From 5202ad6029dd0329d8ae89e238e87fe1067755b2 Mon Sep 17 00:00:00 2001 From: Fayaaz Ahmed Date: Mon, 9 May 2016 18:46:47 +0100 Subject: [PATCH] Updated to also include debian security and clients (12.04 - 16.04 LTS) --- .gitignore | 2 ++ roles/spacewalk-client/tasks/main.yml | 23 +++++++++++++----- .../defaults/main.yml | 22 ++++++++++++++--- .../tasks/debian-sync.yml | 24 +++++++++++++++++-- 4 files changed, 60 insertions(+), 11 deletions(-) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..df5c4e1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.retry +.idea diff --git a/roles/spacewalk-client/tasks/main.yml b/roles/spacewalk-client/tasks/main.yml index 1f3d37a..f0fc714 100755 --- a/roles/spacewalk-client/tasks/main.yml +++ b/roles/spacewalk-client/tasks/main.yml @@ -12,7 +12,9 @@ when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7" - name: Install all packages for client - yum: name={{item}} state=present + yum: + name: "{{item}}" + state: present with_items: - rhn-client-tools - rhn-check @@ -22,16 +24,25 @@ - yum-rhn-plugin when: ansible_distribution == "CentOS" +- name: Install package for Ubuntu + apt: + name: apt-transport-spacewalk + state: present + when: ansible_distribution == "Ubuntu" + - name: Install Spacewalk CA certificate from server yum: - name: http://{{ hostvars['spacewalk']['ansible_ssh_host'] }}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm + name: "http://{{ hostvars['spacewalk']['ansible_ssh_host'] }}/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm" state: present notify: register with spacewalk server + when: ansible_distribution == "CentOS" - name: register with spacewalk server - rhn_register: - state: present - server_url: "http://{{ hostvars['spacewalk']['ansible_ssh_host'] }}/XMLRPC" - activationkey: "1-centos-{{ansible_distribution_major_version}}-epel" + command: rhnreg_ks --serverUrl=http://{{ hostvars['spacewalk']['ansible_ssh_host'] }}/XMLRPC --activationkey=1-centos-{{ansible_distribution_major_version}}-epel when: ansible_distribution == "CentOS" + ignore_errors: true + +- name: register with spacewalk server + command: rhnreg_ks --serverUrl=http://{{ hostvars['spacewalk']['ansible_ssh_host'] }}/XMLRPC --activationkey=1-ubuntu-{{ansible_distribution_version.split('.')|join('')}}-security + when: ansible_distribution == "Ubuntu" ignore_errors: true \ No newline at end of file diff --git a/roles/spacewalk-customisations/defaults/main.yml b/roles/spacewalk-customisations/defaults/main.yml index 946c132..6e5efa3 100755 --- a/roles/spacewalk-customisations/defaults/main.yml +++ b/roles/spacewalk-customisations/defaults/main.yml @@ -23,7 +23,17 @@ spacewalk_repo_info: - {name: 'CentOS_7', label: 'centos-7', repo: 'CentOS_7', repo_url: 'http://mirror.ox.ac.uk/sites/mirror.centos.org/7/os/x86_64/', arch: 'x86_64', checksum: 'sha256'} spacewalk_child_repo_info: - - {name: 'CentOS_7_epel', label: 'centos-7-epel', parent: 'centos-7', repo: 'CentOS_7_epel', activationkey: '1-centos-7-epel', repo_url: 'http://anorien.csc.warwick.ac.uk/mirrors/epel/7/x86_64/', arch: 'x86_64', checksum: 'sha256'} + - { + name: 'CentOS_7_epel', + label: 'centos-7-epel', + parent: 'centos-7', + repo: 'CentOS_7_epel', + activationkey: '1-centos-7-epel', + repo_url: 'http://anorien.csc.warwick.ac.uk/mirrors/epel/7/x86_64/', + arch: 'x86_64', + checksum: + 'sha256' + } - {name: 'CentOS_6_epel', label: 'centos-6-epel', parent: 'centos-6', repo: 'CentOS_6_epel', activationkey: '1-centos-6-epel', repo_url: 'http://anorien.csc.warwick.ac.uk/mirrors/epel/6/x86_64/', arch: 'x86_64', checksum: 'sha256'} - {name: 'CentOS_6_updates', label: 'centos-6-updates', parent: 'centos-6', repo: 'CentOS_6_updates', activationkey: '1-centos-6-epel', repo_url: 'http://mirror.centos.org/centos/6/updates/x86_64/', arch: 'x86_64', checksum: 'sha256'} - {name: 'CentOS_7_updates', label: 'centos-7-updates', parent: 'centos-7', repo: 'CentOS_7_updates', activationkey: '1-centos-7-epel', repo_url: 'http://mirror.centos.org/centos/7/updates/x86_64/', arch: 'x86_64', checksum: 'sha256'} @@ -31,5 +41,11 @@ spacewalk_child_repo_info: - {name: 'CentOS_7_extras', label: 'centos-7-extras', parent: 'centos-7', repo: 'CentOS_7_extras', activationkey: '1-centos-7-epel', repo_url: 'http://mirror.centos.org/centos/7/extras/x86_64/', arch: 'x86_64', checksum: 'sha256'} spacewalk_deb_repo_info: - - {name: 'Ubuntu_Trusty_14_04', label: 'ubuntu-1404', repo: 'Ubuntu1404', repo_url: 'http://de.archive.ubuntu.com/ubuntu/dists/trusty/main/binary-amd64/', arch: 'amd64-deb', checksum: 'sha256'} - - {name: 'Ubuntu_Precise_12_04', label: 'ubuntu-1204', repo: 'Ubuntu1204', repo_url: 'http://de.archive.ubuntu.com/ubuntu/dists/precise/main/binary-amd64/', arch: 'amd64-deb', checksum: 'sha256'} + - {name: 'Ubuntu_Precise_12_04', label: 'ubuntu-1204', repo: 'Ubuntu1204', activationkey: '1-ubuntu-1204', repo_url: 'http://de.archive.ubuntu.com/ubuntu/dists/precise/main/binary-amd64/', arch: 'amd64-deb', checksum: 'sha256'} + - {name: 'Ubuntu_Trusty_14_04', label: 'ubuntu-1404', repo: 'Ubuntu1404', activationkey: '1-ubuntu-1404', repo_url: 'http://de.archive.ubuntu.com/ubuntu/dists/trusty/main/binary-amd64/', arch: 'amd64-deb', checksum: 'sha256'} + - {name: 'Ubuntu_Xenial_16_04', label: 'ubuntu-1604', repo: 'Ubuntu1604', activationkey: '1-ubuntu-1604', repo_url: 'http://de.archive.ubuntu.com/ubuntu/dists/xenial/main/binary-amd64/', arch: 'amd64-deb', checksum: 'sha256'} + +spacewalk_child_deb_repo_info: + - {name: 'Ubuntu_Precise_12_04_security', label: 'ubuntu-1204-security', parent: 'ubuntu-1204', activationkey: '1-ubuntu-1204-security', repo: 'Ubuntu1204_security', repo_url: 'http://de.archive.ubuntu.com/ubuntu/dists/precise-security/main/binary-amd64/', arch: 'amd64-deb', checksum: 'sha256'} + - {name: 'Ubuntu_Trusty_14_04_security', label: 'ubuntu-1404-security', parent: 'ubuntu-1404', activationkey: '1-ubuntu-1404-security', repo: 'Ubuntu1404_security', repo_url: 'http://de.archive.ubuntu.com/ubuntu/dists/trusty-security/main/binary-amd64/', arch: 'amd64-deb', checksum: 'sha256'} + - {name: 'Ubuntu_Xenial_16_04_security', label: 'ubuntu-1604-security', parent: 'ubuntu-1604', activationkey: '1-ubuntu-1604-security', repo: 'Ubuntu1604_security', repo_url: 'http://de.archive.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64/', arch: 'amd64-deb', checksum: 'sha256'} diff --git a/roles/spacewalk-customisations/tasks/debian-sync.yml b/roles/spacewalk-customisations/tasks/debian-sync.yml index 550a602..9cbf7bd 100644 --- a/roles/spacewalk-customisations/tasks/debian-sync.yml +++ b/roles/spacewalk-customisations/tasks/debian-sync.yml @@ -14,14 +14,34 @@ - name: Patch the python debian library lineinfile: dest=/usr/lib/python2.7/site-packages/debian/debfile.py regexp='^PART_EXTS =' line="PART_EXTS = ['gz', 'bz2', 'xz', 'lzma']" -- name: Add base channels +- name: Add deb base channels command: spacecmd --user=admin --password={{spacewalk_admin_password}} -- softwarechannel_create -n {{item.name}} -l {{item.label}} -a {{item.arch}} -c sha512 ignore_errors: true with_items: "{{spacewalk_deb_repo_info}}" +- name: Add deb child channels + command: spacecmd --user=admin --password={{spacewalk_admin_password}} -- softwarechannel_create -n {{item.name}} -p {{item.parent}} -l {{item.label}} -a {{item.arch}} -c sha512 + ignore_errors: true + with_items: "{{spacewalk_child_deb_repo_info}}" + +- name: Add deb activation keys + command: spacecmd --user=admin --password={{spacewalk_admin_password}} -- activationkey_create -n {{item.label}} -b {{item.label}} -d {{item.name}} + ignore_errors: true + with_items: "{{spacewalk_deb_repo_info}}" + +- name: Add activation keys for deb child channels + command: spacecmd --user=admin --password={{spacewalk_admin_password}} -- activationkey_create -n {{item.label}} -b {{item.parent}} -d {{item.name}} + ignore_errors: true + with_items: "{{spacewalk_child_deb_repo_info}}" + +- name: Associate child channels with activationkeys + command: spacecmd --user=admin --password={{spacewalk_admin_password}} -- activationkey_addchildchannels {{item.activationkey}} {{item.label}} + ignore_errors: true + with_items: "{{spacewalk_child_deb_repo_info}}" + - name: Get the trusted SSL certs get_url: url=http://localhost/pub/RHN-ORG-TRUSTED-SSL-CERT dest=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT - name: Add cron jobs for synchronizing Debian repos cron: name="{{item.name}} repo sync" minute="0" hour="7,19" job="{{spacewalk_scripts_dir}}debianSync.py --username=admin --password={{spacewalk_admin_password}} --channel {{item.label}} --url {{item.repo_url}}" - with_items: "{{spacewalk_deb_repo_info}}" + with_items: "{{spacewalk_deb_repo_info | union(spacewalk_child_deb_repo_info)}}"