tanukiwrapper
- Original Message - > From: "Jan Pazdziora" > To: spacewalk-devel@redhat.com > Sent: Tuesday, May 24, 2011 9:52:48 AM > Subject: Re: [Spacewalk-devel] Replacement for tanukiwrapper > > On Tue, May 24, 2011 at 09:39:16AM +0200, Miroslav Suchy wrote: > > Premature notice: > > I discovered free fork of tanukiwrapper: > > https://bitbucket.org/ivertex/java-service-wrapper > > And I have intention to replace tanukiwrapper with > > java-service-wrapper as soon as it pass package review: > > https://bugzilla.redhat.com/show_bug.cgi?id=707132 +1 > > Do we need it at all? Wouldn't two startup scripts (taskomatic and > the > search server) plus log4j achieve the same, without a dependency on > the external piece of software? It does exactly what we need. It starts java applications as a daemon, has a nice configuration file, cares about logging, ... Yes, it is an external piece of software, but if we would drop it, we would just need to rewrite its functionality. tanukiwrapper/java-service-wrapper is a ready solution, that works and is used by its users. I prefer continue using it. Tomas > > -- > Jan Pazdziora > Principal Software Engineer, Satellite Engineering, Red Hat > > ___ > Spacewalk-devel mailing list > Spacewalk-devel@redhat.com > https://www.redhat.com/mailman/listinfo/spacewalk-devel > ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] [PATCH] Has signed Metadata
Hi, Am Montag, 21. März 2011, 15:56:50 schrieb Michael Mraka: > Michael Calmer wrote: > % Hi, > ... > % > % I would suggest, that we go step by step. So let's wait until "weak deps" > % and > % "updateinfo to errata" is applied. After this I will submit a new patch > % for this feature based on the new master. > > Sure, no problem. I re-worked the patches now. spacewalk-repo-sync uses now a fix directory with a GPG keyring to store trusted keys. Please review. Thanks. -- Regards Michael Calmer -- Michael Calmer SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg T: +49 (0) 911 74053 0 F: +49 (0) 911 74053575 - e-mail: michael.cal...@suse.com -- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer HRB 16746 (AG Nürnberg) From d7c0e9d8ae3684566ae79573d1e8e369e2388323 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 21 May 2011 15:56:47 +0200 Subject: [PATCH 1/3] add column metadata_signed to rhnContentSource table --- .../spacewalk/common/tables/rhnContentSource.sql |4 .../019-add-metadata_signed.sql| 16 2 files changed, 20 insertions(+), 0 deletions(-) create mode 100644 schema/spacewalk/upgrade/spacewalk-schema-1.4-to-spacewalk-schema-1.5/019-add-metadata_signed.sql diff --git a/schema/spacewalk/common/tables/rhnContentSource.sql b/schema/spacewalk/common/tables/rhnContentSource.sql index dc93a27..2f36f2e 100644 --- a/schema/spacewalk/common/tables/rhnContentSource.sql +++ b/schema/spacewalk/common/tables/rhnContentSource.sql @@ -29,6 +29,10 @@ rhnContentSource references rhnContentSourceType(id), source_url varchar2(512) NOT NULL, label varchar2(64) NOT NULL, +metadata_signed CHAR(1) +DEFAULT ('N') NOT NULL +CONSTRAINT rhn_cs_ms_ck +CHECK (metadata_signed in ( 'Y' , 'N' )), created date default(sysdate) NOT NULL, modifieddate default(sysdate) NOT NULL ) diff --git a/schema/spacewalk/upgrade/spacewalk-schema-1.4-to-spacewalk-schema-1.5/019-add-metadata_signed.sql b/schema/spacewalk/upgrade/spacewalk-schema-1.4-to-spacewalk-schema-1.5/019-add-metadata_signed.sql new file mode 100644 index 000..8839641 --- /dev/null +++ b/schema/spacewalk/upgrade/spacewalk-schema-1.4-to-spacewalk-schema-1.5/019-add-metadata_signed.sql @@ -0,0 +1,16 @@ +-- +-- Copyright (c) 2011 SUSE LINUX Products GmbH +-- +-- This software is licensed to you under the GNU General Public License, +-- version 2 (GPLv2). There is NO WARRANTY for this software, express or +-- implied, including the implied warranties of MERCHANTABILITY or FITNESS +-- FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 +-- along with this software; if not, see +-- http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. +-- +-- +alter table rhnContentSource +add metadata_signed char(1) default('N') +constraint rhn_cs_ms_nn not null +constraint rhn_cs_ms_ck +check (metadata_signed in ('Y','N')); -- 1.7.3.4 From 77ea4ace147ac72ebc2834bb8954b53198278da5 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sat, 21 May 2011 16:17:29 +0200 Subject: [PATCH 2/3] add has signed metadata checkbox to manage repositories page --- .../rhn/domain/channel/ContentSource.hbm.xml |1 + .../redhat/rhn/domain/channel/ContentSource.java | 17 .../channel/manage/repo/RepoDetailsAction.java | 16 +++ .../frontend/strings/jsp/StringResource_en_US.xml |3 ++ .../rhn/manager/channel/repo/BaseRepoCommand.java | 21 .../redhat/rhn/taskomatic/task/RepoSyncTask.java |1 + .../pages/channel/manage/repo/repodetails.jsp |8 +++ java/code/webapp/WEB-INF/struts-config.xml |1 + 8 files changed, 68 insertions(+), 0 deletions(-) diff --git a/java/code/src/com/redhat/rhn/domain/channel/ContentSource.hbm.xml b/java/code/src/com/redhat/rhn/domain/channel/ContentSource.hbm.xml index 79ad517..39bf85f 100644 --- a/java/code/src/com/redhat/rhn/domain/channel/ContentSource.hbm.xml +++ b/java/code/src/com/redhat/rhn/domain/channel/ContentSource.hbm.xml @@ -17,6 +17,7 @@ PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN" + channels = new HashSet(); /** * @return Returns the label. @@ -78,6 +82,19 @@ public class ContentSource extends BaseDomainHelper implements Identifiable { this.id = idIn; } +/** + * @return Returns metadataSigned + */ +public boolean getMetadataSigned() { +return this.metadataSigned; +} + +/** + * @param md set metadataSigned + */ +public void s
[Spacewalk-devel] Oracle (+) syntax
Hi, I just came across the query "visible_to_system" in SystemGroup_queries.xml: SELECT MAX(DECODE(VSGM.server_id, :sid, 1, 0)) is_system_member, VSGM.GROUP_ID id, VSGM.GROUP_NAME, VSGM.GROUP_TYPE, VSGM.CURRENT_MEMBERS, VSGM.MAX_MEMBERS, DECODE(USGP.server_group_id,VSGM.group_id,1,0) AS USER_PERMITTED_ACCESS FROM rhnVisServerGroupMembership VSGM, rhnUserServerGroupPerms USGP WHERE VSGM.ORG_ID = :org_id AND :user_id = USGP.user_id (+) AND VSGM.group_id = USGP.server_group_id (+) GROUP BY VSGM.group_id, VSGM.group_name, VSGM.group_type, VSGM.current_members, VSGM.max_members, USGP.server_group_id ORDER BY UPPER(VSGM.group_name), VSGM.group_id While I do understand that (+) is the old fashioned Oracle syntax for outer joins, I'm having trouble understanding what the (+) does in the condition ':user_id = USGP.user_id (+)', since it's not join-related. I did some quick tests on an Oracle installation but I couldn't make sense of it. Any help would be appreciated. Best regards, Julian ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Oracle (+) syntax
On Tue, May 24, 2011 at 12:14:16PM +, Julian Einwag - rockenstein AG wrote: > > I just came across the query "visible_to_system" in SystemGroup_queries.xml: > > SELECT MAX(DECODE(VSGM.server_id, :sid, 1, 0)) is_system_member, > VSGM.GROUP_ID id, > VSGM.GROUP_NAME, > VSGM.GROUP_TYPE, > VSGM.CURRENT_MEMBERS, > VSGM.MAX_MEMBERS, > DECODE(USGP.server_group_id,VSGM.group_id,1,0) AS > USER_PERMITTED_ACCESS > FROM rhnVisServerGroupMembership VSGM, rhnUserServerGroupPerms USGP >WHERE VSGM.ORG_ID = :org_id > AND :user_id = USGP.user_id (+) > AND VSGM.group_id = USGP.server_group_id (+) > GROUP BY VSGM.group_id, VSGM.group_name, VSGM.group_type, > VSGM.current_members, VSGM.max_members, USGP.server_group_id > ORDER BY UPPER(VSGM.group_name), VSGM.group_id > > While I do understand that (+) is the old fashioned Oracle syntax for outer > joins, I'm having trouble understanding what the (+) does in the condition > ':user_id = USGP.user_id (+)', since it's not join-related. I did some quick > tests on an Oracle installation but I couldn't make sense of it. > > Any help would be appreciated. Think of it as if you had ( select :user_id from dual ) and an outer join of this subselect with that USGP. The AND :user_id = USGP.user_id (+) matches where the USGP.user_id is the same as :user_id, or where the USGP's columns have NULL value due to the records not being present at all. You can try select web_customer.id, web_contact.id from web_customer, web_contact where web_customer.id = web_contact.id (+) and 1 = web_contact.id (+) to see something similar -- on my system it returns ID ID -- -- 1 1 2 3 4 5 25 26 46 66 -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] erratas and the client plugin package action
On 05/23/2011 04:45 PM, Jan Pazdziora wrote: On Thu, May 19, 2011 at 11:46:37AM +0200, Ionuț Arțăriși wrote: On 05/18/2011 05:05 PM, Jan Pazdziora wrote: On Wed, May 18, 2011 at 02:38:54PM +0200, Ionuț Arțăriși wrote: On 05/18/2011 01:14 PM, Jan Pazdziora wrote: ... Nack. This is SQL-injection-prone. You have to use bind parameters or sanitize the input properly. Thanks, I have fixed the SQL issue. It's still somewhat missing in your patch. Ok, I think I now understood what you mean. Here's the re-patched patch :). Good. Now all that is left is make sure the call cannot be used to access information which should not be accessible to the server. If you check the getErrataInfo and take it as an example, you will see how to authenticate / authorize, and we will need the query extended to join with (probably) rhnServerChannel and rhnChannelErrata. Thanks, I think this should be fixed now. Those SQL IN operations seem to be quite tedious. Is there anywhere that we could move this _bind_list function? Perhaps to something like rhnSQL.bind_list? I haven't found any other helpers like this already in rhnSQL, but I've seen it used in other places. It is certainly possible. I looked a bit more into rhnSQL and I found two more helpers in rhnSQL.sql_lib. It looks like a good place for adding the bind_list function. -Ionuț >From 3688631b956423aa3a0b31d370f98b177462272a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ionu=C8=9B=20Ar=C8=9B=C4=83ri=C8=99i?= Date: Tue, 24 May 2011 14:53:40 +0200 Subject: [PATCH] added errata.getErrataNamesById function to the API --- backend/server/handlers/xmlrpc/errata.py | 56 ++ 1 files changed, 56 insertions(+), 0 deletions(-) diff --git a/backend/server/handlers/xmlrpc/errata.py b/backend/server/handlers/xmlrpc/errata.py index 5b11637..ef161cd 100644 --- a/backend/server/handlers/xmlrpc/errata.py +++ b/backend/server/handlers/xmlrpc/errata.py @@ -35,6 +35,7 @@ class Errata(rhnHandler): self.functions.append('GetByPackage') # Clients v1- self.functions.append('getPackageErratum') # Clients v2+ self.functions.append('getErrataInfo') # clients v2+ +self.functions.append('getErrataNamesById') def GetByPackage(self, pkg, osRel): """ Clients v1- Get errata for a package given "n-v-r" format @@ -242,7 +243,62 @@ class Errata(rhnHandler): pkg_arch]) return ret +def getErrataNamesById(self, system_id, errata_ids): +"""Return a list of RhnErrata tuples of (id, advisory_name) +IN: system_id - id of the system requesting this info (must be +subscribed to the channel that contains the erratas) +errata_ids - a list of RhnErrata ids + +Only the erratas that belong to channels that the client system +is subscribed to are returned. If no erratas match this +criterion, then an empty list is returned. + +""" +log_debug(5, system_id, errata_ids) +self.auth_system(system_id) + +log_debug(1, self.server_id, errata_ids) + +sql_list, bound_vars = _bind_list(errata_ids) +bound_vars.update({'server_id': self.server_id}) + +sql = """SELECT DISTINCT e.id, e.advisory_name + FROM rhnErrata e, + rhnPackage p, + rhnChannelPackage cp, + rhnServerChannel sc, + rhnErrataPackage ep + WHERE e.id in (%s) AND + ep.errata_id = e.id AND + ep.package_id = p.id AND + sc.server_id = :server_id AND + sc.channel_id = cp.channel_id AND + cp.package_id = p.id""" +h = rhnSQL.prepare(sql % sql_list) +h.execute(**bound_vars) + +return h.fetchall() + + +def _bind_list(elems): +"""Transform a list into an sql list with bound parameters + +IN: elems - a list of elements + +Returns a tuple of: + sql_list - a comma separated list of parameter numbers: 'p_0, p_1, p_2' + bound_vars - a dict of parameter names and values {'p_0': 42, 'p_1': 34} + +""" +bound_names = [] +bound_vars = {} +for i, elem in enumerate(elems): +bound_vars['p_%s' % i] = elem +bound_names.append(':p_%s' % i) +sql_list = ', '.join(bound_names) +return sql_list, bound_vars + #- if __name__ == "__main__": print "You can not run this module by itself" -- 1.7.4.4 ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Oracle (+) syntax
On 24.05.2011, at 14:26, Jan Pazdziora wrote: > Think of it as if you had > > ( > select :user_id from dual > ) > > and an outer join of this subselect with that USGP. > > The > > AND :user_id = USGP.user_id (+) > > matches where the USGP.user_id is the same as :user_id, or where the > USGP's columns have NULL value due to the records not being present at > all. Thanks, think I got it. So it's no different than the effect of (+) in the usual join conditions. > You can try > > select web_customer.id, web_contact.id > from web_customer, web_contact > where web_customer.id = web_contact.id (+) > and 1 = web_contact.id (+) > > to see something similar -- on my system it returns > > ID ID > -- -- >1 1 >2 >3 >4 >5 > 25 > 26 > 46 > 66 So basically the following in ANSI syntax would be equivalent: select web_customer.id, web_contact.id from web_customer left join web_contact on web_customer.id = web_contact.id and 1 = web_contact.id Bes regards, Julian ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Oracle (+) syntax
On Tue, May 24, 2011 at 01:49:31PM +, Julian Einwag - rockenstein AG wrote: > > So basically the following in ANSI syntax would be equivalent: > > select web_customer.id, web_contact.id > from web_customer left join web_contact on web_customer.id = web_contact.id > and 1 = web_contact.id Right. At least the result is the same on my test database. -- Jan Pazdziora Principal Software Engineer, Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] Oracle (+) syntax
Julian Einwag - rockenstein AG writes: > So basically the following in ANSI syntax would be equivalent: > select web_customer.id, web_contact.id > from web_customer left join web_contact on web_customer.id = web_contact.id > and 1 = web_contact.id I've never been perfectly clear about how Oracle's syntax works either :-) So if you were to leave off the (+) on that WHERE condition, it would be equivalent to putting the condition into WHERE instead of JOIN/ON in ANSI syntax, correct? Also, at least in Postgres, the result of doing the latter would be that you didn't get an outer join at all: the optimizer would conclude that no null-extended row could get past the WHERE clause, so it would reduce the left join to a plain join. I assume Oracle's optimizer knows that too. So you need to (+)-mark *every* clause involving variables from the inner side of the intended left join, or it won't work as desired. Seems like a bit of a foot-gun ... regards, tom lane ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
[Spacewalk-devel] SFDC#00474175 - webUI returns 503 error when accessing the system tab (Customer: Comcast)
Howdy team, We in GSS are currently working a sev1 case from Comcast, which customer are hitting the 503 HTTP error pages when trying to access the system tab on the webUI for Satellite 5.4. All the other functions (yum, create channel, etc) works as expected. [Fri May 20 14:30:00 2011] [error] (111)Connection refused: proxy: AJP: attempt to connect to 127.0.0.1:8009 (*) failed [Fri May 20 14:30:00 2011] [error] proxy: AJP: failed to make connection to backend: localhost [Fri May 20 14:30:04 2011] [error] (111)Connection refused: proxy: AJP: attempt to connect to 127.0.0.1:8009 (*) failed [Fri May 20 14:30:04 2011] [error] proxy: AJP: failed to make connection to backend: localhost Customer environment: * External Database Oracle 11 * RHN Satellite 5.4 * Issue: when using webUI and clicking System tab, customer receive an 503 HTTPD error. The other tabs works (little slowly), but no 503's errors. Diagnostics Steps: Database query times In order to check if the bottleneck was the external DB, we ran the SQL manually and the SQL ran pretty quickly. -- Show systems (rhn/systems/Overview.do) SELECT DISTINCT S.id, S.name, (SELECT 1 FROM rhnServerFeaturesView SFV WHERE SFV.server_id = S.id AND SFV.label = 'ftr_system_grouping') AS selectable FROM rhnServer S inner join rhnUserServerPerms USP on S.id = USP.server_id WHERE USP.user_id = &rhnuser_id; -- Show systems in Group (rhn/systems/Overview.do?showgroups=true) SELECT SGM.server_id AS ID, S.name AS NAME, (SELECT 1 FROM rhnServerFeaturesView SFV WHERE SFV.server_id = S.id AND SFV.label = 'ftr_system_grouping') AS selectable FROM rhnServer S, rhnServerGroupMembers SGM WHERE SGM.server_group_id = &rhnServerGroup_id AND SGM.server_id = S.id AND EXISTS (SELECT 1 FROM rhnServerFeaturesView SFV WHERE SFV.server_id = S.id AND SFV.label = 'ftr_system_grouping') ORDER BY UPPER(NVL(S.NAME, '(none)')), S.ID; The queries seems to be ok. {SNIP} ... 118206 espmon-po-1p.cable.comcast.com 1 118235 ocepcui-wc-1p.sys.comcast.net 1 2477 rows selected. Elapsed: 00:00:11.14 {SNIP} 116310 xg3 1 113457 xtaweb-nb-01p.philadelphia.pa.bo.comcast.net 1 2377 rows selected. Elapsed: 00:00:10.65 Customer have +- 3800 servers registered in Satellite SQL> select count(*) from rhnserver; COUNT(*) -- 3748 We asked the DB dump from customer, and we imported it on internal reproducer. Hostname: dhcp12.gsslab.rdu.redhat.com SSH: root/redhat webUI: satadmin/redhat Using the customer db, we **COULD NOT** reproduce the issue directly. To load the system tab, at the first time, it took 1-2 minutes to return at the first access. Afterwards, it took almost 50s. To reproduce the issue in-house, we force the timeout to a very low value, then we got the 503 + ajp timeout error. /etc/httpd/conf/httpd.conf From: Timeout 120 To: Timeout 10 /etc/httpd/conf.d/zz-spacewalk-www.conf From: RewriteRule ^/rhn(.*) ajp://localhost:8009/rhn$1 [P] RewriteRule ^(/.*\.(do|jsp)(\?.*)?)$ ajp://localhost:8009/$1 [P] To: RewriteRule ^/rhn(.*) ajp://localhost:8009/rhn$1 [P] timeout=10 RewriteRule ^(/.*\.(do|jsp)(\?.*)?)$ ajp://localhost:8009/$1 [P] timeout=10 Afterwards, we restarted Satellite. [root@dhcp12 conf.d]# tail -f /var/log/httpd/error_log [Tue May 24 11:58:19 2011] [notice] Digest: done [Tue May 24 11:58:19 2011] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads. [Tue May 24 11:58:19 2011] [notice] Apache configured -- resuming normal operations [Tue May 24 11:58:23 2011] [error] (111)Connection refused: proxy: AJP: attempt to connect to 127.0.0.1:8009 (*) failed [Tue May 24 11:58:23 2011] [error] proxy: AJP: failed to make connection to backend: localhost [Tue May 24 11:58:27 2011] [error] (111)Connection refused: proxy: AJP: attempt to connect to 127.0.0.1:8009 (*) failed [Tue May 24 11:58:27 2011] [error] proxy: AJP: failed to make connection to backend: localhost [Tue May 24 11:58:50 2011] [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive header [Tue May 24 11:59:37 2011] [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive header [Tue May 24 12:00:25 2011] [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive header [root@dhcp12 conf.d]# tail -f /var/log/httpd/ssl_access_log 10.11.9.75 - - [24/May/2011:12:09:37