stdevel / katprep Goto Github PK
View Code? Open in Web Editor NEWPython toolkit for automating system maintenance and generating patch reports along with Foreman/Katello and Red Hat Satellite 6.x
License: GNU General Public License v3.0
Python toolkit for automating system maintenance and generating patch reports along with Foreman/Katello and Red Hat Satellite 6.x
License: GNU General Public License v3.0
INFO:katprep_maintenance:No downtime for host 'pinkepank.giertz.loc' found, probably cleaned-up.
Traceback (most recent call last):
File "/home/cstan/.local/bin/katprep_maintenance", line 9, in <module>
load_entry_point('katprep==0.1', 'console_scripts', 'katprep_maintenance')()
File "/home/cstan/katprep/katprep/maintenance.py", line 726, in cli
main(options, args)
File "/home/cstan/katprep/katprep/maintenance.py", line 705, in main
options.func(options, options.func)
File "/home/cstan/katprep/katprep/maintenance.py", line 370, in verify
crit_services = MON_CLIENTS[get_host_param_from_report(REPORT, host, "katprep_mon")].get_services(mon_name)
File "/home/cstan/katprep/katprep/clients/NagiosCGIClient.py", line 427, in get_services
result = self.__api_get(url)
File "/home/cstan/katprep/katprep/clients/NagiosCGIClient.py", line 175, in __api_get
return self.__api_request("get", sub_url)
File "/home/cstan/katprep/katprep/clients/NagiosCGIClient.py", line 146, in __api_request
raise SessionException("Unable to authenticate")
katprep.clients.SessionException: Unable to authenticate
Currently, Travis CI is failing because of missing Python packages. A fix might be changing the Python 3.x version.
Currently, the first IP found is used when populating host information. If a virtual machine has multiple network interfaces or protocols (IPv4/6), this could be a problem:
$ katprep_populate -C giertz.auth -s pinkepank.test.loc --virt-uri vc.test.loc --virt-type pyvmomi --mon-url http://mon.test.loc/test/icinga --mon-type nagios -n -d
...
DEBUG:katprep_populate:HYPERVISOR: Found VM 'pinkepank.giertz.loc' with IP 'fe6a:251e:328:1000::2'
It would be great to have IPv4/6 filters or the possibility to match multiple IPs.
Currently, even packages requiring reboots won't initiate automatic reboots.
Currently, katprep_paremeters
does not support supplying empty inputs for major variables. It would be good if empty parameters would just be ignored (e.g. to not change pre-defined values)
Rebooting after maintenance doesn't work for all systems. The reason is that katprep_maintenance.py
triggers the soft power_action call using the Foreman API. This function only triggers ACPI if appropriate fencing drivers are installed. So, we need to find another solution here - e.g. triggering the reboot
command..
Currently, authentication containers contain login credentials in plain text - it would be great to have an encryption functionality. When loading an authentication container, a passphrase could be prompted in order to decrypt/load the data.
Currently, katprep_report.py
isn't able to render the templates using Pypandoc - so the workaround is to run the command-line..
Nothing is described about the requirements to make this run.
It would be nice to have the option to suppress the reboot after errata installation, even if the needs-reboot flag is set.
It would be pretty nice to have a RPM spec file.
Currently, the passwords needs to be verified if specified using parameters:
$ katprep_authconfig mycontainer.auth add -H giertz.stankowic.loc -u cstan -p pinkepank
Verify giertz.stankowic.loc Password:
Currently, patch reports don't evaluate data from the verification data of the first snapshot report. katprep_maintenance.py
already updates relevant information using the verify call.
Currently, only the first downtime can be scheduled in Icinga2
It would be great to have information served by virtualization hosts and monitoring systems consolidated into Foreman/Katello to automate setting correct host parameters.
When checking unregistered content hosts, katprep_snapshot
crashes:
INFO:katprep_snapshot:Checking system 'pinkepank.test.loc' (#123)...
...
TypeError: 'NoneType' object has no attribute '__getitem__'
Environment:
While using katprep_maintenance ... prepare the downtime for Nagios/Icinga 1.x hosts gets only activated for hosts, not for their services.
Having invalid hosts (e.g. virt-who
hosts or invalid content hosts) in the inventory when running katprep_snapshot
will make the tool crash:
$ katprep_snapshot -C pinkepank.auth -s giertz.shittyrobots.loc
...
ERROR:katprep_snapshot:Unable to get system information, check filter options!
INFO:katprep_snapshot:Report './errata-snapshot-report-giertz-20170617-1409.json' created.
It would be handy to have check_mk support for katprep! ๐
Currently, ForemanAPIClient
is only capable of accessing the Foreman API. When using Foreman and Katello, some calls are separated in the /katello
directory (/katello/api/v2
instead of /api/v2
).
When adding/changing entries with katprep_authconfig.py
, a password is only prompted once. The default for the most password utilities is to also prompt a verification.
Maybe it would be a good idea to backport the Uyuni and SUSE Manager support?
For this, the following things would need to be done:
maintenance.py
, parameters.py
, populate.py
and snapshot.py
with more generic functions (e.g. get hosts, get packages,...) and add optional server type (Uyuni) in order to make katprep more modularForemanAPIClient.py
with nailgun
(see also issue #134)UyuniAPIClient.py
It's a moderate code change but would also enable using two popular utilities. satprep (which was designed for these tools) is really outdated and updating it might take more effort..
UnsupportedFilterException
SpacewalkAPIClient.py
would need a function which combines multiple calls in a JSON result (combining errata information as well as custom variables, etc.) in order to enable reportsIt would be nice to have the option to exclude specific hosts from errata installation via part of the hostname.
It would be very handy to have manpages for users without browsers
To be more "state of the art", it would be great to migrate the tests to pytest. This would also enable test fixtures and markers.
In some classes USERNAME and PASSWORD variables are declared class-wide resulting in been able to be accessed wherever instanced - pretty bad.
Currently, there is only a HTML and Markdown template - but most companies might want to have fancy PDF reports.
Currently, there are no unit tests resulting in manual tests. Unit tests are essential for continuous integration.
On the other hand, especially katprep_maintenance
is kinda fragile sometimes. Having unit tests might help improving it.
katprep_maintenance
triggers API calls to queue Foreman tasks. I would be nice to also see the progress (e.g. using the verify
command).
Currently, only Nagios/Icinga 1.x is supported.
For some scripts of the katprep framework plenty of parameters can be specified - it would be great to have a hidden configuration file that automatically pre-fills these parameters.
Currently, client classes won't log - even if debug mode is specified.
katrep_snapshot fails for physical hosts because the used fact virt:is_guest isn't available anymore.
Some of the information in reports are incorrect, such as:
It would be handy to have shorter class names - to shorten lines like this:
from katprep.client.BasicIcinga2APIClient import BasicIcinga2APIClient
to this:
from katprep.client.icinga2 import Icinga2Client
Currently, the filters in katprep_maintenance
exist, but they are not used.
Currently, even if no master password is set, the password prompt needs to be entered. It would be cool to have a script-mode for non-interactive maintenance.
Some report flags are currently incorrect:
Currently, the online documentation is outdated. It would be great to hand-over this to Travis CI to always have the latest version online.
Beginning with Foreman 1.14.3, non-errata package updates can be triggered/installed using the UI - would be handy if katprep_maintenance
could do the same.
On some newer Python requests versions, the script is failing:
File "/usr/lib64/nagios/plugins/ForemanAPIClient.py", line 339, in get_id_by_name
self.api_get("/{}s".format(api_object)) File "/usr/lib64/nagios/plugins/ForemanAPIClient.py", line 182, in
api_get return self.__api_request("get", sub_url, "", hits, page) File "/usr/lib64/nagios/plugin
/ForemanAPIClient.py", line 150, in __api_request headers=self.HEADERS File "/usr/lib/python2.7/site
packages/requests/sessions.py", line 476, in get return self.request('GET', url, **kwargs) File "/usr/li
/python2.7/site-packages/requests/sessions.py", line 464, in request resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send r = adapter.send(request,
**kwargs) File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 431, in send raise SSLError(e,
request=request) requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:579)
It seems like newer module versions enforce SSL checking which has not been the default, yet. The affected library is ForemanAPIClient
.
It would be handy, if generic filters would include hostgroups. Currently, they only support Puppet environments, locations and organizations.
This requires adding a sub-call which checks hostgroup memberships per host.
Currently, the master password needs to be entered multiple times if an authentication container is used:
$ katprep_maintenance -C pinkepank.auth -s ewa.test.loc --insecure -n errata-snapshot*.json prepare
INFO:katprep_maintenance:This is just a SIMULATION - no changes will be made.
File password ('Foreman'@'ewa.test.loc'):
File password ('Virtualization vc.test.loc'@'vc.test.loc'):
...
Would be great to have caching.
katprep_maintenance
currently has an exclude filter, it would be great also have an include filter.
After sending the API call to Foreman to install errata for a host, the host, if it's a VM, gets directly rebooted if the needs-reboot flag or the reboot option is set and than the installation fails.
It should be checked if the installation task was successful prior to rebooting the host.
Checking the Satellite/Foreman system might fail if the system is not managed by itself:
$ katprep_snapshot -C pinkepank.auth -s shittyrobot.giertz.loc
INFO:katprep_snapshot:Checking system 'shittyrobot.giertz.loc' (#1)...
ERROR:katprep_snapshot:Unable to get system information, check filter options!
It would be great to auto-ignore the Satellite/Foreman system. For integrating the system an additional parameter such as --include-satellite
could be implemented.
It would be great to have the ability to execute scripts before/after system maintenance (e.g. to remount /usr
in read-write mode)
It would be great if all classes throw adequate exceptions (e.g. LoginError in ForemanAPIClient, etc.).
It would be great if katprep_maintenance.py
could revert system maintenance - e.g. revert VM snapshot or uninstalling errata.
Currently, Sphinx automatically documents classes and other code. It is also necessary to have additional documentation about the framework including:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.