Update README, variables, and rhsm.conf.j2

- Update README to point to role's new home on Ansible Galaxy - update rhsm.conf.j2 template so all options are variables - cleanup rhsm.conf.j2 template by removing comments and compressing lines - update README with new variables availble in rhsm.conf.j2 template - increase memory in RHEL6 test machine to prevent kernel panic - use different repos for RHEL6 and RHEL7 test VMs Change-Id: Iebd4a992ea1bf9c393f12d2d73c04011f4fe0603
2018-02-20 16:52:33 -05:00 · 2018-02-20 16:52:33 -05:00 · 569f43f79d
commit 569f43f79d
parent 00defe7fc2
6 changed files with 117 additions and 80 deletions
--- a/README.md
+++ b/README.md
@ -1,27 +1,53 @@
 Red Hat Subscription
 =========
-[![Galaxy](https://img.shields.io/badge/galaxy-samdoran.redhat--subscription-blue.svg?style=flat)](https://galaxy.ansible.com/samdoran/redhat-subscription)
+[![Galaxy](https://img.shields.io/badge/galaxy-openstack.redhat--subscription-blue.svg?style=flat)](https://galaxy.ansible.com/openstack/redhat-subscription)
-Manage Red Hat subscritions and repositories.
+Manage Red Hat subscriptions and repositories. This role supports registering to Satellite 5, Satellite 6, or the Red Hat Customer Portal.
 Requirements
 ------------
-Current Red Hat subscription.
+You will need to have an active Red Hat subscription in order for registration to succeed.
 Provide `rhsm_username` and `rhsm_password` _or_ `rhsm_activation_key`. These options are mutually exclusive and providing both will result in a failure. The recommended option is to provide an activation key rather than username and password.
 Role Variables
 --------------
 | Name              | Default Value       | Description          |
 |-------------------|---------------------|----------------------|
-| `rhsm_username` | No default | Red Hat Portal username. |
+| `rhsm_username` | `[undefined]` | Red Hat Portal username. |
-| `rhsm_password` | No default | Red Hat Portal password. |
+| `rhsm_password` | `[undefined]` | Red Hat Portal password. |
-| `rhsm_activation_key` | No default | Red Hat Portal Activation Key. |
+| `rhsm_activation_key` | `[undefined]` | Red Hat Portal Activation Key. |
-| `rhsm_org_id` | No default | Red Hat Portal Organization Identifier. |
+| `rhsm_org_id` | `[undefined]` | Red Hat Portal Organization Identifier. |
 | `rhsm_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. |
-| `rhsm_state` | `enable` | Whether to enable or disable a Red Hat subscription. |
+| `rhsm_state` | `present` | Whether to enable or disable a Red Hat subscription. |
-| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscibe to available repositories. |
+| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscribe to available repositories. |
 | `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. |
 | `rhsm_repos` | `[]` | The list of repositories to enable or disable. See `defaults/main.yml` for examples. |
 | `rhsm_rhsm_port` | `443` | Port to use when connecting to subscription server. |
 | `rhsm_server_hostname` | `subscription.rhn.redhat.com` | FQDN of subscription server. |
 | `rhsm_server_prefix` | `/subscription` | Server prefix |
 | `rhsm_insecure` | `False` | Disable certificate validation. |
 | `rhsm_ssl_verify_depth` | `3` | Depths certificates should be validated when checking. |
 | `rhsm_rhsm_proxy_hostname` | `[undefined]` | FQDN of outbound proxy server. |
 | `rhsm_rhsm_proxy_port` | `[undefined]` | Port to use for proxy server. |
 | `rhsm_rhsm_proxy_user` | `[undefined]` | Username to use for proxy server. |
 | `rhsm_rhsm_proxy_password` | `[undefined]` | Password to use for proxy server. Save this in an Ansible Vault or other secret store. |
 | `rhsm_baseurl` | `https://cdn.redhat.com` | Base URL for content. |
 | `rhsm_ca_cert_dir` | `/etc/rhsm/ca/` | Server CA certificate directory. |
 | `rhsm_repo_ca_cert` | `%(ca_cert_dir)sredhat-uep.pem` | Default CA to use when generating yum rep configs. |
 | `rhsm_product_cert_dir` | `/etc/pki/product` | Product certificate directory. |
 | `rhsm_entitlement_cert_dir` | `/etc/pki/entitlement` | Entitlement certificate directory. |
 | `rhsm_consumer_cert_dir` | `/etc/pki/consumer` | Consumer certificate directory. |
 | `rhsm_manage_repos` | `True` | Manage generation of yum repositories for subscribed content. |
 | `rhsm_full_refresh_on_yum` | `False` | Refresh repo files with server overrides on every `yum` command. |
 | `rhsm_report_package_profile` | `True` | Whether to report the package profiles to the subscription management service. |
 | `rhsm_plugin_dir` | `/usr/share/rhsm-plugins` | Directory to search for subscription manage plugins. |
 | `rhsm_plugin_conf_dir` | `/etc/rhsm/pluginconf.d` | Directory to search for plugin configuration files. |
 | `rhsm_cert_check_interval` | `240` | Interval in minutes to run certificate check. |
 | `rhsm_auto_attach_interval` | `1440` | Interval in minutes to run auto-attach. |
 | `rhsm_logging` | [see `defaults/main.yml`] | Logging settings for various RHSM components. |
 Dependencies
 ------------
@ -43,7 +69,7 @@ Example Playbook
          - rhel-7-server-openstack-8-rpms
      roles:
-         - samdoran.redhat-subscription
+         - openstack.redhat-subscription
 License
 -------
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -5,16 +5,42 @@
 # rhsm_ord_id: 1234
 rhsm_state: present                      # present or absent
-rhsm_autosubscribe: True
+rhsm_autosubscribe: yes
 rhsm_method: portal                      # portal or satellite
 rhsm_repos: []
  # - name: rhel-7-server-extras-rpms     # wildcard or repo name
-  #   state: enable                       # enable or disable
+  #   state: enabled                      # enabled or disabled
-# /etc/rhsm/rhsm.conf settings
+
 ## /etc/rhsm/rhsm.conf settings
 rhsm_rhsm_port: 443
 rhsm_server_hostname: subscription.rhn.redhat.com
 rhsm_server_prefix: '/subscription'
 rhsm_insecure: False
 rhsm_ssl_verify_depth: 3
 # rhsm_rhsm_proxy_hostname: ""
 # rhsm_rhsm_proxy_port: ""
 # rhsm_rhsm_proxy_user: ""
 # rhsm_rhsm_proxy_password: ""
 rhsm_baseurl: https://cdn.redhat.com
 rhsm_ca_cert_dir: /etc/rhsm/ca/
 rhsm_repo_ca_cert: '%(ca_cert_dir)sredhat-uep.pem'
 rhsm_product_cert_dir: /etc/pki/product
 rhsm_entitlement_cert_dir: /etc/pki/entitlement
 rhsm_consumer_cert_dir: /etc/pki/consumer
 rhsm_manage_repos: True
 rhsm_full_refresh_on_yum: False
 rhsm_report_package_profile: True
 rhsm_plugin_dir: /usr/share/rhsm-plugins
 rhsm_plugin_conf_dir: /etc/rhsm/pluginconf.d
 rhsm_cert_check_interval: 240
 rhsm_auto_attach_interval: 1440
 rhsm_logging:
  default: INFO
  # subscription_manager: DEBUG
  # subscription_manager_managercli: DEBUG
  # rhsm: DEBUG
  # rhsm_connection: DEBUG
  # rhsm_app: DEBUG
  # rhsm_app_rhsmd: DEBUG
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -13,7 +13,7 @@
    mode: 0644
  tags:
    - rhsm
-    - rhsm_rhsm
+    - rhsm_conf
 - import_tasks: "{{ rhsm_method | default('portal') }}.yml"
  tags:
--- a/templates/rhsm.conf.j2
+++ b/templates/rhsm.conf.j2
@ -1,79 +1,57 @@
 # {{ ansible_managed }}
 # Red Hat Subscription Manager Configuration File:
 # Unified Entitlement Platform Configuration
 [server]
-# Server hostname:
+hostname = {{ rhsm_server_hostname }}
-hostname = subscription.rhn.redhat.com
+prefix = {{ rhsm_server_prefix }}
 # Server prefix:
 prefix = /subscription
 # Server port:
 port = {{ rhsm_rhsm_port }}
-
+insecure = {{ rhsm_insecure | int }}
-# Set to 1 to disable certificate validation:
+ssl_verify_depth = {{ rhsm_ssl_verify_depth }}
 insecure = 0
 # Set the depth of certs which should be checked
 # when validating a certificate
 ssl_verify_depth = 3
 # an http proxy server to use
 {% if rhsm_rhsm_proxy_hostname is defined %}
 proxy_hostname = {{ rhsm_rhsm_proxy_hostname }}
 {% endif %}
 # port for http proxy server
 {% if rhsm_rhsm_proxy_port is defined %}
 proxy_port = {{ rhsm_rhsm_proxy_port }}
 {% endif %}
 {% if rhsm_rhsm_proxy_user is defined %}
 # user name for authenticating to an http proxy, if needed
 proxy_user = {{ rhsm_rhsm_proxy_user }}
 {% endif %}
 {% if rhsm_rhsm_proxy_password is defined %}
 # password for basic http proxy auth, if needed
 proxy_password = {{ rhsm_rhsm_proxy_password }}
 {% endif %}
 [rhsm]
-# Content base URL:
+baseurl = {{ rhsm_baseurl }}
-baseurl= https://cdn.redhat.com
+ca_cert_dir = {{ rhsm_ca_cert_dir }}
-
+repo_ca_cert = {{ rhsm_repo_ca_cert }}
-# Server CA certificate location:
+productCertDir = {{ rhsm_product_cert_dir }}
-ca_cert_dir = /etc/rhsm/ca/
+entitlementCertDir = {{ rhsm_entitlement_cert_dir }}
-
+consumerCertDir = {{ rhsm_consumer_cert_dir }}
-# Default CA cert to use when generating yum repo configs:
+manage_repos = {{ rhsm_manage_repos | int }}
-repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem
+full_refresh_on_yum = {{ rhsm_full_refresh_on_yum | int }}
-
+report_package_profile = {{ rhsm_report_package_profile | int }}
-# Where the certificates should be stored
+pluginDir = {{ rhsm_plugin_dir }}
-productCertDir = /etc/pki/product
+pluginConfDir = {{ rhsm_plugin_conf_dir }}
 entitlementCertDir = /etc/pki/entitlement
 consumerCertDir = /etc/pki/consumer
 # Manage generation of yum repositories for subscribed content:
 manage_repos = 1
 # Refresh repo files with server overrides on every yum command
 full_refresh_on_yum = 0
 # If set to zero, the client will not report the package profile to
 # the subscription management service.
 report_package_profile = 1
 # The directory to search for subscription manager plugins
 pluginDir = /usr/share/rhsm-plugins
 # The directory to search for plugin configuration files
 pluginConfDir = /etc/rhsm/pluginconf.d
 [rhsmcertd]
-# Interval to run cert check (in minutes):
+certCheckInterval = {{ rhsm_cert_check_interval }}
-certCheckInterval = 240
+autoAttachInterval = {{ rhsm_auto_attach_interval }}
 # Interval to run auto-attach (in minutes):
 autoAttachInterval = 1440
 [logging]
 default_log_level = {{ rhsm_logging.default }}
 {% if rhsm_logging.subscription_manager is defined %}
 subscription_manager = {{ rhsm_logging.subscription_manager }}
 {% endif %}
 {% if rhsm_logging.subscription_manager_managercli is defined %}
 subscription_manager.managercli = {{ rhsm_logging.subscription_manager_managercli }}
 {% endif %}
 {% if rhsm_logging.rhsm is defined %}
 rhsm = {{ rhsm_logging.rhsm }}
 {% endif %}
 {% if rhsm_logging.rhsm_connection is defined %}
 rhsm.connection = {{ rhsm_logging.rhsm_connection }}
 {% endif %}
 {% if rhsm_logging.rhsm_app is defined %}
 rhsm-app = {{ rhsm_logging.rhsm_app }}
 {% endif %}
 {% if rhsm_logging.rhsm_app_rhsmd is defined %}
 rhsm-app.rhsmd = {{ rhsm_logging.rhsm_app_rhsmd }}
 {% endif %}
--- a/tests/Vagrantfile
+++ b/tests/Vagrantfile
@ -5,9 +5,9 @@ Vagrant.configure(2) do |config|
    rhel6.vm.box = "samdoran/rhel6"
    rhel6.vm.hostname = "rhsm-rhel6"
    config.vm.provider "virtualbox" do |vbox|
-      vbox.name = "rhsm-rhel7"
+      vbox.name = "rhsm-rhel6"
      vbox.cpus = 1
-      vbox.memory = 128
+      vbox.memory = 256
    end
  end
--- a/tests/vars.yml
+++ b/tests/vars.yml
@ -2,8 +2,15 @@ rhsm_username: "{{ lookup('env', 'RHSM_USERNAME') }}"
 rhsm_password: "{{ lookup('env', 'RHSM_PASSWORD') }}"
 rhsm_pool_ids: "{{ lookup('env', 'RHSM_POOL_ID') }}"
 rhsm_state: present
-rhsm_repos:
+rhsm_repos: "{{ repos[ansible_distribution ~ '-' ~ ansible_distribution_major_version] }}"
-  - name: rhel-7-server-extras-rpms
+
-    state: absent
+repos:
-  - name: rhel-7-server-rh-common-rpms
+  RedHat-6:
-  - name: rhel-7-server-openstack-12-tools-rpms
+    - name: rhel-{{ ansible_distribution_major_version }}-server-extras-rpms
      state: present
    - name: rhel-{{ ansible_distribution_major_version }}-server-rh-common-rpms
  RedHat-7:
    - name: rhel-{{ ansible_distribution_major_version }}-server-extras-rpms
      state: present
    - name: rhel-{{ ansible_distribution_major_version }}-server-rh-common-rpms
    - name: rhel-{{ ansible_distribution_major_version }}-server-openstack-12-tools-rpms