|
<%#
|
|
kind: registration
|
|
name: Global Registration
|
|
model: ProvisioningTemplate
|
|
description: |
|
|
The registration template used to render OS agnostic script that any host can use to register to
|
|
this Foreman instance. It is rendered as a response in the registration API endpoint. The resulting
|
|
script contains instructions to prepare the machine for registration, to create a new Host record in Foreman,
|
|
and to fetch and run the host specific initial configuration script. The initial script is rendered based
|
|
on the template of host_init_config kind.
|
|
-%>
|
|
#!/bin/sh
|
|
<%
|
|
headers = ["-H 'Authorization: Bearer #{@auth_token}'"]
|
|
activation_keys = [(@hostgroup.params['kt_activation_keys'] if @hostgroup), @activation_keys].compact.join(',')
|
|
-%>
|
|
|
|
# Rendered with following template parameters:
|
|
<%= "# User: [#{@user.login}]" -%>
|
|
<%= "\n# Organization: [#{@organization.name}]" if @organization -%>
|
|
<%= "\n# Location: [#{@location.name}]" if @location -%>
|
|
<%= "\n# Host group: [#{@hostgroup.title}]" if @hostgroup -%>
|
|
<%= "\n# Operating system: [#{@operatingsystem}]" if @operatingsystem -%>
|
|
<%= "\n# Setup Insights: [#{@setup_insights}]" unless @setup_insights.nil? -%>
|
|
<%= "\n# Setup remote execution: [#{@setup_remote_execution}]" unless @setup_remote_execution.nil? -%>
|
|
<%= "\n# Remote execution interface: [#{@remote_execution_interface}]" if @remote_execution_interface.present? -%>
|
|
<%= "\n# Packages: [#{@packages}]" if @packages.present? -%>
|
|
<%= "\n# Update packages: [#{@update_packages}]" unless @update_packages.nil? -%>
|
|
<%= "\n# Repository: [#{@repo}]" if @repo.present? -%>
|
|
<%= "\n# Repository GPG key URL: [#{@repo_gpg_key_url}]" if @repo_gpg_key_url.present? -%>
|
|
<%= "\n# Force: [#{@force}]" unless @force.nil? -%>
|
|
<%= "\n# Ignore subman errors: [#{@ignore_subman_errors}]" unless @ignore_subman_errors.nil? -%>
|
|
<%= "\n# Lifecycle environment id: [#{@lifecycle_environment_id}]" if @lifecycle_environment_id.present? -%>
|
|
<%= "\n# Activation keys: [#{activation_keys}]" if activation_keys.present? -%>
|
|
|
|
|
|
if ! [ $(id -u) = 0 ]; then
|
|
echo "Please run as root"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -f /etc/os-release ] ; then
|
|
. /etc/os-release
|
|
fi
|
|
|
|
# Choose package manager
|
|
# apt-get for Debian & Ubuntu
|
|
# dnf for Fedora (version >= 22) & RHEL family (version > 7)
|
|
# yum for Fedora (version < 22) & RHEL family (version < 8)
|
|
if [ x$ID = xfedora ]; then
|
|
if [ "${VERSION_ID%.*}" -gt 21 ]; then
|
|
PKG_MANAGER='dnf'
|
|
else
|
|
PKG_MANAGER='yum'
|
|
fi
|
|
elif [ -f /etc/redhat-release ] ; then
|
|
if [ "${VERSION_ID%.*}" -gt 7 ]; then
|
|
PKG_MANAGER='dnf'
|
|
else
|
|
PKG_MANAGER='yum'
|
|
fi
|
|
elif [ -f /etc/debian_version ]; then
|
|
PKG_MANAGER='apt-get'
|
|
fi
|
|
|
|
SSL_CA_CERT=$(mktemp)
|
|
cat << EOF > $SSL_CA_CERT
|
|
<%= foreman_server_ca_cert %>
|
|
EOF
|
|
|
|
cleanup_and_exit() {
|
|
rm -f $SSL_CA_CERT
|
|
exit $1
|
|
}
|
|
|
|
<% unless @repo.blank? -%>
|
|
echo '#'
|
|
echo '# Adding repository'
|
|
echo '#'
|
|
|
|
if [ -f /etc/redhat-release ]; then
|
|
cat << EOF > /etc/yum.repos.d/foreman_registration.repo
|
|
[foreman_register]
|
|
name=foreman_register
|
|
baseurl=<%= shell_escape @repo %>
|
|
enabled=1
|
|
gpgcheck=<%= @repo_gpg_key_url.present? ? 1 : 0 %>
|
|
gpgkey=<%= shell_escape @repo_gpg_key_url %>
|
|
EOF
|
|
|
|
echo "Building yum metadata cache, this may take a few minutes"
|
|
$PKG_MANAGER makecache
|
|
elif [ -f /etc/debian_version ]; then
|
|
cat << EOF > /etc/apt/sources.list.d/foreman_registration.list
|
|
<%= shell_escape @repo %>
|
|
EOF
|
|
<% if @repo_gpg_key_url.present? -%>
|
|
apt-get -y install ca-certificates gpg
|
|
curl --silent --show-error <%= shell_escape @repo_gpg_key_url %> | apt-key add -
|
|
<% end -%>
|
|
apt-get update
|
|
|
|
else
|
|
echo "Unsupported operating system, can't add repository."
|
|
cleanup_and_exit 1
|
|
fi
|
|
<% end -%>
|
|
|
|
register_host() {
|
|
curl --silent --show-error --cacert $SSL_CA_CERT --request POST <%= @registration_url %> \
|
|
<%= headers.join(' ') %> \
|
|
--data "host[name]=$(hostname --fqdn)" \
|
|
--data "host[build]=false" \
|
|
--data "host[managed]=false" \
|
|
<%= " --data 'host[organization_id]=#{@organization.id}' \\\n" if @organization -%>
|
|
<%= " --data 'host[location_id]=#{@location.id}' \\\n" if @location -%>
|
|
<%= " --data 'host[hostgroup_id]=#{@hostgroup.id}' \\\n" if @hostgroup -%>
|
|
<%= " --data 'host[operatingsystem_id]=#{@operatingsystem.id}' \\\n" if @operatingsystem -%>
|
|
<%= " --data host[interfaces_attributes][0][identifier]=#{shell_escape(@remote_execution_interface)} \\\n" if @remote_execution_interface.present? -%>
|
|
<%= " --data 'setup_insights=#{@setup_insights}' \\\n" unless @setup_insights.nil? -%>
|
|
<%= " --data 'setup_remote_execution=#{@setup_remote_execution}' \\\n" unless @setup_remote_execution.nil? -%>
|
|
<%= " --data remote_execution_interface=#{shell_escape(@remote_execution_interface)} \\\n" if @remote_execution_interface.present? -%>
|
|
<%= " --data packages=#{shell_escape(@packages)} \\\n" if @packages.present? -%>
|
|
<%= " --data 'update_packages=#{@update_packages}' \\\n" unless @update_packages.nil? -%>
|
|
|
|
}
|
|
|
|
echo "#"
|
|
echo "# Running registration"
|
|
echo "#"
|
|
|
|
<% if plugin_present?('katello') -%>
|
|
if [ -f /etc/redhat-release ]; then
|
|
register_katello_host(){
|
|
UUID=$(subscription-manager identity | head -1 | awk '{print $3}')
|
|
curl --silent --show-error --cacert $KATELLO_SERVER_CA_CERT --request POST "<%= @registration_url %>" \
|
|
--data "uuid=$UUID" \
|
|
<%= headers.join(' ') %> \
|
|
<%= " --data 'host[organization_id]=#{@organization.id}' \\\n" if @organization -%>
|
|
<%= " --data 'host[location_id]=#{@location.id}' \\\n" if @location -%>
|
|
<%= " --data 'host[hostgroup_id]=#{@hostgroup.id}' \\\n" if @hostgroup -%>
|
|
<%= " --data 'host[lifecycle_environment_id]=#{@lifecycle_environment_id}' \\\n" if @lifecycle_environment_id.present? -%>
|
|
<%= " --data 'setup_insights=#{@setup_insights}' \\\n" unless @setup_insights.nil? -%>
|
|
<%= " --data 'setup_remote_execution=#{@setup_remote_execution}' \\\n" unless @setup_remote_execution.nil? -%>
|
|
<%= " --data remote_execution_interface=#{shell_escape(@remote_execution_interface)} \\\n" if @remote_execution_interface.present? -%>
|
|
<%= " --data packages=#{shell_escape(@packages)} \\\n" if @packages.present? -%>
|
|
<%= " --data 'update_packages=#{@update_packages}' \\\n" unless @update_packages.nil? -%>
|
|
|
|
}
|
|
|
|
KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem
|
|
RHSM_CFG=/etc/rhsm/rhsm.conf
|
|
|
|
# Backup rhsm.conf
|
|
if [ -f $RHSM_CFG ] ; then
|
|
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
|
|
fi
|
|
|
|
# rhn-client-tools conflicts with subscription-manager package
|
|
# since rhn tools replaces subscription-manager, we need to explicitly
|
|
# install subscription-manager after the rhn tools cleanup
|
|
if [ x$ID = xol ]; then
|
|
$PKG_MANAGER remove -y rhn-client-tools
|
|
$PKG_MANAGER install -y --setopt=obsoletes=0 subscription-manager
|
|
fi
|
|
|
|
# Prepare SSL certificate
|
|
mkdir -p /etc/rhsm/ca
|
|
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT
|
|
chmod 644 $KATELLO_SERVER_CA_CERT
|
|
|
|
# Prepare subscription-manager
|
|
<% if @force -%>
|
|
if [ -x "$(command -v subscription-manager)" ] ; then
|
|
subscription-manager unregister || true
|
|
subscription-manager clean
|
|
fi
|
|
|
|
$PKG_MANAGER remove -y katello-ca-consumer\*
|
|
<% end -%>
|
|
|
|
if ! [ -x "$(command -v subscription-manager)" ] ; then
|
|
$PKG_MANAGER install -y subscription-manager
|
|
else
|
|
$PKG_MANAGER upgrade -y subscription-manager
|
|
fi
|
|
|
|
if ! [ -f $RHSM_CFG ] ; then
|
|
echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
|
|
cleanup_and_exit 1
|
|
fi
|
|
|
|
# Configure subscription-manager
|
|
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
|
|
subscription-manager config \
|
|
--server.hostname="<%= @rhsm_url.host %>" \
|
|
--server.port="<%= @rhsm_url.port %>" \
|
|
--server.prefix="<%= @rhsm_url.path %>" \
|
|
--rhsm.repo_ca_cert="$KATELLO_SERVER_CA_CERT" \
|
|
--rhsm.baseurl="<%= @pulp_content_url %>"
|
|
|
|
# Older versions of subscription manager may not recognize
|
|
# report_package_profile and package_profile_on_trans options.
|
|
# So set them separately and redirect out & error to /dev/null
|
|
# to fail silently.
|
|
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
|
|
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true
|
|
|
|
# Configuration for EL6
|
|
if grep --quiet full_refresh_on_yum $RHSM_CFG; then
|
|
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
|
|
else
|
|
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
|
|
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
|
|
fi
|
|
|
|
subscription-manager register <%= '--force' if @force %> \
|
|
--org='<%= @organization.label %>' \
|
|
--activationkey='<%= activation_keys %>' || <%= @ignore_subman_errors ? 'true' : 'cleanup_and_exit 1' %>
|
|
|
|
register_katello_host | bash
|
|
else
|
|
register_host | bash
|
|
fi
|
|
<% else -%>
|
|
register_host | bash
|
|
<% end -%>
|
|
|
|
cleanup_and_exit
|
