From 294df44a4e96589006f94abaf1e92fb347c7b899 Mon Sep 17 00:00:00 2001 From: Victor Zhestkov Date: Tue, 20 Apr 2021 14:06:18 +0300 Subject: [PATCH 1/3] Add salt bundle bootstrapping support and Raspbian 10 and 9 --- spacewalk/certs-tools/rhn_bootstrap.py | 7 +- .../certs-tools/rhn_bootstrap_strings.py | 958 ++++++++++-------- .../certs-tools/spacewalk-certs-tools.changes | 4 + .../salt/actionchains/force_restart_minion.sh | 18 +- .../susemanager-sls/salt/bootstrap/init.sls | 52 +- .../susemanager-sls/salt/certs/Raspbian10.sls | 1 + .../susemanager-sls/salt/certs/Raspbian9.sls | 1 + .../salt/channels/channels.repo | 4 +- .../salt/services/salt-minion.sls | 23 +- .../salt/util/mgr_disable_fqdns_grain.sls | 11 +- .../salt/util/mgr_mine_config_clean_up.sls | 11 +- .../salt/util/mgr_start_event_grains.sls | 12 +- .../salt/util/mgr_switch_to_venv_minion.sls | 100 ++ .../susemanager-sls/susemanager-sls.changes | 3 + susemanager/src/mgr-create-bootstrap-repo | 14 +- susemanager/susemanager.changes | 4 +- 16 files changed, 758 insertions(+), 465 deletions(-) create mode 120000 susemanager-utils/susemanager-sls/salt/certs/Raspbian10.sls create mode 120000 susemanager-utils/susemanager-sls/salt/certs/Raspbian9.sls create mode 100644 susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls diff --git a/spacewalk/certs-tools/rhn_bootstrap.py b/spacewalk/certs-tools/rhn_bootstrap.py index ba35460e425d..ba42ac08b5f1 100755 --- a/spacewalk/certs-tools/rhn_bootstrap.py +++ b/spacewalk/certs-tools/rhn_bootstrap.py @@ -177,6 +177,7 @@ def getDefaultOptions(): 'http-proxy-password': "", 'allow-config-actions': 0, 'allow-remote-commands': 0, + 'no-bundle': 0, 'no-gpg': 0, 'no-up2date': 0, 'up2date': 0, @@ -246,6 +247,9 @@ def getSetString(value): Option('--allow-remote-commands', action='store_true', help='boolean; allow arbitrary remote commands - requires installing certain rhncfg-* RPMs probably via an activation key. (currently: %s)' % getSetString(defopts['allow-remote-commands'])), + Option('--no-bundle', + action='store_true', + help='boolean; avoid installing salt minion bundle (venv-salt-minion) instead of salt minion (currently %s)' % getSetString(defopts['no-bundle'])), Option('--no-gpg', action='store_true', help='(not recommended) boolean; turn off GPG checking by the clients (currently %s)' % getSetString(defopts['no-gpg'])), @@ -314,6 +318,7 @@ def parseCommandline(): # "not not" forces the integer value 'allow-config-actions': not not options.allow_config_actions, 'allow-remote-commands': not not options.allow_remote_commands, + 'no-bundle': not not options.no_bundle, 'no-gpg': not not options.no_gpg, 'no-up2date': not not options.no_up2date, 'up2date': not not options.up2date, @@ -391,7 +396,7 @@ def processCommandline(): # forcing numeric values for opt in ['allow_config_actions', 'allow_remote_commands', - 'no_gpg', 'no_up2date', 'traditional', 'up2date', 'verbose']: + 'no_bundle', 'no_gpg', 'no_up2date', 'traditional', 'up2date', 'verbose']: # operator.truth should return (0, 1) or (False, True) depending on # the version of python; passing any of those values through int() # will return an int diff --git a/spacewalk/certs-tools/rhn_bootstrap_strings.py b/spacewalk/certs-tools/rhn_bootstrap_strings.py index 9480eae9daae..8af7b281d425 100644 --- a/spacewalk/certs-tools/rhn_bootstrap_strings.py +++ b/spacewalk/certs-tools/rhn_bootstrap_strings.py @@ -153,6 +153,10 @@ # are used. CLIENT_REPOS_ROOT= +# Avoid installing venv-salt-minion instead salt-minion +# even if it available in the bootstrap repo +AVOID_VENV_SALT_MINION=0 + # # ----------------------------------------------------------------------------- # DO NOT EDIT BEYOND THIS POINT ----------------------------------------------- @@ -179,18 +183,18 @@ # machine supports the insecure mode and format # command accordingly. -if [ -x /usr/bin/wget ] ; then +if [ -x /usr/bin/wget ]; then output=`LANG=en_US /usr/bin/wget --no-check-certificate 2>&1` error=`echo $output | grep "unrecognized option"` - if [ -z "$error" ] ; then + if [ -z "$error" ]; then FETCH="/usr/bin/wget -nv -r -nd --no-check-certificate" else FETCH="/usr/bin/wget -nv -r -nd" fi -elif [ -x /usr/bin/curl ] ; then +elif [ -x /usr/bin/curl ]; then output=`LANG=en_US /usr/bin/curl -k 2>&1` error=`echo $output | grep "is unknown"` - if [ -z "$error" ] ; then + if [ -z "$error" ]; then FETCH="/usr/bin/curl -ksSOf" else FETCH="/usr/bin/curl -sSOf" @@ -202,23 +206,23 @@ HTTP_PUB_DIRECTORY=http://${{HOSTNAME}}/{pubname} HTTPS_PUB_DIRECTORY=https://${{HOSTNAME}}/{pubname} -if [ $USING_SSL -eq 0 ] ; then +if [ $USING_SSL -eq 0 ]; then HTTPS_PUB_DIRECTORY=${{HTTP_PUB_DIRECTORY}} fi INSTALLER=up2date -if [ -x /usr/bin/dnf ] ; then +if [ -x /usr/bin/dnf ]; then INSTALLER=yum -elif [ -x /usr/bin/zypper ] ; then +elif [ -x /usr/bin/zypper ]; then INSTALLER=zypper -elif [ -x /usr/bin/yum ] ; then +elif [ -x /usr/bin/yum ]; then INSTALLER=yum -elif [ -x /usr/bin/apt ] ; then +elif [ -x /usr/bin/apt ]; then INSTALLER=apt fi -if [ ! -w . ] ; then +if [ ! -w . ]; then echo "" echo "*** ERROR: $(pwd):" echo " No permission to write to the current directory." @@ -260,48 +264,55 @@ def getRegistrationStackSh(saltEnabled): 'spacewalk-client-tools', 'zypp-plugin-spacewalk'] PKG_NAME_YUM = saltEnabled and ['salt', 'salt-minion'] or ['spacewalk-check', 'spacewalk-client-setup', 'spacewalk-client-tools', 'yum-rhn-plugin'] + PKG_NAME_VENV = saltEnabled and ['venv-salt-minion'] or [] PKG_NAME_UPDATE = list(PKG_NAME) PKG_NAME_UPDATE.extend(['zypper', 'openssl']) + PKG_NAME_VENV_UPDATE = list(PKG_NAME_VENV) + PKG_NAME_VENV_UPDATE.extend(['zypper', 'openssl']) + PKG_NAME_UPDATE_YUM = list(PKG_NAME_YUM) PKG_NAME_UPDATE_YUM.extend(saltEnabled and ['yum', 'openssl'] or ['yum-rhn-plugin', 'yum', 'openssl']) + PKG_NAME_VENV_UPDATE_YUM = list(PKG_NAME_VENV) + PKG_NAME_VENV_UPDATE_YUM.extend(['yum', 'openssl']) + return """\ echo echo "CLEANING UP OLD SUSE MANAGER REPOSITORIES" echo "-------------------------------------------------" function clean_up_old_trad_repos() {{ - local trad_client_repo_prefix="spacewalk:" - if [ -f /usr/bin/realpath ]; then - GET_PATH="/usr/bin/realpath" - else - GET_PATH="/usr/bin/readlink -f --" - fi - - for file in $1/$trad_client_repo_prefix*.repo; do - if [ -f "$file" ] ; then - echo "Removing $($GET_PATH "$file")" - rm -f $($GET_PATH "$file") + local trad_client_repo_prefix="spacewalk:" + if [ -f /usr/bin/realpath ]; then + GET_PATH="/usr/bin/realpath" + else + GET_PATH="/usr/bin/readlink -f --" fi - done + + for file in $1/$trad_client_repo_prefix*.repo; do + if [ -f "$file" ]; then + echo "Removing $($GET_PATH "$file")" + rm -f $($GET_PATH "$file") + fi + done }} function clean_up_old_salt_repos() {{ - if [ -f "$1" ] ; then - echo "Removing $1" - rm -f "$1" - fi + if [ -f "$1" ]; then + echo "Removing $1" + rm -f "$1" + fi }} function clean_up_old_repos() {{ - clean_up_old_salt_repos "/etc/zypp/repos.d/susemanager:channels.repo" - clean_up_old_salt_repos "/etc/yum.repos.d/susemanager:channels.repo" - clean_up_old_salt_repos "/etc/apt/sources.list.d/susemanager:channels.list" + clean_up_old_salt_repos "/etc/zypp/repos.d/susemanager:channels.repo" + clean_up_old_salt_repos "/etc/yum.repos.d/susemanager:channels.repo" + clean_up_old_salt_repos "/etc/apt/sources.list.d/susemanager:channels.list" - clean_up_old_trad_repos "/etc/zypp/repos.d" - clean_up_old_trad_repos "/etc/yum.repos.d" + clean_up_old_trad_repos "/etc/zypp/repos.d" + clean_up_old_trad_repos "/etc/yum.repos.d" }} clean_up_old_repos @@ -310,41 +321,60 @@ def getRegistrationStackSh(saltEnabled): echo "-------------------------------------------------" function test_repo_exists() {{ - local repourl="$CLIENT_REPO_URL" - - $FETCH $repourl/repodata/repomd.xml - if [ ! -f "repomd.xml" ] ; then - echo "Bootstrap repo '$repourl' does not exist." - repourl="" - CLIENT_REPO_URL="" - fi - rm -f repomd.xml + local repourl="$CLIENT_REPO_URL" + + $FETCH $repourl/repodata/repomd.xml + if [ ! -f "repomd.xml" ]; then + echo "Bootstrap repo '$repourl' does not exist." + repourl="" + CLIENT_REPO_URL="" + fi + rm -f repomd.xml +}} + +function test_venv_enabled() {{ + if [ $AVOID_VENV_SALT_MINION -ne 1 ]; then + local repourl="$CLIENT_REPO_URL" + if [ "$INSTALLER" == "zypper" ] || [ "$INSTALLER" == "yum" ]; then + ARCH=$(rpm --eval "%{{_host_cpu}}") + else + ARCH=$(dpkg --print-architecture) + fi + VENV_FILE="venv-enabled-$ARCH.txt" + $FETCH $repourl/$VENV_FILE + if [ -f "$VENV_FILE" ]; then + echo "Bootstrap repo '$repourl' contains salt bundle." + repourl="" + VENV_ENABLED=1 + fi + rm -f "$VENV_FILE" + fi }} function get_rhnlib_pkgs() {{ - # Gets all installed rhnlib packages for update - RHNLIB_PKG="" - if rpm -q python3-rhnlib > /dev/null; then - RHNLIB_PKG+="python3-rhnlib " - fi - if rpm -q python2-rhnlib > /dev/null; then - RHNLIB_PKG+="python2-rhnlib " - fi - if rpm -q rhnlib > /dev/null; then - RHNLIB_PKG+="rhnlib " - fi + # Gets all installed rhnlib packages for update + RHNLIB_PKG="" + if rpm -q python3-rhnlib > /dev/null; then + RHNLIB_PKG+="python3-rhnlib " + fi + if rpm -q python2-rhnlib > /dev/null; then + RHNLIB_PKG+="python2-rhnlib " + fi + if rpm -q rhnlib > /dev/null; then + RHNLIB_PKG+="rhnlib " + fi }} function setup_bootstrap_repo() {{ - local repopath="$CLIENT_REPO_FILE" - local reponame="$CLIENT_REPO_NAME" - local repourl="$CLIENT_REPO_URL" + local repopath="$CLIENT_REPO_FILE" + local reponame="$CLIENT_REPO_NAME" + local repourl="$CLIENT_REPO_URL" - test_repo_exists + test_repo_exists - if [ -n "$CLIENT_REPO_URL" ]; then - echo " adding client software repository at $repourl" - cat <"$repopath" + if [ -n "$CLIENT_REPO_URL" ]; then + echo " adding client software repository at $repourl" + cat <"$repopath" [$reponame] name=$reponame baseurl=$repourl @@ -353,19 +383,19 @@ def getRegistrationStackSh(saltEnabled): keeppackages=0 gpgcheck=0 EOF - fi + fi - # Avoid modularity failsafe mechanism in dnf 4.2.7 or greater - if [ -n "$Y_CLIENT_CODE_VERSION" ] && [ $Y_CLIENT_CODE_VERSION -ge 8 ]; then - echo " adding 'module_hotfixes' flag to the repository config" - echo "module_hotfixes=1" >> "$repopath" - fi + # Avoid modularity failsafe mechanism in dnf 4.2.7 or greater + if [ -n "$Y_CLIENT_CODE_VERSION" ] && [ $Y_CLIENT_CODE_VERSION -ge 8 ]; then + echo " adding 'module_hotfixes' flag to the repository config" + echo "module_hotfixes=1" >> "$repopath" + fi }} function remove_bootstrap_repo() {{ - local repopath="$CLIENT_REPO_FILE" + local repopath="$CLIENT_REPO_FILE" - rm -f $repopath + rm -f $repopath }} if [ "$INSTALLER" == yum ]; then @@ -407,6 +437,9 @@ def getRegistrationStackSh(saltEnabled): function getY_MISSING() {{ local NEEDED="{PKG_NAME_YUM}" + if [ "0$VENV_ENABLED" -eq 1 ]; then + NEEDED="{PKG_NAME_VENV}" + fi Y_MISSING="" for P in $NEEDED; do rpm -q "$P" || Y_MISSING="$Y_MISSING $P" @@ -416,7 +449,6 @@ def getRegistrationStackSh(saltEnabled): echo "* check for necessary packages being installed..." getY_CLIENT_CODE_BASE echo "* client codebase is ${{Y_CLIENT_CODE_BASE}}-${{Y_CLIENT_CODE_VERSION}}" - getY_MISSING CLIENT_REPOS_ROOT="${{CLIENT_REPOS_ROOT:-https://${{HOSTNAME}}/pub/repositories}}" CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{Y_CLIENT_CODE_BASE}}/${{Y_CLIENT_CODE_VERSION}}/bootstrap" @@ -434,6 +466,10 @@ def getRegistrationStackSh(saltEnabled): setup_bootstrap_repo + test_venv_enabled + + getY_MISSING + if [ -z "$Y_MISSING" ]; then echo " no packages missing." else @@ -450,155 +486,166 @@ def getRegistrationStackSh(saltEnabled): fi # try update main packages for registration from any repo which is available get_rhnlib_pkgs - yum -y upgrade {PKG_NAME_UPDATE_YUM} $RHNLIB_PKG ||: - -elif [ "$INSTALLER" == zypper ]; then - function getZ_CLIENT_CODE_BASE() {{ - local BASE="" - local VERSION="" - local PATCHLEVEL="" - if [ -r /etc/SuSE-release ]; then - grep -q 'Enterprise' /etc/SuSE-release && BASE='sle' - eval $(grep '^\(VERSION\|PATCHLEVEL\)' /etc/SuSE-release | tr -d '[:blank:]') - if [ "$BASE" != "sle" ]; then - grep -q 'openSUSE' /etc/SuSE-release && BASE='opensuse' - VERSION="$(grep '^\(VERSION\)' /etc/SuSE-release | tr -d '[:blank:]' | sed -n 's/.*=\([[:digit:]]\+\).*/\\1/p')" - PATCHLEVEL="$(grep '^\(VERSION\)' /etc/SuSE-release | tr -d '[:blank:]' | sed -n 's/.*\.\([[:digit:]]*\).*/\\1/p')" - fi - elif [ -r /etc/os-release ]; then - grep -q 'Enterprise' /etc/os-release && BASE='sle' - if [ "$BASE" != "sle" ]; then - grep -q 'openSUSE' /etc/os-release && BASE='opensuse' - fi - VERSION="$(grep '^\(VERSION_ID\)' /etc/os-release | sed -n 's/.*"\([[:digit:]]\+\).*/\\1/p')" - PATCHLEVEL="$(grep '^\(VERSION_ID\)' /etc/os-release | sed -n 's/.*\.\([[:digit:]]*\).*/\\1/p')" - fi - Z_CLIENT_CODE_BASE="${{BASE:-unknown}}" - Z_CLIENT_CODE_VERSION="${{VERSION:-unknown}}" - Z_CLIENT_CODE_PATCHLEVEL="${{PATCHLEVEL:-0}}" - }} - - function getZ_MISSING() {{ - local NEEDED="{PKG_NAME}" - if [ "$Z_CLIENT_CODE_BASE" == "sle" -a "$Z_CLIENT_CODE_VERSION" == "10" ]; then - # (bnc#789373) Code 10 product migration requires 'xsltproc' being installed - which 'xsltproc' || NEEDED="$NEEDED libxslt" + if [ "0$VENV_ENABLED" -eq 1 ]; then + yum -y upgrade {PKG_NAME_VENV_UPDATE_YUM} ||: + else + yum -y upgrade {PKG_NAME_UPDATE_YUM} $RHNLIB_PKG ||: fi - Z_MISSING="" - for P in $NEEDED; do - rpm -q "$P" || Z_MISSING="$Z_MISSING $P" - done - }} - function getZ_ZMD_TODEL() {{ - local ZMD_STACK="zmd rug libzypp-zmd-backend yast2-registration zen-updater zmd-inventory suseRegister-jeos" - if rpm -q suseRegister --qf '%{{VERSION}}' | grep -q '^\(0\.\|1\.[0-3]\)\(\..*\)\?$'; then - # we need the new suseRegister >= 1.4, so wipe an old one too - ZMD_STACK="$ZMD_STACK suseRegister suseRegisterInfo spacewalk-client-tools" - fi - Z_ZMD_TODEL="" - for P in $ZMD_STACK; do - rpm -q "$P" && Z_ZMD_TODEL="$Z_ZMD_TODEL $P" - done - }} +elif [ "$INSTALLER" == zypper ]; then + function getZ_CLIENT_CODE_BASE() {{ + local BASE="" + local VERSION="" + local PATCHLEVEL="" + if [ -r /etc/SuSE-release ]; then + grep -q 'Enterprise' /etc/SuSE-release && BASE='sle' + eval $(grep '^\(VERSION\|PATCHLEVEL\)' /etc/SuSE-release | tr -d '[:blank:]') + if [ "$BASE" != "sle" ]; then + grep -q 'openSUSE' /etc/SuSE-release && BASE='opensuse' + VERSION="$(grep '^\(VERSION\)' /etc/SuSE-release | tr -d '[:blank:]' | sed -n 's/.*=\([[:digit:]]\+\).*/\\1/p')" + PATCHLEVEL="$(grep '^\(VERSION\)' /etc/SuSE-release | tr -d '[:blank:]' | sed -n 's/.*\.\([[:digit:]]*\).*/\\1/p')" + fi + elif [ -r /etc/os-release ]; then + grep -q 'Enterprise' /etc/os-release && BASE='sle' + if [ "$BASE" != "sle" ]; then + grep -q 'openSUSE' /etc/os-release && BASE='opensuse' + fi + VERSION="$(grep '^\(VERSION_ID\)' /etc/os-release | sed -n 's/.*"\([[:digit:]]\+\).*/\\1/p')" + PATCHLEVEL="$(grep '^\(VERSION_ID\)' /etc/os-release | sed -n 's/.*\.\([[:digit:]]*\).*/\\1/p')" + fi + Z_CLIENT_CODE_BASE="${{BASE:-unknown}}" + Z_CLIENT_CODE_VERSION="${{VERSION:-unknown}}" + Z_CLIENT_CODE_PATCHLEVEL="${{PATCHLEVEL:-0}}" + }} - echo "* check for necessary packages being installed..." - # client codebase determines repo url to use and whether additional - # preparations are needed before installing the missing packages. - getZ_CLIENT_CODE_BASE - echo "* client codebase is ${{Z_CLIENT_CODE_BASE}}-${{Z_CLIENT_CODE_VERSION}}-sp${{Z_CLIENT_CODE_PATCHLEVEL}}" + function getZ_MISSING() {{ + local NEEDED="{PKG_NAME}" + if [ "0$VENV_ENABLED" -eq 1 ]; then + NEEDED="{PKG_NAME_VENV}" + fi + if [ "$Z_CLIENT_CODE_BASE" == "sle" -a "$Z_CLIENT_CODE_VERSION" == "10" ]; then + # (bnc#789373) Code 10 product migration requires 'xsltproc' being installed + which 'xsltproc' || NEEDED="$NEEDED libxslt" + fi + Z_MISSING="" + for P in $NEEDED; do + rpm -q "$P" || Z_MISSING="$Z_MISSING $P" + done + }} - getZ_MISSING + function getZ_ZMD_TODEL() {{ + local ZMD_STACK="zmd rug libzypp-zmd-backend yast2-registration zen-updater zmd-inventory suseRegister-jeos" + if rpm -q suseRegister --qf '%{{VERSION}}' | grep -q '^\(0\.\|1\.[0-3]\)\(\..*\)\?$'; then + # we need the new suseRegister >= 1.4, so wipe an old one too + ZMD_STACK="$ZMD_STACK suseRegister suseRegisterInfo spacewalk-client-tools" + fi + Z_ZMD_TODEL="" + for P in $ZMD_STACK; do + rpm -q "$P" && Z_ZMD_TODEL="$Z_ZMD_TODEL $P" + done + }} - CLIENT_REPOS_ROOT="${{CLIENT_REPOS_ROOT:-${{HTTPS_PUB_DIRECTORY}}/repositories}}" - CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{Z_CLIENT_CODE_BASE}}/${{Z_CLIENT_CODE_VERSION}}/${{Z_CLIENT_CODE_PATCHLEVEL}}/bootstrap" - CLIENT_REPO_NAME="susemanager:bootstrap" - CLIENT_REPO_FILE="/etc/zypp/repos.d/$CLIENT_REPO_NAME.repo" + echo "* check for necessary packages being installed..." + # client codebase determines repo url to use and whether additional + # preparations are needed before installing the missing packages. + getZ_CLIENT_CODE_BASE + echo "* client codebase is ${{Z_CLIENT_CODE_BASE}}-${{Z_CLIENT_CODE_VERSION}}-sp${{Z_CLIENT_CODE_PATCHLEVEL}}" - test_repo_exists + CLIENT_REPOS_ROOT="${{CLIENT_REPOS_ROOT:-${{HTTPS_PUB_DIRECTORY}}/repositories}}" + CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{Z_CLIENT_CODE_BASE}}/${{Z_CLIENT_CODE_VERSION}}/${{Z_CLIENT_CODE_PATCHLEVEL}}/bootstrap" + CLIENT_REPO_NAME="susemanager:bootstrap" + CLIENT_REPO_FILE="/etc/zypp/repos.d/$CLIENT_REPO_NAME.repo" - if [ -z "$Z_MISSING" ]; then - echo " no packages missing." - setup_bootstrap_repo - else - echo "* going to install missing packages..." + test_venv_enabled - # code10 requires removal of the ZMD stack first - if [ "$Z_CLIENT_CODE_BASE" == "sle" ]; then - if [ "$Z_CLIENT_CODE_VERSION" = "10" ]; then - echo "* check whether to remove the ZMD stack first..." - getZ_ZMD_TODEL - if [ -z "$Z_ZMD_TODEL" ]; then - echo " ZMD stack is not installed. No need to remove it." - else - echo " Disable and remove the ZMD stack..." - # stop any running zmd - if [ -x /usr/sbin/rczmd ]; then - /usr/sbin/rczmd stop - fi - rpm -e --nodeps $Z_ZMD_TODEL || {{ - echo "ERROR: Failed remove the ZMD stack." - exit 1 - }} - fi - fi - fi + getZ_MISSING - # way to add the client software repository depends on the zypp version actually - # installed (original code 10 via 'zypper sa', or code 11 like via .repo files) - # - # Note: We try to install the missing packages even if adding the repo fails. - # Might be some other system repo provides them instead. - if rpm -q zypper --qf '%{{VERSION}}' | grep -q '^0\(\..*\)\?$'; then - - # code10 zypper has no --gpg-auto-import-keys and no reliable return codes. - if [ -n "$CLIENT_REPO_URL" ]; then - echo " adding client software repository at $CLIENT_REPO_URL" - zypper --non-interactive --no-gpg-checks sd $CLIENT_REPO_NAME - zypper --non-interactive --no-gpg-checks sa $CLIENT_REPO_URL $CLIENT_REPO_NAME - zypper --non-interactive --no-gpg-checks refresh "$CLIENT_REPO_NAME" - fi - zypper --non-interactive --no-gpg-checks in $Z_MISSING - for P in $Z_MISSING; do - rpm -q --whatprovides "$P" || {{ - echo "ERROR: Failed to install all missing packages." - exit 1 - }} - done - setup_bootstrap_repo + if [ -z "$Z_MISSING" ]; then + echo " no packages missing." + setup_bootstrap_repo else + echo "* going to install missing packages..." - setup_bootstrap_repo + # code10 requires removal of the ZMD stack first + if [ "$Z_CLIENT_CODE_BASE" == "sle" ]; then + if [ "$Z_CLIENT_CODE_VERSION" = "10" ]; then + echo "* check whether to remove the ZMD stack first..." + getZ_ZMD_TODEL + if [ -z "$Z_ZMD_TODEL" ]; then + echo " ZMD stack is not installed. No need to remove it." + else + echo " Disable and remove the ZMD stack..." + # stop any running zmd + if [ -x /usr/sbin/rczmd ]; then + /usr/sbin/rczmd stop + fi + rpm -e --nodeps $Z_ZMD_TODEL || {{ + echo "ERROR: Failed remove the ZMD stack." + exit 1 + }} + fi + fi + fi - zypper --non-interactive --gpg-auto-import-keys refresh "$CLIENT_REPO_NAME" - # install missing packages - zypper --non-interactive in $Z_MISSING - for P in $Z_MISSING; do - rpm -q --whatprovides "$P" || {{ - echo "ERROR: Failed to install all missing packages." - exit 1 - }} - done + # way to add the client software repository depends on the zypp version actually + # installed (original code 10 via 'zypper sa', or code 11 like via .repo files) + # + # Note: We try to install the missing packages even if adding the repo fails. + # Might be some other system repo provides them instead. + if rpm -q zypper --qf '%{{VERSION}}' | grep -q '^0\(\..*\)\?$'; then + + # code10 zypper has no --gpg-auto-import-keys and no reliable return codes. + if [ -n "$CLIENT_REPO_URL" ]; then + echo " adding client software repository at $CLIENT_REPO_URL" + zypper --non-interactive --no-gpg-checks sd $CLIENT_REPO_NAME + zypper --non-interactive --no-gpg-checks sa $CLIENT_REPO_URL $CLIENT_REPO_NAME + zypper --non-interactive --no-gpg-checks refresh "$CLIENT_REPO_NAME" + fi + zypper --non-interactive --no-gpg-checks in $Z_MISSING + for P in $Z_MISSING; do + rpm -q --whatprovides "$P" || {{ + echo "ERROR: Failed to install all missing packages." + exit 1 + }} + done + setup_bootstrap_repo + else + setup_bootstrap_repo + + zypper --non-interactive --gpg-auto-import-keys refresh "$CLIENT_REPO_NAME" + # install missing packages + zypper --non-interactive in $Z_MISSING + for P in $Z_MISSING; do + rpm -q --whatprovides "$P" || {{ + echo "ERROR: Failed to install all missing packages." + exit 1 + }} + done + + fi fi - fi - - # on code10 we need to convert metadata of installed products - if [ "$Z_CLIENT_CODE_BASE" == "sle" ]; then - if [ "$Z_CLIENT_CODE_VERSION" = "10" ]; then - test -e "/usr/share/zypp/migrate/10-11.migrate.products.sh" && {{ - echo "* check whether we have to to migrate metadata..." - sh /usr/share/zypp/migrate/10-11.migrate.products.sh || {{ - echo "ERROR: Failed to migrate product metadata." - exit 1 - }} - }} + + # on code10 we need to convert metadata of installed products + if [ "$Z_CLIENT_CODE_BASE" == "sle" ]; then + if [ "$Z_CLIENT_CODE_VERSION" = "10" ]; then + test -e "/usr/share/zypp/migrate/10-11.migrate.products.sh" && {{ + echo "* check whether we have to to migrate metadata..." + sh /usr/share/zypp/migrate/10-11.migrate.products.sh || {{ + echo "ERROR: Failed to migrate product metadata." + exit 1 + }} + }} + fi fi - fi - get_rhnlib_pkgs - # try update main packages for registration from any repo which is available - zypper --non-interactive up {PKG_NAME_UPDATE} $RHNLIB_PKG ||: + get_rhnlib_pkgs + # try update main packages for registration from any repo which is available + if [ "0$VENV_ENABLED" -eq 1 ]; then + zypper --non-interactive up {PKG_NAME_VENV_UPDATE} ||: + else + zypper --non-interactive up {PKG_NAME_UPDATE} $RHNLIB_PKG ||: + fi elif [ "$INSTALLER" == apt ]; then function check_deb_pkg_installed {{ @@ -610,13 +657,13 @@ def getRegistrationStackSh(saltEnabled): local VERSION="" local VARIANT_ID="" - if [ -f /etc/os-release ]; then + if [ -f /etc/os-release ]; then BASE=$(source /etc/os-release; echo $ID) VERSION=$(source /etc/os-release; echo $VERSION_ID) VARIANT_ID=$(source /etc/os-release; echo $VARIANT_ID) fi A_CLIENT_CODE_BASE="${{BASE:-unknown}}" - local VERCOMPS=(${{VERSION/\./ }}) # split into an array 18.04 -> (18 04) + local VERCOMPS=(${{VERSION/\./ }}) # split into an array 18.04 -> (18 04) A_CLIENT_CODE_MAJOR_VERSION=${{VERCOMPS[0]}} # Ubuntu only if [ "${{BASE}}" == "ubuntu" ]; then @@ -627,6 +674,9 @@ def getRegistrationStackSh(saltEnabled): function getA_MISSING() {{ local NEEDED="salt-common salt-minion" + if [ "0$VENV_ENABLED" -eq 1 ]; then + NEEDED="venv-salt-minion" + fi A_MISSING="" for P in $NEEDED; do check_deb_pkg_installed "$P" || A_MISSING="$A_MISSING $P" @@ -634,64 +684,76 @@ def getRegistrationStackSh(saltEnabled): }} function test_deb_repo_exists() {{ - local repourl="$CLIENT_REPO_URL" + local repourl="$CLIENT_REPO_URL" - $FETCH $repourl/dists/bootstrap/Release - if [ ! -f "Release" ] ; then - echo "Bootstrap repo '$repourl' does not exist." - repourl="" - CLIENT_REPO_URL="" - fi - rm -f Release + $FETCH $repourl/dists/bootstrap/Release + if [ ! -f "Release" ]; then + echo "Bootstrap repo '$repourl' does not exist." + repourl="" + CLIENT_REPO_URL="" + fi + rm -f Release }} function setup_deb_bootstrap_repo() {{ - local repopath="$CLIENT_REPO_FILE" - local repourl="$CLIENT_REPO_URL" + local repopath="$CLIENT_REPO_FILE" + local repourl="$CLIENT_REPO_URL" - test_deb_repo_exists + test_deb_repo_exists - if [ -n "$CLIENT_REPO_URL" ]; then - echo " adding client software repository at $repourl" - echo "deb [trusted=yes] $repourl bootstrap main" >"$repopath" - fi + if [ -n "$CLIENT_REPO_URL" ]; then + echo " adding client software repository at $repourl" + echo "deb [trusted=yes] $repourl bootstrap main" >"$repopath" + fi }} echo "* check for necessary packages being installed..." getA_CLIENT_CODE_BASE if [ "${{A_CLIENT_CODE_BASE}}" == "astra" ]; then - echo "* client codebase is ${{A_CLIENT_CODE_BASE}}-${{A_CLIENT_VARIANT_ID}}" + echo "* client codebase is ${{A_CLIENT_CODE_BASE}}-${{A_CLIENT_VARIANT_ID}}" else - echo "* client codebase is ${{A_CLIENT_CODE_BASE}}-${{A_CLIENT_CODE_MAJOR_VERSION}}.${{A_CLIENT_CODE_MINOR_VERSION}}" + echo "* client codebase is ${{A_CLIENT_CODE_BASE}}-${{A_CLIENT_CODE_MAJOR_VERSION}}.${{A_CLIENT_CODE_MINOR_VERSION}}" fi - getA_MISSING CLIENT_REPOS_ROOT="${{CLIENT_REPOS_ROOT:-${{HTTPS_PUB_DIRECTORY}}/repositories}}" # Debian does not need minor version in the bootstrap repo URL - if [ "${{A_CLIENT_CODE_BASE}}" == "debian" ]; then - CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{A_CLIENT_CODE_BASE}}/${{A_CLIENT_CODE_MAJOR_VERSION}}/bootstrap" + if [ "${{A_CLIENT_CODE_BASE}}" == "debian" ] || [ "${{A_CLIENT_CODE_BASE}}" == "raspbian" ]; then + CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{A_CLIENT_CODE_BASE}}/${{A_CLIENT_CODE_MAJOR_VERSION}}/bootstrap" elif [ "${{A_CLIENT_CODE_BASE}}" == "astra" ]; then - CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{A_CLIENT_CODE_BASE}}/${{A_CLIENT_VARIANT_ID}}/bootstrap" + CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{A_CLIENT_CODE_BASE}}/${{A_CLIENT_VARIANT_ID}}/bootstrap" else - CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{A_CLIENT_CODE_BASE}}/${{A_CLIENT_CODE_MAJOR_VERSION}}/${{A_CLIENT_CODE_MINOR_VERSION}}/bootstrap" + CLIENT_REPO_URL="${{CLIENT_REPOS_ROOT}}/${{A_CLIENT_CODE_BASE}}/${{A_CLIENT_CODE_MAJOR_VERSION}}/${{A_CLIENT_CODE_MINOR_VERSION}}/bootstrap" fi CLIENT_REPO_NAME="susemanager_bootstrap" CLIENT_REPO_FILE="/etc/apt/sources.list.d/$CLIENT_REPO_NAME.list" setup_deb_bootstrap_repo + test_venv_enabled + + getA_MISSING + apt-get --yes update if [ -z "$A_MISSING" ]; then echo " no packages missing." else echo "* going to install missing packages..." - # check if there are any leftovers from previous salt-minion installs and purge them - if [ dpkg-query -W -f='${{Status}}' salt-minion 2>/dev/null | grep -q "deinstall ok config-files" ]; then + # check if there are any leftovers from previous salt-minion installs and purge them + SALT_MINION_PKG="salt-minion" + if [ "0$VENV_ENABLED" -eq 1 ]; then + SALT_MINION_PKG="venv-salt-minion" + fi + dpkg-query -W -f='${{Status}}' "$SALT_MINION_PKG" 2>/dev/null | grep -q "deinstall ok config-files" + if [ "$?" -eq 0 ]; then echo "* purging previous Salt config files" - apt-get purge salt-minion - apt-get purge salt-common - rm -rf /etc/salt/minion.d/ + apt-get --yes purge "$SALT_MINION_PKG" + if [ "0$VENV_ENABLED" -eq 1 ]; then + rm -rf /etc/opt/venv-salt-minion/ + else + apt-get purge salt-common + rm -rf /etc/salt/minion.d/ + fi fi apt-get --yes install --no-install-recommends $A_MISSING @@ -703,7 +765,11 @@ def getRegistrationStackSh(saltEnabled): done fi # try update main packages for registration from any repo which is available - apt-get --yes install --no-install-recommends --only-upgrade salt-common salt-minion ||: + if [ "0$VENV_ENABLED" -eq 1 ]; then + apt-get --yes install --no-install-recommends --only-upgrade venv-salt-minion ||: + else + apt-get --yes install --no-install-recommends --only-upgrade salt-common salt-minion ||: + fi # remove bootstrap repo rm -f $CLIENT_REPO_FILE @@ -714,7 +780,10 @@ def getRegistrationStackSh(saltEnabled): """.format(PKG_NAME=' '.join(PKG_NAME), PKG_NAME_YUM=' '.join(PKG_NAME_YUM), PKG_NAME_UPDATE=' '.join(PKG_NAME_UPDATE), - PKG_NAME_UPDATE_YUM=' '.join(PKG_NAME_UPDATE_YUM)) + PKG_NAME_UPDATE_YUM=' '.join(PKG_NAME_UPDATE_YUM), + PKG_NAME_VENV=' '.join(PKG_NAME_VENV), + PKG_NAME_VENV_UPDATE=' '.join(PKG_NAME_VENV_UPDATE), + PKG_NAME_VENV_UPDATE_YUM=' '.join(PKG_NAME_VENV_UPDATE_YUM)) def getConfigFilesSh(): return """\ @@ -729,11 +798,11 @@ def getConfigFilesSh(): rm -f ${CLIENT_OVERRIDES} $FETCH ${HTTPS_PUB_DIRECTORY}/bootstrap/${CLIENT_OVERRIDES} -if [ ! -f "client_config_update.py" ] ; then +if [ ! -f "client_config_update.py" ]; then echo "ERROR: client_config_update.py was not downloaded" exit 1 fi -if [ ! -f "${CLIENT_OVERRIDES}" ] ; then +if [ ! -f "${CLIENT_OVERRIDES}" ]; then echo "ERROR: ${CLIENT_OVERRIDES} was not downloaded" exit 1 fi @@ -743,7 +812,7 @@ def getConfigFilesSh(): def getUp2dateScriptsSh(): return """\ echo "* running the update scripts" -if [ -x "/usr/bin/python" ] ; then +if [ -x "/usr/bin/python" ]; then PYTHON=/usr/bin/python elif [ -x /usr/bin/python3 ]; then PYTHON=/usr/bin/python3 @@ -751,13 +820,13 @@ def getUp2dateScriptsSh(): echo "No python found" exit 1 fi -if [ -f "/etc/sysconfig/rhn/rhn_register" ] ; then +if [ -f "/etc/sysconfig/rhn/rhn_register" ]; then echo " . rhn_register config file" $PYTHON -u client_config_update.py /etc/sysconfig/rhn/rhn_register ${CLIENT_OVERRIDES} fi -if [ -f "/etc/sysconfig/rhn/up2date" ] ; then - echo " . up2date config file" - $PYTHON -u client_config_update.py /etc/sysconfig/rhn/up2date ${CLIENT_OVERRIDES} +if [ -f "/etc/sysconfig/rhn/up2date" ]; then + echo " . up2date config file" + $PYTHON -u client_config_update.py /etc/sysconfig/rhn/up2date ${CLIENT_OVERRIDES} fi """ @@ -768,7 +837,7 @@ def getGPGKeyImportSh(): echo echo "PREPARE GPG KEYS AND CORPORATE PUBLIC CA CERT" echo "-------------------------------------------------" -if [ ! -z "$ORG_GPG_KEY" ] ; then +if [ ! -z "$ORG_GPG_KEY" ]; then echo echo "* importing organizational GPG keys" for GPG_KEY in $(echo "$ORG_GPG_KEY" | tr "," " "); do @@ -777,7 +846,7 @@ def getGPGKeyImportSh(): # get the major version of up2date # this will also work for RHEL 5 and systems where no up2date is installed res=$(LC_ALL=C rpm -q --queryformat '%{version}' up2date | sed -e 's/\..*//g') - if [ "x$res" == "x2" ] ; then + if [ "x$res" == "x2" ]; then gpg $(up2date --gpg-flags) --import $GPG_KEY else rpm --import $GPG_KEY @@ -794,91 +863,91 @@ def getGPGKeyImportSh(): def getCorpCACertSh(): return """\ echo - if [ "$INSTALLER" == "apt" ]; then - CERT_DIR=/usr/local/share/ca-certificates/susemanager - TRUST_DIR=/usr/local/share/ca-certificates/susemanager - UPDATE_TRUST_CMD="/usr/sbin/update-ca-certificates" - ORG_CA_CERT_IS_RPM_YN=0 - ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT - else - CERT_DIR=/usr/share/rhn - TRUST_DIR=/etc/pki/ca-trust/source/anchors - UPDATE_TRUST_CMD="/usr/bin/update-ca-trust extract" - fi - - if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then - # get name from config - CERT_FILE=$(basename $(sed -n 's/^sslCACert *= *//p' "${CLIENT_OVERRIDES}")) - elif [ "$INSTALLER" == "apt" ]; then - CERT_FILE="${ORG_CA_CERT}.crt" - else - CERT_FILE=${ORG_CA_CERT} - fi - - function updateCertificates() { - if [ -d /etc/pki/ca-trust/source/anchors -a -x /usr/bin/update-ca-trust ]; then - TRUST_DIR=/etc/pki/ca-trust/source/anchors - elif [ -d /etc/pki/trust/anchors/ -a -x /usr/sbin/update-ca-certificates ]; then - # SLE 12 - TRUST_DIR=/etc/pki/trust/anchors - UPDATE_TRUST_CMD="/usr/sbin/update-ca-certificates" - elif [ -d /etc/ssl/certs -a -x /usr/bin/c_rehash -a "$INSTALLER" == "zypper" ]; then - # SLE 11 - TRUST_DIR=/etc/ssl/certs - UPDATE_TRUST_CMD="/usr/bin/c_rehash" - rm -f $TRUST_DIR/RHN-ORG-TRUSTED-SSL-CERT.pem - rm -f $TRUST_DIR/RHN-ORG-TRUSTED-SSL-CERT-*.pem - if [ -f $CERT_DIR/$CERT_FILE ]; then - ln -sf $CERT_DIR/$CERT_FILE $TRUST_DIR/RHN-ORG-TRUSTED-SSL-CERT.pem - if [ $(grep -- "-----BEGIN CERTIFICATE-----" $CERT_DIR/$CERT_FILE | wc -l) -gt 1 ]; then - csplit -b "%02d.pem" -f $TRUST_DIR/RHN-ORG-TRUSTED-SSL-CERT- $CERT_DIR/$CERT_FILE '/-----BEGIN CERTIFICATE-----/' '{*}' - fi - fi - $UPDATE_TRUST_CMD >/dev/null - return - fi - - if [ ! -d $TRUST_DIR ]; then - return - fi - if [ "$CERT_DIR" != "$TRUST_DIR" ]; then - if [ -f $CERT_DIR/$CERT_FILE ]; then - ln -sf $CERT_DIR/$CERT_FILE $TRUST_DIR - else - rm -f $TRUST_DIR/$CERT_FILE - fi - fi - $UPDATE_TRUST_CMD - } - - echo "* attempting to install corporate public CA cert" - - ### Check for Dynamic CA-Trust Updates - applies to RedHat and SLE-ES systems ### - if [ -x /usr/bin/update-ca-trust ] ; then - if [ "$(/usr/bin/update-ca-trust check | grep 'PEM/JAVA Status: DISABLED')" != "" ]; then - echo "ERROR: Dynamic CA-Trust > Updates are disabled. Enable Dynamic CA-Trust Updates with '/usr/bin/update-ca-trust force-enable'" - echo "Finally, restart the onboarding sequence." - exit 1 - fi - fi - - test -d ${CERT_DIR} || mkdir -p ${CERT_DIR} - rm -f ${ORG_CA_CERT} - $FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT} - - if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then - rpm -Uvh --force --replacefiles --replacepkgs ${ORG_CA_CERT} - rm -f ${ORG_CA_CERT} - else - mv ${ORG_CA_CERT} ${CERT_DIR}/${CERT_FILE} - fi - - if [ $ORG_CA_CERT_IS_RPM_YN -eq 0 ] ; then - # symlink & update certificates is already done in rpm post-install script - # no need to be done again if we have installed rpm - echo "* update certificates" - updateCertificates - fi + if [ "$INSTALLER" == "apt" ]; then + CERT_DIR=/usr/local/share/ca-certificates/susemanager + TRUST_DIR=/usr/local/share/ca-certificates/susemanager + UPDATE_TRUST_CMD="/usr/sbin/update-ca-certificates" + ORG_CA_CERT_IS_RPM_YN=0 + ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT + else + CERT_DIR=/usr/share/rhn + TRUST_DIR=/etc/pki/ca-trust/source/anchors + UPDATE_TRUST_CMD="/usr/bin/update-ca-trust extract" + fi + + if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ]; then + # get name from config + CERT_FILE=$(basename $(sed -n 's/^sslCACert *= *//p' "${CLIENT_OVERRIDES}")) + elif [ "$INSTALLER" == "apt" ]; then + CERT_FILE="${ORG_CA_CERT}.crt" + else + CERT_FILE=${ORG_CA_CERT} + fi + + function updateCertificates() { + if [ -d /etc/pki/ca-trust/source/anchors -a -x /usr/bin/update-ca-trust ]; then + TRUST_DIR=/etc/pki/ca-trust/source/anchors + elif [ -d /etc/pki/trust/anchors/ -a -x /usr/sbin/update-ca-certificates ]; then + # SLE 12 + TRUST_DIR=/etc/pki/trust/anchors + UPDATE_TRUST_CMD="/usr/sbin/update-ca-certificates" + elif [ -d /etc/ssl/certs -a -x /usr/bin/c_rehash -a "$INSTALLER" == "zypper" ]; then + # SLE 11 + TRUST_DIR=/etc/ssl/certs + UPDATE_TRUST_CMD="/usr/bin/c_rehash" + rm -f $TRUST_DIR/RHN-ORG-TRUSTED-SSL-CERT.pem + rm -f $TRUST_DIR/RHN-ORG-TRUSTED-SSL-CERT-*.pem + if [ -f $CERT_DIR/$CERT_FILE ]; then + ln -sf $CERT_DIR/$CERT_FILE $TRUST_DIR/RHN-ORG-TRUSTED-SSL-CERT.pem + if [ $(grep -- "-----BEGIN CERTIFICATE-----" $CERT_DIR/$CERT_FILE | wc -l) -gt 1 ]; then + csplit -b "%02d.pem" -f $TRUST_DIR/RHN-ORG-TRUSTED-SSL-CERT- $CERT_DIR/$CERT_FILE '/-----BEGIN CERTIFICATE-----/' '{*}' + fi + fi + $UPDATE_TRUST_CMD >/dev/null + return + fi + + if [ ! -d $TRUST_DIR ]; then + return + fi + if [ "$CERT_DIR" != "$TRUST_DIR" ]; then + if [ -f $CERT_DIR/$CERT_FILE ]; then + ln -sf $CERT_DIR/$CERT_FILE $TRUST_DIR + else + rm -f $TRUST_DIR/$CERT_FILE + fi + fi + $UPDATE_TRUST_CMD + } + + echo "* attempting to install corporate public CA cert" + + ### Check for Dynamic CA-Trust Updates - applies to RedHat and SLE-ES systems ### + if [ -x /usr/bin/update-ca-trust ]; then + if [ "$(/usr/bin/update-ca-trust check | grep 'PEM/JAVA Status: DISABLED')" != "" ]; then + echo "ERROR: Dynamic CA-Trust > Updates are disabled. Enable Dynamic CA-Trust Updates with '/usr/bin/update-ca-trust force-enable'" + echo "Finally, restart the onboarding sequence." + exit 1 + fi + fi + + test -d ${CERT_DIR} || mkdir -p ${CERT_DIR} + rm -f ${ORG_CA_CERT} + $FETCH ${HTTPS_PUB_DIRECTORY}/${ORG_CA_CERT} + + if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ]; then + rpm -Uvh --force --replacefiles --replacepkgs ${ORG_CA_CERT} + rm -f ${ORG_CA_CERT} + else + mv ${ORG_CA_CERT} ${CERT_DIR}/${CERT_FILE} + fi + + if [ $ORG_CA_CERT_IS_RPM_YN -eq 0 ]; then + # symlink & update certificates is already done in rpm post-install script + # no need to be done again if we have installed rpm + echo "* update certificates" + updateCertificates + fi """ @@ -886,30 +955,30 @@ def getCorpCACertSh(): #5/16/05 wregglej 159437 - changed script to use rhn-actions-control def getAllowConfigManagement(): return """\ -if [ $ALLOW_CONFIG_ACTIONS -eq 1 ] ; then +if [ $ALLOW_CONFIG_ACTIONS -eq 1 ]; then echo echo "* setting permissions to allow configuration management" echo " NOTE: use an activation key to subscribe to the tools" - if [ "$INSTALLER" == zypper ] ; then + if [ "$INSTALLER" == zypper ]; then echo " channel and zypper install/update rhncfg-actions" echo " or zypper install/update mgr-cfg-actions starting with 4.0" - elif [ "$INSTALLER" == yum ] ; then + elif [ "$INSTALLER" == yum ]; then echo " channel and yum upgrade rhncfg-actions" echo " or yum upgrade mgr-cfg-actions starting with 4.0" else echo " channel and up2date rhncfg-actions" echo " or up2date mgr-cfg-actions starting with 4.0" fi - if [ -x "/usr/bin/rhn-actions-control" ] ; then + if [ -x "/usr/bin/rhn-actions-control" ]; then rhn-actions-control --enable-all rhn-actions-control --disable-run else echo "Error setting permissions for configuration management." echo " Please ensure that the activation key subscribes the" - if [ "$INSTALLER" == zypper ] ; then + if [ "$INSTALLER" == zypper ]; then echo " system to the tools channel and zypper install/update rhncfg-actions" echo " or zypper install/update mgr-cfg-actions starting with 4.0." - elif [ "$INSTALLER" == yum ] ; then + elif [ "$INSTALLER" == yum ]; then echo " system to the tools channel and yum updates rhncfg-actions" echo " or yum update mgr-cfg-actions starting with 4.0." else @@ -926,29 +995,29 @@ def getAllowConfigManagement(): #5/16/05 wregglej 158437 - changed script to use rhn-actions-control def getAllowRemoteCommands(): return """\ -if [ $ALLOW_REMOTE_COMMANDS -eq 1 ] ; then +if [ $ALLOW_REMOTE_COMMANDS -eq 1 ]; then echo echo "* setting permissions to allow remote commands" echo " NOTE: use an activation key to subscribe to the tools" - if [ "$INSTALLER" == zypper ] ; then + if [ "$INSTALLER" == zypper ]; then echo " channel and zypper update rhncfg-actions" echo " or zypper update mgr-cfg-actions starting with 4.0" - elif [ "$INSTALLER" == yum ] ; then + elif [ "$INSTALLER" == yum ]; then echo " channel and yum upgrade rhncfg-actions" echo " or yum upgrade mgr-cfg-actions starting with 4.0" else echo " channel and up2date rhncfg-actions" echo " or up2date mgr-cfg-actions starting with 4.0" fi - if [ -x "/usr/bin/rhn-actions-control" ] ; then + if [ -x "/usr/bin/rhn-actions-control" ]; then rhn-actions-control --enable-run else echo "Error setting permissions for remote commands." echo " Please ensure that the activation key subscribes the" - if [ "$INSTALLER" == zypper ] ; then + if [ "$INSTALLER" == zypper ]; then echo " system to the tools channel and zypper update rhncfg-actions" echo " or zypper update mgr-cfg-actions starting with 4.0." - elif [ "$INSTALLER" == yum ] ; then + elif [ "$INSTALLER" == yum ]; then echo " system to the tools channel and yum updates rhncfg-actions" echo " or yum update mgr-cfg-actions starting with 4.0." else @@ -973,7 +1042,7 @@ def getRegistrationSh(productName): # If you require use of several different activation keys, copy this file and # change the string as needed. # -if [ -z "$ACTIVATION_KEYS" ] ; then +if [ -z "$ACTIVATION_KEYS" ]; then echo "*** ERROR: in order to bootstrap {productName} clients, an activation key or keys" echo " must be created in the {productName} web user interface, and the" echo " corresponding key or keys string (XKEY,YKEY,...) must be mapped to" @@ -981,22 +1050,22 @@ def getRegistrationSh(productName): exit 1 fi -if [ -n "$REACTIVATION_KEY" ] ; then +if [ -n "$REACTIVATION_KEY" ]; then ACTIVATION_KEYS="$REACTIVATION_KEY,$ACTIVATION_KEYS" fi -if [ $REGISTER_THIS_BOX -eq 1 ] ; then +if [ $REGISTER_THIS_BOX -eq 1 ]; then echo "* registering" files="" directories="" - if [ $ALLOW_CONFIG_ACTIONS -eq 1 ] ; then + if [ $ALLOW_CONFIG_ACTIONS -eq 1 ]; then for i in "/etc/sysconfig/rhn/allowed-actions /etc/sysconfig/rhn/allowed-actions/configfiles"; do [ -d "$i" ] || (mkdir -p $i && directories="$i $directories") done [ -f /etc/sysconfig/rhn/allowed-actions/configfiles/all ] || files="$files /etc/sysconfig/rhn/allowed-actions/configfiles/all" [ -n "$files" ] && touch $files fi - if [ -z "$PROFILENAME" ] ; then + if [ -z "$PROFILENAME" ]; then profilename_opt="" else profilename_opt="--profilename=$PROFILENAME" @@ -1006,14 +1075,14 @@ def getRegistrationSh(productName): [ -n "$files" ] && rm -f $files [ -n "$directories" ] && rmdir $directories if [ $RET -eq 0 ]; then - echo - echo "*** this system should now be registered, please verify ***" - echo + echo + echo "*** this system should now be registered, please verify ***" + echo else - echo - echo "*** Error: Registering the system failed." - echo - exit 1 + echo + echo "*** Error: Registering the system failed." + echo + exit 1 fi else echo "* explicitly not registering" @@ -1033,15 +1102,22 @@ def getRegistrationSaltSh(productName): # change the string as needed. # -if [[ $ACTIVATION_KEYS =~ , ]] ; then +if [[ $ACTIVATION_KEYS =~ , ]]; then echo "*** ERROR: Multiple activation keys are not supported with salt!" exit 1 fi MINION_ID_FILE="/etc/salt/minion_id" SUSEMANAGER_MASTER_FILE="/etc/salt/minion.d/susemanager.conf" +MINION_SERVICE="salt-minion" + +if [ "0$VENV_ENABLED" -eq 1 ]; then + MINION_ID_FILE="/etc/opt/venv-salt-minion/minion_id" + SUSEMANAGER_MASTER_FILE="/etc/opt/venv-salt-minion/minion.d/susemanager.conf" + MINION_SERVICE="venv-salt-minion" +fi -if [ $REGISTER_THIS_BOX -eq 1 ] ; then +if [ $REGISTER_THIS_BOX -eq 1 ]; then echo "* registering" echo "$MYNAME" > "$MINION_ID_FILE" @@ -1064,7 +1140,7 @@ def getRegistrationSaltSh(productName): grains: susemanager: EOF - if [ -n "$ACTIVATION_KEYS" ] ; then + if [ -n "$ACTIVATION_KEYS" ]; then echo "Using activation key: \"$ACTIVATION_KEYS\"" cat <>"$SUSEMANAGER_MASTER_FILE" activation_key: "$(echo $ACTIVATION_KEYS | cut -d, -f1)" @@ -1093,12 +1169,12 @@ def getRegistrationSaltSh(productName): echo "* starting salt daemon and enabling it during boot" -if [ -f /usr/lib/systemd/system/salt-minion.service ] || [ -f /lib/systemd/system/salt-minion.service ] ; then - systemctl enable salt-minion - systemctl restart salt-minion +if [ -f /usr/lib/systemd/system/$MINION_SERVICE.service ] || [ -f /lib/systemd/system/$MINION_SERVICE.service ]; then + systemctl enable $MINION_SERVICE + systemctl restart $MINION_SERVICE else - /etc/init.d/salt-minion restart - /sbin/chkconfig --add salt-minion + /etc/init.d/$MINION_SERVICE restart + /sbin/chkconfig --add $MINION_SERVICE fi echo "-bootstrap complete-" """.format(productName=productName) @@ -1116,39 +1192,41 @@ def removeTLSCertificate(): return """\ function removeTLSCertificate() { if [ "$INSTALLER" == "apt" ]; then - CERT_DIR=/usr/local/share/ca-certificates/susemanager - TRUST_DIR=/usr/local/share/ca-certificates/susemanager - UPDATE_TRUST_CMD="/usr/sbin/update-ca-certificates" - ORG_CA_CERT_IS_RPM_YN=0 - ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT + CERT_DIR=/usr/local/share/ca-certificates/susemanager + TRUST_DIR=/usr/local/share/ca-certificates/susemanager + UPDATE_TRUST_CMD="/usr/sbin/update-ca-certificates" + ORG_CA_CERT_IS_RPM_YN=0 + ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT else - CERT_DIR=/usr/share/rhn - TRUST_DIR=/etc/pki/ca-trust/source/anchors - UPDATE_TRUST_CMD="/usr/bin/update-ca-trust extract" + CERT_DIR=/usr/share/rhn + TRUST_DIR=/etc/pki/ca-trust/source/anchors + UPDATE_TRUST_CMD="/usr/bin/update-ca-trust extract" fi - if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ] ; then + if [ $ORG_CA_CERT_IS_RPM_YN -eq 1 ]; then CERT_FILE=$(basename $(sed -n 's/^sslCACert *= *//p' "${CLIENT_OVERRIDES}")) rpm -e `basename ${ORG_CA_CERT} .rpm` else if [ -f /usr/share/rhn/${ORG_CA_CERT} ]; then - CERT_FILE=${ORG_CA_CERT} - rm -f /usr/share/rhn/${ORG_CA_CERT} + CERT_FILE=${ORG_CA_CERT} + rm -f /usr/share/rhn/${ORG_CA_CERT} elif [ -f /usr/local/share/ca-certificates/susemanager/${ORG_CA_CERT}.crt ]; then - CERT_FILE=${ORG_CA_CERT}.crt - rm -f /usr/local/share/ca-certificates/susemanager/${CERT_FILE} + CERT_FILE=${ORG_CA_CERT}.crt + rm -f /usr/local/share/ca-certificates/susemanager/${CERT_FILE} fi fi updateCertificates } - """ +""" def getUp2dateTheBoxSh(productName, saltEnabled): if saltEnabled: PKG_NAME_ZYPPER = PKG_NAME_ZYPPER_SYNC = \ PKG_NAME_YUM = PKG_NAME_YUM_SYNC = "salt salt-minion" + PKG_NAME_VENV_ZYPPER = PKG_NAME_VENV_ZYPPER_SYNC = \ + PKG_NAME_VENV_YUM = PKG_NAME_VENV_YUM_SYNC = "venv-salt-minion" else: PKG_NAME_ZYPPER = "zypp-plugin-spacewalk" PKG_NAME_YUM = "yum-rhn-plugin" @@ -1163,102 +1241,126 @@ def getUp2dateTheBoxSh(productName, saltEnabled): if [ $DISABLE_YAST_AUTOMATIC_ONLINE_UPDATE -eq 1 ]; then YAOU_SYSCFGFILE="/etc/sysconfig/automatic_online_update" if [ -f "$YAOU_SYSCFGFILE" ]; then - echo "* Disable YAST automatic online update." - sed -i 's/^ *AOU_ENABLE_CRONJOB.*/AOU_ENABLE_CRONJOB="false"/' "$YAOU_SYSCFGFILE" - for D in /etc/cron.*; do - test -L $D/opensuse.org-online_update && rm $D/opensuse.org-online_update - done + echo "* Disable YAST automatic online update." + sed -i 's/^ *AOU_ENABLE_CRONJOB.*/AOU_ENABLE_CRONJOB="false"/' "$YAOU_SYSCFGFILE" + for D in /etc/cron.*; do + test -L $D/opensuse.org-online_update && rm $D/opensuse.org-online_update + done fi fi -if [ "$INSTALLER" == zypper ] ; then - test -d /var/lib/suseRegister && touch /var/lib/suseRegister/neverRegisterOnBoot +if [ "$INSTALLER" == zypper ]; then + test -d /var/lib/suseRegister && touch /var/lib/suseRegister/neverRegisterOnBoot fi -if [ $DISABLE_LOCAL_REPOS -eq 1 ] && [ $SALT_ENABLED -eq 0 ] ; then - if [ "$INSTALLER" == zypper ] ; then - echo "* Disable all repos not provided by SUSE Manager Server." - zypper ms -d --all - zypper ms -e --medium-type plugin - zypper mr -d --all - zypper mr -e --medium-type plugin - zypper mr -e "$CLIENT_REPO_NAME" - elif [ "$INSTALLER" == yum ] ; then +if [ $DISABLE_LOCAL_REPOS -eq 1 ] && [ $SALT_ENABLED -eq 0 ]; then + if [ "$INSTALLER" == zypper ]; then + echo "* Disable all repos not provided by SUSE Manager Server." + zypper ms -d --all + zypper ms -e --medium-type plugin + zypper mr -d --all + zypper mr -e --medium-type plugin + zypper mr -e "$CLIENT_REPO_NAME" + elif [ "$INSTALLER" == yum ]; then echo "* Disable all repos not provided by SUSE Manager Server."; - for F in /etc/yum.repos.d/*.repo; do - test -f "$F" || continue - # parse throught the file and make sure each repo section contains 'enabled=0' - awk ' - BEGIN {{ saw=0 }} - /^ *[[]/ {{ if ( saw==1 ) print "enabled=0"; else saw=1 }} - /^ *enabled *=/ {{ print "enabled=0"; saw=2; next }} - {{ print }} - END {{ if ( saw==1 ) print "enabled=0" }} - ' "$F" > "$F.bootstrap.tmp" && mv "$F.bootstrap.tmp" "$F" - test -f "$F.bootstrap.tmp" && {{ - echo "*** Error: Failed to process '$F'; check manually if all repos inside are disabled." - rm "$F.bootstrap.tmp" - }} - done + for F in /etc/yum.repos.d/*.repo; do + test -f "$F" || continue + # parse throught the file and make sure each repo section contains 'enabled=0' + awk ' + BEGIN {{ saw=0 }} + /^ *[[]/ {{ if ( saw==1 ) print "enabled=0"; else saw=1 }} + /^ *enabled *=/ {{ print "enabled=0"; saw=2; next }} + {{ print }} + END {{ if ( saw==1 ) print "enabled=0" }} + ' "$F" > "$F.bootstrap.tmp" && mv "$F.bootstrap.tmp" "$F" + test -f "$F.bootstrap.tmp" && {{ + echo "*** Error: Failed to process '$F'; check manually if all repos inside are disabled." + rm "$F.bootstrap.tmp" + }} + done fi fi -if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then - if [ "$INSTALLER" == zypper ] ; then - echo "zypper --non-interactive up zypper {PKG_NAME_ZYPPER_SYNC}; zypper --non-interactive up (conditional)" - elif [ "$INSTALLER" == yum ] ; then - echo "yum -y upgrade yum {PKG_NAME_YUM_SYNC}; yum upgrade (conditional)" +if [ $FULLY_UPDATE_THIS_BOX -eq 1 ]; then + if [ "$INSTALLER" == zypper ]; then + if [ "0$VENV_ENABLED" -eq 1 ]; then + echo "zypper --non-interactive up zypper {PKG_NAME_VENV_ZYPPER_SYNC}; zypper --non-interactive up (conditional)" + else + echo "zypper --non-interactive up zypper {PKG_NAME_ZYPPER_SYNC}; zypper --non-interactive up (conditional)" + fi + elif [ "$INSTALLER" == yum ]; then + if [ "0$VENV_ENABLED" -eq 1 ]; then + echo "yum -y upgrade yum {PKG_NAME_VENV_YUM_SYNC}; yum upgrade (conditional)" + else + echo "yum -y upgrade yum {PKG_NAME_YUM_SYNC}; yum upgrade (conditional)" + fi else echo "up2date up2date; up2date -p; up2date -uf (conditional)" fi else - if [ "$INSTALLER" == zypper ] ; then - echo "zypper --non-interactive up zypper {PKG_NAME_ZYPPER_SYNC}" - elif [ "$INSTALLER" == yum ] ; then - echo "yum -y upgrade yum {PKG_NAME_YUM_SYNC}" + if [ "$INSTALLER" == zypper ]; then + if [ "0$VENV_ENABLED" -eq 1 ]; then + echo "zypper --non-interactive up zypper {PKG_NAME_VENV_ZYPPER_SYNC}" + else + echo "zypper --non-interactive up zypper {PKG_NAME_ZYPPER_SYNC}" + fi + elif [ "$INSTALLER" == yum ]; then + if [ "0$VENV_ENABLED" -eq 1 ]; then + echo "yum -y upgrade yum {PKG_NAME_VENV_YUM_SYNC}" + else + echo "yum -y upgrade yum {PKG_NAME_YUM_SYNC}" + fi else echo "up2date up2date; up2date -p" fi fi echo "but any post configuration action can be added here. " echo "------------------------------------------------------" -if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then +if [ $FULLY_UPDATE_THIS_BOX -eq 1 ]; then echo "* completely updating the box" else echo "* ensuring $INSTALLER itself is updated" fi -if [ "$INSTALLER" == zypper ] ; then +if [ "$INSTALLER" == zypper ]; then zypper lr -u - if [ $SALT_ENABLED -eq 0 ] ; then + if [ $SALT_ENABLED -eq 0 ]; then zypper --non-interactive ref -s fi - zypper --non-interactive up zypper {PKG_NAME_ZYPPER} - if [ $SALT_ENABLED -eq 0 ] ; then - if [ -x /usr/sbin/rhn-profile-sync ] ; then + if [ "0$VENV_ENABLED" -eq 1 ]; then + zypper --non-interactive up zypper {PKG_NAME_VENV_ZYPPER} + else + zypper --non-interactive up zypper {PKG_NAME_ZYPPER} + fi + if [ $SALT_ENABLED -eq 0 ]; then + if [ -x /usr/sbin/rhn-profile-sync ]; then /usr/sbin/rhn-profile-sync else echo "Error updating system info in {productName}." - echo " Please ensure that rhn-profile-sync in installed and rerun it." + echo " Please ensure that rhn-profile-sync is installed and rerun it." fi fi - if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then + if [ $FULLY_UPDATE_THIS_BOX -eq 1 ]; then zypper --non-interactive up fi -elif [ "$INSTALLER" == yum ] ; then +elif [ "$INSTALLER" == yum ]; then yum repolist - /usr/bin/yum -y upgrade yum {PKG_NAME_YUM} - if [ $SALT_ENABLED -eq 0 ] ; then - if [ -x /usr/sbin/rhn-profile-sync ] ; then + if [ "0$VENV_ENABLED" -eq 1 ]; then + /usr/bin/yum -y upgrade yum {PKG_NAME_VENV_YUM} + else + /usr/bin/yum -y upgrade yum {PKG_NAME_YUM} + fi + if [ $SALT_ENABLED -eq 0 ]; then + if [ -x /usr/sbin/rhn-profile-sync ]; then /usr/sbin/rhn-profile-sync else echo "Error updating system info in {productName}." - echo " Please ensure that rhn-profile-sync in installed and rerun it." + echo " Please ensure that rhn-profile-sync is installed and rerun it." fi fi - if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then + if [ $FULLY_UPDATE_THIS_BOX -eq 1 ]; then /usr/bin/yum -y upgrade fi else /usr/sbin/up2date up2date /usr/sbin/up2date -p - if [ $FULLY_UPDATE_THIS_BOX -eq 1 ] ; then + if [ $FULLY_UPDATE_THIS_BOX -eq 1 ]; then /usr/sbin/up2date -uf fi fi @@ -1268,4 +1370,8 @@ def getUp2dateTheBoxSh(productName, saltEnabled): PKG_NAME_YUM_SYNC=PKG_NAME_YUM_SYNC, PKG_NAME_ZYPPER=PKG_NAME_ZYPPER, PKG_NAME_YUM=PKG_NAME_YUM, + PKG_NAME_VENV_ZYPPER_SYNC=PKG_NAME_VENV_ZYPPER_SYNC, + PKG_NAME_VENV_YUM_SYNC=PKG_NAME_VENV_YUM_SYNC, + PKG_NAME_VENV_ZYPPER=PKG_NAME_VENV_ZYPPER, + PKG_NAME_VENV_YUM=PKG_NAME_VENV_YUM, productName=productName) diff --git a/spacewalk/certs-tools/spacewalk-certs-tools.changes b/spacewalk/certs-tools/spacewalk-certs-tools.changes index 07a0dbc825fc..806e9fb41fcc 100644 --- a/spacewalk/certs-tools/spacewalk-certs-tools.changes +++ b/spacewalk/certs-tools/spacewalk-certs-tools.changes @@ -1,3 +1,7 @@ +- added support of bootstrapping Raspbian 10 and 9 + with bootstrap script +- added support of bootstrapping with salt bundle + ------------------------------------------------------------------- Thu Jun 10 13:45:38 CEST 2021 - jgonzalez@suse.com diff --git a/susemanager-utils/susemanager-sls/salt/actionchains/force_restart_minion.sh b/susemanager-utils/susemanager-sls/salt/actionchains/force_restart_minion.sh index 0eefe7e6ed66..df8bc6aba0f7 100644 --- a/susemanager-utils/susemanager-sls/salt/actionchains/force_restart_minion.sh +++ b/susemanager-utils/susemanager-sls/salt/actionchains/force_restart_minion.sh @@ -1,14 +1,24 @@ #!/bin/bash if [ "$(readlink /proc/1/exe)" = "/sbin/init" ]; then # SysV, use pid ctime as service start time - T0=$(date -d "$(stat -c '%z' /var/run/salt-minion.pid | sed -E 's/(.*) (\+|\-)(.*)/\1/g')" "+%s") - RESTART_MINION="/usr/sbin/rcsalt-minion restart" + SALT_MINION_NAME="salt-minion" + SALT_MINION_PID="/var/run/salt-minion.pid" + if [ -f /var/run/venv-salt-minion.pid ]; then + SALT_MINION_NAME="venv-salt-minion" + SALT_MINION_PID="/var/run/venv-salt-minion.pid" + fi + T0=$(date -d "$(stat -c '%z' "$SALT_MINION_PID" | sed -E 's/(.*) (\+|\-)(.*)/\1/g')" "+%s") + RESTART_MINION="/usr/sbin/rc$SALT_MINION_NAME restart" else # systemd - TIME=$(systemctl show salt-minion --property=ActiveEnterTimestamp) + SALT_MINION_NAME="salt-minion" + if systemctl status venv-salt-minion > /dev/null 2>&1; then + SALT_MINION_NAME="venv-salt-minion" + fi + TIME=$(systemctl show "$SALT_MINION_NAME" --property=ActiveEnterTimestamp) TIME="${TIME//ActiveEnterTimestamp=/}" T0=$(date -d "$TIME" '+%s') - RESTART_MINION="systemctl restart salt-minion" + RESTART_MINION="systemctl restart $SALT_MINION_NAME" fi T1=$(date '+%s') diff --git a/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls b/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls index d3065df9a913..147e12d6657a 100644 --- a/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls +++ b/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls @@ -70,6 +70,8 @@ mgr_server_localhost_alias_absent: {% set bootstrap_repo_url = 'https://' ~ salt['pillar.get']('mgr_server') ~ '/pub/repositories/ubuntu/' ~ osrelease[0] ~ '/' ~ osrelease[1].lstrip('0') ~ '/bootstrap/' %} {%- elif grains['os'] == 'AstraLinuxCE' %} {% set bootstrap_repo_url = 'https://' ~ salt['pillar.get']('mgr_server') ~ '/pub/repositories/astra/' ~ grains['oscodename'] ~ '/bootstrap/' %} +{%- elif grains['os'] == 'Raspbian' %} +{% set bootstrap_repo_url = 'https://' ~ salt['pillar.get']('mgr_server') ~ '/pub/repositories/raspbian/' ~ grains['osmajorrelease'] ~ '/bootstrap/' %} {%- else %} {% set bootstrap_repo_url = 'https://' ~ salt['pillar.get']('mgr_server') ~ '/pub/repositories/debian/' ~ grains['osmajorrelease'] ~ '/bootstrap/' %} {%- endif %} @@ -127,16 +129,39 @@ bootstrap_repo: - ([ {{ bootstrap_repo_exists }} = "True" ]) {%- endif %} +{%- if grains['os_family'] == 'RedHat' %} +trust_res_gpg_key: + cmd.run: + - name: rpm --import https://{{ salt['pillar.get']('mgr_server') }}/pub/{{ salt['pillar.get']('gpgkeys:res:file') }} + - unless: rpm -q {{ salt['pillar.get']('gpgkeys:res:name') }} + - runas: root +{%- elif grains['os_family'] == 'Debian' %} +install_gnupg_debian: + pkg.latest: + - pkgs: + - gnupg +{%- endif %} + {% include 'channels/gpg-keys.sls' %} +{%- set salt_minion_name = 'salt-minion' %} +{%- set salt_config_dir = '/etc/salt' %} +{% set venv_available_request = salt['http.query'](bootstrap_repo_url + 'venv-enabled-' + grains['osarch'] + '.txt', status=True, verify_ssl=False) %} +{# Prefer venv-salt-minion if available and not disabled #} +{%- set use_venv_salt = (0 < venv_available_request.get('status', 404) < 300) and not salt['pillar.get']('mgr_avoid_venv_salt_minion') %} +{%- if use_venv_salt %} +{%- set salt_minion_name = 'venv-salt-minion' %} +{%- set salt_config_dir = '/etc/opt/venv-salt-minion' %} +{%- endif -%} + salt-minion-package: pkg.installed: - - name: salt-minion + - name: {{ salt_minion_name }} - install_recommends: False - require: - file: bootstrap_repo -/etc/salt/minion.d/susemanager.conf: +{{ salt_config_dir }}/minion.d/susemanager.conf: file.managed: - source: - salt://bootstrap/susemanager.conf @@ -145,7 +170,7 @@ salt-minion-package: - require: - pkg: salt-minion-package -/etc/salt/minion_id: +{{ salt_config_dir }}/minion_id: file.managed: - contents_pillar: minion_id - require: @@ -170,7 +195,7 @@ mgr_update_basic_pkgs: # Manage minion key files in case they are provided in the pillar {% if pillar['minion_pub'] is defined and pillar['minion_pem'] is defined %} -/etc/salt/pki/minion/minion.pub: +{{ salt_config_dir }}/pki/minion/minion.pub: file.managed: - contents_pillar: minion_pub - mode: 644 @@ -178,7 +203,7 @@ mgr_update_basic_pkgs: - require: - pkg: salt-minion-package -/etc/salt/pki/minion/minion.pem: +{{ salt_config_dir }}/pki/minion/minion.pem: file.managed: - contents_pillar: minion_pem - mode: 400 @@ -186,25 +211,26 @@ mgr_update_basic_pkgs: - require: - pkg: salt-minion-package -salt-minion: +{{ salt_minion_name }}: service.running: + - name: {{ salt_minion_name }} - enable: True - require: - pkg: salt-minion-package - host: mgr_server_localhost_alias_absent - watch: - - file: /etc/salt/minion_id - - file: /etc/salt/pki/minion/minion.pem - - file: /etc/salt/pki/minion/minion.pub - - file: /etc/salt/minion.d/susemanager.conf + - file: {{ salt_config_dir }}/minion_id + - file: {{ salt_config_dir }}/pki/minion/minion.pem + - file: {{ salt_config_dir }}/pki/minion/minion.pub + - file: {{ salt_config_dir }}/minion.d/susemanager.conf {% else %} -salt-minion: +{{ salt_minion_name }}: service.running: - enable: True - require: - pkg: salt-minion-package - host: mgr_server_localhost_alias_absent - watch: - - file: /etc/salt/minion_id - - file: /etc/salt/minion.d/susemanager.conf + - file: {{ salt_config_dir }}/minion_id + - file: {{ salt_config_dir }}/minion.d/susemanager.conf {% endif %} diff --git a/susemanager-utils/susemanager-sls/salt/certs/Raspbian10.sls b/susemanager-utils/susemanager-sls/salt/certs/Raspbian10.sls new file mode 120000 index 000000000000..b67650a87f3e --- /dev/null +++ b/susemanager-utils/susemanager-sls/salt/certs/Raspbian10.sls @@ -0,0 +1 @@ +Debian10.sls \ No newline at end of file diff --git a/susemanager-utils/susemanager-sls/salt/certs/Raspbian9.sls b/susemanager-utils/susemanager-sls/salt/certs/Raspbian9.sls new file mode 120000 index 000000000000..912c78aa10c8 --- /dev/null +++ b/susemanager-utils/susemanager-sls/salt/certs/Raspbian9.sls @@ -0,0 +1 @@ +Debian9.sls \ No newline at end of file diff --git a/susemanager-utils/susemanager-sls/salt/channels/channels.repo b/susemanager-utils/susemanager-sls/salt/channels/channels.repo index 6779849ec47b..d916f2c4ccdc 100644 --- a/susemanager-utils/susemanager-sls/salt/channels/channels.repo +++ b/susemanager-utils/susemanager-sls/salt/channels/channels.repo @@ -5,9 +5,9 @@ {%- set protocol = salt['pillar.get']('pkg_download_point_protocol', 'https')%} {%- set hostname = salt['pillar.get']('pkg_download_point_host', args['host'])%} {%- set port = salt['pillar.get']('pkg_download_point_port', args.get('port', 443))%} -{%- if grains['os'] == 'Debian' or grains['os'] == 'Ubuntu' %} +{%- if grains['os_family'] == 'Debian' %} {%- set apt_version = salt['pkg.version']("apt") %} -{%- set apt_support_acd = grains['os_family'] == 'Debian' and apt_version and salt['pkg.version_cmp'](apt_version, "1.6.10") > 0 %} +{%- set apt_support_acd = apt_version and salt['pkg.version_cmp'](apt_version, "1.6.10") > 0 %} {%- if apt_support_acd %} deb {{ '[trusted=yes]' if not pillar.get('mgr_metadata_signing_enabled', false) else '[signed-by=/usr/share/keyrings/mgr-archive-keyring.gpg]' }} {{protocol}}://{{hostname}}:{{port}}/rhn/manager/download {{ chan }} main diff --git a/susemanager-utils/susemanager-sls/salt/services/salt-minion.sls b/susemanager-utils/susemanager-sls/salt/services/salt-minion.sls index 7fcec85f7364..31910afd49d0 100644 --- a/susemanager-utils/susemanager-sls/salt/services/salt-minion.sls +++ b/susemanager-utils/susemanager-sls/salt/services/salt-minion.sls @@ -1,4 +1,11 @@ {% include 'bootstrap/remove_traditional_stack.sls' %} +{%- set salt_minion_name = 'salt-minion' %} +{%- set susemanager_minion_config = '/etc/salt/minion.d/susemanager.conf' %} +{# Prefer venv-salt-minion if installed #} +{%- if salt['pkg.version']('venv-salt-minion') %} +{%- set salt_minion_name = 'venv-salt-minion' %} +{%- set susemanager_minion_config = '/etc/opt/venv-salt-minion/minion.d/susemanager.conf' %} +{%- endif -%} {%- if salt['pillar.get']('contact_method') not in ['ssh-push', 'ssh-push-tunnel'] %} @@ -6,38 +13,38 @@ {# removed to prevent trouble on the next regular minion restart #} mgr_remove_management_key_grains: file.replace: - - name: /etc/salt/minion.d/susemanager.conf + - name: {{ susemanager_minion_config }} - pattern: '^\s*management_key:.*$' - repl: '' - - onlyif: grep 'management_key:' /etc/salt/minion.d/susemanager.conf + - onlyif: grep 'management_key:' {{ susemanager_minion_config }} {# activation keys are only usefull on first registration #} {# removed to prevent trouble on the next regular minion restart #} mgr_remove_activation_key_grains: file.replace: - - name: /etc/salt/minion.d/susemanager.conf + - name: {{ susemanager_minion_config }} - pattern: '^\s*activation_key:.*$' - repl: '' - - onlyif: grep 'activation_key:' /etc/salt/minion.d/susemanager.conf + - onlyif: grep 'activation_key:' {{ susemanager_minion_config }} {# add SALT_RUNNING env variable in case it's not present on the configuration #} mgr_append_salt_running_env_configuration: file.append: - - name: /etc/salt/minion.d/susemanager.conf + - name: {{ susemanager_minion_config }} - text: | system-environment: modules: pkg: _: SALT_RUNNING: 1 - - unless: grep 'system-environment' /etc/salt/minion.d/susemanager.conf + - unless: grep 'system-environment' {{ susemanager_minion_config }} mgr_salt_minion: pkg.installed: - - name: salt-minion + - name: {{ salt_minion_name }} - order: last service.running: - - name: salt-minion + - name: {{ salt_minion_name }} - enable: True - order: last {% endif %} diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_disable_fqdns_grain.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_disable_fqdns_grain.sls index 4cb9a68e6001..5ff96c06a0cb 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_disable_fqdns_grain.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_disable_fqdns_grain.sls @@ -1,11 +1,18 @@ +{%- set salt_minion_name = 'salt-minion' %} +{%- set susemanager_minion_config = '/etc/salt/minion.d/susemanager.conf' %} +{# Prefer venv-salt-minion if installed #} +{%- if salt['pkg.version']('venv-salt-minion') %} +{%- set salt_minion_name = 'venv-salt-minion' %} +{%- set susemanager_minion_config = '/etc/opt/venv-salt-minion/minion.d/susemanager.conf' %} +{%- endif -%} mgr_disable_fqdns_grains: file.append: - - name: /etc/salt/minion.d/susemanager.conf + - name: {{ susemanager_minion_config }} - text: "enable_fqdns_grains: False" mgr_salt_minion: service.running: - - name: salt-minion + - name: {{ salt_minion_name }} - enable: True - order: last - watch: diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_mine_config_clean_up.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_mine_config_clean_up.sls index 52cc24b530bf..99bfca8c024e 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_mine_config_clean_up.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_mine_config_clean_up.sls @@ -1,12 +1,19 @@ {%- if salt['pillar.get']('contact_method') not in ['ssh-push', 'ssh-push-tunnel'] %} +{%- set salt_minion_name = 'salt-minion' %} +{%- set susemanager_minion_config = '/etc/salt/minion.d/susemanager-mine.conf' %} +{# Prefer venv-salt-minion if installed #} +{%- if salt['pkg.version']('venv-salt-minion') %} +{%- set salt_minion_name = 'venv-salt-minion' %} +{%- set susemanager_minion_config = '/etc/opt/venv-salt-minion/minion.d/susemanager-mine.conf' %} +{%- endif -%} mgr_disable_mine: file.managed: - - name: /etc/salt/minion.d/susemanager-mine.conf + - name: {{ susemanager_minion_config }} - contents: "mine_enabled: False" mgr_salt_minion: service.running: - - name: salt-minion + - name: {{ salt_minion_name }} - enable: True - order: last - watch: diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_start_event_grains.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_start_event_grains.sls index 55b502a11cff..cf5eff9af589 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_start_event_grains.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_start_event_grains.sls @@ -1,8 +1,10 @@ +{%- set susemanager_minion_config = '/etc/salt/minion.d/susemanager.conf' %} +{# Prefer venv-salt-minion if installed #} +{%- if salt['pkg.version']('venv-salt-minion') %} +{%- set susemanager_minion_config = '/etc/opt/venv-salt-minion/minion.d/susemanager.conf' %} +{%- endif -%} mgr_start_event_grains: file.append: - - name: /etc/salt/minion.d/susemanager.conf + - name: {{ susemanager_minion_config }} - text: | - start_event_grains: - - machine_id - - saltboot_initrd - - susemanager + start_event_grains: [machine_id, saltboot_initrd, susemanager] diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls new file mode 100644 index 000000000000..d6bb5311b1cb --- /dev/null +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls @@ -0,0 +1,100 @@ +{%- set susemanager_conf='/etc/salt/minion.d/susemanager.conf' %} +{%- set venv_susemanager_conf='/etc/opt/venv-salt-minion/minion.d/susemanager.conf' %} +{%- set managed_minion=salt['file.file_exists'](susemanager_conf) and + not salt['file.replace'](susemanager_conf, '^master: .*', 'master: ' + pillar['mgr_server'], + dry_run=True, show_changes=False, ignore_if_missing=True) %} +{%- set venv_managed_minion=salt['file.file_exists'](venv_susemanager_conf) and + not salt['file.replace'](venv_susemanager_conf, '^master: .*', 'master: ' + pillar['mgr_server'], + dry_run=True, show_changes=False, ignore_if_missing=True) %} +{%- if managed_minion or venv_managed_minion %} +{%- set pkgs_installed = salt['pkg.info_installed']() %} +{%- set venv_minion_installed = pkgs_installed.get('venv-salt-minion', False) and True %} +{%- set venv_minion_available = venv_minion_installed or salt['pkg.latest_version']('venv-salt-minion') or False %} +{%- if venv_minion_available %} +venv-salt-minion-pkg: + pkg.installed: + - name: venv-salt-minion + - onlyif: + - ([ {{ venv_minion_installed }} = "False" ]) + +copy-salt-minion-id: + file.copy: + - name: /etc/opt/venv-salt-minion/minion_id + - source: /etc/salt/minion_id + - require: + - pkg: venv-salt-minion-pkg + - onlyif: + - test -f /etc/salt/minion_id + +copy-salt-minion-configs: + cmd.run: + - name: cp -r /etc/salt/minion.d /etc/opt/venv-salt-minion/ + - require: + - pkg: venv-salt-minion-pkg + - onlyif: + - ([ {{ venv_managed_minion }} = "False" ]) + +copy-salt-minion-keys: + cmd.run: + - name: cp -r /etc/salt/pki/minion/minion* /etc/opt/venv-salt-minion/pki/minion/ + - require: + - cmd: copy-salt-minion-configs + - onlyif: + - test -f /etc/salt/pki/minion/minion_master.pub + - unless: + - test -f /etc/opt/venv-salt-minion/pki/minion/minion_master.pub + +enable-venv-salt-minion: + service.running: + - name: venv-salt-minion + - enable: True + - require: + - cmd: copy-salt-minion-keys + +disable-salt-minion: + service.dead: + - name: salt-minion + - enable: False + - require: + - service: enable-venv-salt-minion + +{%- if salt['pillar.get']('mgr_purge_non_venv_salt') %} +purge-non-venv-salt-packages: + pkg.purged: + - pkgs: + - salt + - salt-common + - salt-minion + - python2-salt + - python3-salt + - require: + - service: disable-salt-minion +{%- endif %} + +{%- if salt['pillar.get']('mgr_purge_non_venv_salt_files') %} +purge-non-venv-salt-pki-dir: + cmd.run: + - name: rm -rf /etc/salt/minion* /etc/salt/pki/minion + - onlyif: + - test -d /etc/salt/pki/minion + - require: + - service: disable-salt-minion + +purge-non-venv-salt-conf-dir: + file.absent: + - name: /etc/salt + - unless: + - find /etc/salt -type f -print -quit | grep -q . + - require: + - cmd: purge-non-venv-salt-pki-dir +{%- endif %} +{%- else %} +venv-salt-minion-unavailable: + test.fail_without_changes: + - comment: venv-salt-minion package is not available +{%- endif %} +{%- else %} +salt-minion-of-another-master: + test.fail_without_changes: + - comment: The salt-minion is managed by another master +{%- endif %} diff --git a/susemanager-utils/susemanager-sls/susemanager-sls.changes b/susemanager-utils/susemanager-sls/susemanager-sls.changes index a5a13bb6dba4..0c9c3aa23624 100644 --- a/susemanager-utils/susemanager-sls/susemanager-sls.changes +++ b/susemanager-utils/susemanager-sls/susemanager-sls.changes @@ -1,3 +1,6 @@ +- Add support for bootstrapping Raspbian 9 and 10 +- Add support for bootstrapping with salt bundle + ------------------------------------------------------------------- Thu Jun 10 13:46:47 CEST 2021 - jgonzalez@suse.com diff --git a/susemanager/src/mgr-create-bootstrap-repo b/susemanager/src/mgr-create-bootstrap-repo index 376ac4a50601..a8595c6e2347 100755 --- a/susemanager/src/mgr-create-bootstrap-repo +++ b/susemanager/src/mgr-create-bootstrap-repo @@ -559,7 +559,7 @@ def create_repo(label, options, mgr_bootstrap_data, additional=[]): "Description: $desc\n") codename="bootstrap" reprepro_conf = reprepro_conf_tmpl.substitute(origin="mgr", - label="mgr", codename=codename, arches="amd64 i386", comps="main", desc="Bootstrap repo") + label="mgr", codename=codename, arches="amd64 i386 armhf", comps="main", desc="Bootstrap repo") reprepro_conf_dir = os.path.join(destdirtmp, "conf") if not os.path.exists(reprepro_conf_dir): os.makedirs(reprepro_conf_dir) @@ -577,6 +577,18 @@ def create_repo(label, options, mgr_bootstrap_data, additional=[]): return 1 else: os.system("createrepo -s sha %s" % destdirtmp) + # ensure venv-enabled-{ARCH}.txt doesn't exist in repo with no salt bundle package + # create venv-enabled-{ARCH}.txt for repos with salt bundle package + for file_path in glob.glob(os.path.join(destdirtmp, 'venv-enabled-*.txt')): + os.remove(file_path) + for file_path in glob.glob(os.path.join(destdirtmp, '**/venv-salt-minion*.*'), recursive=True): + rel_path = os.path.relpath(file_path, start=destdirtmp) + (l_path, ext) = rel_path.rsplit('.', 1) + if ext: + (l_path, arch) = l_path.rsplit('.' if ext == 'rpm' else '_', 1) + with open(os.path.join(destdirtmp, "venv-enabled-{}.txt".format(arch)), "w") as venv_enabled_file: + venv_enabled_file.write("{}\n".format(rel_path)) + venv_enabled_file.close() # move tmp dir to final location if os.path.exists(destdir): os.rename(destdir, destdirold) diff --git a/susemanager/susemanager.changes b/susemanager/susemanager.changes index cb88c1aa082c..de484f22f3d7 100644 --- a/susemanager/susemanager.changes +++ b/susemanager/susemanager.changes @@ -1,3 +1,5 @@ +- Add the salt bundle support to mgr-create-bootstrap-repo + ------------------------------------------------------------------- Fri Jun 18 12:41:57 CEST 2021 - jgonzalez@suse.com @@ -9,7 +11,7 @@ Wed Jun 16 10:59:25 CEST 2021 - jgonzalez@suse.com - version 4.2.16-1 - Fix database corruption after migrating the server to PostgreSQL 13 (bsc#1187217) - + ------------------------------------------------------------------- Mon Jun 14 17:33:40 CEST 2021 - jgonzalez@suse.com From c022fdfde48767f7097b92b5733bf922e1758f0a Mon Sep 17 00:00:00 2001 From: Victor Zhestkov Date: Fri, 18 Jun 2021 13:38:28 +0300 Subject: [PATCH 2/3] Fix VENV_ENABLED conditions and IDs for util.mgr_switch_to_venv_minion --- .../certs-tools/rhn_bootstrap_strings.py | 35 +++++++++-------- .../salt/util/mgr_switch_to_venv_minion.sls | 38 +++++++++---------- 2 files changed, 38 insertions(+), 35 deletions(-) diff --git a/spacewalk/certs-tools/rhn_bootstrap_strings.py b/spacewalk/certs-tools/rhn_bootstrap_strings.py index 8af7b281d425..06d3f9f5d6de 100644 --- a/spacewalk/certs-tools/rhn_bootstrap_strings.py +++ b/spacewalk/certs-tools/rhn_bootstrap_strings.py @@ -155,7 +155,7 @@ # Avoid installing venv-salt-minion instead salt-minion # even if it available in the bootstrap repo -AVOID_VENV_SALT_MINION=0 +AVOID_VENV_SALT_MINION={avoid_venv} # # ----------------------------------------------------------------------------- @@ -163,6 +163,8 @@ # ----------------------------------------------------------------------------- # +VENV_ENABLED=0 + # # do not try to register a SUSE Manager server at itself # @@ -248,6 +250,7 @@ def getHeader(productName, options, orgCACert, isRpmYN, pubname, apachePubDirect hostname=options.hostname, orgCACert=orgCACert, isRpmYN=isRpmYN, + avoid_venv=1 if bool(options.no_bundle) else 0, using_ssl=1, using_gpg=0 if bool(options.no_gpg) else 1, allow_config_actions=options.allow_config_actions, @@ -437,7 +440,7 @@ def getRegistrationStackSh(saltEnabled): function getY_MISSING() {{ local NEEDED="{PKG_NAME_YUM}" - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then NEEDED="{PKG_NAME_VENV}" fi Y_MISSING="" @@ -486,7 +489,7 @@ def getRegistrationStackSh(saltEnabled): fi # try update main packages for registration from any repo which is available get_rhnlib_pkgs - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then yum -y upgrade {PKG_NAME_VENV_UPDATE_YUM} ||: else yum -y upgrade {PKG_NAME_UPDATE_YUM} $RHNLIB_PKG ||: @@ -520,7 +523,7 @@ def getRegistrationStackSh(saltEnabled): function getZ_MISSING() {{ local NEEDED="{PKG_NAME}" - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then NEEDED="{PKG_NAME_VENV}" fi if [ "$Z_CLIENT_CODE_BASE" == "sle" -a "$Z_CLIENT_CODE_VERSION" == "10" ]; then @@ -641,7 +644,7 @@ def getRegistrationStackSh(saltEnabled): get_rhnlib_pkgs # try update main packages for registration from any repo which is available - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then zypper --non-interactive up {PKG_NAME_VENV_UPDATE} ||: else zypper --non-interactive up {PKG_NAME_UPDATE} $RHNLIB_PKG ||: @@ -674,7 +677,7 @@ def getRegistrationStackSh(saltEnabled): function getA_MISSING() {{ local NEEDED="salt-common salt-minion" - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then NEEDED="venv-salt-minion" fi A_MISSING="" @@ -741,14 +744,14 @@ def getRegistrationStackSh(saltEnabled): echo "* going to install missing packages..." # check if there are any leftovers from previous salt-minion installs and purge them SALT_MINION_PKG="salt-minion" - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then SALT_MINION_PKG="venv-salt-minion" fi dpkg-query -W -f='${{Status}}' "$SALT_MINION_PKG" 2>/dev/null | grep -q "deinstall ok config-files" if [ "$?" -eq 0 ]; then echo "* purging previous Salt config files" apt-get --yes purge "$SALT_MINION_PKG" - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then rm -rf /etc/opt/venv-salt-minion/ else apt-get purge salt-common @@ -765,7 +768,7 @@ def getRegistrationStackSh(saltEnabled): done fi # try update main packages for registration from any repo which is available - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then apt-get --yes install --no-install-recommends --only-upgrade venv-salt-minion ||: else apt-get --yes install --no-install-recommends --only-upgrade salt-common salt-minion ||: @@ -1111,7 +1114,7 @@ def getRegistrationSaltSh(productName): SUSEMANAGER_MASTER_FILE="/etc/salt/minion.d/susemanager.conf" MINION_SERVICE="salt-minion" -if [ "0$VENV_ENABLED" -eq 1 ]; then +if [ $VENV_ENABLED -eq 1 ]; then MINION_ID_FILE="/etc/opt/venv-salt-minion/minion_id" SUSEMANAGER_MASTER_FILE="/etc/opt/venv-salt-minion/minion.d/susemanager.conf" MINION_SERVICE="venv-salt-minion" @@ -1280,13 +1283,13 @@ def getUp2dateTheBoxSh(productName, saltEnabled): fi if [ $FULLY_UPDATE_THIS_BOX -eq 1 ]; then if [ "$INSTALLER" == zypper ]; then - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then echo "zypper --non-interactive up zypper {PKG_NAME_VENV_ZYPPER_SYNC}; zypper --non-interactive up (conditional)" else echo "zypper --non-interactive up zypper {PKG_NAME_ZYPPER_SYNC}; zypper --non-interactive up (conditional)" fi elif [ "$INSTALLER" == yum ]; then - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then echo "yum -y upgrade yum {PKG_NAME_VENV_YUM_SYNC}; yum upgrade (conditional)" else echo "yum -y upgrade yum {PKG_NAME_YUM_SYNC}; yum upgrade (conditional)" @@ -1296,13 +1299,13 @@ def getUp2dateTheBoxSh(productName, saltEnabled): fi else if [ "$INSTALLER" == zypper ]; then - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then echo "zypper --non-interactive up zypper {PKG_NAME_VENV_ZYPPER_SYNC}" else echo "zypper --non-interactive up zypper {PKG_NAME_ZYPPER_SYNC}" fi elif [ "$INSTALLER" == yum ]; then - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then echo "yum -y upgrade yum {PKG_NAME_VENV_YUM_SYNC}" else echo "yum -y upgrade yum {PKG_NAME_YUM_SYNC}" @@ -1323,7 +1326,7 @@ def getUp2dateTheBoxSh(productName, saltEnabled): if [ $SALT_ENABLED -eq 0 ]; then zypper --non-interactive ref -s fi - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then zypper --non-interactive up zypper {PKG_NAME_VENV_ZYPPER} else zypper --non-interactive up zypper {PKG_NAME_ZYPPER} @@ -1341,7 +1344,7 @@ def getUp2dateTheBoxSh(productName, saltEnabled): fi elif [ "$INSTALLER" == yum ]; then yum repolist - if [ "0$VENV_ENABLED" -eq 1 ]; then + if [ $VENV_ENABLED -eq 1 ]; then /usr/bin/yum -y upgrade yum {PKG_NAME_VENV_YUM} else /usr/bin/yum -y upgrade yum {PKG_NAME_YUM} diff --git a/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls b/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls index d6bb5311b1cb..499d1b89c834 100644 --- a/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls +++ b/susemanager-utils/susemanager-sls/salt/util/mgr_switch_to_venv_minion.sls @@ -11,55 +11,55 @@ {%- set venv_minion_installed = pkgs_installed.get('venv-salt-minion', False) and True %} {%- set venv_minion_available = venv_minion_installed or salt['pkg.latest_version']('venv-salt-minion') or False %} {%- if venv_minion_available %} -venv-salt-minion-pkg: +mgr_venv_salt_minion_pkg: pkg.installed: - name: venv-salt-minion - onlyif: - ([ {{ venv_minion_installed }} = "False" ]) -copy-salt-minion-id: +mgr_copy_salt_minion_id: file.copy: - name: /etc/opt/venv-salt-minion/minion_id - source: /etc/salt/minion_id - require: - - pkg: venv-salt-minion-pkg + - pkg: mgr_venv_salt_minion_pkg - onlyif: - test -f /etc/salt/minion_id -copy-salt-minion-configs: +mgr_copy_salt_minion_configs: cmd.run: - name: cp -r /etc/salt/minion.d /etc/opt/venv-salt-minion/ - require: - - pkg: venv-salt-minion-pkg + - pkg: mgr_venv_salt_minion_pkg - onlyif: - ([ {{ venv_managed_minion }} = "False" ]) -copy-salt-minion-keys: +mgr_copy_salt_minion_keys: cmd.run: - name: cp -r /etc/salt/pki/minion/minion* /etc/opt/venv-salt-minion/pki/minion/ - require: - - cmd: copy-salt-minion-configs + - cmd: mgr_copy_salt_minion_configs - onlyif: - test -f /etc/salt/pki/minion/minion_master.pub - unless: - test -f /etc/opt/venv-salt-minion/pki/minion/minion_master.pub -enable-venv-salt-minion: +mgr_enable_venv_salt_minion: service.running: - name: venv-salt-minion - enable: True - require: - - cmd: copy-salt-minion-keys + - cmd: mgr_copy_salt_minion_keys -disable-salt-minion: +mgr_disable_salt_minion: service.dead: - name: salt-minion - enable: False - require: - - service: enable-venv-salt-minion + - service: mgr_enable_venv_salt_minion {%- if salt['pillar.get']('mgr_purge_non_venv_salt') %} -purge-non-venv-salt-packages: +mgr_purge_non_venv_salt_packages: pkg.purged: - pkgs: - salt @@ -68,33 +68,33 @@ purge-non-venv-salt-packages: - python2-salt - python3-salt - require: - - service: disable-salt-minion + - service: mgr_disable_salt_minion {%- endif %} {%- if salt['pillar.get']('mgr_purge_non_venv_salt_files') %} -purge-non-venv-salt-pki-dir: +mgr_purge_non_venv_salt_pki_dir: cmd.run: - name: rm -rf /etc/salt/minion* /etc/salt/pki/minion - onlyif: - test -d /etc/salt/pki/minion - require: - - service: disable-salt-minion + - service: mgr_disable_salt_minion -purge-non-venv-salt-conf-dir: +mgr_purge_non_venv_salt_conf_dir: file.absent: - name: /etc/salt - unless: - find /etc/salt -type f -print -quit | grep -q . - require: - - cmd: purge-non-venv-salt-pki-dir + - cmd: mgr_purge_non_venv_salt_pki_dir {%- endif %} {%- else %} -venv-salt-minion-unavailable: +mgr_venv_salt_minion_unavailable: test.fail_without_changes: - comment: venv-salt-minion package is not available {%- endif %} {%- else %} -salt-minion-of-another-master: +mgr_salt_minion_of_another_master: test.fail_without_changes: - comment: The salt-minion is managed by another master {%- endif %} From a3e0ffbebc866568e6f32e991fd4b06ae1d9ecbd Mon Sep 17 00:00:00 2001 From: Victor Zhestkov Date: Fri, 18 Jun 2021 13:43:07 +0300 Subject: [PATCH 3/3] Remove duplicated trust_res_gpg_key and install_gnupg_debian --- .../susemanager-sls/salt/bootstrap/init.sls | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls b/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls index 147e12d6657a..17838e4f6285 100644 --- a/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls +++ b/susemanager-utils/susemanager-sls/salt/bootstrap/init.sls @@ -129,19 +129,6 @@ bootstrap_repo: - ([ {{ bootstrap_repo_exists }} = "True" ]) {%- endif %} -{%- if grains['os_family'] == 'RedHat' %} -trust_res_gpg_key: - cmd.run: - - name: rpm --import https://{{ salt['pillar.get']('mgr_server') }}/pub/{{ salt['pillar.get']('gpgkeys:res:file') }} - - unless: rpm -q {{ salt['pillar.get']('gpgkeys:res:name') }} - - runas: root -{%- elif grains['os_family'] == 'Debian' %} -install_gnupg_debian: - pkg.latest: - - pkgs: - - gnupg -{%- endif %} - {% include 'channels/gpg-keys.sls' %} {%- set salt_minion_name = 'salt-minion' %}