From 569f43f79d2e7588922e43052096825a544e567d Mon Sep 17 00:00:00 2001 From: Sam Doran Date: Tue, 20 Feb 2018 16:52:33 -0500 Subject: [PATCH] Update README, variables, and rhsm.conf.j2 - Update README to point to role's new home on Ansible Galaxy - update rhsm.conf.j2 template so all options are variables - cleanup rhsm.conf.j2 template by removing comments and compressing lines - update README with new variables availble in rhsm.conf.j2 template - increase memory in RHEL6 test machine to prevent kernel panic - use different repos for RHEL6 and RHEL7 test VMs Change-Id: Iebd4a992ea1bf9c393f12d2d73c04011f4fe0603 --- README.md | 46 +++++++++++++++----- defaults/main.yml | 32 ++++++++++++-- tasks/main.yml | 2 +- templates/rhsm.conf.j2 | 96 ++++++++++++++++-------------------------- tests/Vagrantfile | 4 +- tests/vars.yml | 17 +++++--- 6 files changed, 117 insertions(+), 80 deletions(-) diff --git a/README.md b/README.md index 445ef51..e6af002 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,53 @@ Red Hat Subscription ========= -[![Galaxy](https://img.shields.io/badge/galaxy-samdoran.redhat--subscription-blue.svg?style=flat)](https://galaxy.ansible.com/samdoran/redhat-subscription) +[![Galaxy](https://img.shields.io/badge/galaxy-openstack.redhat--subscription-blue.svg?style=flat)](https://galaxy.ansible.com/openstack/redhat-subscription) -Manage Red Hat subscritions and repositories. +Manage Red Hat subscriptions and repositories. This role supports registering to Satellite 5, Satellite 6, or the Red Hat Customer Portal. Requirements ------------ -Current Red Hat subscription. +You will need to have an active Red Hat subscription in order for registration to succeed. + +Provide `rhsm_username` and `rhsm_password` _or_ `rhsm_activation_key`. These options are mutually exclusive and providing both will result in a failure. The recommended option is to provide an activation key rather than username and password. Role Variables -------------- | Name | Default Value | Description | |-------------------|---------------------|----------------------| -| `rhsm_username` | No default | Red Hat Portal username. | -| `rhsm_password` | No default | Red Hat Portal password. | -| `rhsm_activation_key` | No default | Red Hat Portal Activation Key. | -| `rhsm_org_id` | No default | Red Hat Portal Organization Identifier. | +| `rhsm_username` | `[undefined]` | Red Hat Portal username. | +| `rhsm_password` | `[undefined]` | Red Hat Portal password. | +| `rhsm_activation_key` | `[undefined]` | Red Hat Portal Activation Key. | +| `rhsm_org_id` | `[undefined]` | Red Hat Portal Organization Identifier. | | `rhsm_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. | -| `rhsm_state` | `enable` | Whether to enable or disable a Red Hat subscription. | -| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscibe to available repositories. | +| `rhsm_state` | `present` | Whether to enable or disable a Red Hat subscription. | +| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscribe to available repositories. | +| `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. | | `rhsm_repos` | `[]` | The list of repositories to enable or disable. See `defaults/main.yml` for examples. | +| `rhsm_rhsm_port` | `443` | Port to use when connecting to subscription server. | +| `rhsm_server_hostname` | `subscription.rhn.redhat.com` | FQDN of subscription server. | +| `rhsm_server_prefix` | `/subscription` | Server prefix | +| `rhsm_insecure` | `False` | Disable certificate validation. | +| `rhsm_ssl_verify_depth` | `3` | Depths certificates should be validated when checking. | +| `rhsm_rhsm_proxy_hostname` | `[undefined]` | FQDN of outbound proxy server. | +| `rhsm_rhsm_proxy_port` | `[undefined]` | Port to use for proxy server. | +| `rhsm_rhsm_proxy_user` | `[undefined]` | Username to use for proxy server. | +| `rhsm_rhsm_proxy_password` | `[undefined]` | Password to use for proxy server. Save this in an Ansible Vault or other secret store. | +| `rhsm_baseurl` | `https://cdn.redhat.com` | Base URL for content. | +| `rhsm_ca_cert_dir` | `/etc/rhsm/ca/` | Server CA certificate directory. | +| `rhsm_repo_ca_cert` | `%(ca_cert_dir)sredhat-uep.pem` | Default CA to use when generating yum rep configs. | +| `rhsm_product_cert_dir` | `/etc/pki/product` | Product certificate directory. | +| `rhsm_entitlement_cert_dir` | `/etc/pki/entitlement` | Entitlement certificate directory. | +| `rhsm_consumer_cert_dir` | `/etc/pki/consumer` | Consumer certificate directory. | +| `rhsm_manage_repos` | `True` | Manage generation of yum repositories for subscribed content. | +| `rhsm_full_refresh_on_yum` | `False` | Refresh repo files with server overrides on every `yum` command. | +| `rhsm_report_package_profile` | `True` | Whether to report the package profiles to the subscription management service. | +| `rhsm_plugin_dir` | `/usr/share/rhsm-plugins` | Directory to search for subscription manage plugins. | +| `rhsm_plugin_conf_dir` | `/etc/rhsm/pluginconf.d` | Directory to search for plugin configuration files. | +| `rhsm_cert_check_interval` | `240` | Interval in minutes to run certificate check. | +| `rhsm_auto_attach_interval` | `1440` | Interval in minutes to run auto-attach. | +| `rhsm_logging` | [see `defaults/main.yml`] | Logging settings for various RHSM components. | Dependencies ------------ @@ -43,7 +69,7 @@ Example Playbook - rhel-7-server-openstack-8-rpms roles: - - samdoran.redhat-subscription + - openstack.redhat-subscription License ------- diff --git a/defaults/main.yml b/defaults/main.yml index cbf93aa..248565f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,16 +5,42 @@ # rhsm_ord_id: 1234 rhsm_state: present # present or absent -rhsm_autosubscribe: True +rhsm_autosubscribe: yes rhsm_method: portal # portal or satellite rhsm_repos: [] # - name: rhel-7-server-extras-rpms # wildcard or repo name - # state: enable # enable or disable + # state: enabled # enabled or disabled -# /etc/rhsm/rhsm.conf settings + +## /etc/rhsm/rhsm.conf settings rhsm_rhsm_port: 443 +rhsm_server_hostname: subscription.rhn.redhat.com +rhsm_server_prefix: '/subscription' +rhsm_insecure: False +rhsm_ssl_verify_depth: 3 # rhsm_rhsm_proxy_hostname: "" # rhsm_rhsm_proxy_port: "" # rhsm_rhsm_proxy_user: "" # rhsm_rhsm_proxy_password: "" +rhsm_baseurl: https://cdn.redhat.com +rhsm_ca_cert_dir: /etc/rhsm/ca/ +rhsm_repo_ca_cert: '%(ca_cert_dir)sredhat-uep.pem' +rhsm_product_cert_dir: /etc/pki/product +rhsm_entitlement_cert_dir: /etc/pki/entitlement +rhsm_consumer_cert_dir: /etc/pki/consumer +rhsm_manage_repos: True +rhsm_full_refresh_on_yum: False +rhsm_report_package_profile: True +rhsm_plugin_dir: /usr/share/rhsm-plugins +rhsm_plugin_conf_dir: /etc/rhsm/pluginconf.d +rhsm_cert_check_interval: 240 +rhsm_auto_attach_interval: 1440 +rhsm_logging: + default: INFO + # subscription_manager: DEBUG + # subscription_manager_managercli: DEBUG + # rhsm: DEBUG + # rhsm_connection: DEBUG + # rhsm_app: DEBUG + # rhsm_app_rhsmd: DEBUG diff --git a/tasks/main.yml b/tasks/main.yml index f395b7f..60c8df9 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -13,7 +13,7 @@ mode: 0644 tags: - rhsm - - rhsm_rhsm + - rhsm_conf - import_tasks: "{{ rhsm_method | default('portal') }}.yml" tags: diff --git a/templates/rhsm.conf.j2 b/templates/rhsm.conf.j2 index a3ab381..1aca72c 100644 --- a/templates/rhsm.conf.j2 +++ b/templates/rhsm.conf.j2 @@ -1,79 +1,57 @@ # {{ ansible_managed }} -# Red Hat Subscription Manager Configuration File: - -# Unified Entitlement Platform Configuration [server] -# Server hostname: -hostname = subscription.rhn.redhat.com - -# Server prefix: -prefix = /subscription - -# Server port: +hostname = {{ rhsm_server_hostname }} +prefix = {{ rhsm_server_prefix }} port = {{ rhsm_rhsm_port }} - -# Set to 1 to disable certificate validation: -insecure = 0 - -# Set the depth of certs which should be checked -# when validating a certificate -ssl_verify_depth = 3 - -# an http proxy server to use +insecure = {{ rhsm_insecure | int }} +ssl_verify_depth = {{ rhsm_ssl_verify_depth }} {% if rhsm_rhsm_proxy_hostname is defined %} proxy_hostname = {{ rhsm_rhsm_proxy_hostname }} {% endif %} - -# port for http proxy server {% if rhsm_rhsm_proxy_port is defined %} proxy_port = {{ rhsm_rhsm_proxy_port }} {% endif %} - {% if rhsm_rhsm_proxy_user is defined %} -# user name for authenticating to an http proxy, if needed proxy_user = {{ rhsm_rhsm_proxy_user }} {% endif %} - {% if rhsm_rhsm_proxy_password is defined %} -# password for basic http proxy auth, if needed proxy_password = {{ rhsm_rhsm_proxy_password }} {% endif %} [rhsm] -# Content base URL: -baseurl= https://cdn.redhat.com - -# Server CA certificate location: -ca_cert_dir = /etc/rhsm/ca/ - -# Default CA cert to use when generating yum repo configs: -repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem - -# Where the certificates should be stored -productCertDir = /etc/pki/product -entitlementCertDir = /etc/pki/entitlement -consumerCertDir = /etc/pki/consumer - -# Manage generation of yum repositories for subscribed content: -manage_repos = 1 - -# Refresh repo files with server overrides on every yum command -full_refresh_on_yum = 0 - -# If set to zero, the client will not report the package profile to -# the subscription management service. -report_package_profile = 1 - -# The directory to search for subscription manager plugins -pluginDir = /usr/share/rhsm-plugins - -# The directory to search for plugin configuration files -pluginConfDir = /etc/rhsm/pluginconf.d +baseurl = {{ rhsm_baseurl }} +ca_cert_dir = {{ rhsm_ca_cert_dir }} +repo_ca_cert = {{ rhsm_repo_ca_cert }} +productCertDir = {{ rhsm_product_cert_dir }} +entitlementCertDir = {{ rhsm_entitlement_cert_dir }} +consumerCertDir = {{ rhsm_consumer_cert_dir }} +manage_repos = {{ rhsm_manage_repos | int }} +full_refresh_on_yum = {{ rhsm_full_refresh_on_yum | int }} +report_package_profile = {{ rhsm_report_package_profile | int }} +pluginDir = {{ rhsm_plugin_dir }} +pluginConfDir = {{ rhsm_plugin_conf_dir }} [rhsmcertd] -# Interval to run cert check (in minutes): -certCheckInterval = 240 -# Interval to run auto-attach (in minutes): -autoAttachInterval = 1440 - +certCheckInterval = {{ rhsm_cert_check_interval }} +autoAttachInterval = {{ rhsm_auto_attach_interval }} +[logging] +default_log_level = {{ rhsm_logging.default }} +{% if rhsm_logging.subscription_manager is defined %} +subscription_manager = {{ rhsm_logging.subscription_manager }} +{% endif %} +{% if rhsm_logging.subscription_manager_managercli is defined %} +subscription_manager.managercli = {{ rhsm_logging.subscription_manager_managercli }} +{% endif %} +{% if rhsm_logging.rhsm is defined %} +rhsm = {{ rhsm_logging.rhsm }} +{% endif %} +{% if rhsm_logging.rhsm_connection is defined %} +rhsm.connection = {{ rhsm_logging.rhsm_connection }} +{% endif %} +{% if rhsm_logging.rhsm_app is defined %} +rhsm-app = {{ rhsm_logging.rhsm_app }} +{% endif %} +{% if rhsm_logging.rhsm_app_rhsmd is defined %} +rhsm-app.rhsmd = {{ rhsm_logging.rhsm_app_rhsmd }} +{% endif %} diff --git a/tests/Vagrantfile b/tests/Vagrantfile index 804f330..b82aa26 100644 --- a/tests/Vagrantfile +++ b/tests/Vagrantfile @@ -5,9 +5,9 @@ Vagrant.configure(2) do |config| rhel6.vm.box = "samdoran/rhel6" rhel6.vm.hostname = "rhsm-rhel6" config.vm.provider "virtualbox" do |vbox| - vbox.name = "rhsm-rhel7" + vbox.name = "rhsm-rhel6" vbox.cpus = 1 - vbox.memory = 128 + vbox.memory = 256 end end diff --git a/tests/vars.yml b/tests/vars.yml index 3960207..949dca4 100644 --- a/tests/vars.yml +++ b/tests/vars.yml @@ -2,8 +2,15 @@ rhsm_username: "{{ lookup('env', 'RHSM_USERNAME') }}" rhsm_password: "{{ lookup('env', 'RHSM_PASSWORD') }}" rhsm_pool_ids: "{{ lookup('env', 'RHSM_POOL_ID') }}" rhsm_state: present -rhsm_repos: - - name: rhel-7-server-extras-rpms - state: absent - - name: rhel-7-server-rh-common-rpms - - name: rhel-7-server-openstack-12-tools-rpms +rhsm_repos: "{{ repos[ansible_distribution ~ '-' ~ ansible_distribution_major_version] }}" + +repos: + RedHat-6: + - name: rhel-{{ ansible_distribution_major_version }}-server-extras-rpms + state: present + - name: rhel-{{ ansible_distribution_major_version }}-server-rh-common-rpms + RedHat-7: + - name: rhel-{{ ansible_distribution_major_version }}-server-extras-rpms + state: present + - name: rhel-{{ ansible_distribution_major_version }}-server-rh-common-rpms + - name: rhel-{{ ansible_distribution_major_version }}-server-openstack-12-tools-rpms