1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Commit graph

17 commits

Author SHA1 Message Date
patchback[bot]
acfe464a31
[PR #6366/1aa94a5a backport][stable-6] redhat_subscription: document the security of the registration (#6368)
redhat_subscription: document the security of the registration (#6366)

(cherry picked from commit 1aa94a5a1d)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2023-04-19 21:14:34 +02:00
patchback[bot]
c6316c1153
[PR #6319/83994c0a backport][stable-6] redhat_subscription: use CLI when using environments (#6332)
redhat_subscription: use CLI when using environments (#6319)

It turns out that the 'environments' that the D-Bus Register*() APIs
accept are the IDs of the environments, and not the user-facing names of
the environments (which is what the module has been accepting so far).

Since there is no easy way to do the mapping manually, for now use again
the subscription-manager CLI for registering when environments are
specified.

(cherry picked from commit 83994c0a2d)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2023-04-13 08:09:58 +02:00
patchback[bot]
f0320b5ac9
[PR #6275/c280b793 backport][stable-6] redhat_subscription: fix D-Bus option for environments on CentOS (#6282)
redhat_subscription: fix D-Bus option for environments on CentOS (#6275)

Factorize the current logic to determine whether use 'environments' as
D-Bus registration option (rather than 'environment') in an own
function, so it is easier to read it and maintain it.

With the small helper function in place, extend the logic to support
CentOS: it is in practice the same as the RHEL one, with an additional
check to support CentOS Stream 8 (which is a rolling release, and not
versioned).

(cherry picked from commit c280b793de)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2023-04-03 22:02:12 +02:00
patchback[bot]
43beaf4b00
[PR #6259/c9e11e5c backport][stable-6] redhat_subscription: manually unregister only when registered (#6280)
redhat_subscription: manually unregister only when registered (#6259)

When registering using D-Bus and using a version of subscription-manager
with an unimplemented 'force' option, then unregister manually the
system only if it is registered. 'subscription-manager unregister'
errors out when trying to unregister an already unregistered system.

(cherry picked from commit c9e11e5c0c)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2023-04-03 21:25:53 +02:00
patchback[bot]
47b8df8019
[PR #5664/bbd68e26 backport][stable-6] redhat_subscription: require credentials only when needed (#6222)
redhat_subscription: require credentials only when needed (#5664)

The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.

Hence:
- change the static 'required_if' to require credentials only when
  forcing the registration
- check for credentials manually when a registration is needed, i.e.
  on an unregistered system; the fail message is the same as the one
  shown by 'required_if'

Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
  system
- add a new version of test_without_required_parameters to test an
  already registered system
- add a simple test case for only state=present usable on an already
  registered system
- remove the credentials from a test case for pool attachment that
  mocks an already registered system

(cherry picked from commit bbd68e26a2)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2023-03-22 20:56:22 +01:00
patchback[bot]
9c411586ea
[PR #6211/9f67cbbe backport][stable-6] rhsm modules: cleanly fail when not run as root (#6218)
rhsm modules: cleanly fail when not run as root (#6211)

subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.

Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.

(cherry picked from commit 9f67cbbe36)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2023-03-22 17:57:46 +00:00
patchback[bot]
1676b09573
[PR #6122/e939cd07 backport][stable-6] redhat_subscription: use D-Bus for registration if possible (#6188)
redhat_subscription: use D-Bus for registration if possible (#6122)

subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).

Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
  inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
  not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
  the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
  is not working; silent fallback in case of D-Bus errors during the
  registration is not done on purpose to avoid silent fallback to a less
  secure registration

[1] https://github.com/oamg/convert2rhel/pull/540/

(cherry picked from commit e939cd07ef)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2023-03-14 23:06:41 +01:00
patchback[bot]
91095240f4
[PR #5967/d03ae532 backport][stable-6] Add attributes to more modules (3/4) (#6025)
Add attributes to more modules (3/4) (#5967)

Add attributes to more modules.

(cherry picked from commit d03ae532ed)

Co-authored-by: Felix Fontein <felix@fontein.de>
2023-02-20 17:58:28 +01:00
patchback[bot]
2d450a5a36
[PR #5725/4dc897d5 backport][stable-6] redhat_subscription: Add support for Red Hat API token (#5768)
redhat_subscription: Add support for Red Hat API token (#5725)

Add support for Red Hat API token

fix mixed up

fix version

(cherry picked from commit 4dc897d559)

Co-authored-by: Eric C Chong <ecchong@gmail.com>
2023-01-05 21:51:21 +01:00
patchback[bot]
ff21afb227
[PR #5662/471f523f backport][stable-6] redhat_subscription: add server_proxy_scheme parameter (#5671)
redhat_subscription: add `server_proxy_scheme` parameter (#5662)

Add the `server_proxy_scheme` parameter to configure the scheme used for
the proxy server. This completes the configuration parameters for the
proxy server.

(cherry picked from commit 471f523f53)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2022-12-08 22:54:18 +01:00
patchback[bot]
e1e89f7735
redhat_subscription: don't discard vars with key (#5627) (#5633)
Fixes #3486. From the man-pages of subscription-manager, none of the
parameters used are tied to the activationkey except the two that remain
in its else-clause.

Note that type is not mentioned in the man-pages on 7.6 (at least), but
is still present and available.

Co-authored-by: Thor K. H <thor@roht.no>
(cherry picked from commit f7fa54eed9)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2022-11-30 22:30:49 +01:00
patchback[bot]
efedd0d6e2
redhat_subscription: drop unneeded args to Rhsm.register() (#5583) (#5626)
Stop passing all the "rhsm_", and "server_" module arguments to
"Rhsm.register()", and thus as arguments for
"subscription-manager register":
- right before calling "Rhsm.register()", "Rhsm.configure()" is called
  to configure subscription-manager with all the "rhsm_", and "server_"
  arguments; hence, they are already configured
- the passed argument to "--serverurl" is partially wrong:
  "Rhsm.register()" passes only the hostname, whereas the other bits
  (port and prefix) are supported too; this "works" because port and
  prefix were already configured previously, and the lax parsing that
  subscription-manager does allows for missing bits
- the parsing done by subscription-manager for "--baseurl" strips out
  the URL scheme and always uses https: this means that specifying
  "rhsm_baseurl: http://server" as module parameter will be taken as
  "https://server" by subscription-manager; since "rhsm_baseurl" is
  already configured by "Rhsm.configure()", this issue is gone

(cherry picked from commit 101c957631)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2022-11-29 13:20:30 +01:00
patchback[bot]
352e91a389
redhat_subscription: improve wording wrt Satellite (#5581) (#5608)
Do not mention an explicit version of Satellite for an environment to
use; future versions of Satellite will support that, and older versions
are long EOL.

Also mention Katello next to Red Hat Satellite.

(cherry picked from commit 911769d2f3)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2022-11-26 18:49:40 +01:00
patchback[bot]
57a4195b0d
redhat_subscription: fix sanity check (#5555) (#5560)
* redhat_subscription: fix sanity check

* removed ignore lines

(cherry picked from commit 801e3d86ef)

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2022-11-16 06:57:38 +01:00
Felix Fontein
b531ecdc9b
Unflatmap community.general (#5461)
* Move files.

* Update imports and references.

* Move wrongly placed files.

* Reverse redirects, deprecate long → short name redirects.

* Simplify contribution guidelines for new modules.

* Rewrite BOTMETA.

* Add changelog fragment.

* Fix ignore.txt files.
2022-11-02 20:42:29 +00:00
Felix Fontein
7743ecd776
Replace symlinks with meta/runtime.yml redirects. (#4562) 2022-04-26 20:33:13 +02:00
Brian Coca
8f90360d49
make collection usable with current ansible vers (#9) 2020-03-11 14:10:38 +00:00