-
Notifications
You must be signed in to change notification settings - Fork 991
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes #36747 - create new snippet for subscription-manager setup
This snippet replaces the use of the katello-ca-consumer RPM for host registration. It incorporates the necessary code from the Global Registration template to streamline subscription-manager configuration during provisioning.
- Loading branch information
1 parent
405808d
commit e5f2883
Showing
3 changed files
with
146 additions
and
91 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
140 changes: 140 additions & 0 deletions
140
app/views/unattended/provisioning_templates/snippet/subscription_manager_setup.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,140 @@ | ||
<%# | ||
kind: snippet | ||
name: subscription_manager_setup | ||
model: ProvisioningTemplate | ||
snippet: true | ||
description: | | ||
Streamline the provisioning process by configuring subscription-manager during the Global Registration template execution. | ||
This snippet integrates into the existing "redhat_register" snippet for efficient host registration. | ||
-%> | ||
|
||
if [ -z "$PKG_MANAGER" ]; then | ||
<%= snippet 'pkg_manager' -%> | ||
fi | ||
|
||
# Define the path to rhsm.conf | ||
RHSM_CFG=/etc/rhsm/rhsm.conf | ||
|
||
# Backup the original rhsm.conf file | ||
if [ -f $RHSM_CFG ] ; then | ||
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak | ||
fi | ||
|
||
<% if plugin_present?('katello') -%> | ||
# Define the path to the Katello server CA certificate | ||
KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem | ||
|
||
# If SSL_CA_CERT is not set, create a temporary file for it | ||
if [ -z "$SSL_CA_CERT" ]; then | ||
SSL_CA_CERT=$(mktemp) | ||
cat << EOF > "$SSL_CA_CERT" | ||
<%= foreman_server_ca_cert %> | ||
EOF | ||
fi | ||
|
||
<% if @registration_method == 'registration' -%> | ||
# rhn-client-tools conflicts with subscription-manager package | ||
# since rhn tools replaces subscription-manager, we need to explicitly | ||
# install subscription-manager after the rhn tools cleanup | ||
if [ x$ID = xol ]; then | ||
$PKG_MANAGER_REMOVE rhn-client-tools | ||
$PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager | ||
fi | ||
|
||
<% if truthy?(@force) -%> | ||
# Unregister host and remove all local system and subscription data | ||
if [ -x "$(command -v subscription-manager)" ] ; then | ||
subscription-manager unregister || true | ||
subscription-manager clean | ||
fi | ||
|
||
$PKG_MANAGER_REMOVE katello-ca-consumer\* | ||
<% end -%> | ||
<% end -%> | ||
|
||
# Prepare the SSL certificate | ||
mkdir -p /etc/rhsm/ca | ||
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT | ||
chmod 644 $KATELLO_SERVER_CA_CERT | ||
<% end -%> | ||
|
||
# Prepare subscription-manager | ||
if ! [ -x "$(command -v subscription-manager)" ] ; then | ||
$PKG_MANAGER_INSTALL subscription-manager | ||
else | ||
<% if @registration_method == 'registration' -%> | ||
$PKG_MANAGER_UPGRADE subscription-manager | ||
<% end %> | ||
fi | ||
|
||
# Check if rhsm.conf exists | ||
if ! [ -f $RHSM_CFG ] ; then | ||
echo "'$RHSM_CFG' not found, cannot configure subscription-manager" | ||
<% if plugin_present?('katello') -%> | ||
rm -f $SSL_CA_CERT | ||
<% end -%> | ||
exit 1 | ||
fi | ||
|
||
<% if @registration_method == 'registration' | ||
if plugin_present?('katello') | ||
server_hostname = @rhsm_url.host if @rhsm_url | ||
server_port = @rhsm_url.port if @rhsm_url | ||
server_prefix = @rhsm_url.path if @rhsm_url | ||
repo_ca_cert = "$KATELLO_SERVER_CA_CERT" | ||
rhsm_baseurl = @pulp_content_url | ||
end | ||
elsif @registration_method == 'provisioning' | ||
if plugin_present?('katello') | ||
server_hostname = @host.content_source | ||
server_port = @host.content_source.rhsm_url.port | ||
server_prefix = @host.content_source.rhsm_url.path | ||
repo_ca_cert = "$KATELLO_SERVER_CA_CERT" | ||
rhsm_baseurl = @host.content_source.pulp_content_url | ||
else | ||
server_hostname = "subscription.rhsm.redhat.com" | ||
server_port = "443" | ||
server_prefix = "/subscription" | ||
repo_ca_cert = "/etc/rhsm/ca/redhat-uep.pem" | ||
rhsm_baseurl = "https://cdn.redhat.com" | ||
end | ||
end | ||
%> | ||
|
||
# Configure subscription-manager | ||
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak | ||
subscription-manager config \ | ||
--server.hostname="<%= server_hostname %>" \ | ||
--server.port="<%= server_port %>" \ | ||
--server.prefix="<%= server_prefix %>" \ | ||
--rhsm.repo_ca_cert="<%= repo_ca_cert %>" \ | ||
--rhsm.baseurl="<%= rhsm_baseurl %>" | ||
|
||
# Older versions of subscription manager may not recognize | ||
# report_package_profile and package_profile_on_trans options. | ||
# So set them separately and redirect out & error to /dev/null | ||
# to fail silently. | ||
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true | ||
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true | ||
|
||
# Configuration for EL6 | ||
if grep --quiet full_refresh_on_yum $RHSM_CFG; then | ||
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG | ||
else | ||
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1" | ||
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG | ||
fi | ||
|
||
<% if @registration_method == 'provisioning' && plugin_present?('katello') -%> | ||
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors | ||
|
||
# Add the Katello CA certificate to the system-wide CA certificate store | ||
if [ -d $CA_TRUST_ANCHORS ]; then | ||
update-ca-trust enable | ||
cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS | ||
update-ca-trust | ||
fi | ||
|
||
# Restart yggdrasild if installed and running | ||
systemctl try-restart yggdrasil >/dev/null 2>&1 || true | ||
<% end -%> |