Fix defaults when activation key is used, add options

When the activation key is used, we don't want to deploy repositories,
and also it's not compatible with autosubscribe option, they are both
mutually exclusive.

This patch:
- change the default of rhsm_autosubscribe to be undefined.
- configure repositories when activationkey isn't defined.
- use include_tasks since a variable is in the task file name
- add option to force registration
- pass the rhsm_baseurl to the registration task, which is needed when
  unregistering
- derive the rhsm_satellite_url from rhsm_baseurl by default, but allow it to
  be overridden
- sets validate_certs for yum tasks
- uses dynamic task inclusion rather than static import with a default filter for selecting the registration method

Change-Id: Ibf8c3c573a78acc6815cf3793a208028c43f3ba1
Closes-Bug: #1798382

README.md

@@ -16,15 +16,16 @@ Role Variables
 
 | Name              | Default Value       | Description          |
 |-------------------|---------------------|----------------------|
+| `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. |
 | `rhsm_username` | `[undefined]` | Red Hat Portal username. |
 | `rhsm_password` | `[undefined]` | Red Hat Portal password. |
 | `rhsm_activation_key` | `[undefined]` | Red Hat Portal Activation Key. |
 | `rhsm_org_id` | `[undefined]` | Red Hat Portal Organization Identifier. |
 | `rhsm_pool_ids` | `[undefined]` | Red Hat Subscription pool IDs to consume. |
-| `rhsm_method` | `portal` | Set to `portal` or `satellite` depending on where you are registering. |
 | `rhsm_state` | `present` | Whether to enable or disable a Red Hat subscription. |
-| `rhsm_autosubscribe` | `yes` | Whether or not to autosubscribe to available repositories. |
-| `rhsm_method` | `portal` | Method to use for activation: `portal` or `satellite`. If `satellite`, the role will determine the Satellite Server version and take the appropriate registration actions. |
+| `rhsm_autosubscribe` | `[undefined]` | Whether or not to autosubscribe to available repositories. |
+| `rhsm_consumer_hostname` | `[undefined]` | Name of the system to use when registering. Defaults to using the system hostname if undefined. |
+| `rhsm_force_register` | `[undefined]` | Whether or not to force registration. Will not force registration if undefined. |
 | `rhsm_repos` | `[]` | The list of repositories to enable or disable. See `defaults/main.yml` for examples. |
 | `rhsm_rhsm_port` | `443` | Port to use when connecting to subscription server. |
 | `rhsm_server_hostname` | `subscription.rhn.redhat.com` | FQDN of subscription server. |
@@ -36,6 +37,7 @@ Role Variables
 | `rhsm_rhsm_proxy_user` | `[undefined]` | Username to use for proxy server. |
 | `rhsm_rhsm_proxy_password` | `[undefined]` | Password to use for proxy server. Save this in an Ansible Vault or other secret store. |
 | `rhsm_baseurl` | `https://cdn.redhat.com` | Base URL for content. |
+| `rhsm_satellite_url` | `[see defaults/main.yml]` | URL of the Satellite server that will be probed to determine the Satellite version. Uses the scheme and hostname of `rhsm_baseurl` by default.  |
 | `rhsm_ca_cert_dir` | `/etc/rhsm/ca/` | Server CA certificate directory. |
 | `rhsm_repo_ca_cert` | `%(ca_cert_dir)sredhat-uep.pem` | Default CA to use when generating yum rep configs. |
 | `rhsm_product_cert_dir` | `/etc/pki/product` | Product certificate directory. |

defaults/main.yml

@@ -3,9 +3,9 @@
 # rhsm_password: secrete
 # rhsm_activation_key: AAA-BBB-CCC-DDD
 # rhsm_ord_id: 1234
+# rhsm_autosubscribe: yes # or no (note it's mutually exclusive to rhsm_activation_key)
 
 rhsm_state: present                      # present or absent
-rhsm_autosubscribe: yes
 rhsm_method: portal                      # portal or satellite
 
 rhsm_repos: []
@@ -24,6 +24,7 @@ rhsm_ssl_verify_depth: 3
 # rhsm_rhsm_proxy_user: ""
 # rhsm_rhsm_proxy_password: ""
 rhsm_baseurl: https://cdn.redhat.com
+rhsm_satellite_url: "{{ rhsm_baseurl | urlsplit('scheme') ~ '://' ~ rhsm_baseurl | urlsplit('hostname') }}"
 rhsm_ca_cert_dir: /etc/rhsm/ca/
 rhsm_repo_ca_cert: '%(ca_cert_dir)sredhat-uep.pem'
 rhsm_product_cert_dir: /etc/pki/product

meta/main.yml

@@ -6,7 +6,7 @@ galaxy_info:
   description: "Manage Red Hat subscription and repositories."
   company:
   license: Apache 2.0
-  min_ansible_version: 2.4
+  min_ansible_version: 2.5
 
   platforms:
   - name: EL

tasks/main.yml

@@ -15,6 +15,10 @@
     - rhsm
     - rhsm_conf
 
-- import_tasks: "{{ rhsm_method | default('portal') }}.yml"
+- block:
+    - include_tasks: "{{ rhsm_method }}.yml"
   tags:
     - rhsm
+    - rhsm_register
+    - rhsm_repos
+    - rhsm_satellite

tasks/portal.yml

@@ -8,6 +8,8 @@
     state: "{{ rhsm_state | default(omit) }}"
     autosubscribe: "{{ rhsm_autosubscribe | default(omit) }}"
     consumer_name: "{{ rhsm_consumer_hostname | default(omit) }}"
+    force_register: "{{ rhsm_force_register | default(omit) }}"
+    rhsm_baseurl: "{{ rhsm_baseurl | default(omit) }}"
   tags:
     - rhsm
     - rhsm_register
@@ -17,7 +19,9 @@
     name: "{{ item.name | default(item) }}"
     state: "{{ item.state | default('enabled') }}"
   with_items: "{{ rhsm_repos | default([]) }}"
-  when: rhsm_state == 'present'
+  when:
+    - rhsm_state == 'present'
+    - rhsm_activation_key is not defined
   tags:
     - rhsm
     - rhsm_repos

tasks/satellite-6.yml

@@ -2,6 +2,7 @@
   yum:
     name: "{{ rhsm_satellite_url }}/pub/katello-ca-consumer-latest.noarch.rpm"
     state: present
+    validate_certs: "{{ not rhsm_insecure }}"
 
 - name: SATELLITE 6 | Get Satellite certificates
   get_url:

tasks/satellite.yml

@@ -24,10 +24,8 @@
   tags:
     - rhsm_satellite
 
-- import_tasks: satellite-{{ rhsm_satellite_version }}.yml
+- include_tasks: satellite-{{ rhsm_satellite_version }}.yml
   tags:
     - rhsm_satellite
 
 - import_tasks: portal.yml
-  tags:
-    - rhsm