Skip to content

Commit

Permalink
Fixes #36747 - create new snippet for subscription-manager setup
Browse files Browse the repository at this point in the history
This snippet replaces the use of the katello-ca-consumer RPM for host
registration. It incorporates the necessary code from the Global Registration
template to streamline subscription-manager configuration during provisioning.
  • Loading branch information
nofaralfasi committed Sep 20, 2023
1 parent 772cfd2 commit a0fdcb8
Show file tree
Hide file tree
Showing 3 changed files with 132 additions and 86 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -139,73 +139,7 @@ register_katello_host(){

}

KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem
RHSM_CFG=/etc/rhsm/rhsm.conf

# Backup rhsm.conf
if [ -f $RHSM_CFG ] ; then
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
fi

# rhn-client-tools conflicts with subscription-manager package
# since rhn tools replaces subscription-manager, we need to explicitly
# install subscription-manager after the rhn tools cleanup
if [ x$ID = xol ]; then
$PKG_MANAGER_REMOVE rhn-client-tools
$PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager
fi

<% if truthy?(@force) -%>
# Unregister host and remove all local system and subscription data

if [ -x "$(command -v subscription-manager)" ] ; then
subscription-manager unregister || true
subscription-manager clean
fi

$PKG_MANAGER_REMOVE katello-ca-consumer\*
<% end -%>

# Prepare SSL certificate
mkdir -p /etc/rhsm/ca
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT
chmod 644 $KATELLO_SERVER_CA_CERT

# Prepare subscription-manager
if ! [ -x "$(command -v subscription-manager)" ] ; then
$PKG_MANAGER_INSTALL subscription-manager
else
$PKG_MANAGER_UPGRADE subscription-manager
fi

if ! [ -f $RHSM_CFG ] ; then
echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
cleanup_and_exit 1
fi

# Configure subscription-manager
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
subscription-manager config \
--server.hostname="<%= @rhsm_url.host if @rhsm_url %>" \
--server.port="<%= @rhsm_url.port if @rhsm_url %>" \
--server.prefix="<%= @rhsm_url.path if @rhsm_url %>" \
--rhsm.repo_ca_cert="$KATELLO_SERVER_CA_CERT" \
--rhsm.baseurl="<%= @pulp_content_url %>"

# Older versions of subscription manager may not recognize
# report_package_profile and package_profile_on_trans options.
# So set them separately and redirect out & error to /dev/null
# to fail silently.
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true

# Configuration for EL6
if grep --quiet full_refresh_on_yum $RHSM_CFG; then
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
else
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
fi
<%= snippet("subscription_manager_setup", variables: {existing_machine: true}).strip %>

subscription-manager register <%= '--force' if truthy?(@force) %> \
--org='<%= @organization.label if @organization %>' \
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -108,17 +108,9 @@ description: |
echo
echo "Starting the subscription-manager registration process"

<% if !atomic %>
# Avoid timeout accessing unreachable repo on air gapped infrastructure,
# assuming subscription-manager is installed in custom packages section.
if ! rpm --query --quiet subscription-manager ; then
if [ -f /usr/bin/dnf ]; then
dnf -y install subscription-manager
else
yum -t -y install subscription-manager
fi
fi
<% end %>
<%= snippet 'pkg_manager' %>

<%= snippet("subscription_manager_setup", variables: {existing_machine: false}).strip %>

<%- if (host_param('syspurpose_role') || host_param('syspurpose_usage') || host_param('syspurpose_sla') || host_param('syspurpose_addons')) %>
<%- if !atomic %>
Expand Down Expand Up @@ -217,14 +209,6 @@ description: |
<% end %>

<% if !atomic %>
<% if redhat_install_agent || redhat_install_host_tools || redhat_install_host_tracer_tools %>
if [ -f /usr/bin/dnf ]; then
PACKAGE_MAN="dnf -y"
else
PACKAGE_MAN="yum -t -y"
fi
<% end %>

<% if redhat_install_agent %>
$PACKAGE_MAN install katello-agent
<% elsif redhat_install_host_tools %>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
<%#
kind: snippet
name: subscription_manager_setup
model: ProvisioningTemplate
snippet: true
description: |
Streamline the provisioning process by configuring subscription-manager during the Global Registration template execution.
This snippet integrates into the existing "redhat_register" snippet for efficient host registration.
-%>

# Define the path to rhsm.conf
RHSM_CFG=/etc/rhsm/rhsm.conf

<% if plugin_present?('katello') -%>
# Define the path to the Katello server CA certificate
KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem

# If SSL_CA_CERT is not set, create a temporary file for it
if [ -z "$SSL_CA_CERT" ]; then
SSL_CA_CERT=$(mktemp)
cat << EOF > "$SSL_CA_CERT"
<%= foreman_server_ca_cert %>
EOF
fi

<% if @existing_machine -%>
# Backup the original rhsm.conf file
if [ -f $RHSM_CFG ] ; then
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
fi

# rhn-client-tools conflicts with subscription-manager package
# since rhn tools replaces subscription-manager, we need to explicitly
# install subscription-manager after the rhn tools cleanup
if [ x$ID = xol ]; then
$PKG_MANAGER_REMOVE rhn-client-tools
$PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager
fi

<% if truthy?(@force) -%>
# Unregister host and remove all local system and subscription data
if [ -x "$(command -v subscription-manager)" ] ; then
subscription-manager unregister || true
subscription-manager clean
fi

$PKG_MANAGER_REMOVE katello-ca-consumer\*
<% end -%>
<% end -%>

# Prepare the SSL certificate
mkdir -p /etc/rhsm/ca
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT
chmod 644 $KATELLO_SERVER_CA_CERT

<% end -%>

# Prepare subscription-manager
if ! [ -x "$(command -v subscription-manager)" ] ; then
$PKG_MANAGER_INSTALL subscription-manager
else
$PKG_MANAGER_UPGRADE subscription-manager
fi

# Check if rhsm.conf exists
if ! [ -f $RHSM_CFG ] ; then
echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
<% if plugin_present?('katello') -%>
rm -f $SSL_CA_CERT
<% end -%>
exit 1
fi

<%
if plugin_present?('katello')
server_hostname = @rhsm_url&.host
server_port = @rhsm_url&.port
server_prefix = @rhsm_url&.path
repo_ca_cert = "$KATELLO_SERVER_CA_CERT"
rhsm_baseurl = @pulp_content_url
else
server_hostname = "subscription.rhsm.redhat.com"
server_port = "443"
server_prefix = "/subscription"
repo_ca_cert = "/etc/rhsm/ca/redhat-uep.pem"
rhsm_baseurl = "https://cdn.redhat.com"
end
-%>

# Configure subscription-manager
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
subscription-manager config \
--server.hostname="<%= server_hostname %>" \
--server.port="<%= server_port %>" \
--server.prefix="<%= server_prefix %>" \
--rhsm.repo_ca_cert="<%= repo_ca_cert %>" \
--rhsm.baseurl="<%= rhsm_baseurl %>"

# Older versions of subscription manager may not recognize
# report_package_profile and package_profile_on_trans options.
# So set them separately and redirect out & error to /dev/null
# to fail silently.
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true

# Configuration for EL6
if grep --quiet full_refresh_on_yum $RHSM_CFG; then
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
else
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
fi

<% if !@existing_machine && plugin_present?('katello') -%>
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors

# Add the Katello CA certificate to the system-wide CA certificate store
if [ -d $CA_TRUST_ANCHORS ]; then
update-ca-trust enable
cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS
update-ca-trust
fi

# Restart yggdrasild if installed and running
systemctl try-restart yggdrasil >/dev/null 2>&1 || true

exit 0
<% end -%>

0 comments on commit a0fdcb8

Please sign in to comment.