Commit graph

19 commits

Author SHA1 Message Date
Jenkins
e61ffb7fc8 Merge "Don't trace RHEL Registration scripts" 2015-04-21 14:29:02 +00:00
Pino Toscano
8d19032a4a Do not export REG_HALT_UNREGISTER between hook scripts
Do not rely on environment changes (like exporting REG_HALT_UNREGISTER)
to persist between different hooks run. This helps when the hooks are
run in different new environments every time.

Instead, in 99-unregister redo the same checks on REG_METHOD as done in
00-rhel-registration, still respecting REG_HALT_UNREGISTER in case the
user does not want to unregister the image generated.

Change-Id: Id594dcd72334f38a2fa96da21206da77a83d7a1a
Closes-Bug: #1434431
2015-04-08 09:28:47 +02:00
Ben Nemec
952915f25e Don't trace RHEL Registration scripts
We don't want to trace the RHEL registration scripts because that
is likely to log things like passwords and activation keys.  To
still allow for debugging failed runs, add sanitized logging of
the arguments passed to the registration commands, since that is
the part of the process where problems are most likely to manifest.

Change-Id: I0f661e9c152f43b814fda61211bd56ba93e3b9dc
2015-04-07 10:33:33 -05:00
Ian Wienand
36b59c001c Standarise tracing for scripts
There is a wide variety of tracing options through the various shell
scripts.  Some use "set -eux", others explicity set xtrace and others
do nothing.  There is a "-x" option to bin/disk-image-create but it
doesn't flow down to the many scripts it calls.

This adds a global integer variable set by disk-image-create
DIB_DEBUG_TRACE.  All scripts have a stanza added to detect this and
turn on tracing.  Any other tracing methods are rolled into this.  So
the standard header is

---
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail
---

Multiple -x options can be specified to dib-create-image, which
increases the value of DIB_DEBUG_TRACE.  If script authors feel their
script should only trace at higher levels, they should modify the
"-gt" value.  If they feel it should trace by default, they can modify
the default value also.

Changes to pachset 16 : scripts which currently trace themselves by
default have retained this behaviour with DIB_DEBUG_TRACE defaulting
to "1".  This was done by running [1] on patch set 15.  See the thread
beginning at [2]

dib-lint is also updated to look for the variable being matched.

[1] https://gist.github.com/ianw/71bbda9e6acc74ccd0fd
[2] http://lists.openstack.org/pipermail/openstack-dev/2014-November/051575.html

Change-Id: I6c5a962260741dcf6f89da9a33b96372a719b7b0
2015-02-12 10:41:32 +11:00
Ryan Brady
297c734424 Fix Satellite Repo
Previous to the Sattelite 6 release, the katello-agent and it's
dependencies needed the rhel-7-server-rh-common-beta-rpms repo
enabled.  Since the the release of Satellite 6, the "beta" can
be safely dropped.  This fixes an error where registration to a
satellite instance fails due to a 404 for the beta repo.

Change-Id: Ia9879498c7db0c912bb58ea084d448b8b3915569
2015-01-16 16:52:11 -05:00
Jenkins
af4b290328 Merge "Fix for RHEL6" 2015-01-12 16:22:18 +00:00
Jenkins
bc4880fb91 Merge "Allow for disabling rhel registration" 2015-01-09 18:31:30 +00:00
Jenkins
89e9c01cd4 Merge "Deprecates username and password from boot time registration" 2015-01-09 15:17:57 +00:00
Jenkins
e304882e9d Merge "Fix repo enablement for RHEL during registration" 2015-01-09 15:17:43 +00:00
Ryan Brady
d669d78528 Fix for RHEL6
The correct workflow for building RHEL6 images includes not using
the rhel-registration scripts in this element, but rather the 00-rhsm
script.  This patch updates the return value from 1 to 0 for the case
when the REG_METHOD is left unset.  This will allow the RHEL6 images
to build without needing to set REG_METHOD. This patch also improves
the note about RHEL6 image building.

This patch is the result of the discussion in the comments of [1].

[1] Iff7b9fc30d5a36231598a977a9edcd55229766c5

Change-Id: I2f35b8d7d8749d44d88f06e9e2c3116ff93b88fe
Closes-Bug: 1404364
2015-01-07 10:27:55 -05:00
James Slagle
697800987f Allow for disabling rhel registration
When using the rhel element, it can be uesful to disable registration.
For instance, if using an internal mirror repository that does not
require registration/authentication.

Change-Id: I42fa34e7f146137e5b1b9c5d7785702311e1dca1
2015-01-07 10:27:48 -05:00
Jenkins
ef0c043c85 Merge "Add Activation Key Support For Customer Portal" 2015-01-06 18:04:12 +00:00
Ben Nemec
68394e134e Don't trace RHEL registration scripts
These scripts are littered with references to passwords and keys,
so rather than try to disable tracing in every one of those places
I propose we simply turn it off for the scripts.  This will likely
need to be revisited after the global tracing discussion is
resolved anyway.

Change-Id: I805015300bf01b2f8eec9f70ccfdf533dd9386b3
Related-Bug: 1298205
2014-12-17 16:39:27 -06:00
Ryan Brady
2fb72d6ed9 Deprecates username and password from boot time registration
The username and password combination is considered insecure to store in
the metadata passed to the stack as they can easily be obtained and
possibly used in an unathorized manner by logging into one of the
registration systems. The use of an activation key is more desirable
as it can only be used in conjunction with subscription-manager to
register a RHEL system.

This patch deprecates the username and password support from the script
that registers RHEL with either Satellite or RH Customer Portal during
boot-time.  This patch also adds a warning if the username and password
combination is used in the stack metadata. The documentation and examples
have also been updated to warn operators of the deprecation of username
and password.

This patch does not affect the username and password support for
registration activities while building images with diskimage-builder.

Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
2014-12-09 10:56:55 -05:00
Ryan Brady
386a7a01d3 Fix repo enablement for RHEL during registration
Previously the REG_REPOS value was a space delimited list of repo
names, but the spaces were incompatible with passing through json.
If you pass a list in json through the heat parameter, the output
is the string representation of a python list of unicode vaules.
This patch changes the rhel-registration scripts to process the
REG_REPOS value as a comma delimited list which is more easily
passed through json.  Both scripts have been updated to remain
consistent.

Change-Id: I21b3fd115e53aa3b0fa4af9bbfb1f08b6fe163ab
2014-12-04 21:52:16 -05:00
Ryan Brady
bf8b77a8ea Add Activation Key Support For Customer Portal
This patch adds support to register with the hosted customer portal
using activation keys.  If an activation key is present in either
the REG_ACTIVATION_KEY or rh_registration.activation_key, it will
use that value instead of username and password credentials when
registering with Satellite or the hosted Customer Portal.  This
patch also enforces that an org must be set in either the REG_ORG
or rh_registration.org to use the activation key.

Change-Id: If40dd78ba793d508afb1a5ab345470ee5929afb0
2014-12-03 12:46:58 -05:00
Ryan Brady
ac8514c089 Enable RHEL Registration
This patch documents the 00-rhsm script as <= RHEL6 as it doesn't
work with the latest release of Satellite.  The Red Hat Network
(RHN) method of registration is being phased out in favor of Red
Hat Customer Portal and Satellite 6.  The subscription-manager
command line tool is the preferred method of registration.

The registration of RHEL is required to enable repositories for
software installation during image creation time.

This element provides functionality for registering RHEL images
during the image build process with diskimage-builder's
disk-image-create script.  The RHEL image will register itself
with either the hosted Red Hat Customer Portal or Satellite to
enable software installation from official repositories. After
the end of the image creation process, the image will unregister
itself so an entitlement will not be decremented from the account.

Boot-time registration is supported through metadata.  Please see
the configuration in the README for more information.

Change-Id: Ia9ef377cc4ed9595633888bfb248a1224e04b542
2014-10-31 12:36:43 -04:00
Ben Nemec
5c69b7a683 Make RHSM registration set -u safe
There are a bunch of optional env vars references in the rhsm
registration script, but they weren't wrapped to be set -u safe so
they cause build failures if any aren't set.

Change-Id: I18326b618f0920efa4dbd805611c6ee66d33ebb0
2014-08-21 21:39:38 -05:00
Ryan Brady
7f78be9318 Adds RHEL common element
This element contains the installation steps common to RHEL
operating system versions.

Change-Id: I37cce0bd5b5d31525f1335ecd416be570d36ad61
2014-07-25 14:17:03 -04:00