redhat_subscription: fix D-Bus option for consumer type on older distros (#7378)
subscription-manager 1.29.32 renames the "type" D-Bus registration
option to "consumer_type"; this means that the right option must be
passed according to the distro type & version.
Copy the same approach done for environments, tweaking the version
needed: this change is found in RHEL 9.2+ and supported Fedora versions.
Reported-by: Radek Bíba <rbiba@redhat.com>
(cherry picked from commit d7bb8648f3)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: document the security of the registration (#6366)
(cherry picked from commit 1aa94a5a1d)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: use CLI when using environments (#6319)
It turns out that the 'environments' that the D-Bus Register*() APIs
accept are the IDs of the environments, and not the user-facing names of
the environments (which is what the module has been accepting so far).
Since there is no easy way to do the mapping manually, for now use again
the subscription-manager CLI for registering when environments are
specified.
(cherry picked from commit 83994c0a2d)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: fix D-Bus option for environments on CentOS (#6275)
Factorize the current logic to determine whether use 'environments' as
D-Bus registration option (rather than 'environment') in an own
function, so it is easier to read it and maintain it.
With the small helper function in place, extend the logic to support
CentOS: it is in practice the same as the RHEL one, with an additional
check to support CentOS Stream 8 (which is a rolling release, and not
versioned).
(cherry picked from commit c280b793de)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: manually unregister only when registered (#6259)
When registering using D-Bus and using a version of subscription-manager
with an unimplemented 'force' option, then unregister manually the
system only if it is registered. 'subscription-manager unregister'
errors out when trying to unregister an already unregistered system.
(cherry picked from commit c9e11e5c0c)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: require credentials only when needed (#5664)
The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.
Hence:
- change the static 'required_if' to require credentials only when
forcing the registration
- check for credentials manually when a registration is needed, i.e.
on an unregistered system; the fail message is the same as the one
shown by 'required_if'
Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
system
- add a new version of test_without_required_parameters to test an
already registered system
- add a simple test case for only state=present usable on an already
registered system
- remove the credentials from a test case for pool attachment that
mocks an already registered system
(cherry picked from commit bbd68e26a2)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
rhsm modules: cleanly fail when not run as root (#6211)
subscription-manager on RHEL installs a symlink in /usr/bin to
console-helper (part of usermode), which triggers an interactive prompt
for root credentials when run as user. It seems that console-helper
does not handle well non-interactive contexts (e.g. without a TTY for
input), and thus it will hang waiting for input when run as user in an
Ansible task.
Since subscription-manager requires root already anyway (and it will
fail when explicitly run as user), then apply the same logic locally on
all the modules that interact with it: redhat_subscription,
rhsm_release, and rhsm_repository.
(cherry picked from commit 9f67cbbe36)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
redhat_subscription: use D-Bus for registration if possible (#6122)
subscription-manager currently does not have a way to get credentials
(username, password, activation keys, organization ID) in a secure way:
the existing command line parameters can be easily spotted when running
a process listing while 'subscription-manager register' runs.
There is a D-Bus service, which is used by e.g. cockpit and Anaconda to
interface with RHSM (at least for registration and common queries).
Try to perform the registration using D-Bus, in a way very similar to
the work done in convert2rhel [1] (with my help):
- try to do a simple signal test to check whether the system bus works;
inspired by the login in the dconf module
- pass most of the options as registration options; for the few that are
not part of the registration, execute 'subscription-manager' manually
- add quirks for differently working (or not) registration options for
the D-Bus Register*() methods depending on the version of RHEL
- 'subscription-manager register' is used only in case the signal test
is not working; silent fallback in case of D-Bus errors during the
registration is not done on purpose to avoid silent fallback to a less
secure registration
[1] https://github.com/oamg/convert2rhel/pull/540/
(cherry picked from commit e939cd07ef)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Add attributes to more modules (3/4) (#5967)
Add attributes to more modules.
(cherry picked from commit d03ae532ed)
Co-authored-by: Felix Fontein <felix@fontein.de>
redhat_subscription: Add support for Red Hat API token (#5725)
Add support for Red Hat API token
fix mixed up
fix version
(cherry picked from commit 4dc897d559)
Co-authored-by: Eric C Chong <ecchong@gmail.com>
redhat_subscription: add `server_proxy_scheme` parameter (#5662)
Add the `server_proxy_scheme` parameter to configure the scheme used for
the proxy server. This completes the configuration parameters for the
proxy server.
(cherry picked from commit 471f523f53)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Fixes#3486. From the man-pages of subscription-manager, none of the
parameters used are tied to the activationkey except the two that remain
in its else-clause.
Note that type is not mentioned in the man-pages on 7.6 (at least), but
is still present and available.
Co-authored-by: Thor K. H <thor@roht.no>
(cherry picked from commit f7fa54eed9)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Stop passing all the "rhsm_", and "server_" module arguments to
"Rhsm.register()", and thus as arguments for
"subscription-manager register":
- right before calling "Rhsm.register()", "Rhsm.configure()" is called
to configure subscription-manager with all the "rhsm_", and "server_"
arguments; hence, they are already configured
- the passed argument to "--serverurl" is partially wrong:
"Rhsm.register()" passes only the hostname, whereas the other bits
(port and prefix) are supported too; this "works" because port and
prefix were already configured previously, and the lax parsing that
subscription-manager does allows for missing bits
- the parsing done by subscription-manager for "--baseurl" strips out
the URL scheme and always uses https: this means that specifying
"rhsm_baseurl: http://server" as module parameter will be taken as
"https://server" by subscription-manager; since "rhsm_baseurl" is
already configured by "Rhsm.configure()", this issue is gone
(cherry picked from commit 101c957631)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
Do not mention an explicit version of Satellite for an environment to
use; future versions of Satellite will support that, and older versions
are long EOL.
Also mention Katello next to Red Hat Satellite.
(cherry picked from commit 911769d2f3)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>