Merge pull request #6827 from chef/rhsm

Add new Redhat Subscription Manager resources
author: Tim Smith <tsmith@chef.io> 2018-02-19 10:42:58 -0800
committer: GitHub <noreply@github.com> 2018-02-19 10:42:58 -0800
commit: bc436e42c71a7cf8fc5997aeeac0e1082c0a30d4 (patch)
tree: 6d88ebcf9557584fa944d968d629257f0712634e /lib/chef
parent: 56be8ea4bbe792645dc8fbd86f14183c9923e3bb (diff)
parent: c3236775e22739f78bac6277cf1e5e7ff7f4b2ce (diff)
download: chef-bc436e42c71a7cf8fc5997aeeac0e1082c0a30d4.tar.gz
6 files changed, 432 insertions, 0 deletions
diff --git a/lib/chef/resource/rhsm_errata.rb b/lib/chef/resource/rhsm_errata.rb
new file mode 100644
index 0000000000..56779909f5
--- /dev/null
+++ b/lib/chef/resource/rhsm_errata.rb
@@ -0,0 +1,45 @@
+#
+# Copyright:: 2015-2018 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/resource"
+
+class Chef
+  class Resource
+    class RhsmErrata < Chef::Resource
+      resource_name :rhsm_errata
+
+      description "A resource for installing packages associated with a given Red"\
+                  " Hat Subscription Manager Errata ID. This is helpful if packages"\
+                  " to mitigate a single vulnerability must be installed on your hosts."
+      introduced "14.0"
+
+      property :errata_id,
+               String,
+               description: "An optional property for specifying the errata ID if not using the resource's name.",
+               name_property: true
+
+      action :install do
+        description "Installs a package for a specific errata ID"
+
+        execute "Install errata packages for #{new_resource.errata_id}" do
+          command "yum update --advisory #{new_resource.errata_id} -y"
+          action :run
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/resource/rhsm_errata_level.rb b/lib/chef/resource/rhsm_errata_level.rb
new file mode 100644
index 0000000000..3aa289ac2e
--- /dev/null
+++ b/lib/chef/resource/rhsm_errata_level.rb
@@ -0,0 +1,53 @@
+#
+# Copyright:: 2015-2018 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/resource"
+
+class Chef
+  class Resource
+    class RhsmErrataLevel < Chef::Resource
+      resource_name :rhsm_errata_level
+
+      description "A resource for installing all packages of a specified errata level"\
+                  " from the Red Hat Subscript Manager. For example, you can ensure"\
+                  " that all packages associated with errata marked at a 'Critical'"\
+                  " security level are installed."
+      introduced "14.0"
+
+      property :errata_level,
+               String,
+               coerce: proc { |x| x.downcase },
+               equal_to: %w{critical moderate important low},
+               description: "The errata level of packages to install.",
+               name_property: true
+
+      action :install do
+        descripton "Install all packages of the specified errata level"
+
+        yum_package "yum-plugin-security" do
+          action :install
+          only_if { node["platform_version"].to_i == 6 }
+        end
+
+        execute "Install any #{new_resource.errata_level} errata" do
+          command "yum update --sec-severity=#{new_resource.errata_level.capitalize} -y"
+          action :run
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/resource/rhsm_register.rb b/lib/chef/resource/rhsm_register.rb
new file mode 100644
index 0000000000..47fe67d1cf
--- /dev/null
+++ b/lib/chef/resource/rhsm_register.rb
@@ -0,0 +1,170 @@
+#
+# Copyright:: 2015-2018 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/resource"
+require "shellwords"
+
+class Chef
+  class Resource
+    class RhsmRegister < Chef::Resource
+      resource_name :rhsm_register
+
+      description "A resource for registering a node with the Red Hat Subscription Manager"\
+                  " or a local Red Hat Satellite server."
+      introduced "14.0"
+
+      property :activation_key,
+               [String, Array],
+               coerce: proc { |x| Array(x) },
+               description: "A String or array of the activation keys to use when registering. You must also specify the organization property if using activation_key."
+
+      property :satellite_host,
+               String,
+               description: "The FQDN of the Satellite host to register with. If not specified, the host will be registered with Red Hat's public RHSM service."
+
+      property :organization,
+               String,
+               description: "The organization to use when registering, required when using an activation key"
+
+      property :environment,
+               String,
+               description: "The environment to use when registering, required when using username and password"
+
+      property :username,
+               String,
+               description: "The username to use when registering. Not applicable if using an activation key. If specified, password and environment are also required."
+
+      property :password,
+               String,
+               description: "The password to use when registering. Not applicable if using an activation key. If specified, username and environment are also required."
+
+      property :auto_attach,
+               [TrueClass, FalseClass],
+               description: "If true, RHSM will attempt to automatically attach the host to applicable subscriptions. It is generally better to use an activation key with the subscriptions pre-defined.",
+               default: false
+
+      property :install_katello_agent,
+               [TrueClass, FalseClass],
+               description: "If true, the 'katello-agent' RPM will be installed.",
+               default: true
+
+      property :force,
+               [TrueClass, FalseClass],
+               description: "If true, the system will be registered even if it is already registered. Normally, any register operations will fail if the machine is has already registered.",
+               default: false
+
+      action :register do
+        description "Register the node with RHSM"
+
+        package "subscription-manager"
+
+        unless new_resource.satellite_host.nil? || registered_with_rhsm?
+          remote_file "#{Chef::Config[:file_cache_path]}/katello-package.rpm" do
+            source "http://#{new_resource.satellite_host}/pub/katello-ca-consumer-latest.noarch.rpm"
+            action :create
+            notifies :install, "yum_package[katello-ca-consumer-latest]", :immediately
+            not_if { katello_cert_rpm_installed? }
+          end
+
+          yum_package "katello-ca-consumer-latest" do
+            options "--nogpgcheck"
+            source "#{Chef::Config[:file_cache_path]}/katello-package.rpm"
+            action :nothing
+          end
+
+          file "#{Chef::Config[:file_cache_path]}/katello-package.rpm" do
+            action :delete
+          end
+        end
+
+        execute "Register to RHSM" do
+          sensitive new_resource.sensitive
+          command register_command
+          action :run
+          not_if { registered_with_rhsm? }
+        end
+
+        yum_package "katello-agent" do
+          action :install
+          only_if { new_resource.install_katello_agent && !new_resource.satellite_host.nil? }
+        end
+      end
+
+      action :unregister do
+        description "Unregister the node from RHSM"
+
+        execute "Unregister from RHSM" do
+          command "subscription-manager unregister"
+          action :run
+          only_if { registered_with_rhsm? }
+          notifies :run, "execute[Clean RHSM Config]", :immediately
+        end
+
+        execute "Clean RHSM Config" do
+          command "subscription-manager clean"
+          action :nothing
+        end
+      end
+
+      action_class do
+        def registered_with_rhsm?
+          cmd = Mixlib::ShellOut.new("subscription-manager status", env: { LANG: "en_US" })
+          cmd.run_command
+          !cmd.stdout.match(/Overall Status: Unknown/)
+        end
+
+        def katello_cert_rpm_installed?
+          cmd = Mixlib::ShellOut.new("rpm -qa | grep katello-ca-consumer")
+          cmd.run_command
+          !cmd.stdout.match(/katello-ca-consumer/).nil?
+        end
+
+        def register_command
+          command = %w{subscription-manager register}
+
+          unless new_resource.activation_key.empty?
+            raise "Unable to register - you must specify organization when using activation keys" if new_resource.organization.nil?
+
+            command << new_resource.activation_key.map { |key| "--activationkey=#{Shellwords.shellescape(key)}" }
+            command << "--org=#{Shellwords.shellescape(new_resource.organization)}"
+            command << "--force" if new_resource.force
+
+            return command.join(" ")
+          end
+
+          if new_resource.username && new_resource.password
+            raise "Unable to register - you must specify environment when using username/password" if new_resource.environment.nil? && using_satellite_host?
+
+            command << "--username=#{Shellwords.shellescape(new_resource.username)}"
+            command << "--password=#{Shellwords.shellescape(new_resource.password)}"
+            command << "--environment=#{Shellwords.shellescape(new_resource.environment)}" if using_satellite_host?
+            command << "--auto-attach" if new_resource.auto_attach
+            command << "--force" if new_resource.force
+
+            return command.join(" ")
+          end
+
+          raise "Unable to create register command - you must specify activation_key or username/password"
+        end
+
+        def using_satellite_host?
+          !new_resource.satellite_host.nil?
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/resource/rhsm_repo.rb b/lib/chef/resource/rhsm_repo.rb
new file mode 100644
index 0000000000..aef4dd43d6
--- /dev/null
+++ b/lib/chef/resource/rhsm_repo.rb
@@ -0,0 +1,63 @@
+#
+# Copyright:: 2015-2018 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/resource"
+
+class Chef
+  class Resource
+    class RhsmRepo < Chef::Resource
+      resource_name :rhsm_repo
+
+      description "A resource for enabling and disabling Red Hat Subscription Manager"\
+                  " repositories that are made available via attached subscriptions."
+      introduced "14.0"
+
+      property :repo_name,
+               String,
+               description: "An optional property for specifying the repository name if not using the resource's name.",
+               name_property: true
+
+      action :enable do
+        description "Enable a RHSM repository"
+
+        execute "Enable repository #{repo_name}" do
+          command "subscription-manager repos --enable=#{repo_name}"
+          action :run
+          not_if { repo_enabled?(repo_name) }
+        end
+      end
+
+      action :disable do
+        description "Disable a RHSM repository"
+
+        execute "Enable repository #{repo_name}" do
+          command "subscription-manager repos --disable=#{repo_name}"
+          action :run
+          only_if { repo_enabled?(repo_name) }
+        end
+      end
+
+      action_class do
+        def repo_enabled?(repo)
+          cmd = Mixlib::ShellOut.new("subscription-manager repos --list-enabled", env: { LANG: "en_US" })
+          cmd.run_command
+          !cmd.stdout.match(/Repo ID:\s+#{repo}$/).nil?
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/resource/rhsm_subscription.rb b/lib/chef/resource/rhsm_subscription.rb
new file mode 100644
index 0000000000..41dd398cd5
--- /dev/null
+++ b/lib/chef/resource/rhsm_subscription.rb
@@ -0,0 +1,96 @@
+#
+# Copyright:: 2015-2018 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "chef/resource"
+
+class Chef
+  class Resource
+    class RhsmSubscription < Chef::Resource
+      resource_name :rhsm_subscription
+
+      description "A resource for adding additional Redhat Subscription Manager subscriptions"\
+                  " to your host. This can be used when a host's activation_key"\
+                  " does not attach all necessary subscriptions to your host."
+      introduced "14.0"
+
+      property :pool_id,
+               String,
+               description: "An optional property for specifying the Pool ID if not using the resource's name.",
+               name_property: true
+
+      action :attach do
+        description "Attach the node to a subscription pool"
+
+        execute "Attach subscription pool #{new_resource.pool_id}" do
+          command "subscription-manager attach --pool=#{new_resource.pool_id}"
+          action :run
+          not_if { subscription_attached?(new_resource.pool_id) }
+        end
+      end
+
+      action :remove do
+        description "Remove the node from a subscription pool"
+
+        execute "Remove subscription pool #{new_resource.pool_id}" do
+          command "subscription-manager remove --serial=#{pool_serial(new_resource.pool_id)}"
+          action :run
+          only_if { subscription_attached?(new_resource.pool_id) }
+        end
+      end
+
+      action_class do
+        def subscription_attached?(subscription)
+          cmd = Mixlib::ShellOut.new("subscription-manager list --consumed | grep #{subscription}", env: { LANG: "en_US" })
+          cmd.run_command
+          !cmd.stdout.match(/Pool ID:\s+#{subscription}$/).nil?
+        end
+
+        def serials_by_pool
+          serials = {}
+          pool = nil
+          serial = nil
+
+          cmd = Mixlib::ShellOut.new("subscription-manager list --consumed", env: { LANG: "en_US" })
+          cmd.run_command
+          cmd.stdout.lines.each do |line|
+            line.strip!
+            key, value = line.split(/:\s+/, 2)
+            next unless ["Pool ID", "Serial"].include?(key)
+
+            if key == "Pool ID"
+              pool = value
+            elsif key == "Serial"
+              serial = value
+            end
+
+            next unless pool && serial
+
+            serials[pool] = serial
+            pool = nil
+            serial = nil
+          end
+
+          serials
+        end
+
+        def pool_serial(pool_id)
+          serials_by_pool[pool_id]
+        end
+      end
+    end
+  end
+end
diff --git a/lib/chef/resources.rb b/lib/chef/resources.rb
index 37d1ca253f..d54e7815c4 100644
--- a/lib/chef/resources.rb
+++ b/lib/chef/resources.rb
@@ -68,6 +68,11 @@ require "chef/resource/reboot"
 require "chef/resource/registry_key"
 require "chef/resource/remote_directory"
 require "chef/resource/remote_file"
+require "chef/resource/rhsm_errata_level"
+require "chef/resource/rhsm_errata"
+require "chef/resource/rhsm_register"
+require "chef/resource/rhsm_repo"
+require "chef/resource/rhsm_subscription"
 require "chef/resource/rpm_package"
 require "chef/resource/solaris_package"
 require "chef/resource/route"
author	Tim Smith <tsmith@chef.io>	2018-02-19 10:42:58 -0800
committer	GitHub <noreply@github.com>	2018-02-19 10:42:58 -0800
commit	bc436e42c71a7cf8fc5997aeeac0e1082c0a30d4 (patch)
tree	6d88ebcf9557584fa944d968d629257f0712634e /lib/chef
parent	56be8ea4bbe792645dc8fbd86f14183c9923e3bb (diff)
parent	c3236775e22739f78bac6277cf1e5e7ff7f4b2ce (diff)
download	chef-bc436e42c71a7cf8fc5997aeeac0e1082c0a30d4.tar.gz