Overview
There seems to be some trouble with my local satellite repository i therefor switched to install directyl from CDN. The following script starts the system, reregisters to CDN, installs the SW and powers the system off again. This is done sequentialy one at a time, as my bandwidht is not that high and i need to keep power consuption low.
Approach
At first you find the script which servse the goal:
[root@jump ansible]# cat gluster_install.yml
# install gluster from CDN - one by one
- hosts: gluster
gather_facts: False
serial: 1
tasks:
- name: Boot server
raw: power on
delegate_to: "{{ inventory_hostname }}-ilo"
- name: Wait for server to start
local_action:
module: wait_for
host={{ inventory_hostname }}
port=22
delay=1
timeout=300
- name: remove subscriptions
# redhat_subscription: state=absent
shell: subscription-manager remove --all
ignore_errors: yes
- name: unregister
shell: subscription-manager unregister
ignore_errors: yes
- name: configure CDN as source
template: src=./templates/rhsm.conf.cdn dest=/etc/rhsm/rhsm.conf
- name: register to CDN
redhat_subscription: state=present username=mschreie1@redhat.com password=xxxxxx
- name: subscribe to CDN
shell: subscription-manager attach --pool=8a85f98144844aff014488d058bf15be
- name: disable repos
shell: subscription-manager repos --disable=* --enable=rhel-7-server-satellite-tools-6.1-rpms --enable=rh-gluster-3-for-rhel-7-server-rpms --enable=rhel-7-server-rpms
- name: yum clean repos
shell: yum clean all
- name: install Gluster
yum: name=redhat-storage-server state=present
# - name: unsubscribe from CDN
# - name: subscribe to jump
- name: Shutdown server
shell: sleep 2 && shutdown now "Reboot triggered by Ansible"
async: 1
poll: 0
ignore_errors: true
- name: Wait for server to switch off
raw: power
register: power
delegate_to: "{{ inventory_hostname }}-ilo"
until: power.stdout.find("Off") != -1
retries: 5
delay: 30
[root@jump ansible]#
There are some things to mention:
Ansible would gather facts from all hosts before starting with the first defined task. This would fail as long as the servers are switched off. I therefore stated
gather_facts: False
As said i want to run the installation one server at a time as bandwidth will not allow all servers to pull from cdn at the same time.
serial: 1
Ansible connects to the corresponding ilo-Board to switch the server on. To make this simpler i named the ilo-boards similar to the hosts as host-ilo.
- name: Boot server
raw: power on
delegate_to: "{{ inventory_hostname }}-ilo"
After powering on i need to wait for the server to be booted. I take that as given as soon as ansible can connect to the server via ssh.
- name: Wait for server to start
local_action:
module: wait_for
host={{ inventory_hostname }}
port=22
delay=1
timeout=300O
The file
/etc/rhsm/rhsm.conf
defines which system to subscribe against. Per default this points to CDN. After installing the katello-ca-consumer*.rpm this file points to your satellite server. I decided to maintain 2 templates on my ansible server which allow me to switch sources by replacing this file. My template looks like this:
[root@jump ansible]# cat templates/rhsm.conf.cdn # Red Hat Subscription Manager Configuration File: # Unified Entitlement Platform Configuration [server] # Server hostname: hostname = subscription.rhn.redhat.com # Server prefix: prefix = /subscription # Server port: port = 443 # Set to 1 to disable certificate validation: insecure = 0 # Set the depth of certs which should be checked # when validating a certificate ssl_verify_depth = 3 # an http proxy server to use proxy_hostname = # port for http proxy server proxy_port = # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password = [rhsm] # Content base URL: baseurl= https://cdn.redhat.com # Server CA certificate location: ca_cert_dir = /etc/rhsm/ca/ # Default CA cert to use when generating yum repo configs: repo_ca_cert = %(ca_cert_dir)sredhat-uep.pem # Where the certificates should be stored productCertDir = /etc/pki/product entitlementCertDir = /etc/pki/entitlement consumerCertDir = /etc/pki/consumer # Manage generation of yum repositories for subscribed content: manage_repos = 1 # Refresh repo files with server overrides on every yum command full_refresh_on_yum = 0 # If set to zero, the client will not report the package profile to # the subscription management service. report_package_profile = 1 # The directory to search for subscription manager plugins pluginDir = /usr/share/rhsm-plugins # The directory to search for plugin configuration files pluginConfDir = /etc/rhsm/pluginconf.d [rhsmcertd] # Interval to run cert check (in minutes): certCheckInterval = 240 # Interval to run auto-attach (in minutes): autoAttachInterval = 1440
And here is the way to switch to cdn:
- name: configure CDN as source template: src=./templates/rhsm.conf.cdn dest=/etc/rhsm/rhsm.conf
As you can see, i did not take care to hide the CDN-password outside my ansible playbook and i did not achive the correct pool-id through some automagic. Both can truely be evolved. Espcialy the password should not be put in a script.
The last step is to shutdown the server. This breaks the ssh connection and would let ansible fail if i did not tell ansible to ignore the errors. Asking the corresponding ilo system till the server is realy switched of is the last task before moving to the next server.
- name: Shutdown server
shell: sleep 2 && shutdown now "Reboot triggered by Ansible"
async: 1
poll: 0
ignore_errors: true
- name: Wait for server to switch off
raw: power
register: power
delegate_to: "{{ inventory_hostname }}-ilo"
until: power.stdout.find("Off") != -1
retries: 5
delay: 30
Conclusion
You find some usefull mechanisms inside this script which made it possible to use ansible i quite a flexible way. I personaly am very happy to be able to adress the corresponding ilo-board of theservers i’m just working with.
Markus Schreier 