Satellite 6 system subscription script

Latest response

Wow, how's that for alliteration in a discussion title?

We've recently started migrating from our old RHN proxy to Satellite 6, and since we ran into a few less-than-obvious things while updating, I figured I'd post this (horribly messy) script in the hope that it helps someone else.

We had to get product certificates from RedHat for most of our systems, since our kickstart never loaded them. (We jumped past ever using subscription-manager to redhat and went straight from RHN to satellite.) I uploaded these to the same web server this script is hosted on, so it can fetch them automatically.

The directory structure looks like this:

satellite/product_certs/5.11/i686/69.pem
satellite/product_certs/5.11/x86_64/69.pem
...
satellite/product_certs/6.6/x86_64/69.pem

I haven't taken the time to clean up the script since it's mostly been added to and modified on the fly as we run into new issues, but I figure a little dirty laundry is something we're all familiar with. :)

#!/bin/bash

info () {
    printf '\e[1;33m[i] %s\e[0m\n' "$1"
}

release=$( /bin/rpm --queryformat='%{RELEASE}' -q --whatprovides /etc/redhat-release 2>/dev/null )
version=$( echo $release | cut -b1 )
revision=$( echo $release | cut -d. -f2 )
arch=`arch`

if [[ "$version" -eq 5 && "$revision" -lt 7 ]]; then
    info "Satellite is unsupported prior to RHEL 5.7, first update manually."
    echo
    info "Removing RHN proxy configuration for chaos.tr"
    echo "    Updates will now be installed from Redhat's servers."
    echo
    # point back to redhat if necessary first, so we can definitely install prereqs
    if grep -qE '^serverURL=.*oldproxy.example.com' /etc/sysconfig/rhn/up2date; then
        backupfile=/etc/sysconfig/rhn/up2date.`date +%Y%m%d`
        up2date=/etc/sysconfig/rhn/up2date
        cp $up2date $backupfile
        perl -pi -e 's/^(serverURL=|sslCACert=)/#$1/' < $backupfile > $up2date
        echo 'serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC' >> $up2date
        echo 'sslCACert=/usr/share/rhn/RHNS-CA-CERT' >> $up2date
    fi
    exit 1
fi

# Remove bits and pieces necessary for reinstall to work
if [[ $( rpm -qa katello-ca-consumer-satellite.example.com|wc -l ) -gt 0 ]]; then
    info "Looks like this server is already configured partially."
    echo -n "Attempt to redo setup? [Y/N, default N]: "
    read redo
    redo="$( echo "$redo" | tr '[a-z]' '[A-Z]' )"
    if [[ "$redo" == "Y" ]]; then
        info "Unregistering system"
        subscription-manager unregister
        subscription-manager clean
        info "Reverting /etc/rhsm/rhsm.conf"
        mv -vf /etc/rhsm/rhsm.conf.kat-backup /etc/rhsm/rhsm.conf
        rpm -e katello-ca-consumer-satellite.example.com
    fi
fi

# make sure RHEL product cert is installed; attempt to fetch it if not
if [[ ! -s "/etc/pki/product/69.pem" ]]; then
    info "No product certificate found; attempting to install automatically"
    mkdir /etc/pki/product 2>/dev/null
    if wget -O /etc/pki/product/69.pem http://www.example.com/satellite/product_certs/${version}.${revision}/$arch/69.pem; then
        info "Successfully installed product cert in /etc/pki/product/69.pem"
    else
        info "Product cert could not be installed automatically."
        echo "    Will need to add valid product cert to /etc/pki/product before continuing."
        info "Installation failed."
        exit 1
    fi
fi


if ! curl -ks https://satellite.example.com/ >/dev/null; then
    info "Can't reach satellite server"
    echo "   Be sure this subnet is allowed in satellite's iptables rules";
    echo "   Best guess for network: " $( ip route |head -1|awk '{ print $1 }' )
    exit 1
fi

# point back to redhat if necessary first, so we can definitely install prereqs
if grep -qE '^serverURL=.*oldproxy.example.com' /etc/sysconfig/rhn/up2date; then
    backupfile=/etc/sysconfig/rhn/up2date.`date +%Y%m%d`
    up2date=/etc/sysconfig/rhn/up2date
    cp $up2date $backupfile
    perl -pi -e 's/^(serverURL=|sslCACert=)/#$1/' < $backupfile > $up2date
    echo 'serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC' >> $up2date
    echo 'sslCACert=/usr/share/rhn/RHNS-CA-CERT' >> $up2date
fi


if [[ -e "/usr/sbin/subscription-manager" ]]; then
    server_hostname="$( /usr/sbin/subscription-manager config |grep '   hostname'|awk '{ print $NF }' )"
    if [[ "$server_hostname" == "satellite.example.com" ]]; then
        info "System is already registered to receive updates from $server_hostname"
        exit 0
    fi
else
    info "subscription-manager not found, attempting to install"
    yum install -y subscription-manager
fi

if [[ ! -e "/usr/sbin/subscription-manager" ]]; then
    info "subscription-manager failed to install, manual intervention required."
    exit 1
fi

echo -n "Which environment does this system belong to? [QUAL, PROD, or TEST, default PROD]: "
read environment
environment=$( echo "$environment" | tr '[a-z]' '[A-Z]' )
case "$environment" in
TEST)
;;
QUAL)
;;
PROD)
;;
*)
    environment=PROD
;;
esac

info "Environment set to $environment"

echo -n "Install system updates after registration? [Y/N, default N]: "
read doupdates
doupdates="$( echo "$doupdates" | tr '[a-z]' '[A-Z]' )"
if [[ "$doupdates" != "Y" ]]; then
    doupdates="N"
    info "No updates will be installed after registration."
else
    info "Updates will be installed after registration is complete."
fi

info "Unregistering existing subscriptions"
subscription-manager unregister
[[ -e /etc/sysconfig/rhn/systemid ]] \
    && mv -iv /etc/sysconfig/rhn/systemid /etc/sysconfig/rhn/systemid-`date +%Y%m%d`

[[ -e "/etc/yum/pluginconf.d/rhnplugin.conf" ]] \
    && sed -i 's/enabled.*/enabled = 0/' /etc/yum/pluginconf.d/rhnplugin.conf

info "Installing satellite subscription prerequisites"
sed -i 's/enabled=1/enabled=1\nexclude=katello-agent PyPAM gofer gofer-package python-gofer python-qpid python-saslwrapper saslwrapper/' /etc/yum.repos.d/epel.repo
yum install subscription-manager
yum update -y yum

rpm -i http://satellite.example.com/pub/katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm
yum clean all

info "Registering system in satellite"
subscription-manager register --org=ExampleOrg --activationkey=RHEL$version-$environment #--baseurl=https://satellite.example.com/pulp/repos
info "Updating subscription-manager to latest release"
yum update -y subscription-manager
info "Enabling additional repos"
subscription-manager repos --enable=rhel-${version}-server-rh-common-rpms

info "Updating yum repo cache"
rm -rfv /var/cache/yum/*
yum clean all
yum repolist

info "Enabling ntpd"
yum install -y ntp
chkconfig ntpd on && service ntpd start

info "Installing satellite agent"
yum install -y katello-agent

if [[ "$doupdates" == "Y" ]]; then
    info "Installing system updates"
    yum update -y
fi

info "Done"
TM

Responses