Red Hat Errata Tool的Python API
项目描述
现代Python API,用于Red Hat的Errata Tool。
python-errata-tool是一个Python库,它封装了Errata Tool的REST API。它使用requests_gssapi进行身份验证,并将JSON响应解析为Erratum对象。您可以使用它来创建新的安全通告,或读取和更新现有的安全通告。ErratumConnector类还提供了对Errata Tool的所有REST API的底层访问。
示例
from errata_tool import Erratum
e = Erratum(errata_id=1234)
print(e.errata_state)
# prints "NEW_FILES"
print(e.url())
# prints "https://errata.devel.redhat.com/advisory/1234"创建新的错误修复通告
e = Erratum(product='RHCEPH',
release='rhceph-2.1',
#errata_type='RHBA' # Default; may be omitted
synopsis='Red Hat Ceph Storage 2.1 bug fix update',
topic='An update for Red Hat Ceph 2.1 is now available.',
description='This update contains the following fixes ...',
solution='Before applying this update...',
qe_email='someone@redhat.com',
qe_group='RHC (Ceph) QE',
owner_email='kdreyer@redhat.com',
manager_email='ohno@redhat.com',
)
e.commit()
print(e.url())创建新的增强(功能)通告
e = Erratum(product='RHCEPH',
release='rhceph-2.1',
errata_type='RHEA', # Set to RHEA for RHEA
synopsis='Red Hat Ceph Storage 2.1 enhancement update',
topic='An update for Red Hat Ceph 2.1 is now available.',
description='This update contains the following features ...',
solution='Before applying this update...',
qe_email='someone@redhat.com',
qe_group='RHC (Ceph) QE',
owner_email='kdreyer@redhat.com',
manager_email='ohno@redhat.com',
)
e.commit()
print(e.url())创建新的安全通告。请注意,RHSA(安全)通告被赋予四种影响之一(低、中等、重要和关键)。有关更多信息,请参阅此链接:https://access.redhat.com/security/updates/classification
e = Erratum(product='RHCEPH',
release='rhceph-2.1',
errata_type='RHSA', # Set to RHSA for RHSA
security_impact='Moderate', # Required for RHSA
synopsis='Red Hat Ceph Storage 2.1 security update',
topic='An update for Red Hat Ceph 2.1 is now available.',
description='This update contains the following fixes ...',
solution='Before applying this update...',
qe_email='someone@redhat.com',
qe_group='RHC (Ceph) QE',
owner_email='kdreyer@redhat.com',
manager_email='ohno@redhat.com',
)
e.commit()
print(e.url())errata-tool命令行界面
errata-tool CLI是类的一个薄包装。您可以使用它从Errata Tool查询信息或创建新的发布(releng)
errata-tool -h
usage: errata-tool [-h] [--stage] [--dry-run] {advisory,product,release} ...
positional arguments:
{advisory,product,release}
advisory Get or create an advisory
product Get a product
release Get or create a release (RCM)
optional arguments:
--stage use staging ET instance
--dry-run show what would happen, but don't do it
errata-tool命令行界面示例
等待并条件性地推送一个通告
作为发布工程师,通常会检查安全通告的状态,以确定其是否可以推送。为了避免人工轮询状态并自动化安全通告的推送,在errata-tool advisory push选项下提供了两个选项
errata-tool advisory push --help
usage: errata-tool advisory push [-h] [--target {stage,live}]
[--wait-for-state {SHIPPED_LIVE,PUSH_READY}] [--push-when-ready]
[--verbose] errata_id
positional arguments:
errata_id advisory id, "12345"
optional arguments:
-h, --help show this help message and exit
--target {stage,live}
stage (default) or live
--wait-for-state {SHIPPED_LIVE,PUSH_READY}
state : PUSH_READY or SHIPPED_LIVE
--push-when-ready Push if the advisory enters state PUSH_READY
--verbose print current state of the advisory
--wait-for-state选项定期轮询安全通告进入两个期望状态之一 - PUSH_READY或SHIPPED_LIVE
当安全通告达到该状态时,轮询停止,脚本以成功的退出代码$? eq 0退出。
注意:脚本将无限期等待达到该状态或被用户中断。取消了对等待时间的限制以保持使用简单,并且因为没有具有说服力的用例。
使用--push-when-ready选项,如果建议处于PUSH_READY状态,则会推送该建议。可以使用--push-when-ready选项与--wait-for-state选项结合使用,以反复轮询建议,直到其达到PUSH_READY状态后再推送。以下是一些用例
用例1:如果建议处于PUSH_READY状态,则推送建议
errata-tool --stage advisory push --target live --push-when-ready 12345用例2:等待建议进入PUSH_READY状态并推送建议
errata-tool --stage advisory push --target live --push-when-ready \
--wait-for-state PUSH_READY 12345- 用例3:等待建议进入SHIPPED_LIVE状态,如果等待期间进入PUSH_READY状态,则推送建议
。
errata-tool --stage advisory push --target live --push-when-ready \
--wait-for-state SHIPPED_LIVE 12345- 用例4:在推送依赖于独立建议的建议之前,推送独立建议
。
# Ship advisory 12346 after shipping 12345
errata-tool --stage advisory push --target live --push-when-ready \
--wait-for-state SHIPPED_LIVE 12345 && \
errata-tool --stage advisory push --target live --push-when-ready \
--wait-for-state PUSH_READY 12346更多Python示例
获取补丁名称
e = Erratum(errata_id=22986)
print(e.errata_name)
# prints "RH*A-YYYY:NNNNN", for example "RHBA-2018:12345"添加错误
e = Erratum(errata_id=22986)
e.addBugs([12345, 123678])
e.commit()
# You can read the current list of bugs with the "e.errata_bugs" property.删除错误
e = Erratum(errata_id=22986)
e.removeBugs([12345, 123678])
# You can simply call "commit()" without checking the return code, or check
# it and use refresh() to refresh our local instance data for the errata
# advisory.
need_refresh = e.commit()
if need_refresh:
print('refreshing')
e.refresh()检查建议是否受限制
e = Erratum(errata_id=22986)
if e.embargoed:
# it's embargoed
else:
# it's not embargoed检查建议是否仅文本
e = Erratum(errata_id=24075)
if e.text_only:
# it's text-only
# If it's an RHSA, you may want to get/set e.text_only_cpe here.
else:
# it's not text-only添加构建
e = Erratum(errata_id=24075)
# The "release" kwarg is the Errata Tools's "product version" in
# composedb, for example "RHEL-7-CEPH-2".
e.addBuilds(['ceph-10.2.3-17.el7cp'], release='RHEL-7-CEPH-2')添加容器构建
e = Erratum(errata_id=34279)
# For non-RPM Brew builds, you must specify the file_types kwarg.
# For container builds, this is "tar".
e.addBuilds('rhceph-rhel7-container-3-9',
release='RHEL-7-CEPH-3',
file_types={'rhceph-rhel7-container-3-9': ['tar']})更改状态
e = Erratum(errata_id=24075)
e.setState('QE')
e.commit()更改文档审阅者
e = Erratum(errata_id=24075)
e.changeDocsReviewer('kdreyer@redhat.com')将某人添加到CC列表
e = Erratum(errata_id=24075)
e.addCC('kdreyer@redhat.com')更改建议类型
e = Erratum(errata_id=33840)
e.update(errata_type='RHBA')
e.commit()重新加载所有缺少产品列表的特定构建
e = Erratum(errata_id=24075)
if e.missing_product_listings: # a (possibly-empty) list of build NVRs
result = e.reloadBuilds(no_rpm_listing_only=True)
# result is a dict for this job tracker确定建议是否有RPM或容器
e = Erratum(errata_id=24075)
content_types = e.content_types
# result is a list, like ["rpm"], or ["docker"]获取建议的活跃RPMDiff结果
e = Erratum(errata_id=24075)
bad = []
for result in e.externalTests(test_type='rpmdiff'):
if result['attributes']['status'] not in ('PASSED', 'WAIVED'):
# See result['attributes']['external_id'] for the integer to pass
# into RPMDiff's run API.
bad.append(result)为容器建议设置CDN仓库(仅适用于包含Docker镜像的建议)
e = Erratum(errata_id=24075)
assert 'docker' in e.content_types
e.metadataCdnRepos(enable=['rhel-7-server-rhceph-3-mon-rpms__x86_64'])同样,但用于仅文本的建议
e = Erratum(errata_id=24075)
assert e.text_only
e.textOnlyRepos(enable=['rhel-7-server-rhceph-3-mon-rpms__x86_64'])与产品协同工作
errata_tool.product.Product类可以查找现有产品。
查找产品
from errata_tool.product import Product
p = Product('RHCEPH')
print(p.id) # 104
print(p.name) # "RHCEPH"
print(p.description) # "Red Hat Ceph Storage"与版本协同工作
errata_tool.release.Release类可以查找现有版本或创建新的版本条目。
查找版本
from errata_tool.release import Release
r = Release(name='rhceph-2.4')
print(r.id) # 792
print(r.name) # "rhceph-2.4"
print(r.description) # "Red Hat Ceph Storage 2.4"
print(r.type) # "QuarterlyUpdate"
print(r.is_active) # True
print(r.enabled) # True
print(r.blocker_flags) # ['ceph-2.y', 'pm_ack', 'devel_ack', 'qa_ack']
print(r.edit_url) # https://errata.devel.redhat.com/release/edit/792查找版本的所有“NEW_FILES”建议
from errata_tool.release import Release
rel = Release(name='rhceph-3.0')
advisories = rel.advisories()
new_files = [a for a in advisories if a['status'] == 'NEW_FILES']
print(new_files) # prints the list of advisories' data创建新版本(这需要Errata Tool中的“releng”角色)
from errata_tool.release import Release
r = Release.create(
name='rhceph-3.0',
product='RHCEPH',
product_versions=['RHEL-7-CEPH-3'],
type='QuarterlyUpdate',
program_manager='anharris',
blocker_flags='ceph-3.0',
default_brew_tag='ceph-3.0-rhel-7-candidate',
)
print('created new rhceph-3.0 release')
print('visit %s to edit further' % r.edit_url)使用测试服务器
要使用测试Errata Tool环境而不影响生产,请将ErrataConnector._url成员变量设置为测试URL。
from errata_tool import ErrataConnector, Erratum
ErrataConnector._url = 'https://errata.stage.engineering.redhat.com/'
# Now try something like creating an advisory, and it will not show up in
# prod, or bother people with emails, etc.
e = Erratum(product='RHCEPH',
release='rhceph-2.1',
synopsis='Red Hat Ceph Storage 2.1 bug fix update',
...
)
e.commit()调试许多Errata Tool API调用
也许您的应用程序会进行许多API调用(许多建议、构建等),当从高级工具处理大量补丁时,了解时间花费在哪里,以查看是否可以避免多个调用是有帮助的。
设置ErrataConnector.debug = True,然后您的连接器对象将记录它所进行的每个调用的信息。每个GET/PUT/POST都会记录,包括总数/平均值/最小值/最大值。
基于其名称对URL API进行去重,因此同一API上不同错误记录的两次调用被视为单个API。
为了提取信息并打印它,可以使用PrettyTable
e = Erratum(errata_id=24075)
pt = PrettyTable()
for c in ErrataConnector.timings:
for u in ErrataConnector.timings[c]:
pt.add_row([c, u,
ErrataConnector.timings[c][u]['count'],
ErrataConnector.timings[c][u]['total'],
ErrataConnector.timings[c][u]['mean'],
ErrataConnector.timings[c][u]['min'],
ErrataConnector.timings[c][u]['max']])
print(pt.get_string())SSL错误
此库默认情况下会验证ET服务器的HTTPS证书。这更多的是一个python-requests的问题,但如果您收到SSL验证错误,可能是因为您没有为Python环境设置Red Hat IT CA。特别是如果您在virtualenv中运行它,您将需要设置以下配置变量
REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/source/anchors/RH-IT-Root-CA.crt
其中“RH-IT-Root-CA.crt”是签发ET服务器HTTPS证书的公共证书。
当使用RHEL 7的python-requests RPM时,requests简单地检查/etc/pki/tls/certs/ca-bundle.crt,因此您需要将IT CA证书添加到那个大包文件中。
如果您已将Red Hat IT CA添加到系统范围的包中,则您的Python代码可以始终使用该文件
if 'REQUESTS_CA_BUNDLE' not in os.environ:
os.environ['REQUESTS_CA_BUNDLE'] = '/etc/pki/tls/certs/ca-bundle.crt'这将使请求在虚拟环境内外表现一致。换句话说,使用此代码,您的程序将始终验证红帽IT CA。
构建RPM
安装fedpkg,然后使用Makefile
$ make srpm
然后您可以上传SRPM到Copr。或者,要在本地计算机上使用mock构建RPM,
$ make rpm
变更日志
查看变更日志。
关闭
errata-tool-1.32.0.tar.gz的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | 73f8289b11a3f1f7347fd2bfe836fe8da37a7a0f4d0194a2ca3d3bef7ce743a4 |
|
| MD5 | 27cfbfdc495ee3797e70d3f2f14f736e |
|
| BLAKE2b-256 | dede28fb2c62c07c05bf6ef88b704bd11f469ad95829b561fa22f04acc0301a7 |