Rework import script to handle repolist pickle

helpers.py

@@ -177,20 +177,20 @@ def get_org_id(org_name):
     return org_id
 
 
-def wait_for_task(task_id):
+def wait_for_task(task_id, label):
     """
     Wait for the given task ID to complete
     This displays a message without CR/LF waiting for an OK/FAIL status to be shown
     """
-    msg = "Waiting for export to complete...                        "
+    msg = "Waiting for " + label + " to complete...                        "
     print msg,
     log_msg(msg, 'INFO')
     # Force the status message to be shown to the user
     sys.stdout.flush()
     while True:
         info = get_json(FOREMAN_API + "tasks/" + str(task_id))
         if info['state'] == 'paused' and info['result'] == 'error':
-            msg = "Error with Content View Update " + str(task_id)
+            msg = "Error with " + label + " " + str(task_id)
             log_msg(msg, 'ERROR')
             break
         if info['pending'] != 1:

install_scripts/sat62_setup.txt

@@ -125,6 +125,66 @@ satellite-installer --foreman-ipa-authentication=true      # Enables IPA for Aut
 satellite-installer --foreman-pam-service=satellite-prod   # Enables HBAC
 
 
+#####################
+# If using LDAP for Auth:
+#
+setsebool -P authlogin_nsswitch_use_ldap=1
+
+# We need the certs that make up the CA chain:
+cat << EOF > /etc/pki/tls/certs/CA.pem
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+EOF
+
+cat << EOF > /etc/pki/tls/certs/rootca.pem
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+EOF
+
+cd /etc/pki/tls/certs
+ln -s rootca.pem /etc/pki/tls/certs/$(openssl x509 -noout -hash -in /etc/pki/tls/certs/rootca.pem).0
+ln -s CA.pem /etc/pki/tls/certs/$(openssl x509 -noout -hash -in /etc/pki/tls/certs/CA.pem).0
+
+hammer auth-source ldap create --name 'LDAP Server' --host ldap.example.org -server-type posix \
+  --tls yes --port 636 --base-dn ou=People,ou=example,o=com,c=au --attr-login uid
+
+# Verify the auth source
+hammer auth-source ldap list
+
+
+######################
+# Configure Email delivery
+#
+# If we need to insert a classification header on the email:
+cat << EOF > /etc/postfix/classification
+/^Content-Transfer-Encoding/i PREPEND x-classification: UNCLASSIFIED
+/^Content-Transfer-Encoding/i PREPEND x-protective-marking: VER=2012.3, NS=example.org, SEC=UNCLASSIFIED, [email protected]
+EOF
+sed -i 's/^#header_checks = /header_checks = regexp:\/etc\/postfix\/classification/' /etc/postfix/main.cf
+
+# Set Satellite to send mail to the local postfix instance:
+cat << EOF > /etc/foreman/email.yaml
+# Outgoing email settings
+production:
+  delivery_method: :smtp
+  smtp_settings:
+    address: localhost
+    port: 25
+    enable_starttls_auto: false
+EOF
+sed -i 's/^#relayhost = uucphost/relayhost = smtp.example.org/' /etc/postfix/main.cf
+systemctl restart postfix
+
+# Set the email addresses in Satellite itself
+hammer settings set --name email_reply_address --value "[email protected]"
+hammer settings set --name email_subject_prefix --value "[Satellite 6]"
+
+# Restart Satellite
+katello-service restart
+
+
 #######################
 # Configure content export location
 hammer settings set --name pulp_export_destination --value /var/sat-export

install_scripts/sat62disc_setup.txt

@@ -111,6 +111,7 @@ hammer host update --location="$LOC" --name sat62disc.example.org
 
 ######################
 # If using IPA for Auth:
+#
 ## ON IPA SERVER:
 ipa service-add HTTP/sat62disc.example.org
 
@@ -133,6 +134,65 @@ satellite-installer --foreman-ipa-authentication=true      # Enables IPA for Aut
 satellite-installer --foreman-pam-service=satellite-prod   # Enables HBAC 
 
 
+######################
+# If using LDAP for Auth:
+#
+setsebool -P authlogin_nsswitch_use_ldap=1
+
+# We need the certs that make up the CA chain:
+cat << EOF > /etc/pki/tls/certs/CA.pem
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+EOF
+
+cat << EOF > /etc/pki/tls/certs/rootca.pem
+-----BEGIN CERTIFICATE-----
+...
+-----END CERTIFICATE-----
+EOF
+
+cd /etc/pki/tls/certs
+ln -s rootca.pem /etc/pki/tls/certs/$(openssl x509 -noout -hash -in /etc/pki/tls/certs/rootca.pem).0
+ln -s CA.pem /etc/pki/tls/certs/$(openssl x509 -noout -hash -in /etc/pki/tls/certs/CA.pem).0
+
+hammer auth-source ldap create --name 'LDAP Server' --host ldap.example.org -server-type posix \
+  --tls yes --port 636 --base-dn ou=People,ou=example,o=com,c=au --attr-login uid
+
+# Verify the auth source
+hammer auth-source ldap list
+
+
+######################
+# Configure Email delivery
+#
+# If we need to insert a classification header on the email:
+cat << EOF > /etc/postfix/classification
+/^Content-Transfer-Encoding/i PREPEND x-classification: UNCLASSIFIED
+/^Content-Transfer-Encoding/i PREPEND x-protective-marking: VER=2012.3, NS=example.org, SEC=UNCLASSIFIED, [email protected]
+EOF
+sed -i 's/^#header_checks = /header_checks = regexp:\/etc\/postfix\/classification/' /etc/postfix/main.cf
+
+# Set Satellite to send mail to the local postfix instance:
+cat << EOF > /etc/foreman/email.yaml
+# Outgoing email settings
+production:
+  delivery_method: :smtp
+  smtp_settings:
+    address: localhost
+    port: 25
+    enable_starttls_auto: false
+EOF
+sed -i 's/^#relayhost = uucphost/relayhost = smtp.example.org/' /etc/postfix/main.cf
+systemctl restart postfix
+
+# Set the email addresses in Satellite itself
+hammer settings set --name email_reply_address --value "[email protected]"
+hammer settings set --name email_subject_prefix --value "[Satellite 6]"
+
+# Restart Satellite
+katello-service restart
+
 
 ######################
 # Configure Content Import Mount
@@ -277,6 +337,21 @@ for i in $(hammer --csv repository list --organization-id 1 | grep -vi '^ID' | a
 done
 
 
+##########################
+# Self-register the Satellite to itself
+rpm -ivh /var/www/html/pub/katello-ca-consumer-latest.noarch.rpm
+subscription-manager register --user admin --pass ChangeMe --org $ORG
+
+#-- You will need to attach RHCI or Satellite subscription to host via the WebUI
+
+
+
+##########################
+# Install/Configure virt-who
+yum -y install virt-who
+
+
+
 
 #####################################
 # Locations etc
@@ -409,8 +484,6 @@ hammer activation-key create --content-view 'RHEL Server' --lifecycle-environmen
 
 
 
-
-
 #########################
 # Puppet
 # (May need selinux module for nfs_t)

sat_export.py

@@ -1,13 +1,13 @@
 #!/usr/bin/python
 #title           :sat_export.py
-#description     :Exports Satellite 6 Default Content View for disconnected environments
+#description     :Exports Satellite 6 Content for disconnected environments
 #URL             :https://github.com/ggatward/sat6_scripts
 #author          :Geoff Gatward <[email protected]>
 #notes           :This script is NOT SUPPORTED by Red Hat Global Support Services.
 #license         :GPLv3
 #==============================================================================
 """
-Exports Default Org Content View.
+Exports Satellite 6 yum content.
 """
 
 import sys, argparse, datetime, os, shutil, pickle
@@ -541,7 +541,7 @@ def main():
         export_id = export_cv(dov_ver, last_export, export_type)
 
         # Now we need to wait for the export to complete
-        helpers.wait_for_task(export_id)
+        helpers.wait_for_task(export_id, 'export')
 
         # Check if the export completed OK. If not we exit the script.
         tinfo = helpers.get_task_status(export_id)
@@ -592,7 +592,7 @@ def main():
                         export_id = export_repo(repo_result['id'], last_export, export_type)
 
                         # Now we need to wait for the export to complete
-                        helpers.wait_for_task(export_id)
+                        helpers.wait_for_task(export_id, 'export')
 
                         # Check if the export completed OK. If not we exit the script.
                         tinfo = helpers.get_task_status(export_id)