Problem:
Provisioning a Rocky 9 host using default templates.
Everything appears correct, templates get generated as they always have but the redhat_register snippet appears to get skipped over in the finish steps and are never run.
They get generated, and i can see that they’re there in the template, they just aren’t run.
Only thing i can think of is that this happens due to some change with reading lines that are indented?
Expected outcome:
Host gets provisioned, gets repo’s properly added to host.
Foreman and Proxy versions:
Foreman 3.5.1
Katello 4.7.2
Foreman and Proxy plugin versions:
Foreman 3.5.1
Katello 4.7.2
Distribution and version:
Rocky 8
Other relevant data:
screenshot of the part where it should be running subscription manager
It’s “normal” to get those ssl errors as the external rockylinux basos is always tried as part of the default install, but after that it should install subscription-manager (if not installed) and then the katello_consumer package and register the client - this part never gets triggered even if present in the finish template generated:
The entire indented section for subscription-manager appears to not run at all
# interface
real=`grep -l 00:50:56:89:2d:64 /sys/class/net/*/{bonding_slave/perm_hwaddr,address} 2>/dev/null | awk -F '/' '// {print $5}' | head -1`
sanitized_real=`echo $real | sed s/:/_/`
cat << EOF-b6b17c26 > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
BOOTPROTO="none"
IPADDR="10.10.10.34"
NETMASK="255.255.255.0"
GATEWAY="10.10.10.254"
DOMAIN="example.com"
DEVICE=$real
HWADDR="00:50:56:89:2d:64"
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
DEFROUTE=yes
DNS1="10.10.10.11"
DNS2="10.10.10.12"
MTU=1500
EOF-b6b17c26
systemctl restart NetworkManager
echo "Updating system time"
systemctl enable --now chronyd
/usr/bin/chronyc -a makestep
/usr/sbin/hwclock --systohc
echo "##############################################################"
echo "################# SUBSCRIPTION MANAGER #######################"
echo "##############################################################"
echo
echo "Starting the subscription-manager registration process"
# Avoid timeout accessing unreachable repo on air gapped infrastructure,
# assuming subscription-manager is installed in custom packages section.
if ! rpm --query --quiet subscription-manager ; then
if [ -f /usr/bin/dnf ]; then
dnf -y install subscription-manager
else
yum -t -y install subscription-manager
fi
fi
rpm -Uvh http://foreman.example.com/pub/katello-ca-consumer-latest.noarch.rpm
subscription-manager register --name="birkir-test.example.com" --org='org' --activationkey='Rocky 9'
for subman_config_file in /etc/yum/pluginconf.d/subscription-manager.conf /etc/dnf/plugins/subscription-manager.conf; do
if [ -f $subman_config_file ]; then
egrep -q "^disable_system_repos=" $subman_config_file
if [ "$?" -eq 0 ]; then
sed s/^disable_system_repos=.*/disable_system_repos=1/ $subman_config_file >"${subman_config_file}.new"
mv -f "${subman_config_file}.new" $subman_config_file
else
echo "disable_system_repos=1" >>$subman_config_file
fi
fi
done
if [ -f /usr/bin/dnf ]; then
PACKAGE_MAN="dnf -y"
else
PACKAGE_MAN="yum -t -y"
fi
$PACKAGE_MAN install katello-host-tools
# update all the base packages from the updates repository
if [ -f /usr/bin/dnf ]; then
dnf -y update
else
yum -t -y update
fi
user_exists=false
getent passwd svc-ansible-mgmt >/dev/null 2>&1 && user_exists=true
if $user_exists; then
mkdir -p ~svc-ansible-mgmt/.ssh
cat << EOF >> ~svc-ansible-mgmt/.ssh/authorized_keys
ssh-rsa RSA_PUB_KEY_SHOULD_BE_HERE root@foreman.example.com
EOF
chmod 0700 ~svc-ansible-mgmt/.ssh
chmod 0600 ~svc-ansible-mgmt/.ssh/authorized_keys
chown -R svc-ansible-mgmt: ~svc-ansible-mgmt/.ssh
# Restore SELinux context with restorecon, if it's available:
command -v restorecon && restorecon -RvF ~svc-ansible-mgmt/.ssh || true
echo "svc-ansible-mgmt ALL = (root) NOPASSWD : ALL
Defaults:svc-ansible-mgmt !requiretty" > /etc/sudoers.d/svc-ansible-mgmt
else
echo 'The remote_execution_ssh_user does not exist and remote_execution_create_user is not set to true. remote_execution_ssh_keys snippet will not install keys'
fi
if [ -f /usr/bin/dnf ]; then
dnf -y install puppet-agent
else
yum -t -y install puppet-agent
fi
cat > /etc/puppetlabs/puppet/puppet.conf << EOF
[main]
[agent]
pluginsync = true
report = true
ca_server = foreman.example.com
certname = birkir-test.example.com
server = foreman.example.com
environment = production
EOF
puppet_unit=puppet
/usr/bin/systemctl list-unit-files | grep -q puppetagent && puppet_unit=puppetagent
/usr/bin/systemctl enable ${puppet_unit}
# export a custom fact called 'is_installer' to allow detection of the installer environment in Puppet modules
export FACTER_is_installer=true
# passing a non-existent tag like "no_such_tag" to the puppet agent only initializes the node
# You can select specific tag(s) with the "run-puppet-in-installer-tags" parameter
# or set a full puppet run by setting "run-puppet-in-installer" = true
echo "Performing initial puppet run for --tags no_such_tag"
/opt/puppetlabs/bin/puppet agent --config /etc/puppetlabs/puppet/puppet.conf --onetime --tags no_such_tag --server foreman.example.com --no-daemonize
sync
exit 0