Add paygo images support (#1754)

.github/workflows/ci-validation.yml

@@ -13,10 +13,15 @@ jobs:
     - uses: actions/checkout@v4
       with:
         fetch-depth: 1
-    - uses: awalsh128/cache-apt-pkgs-action@latest
-      with:
-        packages: salt-common
-        version: 1.0
+#    - uses: awalsh128/cache-apt-pkgs-action@latest
+#      with:
+#        packages: salt-common
+#        version: 1.0
+#        execute_install_scripts: true
+    - name: Install Salt using bootstrap
+      run: |
+        curl -fsSL https://github.com/saltstack/salt-bootstrap/releases/latest/download/bootstrap-salt.sh -o install_salt.sh
+        sudo sh install_salt.sh -P -x python3
     - name: Validate server states
       if: always()
       run: bash .github/workflows/ci-validation/salt-server-validation

.github/workflows/ci-validation/salt-server-containerized-validation

@@ -49,6 +49,7 @@ publish_private_ssl_key: true
 testsuite: true
 container_repository: containers.example.com
 container_runtime: podman
+provision: true
 EOF
 
 cat > testconfig/minion <<EOF

backend_modules/aws/base/ami.tf

@@ -124,6 +124,48 @@ data "aws_ami" "sles15sp5-paygo" {
   }
 }
 
+data "aws_ami" "sles15sp6-paygo" {
+  most_recent = true
+  name_regex  = "^suse-sles-15-sp6-v[0-9]*-hvm"
+  owners      = ["013907871322"] // aws-marketplace
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+}
+
+data "aws_ami" "sles15sp6o" {
+  most_recent = true
+  name_regex  = "^suse-sles-15-sp6-byos-v"
+  owners      = ["679593333241"]
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+}
+
 data "aws_ami" "suma-server-43-byos" {
   most_recent = true
   name_regex  = "^suse-manager-server-4-3-byos-v"
@@ -189,6 +231,59 @@ data "aws_ami" "suma-server-43-ltd-paygo" {
   }
 }
 
+// EMEA offer
+data "aws_ami" "suma-server-50-x86_64-ltd-paygo" {
+  most_recent = true
+  name_regex  = "^SUSE-Manager-Server-5\\.0.*"
+  owners      = ["679593333241"]
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "product-code"
+    values = ["8ysfelcfs2dkok3fba4s5uqo4"]
+  }
+}
+
+// EMEA offer
+data "aws_ami" "suma-server-50-arm64-ltd-paygo" {
+  most_recent = true
+  name_regex  = "^SUSE-Manager-Server-5\\.0.*"
+  owners      = ["679593333241"]
+
+  filter {
+    name   = "architecture"
+    values = ["arm64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+
+  filter {
+    name   = "product-code"
+    values = ["umnofojstehgl6jnp9nspg7g"]
+  }
+}
 
 data "aws_ami" "suma-proxy-43-byos" {
   most_recent = true
@@ -211,6 +306,27 @@ data "aws_ami" "suma-proxy-43-byos" {
   }
 }
 
+data "aws_ami" "suma-proxy-50-byos" {
+  most_recent = true
+  name_regex  = "^suse-manager-proxy-5-0-byos-v"
+  owners      = ["679593333241"]
+
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name   = "root-device-type"
+    values = ["ebs"]
+  }
+}
+
 data "aws_ami" "sles12sp5" {
   most_recent = true
   name_regex  = "^suse-sles-12-sp5-byos-v"

backend_modules/aws/base/iam_instance_profile.tf

@@ -7,7 +7,7 @@ resource "aws_iam_instance_profile" "metering_full_access_instance_profile" {
 
 resource "aws_iam_role" "metering_full_access_role" {
   count  = var.is_server_paygo_instance ? 1 : 0
-  name   = "${var.name_prefix}-metering-full-access-role"
+  name   = "${var.name_prefix}metering-role"
 
   assume_role_policy = jsonencode({
     Version = "2012-10-17",

backend_modules/aws/base/main.tf

@@ -68,25 +68,30 @@ locals {
     key_file = local.key_file
     iam_instance_profile = length(aws_iam_instance_profile.metering_full_access_instance_profile) > 0 ? aws_iam_instance_profile.metering_full_access_instance_profile[0].name : null
     ami_info = {
-      opensuse155o         = { ami = data.aws_ami.opensuse155o.image_id },
-      opensuse156o         = { ami = data.aws_ami.opensuse156o.image_id },
-      sles15sp3o           = { ami = data.aws_ami.sles15sp3o.image_id },
-      sles15sp4o           = { ami = data.aws_ami.sles15sp4o.image_id },
-      sles15sp5o           = { ami = data.aws_ami.sles15sp5o.image_id },
-      sles15sp5-paygo      = { ami = data.aws_ami.sles15sp5-paygo.image_id },
-      slesforsap15sp5-paygo= { ami = data.aws_ami.slesforsap15sp5-paygo.image_id },
-      suma-server-43-byos  = { ami = data.aws_ami.suma-server-43-byos.image_id },
-      suma-server-43-ltd-paygo = { ami = data.aws_ami.suma-server-43-ltd-paygo.image_id },
-      suma-server-43-llc-paygo = { ami = data.aws_ami.suma-server-43-llc-paygo.image_id },
-      suma-proxy-43-byos   = { ami = data.aws_ami.suma-proxy-43-byos.image_id },
-      sles12sp5            = { ami = data.aws_ami.sles12sp5.image_id },
-      sles12sp5-paygo      = { ami = data.aws_ami.sles12sp5-paygo.image_id },
-      rocky8               = { ami = data.aws_ami.rocky8.image_id, ssh_user = "rocky" },
-      debian11             = { ami = data.aws_ami.debian11.image_id, ssh_user= "admin" },
-      ubuntu2204           = { ami = data.aws_ami.ubuntu2204.image_id, ssh_user = "ubuntu" },
-      ubuntu2004           = { ami = data.aws_ami.ubuntu2004.image_id, ssh_user = "ubuntu" },
-      rhel8                = { ami = data.aws_ami.rhel8.image_id},
-      rhel9                = { ami = data.aws_ami.rhel9.image_id},
+      opensuse155o                    = { ami = data.aws_ami.opensuse155o.image_id },
+      opensuse156o                    = { ami = data.aws_ami.opensuse156o.image_id },
+      sles15sp3o                      = { ami = data.aws_ami.sles15sp3o.image_id },
+      sles15sp4o                      = { ami = data.aws_ami.sles15sp4o.image_id },
+      sles15sp5o                      = { ami = data.aws_ami.sles15sp5o.image_id },
+      sles15sp6o                      = { ami = data.aws_ami.sles15sp6o.image_id },
+      sles15sp5-paygo                 = { ami = data.aws_ami.sles15sp5-paygo.image_id },
+      sles15sp6-paygo                 = { ami = data.aws_ami.sles15sp6-paygo.image_id },
+      slesforsap15sp5-paygo           = { ami = data.aws_ami.slesforsap15sp5-paygo.image_id },
+      suma-server-43-byos             = { ami = data.aws_ami.suma-server-43-byos.image_id },
+      suma-server-43-ltd-paygo        = { ami = data.aws_ami.suma-server-43-ltd-paygo.image_id },
+      suma-server-43-llc-paygo        = { ami = data.aws_ami.suma-server-43-llc-paygo.image_id },
+      suma-server-50-x86_64-ltd-paygo = { ami = data.aws_ami.suma-server-50-x86_64-ltd-paygo.image_id },
+      suma-server-50-arm64-ltd-paygo  = { ami = data.aws_ami.suma-server-50-arm64-ltd-paygo.image_id },
+      suma-proxy-43-byos              = { ami = data.aws_ami.suma-proxy-43-byos.image_id },
+      suma-proxy-50-byos              = { ami = data.aws_ami.suma-proxy-50-byos.image_id },
+      sles12sp5                       = { ami = data.aws_ami.sles12sp5.image_id },
+      sles12sp5-paygo                 = { ami = data.aws_ami.sles12sp5-paygo.image_id },
+      rocky8                          = { ami = data.aws_ami.rocky8.image_id, ssh_user = "rocky" },
+      debian11                        = { ami = data.aws_ami.debian11.image_id, ssh_user= "admin" },
+      ubuntu2204                      = { ami = data.aws_ami.ubuntu2204.image_id, ssh_user = "ubuntu" },
+      ubuntu2004                      = { ami = data.aws_ami.ubuntu2004.image_id, ssh_user = "ubuntu" },
+      rhel8                           = { ami = data.aws_ami.rhel8.image_id},
+      rhel9                           = { ami = data.aws_ami.rhel9.image_id},
     }
     },
     module.network.configuration,

backend_modules/aws/host/main.tf

@@ -1,5 +1,9 @@
 locals {
-  ami = lookup(lookup(var.base_configuration["ami_info"], var.image, {}), "ami", var.image)
+  ami = lookup(
+    lookup(var.base_configuration["ami_info"], var.image, { "ami" = var.image }),
+    "ami",
+    var.image
+  )
 
   provider_settings = merge({
     key_name        = var.base_configuration["key_name"]

backend_modules/aws/network/main.tf

@@ -271,7 +271,7 @@ resource "aws_security_group" "public" {
     from_port   = 22
     to_port     = 22
     protocol    = "tcp"
-    cidr_blocks = formatlist("%s/32", var.ssh_allowed_ips)
+    cidr_blocks = var.ssh_allowed_ips
   }
 
   ingress {

modules/proxy_containerized/main.tf

@@ -23,7 +23,7 @@ module "proxy_containerized" {
   base_configuration            = var.base_configuration
   image                         = var.image == "default" || local.product_version == "head" ? var.images[local.product_version] : var.image
   name                          = var.name
-  use_os_released_updates       = true
+  use_os_released_updates       = var.use_os_released_updates
   install_salt_bundle           = var.install_salt_bundle
   ssh_key_path                  = var.ssh_key_path
   additional_repos              = var.additional_repos
@@ -33,6 +33,7 @@ module "proxy_containerized" {
   additional_disk_size          = var.repository_disk_size
   second_additional_disk_size   = var.database_disk_size
   volume_provider_settings      = var.volume_provider_settings
+  provision                     = var.provision
 
   grains = {
     server                    = var.server_configuration["hostname"]
@@ -48,6 +49,7 @@ module "proxy_containerized" {
     main_disk_size            = var.main_disk_size
     repository_disk_size      = var.repository_disk_size
     database_disk_size        = var.database_disk_size
+    proxy_registration_code   = var.proxy_registration_code
   }
 }
 

modules/proxy_containerized/variables.tf

@@ -134,3 +134,19 @@ variable "additional_grains" {
   description = "custom grain string to be added to this minion's configuration"
   default     = {}
 }
+
+variable "use_os_released_updates" {
+  description = "Apply all updates from SUSE Linux Enterprise repos"
+  default     = true
+}
+
+variable "provision" {
+  description = "Indicates whether servers should be provisioned or not"
+  type        = bool
+  default     = true
+}
+
+variable "proxy_registration_code" {
+  description = "SUMA SCC registration code to enable the SLES and SUMA repositories for proxy"
+  default     = null
+}

modules/server/main.tf

@@ -46,6 +46,7 @@ module "server" {
   second_additional_disk_size   = var.database_disk_size
   volume_provider_settings      = var.volume_provider_settings
   product_version               = var.product_version
+  provision                     = var.provision
 
   grains = {
     cc_username            = var.base_configuration["cc_username"]

modules/server/variables.tf

@@ -338,3 +338,9 @@ variable "quantity" {
   description = "number of hosts like this one"
   default     = 1
 }
+
+variable "provision" {
+  description = "Indicates whether servers should be provisioned or not"
+  type        = bool
+  default     = true
+}

salt/scc/proxy.sls

@@ -1,6 +1,6 @@
-{% if 'proxy' in grains.get('roles') and not 'proxy_containerized' in grains.get('roles') and grains.get('proxy_registration_code') %}
+{% if 'proxy' in grains.get('roles') and grains.get('proxy_registration_code') %}
 
-{% if '4.3' in grains['product_version'] %}
+{% if '4.3' in grains['product_version'] and not 'proxy_containerized' in grains.get('roles') %}
 register_suse_manager_proxy_with_scc:
    cmd.run:
      - name: SUSEConnect --url https://scc.suse.com -r {{ grains.get("proxy_registration_code") }} -p SUSE-Manager-Proxy/4.3/x86_64