Friday, December 18, 2015

Managing Red Hat Subscriptions with Chef [feedly]

Managing Red Hat Subscriptions with Chef
https://www.chef.io/blog/2015/12/09/managing-red-hat-subscriptions-with-chef-2/

-- via my feedly.com reader

Keeping your Red Hat systems patched is critical, and registering your nodes with Red Hat Subscription Manager (RHSM) or a Red Hat Satellite is the first step. Frequently, users will handle the registration manually or bake it in to their nodes with a one-time startup script.

We think there's a better way, so we are happy to share our new redhat_subscription_manager cookbook with you, which can now be found on the Supermarket and GitHub. The custom resources in this new cookbook allow you to use RHSM / Red Hat Satellite to manage your subscriptions and errata while still maintaining your "infrastructure as code," keeping your desired state codified in your cookbooks.

The new cookbook provides the following custom resources you can use in your own recipes:

  • rhsm_register: register you host with RHSM or your own locally-run Red Hat Satellite
  • rhsm_subscription: attach or remove a subscription, useful for when an additional subscription is needed but not automatically attached in your organization's activation key configuration
  • rhsm_repo: enable or disable Yum repositories that are available via your attached subscriptions
  • rhsm_errata: install all packages for a given security erratum
  • rhsm_errata_level: install all packages available for any available security errata for a given severity level

Here is an example recipe using the new custom resources:

# register the node against our company satellite server  rhsm_register 'mynode' do    satellite_host 'rhsatellite.mycompany.com'    activation_key 'my-sooper-seekret-key'    action :register  end    # activate an additional subscription  rhsm_subscription '1cf2f1559e0e40b4a2ebc39ee46b9686' do    action :attach  end    # apply patches to mitigate Shellshock  rhsm_errata 'RHSA-2014:1293'  rhsm_errata 'RHSA-2014:1294'  rhsm_errata 'RHSA-2014:1295'    # ensure any critical security patches are installed  rhsm_errata_level 'critical'  

To use the new cookbook, add a dependency in your own cookbook's metadata.rb:

depends 'redhat_subscription_manager', '~> 0.1'  

… and add the custom resources to a recipe of your choice.

The cookbook utilizes the newer subscription-manager tool and supports Red Hat Subscription Management hosted by Red Hat as well as Red Hat Satellite v6 or later which can be run by you behind your firewall. You can find more information in the GitHub repo. We hope you enjoy managing your Red Hat nodes with Chef!