RETIRED, Ansible role to configure Red Hat Subscription Management

Go to file

Emilien Macchi 6d26afa9c7 Add support for "Simplified Content Access" When Simplified Content Access is enabled for a subscription, the portal can be used with an activation key AND repositories. So this patch adds a new parameter, rhsm_simplified_content_access (False by default for backward compatibility). When set to True, we'll allow the "Configure repository subscriptions" task to be run without any warning since both the rhsm_repos and rhsm_activation_key usually mutually exclusive, now work together when simplified content access is enabled. Change-Id: I4ffa344956572ebcd5a432fe41b86eb682f8d2a3		2020-07-15 22:52:11 -04:00
ci-scripts	Initial commit	2017-12-13 20:53:08 +00:00
defaults	Add support for "Simplified Content Access"	2020-07-15 22:52:11 -04:00
library	Rename rhsm_repository module to avoid conflict.	2019-06-20 12:21:43 +02:00
meta	Fix defaults when activation key is used, add options	2018-10-17 17:29:06 -04:00
tasks	Add support for "Simplified Content Access"	2020-07-15 22:52:11 -04:00
templates	Update README, variables, and rhsm.conf.j2	2018-02-20 16:52:33 -05:00
tests	Add resiliency to subscription management role	2018-11-06 10:51:30 -05:00
vars	sat6: pull & deploy katello certs	2018-11-27 13:44:38 -05:00
zuul.d	Fix lint and zuul: add publish-to-pypi	2019-02-15 12:27:32 -05:00
.gitignore	Add resiliency to subscription management role	2018-11-06 10:51:30 -05:00
.gitreview	OpenDev Migration Patch	2019-04-19 19:27:48 +00:00
LICENSE	Initial commit	2017-12-13 20:53:08 +00:00
README.md	Add support for "Simplified Content Access"	2020-07-15 22:52:11 -04:00
ansible-requirements.txt	Initial commit	2017-12-13 20:53:08 +00:00
ansible.cfg	Initial commit	2017-12-13 20:53:08 +00:00
requirements.txt	Initial commit	2017-12-13 20:53:08 +00:00
setup.cfg	Add library/ directory to setup.cfg	2017-12-14 12:42:53 +01:00
setup.py	Fix issue with long description by using markdown format	2019-07-01 15:16:51 +02:00
test-requirements.txt	Initial commit	2017-12-13 20:53:08 +00:00
tox.ini	Update the constraints url	2019-09-25 15:01:17 +08:00

README.md

Red Hat Subscription

Manage Red Hat subscriptions and repositories. This role supports registering to Satellite 5, Satellite 6, or the Red Hat Customer Portal.

Requirements

You will need to have an active Red Hat subscription in order for registration to succeed.

Provide rhsm_username and rhsm_password or rhsm_activation_key. These options are mutually exclusive and providing both will result in a failure. The recommended option is to provide an activation key rather than username and password.

Role Variables

Name	Default Value	Description
`rhsm_method`	`portal`	Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions.
`rhsm_username`	`[undefined]`	Red Hat Portal username.
`rhsm_password`	`[undefined]`	Red Hat Portal password.
`rhsm_activation_key`	`[undefined]`	Red Hat Portal Activation Key.
`rhsm_release`	`[undefined]`	RHEL release version (e.g. 8.1).
`rhsm_org_id`	`[undefined]`	Red Hat Portal Organization Identifier.
`rhsm_pool_ids`	`[undefined]`	Red Hat Subscription pool IDs to consume.
`rhsm_state`	`present`	Whether to enable or disable a Red Hat subscription.
`rhsm_autosubscribe`	`[undefined]`	Whether or not to autosubscribe to available repositories.
`rhsm_consumer_hostname`	`[undefined]`	Name of the system to use when registering. Defaults to using the system hostname if undefined.
`rhsm_force_register`	`False`	Whether or not to force registration.
`rhsm_repos`	`[]`	The list of repositories to enable or disable.
`rhsm_repos_state`	`[undefined]`	The state of all repos in `rhsm_repos`. The module default is `enabled`.
`rhsm_repos_purge`	`[undefined]`	Whether or not to disable repos not specified in `rhsm_repos`. The module default is `False`.
`rhsm_rhsm_port`	`443`	Port to use when connecting to subscription server. Must be 8443 if a capsule is used otherwise 443 for Satellite or RHN.
`rhsm_server_hostname`	`subscription.rhn.redhat.com`	FQDN of subscription server.
`rhsm_server_prefix`	`/subscription` or `/rhsm`	RHS server prefix. `/subscription` when using registering via `portal`, `/rhsm` when registering via `satellite`.
`rhsm_insecure`	`False`	Disable certificate validation.
`rhsm_simplified_content_access`	`False`	Enable Simplified Content Access.
`rhsm_ssl_verify_depth`	`3`	Depths certificates should be validated when checking.
`rhsm_rhsm_proxy_proto`	`[undefined]`	protocol used to reach the proxy server (http or https).
`rhsm_rhsm_proxy_hostname`	`[undefined]`	FQDN of outbound proxy server.
`rhsm_rhsm_proxy_port`	`[undefined]`	Port to use for proxy server.
`rhsm_rhsm_proxy_user`	`[undefined]`	Username to use for proxy server.
`rhsm_rhsm_proxy_password`	`[undefined]`	Password to use for proxy server. Save this in an Ansible Vault or other secret store.
`rhsm_baseurl`	`https://cdn.redhat.com`	Base URL for content.
`rhsm_satellite_url`	`[see defaults/main.yml]`	URL of the Satellite server that will be probed to determine the Satellite version. Uses the scheme and hostname of `rhsm_baseurl` by default.
`rhsm_ca_cert_dir`	`/etc/rhsm/ca/`	Server CA certificate directory.
`rhsm_product_cert_dir`	`/etc/pki/product`	Product certificate directory.
`rhsm_entitlement_cert_dir`	`/etc/pki/entitlement`	Entitlement certificate directory.
`rhsm_consumer_cert_dir`	`/etc/pki/consumer`	Consumer certificate directory.
`rhsm_manage_repos`	`True`	Manage generation of yum repositories for subscribed content.
`rhsm_full_refresh_on_yum`	`False`	Refresh repo files with server overrides on every `yum` command.
`rhsm_report_package_profile`	`True`	Whether to report the package profiles to the subscription management service.
`rhsm_plugin_dir`	`/usr/share/rhsm-plugins`	Directory to search for subscription manage plugins.
`rhsm_plugin_conf_dir`	`/etc/rhsm/pluginconf.d`	Directory to search for plugin configuration files.
`rhsm_cert_check_interval`	`240`	Interval in minutes to run certificate check.
`rhsm_auto_attach_interval`	`1440`	Interval in minutes to run auto-attach.
`rhsm_logging`	[see `defaults/main.yml`]	Logging settings for various RHSM components.

Dependencies

None.

About repositories

If you are using an activation key with Satellite, the repositories that are associated to the subscription are configured in your local instance of Satellite. You can't specify rhsm_repos parameter if you are using rhsm_activation_key with Satellite. Otherwise, when using Portal registration method you can use either rhsm_username and rhsm_password or activation key and you can use rhsm_repos to select which repos get deployed.

Example Playbook with Red Hat portal

- hosts: all
  vars:
    rhsm_username: bob.smith@acme.com
    rhsm_password: "{{ vault_rhsm_password }}"
    rhsm_repos:
      - rhel-7-server-rpms
      - rhel-7-server-extras-rpms
      - rhel-7-server-rh-common-rpms
      - rhel-ha-for-rhel-7-server-rpms
  roles:
    - openstack.redhat-subscription

Example Playbook with Satellite 6

- hosts: all
  vars:
    rhsm_activation_key: "secrete_key"
    rhsm_org_id: "Default_Organization"
    rhsm_server_hostname: "mysatserver.com"
    rhsm_baseurl: "https://mysatserver.com/pulp/repos"
    rhsm_method: satellite
    rhsm_insecure: yes
  roles:
    - openstack.redhat-subscription

Example Playbook to unregister

- hosts: all
  tasks:
    - name: Unregister the node
      include_role:
        name: openstack.redhat-subscription
        tasks_from: unregister

License

Apache 2.0