Role - tripleo_redhat_enforce

Role Documentation

Welcome to the “tripleo_redhat_enforce” role documentation.

Role Defaults

This section highlights all of the defaults and variables set within the “tripleo_redhat_enforce” role.

# All variables intended for modification should be placed in this file.

# All variables within this role should have a prefix of "tripleo_redhat_enforce"
tripleo_redhat_enforce_debug: '{{ (ansible_verbosity | int) >= 2 | bool }}'
tripleo_redhat_enforce: true
tripleo_redhat_enforce_osp: ''
tripleo_redhat_enforce_os: ''

Role Variables: redhat.yml

# All variables intended for modification should be placed in this file.

# All variables within this role should have a prefix of "tripleo_redhat_enforce"
tripleo_redhat_enforce_osp: ''
tripleo_redhat_enforce_os: ''

Molecule Scenarios

Molecule is being used to test the “tripleo_redhat_enforce” role. The following section highlights the drivers in service and provides an example playbook showing how the role is leveraged.

Scenario: default

Driver: podman
Molecule Inventory
hosts:
  all:
    hosts:
      ubi8:
        ansible_python_interpreter: /usr/bin/python3
Example default playbook
- name: Converge
  hosts: all
  roles:
  - role: tripleo_redhat_enforce

Description

This role is for OSP, the downstream version of tripleo and shouldn’t be used with other OS as it required the host to be subscribed.

It enforces policies regarding rhel version and subscribed channel according to the OSP version used.

This module hosts those requirements, so that we prevent update to wrong rhel release or subscription to wrong channels.

Currently it only implements a basic check to the subscribed rhel version.

This check has some fail-safe logic to avoid crashing the update on temporary network issue when running subscription-manager.

We are avoiding the validation framework as this can be easily disabled and we want this enforcement to be mandatory as this could lead user to unsupported combination of OSP/RHEL.

For upstream that change is transparent as the tasks are skipped if the ansible_distribution is not Red Hat.

Usage

Very simple usage, just pass the right parameter for the version you plan to check.

Remember this won’t have any effects on anything else than a Red Hat subscribed host.

- name: Enforce RHOSP rules regarding subscription.
  include_role:
    name: tripleo_redhat_enforce
  vars:
    tripleo_redhat_enforce_osp: 16.0
    tripleo_redhat_enforce_os: 8.1

Roles variables

Name

Default Value

Description

tripleo_redhat_enforce_debug

false

No used currently

tripleo_redhat_enforce

true on Red Hat distribution false everywhere else

Set to true to run validation

tripleo_redhat_enforce_osp

OSP version (16.0, 16.1,…)

Version of OSP

tripleo_redhat_enforce_os

RHEL version (8.1, 8.2, …)

Version of RHEL