From 00defe7fc22288c325bf6eac5018c2fc98c3a1e7 Mon Sep 17 00:00:00 2001 From: Sam Doran Date: Fri, 2 Feb 2018 15:40:00 -0500 Subject: [PATCH] Update RHSM role to allow Satellite or Portal registration - Fix line widths in rhsm_repository.py - Unify variable names: they all have rhsm_ prefix now Change-Id: I64e8d7ee201ec9b21ef7c513cf2231994b31c6a6 --- README.md | 26 ++-- defaults/main.yml | 26 ++-- library/redhat_repos.py | 130 ------------------ ...edhat_repository.py => rhsm_repository.py} | 37 ++--- meta/main.yml | 5 +- tasks/main.yml | 36 +---- tasks/portal.yml | 22 +++ tasks/satellite-5.yml | 8 ++ tasks/satellite-6.yml | 14 ++ tasks/satellite.yml | 33 +++++ templates/rhsm.conf.j2 | 18 +-- tests/Vagrantfile | 16 ++- tests/vagrant.yml | 6 +- tests/vars.yml | 9 ++ vars/main.yml | 2 - 15 files changed, 163 insertions(+), 225 deletions(-) delete mode 100644 library/redhat_repos.py rename library/{redhat_repository.py => rhsm_repository.py} (90%) create mode 100644 tasks/satellite-5.yml create mode 100644 tasks/satellite-6.yml create mode 100644 tests/vars.yml delete mode 100644 vars/main.yml diff --git a/README.md b/README.md index e687dad..445ef51 100644 --- a/README.md +++ b/README.md @@ -14,14 +14,14 @@ Role Variables | Name | Default Value | Description | |-------------------|---------------------|----------------------| -| `rhn_username` | No default | Red Hat Portal username. | -| `rhn_password` | No default | Red Hat Portal password. | -| `rhn_activation_key` | No default | Red Hat Portal Activation Key. | -| `rhn_org_id` | No default | Red Hat Portal Organization Identifier. | -| `rhsub_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. | -| `rhsub_state` | `enable` | Whether to enable or disable a Red Hat subscription. | -| `rhsub_autosubscribe` | `yes` | Whether or not to autosubscibe to available repositories. | -| `rhsub_repos` | `[undefined]` | If defined, the list of repositories to enable or disable. See `defaults/main.yml` for examples. | +| `rhsm_username` | No default | Red Hat Portal username. | +| `rhsm_password` | No default | Red Hat Portal password. | +| `rhsm_activation_key` | No default | Red Hat Portal Activation Key. | +| `rhsm_org_id` | No default | Red Hat Portal Organization Identifier. | +| `rhsm_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. | +| `rhsm_state` | `enable` | Whether to enable or disable a Red Hat subscription. | +| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscibe to available repositories. | +| `rhsm_repos` | `[]` | The list of repositories to enable or disable. See `defaults/main.yml` for examples. | Dependencies ------------ @@ -34,13 +34,13 @@ Example Playbook - hosts: all vars: - rhn_username: bob.smith@acme.com - rhn_password: "{{ vault_rhn_password }}" - rhsub_repos: + rhsm_username: bob.smith@acme.com + rhsm_password: "{{ vault_rhsm_password }}" + rhsm_repos: - name: rhel-7-server-extras-rpms state: present - - name: rhel-7-server-rh-common-rpms - - name: rhel-7-server-openstack-8-rpms + - rhel-7-server-rh-common-rpms + - rhel-7-server-openstack-8-rpms roles: - samdoran.redhat-subscription diff --git a/defaults/main.yml b/defaults/main.yml index 5933c94..cbf93aa 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,20 +1,20 @@ # These parameters aren't required, so no default is provided: -# rhn_username: joe -# rhn_password: secrete -# rhn_activation_key: AAA-BBB-CCC-DDD -# rhn_ord_id: 1234 +# rhsm_username: joe +# rhsm_password: secrete +# rhsm_activation_key: AAA-BBB-CCC-DDD +# rhsm_ord_id: 1234 -rhsub_state: present # present or absent -rhsub_autosubscribe: True -rhsub_method: portal # portal or satellite +rhsm_state: present # present or absent +rhsm_autosubscribe: True +rhsm_method: portal # portal or satellite -# rhsub_repos: +rhsm_repos: [] # - name: rhel-7-server-extras-rpms # wildcard or repo name # state: enable # enable or disable # /etc/rhsm/rhsm.conf settings -rhsub_rhsm_port: 443 -# rhsub_rhsm_proxy_hostname: "" -# rhsub_rhsm_proxy_port: "" -# rhsub_rhsm_proxy_user: "" -# rhsub_rhsm_proxy_password: "" +rhsm_rhsm_port: 443 +# rhsm_rhsm_proxy_hostname: "" +# rhsm_rhsm_proxy_port: "" +# rhsm_rhsm_proxy_user: "" +# rhsm_rhsm_proxy_password: "" diff --git a/library/redhat_repos.py b/library/redhat_repos.py deleted file mode 100644 index f04121b..0000000 --- a/library/redhat_repos.py +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/bin/python -# -# Copyright (c) 2017 OpenStack Foundation -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -from ansible.module_utils.basic import AnsibleModule -import os -import re -import subprocess - -DOCUMENTATION = ''' -module: redhat_repos -short_description: Handles repositories for rhel machines -description: - - Handles repositories for rhel machines -version_added: "2.3" -author: "Karim Boumedhel, @karmab" -notes: - - This module doesn't handle subscriptions of the machine, only its -repositories requirements: - - subscription manager and a rhel machine -options: - repos: - description: - - a list of repositories to either add or remove - required: true - default: null - only: - description: - - whether the indicated repos should be the only one left to the -system - required: false - default: no - state: - description: - - whether the repositories should be made present or absent - required: false - default: present -''' - -EXAMPLES = ''' -- name: Assign Openstack Liberty Repositories - redhat_repos: - repos: - - rhel-7-server-rpms - - rhel-7-server-rh-common-rpms - - rhel-7-server-openstack-8-rpms - - rhel-ha-for-rhel-7-server-rpms - - rhel-7-server-extras-rpms -''' - -RETURN = ''' -stdout: - description: output from subscription-manager - returned: success, when needed - type: string - sample: "Loaded plugins: product-id, refresh-packagekit, - subscription-manager\n - Updating Red Hat repositories" -''' - - -def main(): - argument_spec = { - "repos": {"required": True, "type": "list"}, - "state": { - "default": "present", - "choices": ['present', 'absent'], - "type": 'str' - }, - "only": {"default": 'no', "required": False, - "type": "str", "choices": ['yes', 'no']}, - - } - module = AnsibleModule(argument_spec=argument_spec) - repos = module.params['repos'] - state = module.params['state'] - only = module.params['only'] - - repo_output = subprocess.check_output( - 'subscription-manager repos --list-enabled'.split(' ')) - curr_repo_list = re.findall("Repo ID:\s+(.+)", repo_output) - repos_to_install = set(repos).difference(set(curr_repo_list)) - if not repos_to_install: - if only == 'yes': - if (len(curr_repo_list) == len(repos)): - module.exit_json( - changed=False, - msg="only == true and all repos are installed") - else: - module.exit_json( - changed=False, - msg="only == false and all repos installed") - - repos = repos_to_install - if state == 'present': - if only == 'yes': - os.system("subscription-manager repos --disable='*'") - repos = ' '.join(['--enable=' + repo for repo in repos]) - # result = os.system("subscription-manager repos %s" % repos) - result = os.popen("subscription-manager repos %s" % repos).read() - if 'Error' in result: - module.fail_json(msg=result) - meta = {'result': result} - changed = True - skipped = False - else: - repos = ' '.join(['--disable=' + repo for repo in repos]) - result = os.popen("subscription-manager repos %s" % repos).read() - if 'Error' in result: - module.fail_json(msg=result) - meta = {'result': result} - changed = True - skipped = False - module.exit_json(changed=changed, skipped=skipped, meta=meta) - -if __name__ == '__main__': - main() diff --git a/library/redhat_repository.py b/library/rhsm_repository.py similarity index 90% rename from library/redhat_repository.py rename to library/rhsm_repository.py index 1f2a07d..f3f7bf3 100644 --- a/library/redhat_repository.py +++ b/library/rhsm_repository.py @@ -31,18 +31,18 @@ ANSIBLE_METADATA = {'metadata_version': '1.1', DOCUMENTATION = ''' --- -module: redhat_repository -short_description: Manage Red Hat repositories using the subscription-manager +module: rhsm_repository +short_description: Manage RHSM repositories using the subscription-manager command description: - - Manage(List/Enable/Disable) Red Hat repositories to the Red Hat + - Manage(List/Enable/Disable) RHSM repositories to the Red Hat Subscription Management entitlement platform using the - subscription-manager command. + C(subscription-manager) command. version_added: '2.5' author: Giovanni Sciortino (@giovannisciortino) notes: - - In order to manage Red Hat repositories the system must be already - registered to Red Hat manually or using the ansible module + - In order to manage RHSM repositories the system must be already + registered to RHSM manually or using the ansible module redhat_subscription. - One option between name and list must be defined, both options in the same task must not be defined. @@ -54,7 +54,7 @@ options: description: - If state is equal to present or disabled, indicates the desired repository state. - choices: [present, absent] + choices: [present, enabled, absent, disabled] required: True default: "present" name: @@ -66,26 +66,26 @@ options: ''' EXAMPLES = ''' -- name: Enable a Red Hat repository - redhat_repository: +- name: Enable a RHSM repository + rhsm_repository: name: rhel-7-server-rpms - name: Disable all Red Hat repositories - redhat_repository: + rhsm_repository: name: '*' state: disabled - name: Enable all repositories starting with rhel-6-server - redhat_repository: + rhsm_repository: name: rhel-6-server* state: enabled - name: Disable all repositories except rhel-7-server-rpms - redhat_repository: + rhsm_repository: name: "{{ item }}" state: disabled with_items: "{{ - redhat_repository.repositories | + rhsm_repository.repositories | map(attribute='id') | difference(['rhel-7-server-rpms']) }}" ''' @@ -213,7 +213,7 @@ def repository_modify(module, state, name): module.fail_json(results=results, msg="%s is not a valid repository ID" % repoid) for repo in matched_existing_repo[repoid]: - if state == 'disabled': + if state in ['disabled', 'absent']: if repo['enabled']: changed = True diff_before += "Repository '%s' is enabled" % repo['id'] @@ -221,7 +221,7 @@ def repository_modify(module, state, name): results.append( "Repository '%s' is disabled for this system" % repo['id']) rhsm_arguments += ['--disable', repo['id']] - elif state == 'enabled': + elif state in ['enabled', 'present']: if not repo['enabled']: changed = True diff_before += "Repository '%s' is disabled" % repo['id'] @@ -230,8 +230,8 @@ def repository_modify(module, state, name): "Repository '%s' is enabled for this system" % repo['id']) rhsm_arguments += ['--enable', repo['id']] - diff = {'before': diff_before + ' for this system\n', - 'after': diff_after + ' for this system\n', + diff = {'before': diff_before, + 'after': diff_after, 'before_header': "RHSM repositories", 'after_header': "RHSM repositories"} @@ -246,7 +246,8 @@ def main(): module = AnsibleModule( argument_spec=dict( name=dict(type='list', required=True), - state=dict(choices=['enabled', 'disabled'], default='enabled'), + state=dict(choices=['enabled', 'present', 'disabled', 'absent'], + default='enabled'), ), supports_check_mode=True, ) diff --git a/meta/main.yml b/meta/main.yml index cf55355..b3e0ee4 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,5 +1,8 @@ galaxy_info: - author: Sam Doran + author: + - Sam Doran + - David Critch + - Emilien Macchi description: "Manage Red Hat subscription and repositories." company: license: Apache 2.0 diff --git a/tasks/main.yml b/tasks/main.yml index 097e85d..f395b7f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,10 +1,10 @@ -- name: Check that this is Red Hat +- name: Ensure this is Red Hat assert: that: "ansible_distribution == 'RedHat'" tags: - - rhsub + - rhsm -- name: Configure Red Hat subscirption manager +- name: Configure Red Hat Subscription Manager template: src: rhsm.conf.j2 dest: /etc/rhsm/rhsm.conf @@ -12,31 +12,9 @@ group: root mode: 0644 tags: - - rhsub - - rhsub_rhsm + - rhsm + - rhsm_rhsm -- name: Manage Red Hat subscription - redhat_subscription: - username: "{{ rhn_username|default(omit) }}" - password: "{{ rhn_password|default(omit) }}" - activationkey: "{{ rhn_activation_key|default(omit) }}" - org_id: "{{ rhn_org_id|default(omit) }}" - state: "{{ rhsub_state|default(omit) }}" - autosubscribe: "{{ rhsub_autosubscribe|default(omit) }}" +- import_tasks: "{{ rhsm_method | default('portal') }}.yml" tags: - - rhsub - - rhsub_register - -- name: Configure repository subscriptions - redhat_repos: - repos: "{{ item.name }}" - state: "{{ item.state | default('present') }}" - with_items: "{{ rhsub_repos | default([]) }}" - when: rhsub_state == 'present' - tags: - - rhsub - - rhsub_repos - -- import_tasks: "{{ rhsub_method }}.yml" - tags: - - rhsub + - rhsm diff --git a/tasks/portal.yml b/tasks/portal.yml index e69de29..3175a02 100644 --- a/tasks/portal.yml +++ b/tasks/portal.yml @@ -0,0 +1,22 @@ +- name: Manage Red Hat subscription + redhat_subscription: + username: "{{ rhsm_username | default(omit) }}" + password: "{{ rhsm_password | default(omit) }}" + activationkey: "{{ rhsm_activation_key | default(omit) }}" + org_id: "{{ rhsm_org_id | default(omit) }}" + state: "{{ rhsm_state | default(omit) }}" + autosubscribe: "{{ rhsm_autosubscribe | default(omit) }}" + consumer_name: "{{ rhsm_consumer_hostname | default(omit) }}" + tags: + - rhsm + - rhsm_register + +- name: Configure repository subscriptions + rhsm_repository: + name: "{{ item.name | default(item) }}" + state: "{{ item.state | default('enabled') }}" + with_items: "{{ rhsm_repos | default([]) }}" + when: rhsm_state == 'present' + tags: + - rhsm + - rhsm_repos diff --git a/tasks/satellite-5.yml b/tasks/satellite-5.yml new file mode 100644 index 0000000..b64ae53 --- /dev/null +++ b/tasks/satellite-5.yml @@ -0,0 +1,8 @@ +- name: SATELLITE 5 | Install TLS certificate + uri: + url: "{{ rhsm_satellite_url }}/pub/rhsm_ORG_TRUSTED_SSL_CERT" + dest: /usr/share/rhn + validate_certs: no + +- name: SATELLITE 5 | Register to Satellite 5 + command: rhreg_ks --serverURL='{{ rhsm_satellite_url }}/XMLRPC' diff --git a/tasks/satellite-6.yml b/tasks/satellite-6.yml new file mode 100644 index 0000000..924e0a1 --- /dev/null +++ b/tasks/satellite-6.yml @@ -0,0 +1,14 @@ +- name: SATELLITE 6 | Install katello RPM + yum: + name: "{{ rhsm_satellite_url }}/pub/katello-ca-consumer-latest.noarch.rpm" + state: present + +- name: SATELLITE 6 | Get Satellite certificates + get_url: + url: "{{ rhsm_satellite_url }}//pub/katello-rhsm-consumer" + dest: /tmp/katello-rhsm-consumer + +- name: SATELLITE 6 | Run katello script + command: bash /tmp/katello-rhsm-consumer + args: + creates: /etc/rhsm/ca/katello-server-ca.pem diff --git a/tasks/satellite.yml b/tasks/satellite.yml index e69de29..b0cd0c9 100644 --- a/tasks/satellite.yml +++ b/tasks/satellite.yml @@ -0,0 +1,33 @@ +- name: SATELLITE | Check for Satellite 5 + uri: + url: "{{ rhsm_satellite_url }}/rhn/Login.do" + validate_certs: no + status_code: 200, 404 + register: _sat5_check + run_once: yes + tags: + - rhsm_satellite + +- name: SATELLITE | Check for Satellite 6 + uri: + url: "{{ rhsm_satellite_url }}/katello/api/ping" + validate_certs: no + status_code: 200, 404 + register: _sat6_check + run_once: yes + tags: + - rhsm_satellite + +- name: SATELLITE | Set Satellite version + set_fact: + rhsm_satellite_version: "{% if _sat5_check['status'] == 200 %}5{% elif _sat6_check['status'] == 200 %}6{% endif %}" + tags: + - rhsm_satellite + +- import_tasks: satellite-{{ rhsm_satellite_version }}.yml + tags: + - rhsm_satellite + +- import_tasks: portal.yml + tags: + - rhsm diff --git a/templates/rhsm.conf.j2 b/templates/rhsm.conf.j2 index d1bcd20..a3ab381 100644 --- a/templates/rhsm.conf.j2 +++ b/templates/rhsm.conf.j2 @@ -10,7 +10,7 @@ hostname = subscription.rhn.redhat.com prefix = /subscription # Server port: -port = {{ rhsub_rhsm_port }} +port = {{ rhsm_rhsm_port }} # Set to 1 to disable certificate validation: insecure = 0 @@ -20,23 +20,23 @@ insecure = 0 ssl_verify_depth = 3 # an http proxy server to use -{% if rhsub_rhsm_proxy_hostname is defined %} -proxy_hostname = {{ rhsub_rhsm_proxy_hostname }} +{% if rhsm_rhsm_proxy_hostname is defined %} +proxy_hostname = {{ rhsm_rhsm_proxy_hostname }} {% endif %} # port for http proxy server -{% if rhsub_rhsm_proxy_port is defined %} -proxy_port = {{ rhsub_rhsm_proxy_port }} +{% if rhsm_rhsm_proxy_port is defined %} +proxy_port = {{ rhsm_rhsm_proxy_port }} {% endif %} -{% if rhsub_rhsm_proxy_user is defined %} +{% if rhsm_rhsm_proxy_user is defined %} # user name for authenticating to an http proxy, if needed -proxy_user = {{ rhsub_rhsm_proxy_user }} +proxy_user = {{ rhsm_rhsm_proxy_user }} {% endif %} -{% if rhsub_rhsm_proxy_password is defined %} +{% if rhsm_rhsm_proxy_password is defined %} # password for basic http proxy auth, if needed -proxy_password = {{ rhsub_rhsm_proxy_password }} +proxy_password = {{ rhsm_rhsm_proxy_password }} {% endif %} [rhsm] diff --git a/tests/Vagrantfile b/tests/Vagrantfile index 6201dac..804f330 100644 --- a/tests/Vagrantfile +++ b/tests/Vagrantfile @@ -1,29 +1,31 @@ Vagrant.configure(2) do |config| # RHEL 6 - config.vm.define "rhsub-rhel6" do |rhel6| + config.vm.define "rhsm-rhel6" do |rhel6| rhel6.vm.box = "samdoran/rhel6" - rhel6.vm.hostname = "rhsub-rhel6" + rhel6.vm.hostname = "rhsm-rhel6" config.vm.provider "virtualbox" do |vbox| - vbox.name = "rhsub-rhel7" + vbox.name = "rhsm-rhel7" vbox.cpus = 1 vbox.memory = 128 end end # RHEL 7 - config.vm.define "rhsub-rhel7" do |rhel7| + config.vm.define "rhsm-rhel7" do |rhel7| rhel7.vm.box = "samdoran/rhel7" - rhel7.vm.hostname = "rhsub-rhel7" + rhel7.vm.hostname = "rhsm-rhel7" config.vm.provider "virtualbox" do |vbox| - vbox.name = "rhsub-rhel7" + vbox.name = "rhsm-rhel7" vbox.cpus = 1 vbox.memory = 128 end end config.vm.provision "ansible" do |ansible| - ansible.playbook = "vagrant.yml" + ansible.playbook = 'vagrant.yml' + ansible.extra_vars = 'vars.yml' + ansible.compatibility_mode = '2.0' end end diff --git a/tests/vagrant.yml b/tests/vagrant.yml index f182c76..acf4b1d 100644 --- a/tests/vagrant.yml +++ b/tests/vagrant.yml @@ -3,12 +3,12 @@ become: yes vars: - rhsub_state: present - rhsub_repos: + rhsm_state: present + rhsm_repos: - name: rhel-7-server-extras-rpms state: present - name: rhel-7-server-rh-common-rpms - name: rhel-7-server-openstack-8-rpms roles: - - redhat-subscription + - ansible-role-redhat-subscription diff --git a/tests/vars.yml b/tests/vars.yml new file mode 100644 index 0000000..3960207 --- /dev/null +++ b/tests/vars.yml @@ -0,0 +1,9 @@ +rhsm_username: "{{ lookup('env', 'RHSM_USERNAME') }}" +rhsm_password: "{{ lookup('env', 'RHSM_PASSWORD') }}" +rhsm_pool_ids: "{{ lookup('env', 'RHSM_POOL_ID') }}" +rhsm_state: present +rhsm_repos: + - name: rhel-7-server-extras-rpms + state: absent + - name: rhel-7-server-rh-common-rpms + - name: rhel-7-server-openstack-12-tools-rpms diff --git a/vars/main.yml b/vars/main.yml deleted file mode 100644 index c752351..0000000 --- a/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for redhat-subscription