Project

General

Profile

Download (3.75 KB) Statistics
| Branch: | Tag: | Revision:

puppet-certs/templates/rhsm-katello-reconfigure.erb @ 1544376d

KATELLO_SERVER=<%= scope['certs::katello::hostname'] %>
KATELLO_SERVER_CA_CERT=<%= scope['certs::server_ca_name'] %>.pem
KATELLO_DEFAULT_CA_CERT=<%= scope['certs::default_ca_name'] %>.pem
KATELLO_CERT_DIR=<%= scope['certs::katello::rhsm_ca_dir'] %>
PORT=<%= scope['certs::katello::rhsm_port'] %>

PREFIX=<%= scope['certs::katello::deployment_url'] %>
CFG=/etc/rhsm/rhsm.conf
CFG_BACKUP=$CFG.kat-backup
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors

# exit on non-RHEL systems or when rhsm.conf is not found
test -f $CFG || exit
type -P subscription-manager >/dev/null || type -P subscription-manager-cli >/dev/null || exit

# backup configuration during the first run
test -f $CFG_BACKUP || cp $CFG $CFG_BACKUP

#create the cert
echo "$KATELLO_SERVER_CA_DATA" > $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT
chmod 644 $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT

echo "$KATELLO_DEFAULT_CA_DATA" > $KATELLO_CERT_DIR/$KATELLO_DEFAULT_CA_CERT
chmod 644 $KATELLO_CERT_DIR/$KATELLO_DEFAULT_CA_CERT

# if atomic machine handle it the atomic way, else handle the regular rhel way
if [ -n "${IS_ATOMIC+1}" ] || [ -e "/run/ostree-booted" ]
then
#atomic setup
BASEURL=https://$KATELLO_SERVER/pulp/ostree/web/

# configure rhsm
# the config command was introduced in rhsm 0.96.6
subscription-manager config \
--server.hostname="$KATELLO_SERVER" \
--server.prefix="$PREFIX" \
--server.port="$PORT" \
--rhsm.repo_ca_cert="%(ca_cert_dir)s$KATELLO_SERVER_CA_CERT" \
--rhsm.baseurl="$BASEURL"
else
# rhel setup
BASEURL=https://$KATELLO_SERVER/pulp/repos

# Get version of RHSM
RHSM_V="`rpm -q --queryformat='%{VERSION}' subscription-manager 2> /dev/null | tr . ' '`"
if test $? != 0 ; then
RHSM_V="0 0 0"
fi
declare -a RHSM_VERSION=($RHSM_V)

# configure rhsm
# the config command was introduced in rhsm 0.96.6
# fallback left for older versions
if test ${RHSM_VERSION[0]:-0} -gt 0 -o ${RHSM_VERSION[1]:-0} -gt 96 -o \( ${RHSM_VERSION[1]:-0} -eq 96 -a ${RHSM_VERSION[2]:-0} -gt 6 \); then
subscription-manager config \
--server.hostname="$KATELLO_SERVER" \
--server.prefix="$PREFIX" \
--server.port="$PORT" \
--rhsm.repo_ca_cert="%(ca_cert_dir)s$KATELLO_SERVER_CA_CERT" \
--rhsm.baseurl="$BASEURL"
else
sed -i "s/^hostname\s*=.*/hostname = $KATELLO_SERVER/g" $CFG
sed -i "s/^port\s*=.*/port = $PORT/g" $CFG
sed -i "s|^prefix\s*=.*|prefix = $PREFIX|g" $CFG
sed -i "s|^repo_ca_cert\s*=.*|repo_ca_cert = %(ca_cert_dir)s$KATELLO_SERVER_CA_CERT|g" $CFG
sed -i "s|^baseurl\s*=.*|baseurl=$BASEURL|g" $CFG
fi

if grep --quiet full_refresh_on_yum $CFG; then
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $CFG
else
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
sed -i "s/baseurl.*/&\n\n$full_refresh_config/g" $CFG
fi
fi

# also add the katello ca cert to the system wide ca cert store
if [ -d $CA_TRUST_ANCHORS ]; then
update-ca-trust enable
cp $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS
update-ca-trust

# restart docker if it is installed and running
if [ -f /usr/lib/systemd/system/docker.service ]; then
systemctl status docker >/dev/null && \
systemctl restart docker >/dev/null 2&>1
elif [ -f /etc/init.d/docker ]; then
service docker status >/dev/null && \
service docker restart >/dev/null 2&>1
fi
fi

# restart goferd if it is installed and running
[ -f /etc/init.d/goferd ] && \
service goferd status >/dev/null && \
service goferd restart >/dev/null 2&>1

[ -f /bin/systemctl ] && \
systemctl try-restart goferd >/dev/null 2>&1


FQDN=`hostname -f`
if [ $? == "0" ] && [ -d /etc/rhsm/facts/ ]; then
echo "{\"network.hostname-override\":\"$FQDN\"}" > /etc/rhsm/facts/katello.facts
fi

exit 0

# vim:sw=2:ts=2:et:
    (1-1/1)