[RFE] allow the use of encrypted passwords.

[gearboxscott]

I have had a situation where the function of migrating servers from sat5 to sat6 or even registering without migration is automated in ansible, wrapper scripts or using puppet. Would like to use encrypted password for this situation when the password is a permanent part of the ansible or wrapper script or passed to puppet via parameters or hard coded. Is this possible, knowing there will be a issue of getting a key on the server too. Maybe use the existing sat5 cert on the server to allow legacy removal and sat6 cert to register.

[evgeni]

It's complicated…

Spacewalk / Satellite 5

My memory tells me that in recent versions of Spacewalk / Satellite 5 (starting with 5.6 or something), you can actually delete the system using its own certificate. However, we (or rather rhn-migrate-classic-to-rhsm, which we use) need more than just the delete action, and that is only available with an user account, not a system account.

Katello / Satellite 6

It is actually possible to use bootstrap.py against Satellite 6 without providing credentials. You just have to use --skip foreman as this will skip all the API requests that need authentication, and just subscribe the machine. Obviously, you won't get Puppet integration etc in this case.

There are a couple of RFEs against Foreman, to implement API tokens:

• http://projects.theforeman.org/issues/1301
• http://projects.theforeman.org/issues/8852

These could be used, if implemented, but as of today it's either no credentials or no Puppet.