diff --git a/0014-Add-Activation-Key-Support-For-Customer-Portal.patch b/0014-Add-Activation-Key-Support-For-Customer-Portal.patch new file mode 100644 index 0000000..4cf0bf6 --- /dev/null +++ b/0014-Add-Activation-Key-Support-For-Customer-Portal.patch @@ -0,0 +1,197 @@ +From bb91126803b313d11cde2223848d4dc28782c5bb Mon Sep 17 00:00:00 2001 +From: Ryan Brady +Date: Wed, 26 Nov 2014 10:25:31 -0500 +Subject: [PATCH] Add Activation Key Support For Customer Portal + +This patch adds support to register with the hosted customer portal +using activation keys. If an activation key is present in either +the REG_ACTIVATION_KEY or rh_registration.activation_key, it will +use that value instead of username and password credentials when +registering with Satellite or the hosted Customer Portal. This +patch also enforces that an org must be set in either the REG_ORG +or rh_registration.org to use the activation key. + +Change-Id: If40dd78ba793d508afb1a5ab345470ee5929afb0 +--- + .../pre-configure.d/06-rhel-registration | 47 ++++++++++---------- + .../rhel-common/pre-install.d/00-rhel-registration | 51 +++++++++++----------- + 2 files changed, 51 insertions(+), 47 deletions(-) + +diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +index f85569f..90306c2 100755 +--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration ++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +@@ -64,12 +64,20 @@ if [ -n "${REG_SERVER_URL:-}" ]; then + opts="$opts --serverurl=$REG_SERVER_URL" + fi + +-if [ -n "${REG_USER:-}" ]; then +- opts="$opts --username $REG_USER" +-fi ++if [ -n "${REG_ACTIVATION_KEY:-}" ]; then ++ opts="$opts --activationkey=$REG_ACTIVATION_KEY" ++ ++ if [ -z "${REG_ORG:-}" ]; then ++ echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG." ++ fi ++else ++ if [ -n "${REG_PASSWORD:-}" ]; then ++ opts="$opts --password $REG_PASSWORD" ++ fi + +-if [ -n "${REG_PASSWORD:-}" ]; then +- opts="$opts --password $REG_PASSWORD" ++ if [ -n "${REG_USER:-}" ]; then ++ opts="$opts --username $REG_USER" ++ fi + fi + + if [ -n "${REG_MACHINE_NAME:-}" ]; then +@@ -79,18 +87,19 @@ fi + if [ -n "${REG_ORG:-}" ]; then + opts="$opts --org $REG_ORG" + fi +-case "${REG_METHOD:-}" in +- portal) +- if [ -n "${REG_ACTIVATION_KEY:-}" ]; then +- echo "WARNING: Activation keys are not supported by the customer portal at this time." +- fi + +- if [ -n "${REG_REPOS:-}" ]; then +- for repo in $REG_REPOS; do +- repos="$repos --enable $repo" +- done +- fi ++if [ -n "${REG_REPOS:-}" ]; then ++ for repo in $REG_REPOS; do ++ repos="$repos --enable $repo" ++ done ++fi ++ ++if [ -n "${REG_TYPE:-}" ]; then ++ opts="$opts --type=$REG_TYPE" ++fi + ++case "${REG_METHOD:-}" in ++ portal) + subscription-manager register $opts + if [ -z "${REG_AUTO_ATTACH:-}" ]; then + subscription-manager attach $attach_opts +@@ -99,12 +108,6 @@ case "${REG_METHOD:-}" in + ;; + satellite) + repos="$repos --enable ${satellite_repo}" +- if [ -n "${REG_REPOS:-}" ]; then +- for repo in $REG_REPOS; do +- repos="$repos --enable $repo" +- done +- fi +- + rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true + subscription-manager register $opts + subscription-manager $repos +@@ -115,5 +118,5 @@ case "${REG_METHOD:-}" in + ;; + *) + echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD." +- exit 0 ++ exit 0 # keeps the stack from failing if you don't set a value in REG_METHOD + esac +diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration +index ced9529..f1a528d 100755 +--- a/elements/rhel-common/pre-install.d/00-rhel-registration ++++ b/elements/rhel-common/pre-install.d/00-rhel-registration +@@ -5,6 +5,7 @@ set -o pipefail + opts= + attach_opts= + repos="repos --enable rhel-7-server-rpms" ++satellite_repo="rhel-7-server-rh-common-beta-rpms" + + if [ -n "${REG_AUTO_ATTACH:-}" ]; then + opts="$opts --auto-attach" +@@ -30,8 +31,6 @@ else + fi + fi + +- +- + if [ -n "${REG_BASE_URL:-}" ]; then + opts="$opts --baseurl=$REG_BASE_URL" + fi +@@ -48,12 +47,20 @@ if [ -n "${REG_SERVER_URL:-}" ]; then + opts="$opts --serverurl=$REG_SERVER_URL" + fi + +-if [ -n "${REG_USER:-}" ]; then +- opts="$opts --username $REG_USER" +-fi ++if [ -n "${REG_ACTIVATION_KEY:-}" ]; then ++ opts="$opts --activationkey=$REG_ACTIVATION_KEY" + +-if [ -n "${REG_PASSWORD:-}" ]; then +- opts="$opts --password $REG_PASSWORD" ++ if [ -z "${REG_ORG:-}" ]; then ++ echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG." ++ fi ++else ++ if [ -n "${REG_PASSWORD:-}" ]; then ++ opts="$opts --password $REG_PASSWORD" ++ fi ++ ++ if [ -n "${REG_USER:-}" ]; then ++ opts="$opts --username $REG_USER" ++ fi + fi + + if [ -n "${REG_MACHINE_NAME:-}" ]; then +@@ -64,18 +71,18 @@ if [ -n "${REG_ORG:-}" ]; then + opts="$opts --org $REG_ORG" + fi + +-case "${REG_METHOD:-}" in +- portal) +- if [ -n "${REG_ACTIVATION_KEY:-}" ]; then +- echo "WARNING: Activation keys are not supported by the customer portal at this time." +- fi ++if [ -n "${REG_REPOS:-}" ]; then ++ for repo in $REG_REPOS; do ++ repos="$repos --enable $repo" ++ done ++fi + +- if [ -n "${REG_REPOS:-}" ]; then +- for repo in $REG_REPOS; do +- repos="$repos --enable $repo" +- done +- fi ++if [ -n "${REG_TYPE:-}" ]; then ++ opts="$opts --type=$REG_TYPE" ++fi + ++case "${REG_METHOD:-}" in ++ portal) + subscription-manager register $opts + if [ -z "${REG_AUTO_ATTACH:-}" ]; then + subscription-manager attach $attach_opts +@@ -83,13 +90,7 @@ case "${REG_METHOD:-}" in + subscription-manager $repos + ;; + satellite) +- repos="$repos --enable rhel-7-server-rh-common-beta-rpms" +- if [ -n "${REG_REPOS:-}" ]; then +- for repo in $REG_REPOS; do +- repos="$repos --enable $repo" +- done +- fi +- ++ repos="$repos --enable ${satellite_repo}" + rpm -Uvh "$REG_SAT_URL/pub/katello-ca-consumer-latest.noarch.rpm" || true + subscription-manager register $opts + subscription-manager $repos +@@ -98,5 +99,5 @@ case "${REG_METHOD:-}" in + ;; + *) + echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD." +- exit 1 ++ exit 1 # RHEL requires registration, fail image build if REG_Method isn't set + esac diff --git a/0014-Allow-for-disabling-rhel-registration.patch b/0014-Allow-for-disabling-rhel-registration.patch deleted file mode 100644 index 5970307..0000000 --- a/0014-Allow-for-disabling-rhel-registration.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 041dedfbfbf45ae38cb4959cacce1920f28ffbf3 Mon Sep 17 00:00:00 2001 -From: James Slagle -Date: Tue, 9 Dec 2014 14:14:53 -0500 -Subject: [PATCH] Allow for disabling rhel registration - -When using the rhel element, it can be uesful to disable registration. -For instance, if using an internal mirror repository that does not -require registration/authentication. - -Change-Id: I42fa34e7f146137e5b1b9c5d7785702311e1dca1 ---- - .../os-refresh-config/pre-configure.d/06-rhel-registration | 3 +++ - elements/rhel-common/pre-install.d/00-rhel-registration | 5 ++++- - 2 files changed, 7 insertions(+), 1 deletion(-) - -diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration -index f85569f..d7fd5be 100755 ---- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration -+++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration -@@ -113,6 +113,9 @@ case "${REG_METHOD:-}" in - # beta-rpms repo only needed to support the katello-ca rpm above. - subscription-manager repos --disable ${satellite_repo} - ;; -+ disable) -+ echo "Disabling RHEL registration" -+ ;; - *) - echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD." - exit 0 -diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration -index ced9529..0314019 100755 ---- a/elements/rhel-common/pre-install.d/00-rhel-registration -+++ b/elements/rhel-common/pre-install.d/00-rhel-registration -@@ -96,7 +96,10 @@ case "${REG_METHOD:-}" in - # beta-rpms repo only needed to support the katello-ca rpm above. - subscription-manager repos --disable rhel-7-server-rh-common-beta-rpms - ;; -+ disable) -+ echo "Disabling RHEL registration" -+ ;; - *) -- echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD." -+ echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD." - exit 1 - esac diff --git a/0015-Fix-repo-enablement-for-RHEL-during-registration.patch b/0015-Fix-repo-enablement-for-RHEL-during-registration.patch new file mode 100644 index 0000000..0b95711 --- /dev/null +++ b/0015-Fix-repo-enablement-for-RHEL-during-registration.patch @@ -0,0 +1,91 @@ +From b4e6e579d106c75dd5a5142b4e09d1805bdd4711 Mon Sep 17 00:00:00 2001 +From: Ryan Brady +Date: Thu, 4 Dec 2014 16:09:18 -0500 +Subject: [PATCH] Fix repo enablement for RHEL during registration + +Previously the REG_REPOS value was a space delimited list of repo +names, but the spaces were incompatible with passing through json. +If you pass a list in json through the heat parameter, the output +is the string representation of a python list of unicode vaules. +This patch changes the rhel-registration scripts to process the +REG_REPOS value as a comma delimited list which is more easily +passed through json. Both scripts have been updated to remain +consistent. + +Change-Id: I21b3fd115e53aa3b0fa4af9bbfb1f08b6fe163ab +--- + elements/rhel-common/README.md | 12 ++++++------ + .../os-refresh-config/pre-configure.d/06-rhel-registration | 2 +- + elements/rhel-common/pre-install.d/00-rhel-registration | 2 +- + 3 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/elements/rhel-common/README.md b/elements/rhel-common/README.md +index 4cdd184..d57d165 100644 +--- a/elements/rhel-common/README.md ++++ b/elements/rhel-common/README.md +@@ -81,8 +81,8 @@ It will change over time as new releases come out. There are also variants + + #### REG\_REPOS + A single string representing a list of repository names separated by a +-space. Each of the repositories in this string are enabled through +-subscription manager. Once you've attached a subscription, you can ++comma (No spaces). Each of the repositories in this string are enabled ++through subscription manager. Once you've attached a subscription, you can + find available repositories by running subscription-manager repos --list. + + #### REG\_SERVER\_URL +@@ -119,7 +119,7 @@ REG_METHOD=satellite + To register with the Red Hat Customer Portal, a common example would be to + set the following variables: + +-REG_REPOS='rhel-7-server-optional-rpms rhel-7-server-extras-rpms' ++REG_REPOS='rhel-7-server-optional-rpms,rhel-7-server-extras-rpms' + REG_AUTO_ATTACH=true + REG_USER='tripleo' + REG_PASSWORD='tripleo' +@@ -165,8 +165,8 @@ Heat metadata can be used to configure the rhel-common element. + # minor release version. This is only used with the auto_attach + # option. + repos: +- # A single string representing a list of repository names separated +- # by a space. Each of the repositories in this string are enabled ++ # A single string representing a list of repository names separated by a ++ # comma (No spaces). Each of the repositories in this string are enabled + # through subscription manager. + satellite_url: + # The url of the Satellite instance to register with. Required for +@@ -214,7 +214,7 @@ use the following metadata: + + { + "rh_registration":{ +- "repos":"rhel-7-server-optional-rpms rhel-7-server-extras-rpms", ++ "repos":"rhel-7-server-optional-rpms,rhel-7-server-extras-rpms", + "auto_attach":true, + "user":"tripleo", + "password":"tripleo", +diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +index 90306c2..53ef58a 100755 +--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration ++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +@@ -89,7 +89,7 @@ if [ -n "${REG_ORG:-}" ]; then + fi + + if [ -n "${REG_REPOS:-}" ]; then +- for repo in $REG_REPOS; do ++ for repo in $(echo $REG_REPOS | tr ',' '\n'); do + repos="$repos --enable $repo" + done + fi +diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration +index f1a528d..fe19593 100755 +--- a/elements/rhel-common/pre-install.d/00-rhel-registration ++++ b/elements/rhel-common/pre-install.d/00-rhel-registration +@@ -72,7 +72,7 @@ if [ -n "${REG_ORG:-}" ]; then + fi + + if [ -n "${REG_REPOS:-}" ]; then +- for repo in $REG_REPOS; do ++ for repo in $(echo $REG_REPOS | tr ',' '\n'); do + repos="$repos --enable $repo" + done + fi diff --git a/0016-Deprecates-username-and-password-from-boot-time-regi.patch b/0016-Deprecates-username-and-password-from-boot-time-regi.patch new file mode 100644 index 0000000..e318ad2 --- /dev/null +++ b/0016-Deprecates-username-and-password-from-boot-time-regi.patch @@ -0,0 +1,124 @@ +From 59f13915cc7beb5df6cf9028d03e3c708d85ced5 Mon Sep 17 00:00:00 2001 +From: Ryan Brady +Date: Tue, 9 Dec 2014 10:46:00 -0500 +Subject: [PATCH] Deprecates username and password from boot time registration + +The username and password combination is considered insecure to store in +the metadata passed to the stack as they can easily be obtained and +possibly used in an unathorized manner by logging into one of the +registration systems. The use of an activation key is more desirable +as it can only be used in conjunction with subscription-manager to +register a RHEL system. + +This patch deprecates the username and password support from the script +that registers RHEL with either Satellite or RH Customer Portal during +boot-time. This patch also adds a warning if the username and password +combination is used in the stack metadata. The documentation and examples +have also been updated to warn operators of the deprecation of username +and password. + +This patch does not affect the username and password support for +registration activities while building images with diskimage-builder. + +Change-Id: I05b7a18e910d31ad2273042409f8657ad9dee36a +--- + elements/rhel-common/README.md | 21 +++++++++++++++++---- + .../pre-configure.d/06-rhel-registration | 4 +++- + .../rhel-common/pre-install.d/00-rhel-registration | 2 +- + 3 files changed, 21 insertions(+), 6 deletions(-) + +diff --git a/elements/rhel-common/README.md b/elements/rhel-common/README.md +index d57d165..f2eb64c 100644 +--- a/elements/rhel-common/README.md ++++ b/elements/rhel-common/README.md +@@ -9,6 +9,18 @@ Portal or Satellite to enable software installation from official + repositories. After the end of the image creation process, the image will + unregister itself so an entitlement will not be decremented from the account. + ++ ++SECURITY WARNING: ++----------------- ++While the image building workflow will allow you to register with a username ++and password combination, that feature is deprecated in the boot process via ++Heat as it will expose your username and password in clear text for anyone ++that has rights to run heat stack-show. A compromised username and password ++can be used to login to the Red Hat Customer Portal or an instance of ++Satellite. An activation key can only be used for registration purposes using ++the subscription-manager command line tool and is considered a lower security ++risk. ++ + IMPORTANT NOTE: + ---------------- + The 00-rhsm script is specific to RHEL6. If you use the REG_ variables to +@@ -158,6 +170,7 @@ Heat metadata can be used to configure the rhel-common element. + org: + # Gives the organization to which to join the system. + password: ++ # DEPRECATED + # Gives the password for the user account. + release: + # Sets the operating system minor release to use for subscriptions +@@ -180,6 +193,7 @@ Heat metadata can be used to configure the rhel-common element. + # Sets the service level to use for subscriptions on that machine. + # This is only used with the auto_attach option. + user: ++ # DEPRECATED + # Gives the content server user account name. + type: + # Sets what type of consumer is being registered. The default is +@@ -202,8 +216,7 @@ metadata: + "satellite_url": "http://my-sat06.server.org", + "org": "tripleo", + "environment": "Library", +- "user":"tripleo", +- "password":"tripleo", ++ "activation_key": "my-key-SQQkh4", + "method":"satellite" + "repos": "rhel-ha-for-rhel-7-server-rpms" + } +@@ -216,8 +229,8 @@ use the following metadata: + "rh_registration":{ + "repos":"rhel-7-server-optional-rpms,rhel-7-server-extras-rpms", + "auto_attach":true, +- "user":"tripleo", +- "password":"tripleo", ++ "activation_key": "my-key-SQQkh4", ++ "org": "5643002", + "method":"portal" + } + } +diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +index 53ef58a..12a92b0 100755 +--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration ++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +@@ -71,6 +71,8 @@ if [ -n "${REG_ACTIVATION_KEY:-}" ]; then + echo "WARNING: REG_ACTIVATION_KEY set without REG_ORG." + fi + else ++ echo "WARNING: Support for registering with a username and password is deprecated." ++ echo "Please use activation keys instead. See the README for more information." + if [ -n "${REG_PASSWORD:-}" ]; then + opts="$opts --password $REG_PASSWORD" + fi +@@ -85,7 +87,7 @@ if [ -n "${REG_MACHINE_NAME:-}" ]; then + fi + + if [ -n "${REG_ORG:-}" ]; then +- opts="$opts --org $REG_ORG" ++ opts="$opts --org=$REG_ORG" + fi + + if [ -n "${REG_REPOS:-}" ]; then +diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration +index fe19593..02b6fca 100755 +--- a/elements/rhel-common/pre-install.d/00-rhel-registration ++++ b/elements/rhel-common/pre-install.d/00-rhel-registration +@@ -68,7 +68,7 @@ if [ -n "${REG_MACHINE_NAME:-}" ]; then + fi + + if [ -n "${REG_ORG:-}" ]; then +- opts="$opts --org $REG_ORG" ++ opts="$opts --org=$REG_ORG" + fi + + if [ -n "${REG_REPOS:-}" ]; then diff --git a/0017-Allow-for-disabling-rhel-registration.patch b/0017-Allow-for-disabling-rhel-registration.patch new file mode 100644 index 0000000..ebd81f4 --- /dev/null +++ b/0017-Allow-for-disabling-rhel-registration.patch @@ -0,0 +1,78 @@ +From 98116726fcb90248d7a28f8f7305e48d21378f44 Mon Sep 17 00:00:00 2001 +From: James Slagle +Date: Tue, 9 Dec 2014 14:14:53 -0500 +Subject: [PATCH] Allow for disabling rhel registration + +When using the rhel element, it can be uesful to disable registration. +For instance, if using an internal mirror repository that does not +require registration/authentication. + +Change-Id: I42fa34e7f146137e5b1b9c5d7785702311e1dca1 + +Conflicts: + elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration + elements/rhel-common/pre-install.d/00-rhel-registration +--- + elements/rhel-common/README.md | 5 +++-- + .../os-refresh-config/pre-configure.d/06-rhel-registration | 7 +++++-- + elements/rhel-common/pre-install.d/00-rhel-registration | 8 ++++++-- + 3 files changed, 14 insertions(+), 6 deletions(-) + +diff --git a/elements/rhel-common/README.md b/elements/rhel-common/README.md +index f2eb64c..807e924 100644 +--- a/elements/rhel-common/README.md ++++ b/elements/rhel-common/README.md +@@ -71,7 +71,7 @@ the hostname. + #### REG\_METHOD + Sets the method of registration. Use "portal" to register a system with the + Red Hat Customer Portal. Use "satellite" to register a system with Red +-Hat Satellite 6. ++Hat Satellite 6. Use "disable" to skip the registration process. + + #### REG\_ORG + Gives the organization to which to join the system. +@@ -204,7 +204,8 @@ Heat metadata can be used to configure the rhel-common element. + method: + # Sets the method of registration. Use "portal" to register a + # system with the Red Hat Customer Portal. Use "satellite" to +- # register a system with Red Hat Satellite 6. ++ # register a system with Red Hat Satellite 6. Use "disable" to ++ # skip the registration process. + + Configuration Registration Examples + ------------------------------------ +diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +index 12a92b0..e33598d 100755 +--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration ++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +@@ -118,7 +118,10 @@ case "${REG_METHOD:-}" in + # beta-rpms repo only needed to support the katello-ca rpm above. + subscription-manager repos --disable ${satellite_repo} + ;; ++ disable) ++ echo "Disabling RHEL registration" ++ ;; + *) +- echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD." +- exit 0 # keeps the stack from failing if you don't set a value in REG_METHOD ++ echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD." ++ exit 0 + esac +diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration +index 02b6fca..97cfddf 100755 +--- a/elements/rhel-common/pre-install.d/00-rhel-registration ++++ b/elements/rhel-common/pre-install.d/00-rhel-registration +@@ -97,7 +97,11 @@ case "${REG_METHOD:-}" in + # beta-rpms repo only needed to support the katello-ca rpm above. + subscription-manager repos --disable rhel-7-server-rh-common-beta-rpms + ;; ++ disable) ++ echo "Disabling RHEL registration" ++ export REG_HALT_UNREGISTER=1 # stops attempt to unregister ++ ;; + *) +- echo "WARNING: only 'portal' and 'satellite' are valid values for REG_METHOD." +- exit 1 # RHEL requires registration, fail image build if REG_Method isn't set ++ echo "WARNING: only 'portal', 'satellite', and 'disable' are valid values for REG_METHOD." ++ exit 1 + esac diff --git a/0018-Don-t-trace-RHEL-registration-scripts.patch b/0018-Don-t-trace-RHEL-registration-scripts.patch new file mode 100644 index 0000000..0edabbe --- /dev/null +++ b/0018-Don-t-trace-RHEL-registration-scripts.patch @@ -0,0 +1,40 @@ +From b37c823293334fa0d49e4c27fd7956072adc72d1 Mon Sep 17 00:00:00 2001 +From: Ben Nemec +Date: Wed, 17 Dec 2014 16:39:27 -0600 +Subject: [PATCH] Don't trace RHEL registration scripts + +These scripts are littered with references to passwords and keys, +so rather than try to disable tracing in every one of those places +I propose we simply turn it off for the scripts. This will likely +need to be revisited after the global tracing discussion is +resolved anyway. + +Change-Id: I805015300bf01b2f8eec9f70ccfdf533dd9386b3 +Related-Bug: 1298205 +--- + .../rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration | 2 +- + elements/rhel-common/pre-install.d/00-rhel-registration | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +index e33598d..306e242 100755 +--- a/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration ++++ b/elements/rhel-common/os-refresh-config/pre-configure.d/06-rhel-registration +@@ -1,5 +1,5 @@ + #!/bin/bash +-set -eux ++set -eu + set -o pipefail + + REG_ACTIVATION_KEY="$(os-apply-config --key rh_registration.activation_key --type raw --key-default '')" +diff --git a/elements/rhel-common/pre-install.d/00-rhel-registration b/elements/rhel-common/pre-install.d/00-rhel-registration +index 97cfddf..bb979f8 100755 +--- a/elements/rhel-common/pre-install.d/00-rhel-registration ++++ b/elements/rhel-common/pre-install.d/00-rhel-registration +@@ -1,5 +1,5 @@ + #!/bin/bash +-set -eux ++set -eu + set -o pipefail + + opts= diff --git a/diskimage-builder.spec b/diskimage-builder.spec index b76e88c..0d64ae1 100644 --- a/diskimage-builder.spec +++ b/diskimage-builder.spec @@ -1,7 +1,7 @@ Name: diskimage-builder Summary: Image building tools for OpenStack Version: 0.1.34 -Release: 18%{?dist} +Release: 19%{?dist} License: ASL 2.0 Group: System Environment/Base URL: https://launchpad.net/diskimage-builder @@ -20,7 +20,11 @@ Patch0010: 0010-Update-RHEL-Registration.patch Patch0011: 0011-Allow-source-repositories-to-be-disabled-completely.patch Patch0012: 0012-Allow-injecting-arbitrary-yum-repo-configuration.patch Patch0013: 0013-Convert-deploy-ramdisk-to-targetcli.patch -Patch0014: 0014-Allow-for-disabling-rhel-registration.patch +Patch0014: 0014-Add-Activation-Key-Support-For-Customer-Portal.patch +Patch0015: 0015-Fix-repo-enablement-for-RHEL-during-registration.patch +Patch0016: 0016-Deprecates-username-and-password-from-boot-time-regi.patch +Patch0017: 0017-Allow-for-disabling-rhel-registration.patch +Patch0018: 0018-Don-t-trace-RHEL-registration-scripts.patch BuildArch: noarch BuildRequires: python2-devel @@ -53,6 +57,10 @@ Requires: dib-utils %patch0012 -p1 %patch0013 -p1 %patch0014 -p1 +%patch0015 -p1 +%patch0016 -p1 +%patch0017 -p1 +%patch0018 -p1 %build %{__python} setup.py build @@ -105,6 +113,12 @@ Components of TripleO that are responsible for building disk images. %{_datadir}/%{name}/elements %changelog +* Mon Jan 05 2015 James Slagle 0.1.34-19 +- Don't trace RHEL registration scripts +- Allow for disabling rhel registration +- Deprecates username and password from boot time registration +- Fix repo enablement for RHEL during registration + * Tue Dec 09 2014 James Slagle 0.1.34-18 - Allow for disabling rhel registration