From 953261ffd2eb52b7176ab365fb0c4e9245435d99 Mon Sep 17 00:00:00 2001
From: "Eric D. Helms" <ericdhelms@gmail.com>
Date: Thu, 2 Jul 2020 15:16:29 -0400
Subject: [PATCH] Refs #30316: Drop bootstrap RPM code

---
 manifests/katello.pp                   |  62 -------------
 spec/classes/certs_katello_spec.rb     |  31 -------
 templates/rhsm-katello-reconfigure.erb | 115 -------------------------
 3 files changed, 208 deletions(-)
 delete mode 100644 manifests/katello.pp
 delete mode 100644 spec/classes/certs_katello_spec.rb
 delete mode 100755 templates/rhsm-katello-reconfigure.erb

diff --git a/manifests/katello.pp b/manifests/katello.pp
deleted file mode 100644
index 132d0886..00000000
--- a/manifests/katello.pp
+++ /dev/null
@@ -1,62 +0,0 @@
-# == Class: certs::katello
-#
-# This class builds an RPM containing the bootstrap for a candlepin consumer.
-# This file is placed in $katello_www_pub_dir.
-#
-class certs::katello (
-  $hostname                          = $certs::node_fqdn,
-  $deployment_url                    = undef,
-  $rhsm_port                         = 443,
-  $rhsm_ca_dir                       = '/etc/rhsm/ca',
-  $candlepin_cert_rpm_alias_filename = 'katello-ca-consumer-latest.noarch.rpm',
-  $katello_www_pub_dir               = '/var/www/html/pub',
-  $katello_server_ca_cert            = $certs::katello_server_ca_cert,
-  $server_ca_name                    = $certs::server_ca_name,
-  $ca_cert                           = $certs::ca_cert,
-  $server_ca                         = $certs::server_ca,
-) inherits certs {
-  $katello_rhsm_setup_script      = 'katello-rhsm-consumer'
-  $katello_rhsm_setup_script_location = "/usr/bin/${katello_rhsm_setup_script}"
-
-  $candlepin_consumer_name        = "katello-ca-consumer-${hostname}"
-  $candlepin_consumer_summary     = "Subscription-manager consumer certificate for Katello instance ${hostname}"
-  $candlepin_consumer_description = 'Consumer certificate and post installation script that configures rhsm.'
-
-  include trusted_ca
-  trusted_ca::ca { 'katello_server-host-cert':
-    source  => $katello_server_ca_cert,
-    require => File[$katello_server_ca_cert],
-  }
-
-  file { $katello_www_pub_dir:
-    ensure => directory,
-    owner  => 'apache',
-    group  => 'apache',
-    mode   => '0755',
-  } ->
-  # Placing the CA in the pub dir for trusting by a user in their browser
-  file { "${katello_www_pub_dir}/${server_ca_name}.crt":
-    ensure  => file,
-    source  => $katello_server_ca_cert,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    require => File[$katello_server_ca_cert],
-  } ~>
-  certs::rhsm_reconfigure_script { "${katello_www_pub_dir}/${katello_rhsm_setup_script}":
-    ca_cert        => $ca_cert,
-    server_ca_cert => $katello_server_ca_cert,
-  } ~>
-  certs_bootstrap_rpm { $candlepin_consumer_name:
-    dir              => $katello_www_pub_dir,
-    summary          => $candlepin_consumer_summary,
-    description      => $candlepin_consumer_description,
-    # katello-default-ca is needed for the katello-agent to work properly
-    # (especially in the custom certs scenario)
-    files            => ["${katello_rhsm_setup_script_location}:755=${katello_www_pub_dir}/${katello_rhsm_setup_script}"],
-    bootstrap_script => "/bin/bash ${katello_rhsm_setup_script_location}",
-    postun_script    => file('certs/postun.sh'),
-    alias            => $candlepin_cert_rpm_alias_filename,
-    subscribe        => $server_ca,
-  }
-}
diff --git a/spec/classes/certs_katello_spec.rb b/spec/classes/certs_katello_spec.rb
deleted file mode 100644
index 51bc3df9..00000000
--- a/spec/classes/certs_katello_spec.rb
+++ /dev/null
@@ -1,31 +0,0 @@
-require 'spec_helper'
-
-describe 'certs::katello' do
-  on_supported_os.each do |os, os_facts|
-    context "on #{os}" do
-      let :facts do
-        os_facts
-      end
-
-      context 'with parameters' do
-        let :pre_condition do
-          "class {'certs': pki_dir => '/tmp', server_ca_name => 'server_ca', default_ca_name => 'default_ca'}"
-        end
-
-        it { should contain_trusted_ca__ca('katello_server-host-cert').with_source('/tmp/certs/server_ca.crt') }
-
-        it do
-          should contain_certs_bootstrap_rpm('katello-ca-consumer-foo.example.com')
-            .with_dir('/var/www/html/pub')
-            .with_summary('Subscription-manager consumer certificate for Katello instance foo.example.com')
-            .with_description('Consumer certificate and post installation script that configures rhsm.')
-            .with_files(['/usr/bin/katello-rhsm-consumer:755=/var/www/html/pub/katello-rhsm-consumer'])
-            .with_bootstrap_script('/bin/bash /usr/bin/katello-rhsm-consumer')
-            .with_postun_script("if [ $1 -eq 0 ]; then\ntest -f /etc/rhsm/rhsm.conf.kat-backup && command cp /etc/rhsm/rhsm.conf.kat-backup /etc/rhsm/rhsm.conf\nfi\n")
-            .with_alias('katello-ca-consumer-latest.noarch.rpm')
-            .that_subscribes_to(['Ca[server_ca]', 'Certs::Rhsm_reconfigure_script[/var/www/html/pub/katello-rhsm-consumer]'])
-        end
-      end
-    end
-  end
-end
diff --git a/templates/rhsm-katello-reconfigure.erb b/templates/rhsm-katello-reconfigure.erb
deleted file mode 100755
index 3a50fea4..00000000
--- a/templates/rhsm-katello-reconfigure.erb
+++ /dev/null
@@ -1,115 +0,0 @@
-KATELLO_SERVER=<%= scope['certs::katello::hostname'] %>
-KATELLO_SERVER_CA_CERT=<%= scope['certs::server_ca_name'] %>.pem
-KATELLO_DEFAULT_CA_CERT=<%= scope['certs::default_ca_name'] %>.pem
-KATELLO_CERT_DIR=<%= scope['certs::katello::rhsm_ca_dir'] %>
-PORT=<%= scope['certs::katello::rhsm_port'] %>
-
-PREFIX=<%= scope['certs::katello::deployment_url'] %>
-CFG=/etc/rhsm/rhsm.conf
-CFG_BACKUP=$CFG.kat-backup
-CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors
-
-is_debian()
-{
-  if [ -r "/etc/os-release" ]
-  then
-    ID="$(sed -n -e "s/^ID\s*=\s*\(.*\)/\1/p" /etc/os-release)"
-    ID_LIKE="$(sed -n -e "s/^ID_LIKE\s*=\s*\(.*\)/\1/p" /etc/os-release)"
-
-    if [ "$ID" = "debian" ] ||       # Debian
-       [ "$ID_LIKE" = "debian" ] ||  # e.g Ubuntu
-       [ "$ID_LIKE" = "ubuntu" ]     # e.g. Linux Mint
-    then
-      return 0
-    fi
-  fi
-  return 1
-}
-
-# exit on non-RHEL systems or when rhsm.conf is not found
-test -f $CFG || exit
-type -P subscription-manager >/dev/null || type -P subscription-manager-cli >/dev/null || exit
-
-# backup configuration during the first run
-test -f $CFG_BACKUP || cp $CFG $CFG_BACKUP
-
-# create the cert
-echo "$KATELLO_SERVER_CA_DATA" > $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT
-chmod 644 $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT
-
-echo "$KATELLO_DEFAULT_CA_DATA" > $KATELLO_CERT_DIR/$KATELLO_DEFAULT_CA_CERT
-chmod 644 $KATELLO_CERT_DIR/$KATELLO_DEFAULT_CA_CERT
-
-if is_debian
-then
-  # Debian setup
-  BASEURL=https://$KATELLO_SERVER/pulp/deb
-
-  subscription-manager config \
-    --server.hostname="$KATELLO_SERVER" \
-    --server.prefix="$PREFIX" \
-    --server.port="$PORT" \
-    --rhsm.repo_ca_cert="%(ca_cert_dir)s$KATELLO_SERVER_CA_CERT" \
-    --rhsm.baseurl="$BASEURL"
-else
-  # rhel setup
-  BASEURL=https://$KATELLO_SERVER/pulp/repos
-
-  # Get version of RHSM
-  RHSM_V="$((rpm -q --queryformat='%{VERSION}' subscription-manager 2> /dev/null || echo 0.0.0) | tail -n1 | tr . ' ')"
-  declare -a RHSM_VERSION=($RHSM_V)
-
-  # configure rhsm
-  # the config command was introduced in rhsm 0.96.6
-  # fallback left for older versions
-  if test ${RHSM_VERSION[0]:-0} -gt 0 -o ${RHSM_VERSION[1]:-0} -gt 96 -o \( ${RHSM_VERSION[1]:-0} -eq 96 -a ${RHSM_VERSION[2]:-0} -gt 6 \); then
-    subscription-manager config \
-      --server.hostname="$KATELLO_SERVER" \
-      --server.prefix="$PREFIX" \
-      --server.port="$PORT" \
-      --rhsm.repo_ca_cert="%(ca_cert_dir)s$KATELLO_SERVER_CA_CERT" \
-      --rhsm.baseurl="$BASEURL"
-
-    # Older versions of subscription manager may not recognize
-    # report_package_profile and package_profile_on_trans options.
-    # So set them separately and redirect out & error to /dev/null
-    # to fail silently.
-    subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
-    subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true
-  else
-    sed -i "s/^hostname\s*=.*/hostname = $KATELLO_SERVER/g" $CFG
-    sed -i "s/^port\s*=.*/port = $PORT/g" $CFG
-    sed -i "s|^prefix\s*=.*|prefix = $PREFIX|g" $CFG
-    sed -i "s|^repo_ca_cert\s*=.*|repo_ca_cert = %(ca_cert_dir)s$KATELLO_SERVER_CA_CERT|g" $CFG
-    sed -i "s|^baseurl\s*=.*|baseurl=$BASEURL|g" $CFG
-  fi
-
-  if grep --quiet full_refresh_on_yum $CFG; then
-    sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $CFG
-  else
-    full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
-    sed -i "/baseurl/a $full_refresh_config" $CFG
-  fi
-fi
-
-# also add the katello ca cert to the system wide ca cert store
-if [ -d $CA_TRUST_ANCHORS ]; then
-  update-ca-trust enable
-  cp $KATELLO_CERT_DIR/$KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS
-  update-ca-trust
-fi
-
-# EL5 systems and subscription-manager versions before 1.18.1-1 don't have the network.fqdn fact.
-# For these cases, we have to update the "hostname-override" fact
-if (test -f /etc/redhat-release && grep -q -i "Red Hat Enterprise Linux Server release 5" /etc/redhat-release) || \
-   (test -f /etc/centos-release && grep -q -i "CentOS Linux release 5" /etc/centos-release) || \
-   test ${RHSM_VERSION[0]:-0} -lt 1 -o ${RHSM_VERSION[1]:-0} -lt 18 -o \( ${RHSM_VERSION[1]:-0} -eq 18 -a ${RHSM_VERSION[2]:-0} -lt 2 \); then
-  FQDN="$(hostname -f 2>/dev/null || echo localhost)"
-  if [ "$FQDN" != "localhost" ] && [ -d /etc/rhsm/facts/ ]; then
-    echo "{\"network.hostname-override\":\"$FQDN\"}" > /etc/rhsm/facts/katello.facts
-  fi
-fi
-
-exit 0
-
-# vim:sw=2:ts=2:et: