Tag Archives: satellite

Fix foreman reports in Satellite 6.0

Leave a reply

Foreman reports in Satellite 6.0 doesn’t work out of the box, first we need to setup our SMTP settings.

Error that we face without SMTP configured:

[email protected]:/var/log/foreman# /usr/sbin/foreman-rake reports:summarize
rake aborted!
getaddrinfo: Name or service not known

Tasks: TOP => reports:summarize
(See full trace by running task with --trace)

We just need to configure our settings in /etc/foreman/email.yaml like:

[email protected]:/var/log/foreman# cat /etc/foreman/email.yaml
# Outgoing email settings
production:
  delivery_method: :smtp
  smtp_settings:
    address: smtp.example.com
    port: 25
    domain: example.com
    authentication: :none

And if we run our reports once again we’ll get our email

Upgrading from a new host through Satellite 6.0 returns 403 Forbidden error

Leave a reply

By default installation of Satellite 6.0 doesn’t update python-rhsm, if we don’t update we’ll hit this bug during a yum update:

* https://bugzilla.redhat.com/show_bug.cgi?id=1112833

Example:

https://rhs6/pulp/repos/fite_labs/DEV/rhel-6-server-x86_64-cv/content/dist/rhel/server/6/6Server/x86_64/os/repodata/repomd.xml: [Errno 14] PYCURL ERROR 22 - "The requested URL returned error: 403 Forbidden"
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-server-rpms. Please verify its path and try again

Easiest solution is to upgrade python-rhsm package and reboot the server (or restart katello service).

[email protected]:~# yum upgrade
Loaded plugins: product-id, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package python-rhsm.x86_64 0:1.10.12-2.el7 will be updated
---> Package python-rhsm.x86_64 0:1.12.5-1.el7 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================
 Package                                  Arch                                Version                                      Repository                                  Size
============================================================================================================================================================================
Updating:
 python-rhsm                              x86_64                              1.12.5-1.el7                                 katello-local                              112 k

Transaction Summary
============================================================================================================================================================================
Upgrade  1 Package

Total download size: 112 k
Is this ok [y/d/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : python-rhsm-1.12.5-1.el7.x86_64                                                                                                                          1/2 
  Cleanup    : python-rhsm-1.10.12-2.el7.x86_64                                                                                                                         2/2 
  Verifying  : python-rhsm-1.12.5-1.el7.x86_64                                                                                                                          1/2 
  Verifying  : python-rhsm-1.10.12-2.el7.x86_64                                                                                                                         2/2 

Updated:
  python-rhsm.x86_64 0:1.12.5-1.el7                                                                                                                                         
Complete!
[email protected]:~# reboot

And try again to update from a new host and that it would work! Magic!

First steps with Hammer and Red Hat Satellite 6.0

Leave a reply

Instead of using the web interface Red Hat Satellite 6.0 offers a neat CLI utility called hammer.

In order to use it, first of all we set our default config:

# mkdir ~/.hammer
# chmod 600 ~/.hammer
# cat  ~/.hammer/cli_config.yml
   :foreman:
       :host: 'https://xxx'
       :username: 'admin'
       :password: 'xxx'

And then we’re ready to hammer!

Create a new organization and user admin into it:

# hammer organization create --name=fite.cat.lab --label=fite.cat.lab
# hammer organization add-user --user=admin --name=fite.cat.lab

And a new location:

# hammer location create --name=Catalonia
# hammer location add-user --name=Catalonia --user=admin
# hammer location add-organization --name=Catalonia --organization=fite.cat.lab

Create a domain:

# hammer domain create --name='fite.cat.lab'

Create a subnet:

# hammer subnet create --domain-ids=1 --gateway='10.1.1.1' --mask='255.255.255.0' --name='10.1.1.0/24'  --tftp-id=1 --network='10.1.1.0' --dns-primary='10.1.1.1'

Associate domain/subnet to our organization/location through the web portal:

# hammer organization add-subnet --subnet-id=1 --name='fite.cat.lab'
# hammer organization add-domain --domain-id=1 --name='fite.cat.lab'

Upload our manifest.zip (created in RH Portal) to our org and list our products:

# hammer subscription upload --file manifest.zip  --organization=fite.cat.lab
# hammer product list --organization fite.cat.lab
   ---|---------------------------------|-------------|--------------|--------------|-----------
   ID | NAME                            | DESCRIPTION | ORGANIZATION | REPOSITORIES | SYNC STATE
   ---|---------------------------------|-------------|--------------|--------------|-----------
   8  | Oracle Java for RHEL Server     |             | fite.cat.lab | 0            | not_synced
   9  | Red Hat Enterprise Linux Server |             | fite.cat.lab | 0            | not_synced
   7  | Red Hat Beta                    |             | fite.cat.lab | 0            | not_synced
   ---|---------------------------------|-------------|--------------|--------------|-----------

List all repositories included in a previous imported product:

# hammer repository-set list --organization=fite.cat.lab --product 'Red Hat Enterprise Linux Server'
   -----|-----------|------------------------------------------------------------------------------------------
   ID   | TYPE      | NAME                                                                                     
   -----|-----------|------------------------------------------------------------------------------------------
   861  | file      | Red Hat Enterprise Linux 5 Server Beta (Source ISOs)                                     
   3535 | yum       | Red Hat Enterprise Linux 5 Server Beta - Optional Productivity Applications (Debug RPMs) 
   ...

Enable repositories that we need, in my case all RHEL7 related ones:

# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server (RPMs)'
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server - Fastrack (RPMs)'
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server - Optional (RPMs)'  
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server - Extras (RPMs)'
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server - RH Common (RPMs)'
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server - Optional Fastrack (RPMs)'
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server - Supplementary (RPMs)'
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'RHN Tools for Red Hat Enterprise Linux 7 Server (RPMs)'
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server (ISOs)'
# hammer repository-set enable --organization fite.cat.lab --product 'Red Hat Enterprise Linux Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server (Kickstart)'
# hammer repository-set enable --organization fite.cat.lab --product 'Oracle Java for RHEL Server' --basearch='x86_64' --releasever='7Server' --name 'Red Hat Enterprise Linux 7 Server - Oracle Java (RPMs)'

Then we create a new product for Puppet modules in forge:

# hammer product create --name='Forge' --organization=fite.cat.lab
# hammer repository create --name='Puppet Forge' --organization=fite.cat.lab --product='Forge' --content-type='puppet' --publish-via-http=true --url=https://forge.puppetlabs.com

And finally we create a new product for EPEL packages:

# hammer product create --name='EPEL' --organization=fite.cat.lab
# hammer repository create --name='EPEL 7 - x86_64' --organization=fite.cat.lab --product='EPEL' --content-type='yum' --publish-via-http=true --url=http://dl.fedoraproject.org/pub/epel/7/x86_64/

Then we can sync all repositories that we've enabled with this simple script:

# for i in $(hammer --csv repository list --organization=fite.cat.lab  | awk -F, {'print $1'} | grep -vi '^ID'); do hammer repository synchronize --id ${i} --organization=fite.cat.lab --async; done

Create 3 environments DEV->PRE->PROD:

# hammer lifecycle-environment create --name='DEV' --prior='Library' --organization=fite.cat.lab
# hammer lifecycle-environment create --name='PRE' --prior='DEV' --organization=fite.cat.lab
# hammer lifecycle-environment create --name='PRO' --prior='PRE' --organization=fite.cat.lab

Create a daily sync plan:

# hammer sync-plan create --interval=daily --name='Daily sync' --organization=fite.cat.lab
# hammer sync-plan list --organization=fite.cat.lab

And associate this plan to our products, it must be done by sync-plan-id, not name otherwise hammer doesn't work:

# hammer product set-sync-plan --sync-plan-id=4 --organization=fite.cat.lab --name='Oracle Java for RHEL Server'
# hammer product set-sync-plan --sync-plan-id=4 --organization=fite.cat.lab --name='Red Hat Enterprise Linux Server'
# hammer product set-sync-plan --sync-plan-id=4 --organization=fite.cat.lab --name='Forge'
# hammer product set-sync-plan --sync-plan-id=4 --organization=fite.cat.lab --name='EPEL'

Create a content view for RHEL 7 server x86_64:

# hammer content-view create --name='rhel-7-server-x86_64-cv' --organization=fite.cat.lab
# for i in $(hammer --csv repository list --organization=fite.cat.lab | awk -F, {'print $1'} | grep -vi '^ID'); do hammer content-view add-repository --name='rhel-7-server-x86_64-cv' --organization=fite.cat.lab --repository-id=${i}; done

Publish this content view to Library:

# hammer content-view publish --name="rhel-7-server-x86_64-cv" --organization=fite.cat.lab --async

Promote this content view to DEV,PRE,PRO (we need to use the IDs or hammer doesn't like it, so let's get them):

# hammer content-view list --organization=fite.cat.lab 
   ----------------|---------------------------|---------------------------|-----------|---------------------------------------
   CONTENT VIEW ID | NAME                      | LABEL                     | COMPOSITE | REPOSITORY IDS                        
   ----------------|---------------------------|---------------------------|-----------|---------------------------------------
   3               | rhel-7-server-x86_64-cv   | rhel-7-server-x86_64-cv   |           | 33, 25, 31, 27, 24, 34, 26, 23, 28, 29
  ...
# hammer lifecycle-environment list --organization=fite.cat.lab
   ---|---------|--------
   ID | NAME    | PRIOR  
   ---|---------|--------
   2  | Library |        
   5  | PRO     | PRE    
   4  | PRE     | DEV    
   3  | DEV     | Library
   ---|---------|--------

# hammer content-view version promote --organization=fite.cat.lab --lifecycle-environment=3 --id=3 --async
# hammer content-view version promote --organization=fite.cat.lab --lifecycle-environment=4 --id=3 --async
# hammer content-view version promote --organization=fite.cat.lab --lifecycle-environment=5 --id=3 --async

Create a host collection for RHEL7:

# hammer host-collection create --name='RHEL 7 x86_64' --organization=fite.cat.lab

Create an activation key for our environments:

# hammer activation-key create --name='rhel-7-server-x86_64-ak-dev' --organization=fite.cat.lab --content-view='rhel-7-server-x86_64-cv' --lifecycle-environment='DEV'
# hammer activation-key create --name='rhel-7-server-x86_64-ak-pre' --organization=fite.cat.lab --content-view='rhel-7-server-x86_64-cv' --lifecycle-environment='PRE'
# hammer activation-key create --name='rhel-7-server-x86_64-ak-pro' --organization=fite.cat.lab --content-view='rhel-7-server-x86_64-cv' --lifecycle-environment='PRO'

Associate each activation key to our host collection:

# hammer activation-key add-host-collection --name='rhel-7-server-x86_64-ak-dev' --host-collection='RHEL 7 x86_64' --organization=fite.cat.lab
# hammer activation-key add-host-collection --name='rhel-7-server-x86_64-ak-pre' --host-collection='RHEL 7 x86_64' --organization=fite.cat.lab
# hammer activation-key add-host-collection --name='rhel-7-server-x86_64-ak-pro' --host-collection='RHEL 7 x86_64' --organization=fite.cat.lab

And we add all subscriptions that we have available to our keys:

   # for i in $(hammer --csv activation-key list --organization=fite.cat.lab | awk -F, {'print $1'} | grep -vi '^ID'); do for j in $(hammer --csv subscription list --organization=fite.cat.lab  | awk -F, {'print $8'} | grep -vi '^ID'); do hammer   activation-key add-subscription --id ${i} --subscription-id ${j}; done; done

Associate a partition table to OS:

# PARTID=$(hammer --csv partition-table list | grep 'Kickstart default' | awk -F, {'print $1'})
# for i in $(hammer --csv os list | awk -F, {'print $1'} | grep -vi '^ID')
  do
    hammer partition-table add-operatingsystem --id="${PARTID}" --operatingsystem-id="${i}"  
  done

Associate kickstart PXE template to OS:

# PXEID=$(hammer --csv template list | grep 'Kickstart default PXELinux' | awk -F, {'print $1'})
# SATID=$(hammer --csv template list | grep 'Satellite Kickstart Default' | awk -F, {'print $1'})
# for i in $(hammer --csv os list | awk -F, {'print $1'} | grep -vi '^ID')
  do
    hammer template add-operatingsystem --id="${PXEID}" --operatingsystem-id="${i}"
    hammer os set-default-template --id="${i}" --config-template-id="${PXEID}"
    hammer os add-config-template --id="${i}" --config-template-id="${SATID}"
    hammer os set-default-template --id="${i}" --config-template-id="${SATID}"
   done

And we create a RHEL7 hostgroup:

# MEDID=$(hammer --csv medium list | grep 'Red_Hat_7_Server_Kickstart_x86_64_7Server' | awk -F, {'print $1'})
# ENVID=$(hammer --csv environment list | grep rhel_7_server_x86_64  | grep -i dev | grep -v epel | awk -F, {'print $1'})
# PARTID=$(hammer --csv partition-table list | grep 'Kickstart default' | awk -F, {'print $1'})
# OSID=$(hammer --csv os list | grep 'RedHat 7.0' | awk -F, {'print $1'})
# CAID=1
# PROXYID=1
# hammer hostgroup create --architecture="x86_64" --domain="${DOM}" --environment-id="${ENVID}" --medium-id="${MEDID}" --name="${HGRHEL6DEV}" --subnet="${NETNAME}" --ptable-id="${PARTID}" --operatingsystem-id="${OSID}" --puppet-ca-proxy-id="${CAID}" --puppet-proxy-id="${PROXYID}"

And finally creating a new host via PXE should work...or not 🙂

Later on I'll try to post a complete script via GitHub as copy/pasting this is a nightmare, stay tuned!

Using pulp client in Satellite 6.0 from command line

Leave a reply

In order to use pulp client we need to install it and configure it:

# yum install -y pulp-admin-client
# mkdir ~/.pulp/
# vi ~/.pulp/admin.conf
[server]
verify_ssl = false
host = <FQDN Satellite 6 server>

Then we need our pulp admin password:

# grep -i ^default_password /etc/pulp/server.conf 
default_password: <string>

And that’s it, we’re ready to use pulp client using admin user:

# pulp-admin login -u admin
Enter password: 
Successfully logged in. Session certificate will expire at Oct  2 22:53:05 2014 GMT.

Some example listing all our tasks:

# pulp-admin  tasks list
+----------------------------------------------------------------------+
                                 Tasks
+----------------------------------------------------------------------+

Operations:  publish
Resources:   test_labs-EPEL-EPEL_7_-_x86_64 (repository)
State:       Successful
Start Time:  2014-09-25T21:15:21Z
Finish Time: 2014-09-25T21:15:21Z
Task Id:     c281fcac-61f5-4679-835e-72ded469c26c
...

Solve “unable to find provision template for” in Satellite 6.0

Leave a reply

One of the tricky parts of Satellite 6.0 is that there’s not so much information about it yet.

Last day I was facing this issue:

# tail /var/log/foreman/production.log
Processing by UnattendedController#provision as */*
  Parameters: {"token"=>"2cef5164-592e-4a2b-b476-b5b48dc519e9"}
Found pxe.fite.cat.lab
Remove puppet certificate for pxe.fite.cat.lab
Adding autosign entry for pxe.fite.cat.lab
unable to find provision template for [pxe.fite.cat.lab] running [RedHat 6.5]
  Rendered text template (0.0ms)
Completed 404 Not Found in 1440ms (Views: 0.5ms | ActiveRecord: 4.2ms)

And once I was deploying a new server via PXE I could see a 404 request in Apache:

# tail /var/log/httpd/foreman_access.log 
10.1.1.110 - - [24/Sep/2014:21:40:53 +0000] "GET /unattended/provision?token=2cef5164-592e-4a2b-b476-b5b48dc519e9 HTTP/1.1" 404 77 "-" "anaconda/13.21.215"

And from server side I could only see that PXE was fine as it was booting but dracut was just timing out due to this 404.

So after some debugging I’ve noticed that I didn’t have any provision template for my OS, but Satellite 6.0 wasn’t complaining about it, so here’s a snippet that could help you out setting PXE/Provision template to a OS:

PXEID=$(hammer --csv template list | grep 'Kickstart default PXELinux' | awk -F, {'print $1'})
SATID=$(hammer --csv template list | grep 'Satellite Kickstart Default' | awk -F, {'print $1'})
for i in $(hammer --csv os list | awk -F, {'print $1'} | grep -vi '^ID')
do
    hammer template add-operatingsystem --id="${PXEID}" --operatingsystem-id="${i}"
    hammer os set-default-template --id="${i}" --config-template-id="${PXEID}"
    hammer os add-config-template --id="${i}" --config-template-id="${SATID}"
    hammer os set-default-template --id="${i}" --config-template-id="${SATID}"
done

Enable tftp smart proxy on Red Hat Satellite Capsule Server 6.0

Leave a reply

Adding TFTP Smart Proxy:

  # katello-installer --capsule-tftp=true
  # systemctl restart foreman
  # systemctl restart foreman-proxy

Enable UDP port for TFTP:

  # firewall-cmd --permanent --zone=public --add-service=tftp
  # systemct restart firewalld

Refreshing features from our Capsule Server:

  # for i in $(hammer --csv capsule list | awk -F, {'print $1'} | grep -v ^Id); do hammer proxy refresh-features --id=${i}; done

Now if we want to deploy a server via PXE we need to configure a few more options like domain, subnet, etc.

Let’s see it another day.

How to install Red Hat Satellite 6.0 with RHEL7 in disconnected mode

Leave a reply

In order to install RHS6, first of all we mount our satellite iso:

  # mkdir /root/rhs6
  # mount -o loop satellite-6.0.4-rhel-7-x86_64-dvd.iso /root/rhs6

And as we’re in a disconnected mode, we don’t have access to Red Hat Software Collections and RHS6 depends on ruby193. As the installer doesn’t do it automatically, we create a local repo for it.
It would be nice to report it to RH but I’m lazy 🙂

   # cat /etc/yum.repos.d/rhel7rhscl.repo
   [rhel7rhscl]
   name = RHEL7 RHSCL
   baseurl = file:///root/rhs6/RHCSL/
   enabled = 1

And then we can proceed to install RHS6 and configure it:

  # cd /root/rhs6
  # ./install_packages
  # katello-installer
  * Katello is running at https://xxxx
      Initial credentials are admin / xxxxx
  * Capsule is running at https://xxxx:9090
  * To install additional capsule on separate machine continue by running:"
      capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar "~/$CAPSULE-certs.tar"
  The full log is at /var/log/katello-installer/katello-installer.log

And then we need to open some ports in order to make everything work:

  # firewall-cmd --permanent --zone=public --add-service=http
  # firewall-cmd --permanent --zone=public --add-service=https
  # firewall-cmd --permanent --zone=public --add-port=5671/tcp
  # firewall-cmd --permanent --zone=public --add-port=8080/tcp
  # firewall-cmd --permanent --zone=public --add-port=8140/tcp
  # firewall-cmd --permanent --zone=public --add-port=9090/tcp
  # firewall-cmd --permanent --zone=public --add-port=9200/tcp
  # systemctl reload firewalld

As a first step you can login to RHS through its web interface using admin as user and the autogenerated password that katello-installer provided us:

* https://xxxx

RHS6