search

nicolas-r / katello-centos-errata-import

Imports CentOS (from http://cefs.steve-meier.de/) errata into Katello
28 stars 11 forks source link
centos errata katello

readme

Warning

Since the move to pulp 3, this script is no more working properly. Currently, I have no time to continue working on that project and try to find a solution.

By looking at the following link, https://docs.pulpproject.org/pulp_rpm/workflows/upload.html, under Advisory upload, it seems there is a way to upload advisories in json format. If someone can write a patch to add support for that, I'll be more than happy to integrate it

katello-centos-errata-import

This script imports CentOS Errata into Katello and use preformatted information from http://cefs.steve-meier.de/

This is a python rewrite of a perl script made by brdude with some modifications, like the use of a redis cache.

To run this script on CentOS you need:

It has been tested on CentOS 7 with the default python version and with python34 from EPEL. I'm using pew to test it inside a python virtual environment

Warning

Prerequisites

Katello settings

The option "Mirror on Sync" has to be set to "No" for the CentOS repositories. if set to "Yes", the repositories will be mirror from upstream and all erratas will be lost, as upstream doesn't publish erratas

Authentication

pulp-admin must authenticate to pulp. This authentication information can be provided to pulp-admin in two ways.

  1. User certificate (~/.pulp/user-cert.pem)
    If you are using this script with katello, the foreman-installer creates a certificate suitable for use with pulp. You can use the cert by doing the following:
mkdir ~/.pulp/
chmod 0700 ~/.pulp/
sudo cat /etc/pki/katello/certs/pulp-client.crt /etc/pki/katello/private/pulp-client.key > ~/.pulp/user-cert.pem
chmod 400 ~/.pulp/user-cert.pem
  1. Admin configuration file (~/.pulp/admin.conf)
    You can provide the auth credentials in the pulp-admin configuration file. Simply create ~/.pulp/admin.conf, you can get the password from /etc/pulp/server.conf (default_password).
mkdir ~/.pulp/
chmod 0700 ~/.pulp/
sudo cp /etc/pulp/admin/admin.conf ~/.pulp/
sed -i "20,30s/^# host:.*/host: $(hostname -f)/g" ~/.pulp/admin.conf
PULP_PASS=$(sudo awk '/^default_password/ {print $2}' /etc/pulp/server.conf)
cat >> ~/.pulp/admin.conf << EOF

[auth]
username: admin
password: ${PULP_PASS}
EOF
chmod 0400 ~/.pulp/admin.conf

It is probably advisable to not store these credentials in a normal user's home directory. You might consider using the root user for pulp-admin tasks. Then non-privileged users can be given rights explicitly through sudo. If you choose this way, the previous commands are still valid but as you will be connected as root, using sudo will be useless.

Redis server

Modify the configuration file to change the bind address if needed, and to enable persistent storage.

Right now, these scripts are not using authentification to connect to the redis server, so protected mode must be disabled (depending of your redis version).

Configuration file

For the reposotiries part, this is a little tricky.

Usage

  1. Sync repositories
  2. Run the script download-data.sh to download the last datafiles from Steve Meier and Red Hat sites
  3. Run the script centos-errata-redis-loader.py to store errata data into Redis
  4. Run the script centos-errata-katello-importer.py to start the creation of the errata into Katello
  5. Wait for the repositories synchronizations triggered by the script to finish and the erratas will appear

Contributing

Please feel free to make pull requests for any issues or errors in the script you may find.