packages/aops-apollo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!99 [sync] PR-98: 优化cve关联查询性能及适配20.03-sp3版本

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @zhu-yuncheng 
Signed-off-by: @zhu-yuncheng
This commit is contained in:
openeuler-ci-bot 2023-10-19 08:32:40 +00:00 committed by Gitee
commit 02c8b39bbe
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 23 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
0001-fix-updateinfo_parse.py-bug.patch
View File

@ -1,30 +0,0 @@
From 68d4c8cad42960391998868f15e2f99b40daa216 Mon Sep 17 00:00:00 2001
From: wang-guangge <wangguangge@huawei.com>
Date: Tue, 19 Sep 2023 13:58:04 +0800
Subject: [PATCH] fix updateinfo_parse.py bug
---
hotpatch/updateinfo_parse.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hotpatch/updateinfo_parse.py b/hotpatch/updateinfo_parse.py
index 42e3814..7bfba61 100644
--- a/hotpatch/updateinfo_parse.py
+++ b/hotpatch/updateinfo_parse.py
@@ -279,12 +279,12 @@ class HotpatchUpdateInfo(object):
hotpatch(Hotpatch)
"""
hotpatch.state = self.UNRELATED
+ is_find_installable_hp = False
for required_pkg_name, required_pkg_vere in hotpatch.required_pkgs_info.items():
inst_pkgs = self._inst_pkgs_query.filter(name=required_pkg_name)
# check whether the relevant target required package is installed on this machine
if not inst_pkgs:
return
- is_find_installable_hp = False
for inst_pkg in inst_pkgs:
inst_pkg_vere = '%s-%s' % (inst_pkg.version, inst_pkg.release)
if not self.version.larger_than(required_pkg_vere, inst_pkg_vere):
--
2.33.0

67
0002-add-repair-status-of-the-cve-fixed-package.patch
View File

@ -1,67 +0,0 @@
From 7797ac40d715c9e7d56f1d6c0053b699c42c4ac2 Mon Sep 17 00:00:00 2001
From: gongzt <gong_zhengtang@163.com>
Date: Tue, 19 Sep 2023 18:45:38 +0800
Subject: Added the repair status of the cve fixed package
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
apollo/database/proxy/cve.py | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/apollo/database/proxy/cve.py b/apollo/database/proxy/cve.py
index 95de25c..c6d017e 100644
--- a/apollo/database/proxy/cve.py
+++ b/apollo/database/proxy/cve.py
@@ -1562,21 +1562,25 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
cve_fixed_packages = (
self.session.query(
+ CveHostAssociation.id,
CveHostAssociation.installed_rpm,
CveHostAssociation.fixed_way,
func.count(CveHostAssociation.host_id).label("host_num"),
)
.filter(*filters)
- .group_by('installed_rpm', 'fixed_way')
+ .group_by('installed_rpm', 'fixed_way', 'id')
.all()
)
if not cve_fixed_packages:
return NO_DATA, []
+ cve_fixed_packages_status = (
+ self.session.query(CveHostAssociation.id, CveHostAssociation.hp_status).filter(*filters).all()
+ )
- return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages)
+ return SUCCEED, self._cve_fixed_packages_row2dict(cve_fixed_packages, cve_fixed_packages_status)
@staticmethod
- def _cve_fixed_packages_row2dict(rows):
+ def _cve_fixed_packages_row2dict(rows, cve_fixed_packages_status):
"""
Fixed cve package row data converted to dictionary
Args:
@@ -1586,10 +1590,17 @@ class CveProxy(CveMysqlProxy, CveEsProxy):
list
"""
result = []
+ cve_fixed_packages_status_dict = {
+ cve_host_match.id: cve_host_match.hp_status for cve_host_match in cve_fixed_packages_status
+ }
for row in rows:
+ status = cve_fixed_packages_status_dict[row.id] if cve_fixed_packages_status_dict[row.id] else ""
+ fixed_way = row.fixed_way
+ if fixed_way != "coldpatch":
+ fixed_way = fixed_way + f" ({status})"
fixed_rpm = {
"installed_rpm": row.installed_rpm,
- "fixed_way": row.fixed_way,
+ "fixed_way": fixed_way,
"host_num": row.host_num,
}
result.append(fixed_rpm)
--
Gitee

BIN
aops-apollo-v1.3.2.tar.gz
View File

Binary file not shown.

BIN
aops-apollo-v1.3.4.tar.gz Normal file
View File

Binary file not shown.

41
aops-apollo.spec
View File

@ -1,32 +1,23 @@
Name: aops-apollo Name: aops-apollo
Version: v1.3.2 Version: v1.3.4
Release: 3 Release: 1
Summary: Cve management service, monitor machine vulnerabilities and provide fix functions. Summary: Cve management service, monitor machine vulnerabilities and provide fix functions.
License: MulanPSL2 License: MulanPSL2
URL: https://gitee.com/openeuler/%{name} URL: https://gitee.com/openeuler/%{name}
Source0: %{name}-%{version}.tar.gz Source0: %{name}-%{version}.tar.gz
BuildRequires: python3-setuptools BuildRequires: python3-setuptools
Requires: aops-vulcanus >= v1.2.0 Requires: aops-vulcanus >= v1.3.0
Requires: python3-elasticsearch python3-flask-restful python3-marshmallow >= 3.13.0 Requires: python3-elasticsearch python3-flask-restful python3-marshmallow >= 3.13.0
Requires: python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11.0 Requires: python3-sqlalchemy python3-PyMySQL python3-Flask-APScheduler >= 1.11.0
Requires: python3-PyYAML python3-flask python3-gevent Requires: python3-PyYAML python3-flask python3-gevent
Requires: python3-retrying python3-lxml Requires: python3-retrying python3-lxml
Provides: aops-apollo Provides: aops-apollo
Patch0001: 0001-fix-updateinfo_parse.py-bug.patch
Patch0002: 0002-add-repair-status-of-the-cve-fixed-package.patch
%description %description
Cve management service, monitor machine vulnerabilities and provide fix functions. Cve management service, monitor machine vulnerabilities and provide fix functions.
%package -n dnf-hotpatch-plugin
Summary: dnf hotpatch plugin
Requires: python3-hawkey python3-dnf syscare >= 1.0.1
%description -n dnf-hotpatch-plugin
dnf hotpatch plugin, it's about hotpatch query and fix
%package -n aops-apollo-tool %package -n aops-apollo-tool
Summary: Small tools for aops-apollo, e.g. updateinfo.xml generater Summary: Small tools for aops-apollo, e.g. updateinfo.xml generater
@ -36,7 +27,7 @@ Requires: python3-rpm
smalltools for aops-apollo, e.g.updateinfo.xml generater smalltools for aops-apollo, e.g.updateinfo.xml generater
%prep %prep
%autosetup -n %{name}-%{version} -p1 %autosetup -n %{name}-%{version}
# build for aops-apollo # build for aops-apollo
@ -57,9 +48,6 @@ pushd aops-apollo-tool
%py3_install %py3_install
popd popd
#install for aops-dnf-plugin
cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
%files %files
%doc README.* %doc README.*
@ -71,8 +59,6 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
%{python3_sitelib}/apollo/* %{python3_sitelib}/apollo/*
%attr(0755, root, root) /opt/aops/database/* %attr(0755, root, root) /opt/aops/database/*
%files -n dnf-hotpatch-plugin
%{python3_sitelib}/dnf-plugins/*
%files -n aops-apollo-tool %files -n aops-apollo-tool
%attr(0644,root,root) %{_sysconfdir}/aops_apollo_tool/updateinfo_config.ini %attr(0644,root,root) %{_sysconfdir}/aops_apollo_tool/updateinfo_config.ini
@ -81,6 +67,25 @@ cp -r hotpatch %{buildroot}/%{python3_sitelib}/dnf-plugins/
%{python3_sitelib}/aops_apollo_tool/* %{python3_sitelib}/aops_apollo_tool/*
%changelog %changelog
* Thu Oct 19 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.4-1
- Remove hotpatch
* Wed Oct 18 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.3-2
- optimize cve query performance
- fixed errors in 20.03-sp3, such as task progress, cve repair task, and host cve query
* Thu Sep 21 2023 zhuyuncheng<zhuyuncheng@huawei.com> - v1.3.3-1
- update typing and requires version
* Thu Sep 21 2023 wangguangge<wangguangge@huawei.com> - v1.3.2-6
- fix the hot_updateinfo.py bug
* Wed Sep 20 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.2-5
- add fixed and hp_status filter
* Wed Sep 20 2023 wangguangge<wangguangge@huawei.com> - v1.3.2-4
- fix the hotupgrade.py bug
* Tue Sep 19 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.2-3 * Tue Sep 19 2023 gongzhengtang<gong_zhengtang@163.com> - v1.3.2-3
- added the repair status of the cve fixed package - added the repair status of the cve fixed package