Bug 1564867 - update bootstrap.py to works also on RHEL5
Summary: update bootstrap.py to works also on RHEL5
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Bootstrap
Version: 6.3.1
Hardware: All
OS: All
unspecified
high
Target Milestone: 6.5.0
Assignee: Evgeni Golov
QA Contact: Stephen Wadeley
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-08 11:40 UTC by Jan Jansky
Modified: 2019-11-05 22:27 UTC (History)
6 users (show)

Fixed In Version: katello-client-bootstrap-1.7.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-05-14 12:37:00 UTC
Target Upstream Version:


Attachments (Terms of Use)
Script updated to work on RHEL5 (55.78 KB, text/x-python)
2018-04-08 13:09 UTC, Jan Jansky
no flags Details


Links
System ID Priority Status Summary Last Updated
Github Katello katello-client-bootstrap pull 284 None closed make bootstrap.py EL5 compatible again 2020-09-24 21:25:06 UTC
Red Hat Product Errata RHSA-2019:1222 None None None 2019-05-14 12:37:12 UTC

Description Jan Jansky 2018-04-08 11:40:39 UTC
Description of problem: 
subscription-manager on RHEL5 do not have option timeout, but bootstrap.py in Satellite 6.3.1 is using command 

 345     exec_failok("/usr/sbin/subscription-manager config --server.server_timeout=%s" % options.timeout)

It should check RHEL version and when it is 5* it should not use this command


Also it is trying to download katello-ca-consumer-latest.noarch.rpm by default on https which is not possible with Satellite, shouldn't that be by default on http?

 978     parser.add_option("--download-method", dest="download_method", default="https"

timeout is not valid option with urllib2 on python 2.4 (latest on RHEL5)

 520         foreman_ssh_key = urllib2.urlopen(("https://%s:9090/ssh/pubkey" % options.foreman_fqdn), timeout=options.timeout).read()

and biggest problem is with using urllib2 with python 2.4 cannot connect into foreman proxy and download pubkey

as per simple script

#!/usr/bin/python

import urllib2
opener = urllib2.build_opener()
opener.addheaders = [('User-agent', 'Mozilla/5.0')]
opener.open("https://<satellite_url>:9090/ssh/pubkey")

Traceback (most recent call last):
  File "./test.py", line 6, in ?
    opener.open("https://jjansat63.usersys.redhat.com:9090/ssh/pubkey")
  File "/usr/lib64/python2.4/urllib2.py", line 358, in open
    response = self._open(req, data)
  File "/usr/lib64/python2.4/urllib2.py", line 376, in _open
    '_open', req)
  File "/usr/lib64/python2.4/urllib2.py", line 337, in _call_chain
    result = func(*args)
  File "/usr/lib64/python2.4/urllib2.py", line 1126, in https_open
    return self.do_open(httplib.HTTPSConnection, req)
  File "/usr/lib64/python2.4/urllib2.py", line 1092, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error (8, 'EOF occurred in violation of protocol')>

I was not able to find any viable solution how to download pubkey even from curl

curl: (35) Unknown SSL protocol error in connection to <satellite_url>:9090

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install Satellite 6.3.x
2. Install RHEL5 system
3. download bootstrap http://<sat url>/pub/bootstrap.py
4. chmod +x bootstrap.py
5. execute bootstrap.py

Actual results:
[NOTIFICATION], [2018-04-04 08:09:40], [Writing FQDN katello-fact]
FATAL Error - urlopen() got an unexpected keyword argument 'timeout'

Expected results:
Succesful registration/migration to Satellite 6.3

Additional info:

Comment 1 Jan Jansky 2018-04-08 13:09:40 UTC
Created attachment 1418898 [details]
Script updated to work on RHEL5

I am uploading updated bootstrap5.py which works with RHEL5 systems, not tested on RHEL6/7.

Comment 8 Stephen Wadeley 2019-02-06 09:28:28 UTC
Hello

Fixed In Version says katello-client-bootstrap-1.7.0

I have a Satellite with:

[root@sat6-5-rhel7-6 ~]# rpm -q katello-client-bootstrap
katello-client-bootstrap-1.7.0-1.el7sat.noarch

I have a test client host:
[root@rhel5 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.11 (Tikanga)


I ran the bootstrap.py and the host is now registered:

[root@sat6-5-rhel7-6 ~]# hammer host list
---|----------------------------|------------------|------------|------||---------|---------------------------|----------------------
ID | NAME                       | OPERATING SYSTEM | HOST GROUP | IP   || GLOBAL STATUS | CONTENT VIEW        | LIFECYCLE ENVIRONMENT
---|----------------------------|------------------|------------|------||---------|---------------------------|----------------------
2  | rhel5.example.com          | RedHat 5.11      | TestHG     | 0.31 || Warning | Default Organization View | Library              
1  | sat6-5-rhel7-6.example.com | RedHat 7.6       |            | 0.18 || Warning |                           |                      
---|----------------------------|------------------|------------|------||---------|---------------------------|----------------------

But I got an error and an AVC denial:

[SUCCESS], [2019-02-06 09:19:38], [/usr/bin/yum -y install katello-agent], completed successfully.
[RUNNING], [2019-02-06 09:19:38], [/sbin/chkconfig goferd on]
error reading information on service goferd: No such file or directory
[ERROR], [2019-02-06 09:19:38], EXITING: [/sbin/chkconfig goferd on] failed to execute properly.


[root@rhel5 ~]# service goferd status
goferd: unrecognized service


About the AVC denial

Summary:

SELinux is preventing restorecon (restorecon_t) "read write" to socket
(unconfined_t).


From  /var/log/messages:

Feb  5 16:37:55 localhost setroubleshoot: SELinux is preventing iptables (iptables_t) "read write" to socket (firstboot_t). For complete SELinux messages. run sealert -l e57
68da2-7f86-4a59-948f-065eaf7c0e17


I will attach the sealert info

Thank you

Comment 10 Stephen Wadeley 2019-02-06 10:03:32 UTC
Hello Evgeni

The issue in comment 0 does not occur, so it is possible to use the script on a RHEL5 host, but the please comment on the problems in comment 8. Do we need new bugs for those?

Thank you

Comment 11 Evgeni Golov 2019-02-13 14:34:23 UTC
(In reply to Stephen Wadeley from comment #10)
> Hello Evgeni
> 
> The issue in comment 0 does not occur, so it is possible to use the script
> on a RHEL5 host, but the please comment on the problems in comment 8. Do we
> need new bugs for those?
> 
> Thank you

I have no idea where this AVC is comming from, we don't touch iptables from bootstrap.

As for the goferd service issue, this seems new and might be even not bootstrap generated either. Please open a BZ, flag it for bootstrap and I'll investigate.

Comment 12 Stephen Wadeley 2019-02-15 15:32:34 UTC
(In reply to Evgeni Golov from comment #11)
> (In reply to Stephen Wadeley from comment #10)
> > Hello Evgeni
> > 
> > The issue in comment 0 does not occur, so it is possible to use the script
> > on a RHEL5 host, but the please comment on the problems in comment 8. Do we
> > need new bugs for those?
> > 
> > Thank you
> 
> I have no idea where this AVC is comming from, we don't touch iptables from
> bootstrap.
> 
> As for the goferd service issue, this seems new and might be even not
> bootstrap generated either.

that could be my test environment, will added RHEL5 repos and test again.

 Please open a BZ, flag it for bootstrap and I'll
> investigate.

Bug 1677694 - bootstrap.py on RHEL5 gives SELinux alerts 

Thank you

Comment 13 Stephen Wadeley 2019-02-15 16:29:59 UTC
Testing on a clean RHEL5 VM with RHEL5 tools and RHEL5 server repos synced


[root@localhost ~]# date && ./bootstrap.py -s sat6-5-rhel7-6.example.com -l admin -p RedHat1! -L "Default Location" -o "Default Organization" -g RHEL5-HG -a test_ak_rhel5 --force  --skip puppet
<snip>
--> Finished Dependency Resolution
python-gofer-2.11.7-1.el5.noarch from rhel-5-server-aus-satellite-tools-6.4-rpms has depsolving problems
  --> Missing Dependency: python-ctypes is needed by package python-gofer-2.11.7-1.el5.noarch (rhel-5-server-aus-satellite-tools-6.4-rpms)
Error: Missing Dependency: python-ctypes is needed by package python-gofer-2.11.7-1.el5.noarch (rhel-5-server-aus-satellite-tools-6.4-rpms)
 You could try using --skip-broken to work around the problem
 You could try running: package-cleanup --problems
                        package-cleanup --dupes
                        rpm -Va --nofiles --nodigest
The program package-cleanup is found in the yum-utils package.
[ERROR], [2019-02-15 17:12:18], EXITING: [/usr/bin/yum -y install katello-agent] failed to execute properly.



[root@localhost ~]# date && ./bootstrap.py -s sat6-5-rhel7-6.example.com -l admin -p RedHat1! -L "Default Location" -o "Default Organization" -g RHEL5-HG -a test_ak_rhel5 --force --skip katello-agent 
<snip>
[SUCCESS], [2019-02-15 17:20:12], [/usr/bin/yum -y remove rhn-setup rhn-client-tools yum-rhn-plugin rhnsd rhn-check rhnlib spacewalk-abrt spacewalk-oscap osad 'rh-*-rhui-client' 'candlepin-cert-consumer-*'], completed successfully.
[root@localhost ~]#

[root@localhost ~]# subscription-manager repos --list
+----------------------------------------------------------+
    Available Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
Repo ID:   rhel-5-server-aus-rpms
Repo Name: Red Hat Enterprise Linux 5 Server - AUS (RPMs)
Repo URL:  https://sat6-5-rhel7-6.example.com/pulp/repos/Default_Organization/Library/content/aus/rhel/server/5/$releasever/$basearch/os
Enabled:   0

Repo ID:   rhel-5-server-aus-satellite-tools-6.4-rpms
Repo Name: Red Hat Satellite Tools 6.4 (for RHEL 5 Server - AUS) (RPMs)
Repo URL:  https://sat6-5-rhel7-6.example.com/pulp/repos/Default_Organization/Library/content/aus/rhel/server/5/$releasever/$basearch/sat-tools/6.4/os
Enabled:   1

[root@localhost ~]#

[root@localhost ~]# subscription-manager repos --enable rhel-5-server-aus-rpms
Repo 'rhel-5-server-aus-rpms' is enabled for this system.


[root@localhost ~]# date && ./bootstrap.py -s sat6-5-rhel7-6.example.com -l admin -p RedHat1! -L "Default Location" -o "Default Organization" -g RHEL5-HG -a test_ak_rhel5 --force  --skip puppet
Fri Feb 15 17:21:47 CET 2019
<snip>
--> Finished Dependency Resolution
python-gofer-2.11.7-1.el5.noarch from rhel-5-server-aus-satellite-tools-6.4-rpms has depsolving problems
  --> Missing Dependency: python-ctypes is needed by package python-gofer-2.11.7-1.el5.noarch (rhel-5-server-aus-satellite-tools-6.4-rpms)
Error: Missing Dependency: python-ctypes is needed by package python-gofer-2.11.7-1.el5.noarch (rhel-5-server-aus-satellite-tools-6.4-rpms)
 You could try using --skip-broken to work around the problem
 You could try running: package-cleanup --problems
                        package-cleanup --dupes
                        rpm -Va --nofiles --nodigest
The program package-cleanup is found in the yum-utils package.
[ERROR], [2019-02-15 17:22:28], EXITING: [/usr/bin/yum -y install katello-agent] failed to execute properly.


I think the goferd error was my misconfiguration, sorry.


root@sat6-5-rhel7-6 ~]# hammer host list
---|----------------------------|------------------|------------|------|-|---------------|---------------------------|----------------------
ID | NAME                       | OPERATING SYSTEM | HOST GROUP | IP   | | GLOBAL STATUS | CONTENT VIEW              | LIFECYCLE ENVIRONMENT
---|----------------------------|------------------|------------|------|-|---------------|---------------------------|----------------------
14 | rhel5.example.com          | RHEL Server 5.11 | RHEL5-HG   |00.31 | | Warning       | Default Organization View | Library     



As you can use the bootstrap script on RHEL5 to get a host registered with Sat6.5 I will set this to VERIFIED now.

Thank you

Comment 16 errata-xmlrpc 2019-05-14 12:37:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222


Note You need to log in before you can comment on or make changes to this bug.