Since the move to pulp 3, this script is no more working properly. Currently, I have no time to continue working on that project and try to find a solution.
By looking at the following link, https://docs.pulpproject.org/pulp_rpm/workflows/upload.html, under Advisory upload, it seems there is a way to upload advisories in json format. If someone can write a patch to add support for that, I'll be more than happy to integrate it
This script imports CentOS Errata into Katello and use preformatted information from http://cefs.steve-meier.de/
This is a python rewrite of a perl script made by brdude with some modifications, like the use of a redis cache.
To run this script on CentOS you need:
It has been tested on CentOS 7 with the default python version and with python34 from EPEL. I'm using pew to test it inside a python virtual environment
The option "Mirror on Sync" has to be set to "No" for the CentOS repositories. if set to "Yes", the repositories will be mirror from upstream and all erratas will be lost, as upstream doesn't publish erratas
pulp-admin must authenticate to pulp. This authentication information can be provided to pulp-admin in two ways.
mkdir ~/.pulp/
chmod 0700 ~/.pulp/
sudo cat /etc/pki/katello/certs/pulp-client.crt /etc/pki/katello/private/pulp-client.key > ~/.pulp/user-cert.pem
chmod 400 ~/.pulp/user-cert.pem
mkdir ~/.pulp/
chmod 0700 ~/.pulp/
sudo cp /etc/pulp/admin/admin.conf ~/.pulp/
sed -i "20,30s/^# host:.*/host: $(hostname -f)/g" ~/.pulp/admin.conf
PULP_PASS=$(sudo awk '/^default_password/ {print $2}' /etc/pulp/server.conf)
cat >> ~/.pulp/admin.conf << EOF
[auth]
username: admin
password: ${PULP_PASS}
EOF
chmod 0400 ~/.pulp/admin.conf
It is probably advisable to not store these credentials in a normal user's home directory. You might consider using the root user for pulp-admin tasks. Then non-privileged users can be given rights explicitly through sudo. If you choose this way, the previous commands are still valid but as you will be connected as root, using sudo will be useless.
Modify the configuration file to change the bind address if needed, and to enable persistent storage.
Right now, these scripts are not using authentification to connect to the redis server, so protected mode must be disabled (depending of your redis version).
For the reposotiries part, this is a little tricky.
Please feel free to make pull requests for any issues or errors in the script you may find.