Update README, variables, and rhsm.conf.j2

- Update README to point to role's new home on Ansible Galaxy
- update rhsm.conf.j2 template so all options are variables
- cleanup rhsm.conf.j2 template by removing comments and compressing lines
- update README with new variables availble in rhsm.conf.j2 template
- increase memory in RHEL6 test machine to prevent kernel panic
- use different repos for RHEL6 and RHEL7 test VMs

Change-Id: Iebd4a992ea1bf9c393f12d2d73c04011f4fe0603

README.md

@@ -1,27 +1,53 @@
 Red Hat Subscription
 =========
-[![Galaxy](https://img.shields.io/badge/galaxy-samdoran.redhat--subscription-blue.svg?style=flat)](https://galaxy.ansible.com/samdoran/redhat-subscription)
+[![Galaxy](https://img.shields.io/badge/galaxy-openstack.redhat--subscription-blue.svg?style=flat)](https://galaxy.ansible.com/openstack/redhat-subscription)
 
-Manage Red Hat subscritions and repositories.
+Manage Red Hat subscriptions and repositories. This role supports registering to Satellite 5, Satellite 6, or the Red Hat Customer Portal.
 
 Requirements
 ------------
 
-Current Red Hat subscription.
+You will need to have an active Red Hat subscription in order for registration to succeed.
+
+Provide `rhsm_username` and `rhsm_password` _or_ `rhsm_activation_key`. These options are mutually exclusive and providing both will result in a failure. The recommended option is to provide an activation key rather than username and password.
 
 Role Variables
 --------------
 
 | Name              | Default Value       | Description          |
 |-------------------|---------------------|----------------------|
-| `rhsm_username` | No default | Red Hat Portal username. |
-| `rhsm_password` | No default | Red Hat Portal password. |
-| `rhsm_activation_key` | No default | Red Hat Portal Activation Key. |
-| `rhsm_org_id` | No default | Red Hat Portal Organization Identifier. |
+| `rhsm_username` | `[undefined]` | Red Hat Portal username. |
+| `rhsm_password` | `[undefined]` | Red Hat Portal password. |
+| `rhsm_activation_key` | `[undefined]` | Red Hat Portal Activation Key. |
+| `rhsm_org_id` | `[undefined]` | Red Hat Portal Organization Identifier. |
 | `rhsm_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. |
-| `rhsm_state` | `enable` | Whether to enable or disable a Red Hat subscription. |
-| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscibe to available repositories. |
+| `rhsm_state` | `present` | Whether to enable or disable a Red Hat subscription. |
+| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscribe to available repositories. |
+| `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. |
 | `rhsm_repos` | `[]` | The list of repositories to enable or disable. See `defaults/main.yml` for examples. |
+| `rhsm_rhsm_port` | `443` | Port to use when connecting to subscription server. |
+| `rhsm_server_hostname` | `subscription.rhn.redhat.com` | FQDN of subscription server. |
+| `rhsm_server_prefix` | `/subscription` | Server prefix |
+| `rhsm_insecure` | `False` | Disable certificate validation. |
+| `rhsm_ssl_verify_depth` | `3` | Depths certificates should be validated when checking. |
+| `rhsm_rhsm_proxy_hostname` | `[undefined]` | FQDN of outbound proxy server. |
+| `rhsm_rhsm_proxy_port` | `[undefined]` | Port to use for proxy server. |
+| `rhsm_rhsm_proxy_user` | `[undefined]` | Username to use for proxy server. |
+| `rhsm_rhsm_proxy_password` | `[undefined]` | Password to use for proxy server. Save this in an Ansible Vault or other secret store. |
+| `rhsm_baseurl` | `https://cdn.redhat.com` | Base URL for content. |
+| `rhsm_ca_cert_dir` | `/etc/rhsm/ca/` | Server CA certificate directory. |
+| `rhsm_repo_ca_cert` | `%(ca_cert_dir)sredhat-uep.pem` | Default CA to use when generating yum rep configs. |
+| `rhsm_product_cert_dir` | `/etc/pki/product` | Product certificate directory. |
+| `rhsm_entitlement_cert_dir` | `/etc/pki/entitlement` | Entitlement certificate directory. |
+| `rhsm_consumer_cert_dir` | `/etc/pki/consumer` | Consumer certificate directory. |
+| `rhsm_manage_repos` | `True` | Manage generation of yum repositories for subscribed content. |
+| `rhsm_full_refresh_on_yum` | `False` | Refresh repo files with server overrides on every `yum` command. |
+| `rhsm_report_package_profile` | `True` | Whether to report the package profiles to the subscription management service. |
+| `rhsm_plugin_dir` | `/usr/share/rhsm-plugins` | Directory to search for subscription manage plugins. |
+| `rhsm_plugin_conf_dir` | `/etc/rhsm/pluginconf.d` | Directory to search for plugin configuration files. |
+| `rhsm_cert_check_interval` | `240` | Interval in minutes to run certificate check. |
+| `rhsm_auto_attach_interval` | `1440` | Interval in minutes to run auto-attach. |
+| `rhsm_logging` | [see `defaults/main.yml`] | Logging settings for various RHSM components. |
 
 Dependencies
 ------------
@@ -43,7 +69,7 @@ Example Playbook
           - rhel-7-server-openstack-8-rpms
 
       roles:
-         - samdoran.redhat-subscription
+         - openstack.redhat-subscription
 
 License
 -------

defaults/main.yml

@@ -5,16 +5,42 @@
 # rhsm_ord_id: 1234
 
 rhsm_state: present                      # present or absent
-rhsm_autosubscribe: True
+rhsm_autosubscribe: yes
 rhsm_method: portal                      # portal or satellite
 
 rhsm_repos: []
   # - name: rhel-7-server-extras-rpms     # wildcard or repo name
-  #   state: enable                       # enable or disable
+  #   state: enabled                      # enabled or disabled
 
-# /etc/rhsm/rhsm.conf settings
+
+## /etc/rhsm/rhsm.conf settings
 rhsm_rhsm_port: 443
+rhsm_server_hostname: subscription.rhn.redhat.com
+rhsm_server_prefix: '/subscription'
+rhsm_insecure: False
+rhsm_ssl_verify_depth: 3
 # rhsm_rhsm_proxy_hostname: ""
 # rhsm_rhsm_proxy_port: ""
 # rhsm_rhsm_proxy_user: ""
 # rhsm_rhsm_proxy_password: ""
+rhsm_baseurl: https://cdn.redhat.com
+rhsm_ca_cert_dir: /etc/rhsm/ca/
+rhsm_repo_ca_cert: '%(ca_cert_dir)sredhat-uep.pem'
+rhsm_product_cert_dir: /etc/pki/product
+rhsm_entitlement_cert_dir: /etc/pki/entitlement
+rhsm_consumer_cert_dir: /etc/pki/consumer
+rhsm_manage_repos: True
+rhsm_full_refresh_on_yum: False
+rhsm_report_package_profile: True
+rhsm_plugin_dir: /usr/share/rhsm-plugins
+rhsm_plugin_conf_dir: /etc/rhsm/pluginconf.d
+rhsm_cert_check_interval: 240
+rhsm_auto_attach_interval: 1440
+rhsm_logging:
+  default: INFO
+  # subscription_manager: DEBUG
+  # subscription_manager_managercli: DEBUG
+  # rhsm: DEBUG
+  # rhsm_connection: DEBUG
+  # rhsm_app: DEBUG
+  # rhsm_app_rhsmd: DEBUG

tasks/main.yml

@@ -13,7 +13,7 @@
     mode: 0644
   tags:
     - rhsm
-    - rhsm_rhsm
+    - rhsm_conf
 
 - import_tasks: "{{ rhsm_method | default('portal') }}.yml"
   tags:

templates/rhsm.conf.j2

@@ -1,79 +1,57 @@
 # {{ ansible_managed }}
-# Red Hat Subscription Manager Configuration File:
-
-# Unified Entitlement Platform Configuration
 [server]
-# Server hostname:
-hostname = subscription.rhn.redhat.com
-
-# Server prefix:
-prefix = /subscription
-
-# Server port:
+hostname = {{ rhsm_server_hostname }}
+prefix = {{ rhsm_server_prefix }}
 port = {{ rhsm_rhsm_port }}
-
-# Set to 1 to disable certificate validation:
-insecure = 0
-
-# Set the depth of certs which should be checked
-# when validating a certificate
-ssl_verify_depth = 3
-
-# an http proxy server to use
+insecure = {{ rhsm_insecure | int }}
+ssl_verify_depth = {{ rhsm_ssl_verify_depth }}
 {% if rhsm_rhsm_proxy_hostname is defined %}
 proxy_hostname = {{ rhsm_rhsm_proxy_hostname }}
 {% endif %}
-
-# port for http proxy server
 {% if rhsm_rhsm_proxy_port is defined %}
 proxy_port = {{ rhsm_rhsm_proxy_port }}
 {% endif %}
-
 {% if rhsm_rhsm_proxy_user is defined %}
-# user name for authenticating to an http proxy, if needed
 proxy_user = {{ rhsm_rhsm_proxy_user }}
 {% endif %}
-
 {% if rhsm_rhsm_proxy_password is defined %}
-# password for basic http proxy auth, if needed
 proxy_password = {{ rhsm_rhsm_proxy_password }}
 {% endif %}
 
 [rhsm]
-# Content base URL:
-baseurl= https://cdn.redhat.com
-
-# Server CA certificate location:
-ca_cert_dir = /etc/rhsm/ca/
-
-# Default CA cert to use when generating yum repo configs:
-repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem
-
-# Where the certificates should be stored
-productCertDir = /etc/pki/product
-entitlementCertDir = /etc/pki/entitlement
-consumerCertDir = /etc/pki/consumer
-
-# Manage generation of yum repositories for subscribed content:
-manage_repos = 1
-
-# Refresh repo files with server overrides on every yum command
-full_refresh_on_yum = 0
-
-# If set to zero, the client will not report the package profile to
-# the subscription management service.
-report_package_profile = 1
-
-# The directory to search for subscription manager plugins
-pluginDir = /usr/share/rhsm-plugins
-
-# The directory to search for plugin configuration files
-pluginConfDir = /etc/rhsm/pluginconf.d
+baseurl = {{ rhsm_baseurl }}
+ca_cert_dir = {{ rhsm_ca_cert_dir }}
+repo_ca_cert = {{ rhsm_repo_ca_cert }}
+productCertDir = {{ rhsm_product_cert_dir }}
+entitlementCertDir = {{ rhsm_entitlement_cert_dir }}
+consumerCertDir = {{ rhsm_consumer_cert_dir }}
+manage_repos = {{ rhsm_manage_repos | int }}
+full_refresh_on_yum = {{ rhsm_full_refresh_on_yum | int }}
+report_package_profile = {{ rhsm_report_package_profile | int }}
+pluginDir = {{ rhsm_plugin_dir }}
+pluginConfDir = {{ rhsm_plugin_conf_dir }}
 
 [rhsmcertd]
-# Interval to run cert check (in minutes):
-certCheckInterval = 240
-# Interval to run auto-attach (in minutes):
-autoAttachInterval = 1440
-
+certCheckInterval = {{ rhsm_cert_check_interval }}
+autoAttachInterval = {{ rhsm_auto_attach_interval }}
 
+[logging]
+default_log_level = {{ rhsm_logging.default }}
+{% if rhsm_logging.subscription_manager is defined %}
+subscription_manager = {{ rhsm_logging.subscription_manager }}
+{% endif %}
+{% if rhsm_logging.subscription_manager_managercli is defined %}
+subscription_manager.managercli = {{ rhsm_logging.subscription_manager_managercli }}
+{% endif %}
+{% if rhsm_logging.rhsm is defined %}
+rhsm = {{ rhsm_logging.rhsm }}
+{% endif %}
+{% if rhsm_logging.rhsm_connection is defined %}
+rhsm.connection = {{ rhsm_logging.rhsm_connection }}
+{% endif %}
+{% if rhsm_logging.rhsm_app is defined %}
+rhsm-app = {{ rhsm_logging.rhsm_app }}
+{% endif %}
+{% if rhsm_logging.rhsm_app_rhsmd is defined %}
+rhsm-app.rhsmd = {{ rhsm_logging.rhsm_app_rhsmd }}
+{% endif %}

tests/Vagrantfile

@@ -5,9 +5,9 @@ Vagrant.configure(2) do |config|
     rhel6.vm.box = "samdoran/rhel6"
     rhel6.vm.hostname = "rhsm-rhel6"
     config.vm.provider "virtualbox" do |vbox|
-      vbox.name = "rhsm-rhel7"
+      vbox.name = "rhsm-rhel6"
       vbox.cpus = 1
-      vbox.memory = 128
+      vbox.memory = 256
     end
   end
 

tests/vars.yml

@@ -2,8 +2,15 @@ rhsm_username: "{{ lookup('env', 'RHSM_USERNAME') }}"
 rhsm_password: "{{ lookup('env', 'RHSM_PASSWORD') }}"
 rhsm_pool_ids: "{{ lookup('env', 'RHSM_POOL_ID') }}"
 rhsm_state: present
-rhsm_repos:
-  - name: rhel-7-server-extras-rpms
-    state: absent
-  - name: rhel-7-server-rh-common-rpms
-  - name: rhel-7-server-openstack-12-tools-rpms
+rhsm_repos: "{{ repos[ansible_distribution ~ '-' ~ ansible_distribution_major_version] }}"
+
+repos:
+  RedHat-6:
+    - name: rhel-{{ ansible_distribution_major_version }}-server-extras-rpms
+      state: present
+    - name: rhel-{{ ansible_distribution_major_version }}-server-rh-common-rpms
+  RedHat-7:
+    - name: rhel-{{ ansible_distribution_major_version }}-server-extras-rpms
+      state: present
+    - name: rhel-{{ ansible_distribution_major_version }}-server-rh-common-rpms
+    - name: rhel-{{ ansible_distribution_major_version }}-server-openstack-12-tools-rpms