openstack/tripleo-ansible
Code Issues Proposed changes
5bc4884d4a
tripleo-ansible/doc/source/roles/role-tripleo_redhat_enforce.rst
Sofer Athlan-Guyot e65996b878 tripleo_redhat_enforce new role to enforce RHOSP constraints. 
OSP, the downstream version of tripleo have to enforce some policies
for rhel version and subscribed channel.

This module hosts hoses requirements, so that we prevent update to
wrong rhel release or subscription to wrong channels.

Currently it only implements a basic check to the subscribed rhel
version.

This check has some fail-safe logic to avoid crashing the update on
temporary network issue when running subscription-manager.

We are avoiding the validation framework as this can be easily
disabled and we want this enforcement to be mandatory as this could
lead user to unsupported combination of OSP/RHEL.

For upstream that change is transparent as the tasks are skipped if
the ansible_distribution is not Red Hat.

For Red Hat, there will be a mechanism in THT to avoid the check
altogether, for instance for CI purposes.

For this first check (RHEL/OSP version), downstream patches will add
the required values in vars/redhat.yml.

Change-Id: I2d1ac92ee6ee8407fb156a2718f94ad3e9220bbe
2020-04-28 10:05:46 +02:00

67 lines
2.8 KiB
ReStructuredText
Raw Blame History

=====================================
Role - tripleo_redhat_enforce
=====================================
.. ansibleautoplugin::
:role: tripleo_ansible/roles/tripleo_redhat_enforce
Description
~~~~~~~~~~~
This role is for OSP, the downstream version of tripleo and shouldn't
be used with other OS as it required the host to be subscribed.
It enforces policies regarding rhel version and subscribed channel
according to the OSP version used.
This module hosts those requirements, so that we prevent update to
wrong rhel release or subscription to wrong channels.
Currently it only implements a basic check to the subscribed rhel
version.
This check has some fail-safe logic to avoid crashing the update on
temporary network issue when running subscription-manager.
We are avoiding the validation framework as this can be easily
disabled and we want this enforcement to be mandatory as this could
lead user to unsupported combination of OSP/RHEL.
For upstream that change is transparent as the tasks are skipped if
the ansible_distribution is not Red Hat.
Usage
~~~~~
Very simple usage, just pass the right parameter for the version you
plan to check.
Remember this won't have any effects on anything else than a Red Hat
subscribed host.
.. code-block:: YAML
- name: Enforce RHOSP rules regarding subscription.
include_role:
name: tripleo_redhat_enforce
vars:
tripleo_redhat_enforce_osp: 16.0
tripleo_redhat_enforce_os: 8.1
Roles variables
~~~~~~~~~~~~~~~
+------------------------------------------------+-----------------------------+-------------------------------+
| Name | Default Value | Description |
+================================================+=============================+===============================+
| tripleo_redhat_enforce_debug | false | No used currently |
+------------------------------------------------+-----------------------------+-------------------------------+
| tripleo_redhat_enforce | true on Red Hat distribution| Set to true to run validation |
| | false everywhere else | |
+------------------------------------------------+-----------------------------+-------------------------------+
| tripleo_redhat_enforce_osp | OSP version (16.0, 16.1,...)| Version of OSP |
+------------------------------------------------+-----------------------------+-------------------------------+
| tripleo_redhat_enforce_os | RHEL version (8.1, 8.2, ...)| Version of RHEL |
+------------------------------------------------+-----------------------------+-------------------------------+
View Git Blame Copy Permalink