diff --git a/ansible/roles/base/tasks/redhat.yml b/ansible/roles/base/tasks/redhat.yml index 852134df..0985cd1d 100644 --- a/ansible/roles/base/tasks/redhat.yml +++ b/ansible/roles/base/tasks/redhat.yml @@ -7,7 +7,9 @@ msg: "OS: {{ ansible_distribution }} {{ ansible_distribution_version }}" - name: Checking the Red Hat Subscription Manager status. - when: ansible_distribution == 'RedHat' + when: + - ansible_distribution == 'RedHat' + - rhsm_enabled ansible.builtin.command: cmd: subscription-manager status register: result diff --git a/ansible/roles/configure/tasks/redhat.yml b/ansible/roles/configure/tasks/redhat.yml index d9c7825f..c8b1490f 100644 --- a/ansible/roles/configure/tasks/redhat.yml +++ b/ansible/roles/configure/tasks/redhat.yml @@ -5,7 +5,9 @@ - name: Disconnecting from Red Hat Subscription Manager. community.general.redhat_subscription: state: absent - when: ansible_distribution == 'RedHat' + when: + - ansible_distribution == 'RedHat' + - rhsm_enabled # Tasks for configuring SSH for public key authentication. - name: Configuring SSH for Public Key Authentication without cloud-init. diff --git a/builds/linux/rhel/8/data/ks.pkrtpl.hcl b/builds/linux/rhel/8/data/ks.pkrtpl.hcl index 354c141b..8e714c9a 100644 --- a/builds/linux/rhel/8/data/ks.pkrtpl.hcl +++ b/builds/linux/rhel/8/data/ks.pkrtpl.hcl @@ -53,6 +53,11 @@ timezone ${vm_guest_os_timezone} ### Partitioning ${storage} +### Additional yum repositories +%{ for repo in yum_repositories ~} +repo --name ${repo.name} --baseurl ${repo.url} %{ if repo.install }--install%{ endif } +%{ endfor ~} + ### Modifies the default set of services that will run under the default runlevel. services --enabled=NetworkManager,sshd @@ -67,8 +72,15 @@ skipx ### Post-installation commands. %post +%{ for gpg_key in rpm_gpg_keys ~} +rpm --import ${gpg_key} +%{ endfor ~} +%{ if rhsm_enabled ~} /usr/sbin/subscription-manager register --username ${rhsm_username} --password ${rhsm_password} --autosubscribe --force /usr/sbin/subscription-manager repos --enable "codeready-builder-for-rhel-8-x86_64-rpms" +%{ else ~} +dnf remove --assumeyes subscription-manager +%{ endif ~} dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm dnf makecache dnf install -y sudo open-vm-tools perl diff --git a/builds/linux/rhel/8/linux-rhel.pkr.hcl b/builds/linux/rhel/8/linux-rhel.pkr.hcl index 1d8c1774..7df25408 100644 --- a/builds/linux/rhel/8/linux-rhel.pkr.hcl +++ b/builds/linux/rhel/8/linux-rhel.pkr.hcl @@ -54,6 +54,7 @@ locals { build_username = var.build_username build_password = var.build_password build_password_encrypted = var.build_password_encrypted + rhsm_enabled = var.rhsm_enabled rhsm_username = var.rhsm_username rhsm_password = var.rhsm_password vm_guest_os_language = var.vm_guest_os_language @@ -74,6 +75,8 @@ locals { lvm = var.vm_disk_lvm }) additional_packages = join(" ", var.additional_packages) + rpm_gpg_keys = var.rpm_gpg_keys + yum_repositories = var.yum_repositories }) } http_ks_command = "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg" @@ -231,6 +234,7 @@ build { "--extra-vars", "ansible_username=${var.ansible_username}", "--extra-vars", "ansible_key='${var.ansible_key}'", "--extra-vars", "enable_cloudinit=${var.vm_guest_os_cloudinit}", + "--extra-vars", "{\"rhsm_enabled\": ${var.rhsm_enabled}}", ] } diff --git a/builds/linux/rhel/8/linux-rhel.pkrvars.hcl.example b/builds/linux/rhel/8/linux-rhel.pkrvars.hcl.example index eb1faeda..50ed2cb5 100644 --- a/builds/linux/rhel/8/linux-rhel.pkrvars.hcl.example +++ b/builds/linux/rhel/8/linux-rhel.pkrvars.hcl.example @@ -21,3 +21,20 @@ vm_firmware = "efi-secure" iso_datastore_path = "iso/linux/rhel" iso_content_library_item = "rhel-8.9-x86_64-dvd" iso_file = "rhel-8.9-x86_64-dvd.iso" + +rpm_gpg_keys = [ + "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" +] + +yum_repositories = [ + { + "name": "baseos", + "url": "http://url/path/to/repo", + "install": true + }, + { + "name": "appstream", + "url": "http://url/path/to/repo", + "install": true + } +] diff --git a/builds/linux/rhel/8/variables.pkr.hcl b/builds/linux/rhel/8/variables.pkr.hcl index d5edca0e..c6204b0c 100644 --- a/builds/linux/rhel/8/variables.pkr.hcl +++ b/builds/linux/rhel/8/variables.pkr.hcl @@ -12,6 +12,11 @@ // Red Hat Subscription Manager Credentials +variable "rhsm_enabled" { + type = bool + description = "Enable Red Hat Subscription Manager." +} + variable "rhsm_username" { type = string description = "The username to Red Hat Subscription Manager." @@ -459,3 +464,21 @@ variable "additional_packages" { description = "Additional packages to install." default = [] } + +// Additional rpm gpg keys +variable "rpm_gpg_keys" { + type = list(string) + description = "Additional rpm gpg keys" + default = [] +} + +// Additional yum repositories +variable "yum_repositories" { + type = list(object({ + name = string + url = string + install = bool + })) + description = "Additional yum repositories" + default = [] +} diff --git a/builds/linux/rhel/9/data/ks.pkrtpl.hcl b/builds/linux/rhel/9/data/ks.pkrtpl.hcl index fd5de8dd..9790d4a5 100644 --- a/builds/linux/rhel/9/data/ks.pkrtpl.hcl +++ b/builds/linux/rhel/9/data/ks.pkrtpl.hcl @@ -53,6 +53,11 @@ timezone ${vm_guest_os_timezone} ### Partitioning ${storage} +### Additional yum repositories +%{ for repo in yum_repositories ~} +repo --name ${repo.name} --baseurl ${repo.url} %{ if repo.install }--install%{ endif } +%{ endfor ~} + ### Modifies the default set of services that will run under the default runlevel. services --enabled=NetworkManager,sshd @@ -67,9 +72,17 @@ skipx ### Post-installation commands. %post +%{ for gpg_key in rpm_gpg_keys ~} +rpm --import ${gpg_key} +%{ endfor ~} +%{ if rhsm_enabled ~} /usr/sbin/subscription-manager register --username ${rhsm_username} --password ${rhsm_password} --autosubscribe --force /usr/sbin/subscription-manager repos --enable "codeready-builder-for-rhel-9-x86_64-rpms" +%{ else ~} +dnf remove --assumeyes subscription-manager +%{ endif ~} dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm + dnf makecache dnf install -y sudo open-vm-tools perl %{ if additional_packages != "" ~} diff --git a/builds/linux/rhel/9/linux-rhel.pkr.hcl b/builds/linux/rhel/9/linux-rhel.pkr.hcl index 7069a729..ca01d932 100644 --- a/builds/linux/rhel/9/linux-rhel.pkr.hcl +++ b/builds/linux/rhel/9/linux-rhel.pkr.hcl @@ -54,6 +54,7 @@ locals { build_username = var.build_username build_password = var.build_password build_password_encrypted = var.build_password_encrypted + rhsm_enabled = var.rhsm_enabled rhsm_username = var.rhsm_username rhsm_password = var.rhsm_password vm_guest_os_language = var.vm_guest_os_language @@ -74,6 +75,8 @@ locals { lvm = var.vm_disk_lvm }) additional_packages = join(" ", var.additional_packages) + rpm_gpg_keys = var.rpm_gpg_keys + yum_repositories = var.yum_repositories }) } http_ks_command = "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg" @@ -231,6 +234,7 @@ build { "--extra-vars", "ansible_username=${var.ansible_username}", "--extra-vars", "ansible_key='${var.ansible_key}'", "--extra-vars", "enable_cloudinit=${var.vm_guest_os_cloudinit}", + "--extra-vars", "{\"rhsm_enabled\": ${var.rhsm_enabled}}", ] } diff --git a/builds/linux/rhel/9/linux-rhel.pkrvars.hcl.example b/builds/linux/rhel/9/linux-rhel.pkrvars.hcl.example index 311e7bdb..b3fef837 100644 --- a/builds/linux/rhel/9/linux-rhel.pkrvars.hcl.example +++ b/builds/linux/rhel/9/linux-rhel.pkrvars.hcl.example @@ -21,3 +21,20 @@ vm_firmware = "efi-secure" iso_datastore_path = "iso/linux/rhel" iso_content_library_item = "rhel-9.4-x86_64-dvd" iso_file = "rhel-9.4-x86_64-dvd.iso" + +rpm_gpg_keys = [ + "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release" +] + +yum_repositories = [ + { + "name": "baseos", + "url": "http://url/path/to/repo", + "install": true + }, + { + "name": "appstream", + "url": "http://url/path/to/repo", + "install": true + } +] diff --git a/builds/linux/rhel/9/variables.pkr.hcl b/builds/linux/rhel/9/variables.pkr.hcl index 3c4c573e..2ae4004d 100644 --- a/builds/linux/rhel/9/variables.pkr.hcl +++ b/builds/linux/rhel/9/variables.pkr.hcl @@ -12,6 +12,11 @@ // Red Hat Subscription Manager Credentials +variable "rhsm_enabled" { + type = bool + description = "Enable Red Hat Subscription Manager." +} + variable "rhsm_username" { type = string description = "The username to Red Hat Subscription Manager." @@ -459,3 +464,21 @@ variable "additional_packages" { description = "Additional packages to install." default = [] } + +// Additional rpm gpg keys +variable "rpm_gpg_keys" { + type = list(string) + description = "Additional rpm gpg keys" + default = [] +} + +// Additional yum repositories +variable "yum_repositories" { + type = list(object({ + name = string + url = string + install = bool + })) + description = "Additional yum repositories" + default = [] +} diff --git a/builds/rhsm.pkrvars.hcl.example b/builds/rhsm.pkrvars.hcl.example index 5af88ee5..5393cd79 100644 --- a/builds/rhsm.pkrvars.hcl.example +++ b/builds/rhsm.pkrvars.hcl.example @@ -8,5 +8,7 @@ */ // Red Hat Subscription Manager Credentials + +rhsm_enabled = true rhsm_username = "packer" rhsm_password = "VMw@re123!" diff --git a/docs/getting-started/configure.md b/docs/getting-started/configure.md index ebb71f1b..98c951ad 100644 --- a/docs/getting-started/configure.md +++ b/docs/getting-started/configure.md @@ -256,6 +256,8 @@ additional_packages = ["git", "make", "vim"] Edit the `config/redhat.pkrvars.hcl` file to configure the credentials for your Red Hat Subscription Manager account. +You can also disable Red Hat Subscription Manger by setting `rhsm_enabled = false`. + ```hcl linenums="1" title="config/rhsm.pkrvars.hcl" hl_lines="1" --8<-- "./builds/rhsm.pkrvars.hcl.example:10:100" ```