community.general
community.general copied to clipboard
ansible-collections
Skip attach operation for OS versions that no longer support attach
SUMMARY
Skip the attach operation for OS versions where the subscription-manager attach sub-command has been removed.
Fixes https://github.com/ansible-collections/community.general/issues/10253.
ISSUE TYPE
- Bugfix Pull Request
COMPONENT NAME
redhat_subscription
ADDITIONAL INFORMATION
Before the change, the module would fail with the error seen in https://github.com/ansible-collections/community.general/issues/10253 when registering an RHEL 10.0 host with auto_attach enabled. With the change, registration succeeds on RHEL 10 with auto_attach enabled. Also confirmed that registration of an RHEL 9.x host still works as before. Post-registration, confirmed that subscription-manager identity showed org ID and that yum update worked correctly on both RHEL 9.x and 10.0 test hosts.
From inspecting RHEL 9.x and 10.x hosts, I believe that subscription-manager version 1.29 was the last to include the attach and remove sub-commands.
RHEL 9.x:
# rpm -q subscription-manager
subscription-manager-1.29.42-1.el9.x86_64
RHEL 10.0:
# rpm -q subscription-manager
subscription-manager-1.30.6-1.el10_0.x86_64
I don't have easy access to Fedora hosts for testing, so I'm basing the Fedora version in this PR on what I can see from package lists for Fedora mirrors. Fedora 40 mirrors show subscription-manager-1.29.40-2.fc40.x86_64.rpm, while Fedora 41 mirrors show subscription-manager-1.30.2-1.fc41.x86_64.rpm. Based on those version numbers, I'm inferring that Fedora 41+ will behave the same as RHEL 10.
The test ansible-test sanity --test shebang [explain] failed with 1 error:
changelogs/fragments/10253-redhat_subscription-attach.yml:0:0: file without shebang should not be executable
The test ansible-test sanity --test shebang [explain] failed with 1 error:
changelogs/fragments/10253-redhat_subscription-attach.yml:0:0: file without shebang should not be executable
The test ansible-test sanity --test shebang [explain] failed with 1 error:
changelogs/fragments/10253-redhat_subscription-attach.yml:0:0: file without shebang should not be executable
Hi @dvanderveer,
I noticed your changes, I haven't forgot about you :)
The version check for auto_attach needs to be properly tested in both cases (i.e. "old" and "new" OSes), as it changes which commands are actually called (see the list of cases & commands expected in tests/unit/plugins/modules/test_redhat_subscription.py). The problem here is that we need to mock also distro, and the current framework in the unit test does not support that. It was not a problem until now because all the version checks are done only when registering via D-Bus, which is not unit-tested at all (yes, I know, it's my fault here; trying to test & mock it was a nightmare, and I cannot find my old failed experiments for it). Also, in general the version situation is a bit of a mess: it started easily, and sadly it needed to be used more and more, and it's my fault again here for not having found a cleaner way.
Please give me some days that I want to think about the testing situation for this a bit more, and see what I can come up with.
@kleini There is a workaround for this issue. If you set auto_attach: false, the module works correctly on RHEL 10 and Fedora 41+. The whole notion of attaching to subscriptions was removed in subscription-manager v1.30, so there's no need for subscription-manager attach to be executed on these OS versions.
If your playbook needs to support a mix of OS versions with and without the the subscription-manager attach command, you can conditionalize the setting:
- name: Set RedHat subscription fact
ansible.builtin.set_fact:
# subscription-manager attach was removed in RHEL 10 and Fedora 41
rhel_auto_attach: >-
{%- if ansible_distribution == 'RedHat' and ansible_distribution_version is version('10', '>=') -%}
false
{%- elif ansible_distribution == 'Fedora' and ansible_distribution_version is version('41', '>=') -%}
false
{%- else -%}
true
{%- endif -%}
- name: Register RedHat system
community.general.redhat_subscription:
auto_attach: "{{ rhel_auto_attach | bool }}"
...
@dvanderveer That was my first idea, too. I just omit auto_attach for RHEL 10. But then I get from subscription-manager, that
Repositories disabled by configuration
and
rhel-10-for-x86_64-baseos-rpms is not a valid repository ID
Okay, all these problems do not occur with latest 11.1.2 release.
@kleini There is a workaround for this issue. If you set
auto_attach: false, the module works correctly on RHEL 10 and Fedora 41+. The whole notion of attaching to subscriptions was removed insubscription-managerv1.30, so there's no need forsubscription-manager attachto be executed on these OS versions.
Also, the concept of "auto attaching" is specific to entitlement-based accounts, which were deprecated more than 3 years ago for systems connected directly to Red Hat, and similar for Katello/Satellite: https://access.redhat.com/articles/transition_of_subscription_services_to_the_hybrid_cloud_console
If your account is in SCA mode (check the output of subscription-manager status), then you don't need auto_attach at all, even in previous versions of RHEL; subscription-manager in versions 8.6+, 9.0+, and in a ZStream update for 7 released ~2 years ago, silently ignores auto-attach when registering to an SCA account/organization.
I just omit
auto_attachfor RHEL 10. But then I get from subscription-manager, thatRepositories disabled by configuration
This was fixed by #9778, which is available in community.general 9.5.5+, 10.4.0+, and 11+.
Back to this PR: sorry again for the lack of activity here.
I have a local branch with a refactoring to simplify getting the OS version for the whole module (which is done in few places); this will make it possible to mock the OS version in the tests, to check changes that affect how the CLI is invoked depending on the OS.
Please note that this PR now has a conflict since we reformatted all code in the collection (see #10999).