New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #25186 - hotfix check #236
Fixes #25186 - hotfix check #236
Conversation
Issues: #25186 |
end | ||
|
||
def regex_for_files_check | ||
'^(..5....T.){1}(.{2}[^c])+.+\.(rb|py|erb|js)$' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This thing is hard to understand: would it be possible to put some explanatory comments on how that works?
|
||
# only for downstream | ||
def find_hotfix_rpms_installed | ||
cmd = "rpm -qa 'HOTFIXRHBZ*'" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this doesn't seem to match packages, that have HOTFIX
state in release version (see https://bugzilla.redhat.com/show_bug.cgi?id=1642369 as an example for testing with some hotfix installed)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't seem lik rpm -qa
provides the capability. We could perhaps use the find_installed_packages
and then search for presence of HOTFIX
there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Modified search using HOTFIX
.
I found few issues where hot fixes delivered using RPM which not included HOTFIX
string in release. I am not sure what is the reason behind that but in such cases, this check will fail to find out hot fixes applied using RPM.
Any suggestions on this?
end | ||
|
||
def find_installed_packages(version) | ||
repolist_regexstr = feature(:downstream).repolist_for_hotfix_verify(version).join('|') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we make it in a way, that the version
is not needed: for this case, we could rather look at the enabled repos and filter those that include satellite
or rhscl
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now it will work without version
. I have considered all repos that includes satellite/rhscl
instead of enabled one. It might be chance that user disabled repos.
Thank you @iNecas |
end | ||
|
||
def find_installed_packages(version) | ||
repolist_regexstr = feature(:downstream).repolist_for_hotfix_verify(version).join('|') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kgaikwad here is my take on the repoqueries https://gist.github.com/mbacovsky/889459a71244d04135bcd71cd62fd692. I didn't tested how the performance differ and it should be subject for further refactoring. Memory-wise it should be okay.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Updated PR with the suggested changes. Please have look.
@ntkathole,
While testing this check, with other scenarios it would be good to test this check multiple times with some time interval for performance check.
b68da7c
to
9d55a7a
Compare
changed_files | ||
end | ||
|
||
def installed_packages |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I got another way to get these details,
- To get packages from satellite and rhscl repos you can avoid if statement for each package name,
yumdb search from_repo satellite rhscl
rh-ruby23-runtime-2.2-7.el7.x86_64
from_repo = rhel-server-rhscl-7-rpms
rubygem-ansi-1.4.3-3.el7sat.noarch
from_repo = rhel-7-server-satellite-6.3-rpms
The yumdb comes with yum-utils only, and this is very quick :)
time yumdb search from_repo satellite rhscl
real 0m0.563s
user 0m0.356s
sys 0m0.197s
We just need to disable yum plugins before query and enable it after getting the packages to make it faster else its unnecessary waits for plugins which we dont use while querying yum database,
to disable,
sed -i -e 's/plugins=1/plugins=0/g' /etc/yum.conf
to enable,
sed -i -e 's/plugins=0/plugins=1/g' /etc/yum.conf
- To get the hotfix packages installed you can use,
rpm -qa release="HOTFIX"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have updated command to get hotfix rpms using rpm -qa release="*HOTFIX*"
command in pull-request.
Kept repoquery
command as yumdb
is not giving packages names but having extra input lines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kgaikwad Well done. Looks good overall. I've left just a few nitpicks and questions inline. I'll mock some system to test on tomorrow.
@ntkathole, will you have some spare cycles to test this on properly registered system. With hotfixes and patches?
end | ||
|
||
def run | ||
if feature(:downstream) && feature(:downstream).subscribed_using_activationkey? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Presence of :downstream
is ensured by confine
block.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch 👍
Forgot to remove first condition.
|
||
def run | ||
if feature(:downstream) && feature(:downstream).subscribed_using_activationkey? | ||
skip 'Your system is subscribed using custom activationkey' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Souldn't we add something like 'Hotfixes can't be detected.'? Or is it clear?
definitions/features/downstream.rb
Outdated
@@ -54,6 +54,10 @@ def subscribed_using_activationkey? | |||
ENV['EXTERNAL_SAT_ACTIVATION_KEY'] && ENV['EXTERNAL_SAT_ORG'] | |||
end | |||
|
|||
def repolist(sat_version) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this used somewhere?
def msg_for_modified_files(files_modified) | ||
message = "\n\nFound #{files_modified.length} file(s) modified on this system.\n" | ||
if files_modified.length > 10 | ||
message += 'Here, it shows only 10 records. For complete result, please check a log file.' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we actually log the full list somewhere? How long the list is expected to be on patched system? Would it bve too obtrusive to keep the full list in the output?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
Yes, it would be ok I think if we display it in output only.
end | ||
message += "\n\nBefore package(s) update, please make sure the avaliablility of above file(s) "\ | ||
'modifications in latest.'\ | ||
"\nFor safe side, you can take backup of above file(s) belongs to package(s)\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is likely some word missing in the message. My take with no guarantee would be
Before update make sure the updated packages contain the listed modifications otherwise the fixes will be lost. It is also recommended to backup the modified files prior update.
54bb688
to
bbf0697
Compare
bbf0697
to
4f51d9b
Compare
@mbacovsky, Thank you for review! |
if feature(:downstream) && feature(:downstream).subscribed_using_activationkey? | ||
skip 'Your system is subscribed using custom activationkey' | ||
if feature(:downstream).subscribed_using_activationkey? | ||
skip "Hotfixes can't be detected" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kgaikwad, sorry for the confusion, I think the original part is important too:
Your system is subscribed using custom activationkey. Hotfixes can't be detected.
.
This way the user knows the cause and can understand the result.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No problem! my bad I was thinking the same :-) but then I thought you expected this as main message.I will do that
@kgaikwad thanks for the update. I'll do some more testing and this can get merged. |
4f51d9b
to
017586e
Compare
|
||
def run | ||
if feature(:downstream).subscribed_using_activationkey? | ||
skip "Your system is subscribed using custom activationkey. Hotfixes can't be detected." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
space is missing in "activation key"
017586e
to
23b542a
Compare
@kgaikwad I have a few more findings from my testing.
|
@kgaikwad
|
Thank you @mbacovsky and @jameerpathan111 |
@kgaikwad I have retested PR |
This looks and works perfectly now. Well done @kgaikwad and thanks for your patience :)! |
No description provided.