From 5740229523d7e5982b59c96c124cf2dba7dd0b84 Mon Sep 17 00:00:00 2001 From: nofaralfasi Date: Mon, 4 Sep 2023 18:15:15 +0300 Subject: [PATCH] Fixes #36747 - create new snippet for subscription-manager setup This snippet replaces the use of the katello-ca-consumer RPM for host registration. It incorporates the necessary code from the Global Registration template to streamline subscription-manager configuration during provisioning. --- .../registration/global_registration.erb | 68 +-------- .../snippet/redhat_register.erb | 29 +--- .../snippet/subscription_manager_setup.erb | 136 ++++++++++++++++++ 3 files changed, 142 insertions(+), 91 deletions(-) create mode 100644 app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb diff --git a/app/views/unattended/provisioning_templates/registration/global_registration.erb b/app/views/unattended/provisioning_templates/registration/global_registration.erb index f9f4af6e2749..2f4d4e5e11cc 100644 --- a/app/views/unattended/provisioning_templates/registration/global_registration.erb +++ b/app/views/unattended/provisioning_templates/registration/global_registration.erb @@ -139,73 +139,7 @@ register_katello_host(){ } -KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem -RHSM_CFG=/etc/rhsm/rhsm.conf - -# Backup rhsm.conf -if [ -f $RHSM_CFG ] ; then - test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak -fi - -# rhn-client-tools conflicts with subscription-manager package -# since rhn tools replaces subscription-manager, we need to explicitly -# install subscription-manager after the rhn tools cleanup -if [ x$ID = xol ]; then - $PKG_MANAGER_REMOVE rhn-client-tools - $PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager -fi - -<% if truthy?(@force) -%> -# Unregister host and remove all local system and subscription data - -if [ -x "$(command -v subscription-manager)" ] ; then - subscription-manager unregister || true - subscription-manager clean -fi - -$PKG_MANAGER_REMOVE katello-ca-consumer\* -<% end -%> - -# Prepare SSL certificate -mkdir -p /etc/rhsm/ca -cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT -chmod 644 $KATELLO_SERVER_CA_CERT - -# Prepare subscription-manager -if ! [ -x "$(command -v subscription-manager)" ] ; then - $PKG_MANAGER_INSTALL subscription-manager -else - $PKG_MANAGER_UPGRADE subscription-manager -fi - -if ! [ -f $RHSM_CFG ] ; then - echo "'$RHSM_CFG' not found, cannot configure subscription-manager" - cleanup_and_exit 1 -fi - -# Configure subscription-manager -test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak -subscription-manager config \ - --server.hostname="<%= @rhsm_url.host if @rhsm_url %>" \ - --server.port="<%= @rhsm_url.port if @rhsm_url %>" \ - --server.prefix="<%= @rhsm_url.path if @rhsm_url %>" \ - --rhsm.repo_ca_cert="$KATELLO_SERVER_CA_CERT" \ - --rhsm.baseurl="<%= @pulp_content_url %>" - -# Older versions of subscription manager may not recognize -# report_package_profile and package_profile_on_trans options. -# So set them separately and redirect out & error to /dev/null -# to fail silently. -subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true -subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true - -# Configuration for EL6 -if grep --quiet full_refresh_on_yum $RHSM_CFG; then - sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG -else - full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1" - sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG -fi +<%= snippet("subscription_manager_setup", variables: { registration_method: 'registration' }).strip -%> subscription-manager register <%= '--force' if truthy?(@force) %> \ --org='<%= @organization.label if @organization %>' \ diff --git a/app/views/unattended/provisioning_templates/snippet/redhat_register.erb b/app/views/unattended/provisioning_templates/snippet/redhat_register.erb index 0467edb4e3b8..63ec80939f98 100644 --- a/app/views/unattended/provisioning_templates/snippet/redhat_register.erb +++ b/app/views/unattended/provisioning_templates/snippet/redhat_register.erb @@ -94,25 +94,14 @@ description: | echo echo "Starting the subscription-manager registration process" - # Avoid timeout accessing unreachable repo on air gapped infrastructure, - # assuming subscription-manager is installed in custom packages section. - if ! rpm --query --quiet subscription-manager ; then - if [ -f /usr/bin/dnf ]; then - dnf -y install subscription-manager - else - yum -t -y install subscription-manager - fi - fi + <%= snippet 'pkg_manager' -%> + <%= snippet("subscription_manager_setup", variables: { registration_method: 'provisioning' }).strip -%> <%- if (host_param('syspurpose_role') || host_param('syspurpose_usage') || host_param('syspurpose_sla') || host_param('syspurpose_addons')) %> # Avoid timeout accessing unreachable repo on air gapped infrastructure, # assuming subscription-manager-syspurpose is installed in custom packages section. if ! rpm --query --quiet subscription-manager-syspurpose ; then - if [ -f /usr/bin/dnf ]; then - dnf -y install subscription-manager-syspurpose - else - yum -t -y install subscription-manager-syspurpose - fi + $PKG_MANAGER_INSTALL subscription-manager-syspurpose fi if [ -f /usr/sbin/syspurpose ]; then @@ -196,20 +185,12 @@ description: | done <% end %> - <% if redhat_install_host_tools || redhat_install_host_tracer_tools %> - if [ -f /usr/bin/dnf ]; then - PACKAGE_MAN="dnf -y" - else - PACKAGE_MAN="yum -t -y" - fi - <% end %> - <% if redhat_install_host_tools %> - $PACKAGE_MAN install katello-host-tools + $PKG_MANAGER_INSTALL katello-host-tools <% end %> <% if redhat_install_host_tracer_tools %> - $PACKAGE_MAN install katello-host-tools-tracer + $PKG_MANAGER_INSTALL katello-host-tools-tracer <% end %> <% end %> diff --git a/app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb b/app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb new file mode 100644 index 000000000000..b8fd9b501b05 --- /dev/null +++ b/app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb @@ -0,0 +1,136 @@ +<%# +kind: snippet +name: subscription_manager_setup +model: ProvisioningTemplate +snippet: true +description: | + Streamline the provisioning process by configuring subscription-manager during the Global Registration template execution. + This snippet integrates into the existing "redhat_register" snippet for efficient host registration. +-%> + +# Define the path to rhsm.conf +RHSM_CFG=/etc/rhsm/rhsm.conf + +# Backup the original rhsm.conf file +if [ -f $RHSM_CFG ] ; then + test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak +fi + +<% if plugin_present?('katello') -%> + # Define the path to the Katello server CA certificate + KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem + + # If SSL_CA_CERT is not set, create a temporary file for it + if [ -z "$SSL_CA_CERT" ]; then + SSL_CA_CERT=$(mktemp) + cat << EOF > "$SSL_CA_CERT" +<%= foreman_server_ca_cert %> +EOF + fi + + <% if @registration_method == 'registration' -%> + # rhn-client-tools conflicts with subscription-manager package + # since rhn tools replaces subscription-manager, we need to explicitly + # install subscription-manager after the rhn tools cleanup + if [ x$ID = xol ]; then + $PKG_MANAGER_REMOVE rhn-client-tools + $PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager + fi + + <% if truthy?(@force) -%> + # Unregister host and remove all local system and subscription data + if [ -x "$(command -v subscription-manager)" ] ; then + subscription-manager unregister || true + subscription-manager clean + fi + + $PKG_MANAGER_REMOVE katello-ca-consumer\* + <% end -%> + <% end -%> + + # Prepare the SSL certificate + mkdir -p /etc/rhsm/ca + cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT + chmod 644 $KATELLO_SERVER_CA_CERT +<% end -%> + +# Prepare subscription-manager +if ! [ -x "$(command -v subscription-manager)" ] ; then + $PKG_MANAGER_INSTALL subscription-manager +else + <% if @registration_method == 'registration' -%> + $PKG_MANAGER_UPGRADE subscription-manager + <% end %> +fi + +# Check if rhsm.conf exists +if ! [ -f $RHSM_CFG ] ; then + echo "'$RHSM_CFG' not found, cannot configure subscription-manager" + <% if plugin_present?('katello') -%> + rm -f $SSL_CA_CERT + <% end -%> + exit 1 +fi + +<% if @registration_method == 'registration' + if plugin_present?('katello') + server_hostname = @rhsm_url.host if @rhsm_url + server_port = @rhsm_url.port if @rhsm_url + server_prefix = @rhsm_url.path if @rhsm_url + repo_ca_cert = "$KATELLO_SERVER_CA_CERT" + rhsm_baseurl = @pulp_content_url + end + elsif @registration_method == 'provisioning' + if plugin_present?('katello') + server_hostname = @host.content_source + server_port = "443" + server_prefix = "/rhsm" + repo_ca_cert = "$KATELLO_SERVER_CA_CERT" + rhsm_baseurl = "https://#{@host.content_source}/pulp/content/" + else + server_hostname = "subscription.rhsm.redhat.com" + server_port = "443" + server_prefix = "/subscription" + repo_ca_cert = "/etc/rhsm/ca/redhat-uep.pem" + rhsm_baseurl = "https://cdn.redhat.com" + end + end +%> + +# Configure subscription-manager +test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak +subscription-manager config \ +--server.hostname="<%= server_hostname %>" \ +--server.port="<%= server_port %>" \ +--server.prefix="<%= server_prefix %>" \ +--rhsm.repo_ca_cert="<%= repo_ca_cert %>" \ +--rhsm.baseurl="<%= rhsm_baseurl %>" + +# Older versions of subscription manager may not recognize +# report_package_profile and package_profile_on_trans options. +# So set them separately and redirect out & error to /dev/null +# to fail silently. +subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true +subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true + +# Configuration for EL6 +if grep --quiet full_refresh_on_yum $RHSM_CFG; then + sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG +else + full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1" + sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG +fi + +<% if @registration_method == 'provisioning' && plugin_present?('katello') -%> + CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors + + # Add the Katello CA certificate to the system-wide CA certificate store + if [ -d $CA_TRUST_ANCHORS ]; then + update-ca-trust enable + cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS + update-ca-trust + fi + + # Restart yggdrasild if installed and running + systemctl try-restart yggdrasil >/dev/null 2>&1 || true +<% end -%>