-
Notifications
You must be signed in to change notification settings - Fork 982
/
global_registration.erb
213 lines (182 loc) · 8.79 KB
/
global_registration.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
<%#
kind: registration
name: Global Registration
model: ProvisioningTemplate
description: |
The registration template used to render OS agnostic script that any host can use to register to
this Foreman instance. It is rendered as a response in the registration API endpoint. The resulting
script contains instructions to prepare the machine for registration, to create a new Host record in Foreman,
and to fetch and run the host specific initial configuration script. The initial script is rendered based
on the template of host_init_config kind.
-%>
#!/bin/sh
# Make sure, all command output can be parsed (e.g. from subscription-manager)
export LC_ALL=C LANG=C
<%
headers = ["-H 'Authorization: Bearer #{@auth_token}'"]
activation_keys = [(@hostgroup.params['kt_activation_keys'] if @hostgroup), @activation_keys].compact.join(',')
-%>
# Rendered with following template parameters:
<%= "# User: [#{@user.login}]" if @user -%>
<%= "\n# Organization: [#{@organization.name}]" if @organization -%>
<%= "\n# Location: [#{@location.name}]" if @location -%>
<%= "\n# Host group: [#{@hostgroup.title}]" if @hostgroup -%>
<%= "\n# Operating system: [#{@operatingsystem}]" if @operatingsystem -%>
<%= "\n# Setup Insights: [#{@setup_insights}]" unless @setup_insights.nil? -%>
<%= "\n# Setup remote execution: [#{@setup_remote_execution}]" unless @setup_remote_execution.nil? -%>
<%= "\n# Setup remote execution pull: [#{@setup_remote_execution_pull}]" unless @setup_remote_execution_pull.nil? -%>
<%= "\n# Remote execution interface: [#{@remote_execution_interface}]" if @remote_execution_interface.present? -%>
<%= "\n# Packages: [#{@packages}]" if @packages.present? -%>
<%= "\n# Update packages: [#{@update_packages}]" unless @update_packages.nil? -%>
<%= "\n# Repository: [#{@repo}]" if @repo.present? -%>
<%= "\n# Repository GPG key URL: [#{@repo_gpg_key_url}]" if @repo_gpg_key_url.present? -%>
<%= "\n# Force: [#{@force}]" unless @force.nil? -%>
<%= "\n# Ignore subman errors: [#{@ignore_subman_errors}]" unless @ignore_subman_errors.nil? -%>
<%= "\n# Lifecycle environment id: [#{@lifecycle_environment_id}]" if @lifecycle_environment_id.present? -%>
<%= "\n# Activation keys: [#{activation_keys}]" if activation_keys.present? -%>
if ! [ $(id -u) = 0 ]; then
echo "Please run as root"
exit 1
fi
<%= snippet 'pkg_manager' %>
SSL_CA_CERT=$(mktemp)
cat << EOF > $SSL_CA_CERT
<%= foreman_server_ca_cert %>
EOF
cleanup_and_exit() {
rm -f $SSL_CA_CERT
exit $1
}
<% unless @repo.blank? -%>
echo '#'
echo '# Adding repository'
echo '#'
if [ -f /etc/redhat-release ]; then
cat << EOF > /etc/yum.repos.d/foreman_registration.repo
[foreman_register]
name=foreman_register
baseurl=<%= shell_escape @repo %>
enabled=1
gpgcheck=<%= @repo_gpg_key_url.present? ? 1 : 0 %>
gpgkey=<%= shell_escape @repo_gpg_key_url %>
EOF
echo "Building yum metadata cache, this may take a few minutes"
$PKG_MANAGER makecache
elif [ -f /etc/debian_version ]; then
cat << EOF > /etc/apt/sources.list.d/foreman_registration.list
<%= shell_escape @repo %>
EOF
<% if @repo_gpg_key_url.present? -%>
apt-get -y install ca-certificates gpg
curl --silent --show-error <%= shell_escape @repo_gpg_key_url %> | apt-key add -
<% end -%>
apt-get update
else
echo "Unsupported operating system, can't add repository."
cleanup_and_exit 1
fi
<% end -%>
register_host() {
curl --silent --show-error --cacert $SSL_CA_CERT --request POST <%= @registration_url %> \
<%= headers.join(' ') %> \
--data "host[name]=$(hostname --fqdn)" \
--data "host[build]=false" \
--data "host[managed]=false" \
<%= " --data 'host[organization_id]=#{@organization.id}' \\\n" if @organization -%>
<%= " --data 'host[location_id]=#{@location.id}' \\\n" if @location -%>
<%= " --data 'host[hostgroup_id]=#{@hostgroup.id}' \\\n" if @hostgroup -%>
<%= " --data 'host[operatingsystem_id]=#{@operatingsystem.id}' \\\n" if @operatingsystem -%>
<%= " --data host[interfaces_attributes][0][identifier]=#{shell_escape(@remote_execution_interface)} \\\n" if @remote_execution_interface.present? -%>
<%= " --data 'setup_insights=#{@setup_insights}' \\\n" unless @setup_insights.nil? -%>
<%= " --data 'setup_remote_execution=#{@setup_remote_execution}' \\\n" unless @setup_remote_execution.nil? -%>
<%= " --data remote_execution_interface=#{shell_escape(@remote_execution_interface)} \\\n" if @remote_execution_interface.present? -%>
<%= " --data packages=#{shell_escape(@packages)} \\\n" if @packages.present? -%>
<%= " --data 'update_packages=#{@update_packages}' \\\n" unless @update_packages.nil? -%>
}
echo "#"
echo "# Running registration"
echo "#"
<% if plugin_present?('katello') -%>
if [ -f /etc/redhat-release ]; then
register_katello_host(){
UUID=$(subscription-manager identity | head -1 | awk '{print $3}')
curl --silent --show-error --cacert $KATELLO_SERVER_CA_CERT --request POST "<%= @registration_url %>" \
--data "uuid=$UUID" \
<%= headers.join(' ') %> \
<%= " --data 'host[organization_id]=#{@organization.id}' \\\n" if @organization -%>
<%= " --data 'host[location_id]=#{@location.id}' \\\n" if @location -%>
<%= " --data 'host[hostgroup_id]=#{@hostgroup.id}' \\\n" if @hostgroup -%>
<%= " --data 'host[lifecycle_environment_id]=#{@lifecycle_environment_id}' \\\n" if @lifecycle_environment_id.present? -%>
<%= " --data 'setup_insights=#{@setup_insights}' \\\n" unless @setup_insights.nil? -%>
<%= " --data 'setup_remote_execution=#{@setup_remote_execution}' \\\n" unless @setup_remote_execution.nil? -%>
<%= " --data remote_execution_interface=#{shell_escape(@remote_execution_interface)} \\\n" if @remote_execution_interface.present? -%>
<%= " --data 'setup_remote_execution_pull=#{@setup_remote_execution_pull}' \\\n" unless @setup_remote_execution_pull.nil? -%>
<%= " --data packages=#{shell_escape(@packages)} \\\n" if @packages.present? -%>
<%= " --data 'update_packages=#{@update_packages}' \\\n" unless @update_packages.nil? -%>
}
KATELLO_SERVER_CA_CERT=/etc/rhsm/ca/katello-server-ca.pem
RHSM_CFG=/etc/rhsm/rhsm.conf
# Backup rhsm.conf
if [ -f $RHSM_CFG ] ; then
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
fi
# rhn-client-tools conflicts with subscription-manager package
# since rhn tools replaces subscription-manager, we need to explicitly
# install subscription-manager after the rhn tools cleanup
if [ x$ID = xol ]; then
$PKG_MANAGER remove -y rhn-client-tools
$PKG_MANAGER install -y --setopt=obsoletes=0 subscription-manager
fi
# Prepare SSL certificate
mkdir -p /etc/rhsm/ca
cp -f $SSL_CA_CERT $KATELLO_SERVER_CA_CERT
chmod 644 $KATELLO_SERVER_CA_CERT
# Prepare subscription-manager
<% if truthy?(@force) -%>
if [ -x "$(command -v subscription-manager)" ] ; then
subscription-manager unregister || true
subscription-manager clean
fi
$PKG_MANAGER remove -y katello-ca-consumer\*
<% end -%>
if ! [ -x "$(command -v subscription-manager)" ] ; then
$PKG_MANAGER install -y subscription-manager
else
$PKG_MANAGER upgrade -y subscription-manager
fi
if ! [ -f $RHSM_CFG ] ; then
echo "'$RHSM_CFG' not found, cannot configure subscription-manager"
cleanup_and_exit 1
fi
# Configure subscription-manager
test -f $RHSM_CFG.bak || cp $RHSM_CFG $RHSM_CFG.bak
subscription-manager config \
--server.hostname="<%= @rhsm_url.host if @rhsm_url %>" \
--server.port="<%= @rhsm_url.port if @rhsm_url %>" \
--server.prefix="<%= @rhsm_url.path if @rhsm_url %>" \
--rhsm.repo_ca_cert="$KATELLO_SERVER_CA_CERT" \
--rhsm.baseurl="<%= @pulp_content_url %>"
# Older versions of subscription manager may not recognize
# report_package_profile and package_profile_on_trans options.
# So set them separately and redirect out & error to /dev/null
# to fail silently.
subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true
# Configuration for EL6
if grep --quiet full_refresh_on_yum $RHSM_CFG; then
sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $RHSM_CFG
else
full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
sed -i "/baseurl/a $full_refresh_config" $RHSM_CFG
fi
subscription-manager register <%= '--force' if truthy?(@force) %> \
--org='<%= @organization.label if @organization %>' \
--activationkey='<%= activation_keys %>' || <%= truthy?(@ignore_subman_errors) ? 'true' : 'cleanup_and_exit 1' %>
register_katello_host | bash
else
register_host | bash
fi
<% else -%>
register_host | bash
<% end -%>
cleanup_and_exit