Commit Graph

30 Commits

Author SHA1 Message Date
Luca Lorenzetto
c7219a5a60 Avoid disabling rhel-7-server-rh-common-rpms
while using disk-image-builder for building overcloud images for TripleO
using RDO, this repository is (in my opinion) wrongly disabled because
contains certain dependencies needed by RDO packages.
Example: python-cheetah is required for python-nova, but is not
available through RDO repository but only from
rhel-7-server-rh-common-rpms

Closes-Bug: #1638938
Change-Id: I76824c8ec02590397f1ff1d4f177ad061c7bf441
Signed-off-by: Luca Lorenzetto <lorenzetto.luca@gmail.com>
2016-11-03 15:15:42 +01:00
Yolanda Robla Mota
c6b4e639b0 Disabling all previous repos registered in the system
Depending on the pool id used, so many repos are brought,
including not valid ones that cause image to crash, or repos
that include conflicting packages.
Before enabling repos, disable all previous ones, so we
can be sure that we only bring the repos specified in the
parameters.

Change-Id: Ifd4d8d1d4fa954cd2593669e516e3201f2d6f6c1
2016-09-27 11:47:05 +02:00
Bernard Cafarelli
87379da56a Run RHEL system unregister element earlier
This does not need to be the last finalise step, and some late finalise
steps can disable the network (for example, Octavia amphora DIB cleans
resolv.conf at 99) Moving it to 60 also aligns it with rhsm-unregister
rhel6 element, and still allows to run subscription-manager steps
before.

Also fix an unbound variable error that appeared when both
BASE_IMAGE_FILE and DIB_CLOUD_IMAGES are unset.

Change-Id: Icb0e20b01479fea345e01309fc4bf3f7f639900c
2016-06-22 17:10:04 +02:00
Ben Nemec
a342036e75 Revert "Correct rhel-common for rhel6"
This is breaking deployments that use registration.  I
believe os-refresh-config scripts don't source environment.d
files, so the variable is unset there.

Given that this a blocking issue for RHEL deployments, I'm
pushing a quick revert and we can come up with a proper fix
when this isn't stopping other work.

This reverts commit 71bd8b3a33.

Change-Id: I87504660352220d45f5445bb933edc1c28885fcb
2016-02-17 22:17:11 +00:00
Abel Lopez
71bd8b3a33 Correct rhel-common for rhel6
Hardcoding subscription-manager to use rhel-7-server-rpms causes
users building rhel6 with Satellite6 to fail. This setting cannot
be overridden with environment variables, therefore needs to be
smarter. Setting RHEL_MAJ_VER in the rhel/rhel7 environment fixes.

Change-Id: Ifbd88bc76ef8b38a739272ba6e045a12849d68df
Closes-Bug: 1404364
2016-01-11 12:03:45 -08:00
John Trowbridge
6856d96f03 rhel-common element should not use attach with activation key
In the case of using portal registration with an activation key, the
rhel-common element is still executing a `subscription-manager attach`
command. This should not happen if an activation key is provided. This
is because an activation key already provides the subscriptions to
attach.

This patch fixes this behavior.

Change-Id: I5a8425d1778362bb7a0dadc91a46308f16b2a526
Closes-Bug: #1456648
2015-05-25 07:18:47 -04:00
Antoine Musso
8d052a54a7 Turn docs warnings into errors and fix issues
Set the pbr option 'warnerrors' to make build_sphinx turns warnings into
error. Fix all warnings.

`tox -edocs` will thus abort whenever someone introduce a new error.

Change-Id: Id6d09768a241866e1fdc1a1e2bf90336f5c5087d
2015-04-27 15:03:19 +00:00
Jenkins
e61ffb7fc8 Merge "Don't trace RHEL Registration scripts" 2015-04-21 14:29:02 +00:00
Pino Toscano
8d19032a4a Do not export REG_HALT_UNREGISTER between hook scripts
Do not rely on environment changes (like exporting REG_HALT_UNREGISTER)
to persist between different hooks run. This helps when the hooks are
run in different new environments every time.

Instead, in 99-unregister redo the same checks on REG_METHOD as done in
00-rhel-registration, still respecting REG_HALT_UNREGISTER in case the
user does not want to unregister the image generated.

Change-Id: Id594dcd72334f38a2fa96da21206da77a83d7a1a
Closes-Bug: #1434431
2015-04-08 09:28:47 +02:00
Ben Nemec
952915f25e Don't trace RHEL Registration scripts
We don't want to trace the RHEL registration scripts because that
is likely to log things like passwords and activation keys.  To
still allow for debugging failed runs, add sanitized logging of
the arguments passed to the registration commands, since that is
the part of the process where problems are most likely to manifest.

Change-Id: I0f661e9c152f43b814fda61211bd56ba93e3b9dc
2015-04-07 10:33:33 -05:00
Ian Wienand
36b59c001c Standarise tracing for scripts
There is a wide variety of tracing options through the various shell
scripts.  Some use "set -eux", others explicity set xtrace and others
do nothing.  There is a "-x" option to bin/disk-image-create but it
doesn't flow down to the many scripts it calls.

This adds a global integer variable set by disk-image-create
DIB_DEBUG_TRACE.  All scripts have a stanza added to detect this and
turn on tracing.  Any other tracing methods are rolled into this.  So
the standard header is

---
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
    set -x
fi
set -eu
set -o pipefail
---

Multiple -x options can be specified to dib-create-image, which
increases the value of DIB_DEBUG_TRACE.  If script authors feel their
script should only trace at higher levels, they should modify the
"-gt" value.  If they feel it should trace by default, they can modify
the default value also.

Changes to pachset 16 : scripts which currently trace themselves by
default have retained this behaviour with DIB_DEBUG_TRACE defaulting
to "1".  This was done by running [1] on patch set 15.  See the thread
beginning at [2]

dib-lint is also updated to look for the variable being matched.

[1] https://gist.github.com/ianw/71bbda9e6acc74ccd0fd
[2] http://lists.openstack.org/pipermail/openstack-dev/2014-November/051575.html

Change-Id: I6c5a962260741dcf6f89da9a33b96372a719b7b0
2015-02-12 10:41:32 +11:00
Gregory Haynes
c4bbb6f3bc Create docs site containing element READMEs
We currently do not have the ability to create a docs site which
outlines all the elements.

Change-Id: I77ccf61e0c4b1509b3e7ce9b8f15ea5ccfd50d9b
2015-02-10 11:45:35 -08:00
Ryan Brady
c9af576e79 Run Registration Once
The rhel-common element has a script that uses subscription-manager
to register an instance of RHEL with the customer portal or Satellite.
If os-refresh-config runs this script more than once,
subscription-manager returns a non-zero value causing os-refresh-config
to fail.  Adding --force to the subscription-manager calls doesn't
properly unregister the image from Satellite and the result is multiple
content host registrations. This patch changes the registration to only
run once.

Change-Id: If372e7f59bbdc77e2b233024c1342f005004f2e5
2015-01-16 21:55:59 +00:00
Ryan Brady
297c734424 Fix Satellite Repo
Previous to the Sattelite 6 release, the katello-agent and it's
dependencies needed the rhel-7-server-rh-common-beta-rpms repo
enabled.  Since the the release of Satellite 6, the "beta" can
be safely dropped.  This fixes an error where registration to a
satellite instance fails due to a 404 for the beta repo.

Change-Id: Ia9879498c7db0c912bb58ea084d448b8b3915569
2015-01-16 16:52:11 -05:00
Jenkins
af4b290328 Merge "Fix for RHEL6" 2015-01-12 16:22:18 +00:00
Jenkins
bc4880fb91 Merge "Allow for disabling rhel registration" 2015-01-09 18:31:30 +00:00
Jenkins
89e9c01cd4 Merge "Deprecates username and password from boot time registration" 2015-01-09 15:17:57 +00:00
Jenkins
e304882e9d Merge "Fix repo enablement for RHEL during registration" 2015-01-09 15:17:43 +00:00
Ryan Brady
d669d78528 Fix for RHEL6
The correct workflow for building RHEL6 images includes not using
the rhel-registration scripts in this element, but rather the 00-rhsm
script.  This patch updates the return value from 1 to 0 for the case
when the REG_METHOD is left unset.  This will allow the RHEL6 images
to build without needing to set REG_METHOD. This patch also improves
the note about RHEL6 image building.

This patch is the result of the discussion in the comments of [1].

[1] Iff7b9fc30d5a36231598a977a9edcd55229766c5

Change-Id: I2f35b8d7d8749d44d88f06e9e2c3116ff93b88fe
Closes-Bug: 1404364
2015-01-07 10:27:55 -05:00
James Slagle
697800987f Allow for disabling rhel registration
When using the rhel element, it can be uesful to disable registration.
For instance, if using an internal mirror repository that does not
require registration/authentication.

Change-Id: I42fa34e7f146137e5b1b9c5d7785702311e1dca1
2015-01-07 10:27:48 -05:00
Jenkins
ef0c043c85 Merge "Add Activation Key Support For Customer Portal" 2015-01-06 18:04:12 +00:00
Ben Nemec
68394e134e Don't trace RHEL registration scripts
These scripts are littered with references to passwords and keys,
so rather than try to disable tracing in every one of those places
I propose we simply turn it off for the scripts.  This will likely
need to be revisited after the global tracing discussion is
resolved anyway.

Change-Id: I805015300bf01b2f8eec9f70ccfdf533dd9386b3
Related-Bug: 1298205
2014-12-17 16:39:27 -06:00
Ryan Brady
2fb72d6ed9 Deprecates username and password from boot time registration
The username and password combination is considered insecure to store in
the metadata passed to the stack as they can easily be obtained and
possibly used in an unathorized manner by logging into one of the
registration systems. The use of an activation key is more desirable
as it can only be used in conjunction with subscription-manager to
register a RHEL system.

This patch deprecates the username and password support from the script
that registers RHEL with either Satellite or RH Customer Portal during
boot-time.  This patch also adds a warning if the username and password
combination is used in the stack metadata. The documentation and examples
have also been updated to warn operators of the deprecation of username
and password.

This patch does not affect the username and password support for
registration activities while building images with diskimage-builder.

Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
2014-12-09 10:56:55 -05:00
Ryan Brady
386a7a01d3 Fix repo enablement for RHEL during registration
Previously the REG_REPOS value was a space delimited list of repo
names, but the spaces were incompatible with passing through json.
If you pass a list in json through the heat parameter, the output
is the string representation of a python list of unicode vaules.
This patch changes the rhel-registration scripts to process the
REG_REPOS value as a comma delimited list which is more easily
passed through json.  Both scripts have been updated to remain
consistent.

Change-Id: I21b3fd115e53aa3b0fa4af9bbfb1f08b6fe163ab
2014-12-04 21:52:16 -05:00
Ryan Brady
bf8b77a8ea Add Activation Key Support For Customer Portal
This patch adds support to register with the hosted customer portal
using activation keys.  If an activation key is present in either
the REG_ACTIVATION_KEY or rh_registration.activation_key, it will
use that value instead of username and password credentials when
registering with Satellite or the hosted Customer Portal.  This
patch also enforces that an org must be set in either the REG_ORG
or rh_registration.org to use the activation key.

Change-Id: If40dd78ba793d508afb1a5ab345470ee5929afb0
2014-12-03 12:46:58 -05:00
Ryan Brady
81b4c00fdc Update RHEL Registration
This patch updates the 00-rhel-registration script to not
not fail a stack when metadata isn't found.

Change-Id: Ie305fed79e4baadf1a03c4a3d06a23cf36e92f77
2014-11-19 18:05:24 -05:00
Ryan Brady
ac8514c089 Enable RHEL Registration
This patch documents the 00-rhsm script as <= RHEL6 as it doesn't
work with the latest release of Satellite.  The Red Hat Network
(RHN) method of registration is being phased out in favor of Red
Hat Customer Portal and Satellite 6.  The subscription-manager
command line tool is the preferred method of registration.

The registration of RHEL is required to enable repositories for
software installation during image creation time.

This element provides functionality for registering RHEL images
during the image build process with diskimage-builder's
disk-image-create script.  The RHEL image will register itself
with either the hosted Red Hat Customer Portal or Satellite to
enable software installation from official repositories. After
the end of the image creation process, the image will unregister
itself so an entitlement will not be decremented from the account.

Boot-time registration is supported through metadata.  Please see
the configuration in the README for more information.

Change-Id: Ia9ef377cc4ed9595633888bfb248a1224e04b542
2014-10-31 12:36:43 -04:00
Richard Su
8baf819b08 Install openstack-selinux on RHEL
The openstack-selinux package contains policy updates for OpenStack.
Updates are accrued in openstack-selinux before they are merged into
the upstream selinux-policy package.

Change-Id: I7c00e5cae17489202fe7aee3e656fca27ab630ba
2014-09-29 21:53:22 -07:00
Ben Nemec
5c69b7a683 Make RHSM registration set -u safe
There are a bunch of optional env vars references in the rhsm
registration script, but they weren't wrapped to be set -u safe so
they cause build failures if any aren't set.

Change-Id: I18326b618f0920efa4dbd805611c6ee66d33ebb0
2014-08-21 21:39:38 -05:00
Ryan Brady
7f78be9318 Adds RHEL common element
This element contains the installation steps common to RHEL
operating system versions.

Change-Id: I37cce0bd5b5d31525f1335ecd416be570d36ad61
2014-07-25 14:17:03 -04:00