From a0c7cfffcc8b3f507bb1d4bdcb35fc37d8bd42f2 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 17 Oct 2018 10:20:09 -0400 Subject: [PATCH] Fix defaults when activation key is used, add options When the activation key is used, we don't want to deploy repositories, and also it's not compatible with autosubscribe option, they are both mutually exclusive. This patch: - change the default of rhsm_autosubscribe to be undefined. - configure repositories when activationkey isn't defined. - use include_tasks since a variable is in the task file name - add option to force registration - pass the rhsm_baseurl to the registration task, which is needed when unregistering - derive the rhsm_satellite_url from rhsm_baseurl by default, but allow it to be overridden - sets validate_certs for yum tasks - uses dynamic task inclusion rather than static import with a default filter for selecting the registration method Change-Id: Ibf8c3c573a78acc6815cf3793a208028c43f3ba1 Closes-Bug: #1798382 --- README.md | 8 +++++--- defaults/main.yml | 3 ++- meta/main.yml | 2 +- tasks/main.yml | 6 +++++- tasks/portal.yml | 6 +++++- tasks/satellite-6.yml | 1 + tasks/satellite.yml | 4 +--- 7 files changed, 20 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 780e355..0a0f9b8 100644 --- a/README.md +++ b/README.md @@ -16,15 +16,16 @@ Role Variables | Name | Default Value | Description | |-------------------|---------------------|----------------------| +| `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. | | `rhsm_username` | `[undefined]` | Red Hat Portal username. | | `rhsm_password` | `[undefined]` | Red Hat Portal password. | | `rhsm_activation_key` | `[undefined]` | Red Hat Portal Activation Key. | | `rhsm_org_id` | `[undefined]` | Red Hat Portal Organization Identifier. | | `rhsm_pool_ids` | `[undefined]` | Red Hat Subscription pool IDs to consume. | -| `rhsm_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. | | `rhsm_state` | `present` | Whether to enable or disable a Red Hat subscription. | -| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscribe to available repositories. | -| `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. | +| `rhsm_autosubscribe` | `[undefined]` | Whether or not to autosubscribe to available repositories. | +| `rhsm_consumer_hostname` | `[undefined]` | Name of the system to use when registering. Defaults to using the system hostname if undefined. | +| `rhsm_force_register` | `[undefined]` | Whether or not to force registration. Will not force registration if undefined. | | `rhsm_repos` | `[]` | The list of repositories to enable or disable. See `defaults/main.yml` for examples. | | `rhsm_rhsm_port` | `443` | Port to use when connecting to subscription server. | | `rhsm_server_hostname` | `subscription.rhn.redhat.com` | FQDN of subscription server. | @@ -36,6 +37,7 @@ Role Variables | `rhsm_rhsm_proxy_user` | `[undefined]` | Username to use for proxy server. | | `rhsm_rhsm_proxy_password` | `[undefined]` | Password to use for proxy server. Save this in an Ansible Vault or other secret store. | | `rhsm_baseurl` | `https://cdn.redhat.com` | Base URL for content. | +| `rhsm_satellite_url` | `[see defaults/main.yml]` | URL of the Satellite server that will be probed to determine the Satellite version. Uses the scheme and hostname of `rhsm_baseurl` by default. | | `rhsm_ca_cert_dir` | `/etc/rhsm/ca/` | Server CA certificate directory. | | `rhsm_repo_ca_cert` | `%(ca_cert_dir)sredhat-uep.pem` | Default CA to use when generating yum rep configs. | | `rhsm_product_cert_dir` | `/etc/pki/product` | Product certificate directory. | diff --git a/defaults/main.yml b/defaults/main.yml index 248565f..e1b42c3 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,9 +3,9 @@ # rhsm_password: secrete # rhsm_activation_key: AAA-BBB-CCC-DDD # rhsm_ord_id: 1234 +# rhsm_autosubscribe: yes # or no (note it's mutually exclusive to rhsm_activation_key) rhsm_state: present # present or absent -rhsm_autosubscribe: yes rhsm_method: portal # portal or satellite rhsm_repos: [] @@ -24,6 +24,7 @@ rhsm_ssl_verify_depth: 3 # rhsm_rhsm_proxy_user: "" # rhsm_rhsm_proxy_password: "" rhsm_baseurl: https://cdn.redhat.com +rhsm_satellite_url: "{{ rhsm_baseurl | urlsplit('scheme') ~ '://' ~ rhsm_baseurl | urlsplit('hostname') }}" rhsm_ca_cert_dir: /etc/rhsm/ca/ rhsm_repo_ca_cert: '%(ca_cert_dir)sredhat-uep.pem' rhsm_product_cert_dir: /etc/pki/product diff --git a/meta/main.yml b/meta/main.yml index b3e0ee4..3a0638e 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,7 +6,7 @@ galaxy_info: description: "Manage Red Hat subscription and repositories." company: license: Apache 2.0 - min_ansible_version: 2.4 + min_ansible_version: 2.5 platforms: - name: EL diff --git a/tasks/main.yml b/tasks/main.yml index 60c8df9..23fccd5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -15,6 +15,10 @@ - rhsm - rhsm_conf -- import_tasks: "{{ rhsm_method | default('portal') }}.yml" +- block: + - include_tasks: "{{ rhsm_method }}.yml" tags: - rhsm + - rhsm_register + - rhsm_repos + - rhsm_satellite diff --git a/tasks/portal.yml b/tasks/portal.yml index 5afa00f..f19bed1 100644 --- a/tasks/portal.yml +++ b/tasks/portal.yml @@ -8,6 +8,8 @@ state: "{{ rhsm_state | default(omit) }}" autosubscribe: "{{ rhsm_autosubscribe | default(omit) }}" consumer_name: "{{ rhsm_consumer_hostname | default(omit) }}" + force_register: "{{ rhsm_force_register | default(omit) }}" + rhsm_baseurl: "{{ rhsm_baseurl | default(omit) }}" tags: - rhsm - rhsm_register @@ -17,7 +19,9 @@ name: "{{ item.name | default(item) }}" state: "{{ item.state | default('enabled') }}" with_items: "{{ rhsm_repos | default([]) }}" - when: rhsm_state == 'present' + when: + - rhsm_state == 'present' + - rhsm_activation_key is not defined tags: - rhsm - rhsm_repos diff --git a/tasks/satellite-6.yml b/tasks/satellite-6.yml index 924e0a1..7bc0ee9 100644 --- a/tasks/satellite-6.yml +++ b/tasks/satellite-6.yml @@ -2,6 +2,7 @@ yum: name: "{{ rhsm_satellite_url }}/pub/katello-ca-consumer-latest.noarch.rpm" state: present + validate_certs: "{{ not rhsm_insecure }}" - name: SATELLITE 6 | Get Satellite certificates get_url: diff --git a/tasks/satellite.yml b/tasks/satellite.yml index b0cd0c9..f5b4910 100644 --- a/tasks/satellite.yml +++ b/tasks/satellite.yml @@ -24,10 +24,8 @@ tags: - rhsm_satellite -- import_tasks: satellite-{{ rhsm_satellite_version }}.yml +- include_tasks: satellite-{{ rhsm_satellite_version }}.yml tags: - rhsm_satellite - import_tasks: portal.yml - tags: - - rhsm