From ac6a61b4adb44b9be1bb2bcb3533fb404c6547df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= Date: Thu, 23 Jun 2016 10:37:52 +0200 Subject: [PATCH 1/6] Prepare a directory structure where user is supposed to put his rpm. Current documentation says: "Download the package rhn-org-trusted-ssl-cert-VERSION-RELEASE.noarch.rpm from https://susemanager.example.com/pub/... Copy the file you downloaded to /opt/dell/chef/cookbooks/suse-manager-client/files/default/ssl-cert.rpm." However, the directory does not even exist in current directory structure. Also, suggested call of "/opt/dell/bin/barclamp_install.rb --rpm suse-manager-client" won't work as the new file is not packaged. We could have fake ssl-cert.rpm (with the content of this README file), but I'd rather propose to update the documentation for a simpler call of "knife cookbook upload core -o ..." (cherry picked from commit 6fd99107cda36eacf658bfe5e297d5cc1878a4f9) Update the instraction for installation of ssl-cert.rpm package. (cherry picked from commit 8120d553ec9521fb7fc69b9f699dc93dd3a491c7) (cherry picked from commit 7fa0cac3c54b5d3f5ba62da07a0549e370e21a33) --- chef/cookbooks/suse-manager-client/files/default/README | 2 ++ .../app/helpers/barclamp/suse_manager_client_helper.rb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) create mode 100644 chef/cookbooks/suse-manager-client/files/default/README diff --git a/chef/cookbooks/suse-manager-client/files/default/README b/chef/cookbooks/suse-manager-client/files/default/README new file mode 100644 index 0000000000..c6cd850a0d --- /dev/null +++ b/chef/cookbooks/suse-manager-client/files/default/README @@ -0,0 +1,2 @@ +Copy the rhn-org-trusted-ssl-cert-VERSION-RELEASE.noarch.rpm package you downloaded +from your SUSE Manager server to this directory as ssl-cert.rpm. diff --git a/crowbar_framework/app/helpers/barclamp/suse_manager_client_helper.rb b/crowbar_framework/app/helpers/barclamp/suse_manager_client_helper.rb index 0799724c1f..d1ed6ce513 100644 --- a/crowbar_framework/app/helpers/barclamp/suse_manager_client_helper.rb +++ b/crowbar_framework/app/helpers/barclamp/suse_manager_client_helper.rb @@ -25,7 +25,7 @@ def suse_manager_client_rpm end def suse_manager_client_install - "/opt/dell/bin/barclamp_install.rb --rpm suse-manager-client" + "knife cookbook upload suse-manager-client -o /opt/dell/chef/cookbooks" end end end From 5a34e76ab2f1408bcdd491a1ab1bb1325af1a534 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= Date: Thu, 23 Jun 2016 11:13:04 +0200 Subject: [PATCH 2/6] Execute bootstrap script from SUMA server (cherry picked from commit 52c3048bec37f1b5c9c89ee31175e0e08a1a20da) (cherry picked from commit b422bd84d120596fea0e1ef85bca60e48edfefe3) --- .../suse-manager-client/recipes/default.rb | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/chef/cookbooks/suse-manager-client/recipes/default.rb b/chef/cookbooks/suse-manager-client/recipes/default.rb index 8cd59d3408..e4f6133ba4 100644 --- a/chef/cookbooks/suse-manager-client/recipes/default.rb +++ b/chef/cookbooks/suse-manager-client/recipes/default.rb @@ -17,6 +17,8 @@ # limitations under the License. # +return if node[:crowbar_wall][:suse_manager_client_registered] || false + manager_server = node[:suse_manager_client][:manager_server] activation_key = node[:suse_manager_client][:activation_key] @@ -36,11 +38,10 @@ EOH end -# XXX requires chef-client with CHEF-4090 fixed otherwise the package -# provider can't handle the URL -package "https://#{manager_server}/pub/bootstrap/sm-client-tools.rpm" - -execute "sm-client" do - command "sm-client --hostname #{manager_server} --activation-keys #{activation_key}" +bootstap_script = "bootstrap-sles12.#{node[:platform_version].split(".").last}" +execute "bootstrap SUMA client" do + command "curl https://#{manager_server}/pub/bootstrap/#{bootstap_script}.sh | sh" end +node.set[:crowbar_wall][:suse_manager_client_registered] = true +node.save From 1fa26d771bd8b97c6d67caa5e7abd57eec2a8cdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= Date: Thu, 23 Jun 2016 11:26:23 +0200 Subject: [PATCH 3/6] Remove Activation Key. It is already included in bootstrap scrip. Clients do not need to provide Activation Key. SUMA administrator is using the Activation Key to create the bootstrap script which will be downloaded and executed by clients. (cherry picked from commit a8213efbb6a368868968d88c56a4159734b409a7) (cherry picked from commit 6c5e1903fc28faef9537f1b9c79ea1c87271c354) --- chef/cookbooks/suse-manager-client/recipes/default.rb | 1 - .../suse_manager_client/100_remove_activation_key.rb | 9 +++++++++ chef/data_bags/crowbar/template-suse_manager_client.json | 2 +- .../crowbar/template-suse_manager_client.schema | 2 +- .../suse_manager_client/_edit_attributes.html.haml | 4 ---- .../config/locales/suse_manager_client/en.yml | 1 - 6 files changed, 11 insertions(+), 8 deletions(-) create mode 100644 chef/data_bags/crowbar/migrate/suse_manager_client/100_remove_activation_key.rb diff --git a/chef/cookbooks/suse-manager-client/recipes/default.rb b/chef/cookbooks/suse-manager-client/recipes/default.rb index e4f6133ba4..e0da582992 100644 --- a/chef/cookbooks/suse-manager-client/recipes/default.rb +++ b/chef/cookbooks/suse-manager-client/recipes/default.rb @@ -20,7 +20,6 @@ return if node[:crowbar_wall][:suse_manager_client_registered] || false manager_server = node[:suse_manager_client][:manager_server] -activation_key = node[:suse_manager_client][:activation_key] temp_pkg = Mixlib::ShellOut.new("mktemp /tmp/ssl-cert-XXXX.rpm").run_command.stdout.strip diff --git a/chef/data_bags/crowbar/migrate/suse_manager_client/100_remove_activation_key.rb b/chef/data_bags/crowbar/migrate/suse_manager_client/100_remove_activation_key.rb new file mode 100644 index 0000000000..55524d6017 --- /dev/null +++ b/chef/data_bags/crowbar/migrate/suse_manager_client/100_remove_activation_key.rb @@ -0,0 +1,9 @@ +def upgrade(ta, td, a, d) + a.delete("activation_key") + return a, d +end + +def downgrade(ta, td, a, d) + a["activation_key"] = ta["activation_key"] + return a, d +end diff --git a/chef/data_bags/crowbar/template-suse_manager_client.json b/chef/data_bags/crowbar/template-suse_manager_client.json index c09e22e559..a9a41c0d2d 100644 --- a/chef/data_bags/crowbar/template-suse_manager_client.json +++ b/chef/data_bags/crowbar/template-suse_manager_client.json @@ -3,13 +3,13 @@ "description": "Register systems as SUSE Manager clients", "attributes": { "suse_manager_client": { - "activation_key": "", "manager_server": "" } }, "deployment": { "suse_manager_client": { "crowbar-revision": 0, + "schema-revision": 100, "crowbar-applied": false, "element_states": { "suse-manager-client": [ "readying", "ready", "applying" ] diff --git a/chef/data_bags/crowbar/template-suse_manager_client.schema b/chef/data_bags/crowbar/template-suse_manager_client.schema index b9000da751..5798e713cc 100644 --- a/chef/data_bags/crowbar/template-suse_manager_client.schema +++ b/chef/data_bags/crowbar/template-suse_manager_client.schema @@ -12,7 +12,6 @@ "type": "map", "required": true, "mapping": { - "activation_key": { "type": "str", "required": true }, "manager_server": { "type": "str", "required": true } } } @@ -27,6 +26,7 @@ "required": true, "mapping": { "crowbar-revision": { "type": "int", "required": true }, + "schema-revision": { "type": "int", "required": true }, "crowbar-committing": { "type": "bool" }, "crowbar-applied": { "type": "bool" }, "crowbar-status": { "type": "str" }, diff --git a/crowbar_framework/app/views/barclamp/suse_manager_client/_edit_attributes.html.haml b/crowbar_framework/app/views/barclamp/suse_manager_client/_edit_attributes.html.haml index e033aba3ed..d9cf421d9a 100644 --- a/crowbar_framework/app/views/barclamp/suse_manager_client/_edit_attributes.html.haml +++ b/crowbar_framework/app/views/barclamp/suse_manager_client/_edit_attributes.html.haml @@ -6,10 +6,6 @@ %span.help-block.alert.alert-info = t(".manual_steps", manager_url: suse_manager_client_url, rpm_path: suse_manager_client_rpm, install_command: suse_manager_client_install).html_safe - = string_field :activation_key - %span.help-block - = t(".activation_key_hint") - = string_field :manager_server %span.help-block = t(".manager_server_hint", :link => link_to_proposal(:dns)) diff --git a/crowbar_framework/config/locales/suse_manager_client/en.yml b/crowbar_framework/config/locales/suse_manager_client/en.yml index 7eb2ad48e7..02ce9592c0 100644 --- a/crowbar_framework/config/locales/suse_manager_client/en.yml +++ b/crowbar_framework/config/locales/suse_manager_client/en.yml @@ -20,7 +20,6 @@ en: edit_attributes: manager_server: 'SUSE Manager server hostname' manager_server_hint: 'For example susemgr.example.com. You can set a record within the %{link}.' - activation_key: 'Activation Key' activation_key_hint: 'For example 1-00112233445566778899aabbccddeeff' manual_steps: | From cb1e8a6079444a1a84c072f25c279c7d186ba8e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= Date: Thu, 23 Jun 2016 21:03:23 +0200 Subject: [PATCH 4/6] call update-ca-certificates to update with installed certificates (cherry picked from commit 661ceade28f2011a810a2c9a5b95cae0c7711c5e) (cherry picked from commit 7a6a000c4043cb9db6637b2f043956b3e9a3ffa0) --- chef/cookbooks/suse-manager-client/recipes/default.rb | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/chef/cookbooks/suse-manager-client/recipes/default.rb b/chef/cookbooks/suse-manager-client/recipes/default.rb index e0da582992..d130a36100 100644 --- a/chef/cookbooks/suse-manager-client/recipes/default.rb +++ b/chef/cookbooks/suse-manager-client/recipes/default.rb @@ -29,12 +29,8 @@ package(temp_pkg) -org_cert = "/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT" -bash "install SSL certificate" do - code <<-EOH - cp #{org_cert} \ - /etc/ssl/certs/`openssl x509 -noout -hash -in #{org_cert}`.0 - EOH +execute "update-ca-certificates" do + command "update-ca-certificates" end bootstap_script = "bootstrap-sles12.#{node[:platform_version].split(".").last}" From 1931de6384b1dff2e6e00bee99adac267e6d8223 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ji=C5=99=C3=AD=20Suchomel?= Date: Thu, 23 Jun 2016 21:13:20 +0200 Subject: [PATCH 5/6] Only information needed for activation is path to bootstrap script. We do not even need address of SUSE Manager server. The script could really have any name, so it is not safe to guess it based on the server address. (cherry picked from commit 91273fdc77ba10c9583b797d3d31fe9d24573259) (cherry picked from commit d6883bedd9191b4cf38b9c3abb4811f6d630e5b4) --- .../suse-manager-client/recipes/default.rb | 6 +++--- .../100_only_bootstrap_script_url.rb | 13 +++++++++++++ .../100_remove_activation_key.rb | 9 --------- .../crowbar/template-suse_manager_client.json | 2 +- .../crowbar/template-suse_manager_client.schema | 2 +- .../suse_manager_client/_edit_attributes.html.haml | 4 ++-- .../config/locales/suse_manager_client/en.yml | 9 ++++++--- 7 files changed, 26 insertions(+), 19 deletions(-) create mode 100644 chef/data_bags/crowbar/migrate/suse_manager_client/100_only_bootstrap_script_url.rb delete mode 100644 chef/data_bags/crowbar/migrate/suse_manager_client/100_remove_activation_key.rb diff --git a/chef/cookbooks/suse-manager-client/recipes/default.rb b/chef/cookbooks/suse-manager-client/recipes/default.rb index d130a36100..5bbdd8e6e8 100644 --- a/chef/cookbooks/suse-manager-client/recipes/default.rb +++ b/chef/cookbooks/suse-manager-client/recipes/default.rb @@ -19,7 +19,8 @@ return if node[:crowbar_wall][:suse_manager_client_registered] || false -manager_server = node[:suse_manager_client][:manager_server] +bootstrap_script_url = node[:suse_manager_client][:bootstrap_script_url] + temp_pkg = Mixlib::ShellOut.new("mktemp /tmp/ssl-cert-XXXX.rpm").run_command.stdout.strip @@ -33,9 +34,8 @@ command "update-ca-certificates" end -bootstap_script = "bootstrap-sles12.#{node[:platform_version].split(".").last}" execute "bootstrap SUMA client" do - command "curl https://#{manager_server}/pub/bootstrap/#{bootstap_script}.sh | sh" + command "curl #{bootstrap_script_url} | sh" end node.set[:crowbar_wall][:suse_manager_client_registered] = true diff --git a/chef/data_bags/crowbar/migrate/suse_manager_client/100_only_bootstrap_script_url.rb b/chef/data_bags/crowbar/migrate/suse_manager_client/100_only_bootstrap_script_url.rb new file mode 100644 index 0000000000..37c13e3446 --- /dev/null +++ b/chef/data_bags/crowbar/migrate/suse_manager_client/100_only_bootstrap_script_url.rb @@ -0,0 +1,13 @@ +def upgrade(ta, td, a, d) + a["bootstrap_script_url"] = ta["bootstrap_script_url"] + a.delete("activation_key") + a.delete("manager_server") + return a, d +end + +def downgrade(ta, td, a, d) + a["activation_key"] = ta["activation_key"] + a["manager_server"] = ta["manager_server"] + a.delete("bootstrap_script_url") + return a, d +end diff --git a/chef/data_bags/crowbar/migrate/suse_manager_client/100_remove_activation_key.rb b/chef/data_bags/crowbar/migrate/suse_manager_client/100_remove_activation_key.rb deleted file mode 100644 index 55524d6017..0000000000 --- a/chef/data_bags/crowbar/migrate/suse_manager_client/100_remove_activation_key.rb +++ /dev/null @@ -1,9 +0,0 @@ -def upgrade(ta, td, a, d) - a.delete("activation_key") - return a, d -end - -def downgrade(ta, td, a, d) - a["activation_key"] = ta["activation_key"] - return a, d -end diff --git a/chef/data_bags/crowbar/template-suse_manager_client.json b/chef/data_bags/crowbar/template-suse_manager_client.json index a9a41c0d2d..05ba16ec67 100644 --- a/chef/data_bags/crowbar/template-suse_manager_client.json +++ b/chef/data_bags/crowbar/template-suse_manager_client.json @@ -3,7 +3,7 @@ "description": "Register systems as SUSE Manager clients", "attributes": { "suse_manager_client": { - "manager_server": "" + "bootstrap_script_url": "" } }, "deployment": { diff --git a/chef/data_bags/crowbar/template-suse_manager_client.schema b/chef/data_bags/crowbar/template-suse_manager_client.schema index 5798e713cc..b5bbf4abc4 100644 --- a/chef/data_bags/crowbar/template-suse_manager_client.schema +++ b/chef/data_bags/crowbar/template-suse_manager_client.schema @@ -12,7 +12,7 @@ "type": "map", "required": true, "mapping": { - "manager_server": { "type": "str", "required": true } + "bootstrap_script_url": { "type": "str", "required": true } } } } diff --git a/crowbar_framework/app/views/barclamp/suse_manager_client/_edit_attributes.html.haml b/crowbar_framework/app/views/barclamp/suse_manager_client/_edit_attributes.html.haml index d9cf421d9a..2f0c407263 100644 --- a/crowbar_framework/app/views/barclamp/suse_manager_client/_edit_attributes.html.haml +++ b/crowbar_framework/app/views/barclamp/suse_manager_client/_edit_attributes.html.haml @@ -6,6 +6,6 @@ %span.help-block.alert.alert-info = t(".manual_steps", manager_url: suse_manager_client_url, rpm_path: suse_manager_client_rpm, install_command: suse_manager_client_install).html_safe - = string_field :manager_server + = string_field :bootstrap_script_url %span.help-block - = t(".manager_server_hint", :link => link_to_proposal(:dns)) + = t('.bootstrap_script_url_hint') diff --git a/crowbar_framework/config/locales/suse_manager_client/en.yml b/crowbar_framework/config/locales/suse_manager_client/en.yml index 02ce9592c0..fe5da98a90 100644 --- a/crowbar_framework/config/locales/suse_manager_client/en.yml +++ b/crowbar_framework/config/locales/suse_manager_client/en.yml @@ -18,9 +18,12 @@ en: barclamp: suse_manager_client: edit_attributes: - manager_server: 'SUSE Manager server hostname' - manager_server_hint: 'For example susemgr.example.com. You can set a record within the %{link}.' - activation_key_hint: 'For example 1-00112233445566778899aabbccddeeff' + bootstrap_script_url: 'URL of the bootstrap script' + bootstrap_script_url_hint: | + This is the script the administrator of the SUSE Manager server has + prepared to be used for activation of the clients. It is likely located under + /pub/bootstrap directory on the server. + For example https://susemgr.example.com/pub/bootstrap/bootstrap-sles12sp1.sh. manual_steps: | Manual steps are required in order to use this barclamp. After From 549d334aabda485e7cac3a876a592b7611e64ada Mon Sep 17 00:00:00 2001 From: Itxaka Date: Tue, 16 Aug 2016 12:37:06 +0200 Subject: [PATCH 6/6] Sync migration revision with cloud6 (cherry picked from commit 70967ea6d7baf2fa75a346fef5d3aa5493db2b05) --- ...bootstrap_script_url.rb => 001_only_bootstrap_script_url.rb} | 0 chef/data_bags/crowbar/template-suse_manager_client.json | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename chef/data_bags/crowbar/migrate/suse_manager_client/{100_only_bootstrap_script_url.rb => 001_only_bootstrap_script_url.rb} (100%) diff --git a/chef/data_bags/crowbar/migrate/suse_manager_client/100_only_bootstrap_script_url.rb b/chef/data_bags/crowbar/migrate/suse_manager_client/001_only_bootstrap_script_url.rb similarity index 100% rename from chef/data_bags/crowbar/migrate/suse_manager_client/100_only_bootstrap_script_url.rb rename to chef/data_bags/crowbar/migrate/suse_manager_client/001_only_bootstrap_script_url.rb diff --git a/chef/data_bags/crowbar/template-suse_manager_client.json b/chef/data_bags/crowbar/template-suse_manager_client.json index 05ba16ec67..5c787032de 100644 --- a/chef/data_bags/crowbar/template-suse_manager_client.json +++ b/chef/data_bags/crowbar/template-suse_manager_client.json @@ -9,7 +9,7 @@ "deployment": { "suse_manager_client": { "crowbar-revision": 0, - "schema-revision": 100, + "schema-revision": 1, "crowbar-applied": false, "element_states": { "suse-manager-client": [ "readying", "ready", "applying" ]