Puppet Class: rhsm

Defined in:: manifests/init.pp

Summary

Subscribe the node to RHSM

Overview

rhsm

Subscribe the node to RHSM

Examples:

include rhsm

# Hierafile:
---
rhsm::rh_user: myuser
rhsm::rh_password: mypassword

Parameters:

rh_user (Optional[String[1]]) (defaults to: undef) —

User for the Customer Portal. You need to specify either (rh_user and rh_password) or (org and activationkey)
rh_password (Optional[String[1]]) (defaults to: undef) —

Password for the rh_user account
org (Optional[String[1]]) (defaults to: undef) —

Organization to use
activationkey (Optional[String[1]]) (defaults to: undef) —

Activationkey to use
servername (Stdlib::Fqdn) (defaults to: 'subscription.rhsm.redhat.com') —

Servername, default provided Used directly in rhsm.conf template
serverprefix (Stdlib::Absolutepath) (defaults to: '/subscription') —

server.prefix to use Used directly in rhsm.conf template /rhsm for Satellite 6 /subscription for RHSM
serverport (Stdlib::Port) (defaults to: 443) —

server.port to use Used directly in rhsm.conf template
ca_cert_dir (Stdlib::Absolutepath) (defaults to: '/etc/rhsm/ca/') —

Server CA certificate location
repo_ca_cert_filename (String[1]) (defaults to: 'redhat-uep.pem') —

File containting the CA cert to use when generating yum repo configs katello-server-ca.pem for Satellite 6 redhat-uep.pem for RHSM
repo_ca_cert_source (Optional[String[1]]) (defaults to: undef) —

URI, if set the content is used for CA file resource $ca_cert_dir/$repo_ca_cert_filename Possible values are puppet:, file: and http:
manage_repos (Integer[0,1]) (defaults to: 1) —

1 if subscription manager should manage yum repos file or 0 if the subscription is only used for tracking purposes
full_refresh_on_yum (Integer[0,1]) (defaults to: 0) —

rhsm.full_refresh_on_yum Used directly in rhsm.conf template 1 for Satellite 6 0 for RHSM
proxy_hostname (Optional[Stdlib::Fqdn]) (defaults to: undef) —

Proxy hostname
proxy_port (Optional[Stdlib::Port]) (defaults to: undef) —

Proxy port
proxy_user (Optional[String[1]]) (defaults to: undef) —

Proxy user
proxy_password (Optional[String[1]]) (defaults to: undef) —

Proxy password
baseurl (Stdlib::Httpurl) (defaults to: 'https://cdn.redhat.com') —

Base URL for rhsm, default provided
package_ensure (String[1]) (defaults to: 'installed') —

Whether to install subscription-manager, directly passed to the ‘ensure` param of the package.
enabled_repo_ids (Array[String[1]]) (defaults to: []) —

A listing of the Repo IDs to provide to the subscription-manager repo –enable command.
server_timeout (Integer[0]) (defaults to: 180) —

HTTP timeout in seconds
inotify (Integer[0,1]) (defaults to: 1) —

Inotify is used for monitoring changes in directories with certificates. When this directory is mounted using a network file system without inotify notification support (e.g. NFS), then disabling inotify is strongly recommended.

Author:

Ger Apeldoorn <info@gerapeldoorn.nl>

# File 'manifests/init.pp', line 56

class rhsm (
  Optional[String[1]]    $rh_user               = undef,
  Optional[String[1]]    $rh_password           = undef,
  Optional[String[1]]    $org                   = undef,
  Optional[String[1]]    $activationkey         = undef,
  Optional[Stdlib::Fqdn] $proxy_hostname        = undef,
  Optional[Stdlib::Port] $proxy_port            = undef,
  Optional[String[1]]    $proxy_user            = undef,
  Optional[String[1]]    $proxy_password        = undef,
  Stdlib::Httpurl        $baseurl               = 'https://cdn.redhat.com',
  Stdlib::Fqdn           $servername            = 'subscription.rhsm.redhat.com',
  Stdlib::Absolutepath   $serverprefix          = '/subscription',
  Stdlib::Port           $serverport            = 443,
  Stdlib::Absolutepath   $ca_cert_dir           = '/etc/rhsm/ca/',
  String[1]              $repo_ca_cert_filename = 'redhat-uep.pem',
  Optional[String[1]]    $repo_ca_cert_source   = undef,
  Integer[0,1]           $manage_repos          = 1,
  Integer[0,1]           $full_refresh_on_yum   = 0,
  String[1]              $package_ensure        = 'installed',
  Array[String[1]]       $enabled_repo_ids      = [],
  Integer[0,1]           $inotify               = 1,
  Integer[0]             $server_timeout        = 180,
){

  if ($rh_user == undef and $rh_password == undef) and ($org == undef and $activationkey == undef) {
    fail("${module_name}: Must provide rh_user and rh_password or org and activationkey")
  }

  if $rh_user {
    $_user = " --username='${rh_user}'"
  } else {
    $_user = ''
  }

  if $rh_password {
    $_password = " --password='${rh_password}'"
  } else {
    $_password = ''
  }

  if $org {
    $_org = " --org='${org}'"
  } else {
    $_org = ''
  }

  if $activationkey {
    $_activationkey = " --activationkey='${activationkey}'"
  } else {
    $_activationkey = ''
  }

  if $proxy_hostname {
    if $proxy_user and $proxy_password {
      $proxycli = " --proxy=http://${proxy_hostname}:${proxy_port} --proxyuser=${proxy_user} --proxypass=${proxy_password}"
    } else {
      $proxycli = " --proxy=http://${proxy_hostname}:${proxy_port}"
    }
  } else {
    $proxycli = ''
  }

  package { 'subscription-manager':
    ensure => $package_ensure,
  }

  file { '/etc/rhsm/rhsm.conf':
    content => template("${module_name}/rhsm.conf.erb"),
    require => Package['subscription-manager'],
    notify  => Service['rhsmcertd'],
  }

  if $repo_ca_cert_source {
    file { "${ca_cert_dir}/${repo_ca_cert_filename}":
      source  => $repo_ca_cert_source,
      mode    => '0644',
      require => Package['subscription-manager'],
      before  => File['/etc/rhsm/rhsm.conf'],
    }
  }

  rh_repo { $enabled_repo_ids:
    ensure => present,
  }

  exec { 'RHSM-register':
    command => "subscription-manager register --name='${facts['networking']['fqdn']}'${_user}${_password}${_org}${_activationkey}${proxycli}",
    creates => '/etc/pki/consumer/cert.pem',
    path    => '/bin:/usr/bin:/usr/sbin',
    require => File['/etc/rhsm/rhsm.conf'],
  }
  -> Rh_subscription <||>
  -> Rh_repo <||>

  service { 'rhsmcertd':
    ensure => running,
    enable => true,
  }
}