These scripts are littered with references to passwords and keys,
so rather than try to disable tracing in every one of those places
I propose we simply turn it off for the scripts. This will likely
need to be revisited after the global tracing discussion is
resolved anyway.
Change-Id: I805015300bf01b2f8eec9f70ccfdf533dd9386b3
Related-Bug: 1298205
The username and password combination is considered insecure to store in
the metadata passed to the stack as they can easily be obtained and
possibly used in an unathorized manner by logging into one of the
registration systems. The use of an activation key is more desirable
as it can only be used in conjunction with subscription-manager to
register a RHEL system.
This patch deprecates the username and password support from the script
that registers RHEL with either Satellite or RH Customer Portal during
boot-time. This patch also adds a warning if the username and password
combination is used in the stack metadata. The documentation and examples
have also been updated to warn operators of the deprecation of username
and password.
This patch does not affect the username and password support for
registration activities while building images with diskimage-builder.
Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
Previously the REG_REPOS value was a space delimited list of repo
names, but the spaces were incompatible with passing through json.
If you pass a list in json through the heat parameter, the output
is the string representation of a python list of unicode vaules.
This patch changes the rhel-registration scripts to process the
REG_REPOS value as a comma delimited list which is more easily
passed through json. Both scripts have been updated to remain
consistent.
Change-Id: I21b3fd115e53aa3b0fa4af9bbfb1f08b6fe163ab
This patch adds support to register with the hosted customer portal
using activation keys. If an activation key is present in either
the REG_ACTIVATION_KEY or rh_registration.activation_key, it will
use that value instead of username and password credentials when
registering with Satellite or the hosted Customer Portal. This
patch also enforces that an org must be set in either the REG_ORG
or rh_registration.org to use the activation key.
Change-Id: If40dd78ba793d508afb1a5ab345470ee5929afb0
This patch updates the 00-rhel-registration script to not
not fail a stack when metadata isn't found.
Change-Id: Ie305fed79e4baadf1a03c4a3d06a23cf36e92f77
This patch documents the 00-rhsm script as <= RHEL6 as it doesn't
work with the latest release of Satellite. The Red Hat Network
(RHN) method of registration is being phased out in favor of Red
Hat Customer Portal and Satellite 6. The subscription-manager
command line tool is the preferred method of registration.
The registration of RHEL is required to enable repositories for
software installation during image creation time.
This element provides functionality for registering RHEL images
during the image build process with diskimage-builder's
disk-image-create script. The RHEL image will register itself
with either the hosted Red Hat Customer Portal or Satellite to
enable software installation from official repositories. After
the end of the image creation process, the image will unregister
itself so an entitlement will not be decremented from the account.
Boot-time registration is supported through metadata. Please see
the configuration in the README for more information.
Change-Id: Ia9ef377cc4ed9595633888bfb248a1224e04b542
The openstack-selinux package contains policy updates for OpenStack.
Updates are accrued in openstack-selinux before they are merged into
the upstream selinux-policy package.
Change-Id: I7c00e5cae17489202fe7aee3e656fca27ab630ba
There are a bunch of optional env vars references in the rhsm
registration script, but they weren't wrapped to be set -u safe so
they cause build failures if any aren't set.
Change-Id: I18326b618f0920efa4dbd805611c6ee66d33ebb0