On Wed, 13 Jun 2012 08:49:46 -0400 "Musayev, Ilya" <imusa...@webmd.net> wrote:
> That is correct. You can also install via RPM. If I'm not > mistaken, --noplugings will also cut off rhn-plugin and > therefore there will be no rhn repos. > > Ideally, it would be nice to integrate RHN LOCK with > rhn-yum-plugin. That way if system locked - it is truly locked > from both aspects (GUI and CLI) and you would not be able to > disable lock independently. Hello, of course, yum have "--disableplugin=[plugin]" as well. What I wanted to say is: that plugin might be creating some false feeling of something being disabled/secured. If it is meant more "do not incidentally install packages on locked system", then it is OK. Regards, Jan > On Jun 13, 2012, at 6:43 AM, "Jan Hutař" <jhu...@redhat.com> > wrote: > > > On Thu, 7 Jun 2012 18:32:06 -0400 "Musayev, Ilya" > > <imusa...@webmd.net> wrote: > > > >> While RHN has a limitation on locking the host from the Web > >> UI, user is still able to run yum operations from the host > >> (granted user has proper access). > >> > >> I wrote a simple YUM plugin to check if the host is locked > >> in RHN and if it is, prevent yum usage on the host. > >> > >> Needless to say, this is proof of concept and my python > >> skills are lacking, nevertheless it works. > >> > >> TODO: > >> * Move Authentication part into config - easy to do but not > >> secure > >> * Use alternative method of authentication used by > >> rhnplugin - need to see how that can be done - if it all > >> possible > >> > >> I need help with understanding how i can leverage rhnplugin > >> type of auth with RHN Lock Yum Plugin. > >> > >> The proof of concept code is below - if you could make any > >> suggestions and improvements - it would be appreciated. > >> > >> > >> Thanks > >> ilya > >> > >> > >> > >> ----------- /etc/yum/pluginconf.d/rhnlockplugin.conf > >> -------- [main] > >> enabled=1 > >> ------------ > >> > >> > >> ---------- /usr/share/yum-plugins/rhnlockplugin.py > >> ---------- > >> > >> from yum.plugins import PluginYumExit, TYPE_CORE, > >> TYPE_INTERACTIVE from xml.dom import minidom > >> import xmlrpclib > >> > >> requires_api_version = '2.3' > >> plugin_type = (TYPE_CORE, TYPE_INTERACTIVE) > >> > >> def init_hook(conduit): > >> conduit.info(2, 'Checking if system is locked in > >> RHN/Spacewalk') SATELLITE_URL = > >> "http://spacewalk.hostname.com/rpc/api"; SATELLITE_LOGIN = > >> "admin" SATELLITE_PASSWORD = "password" > >> > >> client = xmlrpclib.Server(SATELLITE_URL, verbose=0) > >> > >> key = client.auth.login(SATELLITE_LOGIN, > >> SATELLITE_PASSWORD) > >> > >> #---------------------------------------------------------------------- > >> def getSystemID(xml): > >> """ > >> Print out all names found in xml > >> """ > >> doc = minidom.parse(xml) > >> node = doc.documentElement > >> members = doc.getElementsByTagName("member") > >> > >> for member in members: > >> name = member.getElementsByTagName("name") > >> [0].firstChild.data if name == "system_id": > >> value = \ > >> member.getElementsByTagName("string") > >> [0].firstChild.data return value.replace("ID-","") > >> > >> def getLockStatus(sysID): > >> """ > >> Function to check if the host is locked > >> """ > >> details = client.system.getDetails(key, int(sysID)) > >> if details['lock_status']: > >> #print "ERROR: Skipping RHN/Spacewalk locked > >> #system %s" % sysID > >> raise PluginYumExit('ERROR: Skipping > >> RHN/Spacewalk locked system: %s' % sysID) else: > >> print "NOTE: This host in not locked in > >> RHN/Spacewalk" > >> > >> systemIDfile = '/etc/sysconfig/rhn/systemid' > >> mySystemID = getSystemID(systemIDfile) > >> getLockStatus(getSystemID(systemIDfile)) > >> > >> client.auth.logout(key) > >> ----------------------------------- > > > > Hello, > > not sure what you want to achieve here, but note you can do > > `yum > > --noplugins ...` which would just disable the plugin and > > allow normal yum operation. > > > > Regards, > > Jan > > > > > > > > -- > > Jan Hutar Systems Management QA > > jhu...@redhat.com Red Hat, Inc. -- Jan Hutar Systems Management QA jhu...@redhat.com Red Hat, Inc.
pgpth5xxzcMun.pgp
Description: PGP signature
_______________________________________________ Spacewalk-devel mailing list Spacewalk-devel@redhat.com https://www.redhat.com/mailman/listinfo/spacewalk-devel
