Satellite 6 system subscription script
Wow, how's that for alliteration in a discussion title?
We've recently started migrating from our old RHN proxy to Satellite 6, and since we ran into a few less-than-obvious things while updating, I figured I'd post this (horribly messy) script in the hope that it helps someone else.
We had to get product certificates from RedHat for most of our systems, since our kickstart never loaded them. (We jumped past ever using subscription-manager to redhat and went straight from RHN to satellite.) I uploaded these to the same web server this script is hosted on, so it can fetch them automatically.
The directory structure looks like this:
satellite/product_certs/5.11/i686/69.pem
satellite/product_certs/5.11/x86_64/69.pem
...
satellite/product_certs/6.6/x86_64/69.pem
I haven't taken the time to clean up the script since it's mostly been added to and modified on the fly as we run into new issues, but I figure a little dirty laundry is something we're all familiar with. :)
#!/bin/bash
info () {
printf '\e[1;33m[i] %s\e[0m\n' "$1"
}
release=$( /bin/rpm --queryformat='%{RELEASE}' -q --whatprovides /etc/redhat-release 2>/dev/null )
version=$( echo $release | cut -b1 )
revision=$( echo $release | cut -d. -f2 )
arch=`arch`
if [[ "$version" -eq 5 && "$revision" -lt 7 ]]; then
info "Satellite is unsupported prior to RHEL 5.7, first update manually."
echo
info "Removing RHN proxy configuration for chaos.tr"
echo " Updates will now be installed from Redhat's servers."
echo
# point back to redhat if necessary first, so we can definitely install prereqs
if grep -qE '^serverURL=.*oldproxy.example.com' /etc/sysconfig/rhn/up2date; then
backupfile=/etc/sysconfig/rhn/up2date.`date +%Y%m%d`
up2date=/etc/sysconfig/rhn/up2date
cp $up2date $backupfile
perl -pi -e 's/^(serverURL=|sslCACert=)/#$1/' < $backupfile > $up2date
echo 'serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC' >> $up2date
echo 'sslCACert=/usr/share/rhn/RHNS-CA-CERT' >> $up2date
fi
exit 1
fi
# Remove bits and pieces necessary for reinstall to work
if [[ $( rpm -qa katello-ca-consumer-satellite.example.com|wc -l ) -gt 0 ]]; then
info "Looks like this server is already configured partially."
echo -n "Attempt to redo setup? [Y/N, default N]: "
read redo
redo="$( echo "$redo" | tr '[a-z]' '[A-Z]' )"
if [[ "$redo" == "Y" ]]; then
info "Unregistering system"
subscription-manager unregister
subscription-manager clean
info "Reverting /etc/rhsm/rhsm.conf"
mv -vf /etc/rhsm/rhsm.conf.kat-backup /etc/rhsm/rhsm.conf
rpm -e katello-ca-consumer-satellite.example.com
fi
fi
# make sure RHEL product cert is installed; attempt to fetch it if not
if [[ ! -s "/etc/pki/product/69.pem" ]]; then
info "No product certificate found; attempting to install automatically"
mkdir /etc/pki/product 2>/dev/null
if wget -O /etc/pki/product/69.pem http://www.example.com/satellite/product_certs/${version}.${revision}/$arch/69.pem; then
info "Successfully installed product cert in /etc/pki/product/69.pem"
else
info "Product cert could not be installed automatically."
echo " Will need to add valid product cert to /etc/pki/product before continuing."
info "Installation failed."
exit 1
fi
fi
if ! curl -ks https://satellite.example.com/ >/dev/null; then
info "Can't reach satellite server"
echo " Be sure this subnet is allowed in satellite's iptables rules";
echo " Best guess for network: " $( ip route |head -1|awk '{ print $1 }' )
exit 1
fi
# point back to redhat if necessary first, so we can definitely install prereqs
if grep -qE '^serverURL=.*oldproxy.example.com' /etc/sysconfig/rhn/up2date; then
backupfile=/etc/sysconfig/rhn/up2date.`date +%Y%m%d`
up2date=/etc/sysconfig/rhn/up2date
cp $up2date $backupfile
perl -pi -e 's/^(serverURL=|sslCACert=)/#$1/' < $backupfile > $up2date
echo 'serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC' >> $up2date
echo 'sslCACert=/usr/share/rhn/RHNS-CA-CERT' >> $up2date
fi
if [[ -e "/usr/sbin/subscription-manager" ]]; then
server_hostname="$( /usr/sbin/subscription-manager config |grep ' hostname'|awk '{ print $NF }' )"
if [[ "$server_hostname" == "satellite.example.com" ]]; then
info "System is already registered to receive updates from $server_hostname"
exit 0
fi
else
info "subscription-manager not found, attempting to install"
yum install -y subscription-manager
fi
if [[ ! -e "/usr/sbin/subscription-manager" ]]; then
info "subscription-manager failed to install, manual intervention required."
exit 1
fi
echo -n "Which environment does this system belong to? [QUAL, PROD, or TEST, default PROD]: "
read environment
environment=$( echo "$environment" | tr '[a-z]' '[A-Z]' )
case "$environment" in
TEST)
;;
QUAL)
;;
PROD)
;;
*)
environment=PROD
;;
esac
info "Environment set to $environment"
echo -n "Install system updates after registration? [Y/N, default N]: "
read doupdates
doupdates="$( echo "$doupdates" | tr '[a-z]' '[A-Z]' )"
if [[ "$doupdates" != "Y" ]]; then
doupdates="N"
info "No updates will be installed after registration."
else
info "Updates will be installed after registration is complete."
fi
info "Unregistering existing subscriptions"
subscription-manager unregister
[[ -e /etc/sysconfig/rhn/systemid ]] \
&& mv -iv /etc/sysconfig/rhn/systemid /etc/sysconfig/rhn/systemid-`date +%Y%m%d`
[[ -e "/etc/yum/pluginconf.d/rhnplugin.conf" ]] \
&& sed -i 's/enabled.*/enabled = 0/' /etc/yum/pluginconf.d/rhnplugin.conf
info "Installing satellite subscription prerequisites"
sed -i 's/enabled=1/enabled=1\nexclude=katello-agent PyPAM gofer gofer-package python-gofer python-qpid python-saslwrapper saslwrapper/' /etc/yum.repos.d/epel.repo
yum install subscription-manager
yum update -y yum
rpm -i http://satellite.example.com/pub/katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm
yum clean all
info "Registering system in satellite"
subscription-manager register --org=ExampleOrg --activationkey=RHEL$version-$environment #--baseurl=https://satellite.example.com/pulp/repos
info "Updating subscription-manager to latest release"
yum update -y subscription-manager
info "Enabling additional repos"
subscription-manager repos --enable=rhel-${version}-server-rh-common-rpms
info "Updating yum repo cache"
rm -rfv /var/cache/yum/*
yum clean all
yum repolist
info "Enabling ntpd"
yum install -y ntp
chkconfig ntpd on && service ntpd start
info "Installing satellite agent"
yum install -y katello-agent
if [[ "$doupdates" == "Y" ]]; then
info "Installing system updates"
yum update -y
fi
info "Done"