ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity
community.general/changelogs/fragments/6122-redhat_subscription-subscribe-via-dbus.yaml

5 lines
391 B
YAML
Raw Normal View History

[PR #6122/e939cd07 backport][stable-6] redhat_subscription: use D-Bus for registration if possible (#6188) redhat_subscription: use D-Bus for registration if possible (#6122) subscription-manager currently does not have a way to get credentials (username, password, activation keys, organization ID) in a secure way: the existing command line parameters can be easily spotted when running a process listing while 'subscription-manager register' runs. There is a D-Bus service, which is used by e.g. cockpit and Anaconda to interface with RHSM (at least for registration and common queries). Try to perform the registration using D-Bus, in a way very similar to the work done in convert2rhel [1] (with my help): - try to do a simple signal test to check whether the system bus works; inspired by the login in the dconf module - pass most of the options as registration options; for the few that are not part of the registration, execute 'subscription-manager' manually - add quirks for differently working (or not) registration options for the D-Bus Register*() methods depending on the version of RHEL - 'subscription-manager register' is used only in case the signal test is not working; silent fallback in case of D-Bus errors during the registration is not done on purpose to avoid silent fallback to a less secure registration [1] https://github.com/oamg/convert2rhel/pull/540/ (cherry picked from commit e939cd07ef335e939e901c3ccc76523eab8d5e4a) Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2023-03-14 23:06:41 +01:00
minor_changes:
- redhat_subscription - the registration is done using the D-Bus ``rhsm`` service instead of spawning a ``subscription-manager register`` command, if possible;
this avoids passing plain-text credentials as arguments to ``subscription-manager register``, which can be seen while that command runs
(https://github.com/ansible-collections/community.general/pull/6122).
Copy permalink