Satellite 6 system subscription script
Wow, how's that for alliteration in a discussion title?
We've recently started migrating from our old RHN proxy to Satellite 6, and since we ran into a few less-than-obvious things while updating, I figured I'd post this (horribly messy) script in the hope that it helps someone else.
We had to get product certificates from RedHat for most of our systems, since our kickstart never loaded them. (We jumped past ever using subscription-manager to redhat and went straight from RHN to satellite.) I uploaded these to the same web server this script is hosted on, so it can fetch them automatically.
The directory structure looks like this:
satellite/product_certs/5.11/i686/69.pem satellite/product_certs/5.11/x86_64/69.pem ... satellite/product_certs/6.6/x86_64/69.pem
I haven't taken the time to clean up the script since it's mostly been added to and modified on the fly as we run into new issues, but I figure a little dirty laundry is something we're all familiar with. :)
#!/bin/bash info () { printf '\e[1;33m[i] %s\e[0m\n' "$1" } release=$( /bin/rpm --queryformat='%{RELEASE}' -q --whatprovides /etc/redhat-release 2>/dev/null ) version=$( echo $release | cut -b1 ) revision=$( echo $release | cut -d. -f2 ) arch=`arch` if [[ "$version" -eq 5 && "$revision" -lt 7 ]]; then info "Satellite is unsupported prior to RHEL 5.7, first update manually." echo info "Removing RHN proxy configuration for chaos.tr" echo " Updates will now be installed from Redhat's servers." echo # point back to redhat if necessary first, so we can definitely install prereqs if grep -qE '^serverURL=.*oldproxy.example.com' /etc/sysconfig/rhn/up2date; then backupfile=/etc/sysconfig/rhn/up2date.`date +%Y%m%d` up2date=/etc/sysconfig/rhn/up2date cp $up2date $backupfile perl -pi -e 's/^(serverURL=|sslCACert=)/#$1/' $backupfile > $up2date echo 'serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC' >> $up2date echo 'sslCACert=/usr/share/rhn/RHNS-CA-CERT' >> $up2date fi exit 1 fi # Remove bits and pieces necessary for reinstall to work if [[ $( rpm -qa katello-ca-consumer-satellite.example.com|wc -l ) -gt 0 ]]; then info "Looks like this server is already configured partially." echo -n "Attempt to redo setup? [Y/N, default N]: " read redo redo="$( echo "$redo" | tr '[a-z]' '[A-Z]' )" if [[ "$redo" == "Y" ]]; then info "Unregistering system" subscription-manager unregister subscription-manager clean info "Reverting /etc/rhsm/rhsm.conf" mv -vf /etc/rhsm/rhsm.conf.kat-backup /etc/rhsm/rhsm.conf rpm -e katello-ca-consumer-satellite.example.com fi fi # make sure RHEL product cert is installed; attempt to fetch it if not if [[ ! -s "/etc/pki/product/69.pem" ]]; then info "No product certificate found; attempting to install automatically" mkdir /etc/pki/product 2>/dev/null if wget -O /etc/pki/product/69.pem http://www.example.com/satellite/product_certs/${version}.${revision}/$arch/69.pem; then info "Successfully installed product cert in /etc/pki/product/69.pem" else info "Product cert could not be installed automatically." echo " Will need to add valid product cert to /etc/pki/product before continuing." info "Installation failed." exit 1 fi fi if ! curl -ks https://satellite.example.com/ >/dev/null; then info "Can't reach satellite server" echo " Be sure this subnet is allowed in satellite's iptables rules"; echo " Best guess for network: " $( ip route |head -1|awk '{ print $1 }' ) exit 1 fi # point back to redhat if necessary first, so we can definitely install prereqs if grep -qE '^serverURL=.*oldproxy.example.com' /etc/sysconfig/rhn/up2date; then backupfile=/etc/sysconfig/rhn/up2date.`date +%Y%m%d` up2date=/etc/sysconfig/rhn/up2date cp $up2date $backupfile perl -pi -e 's/^(serverURL=|sslCACert=)/#$1/' $backupfile > $up2date echo 'serverURL=https://xmlrpc.rhn.redhat.com/XMLRPC' >> $up2date echo 'sslCACert=/usr/share/rhn/RHNS-CA-CERT' >> $up2date fi if [[ -e "/usr/sbin/subscription-manager" ]]; then server_hostname="$( /usr/sbin/subscription-manager config |grep ' hostname'|awk '{ print $NF }' )" if [[ "$server_hostname" == "satellite.example.com" ]]; then info "System is already registered to receive updates from $server_hostname" exit 0 fi else info "subscription-manager not found, attempting to install" yum install -y subscription-manager fi if [[ ! -e "/usr/sbin/subscription-manager" ]]; then info "subscription-manager failed to install, manual intervention required." exit 1 fi echo -n "Which environment does this system belong to? [QUAL, PROD, or TEST, default PROD]: " read environment environment=$( echo "$environment" | tr '[a-z]' '[A-Z]' ) case "$environment" in TEST) ;; QUAL) ;; PROD) ;; *) environment=PROD ;; esac info "Environment set to $environment" echo -n "Install system updates after registration? [Y/N, default N]: " read doupdates doupdates="$( echo "$doupdates" | tr '[a-z]' '[A-Z]' )" if [[ "$doupdates" != "Y" ]]; then doupdates="N" info "No updates will be installed after registration." else info "Updates will be installed after registration is complete." fi info "Unregistering existing subscriptions" subscription-manager unregister [[ -e /etc/sysconfig/rhn/systemid ]] \ && mv -iv /etc/sysconfig/rhn/systemid /etc/sysconfig/rhn/systemid-`date +%Y%m%d` [[ -e "/etc/yum/pluginconf.d/rhnplugin.conf" ]] \ && sed -i 's/enabled.*/enabled = 0/' /etc/yum/pluginconf.d/rhnplugin.conf info "Installing satellite subscription prerequisites" sed -i 's/enabled=1/enabled=1\nexclude=katello-agent PyPAM gofer gofer-package python-gofer python-qpid python-saslwrapper saslwrapper/' /etc/yum.repos.d/epel.repo yum install subscription-manager yum update -y yum rpm -i http://satellite.example.com/pub/katello-ca-consumer-satellite.example.com-1.0-1.noarch.rpm yum clean all info "Registering system in satellite" subscription-manager register --org=ExampleOrg --activationkey=RHEL$version-$environment #--baseurl=https://satellite.example.com/pulp/repos info "Updating subscription-manager to latest release" yum update -y subscription-manager info "Enabling additional repos" subscription-manager repos --enable=rhel-${version}-server-rh-common-rpms info "Updating yum repo cache" rm -rfv /var/cache/yum/* yum clean all yum repolist info "Enabling ntpd" yum install -y ntp chkconfig ntpd on && service ntpd start info "Installing satellite agent" yum install -y katello-agent if [[ "$doupdates" == "Y" ]]; then info "Installing system updates" yum update -y fi info "Done"
Responses