[Spacewalk-devel] YUM RHN Lock Plugin

Musayev, Ilya Thu, 07 Jun 2012 15:34:37 -0700

While RHN has a limitation on locking the host from the Web UI, user is still 
able to run yum operations from the host (granted user has proper access).


I wrote a simple YUM plugin to check if the host is locked in RHN and if it is, 
prevent yum usage on the host.

Needless to say, this is proof of concept and my python skills are lacking, 
nevertheless it works.

TODO:
* Move Authentication part into config - easy to do but not secure
* Use alternative method of authentication used by rhnplugin - need to see how 
that can be done - if it all possible

I need help with understanding how i can leverage rhnplugin type of auth with 
RHN Lock Yum Plugin.

The proof of concept code is below - if you could make any suggestions and 
improvements - it would be appreciated.


Thanks
ilya



----------- /etc/yum/pluginconf.d/rhnlockplugin.conf --------
[main]
enabled=1
------------


---------- /usr/share/yum-plugins/rhnlockplugin.py ----------

from yum.plugins import PluginYumExit, TYPE_CORE, TYPE_INTERACTIVE
from xml.dom import minidom
import xmlrpclib

requires_api_version = '2.3'
plugin_type = (TYPE_CORE, TYPE_INTERACTIVE)

def init_hook(conduit):
    conduit.info(2, 'Checking if system is locked in RHN/Spacewalk')
    SATELLITE_URL = "http://spacewalk.hostname.com/rpc/api";
    SATELLITE_LOGIN = "admin"
    SATELLITE_PASSWORD = "password"

    client = xmlrpclib.Server(SATELLITE_URL, verbose=0)

    key = client.auth.login(SATELLITE_LOGIN, SATELLITE_PASSWORD)

    #----------------------------------------------------------------------
    def getSystemID(xml):
        """
        Print out all names found in xml
        """
        doc = minidom.parse(xml)
        node = doc.documentElement
        members = doc.getElementsByTagName("member")

        for member in members:
            name = member.getElementsByTagName("name")[0].firstChild.data
            if name == "system_id":
                value = \
                    member.getElementsByTagName("string")[0].firstChild.data
                return value.replace("ID-","")

    def getLockStatus(sysID):
        """
        Function to check if the host is locked
        """
        details = client.system.getDetails(key, int(sysID))
        if details['lock_status']:
            #print "ERROR: Skipping RHN/Spacewalk locked system %s" % sysID
            raise PluginYumExit('ERROR: Skipping RHN/Spacewalk locked system: 
%s' % sysID)
        else:
            print "NOTE: This host in not locked in RHN/Spacewalk"

    systemIDfile = '/etc/sysconfig/rhn/systemid'
    mySystemID = getSystemID(systemIDfile)
    getLockStatus(getSystemID(systemIDfile))

    client.auth.logout(key)
-----------------------------------

_______________________________________________
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel

[Spacewalk-devel] YUM RHN Lock Plugin

Reply via email to