|
<%#
|
|
kind: snippet
|
|
name: subscription_manager_setup
|
|
model: ProvisioningTemplate
|
|
snippet: true
|
|
description: |
|
|
This snippet installs and configures subscription-manager that is required for host registration.
|
|
The snippet is included in the "global_registration" template and in the "redhat_register" snippet.
|
|
The latter ensures host registration during the provisioning process.
|
|
-%>
|
|
# Select package manager for the OS (sets the $PKG_MANAGER* variables)
|
|
if [ -z "$PKG_MANAGER" ]; then
|
|
<%= indent(2) { snippet 'pkg_manager' } -%>
|
|
fi
|
|
|
|
# Define the path to rhsm.conf
|
|
RHSM_CFG=/etc/rhsm/rhsm.conf
|
|
|
|
<% if @subman_setup_scenario == 'registration' -%>
|
|
# Backup the original rhsm.conf file
|
|
if [ -f $RHSM_CFG ] ; then
|
|
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
|
|
fi
|
|
<% end -%>
|
|
|
|
<% if plugin_present?('katello') -%>
|
|
# Define the path to the Katello server CA certificate
|
|
KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem
|
|
|
|
# If SSL_CA_CERT is not set, create a temporary file for it
|
|
if [ -z "$SSL_CA_CERT" ]; then
|
|
SSL_CA_CERT=$(mktemp)
|
|
cat << EOF > "$SSL_CA_CERT"
|
|
<%= foreman_server_ca_cert %>
|
|
EOF
|
|
fi
|
|
|
|
<% if @subman_setup_scenario == 'registration' -%>
|
|
# rhn-client-tools conflicts with subscription-manager package
|
|
# since rhn tools replaces subscription-manager, we need to explicitly
|
|
# install subscription-manager after the rhn tools cleanup
|
|
if [ x$ID = xol ]; then
|
|
$PKG_MANAGER_REMOVE rhn-client-tools
|
|
$PKG_MANAGER_INSTALL --setopt=obsoletes=0 subscription-manager
|
|
elif [ -f /etc/debian_version ]; then
|
|
$PKG_MANAGER_INSTALL subscription-manager
|
|
fi
|
|
|
|
<% if truthy?(@force) -%>
|
|
# Unregister host and remove all local system and subscription data
|
|
if [ -x "$(command -v subscription-manager)" ] ; then
|
|
subscription-manager unregister || true
|
|
subscription-manager clean
|
|
fi
|
|
|
|
if ![ -f /etc/debian_version ]; then
|
|
$PKG_MANAGER_REMOVE katello-ca-consumer\* > /dev/null 2>&1
|
|
fi
|
|
<% end -%>
|
|
<% end -%>
|
|
|
|
# Prepare the SSL certificate
|
|
mkdir -p /etc/rhsm/ca
|
|
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT
|
|
chmod 644 $KATELLO_SERVER_CA_CERT
|
|
<% end -%>
|
|
|
|
# Prepare subscription-manager
|
|
if ! [ -x "$(command -v subscription-manager)" ] ; then
|
|
$PKG_MANAGER_INSTALL subscription-manager
|
|
else
|
|
echo "subscription-manager is already installed!"
|
|
<% if @subman_setup_scenario == 'registration' -%>
|
|
$PKG_MANAGER_UPGRADE subscription-manager > /dev/null 2>&1
|
|
<% end %>
|
|
fi
|
|
|
|
# Check if rhsm.conf exists
|
|
if ! [ -f $RHSM_CFG ] ; then
|
|
echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
|
|
<% if plugin_present?('katello') -%>
|
|
rm -f $SSL_CA_CERT
|
|
<% end -%>
|
|
exit 1
|
|
fi
|
|
|
|
<% if @subman_setup_scenario == 'registration'
|
|
if plugin_present?('katello')
|
|
server_hostname = @rhsm_url.host if @rhsm_url
|
|
server_port = @rhsm_url.port if @rhsm_url
|
|
server_prefix = @rhsm_url.path if @rhsm_url
|
|
repo_ca_cert = "$KATELLO_SERVER_CA_CERT"
|
|
rhsm_baseurl = @pulp_content_url
|
|
end
|
|
elsif @subman_setup_scenario == 'provisioning'
|
|
if plugin_present?('katello')
|
|
server_hostname = @host.content_source
|
|
server_port = @host.content_source.rhsm_url.port
|
|
server_prefix = @host.content_source.rhsm_url.path
|
|
repo_ca_cert = "$KATELLO_SERVER_CA_CERT"
|
|
rhsm_baseurl = @host.content_source.pulp_content_url
|
|
else
|
|
server_hostname = "subscription.rhsm.redhat.com"
|
|
server_port = "443"
|
|
server_prefix = "/subscription"
|
|
repo_ca_cert = "/etc/rhsm/ca/redhat-uep.pem"
|
|
rhsm_baseurl = "https://cdn.redhat.com"
|
|
end
|
|
end
|
|
-%>
|
|
|
|
# Configure subscription-manager
|
|
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
|
|
subscription-manager config \
|
|
--server.hostname="<%= server_hostname %>" \
|
|
--server.port="<%= server_port %>" \
|
|
--server.prefix="<%= server_prefix %>" \
|
|
--rhsm.repo_ca_cert="<%= repo_ca_cert %>" \
|
|
--rhsm.baseurl="<%= rhsm_baseurl %>"
|
|
|
|
# Older versions of subscription manager may not recognize
|
|
# report_package_profile and package_profile_on_trans options.
|
|
# So set them separately and redirect out & error to /dev/null
|
|
# to fail silently.
|
|
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
|
|
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true
|
|
|
|
# Configuration for EL6
|
|
if grep --quiet full_refresh_on_yum $RHSM_CFG; then
|
|
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
|
|
else
|
|
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
|
|
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
|
|
fi
|
|
|
|
<% if @subman_setup_scenario == 'provisioning' && plugin_present?('katello') -%>
|
|
if [ -f /etc/debian_version ]; then
|
|
CA_TRUST_ANCHORS=/usr/local/share/ca-certificates/
|
|
else
|
|
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors
|
|
fi
|
|
|
|
# Add the Katello CA certificate to the system-wide CA certificate store
|
|
if [ -d $CA_TRUST_ANCHORS ]; then
|
|
if [ -f /etc/debian_version ]; then
|
|
cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS
|
|
update-ca-certificates
|
|
else
|
|
update-ca-trust enable
|
|
cp $KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS
|
|
update-ca-trust
|
|
fi
|
|
fi
|
|
<% end -%>
|
|
|
|
# Restart yggdrasild if installed and running
|
|
systemctl try-restart yggdrasil >/dev/null 2>&1 || true
|