Currently, Travis CI is failing because of missing Python packages. A fix might be changing the Python 3.x version.

Currently, the first IP found is used when populating host information. If a virtual machine has multiple network interfaces or protocols (IPv4/6), this could be a problem:

$ katprep_populate -C giertz.auth -s pinkepank.test.loc --virt-uri vc.test.loc --virt-type pyvmomi --mon-url http://mon.test.loc/test/icinga --mon-type nagios -n -d
...
DEBUG:katprep_populate:HYPERVISOR: Found VM 'pinkepank.giertz.loc' with IP 'fe6a:251e:328:1000::2'

It would be great to have IPv4/6 filters or the possibility to match multiple IPs.

Currently, even packages requiring reboots won't initiate automatic reboots.

Currently, katprep_paremeters does not support supplying empty inputs for major variables. It would be good if empty parameters would just be ignored (e.g. to not change pre-defined values)

Rebooting after maintenance doesn't work for all systems. The reason is that katprep_maintenance.py triggers the soft power_action call using the Foreman API. This function only triggers ACPI if appropriate fencing drivers are installed. So, we need to find another solution here - e.g. triggering the reboot command..

Currently, authentication containers contain login credentials in plain text - it would be great to have an encryption functionality. When loading an authentication container, a passphrase could be prompted in order to decrypt/load the data.

Currently, katprep_report.py isn't able to render the templates using Pypandoc - so the workaround is to run the command-line..

Nothing is described about the requirements to make this run.

It would be nice to have the option to suppress the reboot after errata installation, even if the needs-reboot flag is set.

It would be pretty nice to have a RPM spec file.

Currently, the passwords needs to be verified if specified using parameters:

$ katprep_authconfig mycontainer.auth add -H giertz.stankowic.loc -u cstan -p pinkepank
Verify giertz.stankowic.loc Password:

Currently, patch reports don't evaluate data from the verification data of the first snapshot report. katprep_maintenance.py already updates relevant information using the verify call.

Currently, only the first downtime can be scheduled in Icinga2

It would be great to have information served by virtualization hosts and monitoring systems consolidated into Foreman/Katello to automate setting correct host parameters.

When checking unregistered content hosts, katprep_snapshot crashes:

INFO:katprep_snapshot:Checking system 'pinkepank.test.loc' (#123)...
...
TypeError: 'NoneType' object has no attribute '__getitem__'

Environment:

• Red Hat Enterprise Linux 7.4 (x86_64)
• Red Hat Satellite 6.2.14

While using katprep_maintenance ... prepare the downtime for Nagios/Icinga 1.x hosts gets only activated for hosts, not for their services.

Having invalid hosts (e.g. virt-who hosts or invalid content hosts) in the inventory when running katprep_snapshot will make the tool crash:

$ katprep_snapshot -C pinkepank.auth -s giertz.shittyrobots.loc
...
ERROR:katprep_snapshot:Unable to get system information, check filter options!
INFO:katprep_snapshot:Report './errata-snapshot-report-giertz-20170617-1409.json' created.

It would be handy to have check_mk support for katprep! 👍

Currently, ForemanAPIClient is only capable of accessing the Foreman API. When using Foreman and Katello, some calls are separated in the /katello directory (/katello/api/v2 instead of /api/v2).

When adding/changing entries with katprep_authconfig.py, a password is only prompted once. The default for the most password utilities is to also prompt a verification.

Maybe it would be a good idea to backport the Uyuni and SUSE Manager support?

For this, the following things would need to be done:

• replace API calls in maintenance.py, parameters.py, populate.py and snapshot.py with more generic functions (e.g. get hosts, get packages,...) and add optional server type (Uyuni) in order to make katprep more modular
• replace API calls in ForemanAPIClient.py with nailgun (see also issue #134)
• implement UyuniAPIClient.py
• implement unit tests and Uyuni vagrant boxes

It's a moderate code change but would also enable using two popular utilities. satprep (which was designed for these tools) is really outdated and updating it might take more effort..

Open questions

• How to deal with unsupported filtering options? (Spacewalk does not support locations and environments)
  • throw UnsupportedFilterException
• SpacewalkAPIClient.py would need a function which combines multiple calls in a JSON result (combining errata information as well as custom variables, etc.) in order to enable reports
• depends on issue #110

It would be nice to have the option to exclude specific hosts from errata installation via part of the hostname.

It would be very handy to have manpages for users without browsers

To be more "state of the art", it would be great to migrate the tests to pytest. This would also enable test fixtures and markers.

In some classes USERNAME and PASSWORD variables are declared class-wide resulting in been able to be accessed wherever instanced - pretty bad.

Currently, there is only a HTML and Markdown template - but most companies might want to have fancy PDF reports.

Currently, there are no unit tests resulting in manual tests. Unit tests are essential for continuous integration.
On the other hand, especially katprep_maintenance is kinda fragile sometimes. Having unit tests might help improving it.

• Foreman tests
• Nagios test s
• Icinga tests
• Icinga2 tests
• Pyvmomi tests
• Libvirt tests
• CI template

katprep_maintenance triggers API calls to queue Foreman tasks. I would be nice to also see the progress (e.g. using the verify command).

Currently, only Nagios/Icinga 1.x is supported.

For some scripts of the katprep framework plenty of parameters can be specified - it would be great to have a hidden configuration file that automatically pre-fills these parameters.

Currently, client classes won't log - even if debug mode is specified.

katrep_snapshot fails for physical hosts because the used fact virt:is_guest isn't available anymore.

Some of the information in reports are incorrect, such as:

• Physical system
• Reboot required
• Snapshot created
• Monitoring disabled/enabled

It would be handy to have shorter class names - to shorten lines like this:

from katprep.client.BasicIcinga2APIClient import BasicIcinga2APIClient

to this:

from katprep.client.icinga2 import Icinga2Client

Currently, the filters in katprep_maintenance exist, but they are not used.

Currently, even if no master password is set, the password prompt needs to be entered. It would be cool to have a script-mode for non-interactive maintenance.

Some report flags are currently incorrect:

• Icinga2 monitoring state flags are flooding the report
• Physical/VM flags
• reboot required flags

Currently, the online documentation is outdated. It would be great to hand-over this to Travis CI to always have the latest version online.

Beginning with Foreman 1.14.3, non-errata package updates can be triggered/installed using the UI - would be handy if katprep_maintenance could do the same.

On some newer Python requests versions, the script is failing:

 File "/usr/lib64/nagios/plugins/ForemanAPIClient.py", line 339, in get_id_by_name
self.api_get("/{}s".format(api_object)) File "/usr/lib64/nagios/plugins/ForemanAPIClient.py", line 182, in
api_get return self.__api_request("get", sub_url, "", hits, page) File "/usr/lib64/nagios/plugin
/ForemanAPIClient.py", line 150, in __api_request headers=self.HEADERS File "/usr/lib/python2.7/site
packages/requests/sessions.py", line 476, in get return self.request('GET', url, **kwargs) File "/usr/li
/python2.7/site-packages/requests/sessions.py", line 464, in request resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send r = adapter.send(request,
**kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 431, in send raise SSLError(e,
request=request) requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:579)

It seems like newer module versions enforce SSL checking which has not been the default, yet. The affected library is ForemanAPIClient.

It would be handy, if generic filters would include hostgroups. Currently, they only support Puppet environments, locations and organizations.
This requires adding a sub-call which checks hostgroup memberships per host.

Currently, the master password needs to be entered multiple times if an authentication container is used:

$ katprep_maintenance -C pinkepank.auth -s ewa.test.loc --insecure -n errata-snapshot*.json prepare
INFO:katprep_maintenance:This is just a SIMULATION - no changes will be made.
File password ('Foreman'@'ewa.test.loc'): 
File password ('Virtualization vc.test.loc'@'vc.test.loc'): 
...

Would be great to have caching.

katprep_maintenance currently has an exclude filter, it would be great also have an include filter.

After sending the API call to Foreman to install errata for a host, the host, if it's a VM, gets directly rebooted if the needs-reboot flag or the reboot option is set and than the installation fails.

It should be checked if the installation task was successful prior to rebooting the host.

Checking the Satellite/Foreman system might fail if the system is not managed by itself:

$ katprep_snapshot -C pinkepank.auth -s shittyrobot.giertz.loc
INFO:katprep_snapshot:Checking system 'shittyrobot.giertz.loc' (#1)...
ERROR:katprep_snapshot:Unable to get system information, check filter options!

It would be great to auto-ignore the Satellite/Foreman system. For integrating the system an additional parameter such as --include-satellite could be implemented.

It would be great to have the ability to execute scripts before/after system maintenance (e.g. to remount /usr in read-write mode)

It would be great if all classes throw adequate exceptions (e.g. LoginError in ForemanAPIClient, etc.).

It would be great if katprep_maintenance.py could revert system maintenance - e.g. revert VM snapshot or uninstalling errata.

Currently, Sphinx automatically documents classes and other code. It is also necessary to have additional documentation about the framework including:

• Installation
• Authentication
• Tested setups
• Customizing
• Parameter overview
• Example implementations