Role - tripleo_redhat_enforce

Role Documentation

Welcome to the “tripleo_redhat_enforce” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tripleo_redhat_enforce” role.

# All variables intended for modification should be placed in this file.

# All variables within this role should have a prefix of "tripleo_redhat_enforce"
tripleo_redhat_enforce_debug: '{{ (ansible_verbosity | int) >= 2 | bool }}'
tripleo_redhat_enforce: true
tripleo_redhat_enforce_osp: ''
tripleo_redhat_enforce_os: ''

Role Variables: redhat.yml

# All variables intended for modification should be placed in this file.

# All variables within this role should have a prefix of "tripleo_redhat_enforce"
tripleo_redhat_enforce_osp: ''
tripleo_redhat_enforce_os: ''

Molecule Scenarios

Molecule is being used to test the “tripleo_redhat_enforce” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Driver: podman
Molecule Inventory
        ansible_python_interpreter: /usr/bin/python3
Example default playbook
- name: Converge
  hosts: all
  - role: tripleo_redhat_enforce


This role is for OSP, the downstream version of tripleo and shouldn’t be used with other OS as it required the host to be subscribed.

It enforces policies regarding rhel version and subscribed channel according to the OSP version used.

This module hosts those requirements, so that we prevent update to wrong rhel release or subscription to wrong channels.

Currently it only implements a basic check to the subscribed rhel version.

This check has some fail-safe logic to avoid crashing the update on temporary network issue when running subscription-manager.

We are avoiding the validation framework as this can be easily disabled and we want this enforcement to be mandatory as this could lead user to unsupported combination of OSP/RHEL.

For upstream that change is transparent as the tasks are skipped if the ansible_distribution is not Red Hat.


Very simple usage, just pass the right parameter for the version you plan to check.

Remember this won’t have any effects on anything else than a Red Hat subscribed host.

- name: Enforce RHOSP rules regarding subscription.
    name: tripleo_redhat_enforce
    tripleo_redhat_enforce_osp: 16.0
    tripleo_redhat_enforce_os: 8.1

Roles variables


Default Value




No used currently


true on Red Hat distribution false everywhere else

Set to true to run validation


OSP version (16.0, 16.1,…)

Version of OSP


RHEL version (8.1, 8.2, …)

Version of RHEL