On Thu, 7 Jun 2012 18:32:06 -0400 "Musayev, Ilya" <imusa...@webmd.net> wrote:
> While RHN has a limitation on locking the host from the Web > UI, user is still able to run yum operations from the host > (granted user has proper access). > > I wrote a simple YUM plugin to check if the host is locked in > RHN and if it is, prevent yum usage on the host. > > Needless to say, this is proof of concept and my python skills > are lacking, nevertheless it works. > > TODO: > * Move Authentication part into config - easy to do but not > secure > * Use alternative method of authentication used by rhnplugin - > need to see how that can be done - if it all possible > > I need help with understanding how i can leverage rhnplugin > type of auth with RHN Lock Yum Plugin. > > The proof of concept code is below - if you could make any > suggestions and improvements - it would be appreciated. > > > Thanks > ilya > > > > ----------- /etc/yum/pluginconf.d/rhnlockplugin.conf -------- > [main] > enabled=1 > ------------ > > > ---------- /usr/share/yum-plugins/rhnlockplugin.py ---------- > > from yum.plugins import PluginYumExit, TYPE_CORE, > TYPE_INTERACTIVE from xml.dom import minidom > import xmlrpclib > > requires_api_version = '2.3' > plugin_type = (TYPE_CORE, TYPE_INTERACTIVE) > > def init_hook(conduit): > conduit.info(2, 'Checking if system is locked in > RHN/Spacewalk') SATELLITE_URL = > "http://spacewalk.hostname.com/rpc/api"; SATELLITE_LOGIN = > "admin" SATELLITE_PASSWORD = "password" > > client = xmlrpclib.Server(SATELLITE_URL, verbose=0) > > key = client.auth.login(SATELLITE_LOGIN, > SATELLITE_PASSWORD) > > #---------------------------------------------------------------------- > def getSystemID(xml): > """ > Print out all names found in xml > """ > doc = minidom.parse(xml) > node = doc.documentElement > members = doc.getElementsByTagName("member") > > for member in members: > name = member.getElementsByTagName("name") > [0].firstChild.data if name == "system_id": > value = \ > member.getElementsByTagName("string") > [0].firstChild.data return value.replace("ID-","") > > def getLockStatus(sysID): > """ > Function to check if the host is locked > """ > details = client.system.getDetails(key, int(sysID)) > if details['lock_status']: > #print "ERROR: Skipping RHN/Spacewalk locked > #system %s" % sysID > raise PluginYumExit('ERROR: Skipping RHN/Spacewalk > locked system: %s' % sysID) else: > print "NOTE: This host in not locked in > RHN/Spacewalk" > > systemIDfile = '/etc/sysconfig/rhn/systemid' > mySystemID = getSystemID(systemIDfile) > getLockStatus(getSystemID(systemIDfile)) > > client.auth.logout(key) > ----------------------------------- Hello, not sure what you want to achieve here, but note you can do `yum --noplugins ...` which would just disable the plugin and allow normal yum operation. Regards, Jan -- Jan Hutar Systems Management QA jhu...@redhat.com Red Hat, Inc.
pgpbpG0Ej6Xyi.pgp
Description: PGP signature
_______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
