From 80c3d3332507fe620fcab99e65f2ffd81d48a69e Mon Sep 17 00:00:00 2001 From: Vinny Valdez Date: Tue, 29 Mar 2016 16:52:05 -0500 Subject: Add subscription-manager support for Hosted or Satellite --- roles/subscription-manager/README.md | 95 ++++++++++++++++++++++ roles/subscription-manager/pre_tasks/pre_tasks.yml | 37 +++++++++ roles/subscription-manager/tasks/main.yml | 93 +++++++++++++++++++++ 3 files changed, 225 insertions(+) create mode 100644 roles/subscription-manager/README.md create mode 100644 roles/subscription-manager/pre_tasks/pre_tasks.yml create mode 100644 roles/subscription-manager/tasks/main.yml (limited to 'roles/subscription-manager') diff --git a/roles/subscription-manager/README.md b/roles/subscription-manager/README.md new file mode 100644 index 000000000..b140ad09a --- /dev/null +++ b/roles/subscription-manager/README.md @@ -0,0 +1,95 @@ +# Red Hat Subscription Manager Ansible Role + +## Parameters + +This role depends on user specified variables. These can be set in the inventory file, group_vars or passed to the playbook from the CLI. The variables are: + +### rhsm_method + +Subscription Manager method to use for registration. Valid values are: + +* **satellite** - Use a Satellite server. Additional variables required include **rhsm_server**, **rhsm_org** and either (**rhsm_username** and **rhsm_password**) or **rhsm_activationkey** +* **hosted** - Use Red Hat's CDN. Additional variables required are **rhsm_server** (defaults to RHSM CDN) and **rhsm_username** and **rhsm_password** +* none/false/blank will disable any subscription manager activities (this is the default if no parameters are set) + +Default: none + +### rhsm_server + +Subscription Manager server hostname. If using a Satellite server set the FQDN here. If using RHSM Hosted this value is ignored. + +Default: none + +### rhsm_username + +Subscription Manager username. Required for RHSM Hosted. Can be optionally used for Satellite, but it may be better to use **rhsm_activationkey** for this. + +Default: none + +### rhsm_password + +Subscription Manager password. Required for RHSM Hosted. Can be optionally used for Satellite, but it may be better to use **rhsm_activationkey** for this. + +Default: none + +### rhsm_org + +Optional Satellite Subscription Manager Organization. Required for Satellite, ignored if using RHSM Hosted. + +Default: none + +### rhsm_activationkey + +Optional Satellite Subscription Manager Activation Key, use this instead of **rhsm_username** and **rhsm_password** if using Satellite to provide repositories and authentication in a key instead. + +Default: none + +### rhsm_pool + +Optional Subscription Manager pool, determine this by running **subscription-manager list --available** on a registered system. Valid for RHSM Hosted or Satellite. Specifying **rhsm_activationkey** will ignore this option. + +Default: none + +### rhsm_repos + +Optional Repositories to enable, this can also be specified in the **rhsm_activationkey**. Valid for RHSM Hosted or Satellite. Specifying **rhsm_activationkey** will ignore this option. + +NOTE: If specifying this value in an inventory file as opposed to group_vars, be sure to define it as a proper list as such: + +rhsm_repos='["rhel-7-server-rpms", "rhel-7-server-ose-3.1-rpms", "rhel-7-server-extras-rpms"]' + +Default: none + +## Pre-tasks + +A number of variable checks are performed before any tasks to ensure the proper parameters are set. To include these checks call the pre_task yaml before any roles: + +``` + pre_tasks: + - include: roles/subscription-manager/pre_tasks/pre_tasks.yml +``` + +## Tasks + +The bulk of the work is performed in the main.yml for this role. The pre-task play will set a variable which can be checked to contitionally include this role as such: + +``` + roles: + - { role: subscription-manager, when: not hostvars.localhost.rhsm_skip, tags: 'subscription-manager' } +``` + +## Running the Playbook + +To register to RHSM Hosted with username and password: + +``` +ansible-playbook -i inventory/ose-provision ose-provision.yml -e "rhsm_method='hosted' rhsm_username=vvaldez rhsm_password='hunter2' openstack_key_name='vvaldez'" +``` + +To register to a Satellite server with an activation key: + +``` +ansible-playbook -i inventory/ose-provision ose-provision.yml -e "rhsm_server='10.12.32.1' rhsm_org='cloud_practice' rhsm_activationkey='rhel-7-ose-3-1' openstack_key_name='vvaldez' rhsm_method='satellite'" +``` + +To ignore any Subscription Manager activities, simple do not set any parameters or explicitly set **rhsm_method** to false. diff --git a/roles/subscription-manager/pre_tasks/pre_tasks.yml b/roles/subscription-manager/pre_tasks/pre_tasks.yml new file mode 100644 index 000000000..497f39353 --- /dev/null +++ b/roles/subscription-manager/pre_tasks/pre_tasks.yml @@ -0,0 +1,37 @@ +--- +- name: Initialize Subscription Manager fact + set_fact: + rhsm_skip: false + +- name: Determine if Subscription Manager should be skipped or not + set_fact: + rhsm_skip: true + when: rhsm_method is undefined or rhsm_method is none or rhsm_method|trim == '' + +- name: Determine Subscription Manager method + fail: msg="Value for 'rhsm_method' of '{{ rhsm_method }}' is not valid, it should be one of 'hosted', 'satellite', or false/none/blank" + when: + - rhsm_method != 'hosted' and rhsm_method != 'satellite' + - not rhsm_skip + +- name: Validate Subscription Manager host is set + fail: msg="Cannot determine Subscription Manager server hostname without a value for 'rhsm_server'" + when: + - rhsm_server is undefined or rhsm_server is none or rhsm_server|trim == '' + - not rhsm_method == 'hosted' + - not rhsm_skip + +- name: Validate Subscription Manager organization is set + fail: msg="Cannot register to a Satellite server without a value for the Organization via 'rhsm_org'" + when: + - rhsm_org is undefined or rhsm_org is none or rhsm_org|trim == '' + - rhsm_method == 'satellite' + - not rhsm_skip + +- name: Validate Subscription Manager authentication is defined + fail: msg="Cannot register without ('rhsm_username' and 'rhsm_password') or 'rhsm_activationkey' variables set" + when: + - (rhsm_username is undefined or rhsm_username is none or rhsm_username|trim == '') or (rhsm_password is undefined or rhsm_password is none or rhsm_password|trim == '') + - rhsm_activationkey is undefined or rhsm_activationkey is none or rhsm_activationkey|trim == '' + - not rhsm_skip + diff --git a/roles/subscription-manager/tasks/main.yml b/roles/subscription-manager/tasks/main.yml new file mode 100644 index 000000000..2e04a7a22 --- /dev/null +++ b/roles/subscription-manager/tasks/main.yml @@ -0,0 +1,93 @@ +--- +- name: Initializing Subscription Manager authenticaiton method + set_fact: + rhsm_authentication: false + +# 'rhsm_activationkey' will take precedence even if 'rhsm_username' and 'rhsm_password' are also set +- name: Setting Subscription Manager Activation Key Fact + set_fact: + rhsm_authentication: "key" + when: + - rhsm_activationkey is defined + - rhsm_activationkey is not none + - rhsm_activationkey|trim != '' + - not rhsm_authentication + +# If 'rhsm_username' and 'rhsm_password' are set but not 'rhsm_activationkey', set 'rhsm_authentication' to password +- name: Setting Subscription Manager Username and Password Fact + set_fact: + rhsm_authentication: "password" + when: + - rhsm_username is defined and rhsm_username is not none and rhsm_username|trim != '' + - rhsm_password is defined and rhsm_password is not none and rhsm_password|trim != '' + - not rhsm_authentication + +- name: Initializing registration status + set_fact: + registered: false + +- name: Checking subscription status (a failure means it is not registered and will be) + command: "/usr/bin/subscription-manager status" + ignore_errors: yes + changed_when: no + register: check_if_registered + +- name: Set registration fact + set_fact: + registered: true + when: check_if_registered.rc == 0 + +- name: Cleaning any old subscriptions + command: "/usr/bin/subscription-manager clean" + when: + - not registered + - rhsm_authentication is defined + +- name: Install Satellite certificate + command: "rpm -Uvh --force http://{{ rhsm_server }}/pub/katello-ca-consumer-latest.noarch.rpm" + when: + - not registered + - rhsm_method == 'satellite' + +- name: Register to Satellite using activation key + command: "/usr/bin/subscription-manager register --activationkey={{ rhsm_activationkey }} --org={{ rhsm_org }}" + when: + - not registered + - rhsm_authentication == 'key' + - rhsm_method == 'satellite' + +# This can apply to either Hosted or Satellite +- name: Register using username and password + command: "/usr/bin/subscription-manager register --username={{ rhsm_username }} --password={{ rhsm_password }}" + when: + - not registered + - rhsm_authentication != "key" + +- name: Auto-attach to Subscription Manager Pool + command: "/usr/bin/subscription-manager attach --auto" + when: + - not registered + - rhsm_authentication != "key" + +- name: Attach to a specific pool + command: "/usr/bin/subscription-manager attach --pool={{ rhsm_pool }}" + when: + - rhsm_pool is defined and rhsm_pool is not none and rhsm_pool|trim != '' + - and not registered + - rhsm_authentication != "key" + +- name: Disable all repositories + command: "/usr/bin/subscription-manager repos --disable=*" + when: + - not registered + - not rhsm_authentication == "key" + +- name: Enable specified repositories + command: "/usr/bin/subscription-manager repos --enable={{ item }}" + with_items: rhsm_repos + when: + - not registered + - not rhsm_authentication == "key" + +- name: Cleaning yum repositories + command: "yum clean all" -- cgit v1.2.3