[pve-devel] [PATCH proxmox-offline-mirror 1/2] setup wizard: add subscription keys

[pve-devel] [PATCH proxmox-offline-mirror 1/2] setup wizard: add subscription keys

[Fabian Grünbichler]

to make it a bit easier to configure access to the enterprise repositories.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 docs/offline-keys.rst                         |   3 +-
 src/bin/proxmox-offline-mirror.rs             | 102 ++++++++++++++++++
 .../subscription.rs                           |   2 +-
 3 files changed, 105 insertions(+), 2 deletions(-)

diff --git a/docs/offline-keys.rst b/docs/offline-keys.rst
index 2ce6e2c..91971e5 100644
--- a/docs/offline-keys.rst
+++ b/docs/offline-keys.rst
@@ -57,7 +57,8 @@ Register & Refresh Keys
    Offline Mirror subscription is configured.
 
 Register the hosts with their subscription keys and server IDs using
-``proxmox-offline-mirror key add``, for example:
+``proxmox-offline-mirror setup`` or ``proxmox-offline-mirror key add``, for
+example:
 
 .. code-block:: console
 
diff --git a/src/bin/proxmox-offline-mirror.rs b/src/bin/proxmox-offline-mirror.rs
index bec366a..93e8dfa 100644
--- a/src/bin/proxmox-offline-mirror.rs
+++ b/src/bin/proxmox-offline-mirror.rs
@@ -2,6 +2,8 @@ use std::fmt::Display;
 use std::path::Path;
 
 use anyhow::{bail, Error};
+use proxmox_offline_mirror::config::SubscriptionKey;
+use proxmox_offline_mirror::subscription::{extract_mirror_key, refresh_mirror_key};
 use serde_json::Value;
 
 use proxmox_router::cli::{run_cli_command, CliCommand, CliCommandMap, CliEnvironment};
@@ -609,6 +611,94 @@ fn action_add_medium(config: &SectionConfigData) -> Result<MediaConfig, Error> {
     })
 }
 
+fn action_add_key(config: &SectionConfigData) -> Result<SubscriptionKey, Error> {
+    let (product, mirror_key) = if let Ok(mirror_key) =
+        extract_mirror_key(&config.convert_to_typed_array("subscription")?)
+    {
+        let subscription_products = &[
+            (ProductType::Pve, "Proxmox VE"),
+            (ProductType::Pbs, "Proxmox Backup Server"),
+            (ProductType::Pmg, "Proxmox Mail Gateway"),
+        ];
+
+        let product = read_selection_from_tty(
+            "Select Proxmox product for which subscription key should be added",
+            subscription_products,
+            None,
+        )?;
+
+        (product, Some(mirror_key))
+    } else {
+        println!("No mirror key configured yet, forcing mirror key setup first..");
+        (&ProductType::Pom, None)
+    };
+
+    let key = read_string_from_tty("Please enter subscription key", None)?;
+    if config.sections.get(&key).is_some() {
+        bail!("Key entry for '{key}' already exists - please use 'key refresh' or 'key update'!");
+    }
+
+    let server_id = if product == &ProductType::Pom {
+        let server_id = proxmox_subscription::get_hardware_address()?;
+        println!("Server ID of this system is '{server_id}'");
+        server_id
+    } else {
+        read_string_from_tty(
+            "Please enter server ID of offline system using this subscription",
+            None,
+        )?
+    };
+
+    let mut data = SubscriptionKey {
+        key,
+        server_id,
+        description: None,
+        info: None,
+    };
+
+    if data.product() != *product {
+        bail!(
+            "Selected product and product in subscription key don't match: {} != {}",
+            product,
+            data.product()
+        );
+    }
+
+    if read_bool_from_tty("Attempt to refresh key", Some(true))? {
+        let info = if let Some(mirror_key) = mirror_key {
+            if let Err(err) = refresh_mirror_key(mirror_key.clone()) {
+                eprintln!("Failed to refresh mirror_key '{}' - {err}", mirror_key.key);
+            }
+
+            let mut refreshed = proxmox_offline_mirror::subscription::refresh_offline_keys(
+                mirror_key,
+                vec![data.clone()],
+                public_key()?,
+            )?;
+
+            refreshed
+                .pop()
+                .ok_or_else(|| format_err!("Server did not return subscription info.."))?
+        } else {
+            proxmox_offline_mirror::subscription::refresh_mirror_key(data.clone())?
+        };
+
+        println!(
+            "Refreshed subscription info - status: {}, message: {}",
+            info.status,
+            info.message.as_ref().unwrap_or(&"-".to_string())
+        );
+
+        if info.key.as_ref() == Some(&data.key) {
+            data.info = Some(base64::encode(serde_json::to_vec(&info)?));
+        } else {
+            bail!("Server returned subscription info for wrong key.");
+        }
+    }
+
+    Ok(data)
+}
+
 #[api(
     input: {
         properties: {
@@ -639,6 +729,7 @@ async fn setup(config: Option<String>, _param: Value) -> Result<(), Error> {
     }
 
     enum Action {
+        AddKey,
         AddMirror,
         AddMedium,
         Quit,
@@ -662,11 +753,13 @@ async fn setup(config: Option<String>, _param: Value) -> Result<(), Error> {
             vec![
                 (Action::AddMirror, "Add new mirror entry"),
                 (Action::AddMedium, "Add new medium entry"),
+                (Action::AddKey, "Add new subscription key"),
                 (Action::Quit, "Quit"),
             ]
         } else {
             vec![
                 (Action::AddMirror, "Add new mirror entry"),
+                (Action::AddKey, "Add new subscription key"),
                 (Action::Quit, "Quit"),
             ]
         };
@@ -691,11 +784,20 @@ async fn setup(config: Option<String>, _param: Value) -> Result<(), Error> {
                 println!("Config entry '{id}' added");
                 println!("Run \"proxmox-offline-mirror medium sync --config '{config_file}' '{id}'\" to sync mirror snapshots to medium.");
             }
+            Action::AddKey => {
+                let key = action_add_key(&config)?;
+                let id = key.key.clone();
+                config.set_data(&id, "subscription", &key)?;
+                save_config(&config_file, &config)?;
+                println!("Config entry '{id}' added");
+                println!("Run \"proxmox-offline-mirror key refresh\" to refresh subscription information");
+            }
         }
     }
 
     Ok(())
 }
+
 fn main() {
     let rpcenv = CliEnvironment::new();
 
diff --git a/src/bin/proxmox_offline_mirror_cmds/subscription.rs b/src/bin/proxmox_offline_mirror_cmds/subscription.rs
index 911b0af..e58b049 100644
--- a/src/bin/proxmox_offline_mirror_cmds/subscription.rs
+++ b/src/bin/proxmox_offline_mirror_cmds/subscription.rs
@@ -126,7 +126,7 @@ pub const SHOW_KEY_RETURN_TYPE: ReturnType = ReturnType {
     optional: true,
 };
 
-fn public_key() -> Result<openssl::pkey::PKey<openssl::pkey::Public>, Error> {
+pub(crate) fn public_key() -> Result<openssl::pkey::PKey<openssl::pkey::Public>, Error> {
     openssl::pkey::PKey::public_key_from_pem(&file_get_contents(DEFAULT_SIGNING_KEY)?)
         .map_err(Error::from)
 }
-- 
2.30.2

[pve-devel] [PATCH proxmox-offline-mirror 2/2] fix #4614: add note about key requirements to mirror docs

[Fabian Grünbichler]

and reference the key part of the documentation.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
 docs/offline-keys.rst   | 2 ++
 docs/offline-mirror.rst | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/docs/offline-keys.rst b/docs/offline-keys.rst
index 91971e5..0f228eb 100644
--- a/docs/offline-keys.rst
+++ b/docs/offline-keys.rst
@@ -25,6 +25,8 @@ Proxmox Backup Server  proxmox-backup-server  2.2.6-1
 Proxmox Mail Gateway   pmg-api                7.1-7
 =====================  =====================  ======================================
 
+.. _setup_offline_key:
+
 Setup Offline Mirror Key
 ------------------------
 
diff --git a/docs/offline-mirror.rst b/docs/offline-mirror.rst
index aa4780e..33e5259 100644
--- a/docs/offline-mirror.rst
+++ b/docs/offline-mirror.rst
@@ -16,6 +16,11 @@ First, either run the ``setup`` wizard (``proxmox-offline-mirror setup``), or th
    ``setup`` wizard. Choose the product when adding a mirror and confirm the question regarding
    auto-adding the Debian base repos.
 
+.. note:: To be able to access and mirror a product's enterprise repository,
+   ``proxmox-offline-mirror`` requires that both, an active product subscription key and a Proxmox
+   Offline Mirror subscription is configured (see :ref:`setup_offline_key`)
+
+
 For example, to manually add a mirror entry for the Debian Bullseye security repository, the
 following command can be used:
 
-- 
2.30.2

Re: [pve-devel] [PATCH proxmox-offline-mirror 1/2] setup wizard: add subscription keys

[Thomas Lamprecht]

On 18/04/2023 10:58, Fabian Grünbichler wrote:
> to make it a bit easier to configure access to the enterprise repositories.
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
>  docs/offline-keys.rst                         |   3 +-
>  src/bin/proxmox-offline-mirror.rs             | 102 ++++++++++++++++++
>  .../subscription.rs                           |   2 +-
>  3 files changed, 105 insertions(+), 2 deletions(-)
> 

applied, with a minor fix up (see below), thanks!

> diff --git a/src/bin/proxmox-offline-mirror.rs b/src/bin/proxmox-offline-mirror.rs
> index bec366a..93e8dfa 100644
> --- a/src/bin/proxmox-offline-mirror.rs
> +++ b/src/bin/proxmox-offline-mirror.rs
> @@ -2,6 +2,8 @@ use std::fmt::Display;
>  use std::path::Path;
>  
>  use anyhow::{bail, Error};

fixed up adding missing use for format_err here.

[pve-devel] applied: Re: [PATCH proxmox-offline-mirror 2/2] fix #4614: add note about key requirements to mirror docs

[Thomas Lamprecht]

On 18/04/2023 10:58, Fabian Grünbichler wrote:
> and reference the key part of the documentation.
> 
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
>  docs/offline-keys.rst   | 2 ++
>  docs/offline-mirror.rst | 5 +++++
>  2 files changed, 7 insertions(+)
> 
>

applied, thanks!