openstack/tripleo-heat-templates
Code Issues Proposed changes

Remove pre_deploy/rhel-registration

Browse Source 
The rhel-registration scripts support has been removed. It was replaced in
Rocky by the Ansible RHSM role. Upgrades have been tested and the new
configuration is well documented.

https://docs.openstack.org/tripleo-docs/latest/install/advanced_deployment/rhsm.html

Change-Id: I596028eae8174fa86d7a721b8688c57c69d3d62c
This commit is contained in:
Emilien Macchi 2019-07-09 17:21:10 -04:00
parent c576556c58
commit b8a9fbc0e6
6 changed files with 6 additions and 574 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
extraconfig/pre_deploy/rhel-registration/environment-rhel-registration.yaml
View File

@ -1,27 +0,0 @@
# Note this can be specified either in the call
# to heat stack-create via an additional -e option
# or via the global environment on the seed in
# /etc/heat/environment.d/default.yaml
parameter_defaults:
rhel_reg_activation_key: ""
rhel_reg_auto_attach: ""
rhel_reg_base_url: ""
rhel_reg_environment: ""
rhel_reg_force: ""
rhel_reg_machine_name: ""
rhel_reg_org: ""
rhel_reg_password: ""
rhel_reg_pool_id: ""
rhel_reg_release: ""
rhel_reg_repos: ""
rhel_reg_sat_url: ""
rhel_reg_server_url: ""
rhel_reg_service_level: ""
rhel_reg_user: ""
rhel_reg_type: ""
rhel_reg_method: ""
rhel_reg_sat_repo: "rhel-7-server-satellite-tools-6.2-rpms"
rhel_reg_http_proxy_host: ""
rhel_reg_http_proxy_port: ""
rhel_reg_http_proxy_username: ""
rhel_reg_http_proxy_password: ""

2
extraconfig/pre_deploy/rhel-registration/rhel-registration-resource-registry.yaml
View File

@ -1,2 +0,0 @@
resource_registry:
OS::TripleO::NodeExtraConfig: rhel-registration.yaml

216
extraconfig/pre_deploy/rhel-registration/rhel-registration.yaml
View File

@ -1,216 +0,0 @@
heat_template_version: rocky
description: >
RHEL Registration and unregistration software deployments.
# Note extra parameters can be defined, then passed data via the
# environment parameter_defaults, without modifying the parent template
parameters:
server:
type: string
# To be defined via a local or global environment in parameter_defaults
rhel_reg_activation_key:
type: string
rhel_reg_auto_attach:
type: string
rhel_reg_base_url:
type: string
rhel_reg_environment:
type: string
rhel_reg_force:
type: string
rhel_reg_machine_name:
type: string
rhel_reg_org:
type: string
rhel_reg_password:
type: string
rhel_reg_pool_id:
type: string
rhel_reg_release:
type: string
rhel_reg_repos:
type: string
rhel_reg_sat_url:
type: string
rhel_reg_server_url:
type: string
rhel_reg_service_level:
type: string
rhel_reg_user:
type: string
rhel_reg_type:
type: string
rhel_reg_method:
type: string
rhel_reg_sat_repo:
type: string
rhel_reg_http_proxy_host:
type: string
rhel_reg_http_proxy_port:
type: string
rhel_reg_http_proxy_username:
type: string
rhel_reg_http_proxy_password:
type: string
UpdateOnRHELRegistration:
type: boolean
default: false
description: |
When enabled, the system will perform a yum update after performing the
RHEL Registration process.
DeleteOnRHELUnregistration:
type: boolean
default: false
description: |
When true, the system profile will be deleted from the registration
service when the rhel-registration.yaml nested stack is deleted.
RHELRegistrationActions:
type: comma_delimited_list
default:
- CREATE
description: Actions when the system profile will be registered, by default we only do this on CREATE of a new server, not for existing nodes.
UseSatelliteOrgMode:
type: boolean
default: false
description: When satellite is used in Organisation mode, this option must be enabled.
conditions:
unregister_on_delete:
equals:
- {get_param: DeleteOnRHELUnregistration}
- true
update_requested:
equals:
- {get_param: UpdateOnRHELRegistration}
- true
resources:
RHELRegistration:
type: OS::Heat::SoftwareConfig
properties:
group: script
inputs:
- name: REG_ACTIVATION_KEY
- name: REG_AUTO_ATTACH
- name: REG_BASE_URL
- name: REG_ENVIRONMENT
- name: REG_FORCE
- name: REG_MACHINE_NAME
- name: REG_ORG
- name: REG_PASSWORD
- name: REG_POOL_ID
- name: REG_RELEASE
- name: REG_REPOS
- name: REG_SAT_URL
- name: REG_SERVER_URL
- name: REG_SERVICE_LEVEL
- name: REG_USER
- name: REG_TYPE
- name: REG_METHOD
- name: REG_SAT_REPO
- name: REG_HTTP_PROXY_HOST
- name: REG_HTTP_PROXY_PORT
- name: REG_HTTP_PROXY_USERNAME
- name: REG_HTTP_PROXY_PASSWORD
- name: REG_SAT_ORGMODE
config: {get_file: scripts/rhel-registration}
RHELRegistrationDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: RHELRegistrationDeployment
server: {get_param: server}
config: {get_resource: RHELRegistration}
actions: {get_param: RHELRegistrationActions}
input_values:
REG_ACTIVATION_KEY: {get_param: rhel_reg_activation_key}
REG_AUTO_ATTACH: {get_param: rhel_reg_auto_attach}
REG_BASE_URL: {get_param: rhel_reg_base_url}
REG_ENVIRONMENT: {get_param: rhel_reg_environment}
REG_FORCE: {get_param: rhel_reg_force}
REG_MACHINE_NAME: {get_param: rhel_reg_machine_name}
REG_ORG: {get_param: rhel_reg_org}
REG_PASSWORD: {get_param: rhel_reg_password}
REG_POOL_ID: {get_param: rhel_reg_pool_id}
REG_RELEASE: {get_param: rhel_reg_release}
REG_REPOS: {get_param: rhel_reg_repos}
REG_SAT_URL: {get_param: rhel_reg_sat_url}
REG_SERVER_URL: {get_param: rhel_reg_server_url}
REG_SERVICE_LEVEL: {get_param: rhel_reg_service_level}
REG_USER: {get_param: rhel_reg_user}
REG_TYPE: {get_param: rhel_reg_type}
REG_METHOD: {get_param: rhel_reg_method}
REG_SAT_REPO: {get_param: rhel_reg_sat_repo}
REG_HTTP_PROXY_HOST: {get_param: rhel_reg_http_proxy_host}
REG_HTTP_PROXY_PORT: {get_param: rhel_reg_http_proxy_port}
REG_HTTP_PROXY_USERNAME: {get_param: rhel_reg_http_proxy_username}
REG_HTTP_PROXY_PASSWORD: {get_param: rhel_reg_http_proxy_password}
REG_SAT_ORGMODE: {get_param: UseSatelliteOrgMode}
RHELUnregistration:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: {get_file: scripts/rhel-unregistration}
inputs:
- name: REG_METHOD
RHELUnregistrationDeployment:
type: OS::Heat::SoftwareDeployment
properties:
name: RHELUnregistrationDeployment
server: {get_param: server}
config: {get_resource: RHELUnregistration}
actions:
if:
- unregister_on_delete
- ['DELETE']
- []
input_values:
REG_METHOD: {get_param: rhel_reg_method}
YumUpdateConfigurationAfterRHELRegistration:
type: OS::Heat::SoftwareConfig
properties:
group: script
config: |
#!/bin/bash
set -x
# yum check-update exits 100 if updates are available
set +e
check_update=$(yum check-update 2>&1)
check_update_exit=$?
set -e
if [[ "$check_update_exit" == "100" ]]; then
full_command="yum -q -y update"
echo "Running: $full_command"
result=$($full_command)
return_code=$?
echo "$result"
echo "yum return code: $return_code"
exit $return_code
elif [[ "$check_update_exit" == "1" ]]; then
echo "Failed to check for package updates"
echo "$check_update"
else
echo "No packages require updating"
exit 0
fi
UpdateDeploymentAfterRHELRegistration:
type: OS::Heat::SoftwareDeployment
depends_on: RHELRegistrationDeployment
condition: update_requested
properties:
name: UpdateDeploymentAfterRHELRegistration
config: {get_resource: YumUpdateConfigurationAfterRHELRegistration}
server: {get_param: server}
actions: {get_param: RHELRegistrationActions}
outputs:
deploy_stdout:
description: Deployment reference, used to trigger puppet apply on changes
value: {get_attr: [RHELRegistrationDeployment, deploy_stdout]}

308
extraconfig/pre_deploy/rhel-registration/scripts/rhel-registration
View File

@ -1,308 +0,0 @@
#!/bin/bash
# dib-lint: disable=setu sete setpipefail dibdebugtrace
set -eu
set -o pipefail
OK=/mnt/state/var/lib/rhsm/rhsm.ok
if [ -e $OK ] ; then
exit 0
fi
retry_max_count=10
opts=
config_opts=
attach_opts=
sat5_opts=
repos="repos --enable rhel-7-server-rpms"
satellite_repo=${REG_SAT_REPO}
proxy_host=
proxy_port=
proxy_url=
proxy_username=
proxy_password=
curl_opts="--retry-delay 10 --max-time 30 --retry ${retry_max_count} --cacert /etc/rhsm/ca/redhat-uep.pem"
server=$(grep '^hostname' /etc/rhsm/rhsm.conf | cut -d = -f2 | sed 's/\s//')
portal_test_url="https://${server}/subscription/"
# process variables..
if [ -n "${REG_AUTO_ATTACH:-}" ]; then
opts="$opts --auto-attach"
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
opts="$opts --servicelevel $REG_SERVICE_LEVEL"
fi
if [ -n "${REG_RELEASE:-}" ]; then
opts="$opts --release=$REG_RELEASE"
fi
else
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
echo "WARNING: REG_SERVICE_LEVEL set without REG_AUTO_ATTACH."
fi
if [ -n "${REG_RELEASE:-}" ]; then
echo "WARNING: REG_RELEASE set without REG_AUTO_ATTACH."
fi
if [ -n "${REG_POOL_ID:-}" ]; then
attach_opts="$attach_opts --pool=$REG_POOL_ID"
fi
fi
if [ -n "${REG_BASE_URL:-}" ]; then
opts="$opts --baseurl=$REG_BASE_URL"
fi
if [ -n "${REG_ENVIRONMENT:-}" ]; then
opts="$opts --env=$REG_ENVIRONMENT"
fi
if [ -n "${REG_FORCE:-}" ]; then
opts="$opts --force"
sat5_opts="$sat5_opts --force"
fi
if [ -n "${REG_SERVER_URL:-}" ]; then
opts="$opts --serverurl=$REG_SERVER_URL"
fi
if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
opts="$opts --activationkey=$REG_ACTIVATION_KEY"
sat5_opts="$sat5_opts --activationkey=$REG_ACTIVATION_KEY"
if [ -z "${REG_ORG:-}" ]; then
echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG."
fi
else
echo "WARNING: Support for registering with a username and password is deprecated."
echo "Please use activation keys instead. See the README for more information."
if [ -n "${REG_PASSWORD:-}" ]; then
opts="$opts --password $REG_PASSWORD"
fi
if [ -n "${REG_USER:-}" ]; then
opts="$opts --username $REG_USER"
fi
fi
if [ -n "${REG_MACHINE_NAME:-}" ]; then
opts="$opts --name $REG_MACHINE_NAME"
sat5_opts="$sat5_opts --profilename=$REG_MACHINE_NAME"
fi
if [ -n "${REG_ORG:-}" ]; then
opts="$opts --org=$REG_ORG"
sat5_opts="$sat5_opts --systemorgid=$REG_ORG"
fi
if [ -n "${REG_REPOS:-}" ]; then
for repo in $(echo $REG_REPOS | tr ',' '\n'); do
repos="$repos --enable $repo"
done
fi
if [ -n "${REG_TYPE:-}" ]; then
opts="$opts --type=$REG_TYPE"
fi
# Proxy settings (host and port)
if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
proxy_host="${REG_HTTP_PROXY_HOST}"
fi
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
proxy_port="${REG_HTTP_PROXY_PORT}"
fi
# Proxy settings (user and password)
if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
proxy_username="${REG_HTTP_PROXY_USERNAME}"
fi
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
proxy_password="${REG_HTTP_PROXY_PASSWORD}"
fi
# Sanity Checks for proxy host/port/user/password
if [ -n "${REG_HTTP_PROXY_HOST:-}" ]; then
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
# Good both values are not empty
proxy_url="http://${proxy_host}:${proxy_port}"
config_opts="--server.proxy_hostname=${proxy_host} --server.proxy_port=${proxy_port}"
sat5_opts="${sat5_opts} --proxy=${proxy_url}"
curl_opts="${curl_opts} -x http://${proxy_host}:${proxy_port}"
echo "RHSM Proxy set to: ${proxy_url}"
if [ -n "${REG_HTTP_PROXY_USERNAME:-}" ]; then
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
config_opts="${config_opts} --server.proxy_user=${proxy_username} --server.proxy_password=${proxy_password}"
sat5_opts="${sat5_opts} --proxyUser=${proxy_username} --proxyPassword=${proxy_password}"
curl_opts="${curl_opts} --proxy-user ${proxy_username}:${proxy_password}"
else
echo "Warning: REG_HTTP_PROXY_PASSWORD cannot be null with non-empty REG_HTTP_PROXY_USERNAME! Skipping..."
proxy_username= ; proxy_password=
fi
else
if [ -n "${REG_HTTP_PROXY_PASSWORD:-}" ]; then
echo "Warning: REG_HTTP_PROXY_USERNAME cannot be null with non-empty REG_HTTP_PROXY_PASSWORD! Skipping..."
proxy_username= ; proxy_password=
fi
fi
else
echo "Warning: REG_HTTP_PROXY_PORT cannot be null with non-empty REG_HTTP_PROXY_HOST! Skipping..."
proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password=
fi
else
if [ -n "${REG_HTTP_PROXY_PORT:-}" ]; then
echo "Warning: REG_HTTP_PROXY_HOST cannot be null with non-empty REG_HTTP_PROXY_PORT! Skipping..."
proxy_host= ; proxy_port= ; proxy_url= ; proxy_username= ; proxy_password=
fi
fi
function retry() {
# Inhibit -e since we want to retry without exiting..
set +e
# Retry delay (seconds)
retry_delay=2.0
retry_count=0
mycli="$@"
while [ $retry_count -lt ${retry_max_count} ]
do
echo "INFO: Sleeping ${retry_delay} ..."
sleep ${retry_delay}
echo "INFO: Executing '${mycli}' ..."
${mycli}
if [ $? -eq 0 ]; then
echo "INFO: Ran '${mycli}' successfully, not retrying..."
break
else
echo "WARN: Failed to connect when running '${mycli}', retrying (attempt #$retry_count )..."
retry_count=$(echo $retry_count + 1 | bc)
fi
done
if [ $retry_count -ge ${retry_max_count} ]; then
echo "ERROR: Failed to connect after ${retry_max_count} attempts when running '${mycli}'"
exit 1
fi
# Re-enable -e when exiting retry()
set -e
}
function detect_satellite_server {
if curl ${curl_opts} -L -k -s -D - -o /dev/null $REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm | grep "200 OK"; then
echo Satellite 6 or beyond with Katello API detected at $REG_SAT_URL
katello_api_enabled=1
elif curl ${curl_opts} -L -k -s -D - -o /dev/null $REG_SAT_URL/rhn/Login.do | grep "200 OK"; then
echo Satellite 5 with RHN detected at $REG_SAT_URL
katello_api_enabled=0
else
echo No Satellite detected at $REG_SAT_URL
exit 1
fi
}
if [ "x${proxy_url}" != "x" ]; then
# Before everything, we want to make sure the proxy can be reached
# Note: no need to manage retries, already done by retry() function.
echo "Testing proxy connectivity..."
retry bash -c "</dev/tcp/${proxy_host}/${proxy_port}"
echo "Proxy ${proxy_url} is reachable!"
# Config subscription-manager for proxy
subscription-manager config ${config_opts}
# Config yum for proxy..
sed -i -e '/^proxy=/d' /etc/yum.conf
echo "proxy=${proxy_url}" >> /etc/yum.conf
# Handle optional username/password
if [ -n "${proxy_username}" ]; then
sed -i -e '/^proxy_username=/d' /etc/yum.conf
echo "proxy_username=${proxy_username}" >> /etc/yum.conf
fi
if [ -n "${proxy_password}" ]; then
sed -i -e '/^proxy_password=/d' /etc/yum.conf
echo "proxy_password=${proxy_password}" >> /etc/yum.conf
fi
fi
case "${REG_METHOD:-}" in
portal)
# First test curl to RHSM through the specified proxy
if curl ${curl_opts} -L -s -D - -o /dev/null ${portal_test_url}|grep '200 OK'; then
if [ "x${proxy_url}" = "x" ]; then
echo "Access to RHSM portal OK, continuing..."
else
echo "Access to RHSM portal through proxy ${proxy_url} OK, continuing..."
fi
else
if [ "x${proxy_url}" = "x" ]; then
echo "Unable to access RHSM portal! Please check your parameters."
else
echo "Unable to access RHSM portal through configured HTTP proxy (${proxy_url}) ! Please check your parameters."
fi
exit 1
fi
retry subscription-manager register $opts
if [ -z "${REG_AUTO_ATTACH:-}" -a -z "${REG_ACTIVATION_KEY:-}" ]; then
retry subscription-manager attach $attach_opts
fi
retry subscription-manager repos --disable='*'
retry subscription-manager $repos
;;
satellite)
detect_satellite_server
if [ "$katello_api_enabled" = "1" ]; then
repos="$repos --enable ${satellite_repo}"
curl ${curl_opts} -L -k -O "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm"
# https://bugs.launchpad.net/tripleo/+bug/1711435
# Delete the /etc/rhsm/facts directory entirely so that the
# %post script from katello-ca-consumer does not override the
# hostname with $(hostname -f) if there is no fqdn set
fqdn=$(hostname -f)
if [ "$fqdn" = "localhost" -o "$fqdn" = "localhost.localdomain" ]; then
rm -rf /etc/rhsm/facts
fi
rpm -Uvh katello-ca-consumer-latest.noarch.rpm || true
if [ "$REG_SAT_ORGMODE" = "True" ]; then
subscription-manager register $opts || true
subscription-manager $repos || true
if [ $(subscription-manager status |grep -c "Content Access Mode is set to Organization/Environment") = 0 ]; then
echo "Fail to register the node to satellite in Organization mode"
exit 1
fi
else
retry subscription-manager register $opts
retry subscription-manager $repos
fi
yum install -y katello-agent || true # needed for errata reporting to satellite6
katello-package-upload
# https://bugs.launchpad.net/tripleo/+bug/1711435
# recreate the facts dir just in case we rm'd it earlier
mkdir -p /etc/rhsm/facts
else
pushd /usr/share/rhn/
curl ${curl_opts} -k -O $REG_SAT_URL/pub/RHN-ORG-TRUSTED-SSL-CERT
popd
retry rhnreg_ks --serverUrl=$REG_SAT_URL/XMLRPC $sat5_opts
fi
;;
disable)
echo "Disabling RHEL registration"
;;
*)
echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD."
exit 0
esac
mkdir -p $(dirname $OK)
touch $OK

21
extraconfig/pre_deploy/rhel-registration/scripts/rhel-unregistration
View File

@ -1,21 +0,0 @@
#!/bin/bash
set -eux
set -o pipefail
case "${REG_METHOD:-}" in
portal|satellite)
# Allow unregistration to fail.
# We don't want to fail stack deletes if unregistration fails.
# Note that this will be a no-op on satellite 5, which doesn't support
# unregistering from the cli.
subscription-manager unregister || true
subscription-manager clean || true
;;
disable)
echo "Disabling RHEL unregistration"
;;
*)
echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD."
exit 0
esac

6
releasenotes/notes/rhel-registration-2752c4e0a14cec98.yaml Normal file
View File

@ -0,0 +1,6 @@
---
deprecations:
- |
The rhel-registration scripts support has been removed. It was replaced in
Rocky by the Ansible RHSM role. Upgrades have been tested and the new
configuration is well documented.