On Wed, 13 Jun 2012 08:49:46 -0400 Musayev, Ilya
imusa...@webmd.net wrote:
That is correct. You can also install via RPM. If I'm not
mistaken, --noplugings will also cut off rhn-plugin and
therefore there will be no rhn repos.
Ideally, it would be nice to integrate RHN LOCK with
rhn-yum-plugin. That way if system locked - it is truly locked
from both aspects (GUI and CLI) and you would not be able to
disable lock independently.
Hello,
of course, yum have --disableplugin=[plugin] as well. What I
wanted to say is: that plugin might be creating some false
feeling of something being disabled/secured. If it is meant more
do not incidentally install packages on locked system, then it
is OK.
Regards,
Jan
On Jun 13, 2012, at 6:43 AM, Jan Hutař jhu...@redhat.com
wrote:
On Thu, 7 Jun 2012 18:32:06 -0400 Musayev, Ilya
imusa...@webmd.net wrote:
While RHN has a limitation on locking the host from the Web
UI, user is still able to run yum operations from the host
(granted user has proper access).
I wrote a simple YUM plugin to check if the host is locked
in RHN and if it is, prevent yum usage on the host.
Needless to say, this is proof of concept and my python
skills are lacking, nevertheless it works.
TODO:
* Move Authentication part into config - easy to do but not
secure
* Use alternative method of authentication used by
rhnplugin - need to see how that can be done - if it all
possible
I need help with understanding how i can leverage rhnplugin
type of auth with RHN Lock Yum Plugin.
The proof of concept code is below - if you could make any
suggestions and improvements - it would be appreciated.
Thanks
ilya
--- /etc/yum/pluginconf.d/rhnlockplugin.conf
[main]
enabled=1
-- /usr/share/yum-plugins/rhnlockplugin.py
--
from yum.plugins import PluginYumExit, TYPE_CORE,
TYPE_INTERACTIVE from xml.dom import minidom
import xmlrpclib
requires_api_version = '2.3'
plugin_type = (TYPE_CORE, TYPE_INTERACTIVE)
def init_hook(conduit):
conduit.info(2, 'Checking if system is locked in
RHN/Spacewalk') SATELLITE_URL =
http://spacewalk.hostname.com/rpc/api; SATELLITE_LOGIN =
admin SATELLITE_PASSWORD = password
client = xmlrpclib.Server(SATELLITE_URL, verbose=0)
key = client.auth.login(SATELLITE_LOGIN,
SATELLITE_PASSWORD)
#--
def getSystemID(xml):
Print out all names found in xml
doc = minidom.parse(xml)
node = doc.documentElement
members = doc.getElementsByTagName(member)
for member in members:
name = member.getElementsByTagName(name)
[0].firstChild.data if name == system_id:
value = \
member.getElementsByTagName(string)
[0].firstChild.data return value.replace(ID-,)
def getLockStatus(sysID):
Function to check if the host is locked
details = client.system.getDetails(key, int(sysID))
if details['lock_status']:
#print ERROR: Skipping RHN/Spacewalk locked
#system %s % sysID
raise PluginYumExit('ERROR: Skipping
RHN/Spacewalk locked system: %s' % sysID) else:
print NOTE: This host in not locked in
RHN/Spacewalk
systemIDfile = '/etc/sysconfig/rhn/systemid'
mySystemID = getSystemID(systemIDfile)
getLockStatus(getSystemID(systemIDfile))
client.auth.logout(key)
---
Hello,
not sure what you want to achieve here, but note you can do
`yum
--noplugins ...` which would just disable the plugin and
allow normal yum operation.
Regards,
Jan
--
Jan Hutar Systems Management QA
jhu...@redhat.com Red Hat, Inc.
--
Jan Hutar Systems Management QA
jhu...@redhat.com Red Hat, Inc.
pgpth5xxzcMun.pgp
Description: PGP signature
___
Spacewalk-devel mailing list
Spacewalk-devel@redhat.com
https://www.redhat.com/mailman/listinfo/spacewalk-devel