Re: [Spacewalk-devel] YUM RHN Lock Plugin
On 06/14/2012 03:37 PM, Jan Hutař wrote: On Wed, 13 Jun 2012 08:49:46 -0400 Musayev, Ilya imusa...@webmd.net wrote: That is correct. You can also install via RPM. If I'm not mistaken, --noplugings will also cut off rhn-plugin and therefore there will be no rhn repos. Ideally, it would be nice to integrate RHN LOCK with rhn-yum-plugin. That way if system locked - it is truly locked from both aspects (GUI and CLI) and you would not be able to disable lock independently. Hello, of course, yum have --disableplugin=[plugin] as well. What I wanted to say is: that plugin might be creating some false feeling of something being disabled/secured. If it is meant more do not incidentally install packages on locked system, then it is OK. Regards, Jan I believe this is exactly why Ilya wants this integrated with rhn-yum-plugin, so that it could not be disabled separately. -Stephen ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
On 06/13/2012 10:45 PM, Musayev, Ilya wrote: Am I correct in my assumptions and would the proposed changes be acceptable? You are very correct and yes that would be acceptable. -- Miroslav Suchy Red Hat Satellite Engineering ___ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
On Wed, 13 Jun 2012 08:49:46 -0400 Musayev, Ilya
imusa...@webmd.net wrote:
That is correct. You can also install via RPM. If I'm not
mistaken, --noplugings will also cut off rhn-plugin and
therefore there will be no rhn repos.
Ideally, it would be nice to integrate RHN LOCK with
rhn-yum-plugin. That way if system locked - it is truly locked
from both aspects (GUI and CLI) and you would not be able to
disable lock independently.
Hello,
of course, yum have --disableplugin=[plugin] as well. What I
wanted to say is: that plugin might be creating some false
feeling of something being disabled/secured. If it is meant more
do not incidentally install packages on locked system, then it
is OK.
Regards,
Jan
On Jun 13, 2012, at 6:43 AM, Jan Hutař jhu...@redhat.com
wrote:
On Thu, 7 Jun 2012 18:32:06 -0400 Musayev, Ilya
imusa...@webmd.net wrote:
While RHN has a limitation on locking the host from the Web
UI, user is still able to run yum operations from the host
(granted user has proper access).
I wrote a simple YUM plugin to check if the host is locked
in RHN and if it is, prevent yum usage on the host.
Needless to say, this is proof of concept and my python
skills are lacking, nevertheless it works.
TODO:
* Move Authentication part into config - easy to do but not
secure
* Use alternative method of authentication used by
rhnplugin - need to see how that can be done - if it all
possible
I need help with understanding how i can leverage rhnplugin
type of auth with RHN Lock Yum Plugin.
The proof of concept code is below - if you could make any
suggestions and improvements - it would be appreciated.
Thanks
ilya
--- /etc/yum/pluginconf.d/rhnlockplugin.conf
[main]
enabled=1
-- /usr/share/yum-plugins/rhnlockplugin.py
--
from yum.plugins import PluginYumExit, TYPE_CORE,
TYPE_INTERACTIVE from xml.dom import minidom
import xmlrpclib
requires_api_version = '2.3'
plugin_type = (TYPE_CORE, TYPE_INTERACTIVE)
def init_hook(conduit):
conduit.info(2, 'Checking if system is locked in
RHN/Spacewalk') SATELLITE_URL =
http://spacewalk.hostname.com/rpc/api; SATELLITE_LOGIN =
admin SATELLITE_PASSWORD = password
client = xmlrpclib.Server(SATELLITE_URL, verbose=0)
key = client.auth.login(SATELLITE_LOGIN,
SATELLITE_PASSWORD)
#--
def getSystemID(xml):
Print out all names found in xml
doc = minidom.parse(xml)
node = doc.documentElement
members = doc.getElementsByTagName(member)
for member in members:
name = member.getElementsByTagName(name)
[0].firstChild.data if name == system_id:
value = \
member.getElementsByTagName(string)
[0].firstChild.data return value.replace(ID-,)
def getLockStatus(sysID):
Function to check if the host is locked
details = client.system.getDetails(key, int(sysID))
if details['lock_status']:
#print ERROR: Skipping RHN/Spacewalk locked
#system %s % sysID
raise PluginYumExit('ERROR: Skipping
RHN/Spacewalk locked system: %s' % sysID) else:
print NOTE: This host in not locked in
RHN/Spacewalk
systemIDfile = '/etc/sysconfig/rhn/systemid'
mySystemID = getSystemID(systemIDfile)
getLockStatus(getSystemID(systemIDfile))
client.auth.logout(key)
---
Hello,
not sure what you want to achieve here, but note you can do
`yum
--noplugins ...` which would just disable the plugin and
allow normal yum operation.
Regards,
Jan
--
Jan Hutar Systems Management QA
jhu...@redhat.com Red Hat, Inc.
--
Jan Hutar Systems Management QA
jhu...@redhat.com Red Hat, Inc.
pgpth5xxzcMun.pgp
Description: PGP signature
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
On Thu, 7 Jun 2012 18:32:06 -0400 Musayev, Ilya
imusa...@webmd.net wrote:
While RHN has a limitation on locking the host from the Web
UI, user is still able to run yum operations from the host
(granted user has proper access).
I wrote a simple YUM plugin to check if the host is locked in
RHN and if it is, prevent yum usage on the host.
Needless to say, this is proof of concept and my python skills
are lacking, nevertheless it works.
TODO:
* Move Authentication part into config - easy to do but not
secure
* Use alternative method of authentication used by rhnplugin -
need to see how that can be done - if it all possible
I need help with understanding how i can leverage rhnplugin
type of auth with RHN Lock Yum Plugin.
The proof of concept code is below - if you could make any
suggestions and improvements - it would be appreciated.
Thanks
ilya
--- /etc/yum/pluginconf.d/rhnlockplugin.conf
[main]
enabled=1
-- /usr/share/yum-plugins/rhnlockplugin.py --
from yum.plugins import PluginYumExit, TYPE_CORE,
TYPE_INTERACTIVE from xml.dom import minidom
import xmlrpclib
requires_api_version = '2.3'
plugin_type = (TYPE_CORE, TYPE_INTERACTIVE)
def init_hook(conduit):
conduit.info(2, 'Checking if system is locked in
RHN/Spacewalk') SATELLITE_URL =
http://spacewalk.hostname.com/rpc/api; SATELLITE_LOGIN =
admin SATELLITE_PASSWORD = password
client = xmlrpclib.Server(SATELLITE_URL, verbose=0)
key = client.auth.login(SATELLITE_LOGIN,
SATELLITE_PASSWORD)
#--
def getSystemID(xml):
Print out all names found in xml
doc = minidom.parse(xml)
node = doc.documentElement
members = doc.getElementsByTagName(member)
for member in members:
name = member.getElementsByTagName(name)
[0].firstChild.data if name == system_id:
value = \
member.getElementsByTagName(string)
[0].firstChild.data return value.replace(ID-,)
def getLockStatus(sysID):
Function to check if the host is locked
details = client.system.getDetails(key, int(sysID))
if details['lock_status']:
#print ERROR: Skipping RHN/Spacewalk locked
#system %s % sysID
raise PluginYumExit('ERROR: Skipping RHN/Spacewalk
locked system: %s' % sysID) else:
print NOTE: This host in not locked in
RHN/Spacewalk
systemIDfile = '/etc/sysconfig/rhn/systemid'
mySystemID = getSystemID(systemIDfile)
getLockStatus(getSystemID(systemIDfile))
client.auth.logout(key)
---
Hello,
not sure what you want to achieve here, but note you can do `yum
--noplugins ...` which would just disable the plugin and allow
normal yum operation.
Regards,
Jan
--
Jan Hutar Systems Management QA
jhu...@redhat.com Red Hat, Inc.
pgpbpG0Ej6Xyi.pgp
Description: PGP signature
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
That is correct. You can also install via RPM. If I'm not mistaken,
--noplugings will also cut off rhn-plugin and therefore there will be no rhn
repos.
Ideally, it would be nice to integrate RHN LOCK with rhn-yum-plugin. That way
if system locked - it is truly locked from both aspects (GUI and CLI) and you
would not be able to disable lock independently.
On Jun 13, 2012, at 6:43 AM, Jan Hutař jhu...@redhat.com wrote:
On Thu, 7 Jun 2012 18:32:06 -0400 Musayev, Ilya
imusa...@webmd.net wrote:
While RHN has a limitation on locking the host from the Web
UI, user is still able to run yum operations from the host
(granted user has proper access).
I wrote a simple YUM plugin to check if the host is locked in
RHN and if it is, prevent yum usage on the host.
Needless to say, this is proof of concept and my python skills
are lacking, nevertheless it works.
TODO:
* Move Authentication part into config - easy to do but not
secure
* Use alternative method of authentication used by rhnplugin -
need to see how that can be done - if it all possible
I need help with understanding how i can leverage rhnplugin
type of auth with RHN Lock Yum Plugin.
The proof of concept code is below - if you could make any
suggestions and improvements - it would be appreciated.
Thanks
ilya
--- /etc/yum/pluginconf.d/rhnlockplugin.conf
[main]
enabled=1
-- /usr/share/yum-plugins/rhnlockplugin.py --
from yum.plugins import PluginYumExit, TYPE_CORE,
TYPE_INTERACTIVE from xml.dom import minidom
import xmlrpclib
requires_api_version = '2.3'
plugin_type = (TYPE_CORE, TYPE_INTERACTIVE)
def init_hook(conduit):
conduit.info(2, 'Checking if system is locked in
RHN/Spacewalk') SATELLITE_URL =
http://spacewalk.hostname.com/rpc/api; SATELLITE_LOGIN =
admin SATELLITE_PASSWORD = password
client = xmlrpclib.Server(SATELLITE_URL, verbose=0)
key = client.auth.login(SATELLITE_LOGIN,
SATELLITE_PASSWORD)
#--
def getSystemID(xml):
Print out all names found in xml
doc = minidom.parse(xml)
node = doc.documentElement
members = doc.getElementsByTagName(member)
for member in members:
name = member.getElementsByTagName(name)
[0].firstChild.data if name == system_id:
value = \
member.getElementsByTagName(string)
[0].firstChild.data return value.replace(ID-,)
def getLockStatus(sysID):
Function to check if the host is locked
details = client.system.getDetails(key, int(sysID))
if details['lock_status']:
#print ERROR: Skipping RHN/Spacewalk locked
#system %s % sysID
raise PluginYumExit('ERROR: Skipping RHN/Spacewalk
locked system: %s' % sysID) else:
print NOTE: This host in not locked in
RHN/Spacewalk
systemIDfile = '/etc/sysconfig/rhn/systemid'
mySystemID = getSystemID(systemIDfile)
getLockStatus(getSystemID(systemIDfile))
client.auth.logout(key)
---
Hello,
not sure what you want to achieve here, but note you can do `yum
--noplugins ...` which would just disable the plugin and allow
normal yum operation.
Regards,
Jan
--
Jan Hutar Systems Management QA
jhu...@redhat.com Red Hat, Inc.
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
So I did a little more exploration of xml rpc server handlers to figure out
how it works.
This is my understanding of what's happening.
The up2date server handler does not have any functions that query server
details to get the lock status - that I could use. I see an example in queue.py
handler server file that checks If the host is locked. My guess would be to
add a functionality in up2date xmlrpc server handler to check the server lock.
Once that is exposed on the server side, I can write the class on the
up2date_client side that will integrate with YUM RHN LOCK to pull the server
lock status. This way, I will avoid the usage of static SERVER, USERNAME and
PASSWORD and use up2date.Auth mechanism.
Am I correct in my assumptions and would the proposed changes be acceptable?
-Original Message-
From: spacewalk-devel-boun...@redhat.com
[mailto:spacewalk-devel-boun...@redhat.com] On Behalf Of Musayev, Ilya
Sent: Tuesday, June 12, 2012 2:16 PM
To: spacewalk-devel@redhat.com
Subject: Re: [Spacewalk-devel] YUM RHN Lock Plugin
Mirek,
I was looking at up2date client libraries, I'm bit confused as to how it
functions with RHN/Spacewalk. Specifically, I'm at loss how I would make a call
to get server details to see if it is locked. I dug through the libraries
(which is not well documented) and could not find anything the clearly
illustrates the interaction with RHN via RHN APIs.
If there is a doc you can point me too or an example - I would certainly
appreciate it.
Thanks
Regards
ilya
-Original Message-
From: spacewalk-devel-boun...@redhat.com
[mailto:spacewalk-devel-boun...@redhat.com] On Behalf Of Musayev, Ilya
Sent: Friday, June 08, 2012 10:50 AM
To: spacewalk-devel@redhat.com
Cc: spacewalk-devel@redhat.com
Subject: Re: [Spacewalk-devel] YUM RHN Lock Plugin
Thanks Mirek
I will try to polish it, your response is very helpful.
Regards
Ilya
On Jun 8, 2012, at 4:57 AM, Miroslav Suchý msu...@redhat.com wrote:
On 06/08/2012 12:32 AM, Musayev, Ilya wrote:
The proof of concept code is below - if you could make any suggestions and
improvements - it would be appreciated.
Instead of getSystemID(xml) you can use:
from rhn import rpclib
system_id = re.sub('^ID-', '',
rpclib.xmlrpclib.loads(up2dateAuth.getSystemId())[0][0]['system_id'])
Instead of:
client = xmlrpclib.Server(SATELLITE_URL, verbose=0) key =
client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD) you can do:
cfg = config.initUp2dateConfig()
satellite_url = config.getServerlURL()[0] scheme, netloc, path,
query, fragment = \
urlparse.urlsplit(satellite_url)
satellite_url = urlparse.urlunsplit((scheme, netloc, '/rpc/api',
query, fragment)) client = xmlrpclib.Server(satellite_url, verbose=0)
This seems to be longer and complicated, but you get spacewalk url
from config and you will get all url of possible parents. You may have
more then once for fail over.
It would be nice if you do instead of:
satellite_url = config.getServerlURL()[0] loop over all items in
config.getServerlURL() if some network error happen.
Additionaly I would change:
enabled=1
to 0. Because it will cause huge problem to people who install it, but
did not register to Spacewalk server.
Anyway - good idea. If you will polish it and test it, I will be happy
to merge it to yum-rhn-plugin.
--
Miroslav Suchy
Red Hat Satellite Engineering
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
Mirek,
I was looking at up2date client libraries, I'm bit confused as to how it
functions with RHN/Spacewalk. Specifically, I'm at loss how I would make a call
to get server details to see if it is locked. I dug through the libraries
(which is not well documented) and could not find anything the clearly
illustrates the interaction with RHN via RHN APIs.
If there is a doc you can point me too or an example - I would certainly
appreciate it.
Thanks
Regards
ilya
-Original Message-
From: spacewalk-devel-boun...@redhat.com
[mailto:spacewalk-devel-boun...@redhat.com] On Behalf Of Musayev, Ilya
Sent: Friday, June 08, 2012 10:50 AM
To: spacewalk-devel@redhat.com
Cc: spacewalk-devel@redhat.com
Subject: Re: [Spacewalk-devel] YUM RHN Lock Plugin
Thanks Mirek
I will try to polish it, your response is very helpful.
Regards
Ilya
On Jun 8, 2012, at 4:57 AM, Miroslav Suchý msu...@redhat.com wrote:
On 06/08/2012 12:32 AM, Musayev, Ilya wrote:
The proof of concept code is below - if you could make any suggestions and
improvements - it would be appreciated.
Instead of getSystemID(xml) you can use:
from rhn import rpclib
system_id = re.sub('^ID-', '',
rpclib.xmlrpclib.loads(up2dateAuth.getSystemId())[0][0]['system_id'])
Instead of:
client = xmlrpclib.Server(SATELLITE_URL, verbose=0) key =
client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD) you can do:
cfg = config.initUp2dateConfig()
satellite_url = config.getServerlURL()[0] scheme, netloc, path,
query, fragment = \
urlparse.urlsplit(satellite_url)
satellite_url = urlparse.urlunsplit((scheme, netloc, '/rpc/api',
query, fragment)) client = xmlrpclib.Server(satellite_url, verbose=0)
This seems to be longer and complicated, but you get spacewalk url
from config and you will get all url of possible parents. You may have
more then once for fail over.
It would be nice if you do instead of:
satellite_url = config.getServerlURL()[0] loop over all items in
config.getServerlURL() if some network error happen.
Additionaly I would change:
enabled=1
to 0. Because it will cause huge problem to people who install it, but
did not register to Spacewalk server.
Anyway - good idea. If you will polish it and test it, I will be happy
to merge it to yum-rhn-plugin.
--
Miroslav Suchy
Red Hat Satellite Engineering
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
On 06/08/2012 12:32 AM, Musayev, Ilya wrote:
The proof of concept code is below - if you could make any suggestions and
improvements - it would be appreciated.
Instead of getSystemID(xml) you can use:
from rhn import rpclib
system_id = re.sub('^ID-', '',
rpclib.xmlrpclib.loads(up2dateAuth.getSystemId())[0][0]['system_id'])
Instead of:
client = xmlrpclib.Server(SATELLITE_URL, verbose=0)
key = client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD)
you can do:
cfg = config.initUp2dateConfig()
satellite_url = config.getServerlURL()[0]
scheme, netloc, path, query, fragment = \
urlparse.urlsplit(satellite_url)
satellite_url = urlparse.urlunsplit((scheme, netloc, '/rpc/api',
query, fragment))
client = xmlrpclib.Server(satellite_url, verbose=0)
This seems to be longer and complicated, but you get spacewalk url from
config and you will get all url of possible parents. You may have more
then once for fail over.
It would be nice if you do instead of:
satellite_url = config.getServerlURL()[0]
loop over all items in config.getServerlURL() if some network error happen.
Additionaly I would change:
enabled=1
to 0. Because it will cause huge problem to people who install it, but
did not register to Spacewalk server.
Anyway - good idea. If you will polish it and test it, I will be happy
to merge it to yum-rhn-plugin.
--
Miroslav Suchy
Red Hat Satellite Engineering
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
On 06/08/2012 04:55 AM, Miroslav Suchý wrote:
On 06/08/2012 12:32 AM, Musayev, Ilya wrote:
The proof of concept code is below - if you could make any suggestions
and improvements - it would be appreciated.
Instead of getSystemID(xml) you can use:
from rhn import rpclib
system_id = re.sub('^ID-', '',
rpclib.xmlrpclib.loads(up2dateAuth.getSystemId())[0][0]['system_id'])
Instead of:
client = xmlrpclib.Server(SATELLITE_URL, verbose=0)
key = client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD)
you can do:
cfg = config.initUp2dateConfig()
satellite_url = config.getServerlURL()[0]
scheme, netloc, path, query, fragment = \
urlparse.urlsplit(satellite_url)
satellite_url = urlparse.urlunsplit((scheme, netloc, '/rpc/api', query,
fragment))
client = xmlrpclib.Server(satellite_url, verbose=0)
This seems to be longer and complicated, but you get spacewalk url from
config and you will get all url of possible parents. You may have more
then once for fail over.
It would be nice if you do instead of:
satellite_url = config.getServerlURL()[0]
loop over all items in config.getServerlURL() if some network error happen.
Additionaly I would change:
enabled=1
to 0. Because it will cause huge problem to people who install it, but
did not register to Spacewalk server.
Anyway - good idea. If you will polish it and test it, I will be happy
to merge it to yum-rhn-plugin.
I think the main flaw in this is that the username/password is being
used to login via public APIs to get this information. I suspect that
long term a solution such as this would need to be able to gather this
information without needing to login with username/password.
It is though a nice quick solution to this problem.
Cliff
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
Thanks Mirek
I will try to polish it, your response is very helpful.
Regards
Ilya
On Jun 8, 2012, at 4:57 AM, Miroslav Suchý msu...@redhat.com wrote:
On 06/08/2012 12:32 AM, Musayev, Ilya wrote:
The proof of concept code is below - if you could make any suggestions and
improvements - it would be appreciated.
Instead of getSystemID(xml) you can use:
from rhn import rpclib
system_id = re.sub('^ID-', '',
rpclib.xmlrpclib.loads(up2dateAuth.getSystemId())[0][0]['system_id'])
Instead of:
client = xmlrpclib.Server(SATELLITE_URL, verbose=0)
key = client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD)
you can do:
cfg = config.initUp2dateConfig()
satellite_url = config.getServerlURL()[0]
scheme, netloc, path, query, fragment = \
urlparse.urlsplit(satellite_url)
satellite_url = urlparse.urlunsplit((scheme, netloc, '/rpc/api',
query, fragment))
client = xmlrpclib.Server(satellite_url, verbose=0)
This seems to be longer and complicated, but you get spacewalk url from
config and you will get all url of possible parents. You may have more
then once for fail over.
It would be nice if you do instead of:
satellite_url = config.getServerlURL()[0]
loop over all items in config.getServerlURL() if some network error happen.
Additionaly I would change:
enabled=1
to 0. Because it will cause huge problem to people who install it, but
did not register to Spacewalk server.
Anyway - good idea. If you will polish it and test it, I will be happy
to merge it to yum-rhn-plugin.
--
Miroslav Suchy
Red Hat Satellite Engineering
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
Re: [Spacewalk-devel] YUM RHN Lock Plugin
Would anyone know if up2dateAuth module could be used to replace
username/password auth to query RHN/SPWLK server via RHN API?
On Jun 7, 2012, at 6:33 PM, Musayev, Ilya imusa...@webmd.net wrote:
While RHN has a limitation on locking the host from the Web UI, user is still
able to run yum operations from the host (granted user has proper access).
I wrote a simple YUM plugin to check if the host is locked in RHN and if it
is, prevent yum usage on the host.
Needless to say, this is proof of concept and my python skills are lacking,
nevertheless it works.
TODO:
* Move Authentication part into config - easy to do but not secure
* Use alternative method of authentication used by rhnplugin - need to see
how that can be done - if it all possible
I need help with understanding how i can leverage rhnplugin type of auth with
RHN Lock Yum Plugin.
The proof of concept code is below - if you could make any suggestions and
improvements - it would be appreciated.
Thanks
ilya
--- /etc/yum/pluginconf.d/rhnlockplugin.conf
[main]
enabled=1
-- /usr/share/yum-plugins/rhnlockplugin.py --
from yum.plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE
from xml.dom import minidom
import xmlrpclib
requires_api_version = '2.3'
plugin_type = (TYPE_CORE, TYPE_INTERACTIVE)
def init_hook(conduit):
conduit.info(2, 'Checking if system is locked in RHN/Spacewalk')
SATELLITE_URL = http://spacewalk.hostname.com/rpc/api;
SATELLITE_LOGIN = admin
SATELLITE_PASSWORD = password
client = xmlrpclib.Server(SATELLITE_URL, verbose=0)
key = client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD)
#--
def getSystemID(xml):
Print out all names found in xml
doc = minidom.parse(xml)
node = doc.documentElement
members = doc.getElementsByTagName(member)
for member in members:
name = member.getElementsByTagName(name)[0].firstChild.data
if name == system_id:
value = \
member.getElementsByTagName(string)[0].firstChild.data
return value.replace(ID-,)
def getLockStatus(sysID):
Function to check if the host is locked
details = client.system.getDetails(key, int(sysID))
if details['lock_status']:
#print ERROR: Skipping RHN/Spacewalk locked system %s % sysID
raise PluginYumExit('ERROR: Skipping RHN/Spacewalk locked system:
%s' % sysID)
else:
print NOTE: This host in not locked in RHN/Spacewalk
systemIDfile = '/etc/sysconfig/rhn/systemid'
mySystemID = getSystemID(systemIDfile)
getLockStatus(getSystemID(systemIDfile))
client.auth.logout(key)
---
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel
