Merge pull request #21 from ehelms/update-to-1.1.0

Update to 1.1.0
RedHatSatellite · Apr 26, 2022 · d3cb0f4 · d3cb0f4
2 parents f30ef7f + ec847b4
commit d3cb0f4
Show file tree

Hide file tree

Showing 13 changed files with 203 additions and 10 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -34,9 +34,9 @@ jobs:
       if: ${{ github.event_name == 'pull_request' }}
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -20,6 +20,7 @@ jobs:
           - stable-2.10
           - stable-2.11
           - stable-2.12
+          - stable-2.13
           - devel
         include:
           - python: "2.7"
@@ -50,7 +51,7 @@ jobs:
       - name: Install libyaml-dev for PyYAML
         run: sudo apt-get install -y libyaml-dev
       - name: Install Ansible
-        run: pip install --upgrade git+https://github.com/ansible/ansible.git@${{ matrix.ansible }}
+        run: pip install --upgrade https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz
       - name: Install dependencies
         run: make test-setup
       - name: Install required collections for ansible-base (2.10+)
@@ -80,7 +81,7 @@ jobs:
       - name: Build docs
         run: make doc
       - name: Upload docs artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: docs-html
           path: docs/_build/html/
@@ -101,13 +102,15 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-pip-
       - name: Install dependencies
-        run: pip install --upgrade -r requirements-lint.txt ansible
+        run: |
+          pip install --upgrade ansible-core
+          pip install --upgrade -r requirements-lint.txt
       - name: Install required collections for linting
         run: ansible-galaxy collection install theforeman.operations
       - name: Run lint
         run: make lint
       - name: Upload collection artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: collection
           path: theforeman-operations-*.tar.gz
@@ -121,6 +124,7 @@ jobs:
           - stable-2.10
           - stable-2.11
           - stable-2.12
+          - stable-2.13
           - devel
     steps:
       - uses: actions/checkout@v3
@@ -129,7 +133,7 @@ jobs:
         with:
           python-version: "3.8"
       - name: Install Ansible
-        run: pip install --upgrade git+https://github.com/ansible/ansible.git@${{ matrix.ansible }}
+        run: pip install --upgrade https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz
       - name: Install dependencies
         run: make test-setup
       - name: Run tests

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -5,6 +5,14 @@ redhat.satellite-operations Release Notes
 .. contents:: Topics
 
 
+v1.1.0
+======
+
+Minor Changes
+-------------
+
+- cloud_connector - new role for installing Cloud Connector
+
 v1.0.2
 ======
 

diff --git a/Makefile b/Makefile
@@ -102,9 +102,11 @@ branding:
 	sed -i 's/theforeman-foreman/redhat-satellite-operations/g' .github/workflows/*.yml
 	sed -i 's/Foreman Operations Collection/Red Hat Satellite Operations Collection/g' docs/index.rst docs/conf.py
 	sed -i 's/The Foreman Project/Red Hat, Inc./g' docs/conf.py
+	sed -i 's/Foreman/Satellite/g' roles/*/README.md roles/*/*/*.yml
 	sed -i '/FOREMAN_\w/ s/FOREMAN_/SATELLITE_/g' Makefile
 	sed -i '/foreman_proxy_\w/ s/foreman_proxy_/satellite_capsule_/g' roles/*/README.md roles/*/*/*.yml
-	sed -i '/foreman_\w/ s/foreman_/satellite_/g' roles/*/README.md roles/*/*/*.yml
+	sed -i '/foreman_\w/ s/foreman_/satellite_/g' roles/*/README.md roles/*/*/*.yml roles/*/*/*.j2
+	sed -i 's/satellite_rh_cloud/foreman_rh_cloud/g' roles/*/README.md roles/*/*/*.yml roles/*/*/*.j2
 	sed -i 's/foreman-installer/satellite-installer/g' roles/*/README.md roles/*/*/*.yml
 	rm -rf roles/puppet_repositories roles/foreman_repositories roles/postgresql_upgrade roles/ansible_repositories
 	[ ! -d roles/foreman_proxy_certs_generate ] || mv roles/foreman_proxy_certs_generate roles/capsule_certs_generate

diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
@@ -23,3 +23,7 @@ releases:
     fragments:
     - installer-checkmode-fix.yml
     release_date: '2022-03-25'
+  1.1.0:
+    minor_changes:
+    - cloud_connector - new role for installing Cloud Connector
+    release_date: '2022-04-25'
diff --git a/galaxy.yml b/galaxy.yml
@@ -10,7 +10,7 @@ authors:
   - "Kyle Williams <[email protected]>"
   - "Matthias Dellweg <[email protected]>"
   - "willtome <[email protected]>"
-version: "1.0.2"
+version: "1.1.0"
 license:
   - "GPL-3.0-or-later"
 tags:

diff --git a/requirements-dev.txt b/requirements-dev.txt
@@ -1,6 +1,6 @@
 PyYAML
 docker
-rstcheck
+rstcheck==3.3.1 # from https://github.com/ansible/ansible/raw/devel/test/sanity/code-smell/rstcheck.requirements.txt
 cryptography<3.1; python_version < '3.6'
 -r requirements.txt
 pylint==2.6.0; python_version >= '3.6'

diff --git a/roles/cloud_connector/README.md b/roles/cloud_connector/README.md
@@ -0,0 +1,29 @@
+redhat.satellite_operations.cloud_connector
+=====================================
+
+Install and configure Red Hat Cloud Connector
+
+Role Variables
+--------------
+
+Required:
+
+- `satellite_cloud_connector_url`: The URL of the Satellite server.
+- `satellite_cloud_connector_user`: The username cloud connector will use to talk to Satellite API.
+- `satellite_cloud_connector_password`: The password cloud connector will use to talk to Satellite API.
+
+Example Playbooks
+-----------------
+
+Run the installer setting the initial admin password:
+Configure Cloud Connector:
+
+```yaml
+- hosts: target-host
+  roles:
+    - role: redhat.satellite_operations.cloud_connector
+      vars:
+        satellite_cloud_connector_url: https://satellite.example.com
+        satellite_cloud_connector_user: admin
+        satellite_cloud_connector_password: changeme
+```
diff --git a/roles/cloud_connector/defaults/main.yml b/roles/cloud_connector/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+satellite_cloud_connector_console_redhat_host: cert.cloud.redhat.com
+satellite_cloud_connector_config_file: /etc/rhc/workers/foreman_rh_cloud.toml
+satellite_cloud_connector_validate_certs: true
diff --git a/roles/cloud_connector/tasks/cleanup_receptor.yml b/roles/cloud_connector/tasks/cleanup_receptor.yml
@@ -0,0 +1,52 @@
+---
+- name: Identify Satellite ID from Satellite
+  ansible.builtin.uri:
+    url: "{{ satellite_cloud_connector_url }}/api/settings?search=name%20%3D%20instance_id"
+    user: "{{ satellite_cloud_connector_user }}"
+    password: "{{ satellite_cloud_connector_password }}"
+    return_content: true
+    validate_certs: true
+    force_basic_auth: true
+  register: satellite_uuid_json
+
+- name: Find receptor configs
+  find:
+    paths: /etc/receptor
+    file_type: directory
+  register: receptor_configs
+
+- include_tasks: delete_source.yaml
+  loop: "{{ receptor_configs['files'] }}"
+
+- name: Check if foreman-maintain installed
+  ansible.builtin.package_facts:
+    manager: auto
+
+- name: Collect service facts
+  ansible.builtin.service_facts:
+
+- name: Stop any receptor services
+  ansible.builtin.service:
+    state: stopped
+    enabled: false
+    name: "{{ item.name }}"
+  loop: "{{ ansible_facts.services.values() | selectattr('name', 'regex', 'receptor\\@.+.service') | list }}"
+
+- name: Remove receptor packages
+  yum:
+    state: absent
+    name:
+      - receptor
+      - python3-receptor-satellite
+      - ansiblerole-satellite-receptor-installer
+    disable_plugin: foreman-protector
+
+- name: Cleanup receptor config
+  file:
+    state: absent
+    path: /etc/receptor
+
+- name: Remove receptor service file
+  file:
+    state: absent
+    path: /etc/systemd/system/[email protected]
diff --git a/roles/cloud_connector/tasks/delete_source.yaml b/roles/cloud_connector/tasks/delete_source.yaml
@@ -0,0 +1,20 @@
+---
+- name: Get source record
+  ansible.builtin.uri:
+    url: "https://{{ foreman_cloud_connector_console_redhat_host }}/api/sources/v3.1/sources?filter[source_ref]={{ satellite_uuid_json.json.results[0].value }}"
+    client_cert: "{{ item.path }}/cert.pem"
+    client_key: "{{ item.path }}/key.pem"
+    return_content: true
+  register: source_record_response
+
+- name: Delete Source
+  vars:
+    source_id: "{{ source_record_response.json.data[0].id }}"
+  when: "source_record_response.json.data | length == 1"
+  ansible.builtin.uri:
+    url: "https://{{ foreman_cloud_connector_console_redhat_host }}/api/sources/v3.1/sources/{{ source_id }}"
+    client_cert: "{{ item.path }}/cert.pem"
+    client_key: "{{ item.path }}/key.pem"
+    method: "DELETE"
+    status_code:
+      - 204
diff --git a/roles/cloud_connector/tasks/main.yml b/roles/cloud_connector/tasks/main.yml
@@ -0,0 +1,62 @@
+---
+- name: Install yggdrasil-worker-forwarder and rhc
+  yum:
+    name:
+      - rhc
+      - yggdrasil-worker-forwarder
+    disable_plugin: foreman-protector
+
+- name: Create workers directory
+  file:
+    state: directory
+    path: "/etc/rhc/workers"
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Configure rhc-cloud-connector-worker
+  ansible.builtin.template:
+    src: "foreman_rh_cloud.toml.j2"
+    dest: "{{ satellite_cloud_connector_config_file }}"
+    owner: root
+    group: root
+    mode: 0640
+
+- name: Create rhcd worker
+  ansible.builtin.copy:
+    dest: /usr/libexec/rhc/foreman-rh-cloud-worker
+    content: |
+      #!/bin/bash
+
+      CONFIG_FILE="{{ satellite_cloud_connector_config_file }}" exec /usr/libexec/yggdrasil-worker-forwarder
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Ensure rhcd started
+  service:
+    name: rhcd
+    state: started
+
+- name: Read client ID from CN of consumer
+  ansible.builtin.command: openssl x509 -in /etc/pki/consumer/cert.pem -subject -noout
+  register: cert_output
+  when: cert_output is not defined
+
+- name: Set client ID in Satellite
+  ansible.builtin.uri:
+    url: "{{ satellite_cloud_connector_url }}/api/settings/rhc_instance_id"
+    user: "{{ satellite_cloud_connector_user }}"
+    password: "{{ satellite_cloud_connector_password }}"
+    body:
+      setting:
+        value: "{{ client_id }}"
+    method: "PUT"
+    validate_certs: "{{ satellite_cloud_connector_validate_certs }}"
+    force_basic_auth: true
+    body_format: json
+  vars:
+    client_id: "{{ cert_output.stdout.replace('subject= /CN=', '') }}"
+
+- name: Cleanup receptor
+  include: cleanup_receptor.yml
diff --git a/roles/cloud_connector/templates/foreman_rh_cloud.toml.j2 b/roles/cloud_connector/templates/foreman_rh_cloud.toml.j2
@@ -0,0 +1,8 @@
+exec = "/usr/libexec/yggdrasil-worker-forwarder"
+protocol = "grpc"
+env = [
+  "FORWARDER_USER={{ satellite_cloud_connector_user }}",
+  "FORWARDER_PASSWORD={{ satellite_cloud_connector_password }}",
+  "FORWARDER_URL={{ satellite_cloud_connector_url }}",
+  "FORWARDER_HANDLER=foreman_rh_cloud"
+]
-Original file line number
+Diff line change
@@ Expand Up / @@ -5,6 +5,14 @@ redhat.satellite-operations Release Notes @@
     .. contents:: Topics
+    v1.1.0
+    ======
+    Minor Changes
+    -------------
+    - cloud_connector - new role for installing Cloud Connector
     v1.0.2
     ======
@@ Expand Down @@