Deploying with RHSM

Deploying with RHSM

Summary

Starting in the Queens release, it is possible to use Ansible to apply the RHSM (Red Hat Subscription Management) configuration.

Instead of the pre_deploy rhel-registration script, the new RHSM service will allow our operators to:

  1. deploy advanced RHSM configurations, where each role can have their own repositories for example.
  2. use config-download mechanism so operators can run the playbooks at anytime after the deployment, in case RHSM parameters have changed.

Using RHSM

To enable deployment with Ansible and config-download pass the additional arg to the deployment command:

openstack overcloud deploy \
    <other cli args> \
    -e ~/rhsm.yaml

Note

This feature requires config-download to be enabled, which wasn’t the case in Queens. If you’re deploying on this release, make sure you deploy with config-download enabled:

-e /usr/share/openstack-tripleo-heat-templates/environments/config-download-environment.yaml \
--config-download

The rhsm.yaml environment enables mapping the OS::TripleO::Services::Rhsm to the extraconfig service:

resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/extraconfig/services/rhsm.yaml
parameter_defaults:
  RhsmVars:
    rhsm_activation_key: "secrete_key"
    rhsm_org_id: "Default_Organization"
    rhsm_server_hostname: "mysatserver.com"
    rhsm_baseurl: "https://mysatserver.com/pulp/repos"
    rhsm_method: satellite
    rhsm_insecure: yes

In some advanced use cases, you might want to configure RHSM for a specific role:

parameter_defaults:
  ComputeHCIParameters:
    RhsmVars:
      rhsm_activation_key: "secrete_key"
      rhsm_org_id: "Default_Organization"
      rhsm_server_hostname: "mysatserver.com"
      rhsm_baseurl: "https://mysatserver.com/pulp/repos"
      rhsm_method: satellite
      rhsm_insecure: yes

In that case, all nodes deployed with ComputeHCI will be configured with these RHSM parameters.

Scale-down the Overcloud

The automatic unsubscription isn’t currently supported and before scaling down the Overcloud, the operator will have to run this playbook against the host(s) that will be removed. Example when we want to remove 2 compute nodes:

- hosts:
     - overcloud-compute47
     - overcloud-compute72
  vars:
    rhsm_username: bob.smith@acme.com
    rhsm_password: my_secret
    rhsm_state: absent
  roles:
     - openstack.redhat-subscription

The playbook needs to be executed prior to the actual scale-down.

Transition from previous method

The previous method ran a script called rhel-registration during pre_deploy step, which is located in the extraconfig/pre_deploy/rhel-registration folder. While the script is still working, you can perform a migration to the new service by replacing the parameters used in rhel-registration with RhsmVars and switching the resource_registry from:

resource_registry:
  OS::TripleO::NodeExtraConfig: rhel-registration.yaml

To:

resource_registry:
  OS::TripleO::Services::Rhsm: /usr/share/openstack-tripleo-heat-templates/extraconfig/services/rhsm.yaml

The following table shows a migration path from the old rhe-registration parameters to the new RhsmVars:

rhel-registration script rhsm with Ansible (RhsmVars)
rhel_reg_activation_key rhsm_activation_key
rhel_reg_auto_attach rhsm_autosubscribe
rhel_reg_sat_url rhsm_satellite_url
rhel_reg_org rhsm_org_id
rhel_reg_password rhsm_password
rhel_reg_repos rhsm_repos
rhel_reg_pool_id rhsm_pool_ids
rhel_reg_user rhsm_username
rhel_reg_method rhsm_method
rhel_reg_http_proxy_host rhsm_rhsm_proxy_hostname
rhel_reg_http_proxy_port rhsm_rhsm_proxy_port
rhel_reg_http_proxy_username rhsm_rhsm_proxy_user
rhel_reg_http_proxy_password rhsm_rhsm_proxy_password

More about the Ansible role

TripleO is using the Ansible role for Red Hat Subscription.

The role parameters aren’t documented here to avoid duplication but it is recommended to take a look at them in the repository when using this feature in TripleO.

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.