Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[RHELC-1033, RHELC-1036] Make (re-)registering the system optional (#869
) * Make subscription from within convert2rhel optional. Previously, we would unregister a system if it was registered and then re-register with subscription-manager. The only time we didn't do this would be when the user specified --no-rhsm but that does too much. It causes convert2rhel to avoid the use of subscription-manager altogether (it doesn't install the package or configure the RHEL repos) For our purposes, we just don't want to replace the registration if the system already has one. The strategy we're implementing here is: * If the user specifies (username and password) or (activation_key and organization) then (re)register the system. * If not, then attempt to do the conversion without registering the system first. There are several distinct changes made to enable this functionality: * subscription.{subscribe_system,rollback}() were moved ito a RestorableChange (called RestorableSystemSubscription). This is mainly because deciding whether to unregister the system in case of a rollback now needs to have some saved state to know whether we registered it in the first place. * replace_subscription_manager() no longer unregisters the system as part of uninstalling the current subscription-manager packages and installing the RHEL ones. * A new property was added to toolopts, should_subscribe. This property tells whether the user has specified options which ask us to (re)register the system or not. * In pre_ponr_changes/subscription.py we now use should_subscribe to decide whether to (re)subscribe the system instead of only no_rhsm. We also use RestorableSystemSubscribe instead of calling subscribe_system(). * In main.py we no longer have to call subscription.rollback() because the backup framework (backup.backup_control.pop_all()) will take care of rolling back the subscription. * Reviewed places where tool_opts.no_rhsm was used and change places that were used only to subscribe the system (as opposed to installing subscription-manager, which is also used for other things) to subscription.should_subscribe() instead: * actions.pre_ponr_changes.subscription.PreSubscription: This action makes sure that /usr/bin/subscription-manager can run so it needs to run even if we don't subscribe the system. * actions.system_checks.dbus.DbusIsRunning: We currently only use DBus as part of subscribing the system so should_subscribe is appropriate here. * toolopts.CLI: use should_subscribe to tell the user we're ignoring the presence of --serverurl. * Deprecate --keep-rhsm and use a heuristic to decide whether to register with subscription-manager. The heuristic is to check whether the user gave us the necessary credentials to register the system with subscription-manager. If so, then we use rhsm to do so. If not, then we do not attempt to register the system. Fixes: https://issues.redhat.com/browse/RHELC-1036 * cert.py: * make cert.SystemCert() work with the backup system. Now it will only install the certificate if it isn't already present on the system and only remove the certificate if it was convert2rhel which installed it. * Give SystemCert the ability to install to different directories. This allows us to use it for both the susbcription-manager product certificate and the yum repo certificate (needed for the convert2rhel yum repo). * main.py: Use the backup system to uninstall the certificates if we rollback instead of making a manual call to remove it. * subscription.py: * The RestorableChange for registering and unregistering the system no longer needs to check keep_rhsm. We will always unsubscribe the system if we subsribed it but by default we are no longer subscribing it in the first place. * Remove replace_subscription_manager() and remove_original_subscription_manager() as we don't need anything that uninstalls the subscription-manager package from the vendor anymore. * Add detect_subscription_manager() to check whether subscription-manager is installed (the entrypoint packages that we need for conversion, basically '*subscription-manager*'.) * Move a check for whether subscription-manager packages for RHEL have been downloaded successfully from replace_subscription_manager() to install_rhel_subscription_manager(). This entails calling logger.critical() if the rpms are not present. In the past, we would fail in the same way, just at an earlier stage (in replace[..]() instead of install[..](). * Move the installation of the redhat-uep.pem for the yum repos into a pre_ponr_change instead of here. It's graduating from a hack to something that we need to ensure is installed. (Remove _check_and_install_redhat_uep_pem()). * verify_rhsm_installed(): Remove the keep_rhsm check. Now, we will always fail at this point if verify_rhsm_installed() was called and subscription-manager is not installed. (The equivalent check is now done by the caller) * download_rhsm_pkgs(): Do not check for keep_rhsm. Now, when this is called, we will always download the packages. (The equivalent check is now done by the caller) * toolopts.py: Remove the keep_rhsm toolopts attribute. When parsing the CLI, warn if --keep-rhsm is passed and ignore the option. * actions/pre_ponr_changes/subscription.py: * Create and action for installing yum repo certs with code migrated from subscription._check_and_install_redhat_uep_pem() * Move installation of the gpg key from the PreSubscription Action and make both Presubscription and pre_ponr_changes.transaction.ValidatePackageManagerTransaction depend on it. (TODO from r0x0d) * Now only download and install subscription-manager if they are not already installed. * Remove an unused namedtuple import * Remove unused toolopts.credentials_thru_cli When the RegistrationCommand was refactored into a class, we stopped needing credentials_thru_cli. Remove that now. * Make sure subscription-manager knows about the product certificate. Add a function to call subscription-manager refresh. Use it to make sure subscription-manager knows about any RHSM product certificate the user may have put on the system since the last time subscription-manager refreshed its cache. * Add subscription-manager package installation to the backup controller. This is needed so that the packages can be uninstalled after we have unregistered the system during rollback. Without this change thte tiing was wrong because: * some packages (those which were removed) need to be rolled back early (before file rollbacks happen) * The packages here (installed subscription-manager packages) need to be rolled back later, after unregistering the system. * Unregistering the system is now handled by the backup framework and the backup framework rollback is a single step. Since the backup framework rollback can't exist both before and after the other rollback steps, adding the subscription-manager package rollbacks to the framework is the only way to fix this. * Use get_installed_pkg_information() instead of get_installed_pkg_objects() for subscription-manager installation. On RHEL8, those two functions deal with architecture specification differently. Using get_installed_pkg_information everywhere gives the right answer on both RHEL7 and RHEL8. * Make subscription-manager installation work with old versions of deps. We are trying to get convert2rhel to only install the subset of subscription-manager packages which it requires. However, when we do have to install packages, we are getting them from the UBI repositories where the version of subscription-manager may need a newer vrsion of dependencies than the vendor has. For this reason, we may need to install some dependencies from the UBI repositories even though the vendor versions of them are already installed. Currently, python-syspurpose and json-c are the only problematic packages so make sure that they are added to the install set. .. seealso:: Bug report illustrating the version problem: #494 * syspurpose and jsonc should not be uninstalled on rollback if they were installed to begin with. Fix this by sending both packages to install and packages to update to RestorablePackageSet. When we call restore(), packages which were updated are not uninstalled. (In the future, we could backup and restore those packages). The PR fixing this in the past was: #393 Co-authored-by: Rodolfo Olivieri <rodolfo.olivieri3@gmail.com> Co-authored-by: Michal Bocek <mbocek@redhat.com> Co-authored-by: E Gustavsson <eric@spytec.se> Co-authored-by: Martin 'kokesak' Litwora <mlitwora@redhat.com> * Fix for poor error message when a cert has already been removed in rollback. If something (for instance, package removal) removes a certificate that we installed, then we will try to reove the cert during rollback but the file won't exist. Add some code to give a nice message in this case. Also fix the integration test test_rhsm_error_logged(). It was checking for a prior bad error message (an exception). That won't happen in the same circumstance with the new code so adapt it to fit the new reality. * Hack to fix the order of rollbacks while we still have items that aren't ported to the backup framework. * Fix package backup on a pre-registered system When the system is registered to RHSM before running convert2rhel, the redhat.repo file is not generated because of the missing RHSM product cert on non-RHEL system. However convert2rhel installs this cert and when we do a package backup, the subscription-manager yum plugin generates the redhat.repo file. Having the RHEL repos defined and enabled during the package backup causes a failure when accessing the RHEL repos due to the $releasever being different on RHEL and RHEL-clones. Besides that, when backing up packages we want to be accessing only the RHEL-clone repos, not RHEL repos. Also, fix the check whether the packages to be removed have been really removed. We were comparing strings to objects which led to a false flag warning that packages that were in fact removed haven't been removed. Also, update dependencies of a few Actions to make sure: - we backup system repos before pkg backup because we're using the backed up repos for the pkg backups - we remove pkgs that contain repofiles only after installing sub-man pkgs because the sub-man pkg installation may require dependencies from the original vendor repos --------- Signed-off-by: Daniel Diblik <ddiblik@redhat.com> Co-authored-by: Rodolfo Olivieri <rodolfo.olivieri3@gmail.com> Co-authored-by: Michal Bocek <mbocek@redhat.com> Co-authored-by: E Gustavsson <eric@spytec.se> Co-authored-by: Martin 'kokesak' Litwora <mlitwora@redhat.com> Co-authored-by: Daniel Diblik <ddiblik@redhat.com>
- Loading branch information
6 people
committed
Sep 7, 2023
1 parent
fb6b4a9
commit 65f7c48