2fb72d6ed9
The username and password combination is considered insecure to store in the metadata passed to the stack as they can easily be obtained and possibly used in an unathorized manner by logging into one of the registration systems. The use of an activation key is more desirable as it can only be used in conjunction with subscription-manager to register a RHEL system. This patch deprecates the username and password support from the script that registers RHEL with either Satellite or RH Customer Portal during boot-time. This patch also adds a warning if the username and password combination is used in the stack metadata. The documentation and examples have also been updated to warn operators of the deprecation of username and password. This patch does not affect the username and password support for registration activities while building images with diskimage-builder. Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
125 lines
4.4 KiB
Bash
Executable File
125 lines
4.4 KiB
Bash
Executable File
#!/bin/bash
|
|
set -eux
|
|
set -o pipefail
|
|
|
|
REG_ACTIVATION_KEY="$(os-apply-config --key rh_registration.activation_key --type raw --key-default '')"
|
|
REG_AUTO_ATTACH="$(os-apply-config --key rh_registration.auto_attach --type raw --key-default 'true')"
|
|
REG_BASE_URL="$(os-apply-config --key rh_registration.base_url --type raw --key-default '')"
|
|
REG_ENVIRONMENT="$(os-apply-config --key rh_registration.environment --type raw --key-default '')"
|
|
REG_FORCE="$(os-apply-config --key rh_registration.force --type raw --key-default '')"
|
|
REG_MACHINE_NAME="$(os-apply-config --key rh_registration.machine_name --type raw --key-default '')"
|
|
REG_ORG="$(os-apply-config --key rh_registration.org --type raw --key-default '')"
|
|
REG_PASSWORD="$(os-apply-config --key rh_registration.password --type raw --key-default '')"
|
|
REG_POOL_ID="$(os-apply-config --key rh_registration.poolid --type raw --key-default '')"
|
|
REG_RELEASE="$(os-apply-config --key rh_registration.release --type raw --key-default '')"
|
|
REG_REPOS="$(os-apply-config --key rh_registration.repos --type raw --key-default '')"
|
|
REG_SAT_URL="$(os-apply-config --key rh_registration.satellite_url --type raw --key-default '')"
|
|
REG_SERVER_URL="$(os-apply-config --key rh_registration.server_url --type raw --key-default '')"
|
|
REG_SERVICE_LEVEL="$(os-apply-config --key rh_registration.service_level --type raw --key-default '')"
|
|
REG_USER="$(os-apply-config --key rh_registration.user --type raw --key-default '')"
|
|
REG_TYPE="$(os-apply-config --key rh_registration.type --type raw --key-default '')"
|
|
REG_METHOD="$(os-apply-config --key rh_registration.method --type raw --key-default '')"
|
|
|
|
opts=
|
|
attach_opts=
|
|
repos="repos --enable rhel-7-server-rpms"
|
|
satellite_repo="rhel-7-server-rh-common-beta-rpms"
|
|
if [ -n "${REG_AUTO_ATTACH:-}" ]; then
|
|
opts="$opts --auto-attach"
|
|
|
|
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
|
|
opts="$opts --servicelevel $REG_SERVICE_LEVEL"
|
|
fi
|
|
|
|
if [ -n "${REG_RELEASE:-}" ]; then
|
|
opts="$opts --release=$REG_RELEASE"
|
|
fi
|
|
else
|
|
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
|
|
echo "WARNING: REG_SERVICE_LEVEL set without REG_AUTO_ATTACH."
|
|
fi
|
|
|
|
if [ -n "${REG_RELEASE:-}" ]; then
|
|
echo "WARNING: REG_RELEASE set without REG_AUTO_ATTACH."
|
|
fi
|
|
|
|
if [ -n "${REG_POOL_ID:-}" ]; then
|
|
attach_opts="$attach_opts --pool=$REG_POOL_ID"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${REG_BASE_URL:-}" ]; then
|
|
opts="$opts --baseurl=$REG_BASE_URL"
|
|
fi
|
|
|
|
if [ -n "${REG_ENVIRONMENT:-}" ]; then
|
|
opts="$opts --env=$REG_ENVIRONMENT"
|
|
fi
|
|
|
|
if [ -n "${REG_FORCE:-}" ]; then
|
|
opts="$opts --force"
|
|
fi
|
|
|
|
if [ -n "${REG_SERVER_URL:-}" ]; then
|
|
opts="$opts --serverurl=$REG_SERVER_URL"
|
|
fi
|
|
|
|
if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
|
|
opts="$opts --activationkey=$REG_ACTIVATION_KEY"
|
|
|
|
if [ -z "${REG_ORG:-}" ]; then
|
|
echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG."
|
|
fi
|
|
else
|
|
echo "WARNING: Support for registering with a username and password is deprecated."
|
|
echo "Please use activation keys instead. See the README for more information."
|
|
if [ -n "${REG_PASSWORD:-}" ]; then
|
|
opts="$opts --password $REG_PASSWORD"
|
|
fi
|
|
|
|
if [ -n "${REG_USER:-}" ]; then
|
|
opts="$opts --username $REG_USER"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${REG_MACHINE_NAME:-}" ]; then
|
|
opts="$opts --name $REG_MACHINE_NAME"
|
|
fi
|
|
|
|
if [ -n "${REG_ORG:-}" ]; then
|
|
opts="$opts --org=$REG_ORG"
|
|
fi
|
|
|
|
if [ -n "${REG_REPOS:-}" ]; then
|
|
for repo in $(echo $REG_REPOS | tr ',' '\n'); do
|
|
repos="$repos --enable $repo"
|
|
done
|
|
fi
|
|
|
|
if [ -n "${REG_TYPE:-}" ]; then
|
|
opts="$opts --type=$REG_TYPE"
|
|
fi
|
|
|
|
case "${REG_METHOD:-}" in
|
|
portal)
|
|
subscription-manager register $opts
|
|
if [ -z "${REG_AUTO_ATTACH:-}" ]; then
|
|
subscription-manager attach $attach_opts
|
|
fi
|
|
subscription-manager $repos
|
|
;;
|
|
satellite)
|
|
repos="$repos --enable ${satellite_repo}"
|
|
rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
|
|
subscription-manager register $opts
|
|
subscription-manager $repos
|
|
yum install -y katello-agent || true # needed for errata reporting to satellite6
|
|
katello-package-upload
|
|
# beta-rpms repo only needed to support the katello-ca rpm above.
|
|
subscription-manager repos --disable ${satellite_repo}
|
|
;;
|
|
*)
|
|
echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD."
|
|
exit 0 # keeps the stack from failing if you don't set a value in REG_METHOD
|
|
esac
|