Skip to content

Commit

Permalink
Fixes #36747 - create new snippet for subscription-manager setup
Browse files Browse the repository at this point in the history
This snippet replaces the use of the katello-ca-consumer RPM for host
registration. It incorporates the necessary code from the Global Registration
template to streamline subscription-manager configuration during provisioning.
  • Loading branch information
nofaralfasi committed Oct 30, 2023
1 parent 405808d commit e5f2883
Show file tree
Hide file tree
Showing 3 changed files with 146 additions and 91 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -139,73 +139,7 @@ register_katello_host(){

}

KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem
RHSM_CFG=/etc/rhsm/rhsm.conf

# Backup rhsm.conf
if [ -f $RHSM_CFG ] ; then
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
fi

# rhn-client-tools conflicts with subscription-manager package
# since rhn tools replaces subscription-manager, we need to explicitly
# install subscription-manager after the rhn tools cleanup
if [ x$ID = xol ]; then
$PKG_MANAGER_REMOVE rhn-client-tools
$PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager
fi

<% if truthy?(@force) -%>
# Unregister host and remove all local system and subscription data

if [ -x "$(command -v subscription-manager)" ] ; then
subscription-manager unregister || true
subscription-manager clean
fi

$PKG_MANAGER_REMOVE katello-ca-consumer\*
<% end -%>

# Prepare SSL certificate
mkdir -p /etc/rhsm/ca
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT
chmod 644 $KATELLO_SERVER_CA_CERT

# Prepare subscription-manager
if ! [ -x "$(command -v subscription-manager)" ] ; then
$PKG_MANAGER_INSTALL subscription-manager
else
$PKG_MANAGER_UPGRADE subscription-manager
fi

if ! [ -f $RHSM_CFG ] ; then
echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
cleanup_and_exit 1
fi

# Configure subscription-manager
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
subscription-manager config \
--server.hostname="<%= @rhsm_url.host if @rhsm_url %>" \
--server.port="<%= @rhsm_url.port if @rhsm_url %>" \
--server.prefix="<%= @rhsm_url.path if @rhsm_url %>" \
--rhsm.repo_ca_cert="$KATELLO_SERVER_CA_CERT" \
--rhsm.baseurl="<%= @pulp_content_url %>"

# Older versions of subscription manager may not recognize
# report_package_profile and package_profile_on_trans options.
# So set them separately and redirect out & error to /dev/null
# to fail silently.
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true

# Configuration for EL6
if grep --quiet full_refresh_on_yum $RHSM_CFG; then
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
else
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
fi
<%= snippet("subscription_manager_setup", variables: { registration_method: 'registration' }).strip -%>

subscription-manager register <%= '--force' if truthy?(@force) %> \
--org='<%= @organization.label if @organization %>' \
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -94,25 +94,14 @@ description: |
echo
echo "Starting the subscription-manager registration process"

# Avoid timeout accessing unreachable repo on air gapped infrastructure,
# assuming subscription-manager is installed in custom packages section.
if ! rpm --query --quiet subscription-manager ; then
if [ -f /usr/bin/dnf ]; then
dnf -y install subscription-manager
else
yum -t -y install subscription-manager
fi
fi
<%= snippet 'pkg_manager' -%>
<%= snippet("subscription_manager_setup", variables: { registration_method: 'provisioning' }).strip -%>
<%- if (host_param('syspurpose_role') || host_param('syspurpose_usage') || host_param('syspurpose_sla') || host_param('syspurpose_addons')) %>
# Avoid timeout accessing unreachable repo on air gapped infrastructure,
# assuming subscription-manager-syspurpose is installed in custom packages section.
if ! rpm --query --quiet subscription-manager-syspurpose ; then
if [ -f /usr/bin/dnf ]; then
dnf -y install subscription-manager-syspurpose
else
yum -t -y install subscription-manager-syspurpose
fi
$PKG_MANAGER_INSTALL subscription-manager-syspurpose
fi

if [ -f /usr/sbin/syspurpose ]; then
Expand Down Expand Up @@ -196,20 +185,12 @@ description: |
done
<% end %>
<% if redhat_install_host_tools || redhat_install_host_tracer_tools %>
if [ -f /usr/bin/dnf ]; then
PACKAGE_MAN="dnf -y"
else
PACKAGE_MAN="yum -t -y"
fi
<% end %>
<% if redhat_install_host_tools %>
$PACKAGE_MAN install katello-host-tools
$PKG_MANAGER_INSTALL katello-host-tools
<% end %>
<% if redhat_install_host_tracer_tools %>
$PACKAGE_MAN install katello-host-tools-tracer
$PKG_MANAGER_INSTALL katello-host-tools-tracer
<% end %>
<% end %>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,140 @@
<%#
kind: snippet
name: subscription_manager_setup
model: ProvisioningTemplate
snippet: true
description: |
Streamline the provisioning process by configuring subscription-manager during the Global Registration template execution.
This snippet integrates into the existing "redhat_register" snippet for efficient host registration.
-%>

if [ -z "$PKG_MANAGER" ]; then
<%= snippet 'pkg_manager' -%>
fi

# Define the path to rhsm.conf
RHSM_CFG=/etc/rhsm/rhsm.conf

# Backup the original rhsm.conf file
if [ -f $RHSM_CFG ] ; then
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
fi

<% if plugin_present?('katello') -%>
# Define the path to the Katello server CA certificate
KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem

# If SSL_CA_CERT is not set, create a temporary file for it
if [ -z "$SSL_CA_CERT" ]; then
SSL_CA_CERT=$(mktemp)
cat << EOF > "$SSL_CA_CERT"
<%= foreman_server_ca_cert %>
EOF
fi

<% if @registration_method == 'registration' -%>
# rhn-client-tools conflicts with subscription-manager package
# since rhn tools replaces subscription-manager, we need to explicitly
# install subscription-manager after the rhn tools cleanup
if [ x$ID = xol ]; then
$PKG_MANAGER_REMOVE rhn-client-tools
$PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager
fi

<% if truthy?(@force) -%>
# Unregister host and remove all local system and subscription data
if [ -x "$(command -v subscription-manager)" ] ; then
subscription-manager unregister || true
subscription-manager clean
fi

$PKG_MANAGER_REMOVE katello-ca-consumer\*
<% end -%>
<% end -%>

# Prepare the SSL certificate
mkdir -p /etc/rhsm/ca
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT
chmod 644 $KATELLO_SERVER_CA_CERT
<% end -%>

# Prepare subscription-manager
if ! [ -x "$(command -v subscription-manager)" ] ; then
$PKG_MANAGER_INSTALL subscription-manager
else
<% if @registration_method == 'registration' -%>
$PKG_MANAGER_UPGRADE subscription-manager
<% end %>
fi

# Check if rhsm.conf exists
if ! [ -f $RHSM_CFG ] ; then
echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
<% if plugin_present?('katello') -%>
rm -f $SSL_CA_CERT
<% end -%>
exit 1
fi

<% if @registration_method == 'registration'
if plugin_present?('katello')
server_hostname = @rhsm_url.host if @rhsm_url
server_port = @rhsm_url.port if @rhsm_url
server_prefix = @rhsm_url.path if @rhsm_url
repo_ca_cert = "$KATELLO_SERVER_CA_CERT"
rhsm_baseurl = @pulp_content_url
end
elsif @registration_method == 'provisioning'
if plugin_present?('katello')
server_hostname = @host.content_source
server_port = @host.content_source.rhsm_url.port
server_prefix = @host.content_source.rhsm_url.path
repo_ca_cert = "$KATELLO_SERVER_CA_CERT"
rhsm_baseurl = @host.content_source.pulp_content_url
else
server_hostname = "subscription.rhsm.redhat.com"
server_port = "443"
server_prefix = "/subscription"
repo_ca_cert = "/etc/rhsm/ca/redhat-uep.pem"
rhsm_baseurl = "https://cdn.redhat.com"
end
end
%>

# Configure subscription-manager
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
subscription-manager config \
--server.hostname="<%= server_hostname %>" \
--server.port="<%= server_port %>" \
--server.prefix="<%= server_prefix %>" \
--rhsm.repo_ca_cert="<%= repo_ca_cert %>" \
--rhsm.baseurl="<%= rhsm_baseurl %>"

# Older versions of subscription manager may not recognize
# report_package_profile and package_profile_on_trans options.
# So set them separately and redirect out & error to /dev/null
# to fail silently.
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true

# Configuration for EL6
if grep --quiet full_refresh_on_yum $RHSM_CFG; then
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
else
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
fi

<% if @registration_method == 'provisioning' && plugin_present?('katello') -%>
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors

# Add the Katello CA certificate to the system-wide CA certificate store
if [ -d $CA_TRUST_ANCHORS ]; then
update-ca-trust enable
cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS
update-ca-trust
fi

# Restart yggdrasild if installed and running
systemctl try-restart yggdrasil >/dev/null 2>&1 || true
<% end -%>

0 comments on commit e5f2883

Please sign in to comment.