Fix defaults when activation key is used, add options

When the activation key is used, we don't want to deploy repositories,
and also it's not compatible with autosubscribe option, they are both
mutually exclusive.

This patch:
- change the default of rhsm_autosubscribe to be undefined.
- configure repositories when activationkey isn't defined.
- use include_tasks since a variable is in the task file name
- add option to force registration
- pass the rhsm_baseurl to the registration task, which is needed when
  unregistering
- derive the rhsm_satellite_url from rhsm_baseurl by default, but allow it to
  be overridden
- sets validate_certs for yum tasks
- uses dynamic task inclusion rather than static import with a default filter for selecting the registration method

Change-Id: Ibf8c3c573a78acc6815cf3793a208028c43f3ba1
Closes-Bug: #1798382
This commit is contained in:
Emilien Macchi 2018-10-17 10:20:09 -04:00 committed by Sam Doran
parent 126e1b1f28
commit a0c7cfffcc
7 changed files with 20 additions and 10 deletions

View File

@ -16,15 +16,16 @@ Role Variables
| Name | Default Value | Description |
|-------------------|---------------------|----------------------|
| `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. |
| `rhsm_username` | `[undefined]` | Red Hat Portal username. |
| `rhsm_password` | `[undefined]` | Red Hat Portal password. |
| `rhsm_activation_key` | `[undefined]` | Red Hat Portal Activation Key. |
| `rhsm_org_id` | `[undefined]` | Red Hat Portal Organization Identifier. |
| `rhsm_pool_ids` | `[undefined]` | Red Hat Subscription pool IDs to consume. |
| `rhsm_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. |
| `rhsm_state` | `present` | Whether to enable or disable a Red Hat subscription. |
| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscribe to available repositories. |
| `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. |
| `rhsm_autosubscribe` | `[undefined]` | Whether or not to autosubscribe to available repositories. |
| `rhsm_consumer_hostname` | `[undefined]` | Name of the system to use when registering. Defaults to using the system hostname if undefined. |
| `rhsm_force_register` | `[undefined]` | Whether or not to force registration. Will not force registration if undefined. |
| `rhsm_repos` | `[]` | The list of repositories to enable or disable. See `defaults/main.yml` for examples. |
| `rhsm_rhsm_port` | `443` | Port to use when connecting to subscription server. |
| `rhsm_server_hostname` | `subscription.rhn.redhat.com` | FQDN of subscription server. |
@ -36,6 +37,7 @@ Role Variables
| `rhsm_rhsm_proxy_user` | `[undefined]` | Username to use for proxy server. |
| `rhsm_rhsm_proxy_password` | `[undefined]` | Password to use for proxy server. Save this in an Ansible Vault or other secret store. |
| `rhsm_baseurl` | `https://cdn.redhat.com` | Base URL for content. |
| `rhsm_satellite_url` | `[see defaults/main.yml]` | URL of the Satellite server that will be probed to determine the Satellite version. Uses the scheme and hostname of `rhsm_baseurl` by default. |
| `rhsm_ca_cert_dir` | `/etc/rhsm/ca/` | Server CA certificate directory. |
| `rhsm_repo_ca_cert` | `%(ca_cert_dir)sredhat-uep.pem` | Default CA to use when generating yum rep configs. |
| `rhsm_product_cert_dir` | `/etc/pki/product` | Product certificate directory. |

View File

@ -3,9 +3,9 @@
# rhsm_password: secrete
# rhsm_activation_key: AAA-BBB-CCC-DDD
# rhsm_ord_id: 1234
# rhsm_autosubscribe: yes # or no (note it's mutually exclusive to rhsm_activation_key)
rhsm_state: present # present or absent
rhsm_autosubscribe: yes
rhsm_method: portal # portal or satellite
rhsm_repos: []
@ -24,6 +24,7 @@ rhsm_ssl_verify_depth: 3
# rhsm_rhsm_proxy_user: ""
# rhsm_rhsm_proxy_password: ""
rhsm_baseurl: https://cdn.redhat.com
rhsm_satellite_url: "{{ rhsm_baseurl | urlsplit('scheme') ~ '://' ~ rhsm_baseurl | urlsplit('hostname') }}"
rhsm_ca_cert_dir: /etc/rhsm/ca/
rhsm_repo_ca_cert: '%(ca_cert_dir)sredhat-uep.pem'
rhsm_product_cert_dir: /etc/pki/product

View File

@ -6,7 +6,7 @@ galaxy_info:
description: "Manage Red Hat subscription and repositories."
company:
license: Apache 2.0
min_ansible_version: 2.4
min_ansible_version: 2.5
platforms:
- name: EL

View File

@ -15,6 +15,10 @@
- rhsm
- rhsm_conf
- import_tasks: "{{ rhsm_method | default('portal') }}.yml"
- block:
- include_tasks: "{{ rhsm_method }}.yml"
tags:
- rhsm
- rhsm_register
- rhsm_repos
- rhsm_satellite

View File

@ -8,6 +8,8 @@
state: "{{ rhsm_state | default(omit) }}"
autosubscribe: "{{ rhsm_autosubscribe | default(omit) }}"
consumer_name: "{{ rhsm_consumer_hostname | default(omit) }}"
force_register: "{{ rhsm_force_register | default(omit) }}"
rhsm_baseurl: "{{ rhsm_baseurl | default(omit) }}"
tags:
- rhsm
- rhsm_register
@ -17,7 +19,9 @@
name: "{{ item.name | default(item) }}"
state: "{{ item.state | default('enabled') }}"
with_items: "{{ rhsm_repos | default([]) }}"
when: rhsm_state == 'present'
when:
- rhsm_state == 'present'
- rhsm_activation_key is not defined
tags:
- rhsm
- rhsm_repos

View File

@ -2,6 +2,7 @@
yum:
name: "{{ rhsm_satellite_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
state: present
validate_certs: "{{ not rhsm_insecure }}"
- name: SATELLITE 6 | Get Satellite certificates
get_url:

View File

@ -24,10 +24,8 @@
tags:
- rhsm_satellite
- import_tasks: satellite-{{ rhsm_satellite_version }}.yml
- include_tasks: satellite-{{ rhsm_satellite_version }}.yml
tags:
- rhsm_satellite
- import_tasks: portal.yml
tags:
- rhsm