qe-sap-deployment/ansible/playbooks/registration.yaml at 0f1b43b71a5e733d518fdc548c3fec0f521b9109 · SUSE/qe-sap-deployment · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
---
- name: Register
  hosts: all
  remote_user: cloudadmin
  become: true
  become_user: root
  gather_facts: false
  environment:
    ZYPP_LOCK_TIMEOUT: '120'

  vars:
    use_suseconnect: false  # Set to false unless specified

  tasks:

    # Pre flight checks
    - name: Wait until passwordless sudo works in GCP
      become: false # This task is to check sudo is ready
      ansible.builtin.command: sudo -n true
      register: sudo_test
      retries: 30
      delay: 5
      until: sudo_test.rc == 0
      changed_when: false
      failed_when: sudo_test.rc != 0

    - name: Gather facts (manually, after sudo is ready)
      ansible.builtin.setup:
      changed_when: false

    - name: Check for instance-flavor-check presence
      ansible.builtin.command: which instance-flavor-check
      register: ifc_bin
      changed_when: false
      failed_when: false

    - name: Check for SUSEConnect binary presence
      ansible.builtin.command: which SUSEConnect
      changed_when: false

    - name: Check for image type with instance-flavor-check
      ansible.builtin.command: instance-flavor-check
      register: flavor
      failed_when: flavor.rc not in [10, 11, 12]
      changed_when: false
      when: ifc_bin.rc == 0

    - name: Set registration flag based on instance-flavor-check
      ansible.builtin.set_fact:
        to_be_registered: "{{ 'BYOS' in flavor.stdout }}"
      when: ifc_bin.rc == 0

    # If instance-flavor-check is not available
    # try to figure it out if image is PAYG or BYOS looking
    # for not registered repos
    - name: Check for registration
      ansible.builtin.command: SUSEConnect -s
      register: repos
      until: repos.rc == 0
      retries: 5
      delay: 120
      failed_when: repos.rc != 0
      changed_when: false
      when: ifc_bin.rc != 0

    # Check if there are instances of `Not Registered` in it
    - name: Check for 'Not Registered'
      ansible.builtin.set_fact:
        to_be_registered: "{{ 'Not Registered' in repos.stdout }}"
      when: ifc_bin.rc != 0

    # Is registercloudguest available?
    # only run it if:
    #  - there's at least one 'Not Registered' module
    - name: Check for registercloudguest
      ansible.builtin.command: which registercloudguest
      register: is_registercloudguest_bin
      failed_when: false
      changed_when: false

    # Next four tasks are about bug bsc 1217583. This bug is already fixed
    # in cloud-regionsrv-client 10.1.7, but SLES 15SP2 does not have it in
    # the image, only get it after an update. But, at least for BYOS images,
    # update is not possible with registercloudguest, due to the bug itself.
    # Workaround is to force registration with SUSEConnect
    - name: Gather the package facts to check cloud-regionsrv-client in 15sp2
      ansible.builtin.package_facts:
        manager: auto
      when:
        - ansible_facts['distribution_version'] == '15.2'
        - not use_suseconnect | bool

    - name: Softfail for old cloud-regionsrv-client in 15sp2
      ansible.builtin.debug:
        msg:
          - "[OSADO][softfail] bsc#1217583 IPv6 handling during registration"
          - "use_suseconnect: {{ use_suseconnect }}"
      when:
        - ansible_facts['distribution_version'] == '15.2'
        - ansible_facts.packages['cloud-regionsrv-client'][0].version is version('10.1.7', '<')
        - not use_suseconnect | bool

    - name: Force SUSEConnect usage in case of old cloud-regionsrv-client avoiding 1217583
      ansible.builtin.set_fact:
        use_suseconnect: true
      when:
        - ansible_facts['distribution_version'] == '15.2'
        - ansible_facts.packages['cloud-regionsrv-client'][0].version is version('10.1.7', '<')
        - not use_suseconnect | bool

    - name: Validate reg code
      ansible.builtin.assert:
        that:
          - reg_code | length > 0
        fail_msg: "'reg_code' must not be empty"
        success_msg: "'reg_code' is OK"
      changed_when: false
      when:
        - to_be_registered
        - is_registercloudguest_bin.rc == 0
        - not use_suseconnect | bool

    # Start by pre-cleaning all. Only run it if:
    #  - the registercloudguest binary is available
    #  - there's at least one 'Not Registered' module
    #  - the user does not force SUSEConnect usage with 'use_suseconnect'
    - name: Pre-run cleaning registercloudguest
      ansible.builtin.command: registercloudguest --clean
      register: cleanout
      changed_when: cleanout.rc == 0
      when:
        - to_be_registered
        - is_registercloudguest_bin.rc == 0
        - not use_suseconnect | bool

    - name: Run registercloudguest registration
      ansible.builtin.command: registercloudguest --force-new -r "{{ reg_code }}" -e "{{ email_address }}"
      register: result
      until: result is succeeded
      retries: 10
      delay: 60
      failed_when: result.rc != 0 or result.stderr != ""
      changed_when: result.rc == 0
      when:
        - to_be_registered
        - is_registercloudguest_bin.rc == 0
        - not use_suseconnect | bool

    # Fall back on SUSEConnect if:
    #   - registercloudguest is not present
    # or
    #   - the user explicitly require using SUSEConnect
    - name: SUSEConnect registration
      ansible.builtin.command: SUSEConnect -r "{{ reg_code }}" -e "{{ email_address }}"
      register: result
      changed_when: result.rc == 0
      until: result is succeeded
      retries: 10
      delay: 60
      when:
        - to_be_registered
        - "(is_registercloudguest_bin.rc != 0) or (use_suseconnect | bool)"

    # There are additional repos to add.
    # These are handled differently for SLES 15 and SLES12
    - name: Add SLES 12 Advanced Systems Modules
      ansible.builtin.command: SUSEConnect -p sle-module-adv-systems-management/12/{{ ansible_facts['architecture'] }} -r "{{ reg_code }}"
      register: result
      changed_when: result.rc == 0
      until: result is succeeded
      retries: 10
      delay: 60
      when:
        - ansible_facts['distribution_major_version'] == "12"
        - to_be_registered
        - "(is_registercloudguest_bin.rc != 0) or (use_suseconnect | bool)"

    - name: Add SLES 12 public cloud module
      ansible.builtin.command: SUSEConnect -p sle-module-public-cloud/12/{{ ansible_facts['architecture'] }}
      register: result
      changed_when: result.rc == 0
      until: result is succeeded
      retries: 10
      delay: 60
      when:
        - ansible_facts['distribution_major_version'] == "12"
        - to_be_registered
        - "(is_registercloudguest_bin.rc != 0) or (use_suseconnect | bool)"

    - name: Add SLES 15 public cloud module
      ansible.builtin.command: SUSEConnect -p sle-module-public-cloud/{{ ansible_facts['distribution_version'] }}/{{ ansible_facts['architecture'] }}
      register: result
      changed_when: result.rc == 0
      until: result is succeeded
      retries: 10
      delay: 60
      when:
        - ansible_facts['distribution_major_version'] == "15"
        - to_be_registered
        - "(is_registercloudguest_bin.rc != 0) or (use_suseconnect | bool)"

    # Latest version of cloud-regionsrv-client is needed in PAYG, and image
    # needs to be registered in order for zypper up to work.
    # see https://www.suse.com/c/long-term-service-pack-support-for-payg-instances-simplified/
    - name: Ensure cloud-regionsrv-client is on latest version.
      community.general.zypper:
        name: cloud-regionsrv-client
        state: latest
      when:
        - sles_modules is defined and sles_modules | length > 0

    - name: Add additional authenticated modules [SUSEConnnect]
      ansible.builtin.command: SUSEConnect -p {{ item.key }} -r {{ item.value }}
      register: result
      changed_when: result.rc == 0
      until: result is succeeded
      retries: 10
      delay: 60
      when:
        - sles_modules is defined and sles_modules | length > 0
        - "(is_registercloudguest_bin.rc != 0) or (use_suseconnect | bool)"
      loop: "{{ sles_modules }}"
      loop_control:
        label: "{{ item.key }}"

    - name: Add additional authenticated modules [registercloudguest]
      ansible.builtin.command: registercloudguest -r {{ item.value }}
      register: result
      changed_when: result.rc == 0
      until: result is succeeded
      retries: 10
      delay: 60
      when:
        - sles_modules is defined and sles_modules | length > 0
        - is_registercloudguest_bin.rc == 0
        - not use_suseconnect | bool
      loop: "{{ sles_modules }}"
      loop_control:
        label: "{{ item.key }}"

    - name: Check if repos are added after registration
      ansible.builtin.command: zypper lr -u
      register: repos_after
      failed_when: repos_after.rc != 0
      changed_when: false