Update RHSM role to allow Satellite or Portal registration

- Fix line widths in rhsm_repository.py
- Unify variable names: they all have rhsm_ prefix now

Change-Id: I64e8d7ee201ec9b21ef7c513cf2231994b31c6a6

README.md

@@ -14,14 +14,14 @@ Role Variables
 
 | Name              | Default Value       | Description          |
 |-------------------|---------------------|----------------------|
-| `rhn_username` | No default | Red Hat Portal username. |
-| `rhn_password` | No default | Red Hat Portal password. |
-| `rhn_activation_key` | No default | Red Hat Portal Activation Key. |
-| `rhn_org_id` | No default | Red Hat Portal Organization Identifier. |
-| `rhsub_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. |
-| `rhsub_state` | `enable` | Whether to enable or disable a Red Hat subscription. |
-| `rhsub_autosubscribe` | `yes` | Whether or not to autosubscibe to available repositories. |
-| `rhsub_repos` | `[undefined]` | If defined, the list of repositories to enable or disable. See `defaults/main.yml` for examples. |
+| `rhsm_username` | No default | Red Hat Portal username. |
+| `rhsm_password` | No default | Red Hat Portal password. |
+| `rhsm_activation_key` | No default | Red Hat Portal Activation Key. |
+| `rhsm_org_id` | No default | Red Hat Portal Organization Identifier. |
+| `rhsm_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. |
+| `rhsm_state` | `enable` | Whether to enable or disable a Red Hat subscription. |
+| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscibe to available repositories. |
+| `rhsm_repos` | `[]` | The list of repositories to enable or disable. See `defaults/main.yml` for examples. |
 
 Dependencies
 ------------
@@ -34,13 +34,13 @@ Example Playbook
     - hosts: all
 
       vars:
-        rhn_username: bob.smith@acme.com
-        rhn_password: "{{ vault_rhn_password }}"
-        rhsub_repos:
+        rhsm_username: bob.smith@acme.com
+        rhsm_password: "{{ vault_rhsm_password }}"
+        rhsm_repos:
           - name: rhel-7-server-extras-rpms
             state: present
-          - name: rhel-7-server-rh-common-rpms
-          - name: rhel-7-server-openstack-8-rpms
+          - rhel-7-server-rh-common-rpms
+          - rhel-7-server-openstack-8-rpms
 
       roles:
          - samdoran.redhat-subscription

defaults/main.yml

@@ -1,20 +1,20 @@
 # These parameters aren't required, so no default is provided:
-# rhn_username: joe
-# rhn_password: secrete
-# rhn_activation_key: AAA-BBB-CCC-DDD
-# rhn_ord_id: 1234
+# rhsm_username: joe
+# rhsm_password: secrete
+# rhsm_activation_key: AAA-BBB-CCC-DDD
+# rhsm_ord_id: 1234
 
-rhsub_state: present                      # present or absent
-rhsub_autosubscribe: True
-rhsub_method: portal                      # portal or satellite
+rhsm_state: present                      # present or absent
+rhsm_autosubscribe: True
+rhsm_method: portal                      # portal or satellite
 
-# rhsub_repos:
+rhsm_repos: []
   # - name: rhel-7-server-extras-rpms     # wildcard or repo name
   #   state: enable                       # enable or disable
 
 # /etc/rhsm/rhsm.conf settings
-rhsub_rhsm_port: 443
-# rhsub_rhsm_proxy_hostname: ""
-# rhsub_rhsm_proxy_port: ""
-# rhsub_rhsm_proxy_user: ""
-# rhsub_rhsm_proxy_password: ""
+rhsm_rhsm_port: 443
+# rhsm_rhsm_proxy_hostname: ""
+# rhsm_rhsm_proxy_port: ""
+# rhsm_rhsm_proxy_user: ""
+# rhsm_rhsm_proxy_password: ""

library/redhat_repos.py

@@ -1,130 +0,0 @@
-#!/usr/bin/python
-#
-# Copyright (c) 2017 OpenStack Foundation
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-from ansible.module_utils.basic import AnsibleModule
-import os
-import re
-import subprocess
-
-DOCUMENTATION = '''
-module: redhat_repos
-short_description: Handles repositories for rhel machines
-description:
-    - Handles repositories for rhel machines
-version_added: "2.3"
-author: "Karim Boumedhel, @karmab"
-notes:
-    - This module doesn't handle subscriptions of the machine, only its
-repositories requirements:
-    - subscription manager and a rhel machine
-options:
-    repos:
-        description:
-            - a list of repositories to either add or remove
-        required: true
-        default: null
-    only:
-        description:
-            - whether the indicated repos should be the only one left to the
-system
-        required: false
-        default: no
-    state:
-        description:
-            - whether the repositories should be made present or absent
-        required: false
-        default: present
-'''
-
-EXAMPLES = '''
-- name: Assign Openstack Liberty Repositories
-  redhat_repos:
-   repos:
-     - rhel-7-server-rpms
-     - rhel-7-server-rh-common-rpms
-     - rhel-7-server-openstack-8-rpms
-     - rhel-ha-for-rhel-7-server-rpms
-     - rhel-7-server-extras-rpms
-'''
-
-RETURN = '''
-stdout:
-    description: output from subscription-manager
-    returned: success, when needed
-    type: string
-    sample: "Loaded plugins: product-id, refresh-packagekit,
-        subscription-manager\n
-    Updating Red Hat repositories"
-'''
-
-
-def main():
-    argument_spec = {
-        "repos": {"required": True, "type": "list"},
-        "state": {
-            "default": "present",
-            "choices": ['present', 'absent'],
-            "type": 'str'
-        },
-        "only": {"default": 'no', "required": False,
-                 "type": "str", "choices": ['yes', 'no']},
-
-    }
-    module = AnsibleModule(argument_spec=argument_spec)
-    repos = module.params['repos']
-    state = module.params['state']
-    only = module.params['only']
-
-    repo_output = subprocess.check_output(
-        'subscription-manager repos --list-enabled'.split(' '))
-    curr_repo_list = re.findall("Repo ID:\s+(.+)", repo_output)
-    repos_to_install = set(repos).difference(set(curr_repo_list))
-    if not repos_to_install:
-        if only == 'yes':
-            if (len(curr_repo_list) == len(repos)):
-                module.exit_json(
-                    changed=False,
-                    msg="only == true  and all repos are installed")
-        else:
-            module.exit_json(
-                changed=False,
-                msg="only == false and all repos installed")
-
-    repos = repos_to_install
-    if state == 'present':
-        if only == 'yes':
-            os.system("subscription-manager repos --disable='*'")
-        repos = ' '.join(['--enable=' + repo for repo in repos])
-        # result = os.system("subscription-manager repos %s" % repos)
-        result = os.popen("subscription-manager repos %s" % repos).read()
-        if 'Error' in result:
-            module.fail_json(msg=result)
-        meta = {'result': result}
-        changed = True
-        skipped = False
-    else:
-        repos = ' '.join(['--disable=' + repo for repo in repos])
-        result = os.popen("subscription-manager repos %s" % repos).read()
-        if 'Error' in result:
-            module.fail_json(msg=result)
-        meta = {'result': result}
-        changed = True
-        skipped = False
-    module.exit_json(changed=changed, skipped=skipped, meta=meta)
-
-if __name__ == '__main__':
-    main()

library/rhsm_repository.py

@@ -31,18 +31,18 @@ ANSIBLE_METADATA = {'metadata_version': '1.1',
 
 DOCUMENTATION = '''
 ---
-module: redhat_repository
-short_description: Manage Red Hat repositories using the subscription-manager
+module: rhsm_repository
+short_description: Manage RHSM repositories using the subscription-manager
                    command
 description:
-  - Manage(List/Enable/Disable) Red Hat repositories to the Red Hat
+  - Manage(List/Enable/Disable) RHSM repositories to the Red Hat
     Subscription Management entitlement platform using the
-    subscription-manager command.
+    C(subscription-manager) command.
 version_added: '2.5'
 author: Giovanni Sciortino (@giovannisciortino)
 notes:
-  - In order to manage Red Hat repositories the system must be already
-    registered to Red Hat manually or using the ansible module
+  - In order to manage RHSM repositories the system must be already
+    registered to RHSM manually or using the ansible module
     redhat_subscription.
   - One option between name and list must be defined, both options in the
     same task must not be defined.
@@ -54,7 +54,7 @@ options:
     description:
       - If state is equal to present or disabled, indicates the desired
         repository state.
-    choices: [present, absent]
+    choices: [present, enabled, absent, disabled]
     required: True
     default: "present"
   name:
@@ -66,26 +66,26 @@ options:
 '''
 
 EXAMPLES = '''
-- name: Enable a Red Hat repository
-  redhat_repository:
+- name: Enable a RHSM repository
+  rhsm_repository:
     name: rhel-7-server-rpms
 
 - name: Disable all Red Hat repositories
-  redhat_repository:
+  rhsm_repository:
     name: '*'
     state: disabled
 
 - name: Enable all repositories starting with rhel-6-server
-  redhat_repository:
+  rhsm_repository:
     name: rhel-6-server*
     state: enabled
 
 - name: Disable all repositories except rhel-7-server-rpms
-  redhat_repository:
+  rhsm_repository:
     name: "{{ item }}"
     state: disabled
   with_items: "{{
-    redhat_repository.repositories |
+    rhsm_repository.repositories |
     map(attribute='id') |
     difference(['rhel-7-server-rpms']) }}"
 '''
@@ -213,7 +213,7 @@ def repository_modify(module, state, name):
             module.fail_json(results=results,
                              msg="%s is not a valid repository ID" % repoid)
         for repo in matched_existing_repo[repoid]:
-            if state == 'disabled':
+            if state in ['disabled', 'absent']:
                 if repo['enabled']:
                     changed = True
                     diff_before += "Repository '%s' is enabled" % repo['id']
@@ -221,7 +221,7 @@ def repository_modify(module, state, name):
                 results.append(
                     "Repository '%s' is disabled for this system" % repo['id'])
                 rhsm_arguments += ['--disable', repo['id']]
-            elif state == 'enabled':
+            elif state in ['enabled', 'present']:
                 if not repo['enabled']:
                     changed = True
                     diff_before += "Repository '%s' is disabled" % repo['id']
@@ -230,8 +230,8 @@ def repository_modify(module, state, name):
                     "Repository '%s' is enabled for this system" % repo['id'])
                 rhsm_arguments += ['--enable', repo['id']]
 
-    diff = {'before': diff_before + ' for this system\n',
-            'after': diff_after + ' for this system\n',
+    diff = {'before': diff_before,
+            'after': diff_after,
             'before_header': "RHSM repositories",
             'after_header': "RHSM repositories"}
 
@@ -246,7 +246,8 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             name=dict(type='list', required=True),
-            state=dict(choices=['enabled', 'disabled'], default='enabled'),
+            state=dict(choices=['enabled', 'present', 'disabled', 'absent'],
+                       default='enabled'),
         ),
         supports_check_mode=True,
     )

meta/main.yml

@@ -1,5 +1,8 @@
 galaxy_info:
-  author: Sam Doran
+  author:
+    - Sam Doran
+    - David Critch
+    - Emilien Macchi
   description: "Manage Red Hat subscription and repositories."
   company:
   license: Apache 2.0

tasks/main.yml

@@ -1,10 +1,10 @@
-- name: Check that this is Red Hat
+- name: Ensure this is Red Hat
   assert:
     that: "ansible_distribution == 'RedHat'"
   tags:
-    - rhsub
+    - rhsm
 
-- name: Configure Red Hat subscirption manager
+- name: Configure Red Hat Subscription Manager
   template:
     src: rhsm.conf.j2
     dest: /etc/rhsm/rhsm.conf
@@ -12,31 +12,9 @@
     group: root
     mode: 0644
   tags:
-    - rhsub
-    - rhsub_rhsm
+    - rhsm
+    - rhsm_rhsm
 
-- name: Manage Red Hat subscription
-  redhat_subscription:
-    username: "{{ rhn_username|default(omit) }}"
-    password: "{{ rhn_password|default(omit) }}"
-    activationkey: "{{ rhn_activation_key|default(omit) }}"
-    org_id: "{{ rhn_org_id|default(omit) }}"
-    state: "{{ rhsub_state|default(omit) }}"
-    autosubscribe: "{{ rhsub_autosubscribe|default(omit) }}"
+- import_tasks: "{{ rhsm_method | default('portal') }}.yml"
   tags:
-    - rhsub
-    - rhsub_register
-
-- name: Configure repository subscriptions
-  redhat_repos:
-    repos: "{{ item.name }}"
-    state: "{{ item.state | default('present') }}"
-  with_items: "{{ rhsub_repos | default([]) }}"
-  when: rhsub_state == 'present'
-  tags:
-    - rhsub
-    - rhsub_repos
-
-- import_tasks: "{{ rhsub_method }}.yml"
-  tags:
-    - rhsub
+    - rhsm

tasks/portal.yml

@@ -0,0 +1,22 @@
+- name: Manage Red Hat subscription
+  redhat_subscription:
+    username: "{{ rhsm_username | default(omit) }}"
+    password: "{{ rhsm_password | default(omit) }}"
+    activationkey: "{{ rhsm_activation_key | default(omit) }}"
+    org_id: "{{ rhsm_org_id | default(omit) }}"
+    state: "{{ rhsm_state | default(omit) }}"
+    autosubscribe: "{{ rhsm_autosubscribe | default(omit) }}"
+    consumer_name: "{{ rhsm_consumer_hostname | default(omit) }}"
+  tags:
+    - rhsm
+    - rhsm_register
+
+- name: Configure repository subscriptions
+  rhsm_repository:
+    name: "{{ item.name | default(item) }}"
+    state: "{{ item.state | default('enabled') }}"
+  with_items: "{{ rhsm_repos | default([]) }}"
+  when: rhsm_state == 'present'
+  tags:
+    - rhsm
+    - rhsm_repos

tasks/satellite-5.yml

@@ -0,0 +1,8 @@
+- name: SATELLITE 5 | Install TLS certificate
+  uri:
+    url: "{{ rhsm_satellite_url }}/pub/rhsm_ORG_TRUSTED_SSL_CERT"
+    dest: /usr/share/rhn
+    validate_certs: no
+
+- name: SATELLITE 5 | Register to Satellite 5
+  command: rhreg_ks --serverURL='{{ rhsm_satellite_url }}/XMLRPC'

tasks/satellite-6.yml

@@ -0,0 +1,14 @@
+- name: SATELLITE 6 | Install katello RPM
+  yum:
+    name: "{{ rhsm_satellite_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
+    state: present
+
+- name: SATELLITE 6 | Get Satellite certificates
+  get_url:
+    url: "{{ rhsm_satellite_url }}//pub/katello-rhsm-consumer"
+    dest: /tmp/katello-rhsm-consumer
+
+- name: SATELLITE 6 | Run katello script
+  command: bash /tmp/katello-rhsm-consumer
+  args:
+    creates: /etc/rhsm/ca/katello-server-ca.pem

tasks/satellite.yml

@@ -0,0 +1,33 @@
+- name: SATELLITE | Check for Satellite 5
+  uri:
+    url: "{{ rhsm_satellite_url }}/rhn/Login.do"
+    validate_certs: no
+    status_code: 200, 404
+  register: _sat5_check
+  run_once: yes
+  tags:
+    - rhsm_satellite
+
+- name: SATELLITE | Check for Satellite 6
+  uri:
+    url: "{{ rhsm_satellite_url }}/katello/api/ping"
+    validate_certs: no
+    status_code: 200, 404
+  register: _sat6_check
+  run_once: yes
+  tags:
+    - rhsm_satellite
+
+- name: SATELLITE | Set Satellite version
+  set_fact:
+    rhsm_satellite_version: "{% if _sat5_check['status'] == 200 %}5{% elif _sat6_check['status'] == 200 %}6{% endif %}"
+  tags:
+    - rhsm_satellite
+
+- import_tasks: satellite-{{ rhsm_satellite_version }}.yml
+  tags:
+    - rhsm_satellite
+
+- import_tasks: portal.yml
+  tags:
+    - rhsm

templates/rhsm.conf.j2

@@ -10,7 +10,7 @@ hostname = subscription.rhn.redhat.com
 prefix = /subscription
 
 # Server port:
-port = {{ rhsub_rhsm_port }}
+port = {{ rhsm_rhsm_port }}
 
 # Set to 1 to disable certificate validation:
 insecure = 0
@@ -20,23 +20,23 @@ insecure = 0
 ssl_verify_depth = 3
 
 # an http proxy server to use
-{% if rhsub_rhsm_proxy_hostname is defined %}
-proxy_hostname = {{ rhsub_rhsm_proxy_hostname }}
+{% if rhsm_rhsm_proxy_hostname is defined %}
+proxy_hostname = {{ rhsm_rhsm_proxy_hostname }}
 {% endif %}
 
 # port for http proxy server
-{% if rhsub_rhsm_proxy_port is defined %}
-proxy_port = {{ rhsub_rhsm_proxy_port }}
+{% if rhsm_rhsm_proxy_port is defined %}
+proxy_port = {{ rhsm_rhsm_proxy_port }}
 {% endif %}
 
-{% if rhsub_rhsm_proxy_user is defined %}
+{% if rhsm_rhsm_proxy_user is defined %}
 # user name for authenticating to an http proxy, if needed
-proxy_user = {{ rhsub_rhsm_proxy_user }}
+proxy_user = {{ rhsm_rhsm_proxy_user }}
 {% endif %}
 
-{% if rhsub_rhsm_proxy_password is defined %}
+{% if rhsm_rhsm_proxy_password is defined %}
 # password for basic http proxy auth, if needed
-proxy_password = {{ rhsub_rhsm_proxy_password }}
+proxy_password = {{ rhsm_rhsm_proxy_password }}
 {% endif %}
 
 [rhsm]

tests/Vagrantfile

@@ -1,29 +1,31 @@
 Vagrant.configure(2) do |config|
 
   # RHEL 6
-  config.vm.define "rhsub-rhel6" do |rhel6|
+  config.vm.define "rhsm-rhel6" do |rhel6|
     rhel6.vm.box = "samdoran/rhel6"
-    rhel6.vm.hostname = "rhsub-rhel6"
+    rhel6.vm.hostname = "rhsm-rhel6"
     config.vm.provider "virtualbox" do |vbox|
-      vbox.name = "rhsub-rhel7"
+      vbox.name = "rhsm-rhel7"
       vbox.cpus = 1
       vbox.memory = 128
     end
   end
 
   # RHEL 7
-  config.vm.define "rhsub-rhel7" do |rhel7|
+  config.vm.define "rhsm-rhel7" do |rhel7|
     rhel7.vm.box = "samdoran/rhel7"
-    rhel7.vm.hostname = "rhsub-rhel7"
+    rhel7.vm.hostname = "rhsm-rhel7"
     config.vm.provider "virtualbox" do |vbox|
-      vbox.name = "rhsub-rhel7"
+      vbox.name = "rhsm-rhel7"
       vbox.cpus = 1
       vbox.memory = 128
     end
   end
 
   config.vm.provision "ansible" do |ansible|
-    ansible.playbook = "vagrant.yml"
+    ansible.playbook = 'vagrant.yml'
+    ansible.extra_vars = 'vars.yml'
+    ansible.compatibility_mode = '2.0'
   end
 
 end

tests/vagrant.yml

@@ -3,12 +3,12 @@
   become: yes
 
   vars:
-    rhsub_state: present
-    rhsub_repos:
+    rhsm_state: present
+    rhsm_repos:
       - name: rhel-7-server-extras-rpms
         state: present
       - name: rhel-7-server-rh-common-rpms
       - name: rhel-7-server-openstack-8-rpms
 
   roles:
-    - redhat-subscription
+    - ansible-role-redhat-subscription

tests/vars.yml

@@ -0,0 +1,9 @@
+rhsm_username: "{{ lookup('env', 'RHSM_USERNAME') }}"
+rhsm_password: "{{ lookup('env', 'RHSM_PASSWORD') }}"
+rhsm_pool_ids: "{{ lookup('env', 'RHSM_POOL_ID') }}"
+rhsm_state: present
+rhsm_repos:
+  - name: rhel-7-server-extras-rpms
+    state: absent
+  - name: rhel-7-server-rh-common-rpms
+  - name: rhel-7-server-openstack-12-tools-rpms

vars/main.yml

@@ -1,2 +0,0 @@
----
-# vars file for redhat-subscription