diskimage-builder/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration
Ben Nemec 952915f25e Don't trace RHEL Registration scripts
We don't want to trace the RHEL registration scripts because that
is likely to log things like passwords and activation keys.  To
still allow for debugging failed runs, add sanitized logging of
the arguments passed to the registration commands, since that is
the part of the process where problems are most likely to manifest.

Change-Id: I0f661e9c152f43b814fda61211bd56ba93e3b9dc
2015-04-07 10:33:33 -05:00

151 lines
5.1 KiB
Bash
Executable file

#!/bin/bash
# dib-lint: disable=dibdebugtrace
set -eu
set -o pipefail
OK=/mnt/state/var/lib/rhsm/rhsm.ok
if [ -e $OK ] ; then
exit 0
fi
REG_ACTIVATION_KEY="$(os-apply-config --key rh_registration.activation_key --type raw --key-default '')"
REG_AUTO_ATTACH="$(os-apply-config --key rh_registration.auto_attach --type raw --key-default 'true')"
REG_BASE_URL="$(os-apply-config --key rh_registration.base_url --type raw --key-default '')"
REG_ENVIRONMENT="$(os-apply-config --key rh_registration.environment --type raw --key-default '')"
REG_FORCE="$(os-apply-config --key rh_registration.force --type raw --key-default '')"
REG_MACHINE_NAME="$(os-apply-config --key rh_registration.machine_name --type raw --key-default '')"
REG_ORG="$(os-apply-config --key rh_registration.org --type raw --key-default '')"
REG_PASSWORD="$(os-apply-config --key rh_registration.password --type raw --key-default '')"
REG_POOL_ID="$(os-apply-config --key rh_registration.poolid --type raw --key-default '')"
REG_RELEASE="$(os-apply-config --key rh_registration.release --type raw --key-default '')"
REG_REPOS="$(os-apply-config --key rh_registration.repos --type raw --key-default '')"
REG_SAT_URL="$(os-apply-config --key rh_registration.satellite_url --type raw --key-default '')"
REG_SERVER_URL="$(os-apply-config --key rh_registration.server_url --type raw --key-default '')"
REG_SERVICE_LEVEL="$(os-apply-config --key rh_registration.service_level --type raw --key-default '')"
REG_USER="$(os-apply-config --key rh_registration.user --type raw --key-default '')"
REG_TYPE="$(os-apply-config --key rh_registration.type --type raw --key-default '')"
REG_METHOD="$(os-apply-config --key rh_registration.method --type raw --key-default '')"
opts=
attach_opts=
repos="repos --enable rhel-7-server-rpms"
satellite_repo="rhel-7-server-rh-common-rpms"
if [ -n "${REG_AUTO_ATTACH:-}" ]; then
opts="$opts --auto-attach"
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
opts="$opts --servicelevel $REG_SERVICE_LEVEL"
fi
if [ -n "${REG_RELEASE:-}" ]; then
opts="$opts --release=$REG_RELEASE"
fi
else
if [ -n "${REG_SERVICE_LEVEL:-}" ]; then
echo "WARNING: REG_SERVICE_LEVEL set without REG_AUTO_ATTACH."
fi
if [ -n "${REG_RELEASE:-}" ]; then
echo "WARNING: REG_RELEASE set without REG_AUTO_ATTACH."
fi
if [ -n "${REG_POOL_ID:-}" ]; then
attach_opts="$attach_opts --pool=$REG_POOL_ID"
fi
fi
if [ -n "${REG_BASE_URL:-}" ]; then
opts="$opts --baseurl=$REG_BASE_URL"
fi
if [ -n "${REG_ENVIRONMENT:-}" ]; then
opts="$opts --env=$REG_ENVIRONMENT"
fi
if [ -n "${REG_FORCE:-}" ]; then
opts="$opts --force"
fi
if [ -n "${REG_SERVER_URL:-}" ]; then
opts="$opts --serverurl=$REG_SERVER_URL"
fi
if [ -n "${REG_ACTIVATION_KEY:-}" ]; then
opts="$opts --activationkey=$REG_ACTIVATION_KEY"
if [ -z "${REG_ORG:-}" ]; then
echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG."
fi
else
echo "WARNING: Support for registering with a username and password is deprecated."
echo "Please use activation keys instead. See the README for more information."
if [ -n "${REG_PASSWORD:-}" ]; then
opts="$opts --password $REG_PASSWORD"
fi
if [ -n "${REG_USER:-}" ]; then
opts="$opts --username $REG_USER"
fi
fi
if [ -n "${REG_MACHINE_NAME:-}" ]; then
opts="$opts --name $REG_MACHINE_NAME"
fi
if [ -n "${REG_ORG:-}" ]; then
opts="$opts --org=$REG_ORG"
fi
if [ -n "${REG_REPOS:-}" ]; then
for repo in $(echo $REG_REPOS | tr ',' '\n'); do
repos="$repos --enable $repo"
done
fi
if [ -n "${REG_TYPE:-}" ]; then
opts="$opts --type=$REG_TYPE"
fi
sanitized_opts=$(echo "$opts" | sed 's/--password \([^ ]*\)/--password ***/g')
sanitized_opts=$(echo "$sanitized_opts" | sed 's/--activationkey=\([^ ]*\)/--activationkey=***/g')
case "${REG_METHOD:-}" in
portal)
echo "Registering with options: $sanitized_opts"
subscription-manager register $opts
if [ -z "${REG_AUTO_ATTACH:-}" ]; then
echo "Attaching with options: $attach_opts"
subscription-manager attach $attach_opts
fi
echo "Enabling repos: $repos"
subscription-manager $repos
;;
satellite)
# Save an unmodified copy of the repo list for logging
user_repos=$repos
repos="$repos --enable ${satellite_repo}"
echo "Installing satellite dependencies"
rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true
echo "Registering with options: $sanitized_opts"
subscription-manager register $opts
echo "Enabling repos: $user_repos"
subscription-manager $repos
echo "Installing katello-agent"
yum install -y katello-agent || true # needed for errata reporting to satellite6
katello-package-upload
echo "Disabling satellite repo because it is no longer needed"
subscription-manager repos --disable ${satellite_repo}
;;
disable)
echo "Disabling RHEL registration"
;;
*)
echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD."
exit 0
esac
mkdir -p $(dirname $OK)
touch $OK