Further install woes (RHEL7 on AWS)

Hey, all. I’m still having install issues and in honesty It’s getting deeply frustrating.

So I scrapped the idea of running on Amazon Linux 2 because it was a giant mess. Instead I spun up a RHEL7 box using this AMI. It seems to be a fully featured Redhat 7 system.

And the install started well, following the procedures outlined here. Basic katello install plus foreman scenario.

All went pretty well till I hit “yum -y install foreman-release-scl python-django” which came up with like forty unmet dependencies. Seeing that something was clearly wrong (for eample wget was among the dependencies that yum could not meet) I checked the repos and found the ore repos for that server were disbled. I enabled them and that bit ran fine.

As expected, “yum install katello” gave me more unmet dependencies:

• Requires: rubygem(rake) >= 0.8.3
• Requires: python-blinker
• Requires: python-twisted-core
• Requires: python-twisted-web

I had to install those from rpm using the CentOS 7 versions (there are no Redhat versions that I saw). They installed fine (though I needed a few other packages like flask and itsdangerous, etc).

And the install went ahead clean. However “foreman-installer --scenario katello” threw a lot of errors. I can recreate these, but they’re not a whole lot different than the errors from the amazon linux install.

I’m starting to wonder if the rpm installs are working okay and being seen as dependencies, but are not operating as they should during the install process. Anyone have any insights? I was really hoping that the RHEL install would be clean but that doesn’t seem to be the case.

Thanks!
Joe

Howdy,

I can start off by saying that we largely test CentOS and there are differences between whats available in RHEL repositories and CentOS that you may be encountering. You may need things like extras or optional to complete successfully from the RPM side.

Could you share some of the errors you see during installer run?

Eric

I can certainly send some info, yes. Here’s a run down of my repos (in case that’s handy):

/# yum repolist
Loaded plugins: amazon-id, rhui-lb
repo id repo name status
!centos-sclo-rh/x86_64 CentOS-7 - SCLo rh 6,534
!centos-sclo-sclo/x86_64 CentOS-7 - SCLo sclo 493
!epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 12,198
!foreman/x86_64 Foreman 1.16 450
!foreman-plugins/x86_64 Foreman plugins 1.16 282
!katello/x86_64 Katello 3.5 32
!katello-candlepin/x86_64 Candlepin: an open source entitlement management system. 3
!katello-client/x86_64 Katello Client 3.5 17
!katello-pulp/x86_64 Pulp Community Releases 49
!puppetlabs-pc1/x86_64 Puppet Labs PC1 Repository el 7 - x86_64 132
!rhui-REGION-client-config-server-7/x86_64 Red Hat Update Infrastructure 2.0 Client Configuration Serve 8
!rhui-REGION-rhel-server-releases/7Server/x86_64 Red Hat Enterprise Linux Server 7 (RPMs) 17,843
!rhui-REGION-rhel-server-rh-common/7Server/x86_64 Red Hat Enterprise Linux Server 7 RH Common (RPMs) 231
repolist: 38,272

Manual Python and other installs from rpm:

python-blinker-1.3-2.el7.noarch.rpm
python-flask-0.10.1-4.el7.noarch.rpm
python-fpconst-0.7.3-12.el7.noarch.rpm
python-itsdangerous-0.23-2.el7.noarch.rpm
python-pyasn1-0.1.7-40.1.noarch.rpm
python-six-1.9.0-2.el7.noarch.rpm
python-twisted-core-12.2.0-4.el7.x86_64.rpm
python-twisted-web-12.1.0-5.el7_2.x86_64.rpm
python-werkzeug-0.9.1-2.el7.noarch.rpm
python-zope-interface-4.0.5-4.el7.x86_64.rpm
rubygem-rake-0.9.6-30.el7.noarch.rpm
SOAPpy-0.11.6-17.el7.noarch.rpm

Errors from katello.log:

[ERROR 2018-01-04 15:40:33 main] Errors encountered during run:
[ERROR 2018-01-04 15:40:33 main] Systemd start for mongod failed!
[ERROR 2018-01-04 15:40:33 main] journalctl log for mongod:
[ERROR 2018-01-04 15:40:33 main] – Logs begin at Thu 2018-01-04 15:30:44 EST, end at Thu 2018-01-04 15:34:17 EST. –
[ERROR 2018-01-04 15:40:33 main] Jan 04 15:34:17 systemd[1]: Starting High-performance, schema-free document-oriented database…
[ERROR 2018-01-04 15:40:33 main] Jan 04 15:34:17 mongod[3200]: about to fork child process, waiting until server is ready for connections.
[ERROR 2018-01-04 15:40:33 main] Jan 04 15:34:17 mongod[3200]: forked process: 3202
[ERROR 2018-01-04 15:40:33 main] Jan 04 15:34:17 mongod[3200]: ERROR: child process failed, exited with error number 100
[ERROR 2018-01-04 15:40:33 main] Jan 04 15:34:17 systemd[1]: mongod.service: control process exited, code=exited status=100
[ERROR 2018-01-04 15:40:33 main] Jan 04 15:34:17 systemd[1]: Failed to start High-performance, schema-free document-oriented database.
[ERROR 2018-01-04 15:40:33 main] Jan 04 15:34:17 systemd[1]: Unit mongod.service entered failed state.
[ERROR 2018-01-04 15:40:33 main] Jan 04 15:34:17 systemd[1]: mongod.service failed.
[ERROR 2018-01-04 15:40:33 main]
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/service/systemd.rb:166:in rescue in start' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/provider/service/systemd.rb:163:instart’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/service.rb:103:in block (3 levels) in <module:Puppet>' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:487:inset’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/property.rb:561:in sync' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/type/service.rb:114:insync’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:236:in sync' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:134:insync_if_needed’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:80:in perform_changes' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:21:inevaluate’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:230:in apply' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:246:ineval_resource’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:in call' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/transaction.rb:163:inblock (2 levels) in evaluate’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:507:in block in thinmark' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/2.1.0/benchmark.rb:294:inrealtime’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:506:in `thinmark’

… and the last few:

[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/context.rb:65:in override' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet.rb:306:inoverride’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:225:in main' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application/apply.rb:170:inrun_command’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:358:in block in run' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util.rb:662:inexit_on_fail’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/application.rb:358:in run' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:132:inrun’
[ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/lib/ruby/vendor_ruby/puppet/util/command_line.rb:72:in execute' [ERROR 2018-01-04 15:40:33 main] /opt/puppetlabs/puppet/bin/puppet:5:in’

I think these have to go:

!rhui-REGION-client-config-server-7/x86_64 Red Hat Update Infrastructure 2.0 Client Configuration Serve 8
!rhui-REGION-rhel-server-releases/7Server/x86_64 Red Hat Enterprise Linux Server 7 (RPMs) 17,843
!rhui-REGION-rhel-server-rh-common/7Server/x86_64 Red Hat Enterprise Linux Server 7 RH Common

There are items missing from the repository that are needed for installation. When I did this, I had to convert my install over to a CentOS installation. To do that, Add the following repos:

[CentOS_7_base]
baseurl = Index of /centos/7/os/x86_64/
sslverify = 1
name = CentOS 7 base
enabled = 1
gpgcheck = 0

[CentOS_7_Updates]
baseurl = Index of /centos/7/updates/x86_64/
sslverify = 1
name = CentOS 7 Updates
enabled = 1
gpgcheck = 0

[CentOS_7_Extras]
baseurl = Index of /centos/7/extras/x86_64/
sslverify = 1
name = CentOS 7 Extras
enabled = 1
gpgcheck = 1

And you will need a newer version of puppet than what the repos have:

[Puppet]
baseurl = Index of /el/7Server/PC1/x86_64
sslverify = 1
name = Puppet
enabled = 1
gpgcheck = 0

You might just try puppet - it could fix it. It depends on how much work you want to put into figuring it out.

Red Hat purposely leaves some key things out of their base repo needed for a katello install because it competes with their $10,000 dollar Red Hat Satellite 6 product (which is just Katello + The Foreman re-branded).

You may need to start with a fresh AMI if you have already done a yum update on the current one as it may not convert over to CentOS properly, or you may need to do something like this:

https://www.pickysysadmin.ca/2014/07/15/how-to-convert-rhel-6-x-to-centos-6-x/

For what it’s worth, I started developing this script using a RHEL 7 instance in Amazon’s cloud, so I know this can be done:

But I ended up switching to my own server at my house because the install failed due to the fact that the free tier did not have enough RAM (so you will need to address that too). You are welcome to give it a try (and I would welcome any feedback and if you would let me know your results if you do give it a go).

Your specific errors may be related to the puppet version specifically. Also make sure you generated your answers file using the version you are trying to deploy (so generate the answers file for 1.16 using a 1.16 install) - that will get you into trouble as well if you are trying to recycle an old answers file.

Thanks, that’s helpful.

That said … is there any reason not to just use a CentOS box? AWS has a CentOS 7 image.

Actually, now that I mention it, that’s a minimal image stripped down bare. Which is ALSO a problem. I have not enough history here: if I add the repos you suggested as my CentOS 7 repos (getting rid of the others, I’d imagine) and then run a yum -y update, will it round out that box or will it more likely break it? (the intentionally broken images are really troubling here)

What was missing? I ask because we do not leave things out. What you may be seeing is upstream work adding dependencies which would be delivered via Satellite. If that is the case, it is a publicly available package.

At a minimum, some of the katello/foreman dependancies that are in CentOS’s basae repo are only available in Red Hat’s Satellite 6 channel. I don’t remember specific package names - I was working on it about 6 months ago. I think it was a few python packages.

Just that it isn’t available in the free tier Otherwise, I would recommend that one. If you really want to do this in Amazon though, the Free Tier instance won’t work for you anyway.

I can’t promise anything, now some 6 months later, but when I did this with CentOS 7.3 it just converted my free tier RHEL 7 install to a CentOS Box.

Not a concern, I was never going to get it free teir anyway, I was just worried about the minimalist version having busted repos, but if replacing them will fix the issue, then I’ll replace them.

(though, FWIW, the CentOS image I linked IS free tier eligible. It’s just never going to be free tier AND have more than 8GB of ram, but I’m pretty sure nothing will give me enough ram for free) .

Hey, does this mean that I should edit the install steps outlined here? It seems to pull puppet straight from:

https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm

Would installing that repo manually be superior and I just leave that step out?

No. That’s my mistake. I just missed when I was taking a look through the repos above ^^ I meant that you need a version newer than the centos repos had. It looks like you were good in terms of puppet all along.

I’m going to give it a shot right now with the centos repos ad the install instructions as written.

Worked flawlessly, so that’s good.

Quick question for anyone looking before I go on. I found a nice walkthrough that suggests using subscription-manager and the katello-ca-consumer-katello.example.com-1.0-1.noarch.rpm bootstrap to subscribe my servers to the host. Is there a reason I can’t just use ansible to send out the repo files to the servers and enable them? I’d hate to hit work monday morning and find out I should have spent the weekend manually subscribing a thousand servers.

You could certainly use Ansible but do note that the RPM includes certificates and installs them system wide. Have a look at what the RPM exactly does and you can port that to Ansible.

Some tooling around system renames might only be aware of the RPMs but that shouldn’t be a big obstacle.

I honestly have not looked too deeply into the rpm. I just know that I won’t have the option of running the rpm on all these systems. maybe I’m not clear enough on how registration works.

If you plan to use repositories over HTTPS then the trick is getting a repository file that is both configured properly, and getting the consumer certificates that subscription-manager gets from Katello to enable access to the HTTPS repositories. So while you can use Ansible purely, subscription-manager makes like easier and can be wrapped in Ansible. Better yet, you can use the existing Ansible module to do this [1].

[1] http://docs.ansible.com/ansible/latest/redhat_subscription_module.html

thanks. that will be a big help. I think that I might be looking at using
createrepo as a stop gap since we path this weekend and I’m hiting issues,
but this will be a part of our go-live, I think.