Re: [Spacewalk-devel] Deployment of images built with SUSE Studio
Johannes Renner wrote: % On 06/04/2012 08:47 PM, Miroslav Suchy wrote: % So here is the latest version of the patches. % % Committed (with some white space and check style fixes). Thanks for contribution. % % Thank you very much, here is already a first follow up patch: % % Replace default string with the new constant RhnHelper.DEFAULT_FORWARD, % just for being consistent with recent changes here. % % Regards, % Johannes Applied. Thanks. -- Michael Mráka Satellite Engineering, Red Hat ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
[Spacewalk-devel] YUM RHN Lock Plugin
While RHN has a limitation on locking the host from the Web UI, user is still able to run yum operations from the host (granted user has proper access). I wrote a simple YUM plugin to check if the host is locked in RHN and if it is, prevent yum usage on the host. Needless to say, this is proof of concept and my python skills are lacking, nevertheless it works. TODO: * Move Authentication part into config - easy to do but not secure * Use alternative method of authentication used by rhnplugin - need to see how that can be done - if it all possible I need help with understanding how i can leverage rhnplugin type of auth with RHN Lock Yum Plugin. The proof of concept code is below - if you could make any suggestions and improvements - it would be appreciated. Thanks ilya --- /etc/yum/pluginconf.d/rhnlockplugin.conf [main] enabled=1 -- /usr/share/yum-plugins/rhnlockplugin.py -- from yum.plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE from xml.dom import minidom import xmlrpclib requires_api_version = '2.3' plugin_type = (TYPE_CORE, TYPE_INTERACTIVE) def init_hook(conduit): conduit.info(2, 'Checking if system is locked in RHN/Spacewalk') SATELLITE_URL = http://spacewalk.hostname.com/rpc/api; SATELLITE_LOGIN = admin SATELLITE_PASSWORD = password client = xmlrpclib.Server(SATELLITE_URL, verbose=0) key = client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD) #-- def getSystemID(xml): Print out all names found in xml doc = minidom.parse(xml) node = doc.documentElement members = doc.getElementsByTagName(member) for member in members: name = member.getElementsByTagName(name)[0].firstChild.data if name == system_id: value = \ member.getElementsByTagName(string)[0].firstChild.data return value.replace(ID-,) def getLockStatus(sysID): Function to check if the host is locked details = client.system.getDetails(key, int(sysID)) if details['lock_status']: #print ERROR: Skipping RHN/Spacewalk locked system %s % sysID raise PluginYumExit('ERROR: Skipping RHN/Spacewalk locked system: %s' % sysID) else: print NOTE: This host in not locked in RHN/Spacewalk systemIDfile = '/etc/sysconfig/rhn/systemid' mySystemID = getSystemID(systemIDfile) getLockStatus(getSystemID(systemIDfile)) client.auth.logout(key) --- ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
Would anyone know if up2dateAuth module could be used to replace username/password auth to query RHN/SPWLK server via RHN API? On Jun 7, 2012, at 6:33 PM, Musayev, Ilya imusa...@webmd.net wrote: While RHN has a limitation on locking the host from the Web UI, user is still able to run yum operations from the host (granted user has proper access). I wrote a simple YUM plugin to check if the host is locked in RHN and if it is, prevent yum usage on the host. Needless to say, this is proof of concept and my python skills are lacking, nevertheless it works. TODO: * Move Authentication part into config - easy to do but not secure * Use alternative method of authentication used by rhnplugin - need to see how that can be done - if it all possible I need help with understanding how i can leverage rhnplugin type of auth with RHN Lock Yum Plugin. The proof of concept code is below - if you could make any suggestions and improvements - it would be appreciated. Thanks ilya --- /etc/yum/pluginconf.d/rhnlockplugin.conf [main] enabled=1 -- /usr/share/yum-plugins/rhnlockplugin.py -- from yum.plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE from xml.dom import minidom import xmlrpclib requires_api_version = '2.3' plugin_type = (TYPE_CORE, TYPE_INTERACTIVE) def init_hook(conduit): conduit.info(2, 'Checking if system is locked in RHN/Spacewalk') SATELLITE_URL = http://spacewalk.hostname.com/rpc/api; SATELLITE_LOGIN = admin SATELLITE_PASSWORD = password client = xmlrpclib.Server(SATELLITE_URL, verbose=0) key = client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD) #-- def getSystemID(xml): Print out all names found in xml doc = minidom.parse(xml) node = doc.documentElement members = doc.getElementsByTagName(member) for member in members: name = member.getElementsByTagName(name)[0].firstChild.data if name == system_id: value = \ member.getElementsByTagName(string)[0].firstChild.data return value.replace(ID-,) def getLockStatus(sysID): Function to check if the host is locked details = client.system.getDetails(key, int(sysID)) if details['lock_status']: #print ERROR: Skipping RHN/Spacewalk locked system %s % sysID raise PluginYumExit('ERROR: Skipping RHN/Spacewalk locked system: %s' % sysID) else: print NOTE: This host in not locked in RHN/Spacewalk systemIDfile = '/etc/sysconfig/rhn/systemid' mySystemID = getSystemID(systemIDfile) getLockStatus(getSystemID(systemIDfile)) client.auth.logout(key) --- ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel