Add activationkey support for RHEL subscription

Signed-off-by: CS Zhang <zhangcho@us.ibm.com>
ocp-power-automation · Jan 28, 2021 · 59d11d3 · 59d11d3
1 parent 1025a2a
commit 59d11d3
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 13 deletions.
diff --git a/docs/var.tfvars-doc.md b/docs/var.tfvars-doc.md
@@ -70,15 +70,19 @@ Please note that only OpenSSH formatted keys are supported. Refer to the followi
 
 Create the SSH key-pair and keep it under the `data` directory
 
-These set of variables specify the RHEL subscription details.
+These set of variables specify the RHEL subscription details, RHEL subscription supports two methods: one is using username and password, the other is using activation key.
 This is sensitive data, and if you don't want to save it on disk, use environment variables `RHEL_SUBS_USERNAME` and `RHEL_SUBS_PASSWORD` and 
 pass them to `terraform apply` command as shown in the [Quickstart guide](./quickstart.md#setup-terraform-variables).
 
 ```
 rhel_subscription_username  = "user@test.com"
 rhel_subscription_password  = "mypassword"
 ```
-
+Or define following variables to use activation key for RHEL subscription:
+```
+rhel_subscription_org = "org-id"
+rhel_subscription_activationkey = "activation-key"
+```
 ### OpenShift Installation Details
 
 These variables specify the URL for the OpenShift installer and client binaries.

diff --git a/modules/1_bastion/bastion.tf b/modules/1_bastion/bastion.tf
@@ -161,7 +161,7 @@ resource "null_resource" "bastion_register" {
         connection_timeout = var.connection_timeout
     }
     depends_on  = [null_resource.bastion_init, null_resource.setup_proxy_info]
-    count       = var.rhel_subscription_username != "" ? 1 : 0
+    count       = ( var.rhel_subscription_username == "" || var.rhel_subscription_username  == "<subscription-id>" ) && var.rhel_subscription_org == "" ? 0 : 1
     connection {
         type        = "ssh"
         user        = self.triggers.rhel_username
@@ -172,14 +172,23 @@ resource "null_resource" "bastion_register" {
         bastion_host = self.triggers.jump_host
     }
     provisioner "remote-exec" {
-        inline = [
-            # FIX for existing stale repos
-            "echo 'Moving all file from /etc/yum.repos.d/ to /etc/yum.repos.d.bak/'",
-            "mkdir /etc/yum.repos.d.bak/ && mv /etc/yum.repos.d/* /etc/yum.repos.d.bak/",
-            "sudo subscription-manager clean",
-            "sudo subscription-manager register --username=${var.rhel_subscription_username} --password=${var.rhel_subscription_password} --force",
-            "sudo subscription-manager refresh",
-            "sudo subscription-manager attach --auto"
+        inline = [<<EOF
+
+# FIX for existing stale repos
+echo 'Moving all file from /etc/yum.repos.d/ to /etc/yum.repos.d.bak/'
+mkdir /etc/yum.repos.d.bak/ && mv /etc/yum.repos.d/* /etc/yum.repos.d.bak/
+# Give some more time to subscription-manager
+sudo subscription-manager config --server.server_timeout=600
+sudo subscription-manager clean
+if [[ '${var.rhel_subscription_org}' == '' ]]; then 
+    sudo subscription-manager register --username='${var.rhel_subscription_username}' --password='${var.rhel_subscription_password}' --force
+else
+    sudo subscription-manager register --org='${var.rhel_subscription_org}' --activationkey='${var.rhel_subscription_activationkey}' --force
+fi
+sudo subscription-manager refresh
+sudo subscription-manager attach --auto
+
+EOF
         ]
     }
     # Delete Terraform files as contains sensitive data

diff --git a/modules/1_bastion/variables.tf b/modules/1_bastion/variables.tf
@@ -46,6 +46,8 @@ variable "jump_host" {}
 
 variable "rhel_subscription_username" {}
 variable "rhel_subscription_password" {}
+variable "rhel_subscription_org" {}
+variable "rhel_subscription_activationkey" {}
 
 variable "storage_type" {}
 variable "volume_size" {}

diff --git a/ocp.tf b/ocp.tf
@@ -57,6 +57,8 @@ module "bastion" {
     jump_host                       = var.jump_host
     rhel_subscription_username      = var.rhel_subscription_username
     rhel_subscription_password      = var.rhel_subscription_password
+    rhel_subscription_org           = var.rhel_subscription_org
+    rhel_subscription_activationkey = var.rhel_subscription_activationkey
     storage_type                    = var.storage_type
     volume_size                     = var.volume_size
     volume_storage_template         = var.volume_storage_template

diff --git a/var.tfvars b/var.tfvars
@@ -20,8 +20,10 @@ worker                      = {instance_type    = "<worker-compute-template>",
 rhel_username               = "root"
 public_key_file             = "data/id_rsa.pub"
 private_key_file            = "data/id_rsa"
-rhel_subscription_username  = "<subscription-id>"
-rhel_subscription_password  = "<subscription-password>"
+rhel_subscription_username  = "<subscription-id>"          #Leave this as-is if using CentOS as bastion image
+rhel_subscription_password  = "<subscription-password>"    #Leave this as-is if using CentOS as bastion image
+rhel_subscription_org           = ""                       # Define it only when using activationkey for RHEL subscription
+rhel_subscription_activationkey = ""                       # Define it only when using activationkey for RHEL subscription
 
 connection_timeout          = 45
 jump_host                   = ""

diff --git a/variables.tf b/variables.tf
@@ -155,6 +155,13 @@ variable "rhel_subscription_password" {
     default = ""
 }
 
+variable "rhel_subscription_org" {
+    default = ""
+}
+
+variable "rhel_subscription_activationkey" {
+    default = ""
+}
 variable "rhcos_kernel_options" {
     description = "List of kernel arguments for the cluster nodes"
     default     = []