Unfortunately Red Hat isn't marking Kernel errata to require reboots like CEFS does for CentOS. As a result reports are telling that no reboot needs to be executed - which is wrong.

Currently dedicated monitoring and virtualization host definitions (custominfos SYSTEM_VIRT_HOST, SYSTEM_VIRT_HOST_AUTH, SYSTEM_MONITORING_HOST, SYSTEM_MONITORING_HOST_AUTH) are not included in snapshot reports.
As a result it is sufficient to enter those information manually.

Currently satprep_prepare_maintenance.py prepares maintenance for all system types. As there is a custom key SYSTEM_PROD it would be great have parameters for only preparing prod or non-prod systems (e.g. patching non-prod before patching prod systems).

The idea is to implement parameters -p / --prod-only and -D / --nonprod-only which control this behavior. The script needs to be able to read the report column system_prod for this.

Diff reports currently include new patches as installed patches even if they are not installed.

Steps to reproduce:
1.Sync repo
2.Create snapshot
3.Patch systems
4.Sync repo including new patches
5.Create another snapshot and diff report

satprep_snapshot.py with an non-iterable empty object

Currently monitoring host/host auth information are not included in snapshot reports.

The script satprep_wa_vcvms.py crashes if a VM was moved to another host or storage once it started:

INFO:satprep_wa_vcvms:Checked 270 of 527 VMs so far...
Traceback (most recent call last):
  File "./satprep_wa_vcvms.py", line 251, in <module>
    main(options)
  File "./satprep_wa_vcvms.py", line 95, in main
    thisVM = myVC.get_vm_by_path(vm)
  File "/usr/lib/python2.6/site-packages/pysphere-0.1.8-py2.6.egg/pysphere/vi_server.py", line 291, in get_vm_by_path
    FaultTypes.OBJECT_NOT_FOUND)
pysphere.resources.vi_exception.VIException: [Object Not Found]: Could not find a VM with path '[Prod 01] MYSRV/MYSRV.vmx'

It would be great if the script checks the used clusters and storage clusters first and temporarily disables automatic load-balancing.

It would be great to have a script satprep_schedule_downtime.py which automatically schedules downtimes in Nagios/Icinga/Thruk/Shinken for hosts needing reboots.

Currently a verify log is created when executing satprep_prepare_maintenace.py -V - it would be great if this is also done automatically.

Currently -n / --dry-run isn't working for satprep_install_custominfos.py in combination with -u / --uninstall:

$ ./satprep_install_custominfos.py -un
$

As satprep also has information about virtual machines it would be great if it also automatically creates VM snapshots.
The idea is to implement a script satprep_prepare_maintenance.py that combines creating snapshots and scheduling downtimes.
It would also be awesome to have an option to unschedule downtimes and removing snapshots.

satprep_snapshot.py is currently not able to handle umlauts:

UnicodeEncodeError: 'ascii' codec can't encode character u'\xfc' in position 1: ordinal not in range(128)

Currently satprep is not supported for Spacewalk 2.4 or newer:

satprep_shared.APILevelNotSupportedException: Your API version (16) does not support the required calls. You'll need API version 1.8 (11.1) or higher!

It is sufficient to test and alter the list of supported API levels.

The --dry-run pararemeter is ignored if a huge amount of actions is being removed (workaround).

Currently you need to supply multiple -e / --exclude parameters when exluding systems during maintenance preparation with satprep_prepare_maintenance.py.

It would be nice to have a comma separation to make commands shorter - so:
./satprep_prepare_maintenance.py -e a -e b -e c -e d
could also be written like this:
./satprep_prepare_maintenance.py -e a,b,c,d

I'm not sure if I'm putting this in the right place, hopefully I am.
Would it be possible to add to the pdf/diff that gets created, the CVE # that the installed patch references? That's one of the requirements of my security report.
If this is the wrong way to go about asking for this, please advise and I'll post correctly.
Thanks very much!

Currently having a long patch/erratum table breaks the LaTeX layout - especially the footer.

This seems to be a minor LaTeX template issue.

By default the column "errata_date" is included twice.

As satprep already offers the possibility to (un-)schedule downtimes and create/remove VM snapshots it would be great if it does more complex maintenance in an automated way. I think about nasty things like:

• patch applications
• restart particular daemons
• execute third-party scripts
• force rechecking monitoring
• validating that required services are "OK" in Nagios, Icinga and Shinken

Custom info keys are not escaped, resulting in aborts sometimes. E.g. if a newline is part of a custom info key, an error is created:

...
Traceback (most recent call last):
  File "./satprep_snapshot.py", line 540, in <module>
    main(options)
  File "./satprep_snapshot.py", line 127, in main
    process_system(client, key, writer, system)
  File "./satprep_snapshot.py", line 151, in process_system
    process_errata(client, key, writer, system)
  File "./satprep_snapshot.py", line 358, in process_errata
    writer.writerow(valueSet)
_csv.Error: need to escape, but no escapechar set

Debugging is kinda hard and real a pain if you have hundreds of hosts..

It would be better to use a logger instead of manual printing messages if debug mode is enabled

It would be handy to have a RPM package for easily deploying satprep.

Another (much nicer) possibility to create host patch reports is to use latex/csvtools instead of the current implementation (in which satprep_diff.py does all the stuff).

./satprep_prepare_maintenance.py -k -a auth -g Test_for_satprep -K errata-snapshot-report-localhost-20151217-1433.csv

Haha, you're funny.

Can you have a look please

Anti-virus and backup states and notes defined by host custom infos aren't integrated in PDF reports.

If an inventory of a large system landscape is created the script aborts after at about 10 minutes with the following error:

Traceback (most recent call last):
  File "./satprep_snapshot.py", line 254, in <module>
    updates = client.system.listLatestUpgradablePackages(key, system["id"])
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1199, in __call__
    return self.__send(self.__name, args)
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1489, in __request
    verbose=self.__verbose
  File "/usr/lib64/python2.6/xmlrpclib.py", line 1243, in request
    headers
xmlrpclib.ProtocolError: <ProtocolError for localhost/rpc/api: 503 Service Temporarily Unavailable>

It seems like there is a timeout which can't be changed for XMLRPC API calls: https://access.redhat.com/solutions/696783
The recommendation from Red Hat is to split large calls in bunches - so the idea is to implement a re-login after ~5-10 hosts when satprep_snapshot.py discovers large environments.

Currently the whole code is implemented in main() - it would be better to create functions to optimize readability.

I get "No handlers could be found for logger "satprep". I'm running python 2.6.6, and would appreciate any help you could supply.

It's a good idea to implement a uninstall function in satprep_install_custominfos.py. Using one command it would be possible to completely remove all custom infos used by satprep.

Currently, satprep_patch_freeze.py crashes when a system's profile name differs from the hostname - e.g.:

# ./satprep_patch_freeze.py -g SAP -l sap -n -a sat.auth
ERROR:satprep_patch_freeze:Unable to scan system 'mysapsrv01', check hostname and profile name!

When cloning satprep from ZIP not all Python scripts have the executable bit. This needs to be fixed.

When preparing downtimes for large system landscapes it might be easier to schedule downtimes for complete hostgroups instead on per host basis. It would be great to add an option to satprep_prepare_maintenance.py to address this.

After creating auth files for spacewalk and vcenter, I ran ./satprep_wa_vcvms.py -A vc -S provis1.domain.com -d -a ~/mon.auth -s pcispacewalk.domain.com. The script finds all the VMware hosts, and finds all the linux guests, but it drops all of the linux guests that are currently managed by spacewalk. The names are the same in spacewalk as in vcenter, so I'm not sure why they're being dropped.

DEBUG:satprep_wa_vcvms:Args: ['./satprep_wa_vcvms.py']
DEBUG:satprep-shared:Using authfile
DEBUG:satprep-shared:File permission matches 0600
DEBUG:satprep-shared:Using authfile
DEBUG:satprep-shared:File permission matches 0600
send: 'POST /rpc/api HTTP/1.0\r\nHost: pcispacewalk.domain.com\r\nUser-Agent: xmlrpclib.py/1.0.1 (by www.pythonware.com)\r\nContent-Type: text/xml\r\nContent-Length: 219\r\n\r\n'
send: "<?xml version='1.0'?>\n<methodCall>\n<methodName>auth.login</methodName>\n<params>\n<param>\n<value><string>satprep</string></value>\n</param>\n<param>\n<value><string>Sk1ttle$</string></value>\n</param>\n</params>\n</methodCall>\n"
reply: 'HTTP/1.1 200 OK\r\n'

DEBUG:satprep_wa_vcvms:'msprodweb3' dropped as it is not managed by Satellite
DEBUG:satprep_wa_vcvms:Current array for host 'jaxucsesx3.domain.com': []
DEBUG:satprep_wa_vcvms:'msprodweb2' dropped as it is not managed by Satellite
DEBUG:satprep_wa_vcvms:Current array for host 'jaxproucsesx4.domain.com': []
DEBUG:satprep_wa_vcvms:'msprodact2' dropped as it is not managed by Satellite
DEBUG:satprep_wa_vcvms:Current array for host 'jaxucsesx2.domain.com': []
DEBUG:satprep_wa_vcvms:'msprodact1' dropped as it is not managed by Satellite
DEBUG:satprep_wa_vcvms:Current array for host 'jaxucsesx3.domain.com': []
DEBUG:satprep_wa_vcvms:'msprodldap' dropped as it is not managed by Satellite
DEBUG:satprep_wa_vcvms:Current array for host 'jaxucsesx3.domain.com': []
DEBUG:satprep_wa_vcvms:'msprodrabbit' dropped as it is not managed by Satellite
DEBUG:satprep_wa_vcvms:Current array for host 'jaxucsesx1.domain.com': []

Thanks

When I run the satprep_diff.py I see:

satprep_diff.py errata-snapshot-report-xxxxxxxxxxx-20150802-*csv
INFO:satprep_diff:Assuming file1 ('errata-snapshot-report-xxxxxxxxx-20150802-0059.csv') is the first snapshot.
INFO:satprep_diff:Snapshot and monitoring checkboxes won't be pre-selected as we don't have a valid .vlog!
Traceback (most recent call last):
  File "./satprep_diff.py", line 492, in <module>
    main(options)
  File "./satprep_diff.py", line 196, in main
    f_log = open(options.verificationLog, 'r')
IOError: [Errno 2] No such file or directory: ''

I also attempted using -x and both of the csv files, same result.

Running under RHEL 6.6 x86_64 Linux.

Currently satprep_prepare_maintenance.py schedules downtimes before creating snapshots. When preparing maintenance for large system landscapes this means that the default downtime timeframe of 2 hours might already be exceeded after creating snapshots (because libvirt isn't able to create snapshots asynchronous).

So changing the order and increasing the downtime timeframe should do the trick.

It would be nice to integrate the scheduling downtime feature into satprep_snapshot.py - currently scheduling downtime is done using satprep_schedule_downtime.py. As a result the downtime is scheduled but not mentioned in the snapshot report - which means that the check list isn't pre-selected.

Currently the -e / --exclude parameters need the full system name specified in Satellite. It would be great if also wildcards and case-insensitive names are supported.

When freezing RHN channels, satprep_patch_freeze.py fails with the following error:

INFO:satprep_patch_freeze:Cloning child-channel 'rhn-tools-rhel-x86_64-server-6' as 'rhn-tools-rhel-x86_64-server-6.sp-sap-2015-11-16'
ERROR:satprep_patch_freeze:Unable to clone base-channel: redstone.xmlrpc.XmlRpcFault: Channels names must not start with 'rhn'

The idea is to prepend the prefix instead of appending it.

Currently a failure while creating snapshots stops the script. It would be better if only an error message is printed.

Currently satprep_wa_vcvms.py does not include cluster information which results in incorrect libvirt URIs - e.g.:

vpx://myvc/mydc/myesx

instead of:

vpx://myvc/mydc/mycluster/myesx

It would nice to also unschedule hosts (e.g. in case of prematurly finished maintenance tasks)

Getting following issue while cloning. Can you please fix this.

ERROR:satprep_patch_freeze:Unable to clone base-channel: redstone.xmlrpc.XmlRpcFault: unhandled internal exception: The channel parameter rhn-tools-rhel-x86_64-server-6 clone from 2015-12-03 is invalid. It must be at least 6 characters long, begin with a letter, and contain only lowercase letters, digits, '-', ' / ', '_' and '.'. Also, it cannot begin with 'rhn', 'redhat', or 'red hat'.

Currently satprep_snapshot.py includes all systems in snapshot reports. System can also be locked in Spacewalk to avoid automatic maintenance - it would be great to exclude locked systems.

It would be great to have the possibility to exclude systems and groups in satprep_snapshot.py. Parameter ideas:

• -e / --exclude
• -g / --group
• -E / --exclude-group
• -H / --include-host

Currently satprep_snapshot.py only includes errata information. Using -p it will also include information about conventional patches. Anyhow, this is mostly used so it also could be considered as default flag.

Cloning channels with satprep_patch_freezy.py is not working on RHN Satellite 5.7. It seems like the automatic generated channel names are too long:

$ tail /var/log/rhn/rhn_web_api.log
...
[2015-07-10 10:23:03,944] ERROR - REQUESTED FROM: ::1 CALL: channel.software.clone(myuser, rhn-tools-rhel-x86_64-server-6, {label=rhn-tools-rhel-x86_64-server-6-satprep-2015-07-10, summary=Software channel cloned by Satprep, name=rhn-tools-rhel-x86_64-server-6 clone from 2015-07-10, parent_label=rhel-x86_64-server-6-satprep-2015-07-10}, false) CALLER: (myuser) TIME: 0.02 seconds
redstone.xmlrpc.XmlRpcFault: Channel name must be at least 6 characters long, begin with a letter and may contain only lowercase letters, hyphens ('-'), periods ('.'), underscores ('_'), numerals, spaces, parentheses and forward slashes ('/').
        at com.redhat.rhn.frontend.xmlrpc.BaseHandler.invoke(BaseHandler.java:186)
...

Currently satprep_prepare_maintenance.py completely rewrites the verification log when executed with -k (skip monitoring) or -K (skip snapshots). When preparing maintenance in batches (e.g. productive systems after development systems) the verification log is incomplete and/or contains invalid information.

The behavior needs to be changed like this:

• If vlog exists: append information
• If vlog exists and contains incorrect information (monitoring/snapshots): correct them
• Append/correct information only within selected mode (monitoring only with -K or any, snapshots only with -k or any)

Currenty the logon credentials for Nagios/Icinga/Thruk/Shinken are provided using -u / --username and -p / --password. This means that the credentials can be seen in the shell history. It would be better to implement the auth file mechanism that is also used for the Satellite authentification information

When freezing multiple channels with satprep_patch_freeze.py it might be helpful to have a custom label also included in the Channel name - e.g. "rhel-x86_64-server-6 clone from 2015-11-16 (label)" instead of "rhel-x86_64-server-6 clone from 2015-11-16"