Ansible equivalent to auto-attach

swefredde · September 15, 2020, 1:49pm

Problem:
Using ansible module redhat_subscription on real Satellite 6 (hope to get better answer in this forum than on Red Hat support)

Expected outcome:
A way to “click the GUI ‘Run auto-attach’”-button from ansible
Foreman and Proxy versions:
Satellite 6.7
Foreman and Proxy plugin versions:
N/A
Distribution and version:
N/A
Other relevant data:

Sorry for breaking all possible written and non-written rules asking questions on a Red Hat subscribed product here but I want to get some deeper understanding on how to subscribe a client to an hypervisor-based subscription with correct virt-who setup (hypervisor has valid subscription) with the ansible module redhat_subscription using --org=Org andn --activationkey=AK.

The playbook run fails on the redhat_subscription module since there are no valid subscriptions for the Red Hat channels. You can not make the host subscribed from the command line either. Have tried the “subscription-manager register --org=Org --activationkey=AK” followed by “subscription-manager attach --auto” which according to red hat documentation should work. It doesn’t for me. The host has an invalid (temporary) subscription until I click the “Run auto-attach” link under Hosts -> Content Hosts -> -> Subscriptions -> “Run auto-attach”.

I understand that your highest priorities is not working with subscription problems in an open source product but some of you who reads this might have experience on the Red Hat satellite 6 I figure and can point me in the right direction. I also noticed that there was references to “foreman”-ansible modules handled by the foreman project. Any help would be appreciated.

Great work guys. I run foreman at home and Satellite 6 at work.
Regards
/Fredrik

areyus · September 16, 2020, 7:31am

Hi and welcome to the forum

First off: People here are usually totally fine if you post your Satellite problems here, as long as you are aware that this is an open-source project and behave accordingly Questions about the usage of RedHat subscriptions are also absolutly fine, these features are a part of Katello too, after all.

Now for your problem: I do not know about that ansible module, since we do not use ansible for that purpose, but could you elaborate what you mean by “Invalid temporary subscription”?
The workflow for subscribing virtual RedHat systems is usually the following:

subscription-manager register --org XY --activationkey=ZY
subscription-manager attach --auto (if auto-attach is not set on one of your activation keys)
The host gets a temporary subscription that allows for usage of RedHat repos for about 24 hours
The next time virt-who reports to Satellite/Katello, the temporary subscription is automatically replaced with a hypervisor-based one and everything should be good

Could you post any error messages you get when:

Running “subscription-manager attach --auto”
The output of “subscription-manager status” in the broken state

Regards

remix_tj · September 16, 2020, 10:35am

Hello,

that’s what we run against our foreman instance:

- name: register vm
  redhat_subscription:
    auto_attach: yes
    org_id: ORGNAME
    activationkey: "rh7_prod_key"
    force_register: yes # to unregister and then register back again

If your activation key has no subscription specified, this will connect to the first available sub. If is a virtual vm you’ll get a 24h temporary license if not already mapped to an host by virt-who.

Seems like you’re missing some mapping host to guests: is virt-who running as service?

swefredde · September 16, 2020, 11:50am

Hi,

Thanks for clearifying then I don’t need to feel that guilty for asking about Satellite 6.

Before we switched to hypervisor based subscriptions in our vmware setup the playbook worked with the same configuration as remix_tj suggests but we didn’t use the “force_register: yes” part.

Now we have a few different vmware clusters and all of the hypervisors in every cluster have valid subscriptions to Red Hat (Red Hat Enterprise Linux with Smart Virtualization and Management, Premium (2-sockets)).
There is a green check mark in Satellite 6 GUI for all hypervisors. Virt-who is set up according to Red Hat documentation.

The playbook that worked for “fixed” subscriptions now fails with error something like “Not valid subscription for all installed products”.

Today we manually registered five servers all following the same steps as below:

rpm -Uvh https:///pub/katello-ca-consumer-latest.noarch.rpm
subscription-manager register --org="<Customer Org" --activationkey=“AK-RHEL8”
subscription-manager attach --auto

** (Possibly related error message pasted below)

Now when running “subscription-manager status” we get:
[root@rhel8_clientname ~]# subscription-manager status
±------------------------------------------+
System Status Details
±------------------------------------------+
Overall Status: Insufficient

Red Hat Enterprise Linux with Smart Virtualization and Management, Premium (2-sockets):

Guest has not been reported on any host and is using a temporary unmapped guest subscription. For more information, please see
https://access.redhat.com/solutions/1592573

System Purpose Status: Not Specified

At Satellite 6 server: “systemctl restart virt-who”
Back at client: subscription-manager attach --auto

[root@rhel8_clientname ~]# subscription-manager status
±------------------------------------------+
System Status Details
±------------------------------------------+
Overall Status: Current

System Purpose Status: Not Specified

Now client is registered and got a green check box in Satellite 6 GUI. After step 3) it has orange exclamation mark saying something like “Invalid”

Question is. How can I do these steps from ansible or can someone help me figure out if there is some misconfiguration on my part. The Activation key for example. What subscriptions should I add to that? Not the “Red Hat Enterprise Linux with Smart Virtualization and Management, Premium (2-sockets) 45 of 87” since that is for hypervisors. There is also the option to add one of several similar subscriptions saying something like “Red Hat Enterprise Linux with Smart Virtualization and Management, Premium (2-sockets) 2 of Unlimited” but that must be one per hypervisor I guess and I don’t know what hypervisor my host will end up on when running my vmware_guest module agains the vCenter API.

** There is also a strange error message when trying the first “subscription-manager attach --auto” in step 3) above. Don’t remember if it came at all five servers but at least at more than one:

ERROR:dbus.proxies:Introspect error on :1.302:/EntitlementStatus: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken

Could this indicate that there are some firewall or SElinux related issues to consider or how do I configure the message bus security policy?
(I can add that the redhat_subscription module in the playbook was before some security patches applied later in the playbook but for these five servers we commented out the satellite registration to do it manually after the playbook was run. So it’s possible that the security tasks in the playbook (not written by me, just included) tweaks something with message bus config. Then the dbus policy will be tweaked after the registration once I get the registration done as planned.)

As before, grateful for any help.

Regards,
/Fredrik