diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index afffe60..4b0fe20 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -34,9 +34,9 @@ jobs: if: ${{ github.event_name == 'pull_request' }} - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 34af55a..8234d55 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -20,6 +20,7 @@ jobs: - stable-2.10 - stable-2.11 - stable-2.12 + - stable-2.13 - devel include: - python: "2.7" @@ -50,7 +51,7 @@ jobs: - name: Install libyaml-dev for PyYAML run: sudo apt-get install -y libyaml-dev - name: Install Ansible - run: pip install --upgrade git+https://github.com/ansible/ansible.git@${{ matrix.ansible }} + run: pip install --upgrade https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz - name: Install dependencies run: make test-setup - name: Install required collections for ansible-base (2.10+) @@ -80,7 +81,7 @@ jobs: - name: Build docs run: make doc - name: Upload docs artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: docs-html path: docs/_build/html/ @@ -101,13 +102,15 @@ jobs: restore-keys: | ${{ runner.os }}-pip- - name: Install dependencies - run: pip install --upgrade -r requirements-lint.txt ansible + run: | + pip install --upgrade ansible-core + pip install --upgrade -r requirements-lint.txt - name: Install required collections for linting run: ansible-galaxy collection install theforeman.operations - name: Run lint run: make lint - name: Upload collection artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: collection path: theforeman-operations-*.tar.gz @@ -121,6 +124,7 @@ jobs: - stable-2.10 - stable-2.11 - stable-2.12 + - stable-2.13 - devel steps: - uses: actions/checkout@v3 @@ -129,7 +133,7 @@ jobs: with: python-version: "3.8" - name: Install Ansible - run: pip install --upgrade git+https://github.com/ansible/ansible.git@${{ matrix.ansible }} + run: pip install --upgrade https://github.com/ansible/ansible/archive/${{ matrix.ansible }}.tar.gz - name: Install dependencies run: make test-setup - name: Run tests diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9df4254..907d2a0 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,14 @@ redhat.satellite-operations Release Notes .. contents:: Topics +v1.1.0 +====== + +Minor Changes +------------- + +- cloud_connector - new role for installing Cloud Connector + v1.0.2 ====== diff --git a/Makefile b/Makefile index 4cc8e9c..480f21b 100644 --- a/Makefile +++ b/Makefile @@ -102,9 +102,11 @@ branding: sed -i 's/theforeman-foreman/redhat-satellite-operations/g' .github/workflows/*.yml sed -i 's/Foreman Operations Collection/Red Hat Satellite Operations Collection/g' docs/index.rst docs/conf.py sed -i 's/The Foreman Project/Red Hat, Inc./g' docs/conf.py + sed -i 's/Foreman/Satellite/g' roles/*/README.md roles/*/*/*.yml sed -i '/FOREMAN_\w/ s/FOREMAN_/SATELLITE_/g' Makefile sed -i '/foreman_proxy_\w/ s/foreman_proxy_/satellite_capsule_/g' roles/*/README.md roles/*/*/*.yml - sed -i '/foreman_\w/ s/foreman_/satellite_/g' roles/*/README.md roles/*/*/*.yml + sed -i '/foreman_\w/ s/foreman_/satellite_/g' roles/*/README.md roles/*/*/*.yml roles/*/*/*.j2 + sed -i 's/satellite_rh_cloud/foreman_rh_cloud/g' roles/*/README.md roles/*/*/*.yml roles/*/*/*.j2 sed -i 's/foreman-installer/satellite-installer/g' roles/*/README.md roles/*/*/*.yml rm -rf roles/puppet_repositories roles/foreman_repositories roles/postgresql_upgrade roles/ansible_repositories [ ! -d roles/foreman_proxy_certs_generate ] || mv roles/foreman_proxy_certs_generate roles/capsule_certs_generate diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index d919568..81ce154 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -23,3 +23,7 @@ releases: fragments: - installer-checkmode-fix.yml release_date: '2022-03-25' + 1.1.0: + minor_changes: + - cloud_connector - new role for installing Cloud Connector + release_date: '2022-04-25' diff --git a/galaxy.yml b/galaxy.yml index 5248528..dd8fbf4 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ authors: - "Kyle Williams " - "Matthias Dellweg <2500@gmx.de>" - "willtome " -version: "1.0.2" +version: "1.1.0" license: - "GPL-3.0-or-later" tags: diff --git a/requirements-dev.txt b/requirements-dev.txt index e667776..ab1f8d4 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,6 +1,6 @@ PyYAML docker -rstcheck +rstcheck==3.3.1 # from https://github.com/ansible/ansible/raw/devel/test/sanity/code-smell/rstcheck.requirements.txt cryptography<3.1; python_version < '3.6' -r requirements.txt pylint==2.6.0; python_version >= '3.6' diff --git a/roles/cloud_connector/README.md b/roles/cloud_connector/README.md new file mode 100644 index 0000000..232d018 --- /dev/null +++ b/roles/cloud_connector/README.md @@ -0,0 +1,29 @@ +redhat.satellite_operations.cloud_connector +===================================== + +Install and configure Red Hat Cloud Connector + +Role Variables +-------------- + +Required: + +- `satellite_cloud_connector_url`: The URL of the Satellite server. +- `satellite_cloud_connector_user`: The username cloud connector will use to talk to Satellite API. +- `satellite_cloud_connector_password`: The password cloud connector will use to talk to Satellite API. + +Example Playbooks +----------------- + +Run the installer setting the initial admin password: +Configure Cloud Connector: + +```yaml +- hosts: target-host + roles: + - role: redhat.satellite_operations.cloud_connector + vars: + satellite_cloud_connector_url: https://satellite.example.com + satellite_cloud_connector_user: admin + satellite_cloud_connector_password: changeme +``` diff --git a/roles/cloud_connector/defaults/main.yml b/roles/cloud_connector/defaults/main.yml new file mode 100644 index 0000000..03976bc --- /dev/null +++ b/roles/cloud_connector/defaults/main.yml @@ -0,0 +1,4 @@ +--- +satellite_cloud_connector_console_redhat_host: cert.cloud.redhat.com +satellite_cloud_connector_config_file: /etc/rhc/workers/foreman_rh_cloud.toml +satellite_cloud_connector_validate_certs: true diff --git a/roles/cloud_connector/tasks/cleanup_receptor.yml b/roles/cloud_connector/tasks/cleanup_receptor.yml new file mode 100644 index 0000000..bc33a64 --- /dev/null +++ b/roles/cloud_connector/tasks/cleanup_receptor.yml @@ -0,0 +1,52 @@ +--- +- name: Identify Satellite ID from Satellite + ansible.builtin.uri: + url: "{{ satellite_cloud_connector_url }}/api/settings?search=name%20%3D%20instance_id" + user: "{{ satellite_cloud_connector_user }}" + password: "{{ satellite_cloud_connector_password }}" + return_content: true + validate_certs: true + force_basic_auth: true + register: satellite_uuid_json + +- name: Find receptor configs + find: + paths: /etc/receptor + file_type: directory + register: receptor_configs + +- include_tasks: delete_source.yaml + loop: "{{ receptor_configs['files'] }}" + +- name: Check if foreman-maintain installed + ansible.builtin.package_facts: + manager: auto + +- name: Collect service facts + ansible.builtin.service_facts: + +- name: Stop any receptor services + ansible.builtin.service: + state: stopped + enabled: false + name: "{{ item.name }}" + loop: "{{ ansible_facts.services.values() | selectattr('name', 'regex', 'receptor\\@.+.service') | list }}" + +- name: Remove receptor packages + yum: + state: absent + name: + - receptor + - python3-receptor-satellite + - ansiblerole-satellite-receptor-installer + disable_plugin: foreman-protector + +- name: Cleanup receptor config + file: + state: absent + path: /etc/receptor + +- name: Remove receptor service file + file: + state: absent + path: /etc/systemd/system/receptor@.service diff --git a/roles/cloud_connector/tasks/delete_source.yaml b/roles/cloud_connector/tasks/delete_source.yaml new file mode 100644 index 0000000..ef82454 --- /dev/null +++ b/roles/cloud_connector/tasks/delete_source.yaml @@ -0,0 +1,20 @@ +--- +- name: Get source record + ansible.builtin.uri: + url: "https://{{ foreman_cloud_connector_console_redhat_host }}/api/sources/v3.1/sources?filter[source_ref]={{ satellite_uuid_json.json.results[0].value }}" + client_cert: "{{ item.path }}/cert.pem" + client_key: "{{ item.path }}/key.pem" + return_content: true + register: source_record_response + +- name: Delete Source + vars: + source_id: "{{ source_record_response.json.data[0].id }}" + when: "source_record_response.json.data | length == 1" + ansible.builtin.uri: + url: "https://{{ foreman_cloud_connector_console_redhat_host }}/api/sources/v3.1/sources/{{ source_id }}" + client_cert: "{{ item.path }}/cert.pem" + client_key: "{{ item.path }}/key.pem" + method: "DELETE" + status_code: + - 204 diff --git a/roles/cloud_connector/tasks/main.yml b/roles/cloud_connector/tasks/main.yml new file mode 100644 index 0000000..ff02488 --- /dev/null +++ b/roles/cloud_connector/tasks/main.yml @@ -0,0 +1,62 @@ +--- +- name: Install yggdrasil-worker-forwarder and rhc + yum: + name: + - rhc + - yggdrasil-worker-forwarder + disable_plugin: foreman-protector + +- name: Create workers directory + file: + state: directory + path: "/etc/rhc/workers" + owner: root + group: root + mode: 0755 + +- name: Configure rhc-cloud-connector-worker + ansible.builtin.template: + src: "foreman_rh_cloud.toml.j2" + dest: "{{ satellite_cloud_connector_config_file }}" + owner: root + group: root + mode: 0640 + +- name: Create rhcd worker + ansible.builtin.copy: + dest: /usr/libexec/rhc/foreman-rh-cloud-worker + content: | + #!/bin/bash + + CONFIG_FILE="{{ satellite_cloud_connector_config_file }}" exec /usr/libexec/yggdrasil-worker-forwarder + owner: root + group: root + mode: 0755 + +- name: Ensure rhcd started + service: + name: rhcd + state: started + +- name: Read client ID from CN of consumer + ansible.builtin.command: openssl x509 -in /etc/pki/consumer/cert.pem -subject -noout + register: cert_output + when: cert_output is not defined + +- name: Set client ID in Satellite + ansible.builtin.uri: + url: "{{ satellite_cloud_connector_url }}/api/settings/rhc_instance_id" + user: "{{ satellite_cloud_connector_user }}" + password: "{{ satellite_cloud_connector_password }}" + body: + setting: + value: "{{ client_id }}" + method: "PUT" + validate_certs: "{{ satellite_cloud_connector_validate_certs }}" + force_basic_auth: true + body_format: json + vars: + client_id: "{{ cert_output.stdout.replace('subject= /CN=', '') }}" + +- name: Cleanup receptor + include: cleanup_receptor.yml diff --git a/roles/cloud_connector/templates/foreman_rh_cloud.toml.j2 b/roles/cloud_connector/templates/foreman_rh_cloud.toml.j2 new file mode 100644 index 0000000..387689e --- /dev/null +++ b/roles/cloud_connector/templates/foreman_rh_cloud.toml.j2 @@ -0,0 +1,8 @@ +exec = "/usr/libexec/yggdrasil-worker-forwarder" +protocol = "grpc" +env = [ + "FORWARDER_USER={{ satellite_cloud_connector_user }}", + "FORWARDER_PASSWORD={{ satellite_cloud_connector_password }}", + "FORWARDER_URL={{ satellite_cloud_connector_url }}", + "FORWARDER_HANDLER=foreman_rh_cloud" +]