From ca8a05bd3ad630c768d938fdbeae81c84b0d772f Mon Sep 17 00:00:00 2001
From: Sanne Raymaekers <sanne.raymaekers@gmail.com>
Date: Thu, 2 Mar 2023 13:06:23 +0100
Subject: [PATCH] templates/packer: subscribe packer machines

To avoid a mismatch between the RPMs (which are build using CDN content)
and the packer instances (RHUI, which might be older).
---
 .../ansible/roles/common/tasks/main.yml       |  6 +++++
 .../ansible/roles/common/tasks/subscribe.yml  | 26 +++++++++++++++++++
 .../roles/common/tasks/unsubscribe.yml        |  7 +++++
 templates/packer/variables.pkr.hcl            | 12 +++++++++
 templates/packer/worker.pkr.hcl               |  2 ++
 tools/appsre-build-worker-packer.sh           |  4 ++-
 6 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 templates/packer/ansible/roles/common/tasks/subscribe.yml
 create mode 100644 templates/packer/ansible/roles/common/tasks/unsubscribe.yml

diff --git a/templates/packer/ansible/roles/common/tasks/main.yml b/templates/packer/ansible/roles/common/tasks/main.yml
index 70857839d..9f1fccb1d 100644
--- a/templates/packer/ansible/roles/common/tasks/main.yml
+++ b/templates/packer/ansible/roles/common/tasks/main.yml
@@ -1,5 +1,8 @@
 ---
 
+# Subscribe
+- include_tasks: subscribe.yml
+
 # Install various software packages.
 - include_tasks: packages.yml
 
@@ -9,5 +12,8 @@
 # Configure the worker.
 - include_tasks: worker-config.yml
 
+# Unsubscribe
+- include_tasks: unsubscribe.yml
+
 - name: Ensure SELinux contexts are updated
   command: restorecon -Rv /etc
diff --git a/templates/packer/ansible/roles/common/tasks/subscribe.yml b/templates/packer/ansible/roles/common/tasks/subscribe.yml
new file mode 100644
index 000000000..04c0d0d69
--- /dev/null
+++ b/templates/packer/ansible/roles/common/tasks/subscribe.yml
@@ -0,0 +1,26 @@
+---
+# Subscribe the machine to avoid a mismatch between the RPMs (which are build using CDN content) and
+# the packer instances (RHUI, which might be older).
+- name: Subscribe
+  tags:
+    - subscribe
+  community.general.redhat_subscription:
+    activationkey: "{{ RH_ACTIVATION_KEY }}"
+    org_id: "{{ RH_ORG_ID }}"
+
+- name: Enable repo mgmt through subman
+  become: yes
+  tags:
+    - subscribe
+  shell: >-
+    subscription-manager config --rhsm.manage_repos 1
+
+- name: Enable cdn repos
+  become: yes
+  tags:
+    - subscribe
+  shell: >-
+    subscription-manager repos \
+      --enable rhel-9-for-x86_64-appstream-rpms \
+      --enable rhel-9-for-x86_64-baseos-rpms \
+      --enable codeready-builder-for-rhel-9-x86_64-rpms
diff --git a/templates/packer/ansible/roles/common/tasks/unsubscribe.yml b/templates/packer/ansible/roles/common/tasks/unsubscribe.yml
new file mode 100644
index 000000000..90c2a3792
--- /dev/null
+++ b/templates/packer/ansible/roles/common/tasks/unsubscribe.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Unsubscribe
+  tags:
+    - subscribe
+  community.general.redhat_subscription:
+    state: absent
diff --git a/templates/packer/variables.pkr.hcl b/templates/packer/variables.pkr.hcl
index 034c55675..a69c402bf 100644
--- a/templates/packer/variables.pkr.hcl
+++ b/templates/packer/variables.pkr.hcl
@@ -37,3 +37,15 @@ variable "ansible_skip_tags" {
   type = string
   default = ""
 }
+
+# Subscription variables
+
+variable "rh_org_id" {
+  type = string
+  default = ""
+}
+
+variable "rh_activation_key" {
+  type = string
+  default = ""
+}
diff --git a/templates/packer/worker.pkr.hcl b/templates/packer/worker.pkr.hcl
index 5f3c4e61d..80df3ff58 100644
--- a/templates/packer/worker.pkr.hcl
+++ b/templates/packer/worker.pkr.hcl
@@ -172,6 +172,8 @@ EOF
     user = build.User
     extra_arguments = [
       "-e", "COMPOSER_COMMIT=${var.composer_commit}",
+      "-e", "RH_ACTIVATION_KEY=${var.rh_activation_key}",
+      "-e", "RH_ORG_ID=${var.rh_org_id}",
       "--skip-tags", "${var.ansible_skip_tags}",
     ]
     inventory_directory = "${path.root}/ansible/inventory/${source.name}"
diff --git a/tools/appsre-build-worker-packer.sh b/tools/appsre-build-worker-packer.sh
index ec4367bfb..90ef3e666 100755
--- a/tools/appsre-build-worker-packer.sh
+++ b/tools/appsre-build-worker-packer.sh
@@ -57,7 +57,7 @@ function cleanup {
 trap cleanup EXIT
 
 # Use prebuilt rpms on CI
-SKIP_TAGS="rpmcopy"
+SKIP_TAGS="rpmcopy,subscribe"
 if [ "$ON_JENKINS" = true ]; then
     # Build RPMs when running on AppSRE's infra
     BUILD_RPMS=true
@@ -143,5 +143,7 @@ $CONTAINER_RUNTIME run --rm \
                    -e PKR_VAR_composer_commit="$COMMIT_SHA" \
                    -e PKR_VAR_ansible_skip_tags="$SKIP_TAGS" \
                    -e PKR_VAR_skip_create_ami="$SKIP_CREATE_AMI" \
+                   -e PKR_VAR_rh_activation_key="$RH_ACTIVATION_KEY" \
+                   -e PKR_VAR_rh_org_id="$RH_ORG_ID" \
                    -e PYTHONUNBUFFERED=1 \
                    "packer:$COMMIT_SHA" /osbuild-composer/tools/appsre-worker-packer-container.sh