From 11b95da9adb853a642a3144d015f252f3068aace Mon Sep 17 00:00:00 2001 From: nofaralfasi Date: Mon, 4 Sep 2023 18:15:15 +0300 Subject: [PATCH] Fixes #36747 - create new snippet for subscription-manager setup This snippet replaces the use of the katello-ca-consumer RPM for host registration. It incorporates the necessary code from the Global Registration template to streamline subscription-manager configuration during provisioning. --- .../registration/global_registration.erb | 70 +--------- .../snippet/redhat_register.erb | 42 ++---- .../snippet/subscription_manager_setup.erb | 128 ++++++++++++++++++ 3 files changed, 140 insertions(+), 100 deletions(-) create mode 100644 app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb diff --git a/app/views/unattended/provisioning_templates/registration/global_registration.erb b/app/views/unattended/provisioning_templates/registration/global_registration.erb index f9f4af6e2749..8b979b1d2f79 100644 --- a/app/views/unattended/provisioning_templates/registration/global_registration.erb +++ b/app/views/unattended/provisioning_templates/registration/global_registration.erb @@ -139,75 +139,9 @@ register_katello_host(){ } -KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem -RHSM_CFG=/etc/rhsm/rhsm.conf + <%= snippet("subscription_manager_setup", variables: {existing_machine: true}).strip %> -# Backup rhsm.conf -if [ -f $RHSM_CFG ] ; then - test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak -fi - -# rhn-client-tools conflicts with subscription-manager package -# since rhn tools replaces subscription-manager, we need to explicitly -# install subscription-manager after the rhn tools cleanup -if [ x$ID = xol ]; then - $PKG_MANAGER_REMOVE rhn-client-tools - $PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager -fi - -<% if truthy?(@force) -%> -# Unregister host and remove all local system and subscription data - -if [ -x "$(command -v subscription-manager)" ] ; then - subscription-manager unregister || true - subscription-manager clean -fi - -$PKG_MANAGER_REMOVE katello-ca-consumer\* -<% end -%> - -# Prepare SSL certificate -mkdir -p /etc/rhsm/ca -cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT -chmod 644 $KATELLO_SERVER_CA_CERT - -# Prepare subscription-manager -if ! [ -x "$(command -v subscription-manager)" ] ; then - $PKG_MANAGER_INSTALL subscription-manager -else - $PKG_MANAGER_UPGRADE subscription-manager -fi - -if ! [ -f $RHSM_CFG ] ; then - echo "'$RHSM_CFG' not found, cannot configure subscription-manager" - cleanup_and_exit 1 -fi - -# Configure subscription-manager -test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak -subscription-manager config \ - --server.hostname="<%= @rhsm_url.host if @rhsm_url %>" \ - --server.port="<%= @rhsm_url.port if @rhsm_url %>" \ - --server.prefix="<%= @rhsm_url.path if @rhsm_url %>" \ - --rhsm.repo_ca_cert="$KATELLO_SERVER_CA_CERT" \ - --rhsm.baseurl="<%= @pulp_content_url %>" - -# Older versions of subscription manager may not recognize -# report_package_profile and package_profile_on_trans options. -# So set them separately and redirect out & error to /dev/null -# to fail silently. -subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true -subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true - -# Configuration for EL6 -if grep --quiet full_refresh_on_yum $RHSM_CFG; then - sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG -else - full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1" - sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG -fi - -subscription-manager register <%= '--force' if truthy?(@force) %> \ + subscription-manager register <%= '--force' if truthy?(@force) %> \ --org='<%= @organization.label if @organization %>' \ --activationkey='<%= activation_keys %>' || <%= truthy?(@ignore_subman_errors) ? 'true' : 'cleanup_and_exit 1' %> diff --git a/app/views/unattended/provisioning_templates/snippet/redhat_register.erb b/app/views/unattended/provisioning_templates/snippet/redhat_register.erb index f6eff9adf223..93033c9bc2c3 100644 --- a/app/views/unattended/provisioning_templates/snippet/redhat_register.erb +++ b/app/views/unattended/provisioning_templates/snippet/redhat_register.erb @@ -73,7 +73,7 @@ description: | # Katello or subscription-manager: if host_param_true?('subscription_manager') || host_param('kt_activation_keys') registration_type = 'subscription_manager' - # Spacewalk: + # Spacewalk: elsif host_param('spacewalk_host') registration_type = 'spacewalk' end if @@ -108,17 +108,9 @@ description: | echo echo "Starting the subscription-manager registration process" - <% if !atomic %> - # Avoid timeout accessing unreachable repo on air gapped infrastructure, - # assuming subscription-manager is installed in custom packages section. - if ! rpm --query --quiet subscription-manager ; then - if [ -f /usr/bin/dnf ]; then - dnf -y install subscription-manager - else - yum -t -y install subscription-manager - fi - fi - <% end %> + <%= snippet 'pkg_manager' %> + + <%= snippet("subscription_manager_setup", variables: {existing_machine: false}).strip %> <%- if (host_param('syspurpose_role') || host_param('syspurpose_usage') || host_param('syspurpose_sla') || host_param('syspurpose_addons')) %> <%- if !atomic %> @@ -166,12 +158,6 @@ description: | <% end %> <% end %> - <% if atomic %> - curl -s <%= subscription_manager_atomic_url %> | IS_ATOMIC=true bash - <% elsif subscription_manager_certpkg_url %> - rpm -Uvh <%= subscription_manager_certpkg_url %> - <% end %> - <% if host_param('subscription_manager_username') && host_param('subscription_manager_password') %> <% if host_param('subscription_manager_pool') %> subscription-manager register --name="<%= @host.name %>" --username='<%= host_param("subscription_manager_username") %>' --password='<%= host_param("subscription_manager_password") %>' @@ -217,14 +203,6 @@ description: | <% end %> <% if !atomic %> - <% if redhat_install_agent || redhat_install_host_tools || redhat_install_host_tracer_tools %> - if [ -f /usr/bin/dnf ]; then - PACKAGE_MAN="dnf -y" - else - PACKAGE_MAN="yum -t -y" - fi - <% end %> - <% if redhat_install_agent %> $PACKAGE_MAN install katello-agent <% elsif redhat_install_host_tools %> @@ -287,18 +265,18 @@ description: | # Check we registered echo -n "Checking System Registration... " if ! rhn_check; then - echo "FAILED" - echo " >> RHN Registration FAILED. Please Investigate. <<" + echo "FAILED" + echo " >> RHN Registration FAILED. Please Investigate. <<" else - echo "registration successful." + echo "registration successful." fi <% if host_param_true?('redhat_install_agent') %> - if [ -f /usr/bin/dnf ]; then + if [ -f /usr/bin/dnf ]; then dnf -y install osad - else + else yum -t -y install osad - fi + fi <% end %> <% else %> echo "No activation key found: Not registering" diff --git a/app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb b/app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb new file mode 100644 index 000000000000..2253f73e654e --- /dev/null +++ b/app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb @@ -0,0 +1,128 @@ +<%# +kind: snippet +name: subscription_manager_setup +model: ProvisioningTemplate +snippet: true +description: | + Streamline the provisioning process by configuring subscription-manager during the Global Registration template execution. + This snippet integrates into the existing "redhat_register" snippet for efficient host registration. +-%> + +# Define the path to rhsm.conf +RHSM_CFG=/etc/rhsm/rhsm.conf + +<% if plugin_present?('katello') -%> + # Define the path to the Katello server CA certificate + KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem + + # If SSL_CA_CERT is not set, create a temporary file for it + if [ -z "$SSL_CA_CERT" ]; then + SSL_CA_CERT=$(mktemp) + cat << EOF > "$SSL_CA_CERT" + <%= foreman_server_ca_cert %> + EOF + fi + + <% if @existing_machine -%> + # Backup the original rhsm.conf file + if [ -f $RHSM_CFG ] ; then + test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak + fi + + # rhn-client-tools conflicts with subscription-manager package + # since rhn tools replaces subscription-manager, we need to explicitly + # install subscription-manager after the rhn tools cleanup + if [ x$ID = xol ]; then + $PKG_MANAGER_REMOVE rhn-client-tools + $PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager + fi + + <% if truthy?(@force) -%> + # Unregister host and remove all local system and subscription data + if [ -x "$(command -v subscription-manager)" ] ; then + subscription-manager unregister || true + subscription-manager clean + fi + + $PKG_MANAGER_REMOVE katello-ca-consumer\* + <% end -%> + <% end -%> + + # Prepare the SSL certificate + mkdir -p /etc/rhsm/ca + cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT + chmod 644 $KATELLO_SERVER_CA_CERT + +<% end -%> + +# Prepare subscription-manager +if ! [ -x "$(command -v subscription-manager)" ] ; then +$PKG_MANAGER_INSTALL subscription-manager +else +$PKG_MANAGER_UPGRADE subscription-manager +fi + +# Check if rhsm.conf exists +if ! [ -f $RHSM_CFG ] ; then +echo "'$RHSM_CFG' not found, cannot configure subscription-manager" +<% if plugin_present?('katello') -%> + rm -f $SSL_CA_CERT +<% end -%> +exit 1 +fi + +<% + if plugin_present?('katello') + server_hostname = @rhsm_url&.host + server_port = @rhsm_url&.port + server_prefix = @rhsm_url&.path + repo_ca_cert = "$KATELLO_SERVER_CA_CERT" + rhsm_baseurl = @pulp_content_url + else + server_hostname = "subscription.rhsm.redhat.com" + server_port = "443" + server_prefix = "/subscription" + repo_ca_cert = "/etc/rhsm/ca/redhat-uep.pem" + rhsm_baseurl = "https://cdn.redhat.com" + end +-%> + +# Configure subscription-manager +test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak +subscription-manager config \ +--server.hostname="<%= server_hostname %>" \ +--server.port="<%= server_port %>" \ +--server.prefix="<%= server_prefix %>" \ +--rhsm.repo_ca_cert="<%= repo_ca_cert %>" \ +--rhsm.baseurl="<%= rhsm_baseurl %>" + +# Older versions of subscription manager may not recognize +# report_package_profile and package_profile_on_trans options. +# So set them separately and redirect out & error to /dev/null +# to fail silently. +subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true +subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true + +# Configuration for EL6 +if grep --quiet full_refresh_on_yum $RHSM_CFG; then +sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG +else +full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1" +sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG +fi + +<% if !@existing_machine && plugin_present?('katello') -%> + CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors + + # Add the Katello CA certificate to the system-wide CA certificate store + if [ -d $CA_TRUST_ANCHORS ]; then + update-ca-trust enable + cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS + update-ca-trust + fi + + # Restart yggdrasild if installed and running + systemctl try-restart yggdrasil >/dev/null 2>&1 || true + + exit 0 +<% end -%>