Hi, I have fresh install katello 4.1.3 with Foreman 2.5.3 and i have problem with RedHat 8.4 provisioning. I’ve managed to configure configuration till point where system can be successfully build and run.
I have two problems from point where system is builded and it’s running. First of all, it’s not autmaticly registered by subscription-manager, i have found that in /etc/rhsm/rhsm.conf there is “baseurl = https://cdn.redhat.com ” not my local katello url. For manual registration i have to provide --serverurl= and --insecure in subscription-manager register arguments. Should baseurl be set while installing system?
Second problem that i found is that the baseurl in /etc/yum.repos.d/redhat.repo is set to https://cdn.redhat.com/My_Organization_Name/Library/RedHat_8_4/content/dist/rhel8/8.4/x86_64/appstream/os and because of that i can’t install any packages after system is installed. What it’s not pointing to my local pulp repo?
Did you sync the Red Hat kickstart repo and provision from the Synced Content instead of some local installation medium? Did you specify some activation key? The actual activation key enables the subscription-manager registration in the redhat_register snippet that is included in the default provisioning templates.
Hi,
I have synced:
Red Hat Enterprise Linux 8 for x86_64 - BaseOS Kickstart 8.4
Red Hat Enterprise Linux 8 for x86_64 - AppStream Kickstart 8.4
Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
Also i’ve added activation key.
Do i maybe have to manualy set some options in host configuration parameters tab?
Could you also share what you’ve picked for the host while provisioning? Or maybe take a look at the provisioning template preview for that host and see what it tries to do with subscription-manager. You can try to set the param subscription_manager to true, but given your answer, it should work already (as long as you set some activation key for that host)
I’ve set activation_key, subscription_manager and subscription_manager_org in host settings but after build, host is not registering and still baseurl in rhsm.conf is wrong, pointing to cdn.redhat.com not to my katello URL. Also i’m not seeing any option in redhat_register snippet for providing baseurl variable.
The rhsm.conf is normally configured by katello-ca-consumer rpm. Is your resulting kickstart trying to install that package?
Marek_Hulan:
katello-ca-consumer
I don’t see katello-ca-consumer nowhere in my anaconda-ks.cfg after install or in Kickstart default template preview for my RH 8.4 host.
My kickstart looks like that
# This kickstart file was rendered from the Foreman provisioning template "Kickstart default".
url --url http://katello.myorganization.int/pulp/content/MyOrganization/Library/RedHat_8_4/content/dist/rhel8/8.4/x86_64/baseos/kickstart/
repo --name Red_Hat_Enterprise_Linux_8_for_x86_64_-_AppStream_Kickstart_8_4 --baseurl http://katello.myorganization.int/pulp/content/MyOrganization/Library/RedHat_8_4/content/dist/rhel8/8.4/x86_64/appstream/kickstart/
lang en_US.UTF-8
selinux --enforcing
keyboard us
skipx
network --device=8a:2d:3a:b4:ee:1e --hostname wanda-armillei.myorganization.int --noipv6 --bootproto static --ip=10.10.10.105 --netmask=255.255.255.0 --gateway=10.10.10.1 --mtu=1500 --nameserver=10.10.10.1
rootpw --iscrypted $5$H6qSTbto2nsJvhtJ$eGPElds/RT8bMqAN6ahn5BWcACj4hHivoNrvxeIhnl.
firewall --service=ssh
authselect --useshadow --passalgo=sha256 --kickstart
timezone --utc UTC
services --disabled gpm,sendmail,cups,pcmcia,isdn,rawdevices,hpoj,bluetooth,openibd,avahi-daemon,avahi-dnsconfd,hidd,hplip,pcscd
bootloader --location=mbr --append="nofb quiet splash=quiet"
zerombr
clearpart --all --initlabel --drives=vda
#autopart
# autopart
part /boot --fstype ext4 --size=1024 --ondisk=vda
part pv.01 --size 1 --grow --ondisk=vda
volgroup VolGroup pv.01
logvol swap --vgname="VolGroup" --size=4096 --name="lv_swap"
#logvol /var --vgname="VolGroup" --size=16384 --name="lv_var" --fstype=xfs
logvol / --vgname="VolGroup" --size=8192 --name="lv_root" --fstype="ext4"
logvol /var --vgname="VolGroup" --size=8192 --grow --name="lv_var" --fstype="ext4"
text
reboot
%packages
yum
dhclient
chrony
-ntp
wget
@Core
redhat-lsb-core
%end
%post --nochroot --log=/mnt/sysimage/root/install.postnochroot.log
/usr/bin/chvt 3
echo "Changed to TTY3 for post installation..."
%end
%post --log=/root/install.post.log
logger "Starting anaconda wanda-armillei.myorganization.int postinstall"
# ens18 interface
real=`grep -l 8a:2d:3a:b4:ee:1e /sys/class/net/*/{bonding_slave/perm_hwaddr,address} 2>/dev/null | awk -F '/' '// {print $5}' | head -1`
sanitized_real=`echo $real | sed s/:/_/`
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
BOOTPROTO="none"
IPADDR="10.10.10.105"
NETMASK="255.255.255.0"
GATEWAY="10.10.10.1"
DOMAIN="myorganization.int"
DEVICE=$real
HWADDR="8a:2d:3a:b4:ee:1e"
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
DEFROUTE=yes
DNS1="10.10.10.1"
MTU=1500
EOF
echo "Updating system time"
systemctl enable --now chronyd
/usr/bin/chronyc -a makestep
/usr/sbin/hwclock --systohc
rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
echo "##############################################################"
echo "################# SUBSCRIPTION MANAGER #######################"
echo "##############################################################"
echo
echo "Starting the subscription-manager registration process"
if [ -f /usr/bin/dnf ]; then
dnf -y install subscription-manager
else
yum -t -y install subscription-manager
fi
subscription-manager register --name="wanda-armillei.myorganization.int" --org='MyOrganization' --activationkey='test1'
if [ -f /usr/bin/dnf ]; then
PACKAGE_MAN="dnf -y"
else
PACKAGE_MAN="yum -t -y"
fi
$PACKAGE_MAN install katello-agent
# update all the base packages from the updates repository
if [ -f /usr/bin/dnf ]; then
dnf -y update
else
yum -t -y update
fi
# SSH keys setup snippet for Remote Execution plugin
#
# Parameters:
#
# remote_execution_ssh_keys: public keys to be put in ~/.ssh/authorized_keys
#
# remote_execution_ssh_user: user for which remote_execution_ssh_keys will be
# authorized
#
# remote_execution_create_user: create user if it not already existing
#
# remote_execution_effective_user_method: method to switch from ssh user to
# effective user
#
# This template sets up SSH keys in any host so that as long as your public
# SSH key is in remote_execution_ssh_keys, you can SSH into a host. This
# works in combination with Remote Execution plugin by querying smart proxies
# to build an array.
#
# To use this snippet without the plugin provide the SSH keys as host parameter
# remote_execution_ssh_keys. It expects the same format like the authorized_keys
# file.
user_exists=false
getent passwd root >/dev/null 2>&1 && user_exists=true
if $user_exists; then
mkdir -p ~root/.ssh
cat << EOF >> ~root/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EDwSADAQABAAABAQDHsOZ79Ljl6fCKXXVzM2/z5dvq4kL1OzFCq2kLjkqJBCm1ktw0vMOHq6EJDUHsQ2mclGO+Yl8+QFus2xeUoP+SN4hMy3wbGAAu5oTxQxyT6XQeNcSpI4mM3yE86mWtX9u6LAJ0rCCbz/QCHFGlCrvCSc/XRP15QfR5ouEQ1zIPfsSId/YWKPtF0plxANmRaeRC3y2xPX5Yz0eOxjQ7vgczv9dSNcBoUrYIPDsal8YzQPpRwMBUCNV99naRlRwHdSXJdVgVJfJQXE4+E5XEMY+O4X0nq7vpxolHBUwtBoCk3C0mbrdgV8WlqnaKgkeaR7ZqkD84OTmLOgp7e3zj foreman-proxy@foreman.myorganization.int
EOF
chmod 0700 ~root/.ssh
chmod 0600 ~root/.ssh/authorized_keys
chown -R root: ~root/.ssh
# Restore SELinux context with restorecon, if it's available:
command -v restorecon && restorecon -RvF ~root/.ssh || true
else
echo 'The remote_execution_ssh_user does not exist and remote_execution_create_user is not set to true. remote_execution_ssh_keys snippet will not install keys'
fi
rpm -Uvh https://yum.puppet.com/puppet6/puppet6-release-el-8.noarch.rpm
if [ -f /usr/bin/dnf ]; then
dnf -y install puppet-agent
else
yum -t -y install puppet-agent
fi
cat > /etc/puppetlabs/puppet/puppet.conf << EOF
[main]
[agent]
pluginsync = true
report = true
ca_server = katello.myorganization.int
certname = wanda-armillei.myorganization.int
server = katello.myorganization.int
environment = production
EOF
puppet_unit=puppet
/usr/bin/systemctl list-unit-files | grep -q puppetagent && puppet_unit=puppetagent
/usr/bin/systemctl enable ${puppet_unit}
# export a custom fact called 'is_installer' to allow detection of the installer environment in Puppet modules
export FACTER_is_installer=true
# passing a non-existent tag like "no_such_tag" to the puppet agent only initializes the node
/opt/puppetlabs/bin/puppet agent --config /etc/puppetlabs/puppet/puppet.conf --onetime --tags no_such_tag --server katello.myorganization.int --no-daemonize
echo '#'
echo '# Installing Insights client'
echo '#'
yum install -y insights-client
insights-client --test-connection
insights-client --register
touch /tmp/foreman_built
%end
# copy %pre log files into chroot
%post --nochroot
cp -vf /tmp/*.pre.*.log /mnt/sysimage/root/
%end
%post --log=/root/install.post.custom.log
# Custom post snippet generated by "Kickstart default custom post"
%end
%post --erroronfail
if test -f /tmp/foreman_built; then
echo "calling home: build is done!"
if [ -x /usr/bin/curl ]; then
/usr/bin/curl -o /dev/null --noproxy \* -H 'Content-Type: text/plain' --data @/root/install.post.log --silent 'http://katello.myorganization.int/unattended/built'
elif [ -x /usr/bin/wget ]; then
/usr/bin/wget -q -O /dev/null --no-proxy --method POST --header 'Content-Type: text/plain' --body-file=/root/install.post.log 'http://katello.myorganization.int/unattended/built'
else
wget -q -O /dev/null --header 'Content-Type: text/plain' 'http://katello.myorganization.int/unattended/built'
fi
else
echo "calling home: build failed!"
if [ -x /usr/bin/curl ]; then
/usr/bin/curl -o /dev/null --noproxy \* -H 'Content-Type: text/plain' --data @/root/install.post.log --silent 'http://katello.myorganization.int/unattended/failed'
elif [ -x /usr/bin/wget ]; then
/usr/bin/wget -q -O /dev/null --no-proxy --method POST --header 'Content-Type: text/plain' --body-file=/root/install.post.log 'http://katello.myorganization.int/unattended/failed'
else
wget -q -O /dev/null --header 'Content-Type: text/plain' 'http://katello.myorganization.int/unattended/failed'
fi
fi
echo "Changing back to TTY1..."
/usr/bin/chvt 1
sync
%end
Ok, thanks, defering to someone more knowledgable in this area. Hopefully we have enough information for debugging.
I found solution for both my problems.
For 1. i had to set kt_activation_keys not activation_keys in host params.
