ISSv3 - Add API to register a peripheral/hub

[mackdk]

What does this PR change?

This PR introduces a new API to register a remote server as a hub or peripheral for the current server. This can be achieved in two ways:

• Using an existing token generated by the remote server.
• Providing the username and password of a SAT user from the remote server.

Additionally, the root certificate can be provided if needed to establish a secure connection with the remote server.

API logic

The method will execute the following steps:

• If not directly provided, generate a token by calling the XMLRPC API iss.generateAccessToken. This is invoked using the REST-like version of the API, with the provided username/password combination.
• Store the token for accessing the remote server.
• Register the remote server with the specified role in the relevant database table.
• Issue a token for the remote machine.
• Invoke the new ISSv3-specific API register() on the remote machine. This handles the registration of the current server on the remote server in the opposite role and transfers the token required by the remote server to connect.
• Generate and transfer the SCC credentials needed for the peripheral to access the SCC Endpoint provided by the hub.

Things to develop further

• Currently, the root CA is only stored in the database, as Tomcat does not have the privileges to alter the system trust configuration. https://github.com/SUSE/spacewalk/issues/26180
• The SCC credentials are currently only stored on the peripheral server. The hub will likely need different credentials to avoid interfering with the standard SCC synchronization.

GUI diff

No difference.

• DONE

Documentation

• Documentation WIP
• DONE

Test coverage

• Unit tests were added

• DONE

Links

Issue(s): https://github.com/SUSE/spacewalk/issues/25518 https://github.com/SUSE/spacewalk/issues/25519

• DONE

Changelogs

Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository

If you don't need a changelog check, please mark this checkbox:

• No changelog needed

If you uncheck the checkbox after the PR is created, you will need to re-run changelog_test (see below)

Re-run a test

If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:

• Re-run test "changelog_test"
• Re-run test "backend_unittests_pgsql"
• Re-run test "java_pgsql_tests"
• Re-run test "schema_migration_test_pgsql"
• Re-run test "susemanager_unittests"
• Re-run test "javascript_lint"
• Re-run test "spacecmd_unittests"

Before you merge

Check How to branch and merge properly!

[github-actions]

👋 Hello! Thanks for contributing to our project.
Acceptance tests will take some time (aprox. 1h), please be patient ☕
You can see the progress at the end of this page and at https://github.com/uyuni-project/uyuni/pull/9611/checks
Once tests finish, if they fail, you can check 👀 the cucumber report. See the link at the output of the action.
You can also check the artifacts section, which contains the logs at https://github.com/uyuni-project/uyuni/pull/9611/checks.

If you are unsure the failing tests are related to your code, you can check the "reference jobs". These are jobs that run on a scheduled time with code from master. If they fail for the same reason as your build, it means the tests or the infrastructure are broken. If they do not fail, but yours do, it means it is related to your code.

Reference tests:

• https://github.com/uyuni-project/uyuni/actions/workflows/acceptance_tests_secondary_parallel.yml?query=event%3Aschedule

• https://github.com/uyuni-project/uyuni/actions/workflows/acceptance_tests_secondary.yml?query=event%3Aschedule

KNOWN ISSUES

Sometimes the build can fail when pulling new jar files from download.opensuse.org . This is a known limitation. Given this happens rarely, when it does, all you need to do is rerun the test. Sorry for the inconvenience.

For more tips on troubleshooting, see the troubleshooting guide.

Happy hacking!
⚠️ You should not merge if acceptance tests fail to pass. ⚠️

[github-actions]

Suggested tests to cover this Pull Request

• proxy_cobbler_pxeboot
• srv_monitoring
• srv_rename_hostname
• proxy_branch_network
• allcli_sanity
• srv_sync_channels
• srv_menu
• srv_first_settings
• srv_maintenance_windows
• srv_disable_local_repos_off
• srv_sync_products
• srv_virtual_host_manager
• min_rhlike_openscap_audit
• min_salt_mgrcompat_state
• buildhost_docker_build_image
• min_retracted_patches
• srv_check_sync_source_packages
• allcli_overview_systems_details
• min_salt_formulas
• minkvm_guests
• srv_clone_channel_npn
• min_rhlike_ssh
• min_salt_lock_packages
• srv_cobbler_profile
• min_salt_install_with_staging
• min_check_patches_install
• buildhost_docker_auth_registry
• proxy_as_pod_basic_tests
• srv_handle_config_channels_with_ISS_v2
• srv_docker_advanced_content_management
• buildhost_osimage_build_image
• proxy_traditional_branch_network
• srv_errata_api
• srv_manage_channels_page
• min_config_state_channel
• min_cve_id_new_syntax
• srv_logfile
• srv_delete_channel_with_tool
• srv_create_repository
• min_bootstrap_api
• min_salt_minions_page
• srv_enable_sync_products
• srv_cobbler_distro
• min_rhlike_salt
• proxy_retail_pxeboot_and_mass_import
• min_rhlike_remote_command
• min_salt_migration
• min_change_software_channel
• srv_user_configuration_salt_states
• min_ssh_tunnel
• srv_dist_channel_mapping
• srv_check_reposync
• srv_group_union_intersection
• srv_manage_activationkey
• srv_create_activationkey
• minssh_move_from_and_to_proxy
• srv_users
• srv_power_management
• srv_cobbler_sync
• proxy_container_retail_mass_import
• srv_menu_filter
• srv_osimage
• srv_salt_download_endpoint
• min_deblike_ssh
• min_salt_openscap_audit
• srv_organization_credentials
• minssh_salt_install_package
• sle_minion
• srv_task_status_engine
• proxy_container_branch_network
• min_bootstrap_reactivation
• srv_delete_channel_from_ui
• min_rhlike_monitoring
• srv_sync_fake_channels
• allcli_action_chain
• min_virthost
• proxy_container
• srv_scc_user_credentials
• min_deblike_salt
• minssh_bootstrap_api
• buildhost_bootstrap
• allcli_software_channels_dependencies
• min_docker_api
• srv_add_rocky8_repositories
• srv_change_password
• srv_channels_add
• srv_push_package
• proxy_container_retail_pxeboot
• srv_activationkey_api
• srv_reportdb
• min_rhlike_salt_install_package_and_patch
• min_project_lotus
• srv_payg_ssh_connection
• srv_user_preferences
• min_cve_audit
• min_bootstrap_script
• min_salt_pkgset_beacon
• min_salt_user_states
• srv_user_api
• sle_ssh_minion
• srv_docker
• proxy_traditional
• proxy_container_cobbler_pxeboot
• srv_wait_for_reposync
• min_timezone
• srv_create_fake_channels
• srv_docker_cve_audit
• srv_datepicker
• min_monitoring
• srv_power_management_api
• minssh_tunnel
• min_deblike_remote_command
• srv_power_management_redfish
• srv_salt
• min_bootstrap_ssh_key
• srv_advanced_search
• min_config_state_channel_subscriptions
• allcli_reboot
• srv_handle_software_channels_with_ISS_v2
• minssh_action_chain
• srv_security
• proxy_register_as_minion_with_script
• srv_channel_api
• srv_notifications
• min_bootstrap_negative
• srv_custom_system_info
• allcli_update_activationkeys
• min_salt_minion_details
• srv_create_fake_repositories
• min_salt_formulas_advanced
• min_ansible_control_node
• srv_patches_page
• proxy_traditional_cobbler_pxeboot
• min_deblike_salt_install_package
• proxy_traditional_retail_pxeboot
• minssh_ansible_control_node
• srv_distro_cobbler
• allcli_system_group
• srv_change_task_schedule
• srv_disable_scheduled_reposync
• min_deblike_salt_install_with_staging
• srv_content_lifecycle
• min_action_chain
• min_move_from_and_to_proxy
• allcli_config_channel
• min_config_state_channel_api
• proxy_traditional_retail_mass_import
• allcli_software_channels
• min_custom_pkg_download_endpoint
• srv_restart
• min_activationkey
• min_deblike_openscap_audit
• min_recurring_action
• min_salt_software_states
• srv_check_channels_page
• min_deblike_monitoring
• srv_cobbler_buildiso
• min_salt_install_package
• min_empty_system_profiles
• srv_mainpage

[mcalmer]

I wonder if this method should also get a loggedInUser parameter to check it inside of it.
If this method is also called by UI orther code it might be better to perform the user check also in the manager class.

[mcalmer]

as usual we need to check and update the path for the schema migration.

[mcalmer]

we have "com.suse.manager.iss" and "com.suse.manager.model.hub".
Maybe we should rename "com.suse.manager.model.hub" also in "com.suse.manager.model.iss" ?

[rjmateus]

@mcalmer I think it would be better to have the package as "com.suse.manager.model.hub", since it makes it more flexible in case we need to had more logic to hub scenarios that is not related to ISS