-
Notifications
You must be signed in to change notification settings - Fork 993
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes #36747 - create new snippet for subscription-manager setup
This snippet replaces the use of the katello-ca-consumer RPM for host registration. It incorporates the necessary code from the Global Registration template to streamline subscription-manager configuration during provisioning.
- Loading branch information
1 parent
1c0ecb5
commit dd26cc3
Showing
3 changed files
with
154 additions
and
96 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
145 changes: 145 additions & 0 deletions
145
app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,145 @@ | ||
<%# | ||
kind: snippet | ||
name: subscription_manager_setup | ||
model: ProvisioningTemplate | ||
snippet: true | ||
description: | | ||
This snippet installs and configures subscription-manager that is required for host registration. | ||
The snippet is included in the "global_registration" template and in the "redhat_register" snippet. | ||
The latter ensures host registration during the provisioning process. | ||
-%> | ||
|
||
# Select package manager for the OS (sets the $PKG_MANAGER* variables) | ||
if [ -z "$PKG_MANAGER" ]; then | ||
<%= snippet 'pkg_manager' -%> | ||
fi | ||
|
||
# Define the path to rhsm.conf | ||
RHSM_CFG=/etc/rhsm/rhsm.conf | ||
|
||
<% if @subman_setup_scenario == 'registration' -%> | ||
# Backup the original rhsm.conf file | ||
if [ -f $RHSM_CFG ] ; then | ||
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak | ||
fi | ||
<% end -%> | ||
|
||
<% if plugin_present?('katello') -%> | ||
# Define the path to the Katello server CA certificate | ||
KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem | ||
|
||
# If SSL_CA_CERT is not set, create a temporary file for it | ||
if [ -z "$SSL_CA_CERT" ]; then | ||
SSL_CA_CERT=$(mktemp) | ||
cat << EOF > "$SSL_CA_CERT" | ||
<%= foreman_server_ca_cert %> | ||
EOF | ||
fi | ||
|
||
<% if @subman_setup_scenario == 'registration' -%> | ||
# rhn-client-tools conflicts with subscription-manager package | ||
# since rhn tools replaces subscription-manager, we need to explicitly | ||
# install subscription-manager after the rhn tools cleanup | ||
if [ x$ID = xol ]; then | ||
$PKG_MANAGER_REMOVE rhn-client-tools | ||
$PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager | ||
fi | ||
|
||
<% if truthy?(@force) -%> | ||
# Unregister host and remove all local system and subscription data | ||
if [ -x "$(command -v subscription-manager)" ] ; then | ||
subscription-manager unregister || true | ||
subscription-manager clean | ||
fi | ||
|
||
$PKG_MANAGER_REMOVE katello-ca-consumer\* > /dev/null 2>&1 | ||
<% end -%> | ||
<% end -%> | ||
|
||
# Prepare the SSL certificate | ||
mkdir -p /etc/rhsm/ca | ||
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT | ||
chmod 644 $KATELLO_SERVER_CA_CERT | ||
<% end -%> | ||
|
||
# Prepare subscription-manager | ||
if ! [ -x "$(command -v subscription-manager)" ] ; then | ||
$PKG_MANAGER_INSTALL subscription-manager | ||
else | ||
echo "subscription-manager is already installed!" | ||
<% if @subman_setup_scenario == 'registration' -%> | ||
$PKG_MANAGER_UPGRADE subscription-manager > /dev/null 2>&1 | ||
<% end %> | ||
fi | ||
|
||
# Check if rhsm.conf exists | ||
if ! [ -f $RHSM_CFG ] ; then | ||
echo "'$RHSM_CFG' not found, cannot configure subscription-manager" | ||
<% if plugin_present?('katello') -%> | ||
rm -f $SSL_CA_CERT | ||
<% end -%> | ||
exit 1 | ||
fi | ||
|
||
<% if @subman_setup_scenario == 'registration' | ||
if plugin_present?('katello') | ||
server_hostname = @rhsm_url.host if @rhsm_url | ||
server_port = @rhsm_url.port if @rhsm_url | ||
server_prefix = @rhsm_url.path if @rhsm_url | ||
repo_ca_cert = "$KATELLO_SERVER_CA_CERT" | ||
rhsm_baseurl = @pulp_content_url | ||
end | ||
elsif @subman_setup_scenario == 'provisioning' | ||
if plugin_present?('katello') | ||
server_hostname = @host.content_source | ||
server_port = @host.content_source.rhsm_url.port | ||
server_prefix = @host.content_source.rhsm_url.path | ||
repo_ca_cert = "$KATELLO_SERVER_CA_CERT" | ||
rhsm_baseurl = @host.content_source.pulp_content_url | ||
else | ||
server_hostname = "subscription.rhsm.redhat.com" | ||
server_port = "443" | ||
server_prefix = "/subscription" | ||
repo_ca_cert = "/etc/rhsm/ca/redhat-uep.pem" | ||
rhsm_baseurl = "https://cdn.redhat.com" | ||
end | ||
end | ||
%> | ||
|
||
# Configure subscription-manager | ||
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak | ||
subscription-manager config \ | ||
--server.hostname="<%= server_hostname %>" \ | ||
--server.port="<%= server_port %>" \ | ||
--server.prefix="<%= server_prefix %>" \ | ||
--rhsm.repo_ca_cert="<%= repo_ca_cert %>" \ | ||
--rhsm.baseurl="<%= rhsm_baseurl %>" | ||
|
||
# Older versions of subscription manager may not recognize | ||
# report_package_profile and package_profile_on_trans options. | ||
# So set them separately and redirect out & error to /dev/null | ||
# to fail silently. | ||
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true | ||
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true | ||
|
||
# Configuration for EL6 | ||
if grep --quiet full_refresh_on_yum $RHSM_CFG; then | ||
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG | ||
else | ||
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1" | ||
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG | ||
fi | ||
|
||
<% if @subman_setup_scenario == 'provisioning' && plugin_present?('katello') -%> | ||
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors | ||
|
||
# Add the Katello CA certificate to the system-wide CA certificate store | ||
if [ -d $CA_TRUST_ANCHORS ]; then | ||
update-ca-trust enable | ||
cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS | ||
update-ca-trust | ||
fi | ||
<% end -%> | ||
|
||
# Restart yggdrasild if installed and running | ||
systemctl try-restart yggdrasil >/dev/null 2>&1 || true |