2fb72d6ed9
The username and password combination is considered insecure to store in the metadata passed to the stack as they can easily be obtained and possibly used in an unathorized manner by logging into one of the registration systems. The use of an activation key is more desirable as it can only be used in conjunction with subscription-manager to register a RHEL system. This patch deprecates the username and password support from the script that registers RHEL with either Satellite or RH Customer Portal during boot-time. This patch also adds a warning if the username and password combination is used in the stack metadata. The documentation and examples have also been updated to warn operators of the deprecation of username and password. This patch does not affect the username and password support for registration activities while building images with diskimage-builder. Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a
104 lines
2.6 KiB
Bash
Executable File
104 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
set -eux
|
|
set -o pipefail
|
|
|
|
opts=
|
|
attach_opts=
|
|
repos="repos --enable rhel-7-server-rpms"
|
|
satellite_repo="rhel-7-server-rh-common-beta-rpms"
|
|
|
|
if [ -n "${REG_AUTO_ATTACH:-}" ]; then
|
|
opts="$opts --auto-attach"
|
|
|
|
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
|
|
opts="$opts --servicelevel $REG_SERVICE_LEVEL"
|
|
fi
|
|
|
|
if [ -n "${REG_RELEASE:-}" ]; then
|
|
opts="$opts --release=$REG_RELEASE"
|
|
fi
|
|
else
|
|
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
|
|
echo "WARNING: REG_SERVICE_LEVEL set without REG_AUTO_ATTACH."
|
|
fi
|
|
|
|
if [ -n "${REG_RELEASE:-}" ]; then
|
|
echo "WARNING: REG_RELEASE set without REG_AUTO_ATTACH."
|
|
fi
|
|
|
|
if [ -n "${REG_POOL_ID:-}" ]; then
|
|
attach_opts="$attach_opts --pool=$REG_POOL_ID"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${REG_BASE_URL:-}" ]; then
|
|
opts="$opts --baseurl=$REG_BASE_URL"
|
|
fi
|
|
|
|
if [ -n "${REG_ENVIRONMENT:-}" ]; then
|
|
opts="$opts --env=$REG_ENVIRONMENT"
|
|
fi
|
|
|
|
if [ -n "${REG_FORCE:-}" ]; then
|
|
opts="$opts --force"
|
|
fi
|
|
|
|
if [ -n "${REG_SERVER_URL:-}" ]; then
|
|
opts="$opts --serverurl=$REG_SERVER_URL"
|
|
fi
|
|
|
|
if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
|
|
opts="$opts --activationkey=$REG_ACTIVATION_KEY"
|
|
|
|
if [ -z "${REG_ORG:-}" ]; then
|
|
echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG."
|
|
fi
|
|
else
|
|
if [ -n "${REG_PASSWORD:-}" ]; then
|
|
opts="$opts --password $REG_PASSWORD"
|
|
fi
|
|
|
|
if [ -n "${REG_USER:-}" ]; then
|
|
opts="$opts --username $REG_USER"
|
|
fi
|
|
fi
|
|
|
|
if [ -n "${REG_MACHINE_NAME:-}" ]; then
|
|
opts="$opts --name $REG_MACHINE_NAME"
|
|
fi
|
|
|
|
if [ -n "${REG_ORG:-}" ]; then
|
|
opts="$opts --org=$REG_ORG"
|
|
fi
|
|
|
|
if [ -n "${REG_REPOS:-}" ]; then
|
|
for repo in $(echo $REG_REPOS | tr ',' '\n'); do
|
|
repos="$repos --enable $repo"
|
|
done
|
|
fi
|
|
|
|
if [ -n "${REG_TYPE:-}" ]; then
|
|
opts="$opts --type=$REG_TYPE"
|
|
fi
|
|
|
|
case "${REG_METHOD:-}" in
|
|
portal)
|
|
subscription-manager register $opts
|
|
if [ -z "${REG_AUTO_ATTACH:-}" ]; then
|
|
subscription-manager attach $attach_opts
|
|
fi
|
|
subscription-manager $repos
|
|
;;
|
|
satellite)
|
|
repos="$repos --enable ${satellite_repo}"
|
|
rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
|
|
subscription-manager register $opts
|
|
subscription-manager $repos
|
|
# beta-rpms repo only needed to support the katello-ca rpm above.
|
|
subscription-manager repos --disable rhel-7-server-rh-common-beta-rpms
|
|
;;
|
|
*)
|
|
echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD."
|
|
exit 1 # RHEL requires registration, fail image build if REG_Method isn't set
|
|
esac
|