Fixes #25186 - hotfix check #236
Conversation
|
Issues: #25186 |
| end | ||
|
|
||
| def regex_for_files_check | ||
| '^(..5....T.){1}(.{2}[^c])+.+\.(rb|py|erb|js)$' |
There was a problem hiding this comment.
This thing is hard to understand: would it be possible to put some explanatory comments on how that works?
|
|
||
| # only for downstream | ||
| def find_hotfix_rpms_installed | ||
| cmd = "rpm -qa 'HOTFIXRHBZ*'" |
There was a problem hiding this comment.
this doesn't seem to match packages, that have HOTFIX state in release version (see https://bugzilla.redhat.com/show_bug.cgi?id=1642369 as an example for testing with some hotfix installed)
There was a problem hiding this comment.
It doesn't seem lik rpm -qa provides the capability. We could perhaps use the find_installed_packages and then search for presence of HOTFIX there.
There was a problem hiding this comment.
Modified search using HOTFIX.
I found few issues where hot fixes delivered using RPM which not included HOTFIX string in release. I am not sure what is the reason behind that but in such cases, this check will fail to find out hot fixes applied using RPM.
Any suggestions on this?
| end | ||
|
|
||
| def find_installed_packages(version) | ||
| repolist_regexstr = feature(:downstream).repolist_for_hotfix_verify(version).join('|') |
There was a problem hiding this comment.
Could we make it in a way, that the version is not needed: for this case, we could rather look at the enabled repos and filter those that include satellite or rhscl
There was a problem hiding this comment.
Now it will work without version. I have considered all repos that includes satellite/rhscl instead of enabled one. It might be chance that user disabled repos.
|
Thank you @iNecas |
| end | ||
|
|
||
| def find_installed_packages(version) | ||
| repolist_regexstr = feature(:downstream).repolist_for_hotfix_verify(version).join('|') |
There was a problem hiding this comment.
@kgaikwad here is my take on the repoqueries https://gist.github.com/mbacovsky/889459a71244d04135bcd71cd62fd692. I didn't tested how the performance differ and it should be subject for further refactoring. Memory-wise it should be okay.
There was a problem hiding this comment.
Updated PR with the suggested changes. Please have look.
@ntkathole,
While testing this check, with other scenarios it would be good to test this check multiple times with some time interval for performance check.
kgaikwad
force-pushed
the
25186_verify_hotfix_installed
branch
from
b68da7c
to
9d55a7a
Compare
| changed_files | ||
| end | ||
|
|
||
| def installed_packages |
There was a problem hiding this comment.
I got another way to get these details,
- To get packages from satellite and rhscl repos you can avoid if statement for each package name,
yumdb search from_repo satellite rhscl
rh-ruby23-runtime-2.2-7.el7.x86_64
from_repo = rhel-server-rhscl-7-rpms
rubygem-ansi-1.4.3-3.el7sat.noarch
from_repo = rhel-7-server-satellite-6.3-rpms
The yumdb comes with yum-utils only, and this is very quick :)
time yumdb search from_repo satellite rhscl
real 0m0.563s
user 0m0.356s
sys 0m0.197s
We just need to disable yum plugins before query and enable it after getting the packages to make it faster else its unnecessary waits for plugins which we dont use while querying yum database,
to disable,
sed -i -e 's/plugins=1/plugins=0/g' /etc/yum.conf
to enable,
sed -i -e 's/plugins=0/plugins=1/g' /etc/yum.conf
- To get the hotfix packages installed you can use,
rpm -qa release="HOTFIX"
There was a problem hiding this comment.
I have updated command to get hotfix rpms using rpm -qa release="*HOTFIX*" command in pull-request.
Kept repoquery command as yumdb is not giving packages names but having extra input lines.
There was a problem hiding this comment.
@kgaikwad Well done. Looks good overall. I've left just a few nitpicks and questions inline. I'll mock some system to test on tomorrow.
@ntkathole, will you have some spare cycles to test this on properly registered system. With hotfixes and patches?
| end | ||
|
|
||
| def run | ||
| if feature(:downstream) && feature(:downstream).subscribed_using_activationkey? |
There was a problem hiding this comment.
Presence of :downstream is ensured by confine block.
There was a problem hiding this comment.
Good catch 👍
Forgot to remove first condition.
|
|
||
| def run | ||
| if feature(:downstream) && feature(:downstream).subscribed_using_activationkey? | ||
| skip 'Your system is subscribed using custom activationkey' |
There was a problem hiding this comment.
Souldn't we add something like 'Hotfixes can't be detected.'? Or is it clear?
definitions/features/downstream.rb
Outdated
| @@ -54,6 +54,10 @@ def subscribed_using_activationkey? | |||
| ENV['EXTERNAL_SAT_ACTIVATION_KEY'] && ENV['EXTERNAL_SAT_ORG'] | |||
| end | |||
|
|
|||
| def repolist(sat_version) | |||
| def msg_for_modified_files(files_modified) | ||
| message = "\n\nFound #{files_modified.length} file(s) modified on this system.\n" | ||
| if files_modified.length > 10 | ||
| message += 'Here, it shows only 10 records. For complete result, please check a log file.' |
There was a problem hiding this comment.
Do we actually log the full list somewhere? How long the list is expected to be on patched system? Would it bve too obtrusive to keep the full list in the output?
There was a problem hiding this comment.
+1
Yes, it would be ok I think if we display it in output only.
| end | ||
| message += "\n\nBefore package(s) update, please make sure the avaliablility of above file(s) "\ | ||
| 'modifications in latest.'\ | ||
| "\nFor safe side, you can take backup of above file(s) belongs to package(s)\n" |
There was a problem hiding this comment.
There is likely some word missing in the message. My take with no guarantee would be
Before update make sure the updated packages contain the listed modifications otherwise the fixes will be lost. It is also recommended to backup the modified files prior update.
kgaikwad
force-pushed
the
25186_verify_hotfix_installed
branch
from
54bb688
to
bbf0697
Compare
kgaikwad
force-pushed
the
25186_verify_hotfix_installed
branch
from
bbf0697
to
4f51d9b
Compare
|
@mbacovsky, Thank you for review! |
kgaikwad
changed the title
| if feature(:downstream) && feature(:downstream).subscribed_using_activationkey? | ||
| skip 'Your system is subscribed using custom activationkey' | ||
| if feature(:downstream).subscribed_using_activationkey? | ||
| skip "Hotfixes can't be detected" |
There was a problem hiding this comment.
@kgaikwad, sorry for the confusion, I think the original part is important too:
Your system is subscribed using custom activationkey. Hotfixes can't be detected..
This way the user knows the cause and can understand the result.
There was a problem hiding this comment.
No problem! my bad I was thinking the same :-) but then I thought you expected this as main message.I will do that
|
@kgaikwad thanks for the update. I'll do some more testing and this can get merged. |
kgaikwad
force-pushed
the
25186_verify_hotfix_installed
branch
from
4f51d9b
to
017586e
Compare
|
|
||
| def run | ||
| if feature(:downstream).subscribed_using_activationkey? | ||
| skip "Your system is subscribed using custom activationkey. Hotfixes can't be detected." |
There was a problem hiding this comment.
space is missing in "activation key"
kgaikwad
force-pushed
the
25186_verify_hotfix_installed
branch
from
017586e
to
23b542a
Compare
|
@kgaikwad I have a few more findings from my testing.
|
|
@kgaikwad
|
|
Thank you @mbacovsky and @jameerpathan111 |
@kgaikwad I have retested PR |
|
This looks and works perfectly now. Well done @kgaikwad and thanks for your patience :)! |
No description provided.