|
KATELLO_SERVER=<%= scope['certs::katello::hostname'] %>
|
|
KATELLO_SERVER_CA_CERT=<%= scope['certs::server_ca_name'] %>.pem
|
|
KATELLO_DEFAULT_CA_CERT=<%= scope['certs::default_ca_name'] %>.pem
|
|
KATELLO_CERT_DIR=<%= scope['certs::katello::rhsm_ca_dir'] %>
|
|
PORT=<%= scope['certs::katello::rhsm_port'] %>
|
|
|
|
PREFIX=<%= scope['certs::katello::deployment_url'] %>
|
|
CFG=/etc/rhsm/rhsm.conf
|
|
CFG_BACKUP=$CFG.kat-backup
|
|
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors
|
|
|
|
# exit on non-RHEL systems or when rhsm.conf is not found
|
|
test -f $CFG || exit
|
|
type -P subscription-manager >/dev/null || type -P subscription-manager-cli >/dev/null || exit
|
|
|
|
# backup configuration during the first run
|
|
test -f $CFG_BACKUP || cp $CFG $CFG_BACKUP
|
|
|
|
#create the cert
|
|
echo "$KATELLO_SERVER_CA_DATA" > $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT
|
|
chmod 644 $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT
|
|
|
|
echo "$KATELLO_DEFAULT_CA_DATA" > $KATELLO_CERT_DIR/$KATELLO_DEFAULT_CA_CERT
|
|
chmod 644 $KATELLO_CERT_DIR/$KATELLO_DEFAULT_CA_CERT
|
|
|
|
# if atomic machine handle it the atomic way, else handle the regular rhel way
|
|
if [ -n "${IS_ATOMIC+1}" ] || [ -e "/run/ostree-booted" ]
|
|
then
|
|
#atomic setup
|
|
BASEURL=https://$KATELLO_SERVER/pulp/ostree/web/
|
|
|
|
# configure rhsm
|
|
# the config command was introduced in rhsm 0.96.6
|
|
subscription-manager config \
|
|
--server.hostname="$KATELLO_SERVER" \
|
|
--server.prefix="$PREFIX" \
|
|
--server.port="$PORT" \
|
|
--rhsm.repo_ca_cert="%(ca_cert_dir)s$KATELLO_SERVER_CA_CERT" \
|
|
--rhsm.baseurl="$BASEURL"
|
|
else
|
|
# rhel setup
|
|
BASEURL=https://$KATELLO_SERVER/pulp/repos
|
|
|
|
# Get version of RHSM
|
|
RHSM_V="`rpm -q --queryformat='%{VERSION}' subscription-manager 2> /dev/null | tr . ' '`"
|
|
if test $? != 0 ; then
|
|
RHSM_V="0 0 0"
|
|
fi
|
|
declare -a RHSM_VERSION=($RHSM_V)
|
|
|
|
# configure rhsm
|
|
# the config command was introduced in rhsm 0.96.6
|
|
# fallback left for older versions
|
|
if test ${RHSM_VERSION[0]:-0} -gt 0 -o ${RHSM_VERSION[1]:-0} -gt 96 -o \( ${RHSM_VERSION[1]:-0} -eq 96 -a ${RHSM_VERSION[2]:-0} -gt 6 \); then
|
|
subscription-manager config \
|
|
--server.hostname="$KATELLO_SERVER" \
|
|
--server.prefix="$PREFIX" \
|
|
--server.port="$PORT" \
|
|
--rhsm.repo_ca_cert="%(ca_cert_dir)s$KATELLO_SERVER_CA_CERT" \
|
|
--rhsm.baseurl="$BASEURL"
|
|
else
|
|
sed -i "s/^hostname\s*=.*/hostname = $KATELLO_SERVER/g" $CFG
|
|
sed -i "s/^port\s*=.*/port = $PORT/g" $CFG
|
|
sed -i "s|^prefix\s*=.*|prefix = $PREFIX|g" $CFG
|
|
sed -i "s|^repo_ca_cert\s*=.*|repo_ca_cert = %(ca_cert_dir)s$KATELLO_SERVER_CA_CERT|g" $CFG
|
|
sed -i "s|^baseurl\s*=.*|baseurl=$BASEURL|g" $CFG
|
|
fi
|
|
|
|
if grep --quiet full_refresh_on_yum $CFG; then
|
|
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $CFG
|
|
else
|
|
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
|
|
sed -i "s/baseurl.*/&\n\n$full_refresh_config/g" $CFG
|
|
fi
|
|
fi
|
|
|
|
# also add the katello ca cert to the system wide ca cert store
|
|
if [ -d $CA_TRUST_ANCHORS ]; then
|
|
update-ca-trust enable
|
|
cp $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS
|
|
update-ca-trust
|
|
|
|
# restart docker if it is installed and running
|
|
if [ -f /usr/lib/systemd/system/docker.service ]; then
|
|
systemctl status docker >/dev/null && \
|
|
systemctl restart docker >/dev/null 2&>1
|
|
elif [ -f /etc/init.d/docker ]; then
|
|
service docker status >/dev/null && \
|
|
service docker restart >/dev/null 2&>1
|
|
fi
|
|
fi
|
|
|
|
# restart goferd if it is installed and running
|
|
[ -f /etc/init.d/goferd ] && \
|
|
service goferd status >/dev/null && \
|
|
service goferd restart >/dev/null 2&>1
|
|
|
|
[ -f /bin/systemctl ] && \
|
|
systemctl try-restart goferd >/dev/null 2>&1
|
|
|
|
|
|
FQDN=`hostname -f`
|
|
if [ $? == "0" ] && [ -d /etc/rhsm/facts/ ]; then
|
|
echo "{\"network.hostname-override\":\"$FQDN\"}" > /etc/rhsm/facts/katello.facts
|
|
fi
|
|
|
|
exit 0
|
|
|
|
# vim:sw=2:ts=2:et:
|