[RHELC-1434] Use public CDN instead of paywalled CDN and FTP #1123
Conversation
bocekm
added
the
tests/tier0
bocekm
force-pushed
the
use-public-cdn-instead-of-ftp
branch
from
370bfa5 to
eb95f7d
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1123 +/- ##
==========================================
- Coverage 95.74% 95.52% -0.22%
==========================================
Files 55 54 -1
Lines 4752 4720 -32
Branches 834 832 -2
==========================================
- Hits 4550 4509 -41
- Misses 116 127 +11
+ Partials 86 84 -2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
r0x0d
force-pushed
the
use-public-cdn-instead-of-ftp
branch
from
eb95f7d to
429ff7b
Compare
bocekm
force-pushed
the
use-public-cdn-instead-of-ftp
branch
from
429ff7b to
fb4bc8f
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
I've updated the PR to download the official convert2rhel repofile instead of generating it. I'll be adding unit tests later on. |
bocekm
force-pushed
the
use-public-cdn-instead-of-ftp
branch
2 times, most recently
from
846ce59 to
e00f418
Compare
bocekm
force-pushed
the
use-public-cdn-instead-of-ftp
branch
4 times, most recently
from
3f783af to
115278f
Compare
|
The PR is ready for review and will be ready for testing after #1164 is merged (it introduces |
|
/packit test --labels tier0 |
bocekm
force-pushed
the
use-public-cdn-instead-of-ftp
branch
3 times, most recently
from
fe9f4ff to
9faaaf0
Compare
| # Note: This is safe because we're creating in utils.TMP_DIR which is hardcoded to | ||
| # /var/lib/convert2rhel which does not have any world-writable directory components. | ||
| files.mkdir_p(repo_dir) | ||
|
|
||
| try: | ||
| raw_output_convert2rhel_versions, return_code = utils.run_subprocess(cmd, print_output=False) | ||
| finally: | ||
| shutil.rmtree(repo_dir) |
There was a problem hiding this comment.
FYI for reviewers: No need to create and then remove a temporary directory here - its creation is handled by repo.write_temporary_repofile() and its deletion by utils.remove_tmp_dir().
| if system_info.version.major not in C2R_REPOFILE_URLS: | ||
| self.add_message( | ||
| level="WARNING", | ||
| id="CONVERT2RHEL_LATEST_CHECK_UNEXPECTED_SYS_VERSION", | ||
| title="Did not perform convert2rhel latest version check", | ||
| description="Checking whether the installed convert2rhel package is of the latest available version was" | ||
| " skipped due to an unexpected system version", | ||
| diagnosis="Expected system versions: %s. Detected major version: %s" | ||
| % (", ".join(str(x) for x in C2R_REPOFILE_URLS), system_info.version.major), | ||
| ) | ||
| return None |
There was a problem hiding this comment.
FYI for reviewers: This is likely too much of a defensive programming. I can't foresee a scenario in which a customer would hit this. If anyone thinks this should better be removed, I can certainly do that.
There was a problem hiding this comment.
I think, we halt the execution way before reaching any of this in case of the user having a system version that does not correspond to this, right?
I don't mind having this defensive code, so I would leave it here
There was a problem hiding this comment.
Yes, if the system major version is anything other than 7 or 8, convert2rhel stops almost immediately for not having a distro config available.
When we start testing and shipping convert2rhel for RHEL 9, we will need to add a repofile to the C2R_REPOFILE_URLS mapping https://github.com/oamg/convert2rhel/pull/1123/files#diff-7e310f649f5ad232ee8a3ce27055e178d7303046cf546ef0dc6f4ea208db8589R32. So this report message will likely appear during development and will prompt us to add the RHEL 9 URL.
I'm going to keep the code then.
| @pytest.fixture(scope="function") | ||
| def convert2rhel_repo(shell): | ||
| assert shell("rpm -qi subscription-manager").returncode == 0 | ||
| # The following repository requires the redhat-uep.pem certificate. | ||
| # convert2rhel will try accessing the repo and during the test we run the convert2rhel twice | ||
| # making sure that the rollback of the first run correctly reinstalled the certificate | ||
| # when installing subscription-manager-rhsm-certificates. | ||
| c2r_repo = "/etc/yum.repos.d/convert2rhel.repo" | ||
|
|
||
| assert ( | ||
| shell( | ||
| f"curl -o {c2r_repo} https://cdn-public.redhat.com/content/public/repofiles/convert2rhel-for-rhel-8-x86_64.repo" | ||
| ).returncode | ||
| == 0 | ||
| ) | ||
| assert os.path.exists(c2r_repo) is True | ||
|
|
||
| yield | ||
|
|
||
| assert shell(f"rm -f {c2r_repo}") | ||
| assert os.path.exists(c2r_repo) is False |
There was a problem hiding this comment.
FYI for reviewers: This fixture was needed just for one of the cases tested by the below test_sub_man_rollback test. This case is no longer relevant because the convert2rhel repository no longer requires the /etc/rhsm/ca/redhat-uep.pem certificate to be in place.
bocekm
force-pushed
the
use-public-cdn-instead-of-ftp
branch
2 times, most recently
from
487763d to
1284e29
Compare
|
I'm working on the codecov failure/finding. |
bocekm
force-pushed
the
use-public-cdn-instead-of-ftp
branch
from
1284e29 to
85e86d9
Compare
|
/packit test --labels tier0 |
r0x0d
force-pushed
the
use-public-cdn-instead-of-ftp
branch
from
85e86d9 to
b4bb914
Compare
|
/packit test --labels tier0 |
| "--disablerepo=*", | ||
| "--enablerepo=convert2rhel", |
There was a problem hiding this comment.
FYI for reviewers: The temp directory used for the convert2rhel repofile is created only for the
repofile and nothing else. Because we tell repoquery to look only at that
directory we don't need to specify a repoid to use - repoquery will simply use
the repoid in the downloaded repofile.
|
/packit test --labels tier0 |
| id_="CREATE_TMP_DIR_FOR_REPOFILES_FAILED", | ||
| title="Failed to create a temporary directory", | ||
| description="Failed to create a temporary directory for storing a repository file under %s.\n" | ||
| "Reason: %s" % (TMP_DIR, str(err)), |
There was a problem hiding this comment.
| "Reason: %s" % (TMP_DIR, str(err)), | |
| diagnosis="Reason: %s" % (TMP_DIR, str(err)), |
Shouldn't this be diagnosis? (and for the exception above too)
There was a problem hiding this comment.
Good point. I've read the notification too late. It's merged now but you can raise that under https://issues.redhat.com/browse/RHELC-1598.
The convert2rhel repos moved from https://cdn.redhat.com/ to https://cdn-public.redhat.com/. The convert2rhel repofiles moved from https://ftp.redhat.com/ to https://cdn-public.redhat.com/. The https://cdn-public.redhat.com/ does not use a self-signed SSL cert as the https://cdn.redhat.com/ does. So we can drop handling the redhat-uep.pem certificate.
It's safer to use the official convert2rhel repofile that is to be used by customers instead of generating it as that way any changes done it don't need further convert2rhel code updates.
Co-authored-by: Preston Watson <prwatson@redhat.com>
The temp directory used for the convert2rhel repofile is created only for the repofile and nothing else. Because we tell repoquery to look only at that directory we don't need to specify a repoid to use - repoquery will simply use the repoid in the downloaded repofile.
To better fit what the real meaning of the messages and the purpose of a method. More specifically: - the write_temporary_repofile() function is not just for storing a convert2rhel repofil - the _get_convert2rhel_repofile_path() method does more than just getting a path; its main purpose is downloading a repofile
bocekm
force-pushed
the
use-public-cdn-instead-of-ftp
branch
from
00d0e4a to
886e206
Compare
|
/packit test --labels tier0 |
2 similar comments
|
/packit test --labels tier0 |
|
/packit test --labels tier0 |
The convert2rhel repos moved from https://cdn.redhat.com/ to https://cdn-public.redhat.com/.
The convert2rhel repofiles moved from https://ftp.redhat.com/ to https://cdn-public.redhat.com/.
The https://cdn-public.redhat.com/ does not use a self-signed SSL cert as the https://cdn.redhat.com/ does. So we can drop handling the
redhat-uep.pemcertificate.Jira Issues: RHELC-1434
Checklist
[RHELC-]is part of the PR titleRelease Pendingif relevantDepends on