Hi guys,

i don't understand how can i manage packages with Katello for CentOS
maschines.

I created an Activation Key, provided environments, repositories and conent
views to the key. Then i installed the key on the with subcription-manager
and nothing. On the katello-gui i can see that subscription is ok,
katello-agent is installed. But i can't update/delete any packages on the
System. In the host log i see that it tries to connect to
subscription.rhn.redhat.com but why? It should get all the Packages from my
katello-server with its repositories provided to the activation key. Please
help.

Greets,
Denis

Apr 09 13:42:22 memcached4.nodes.rto.de goferd[8218]: [INFO][Thread-3]
rhsm.connection:778 - Connection built: host=subscription.rhn.redhat.com
port=443 handler=/subscription auth=identity_cert ca_dir=/etc/rhsm/ca/
verify=False
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - Invalid credentials.
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - Traceback (most recent call last):
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - File "/usr/lib/gofer/plugins/katelloplugin.py", line
194, in validate_registration
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - consumer = uep.getConsumer(consumer_id)
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - File
"/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 1001, in
getConsumer
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - return self.conn.request_get(method)
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - File
"/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 644, in
request_get
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - return self._request("GET", method)
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - File
"/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 564, in
_request
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - self.validateResponse(result, request_type, handler)
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - File
"/usr/lib64/python2.7/site-packages/rhsm/connection.py", line 611, in
validateResponse
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - raise RestlibException(response['status'],
error_msg, response.get('headers'))
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [ERROR][Thread-3]
katelloplugin:201 - RestlibException: Invalid credentials.
Apr 09 13:42:23 memcached4.nodes.rto.de goferd[8218]: [WARNING][Thread-3]
katelloplugin:130 - Invalid credentials.

[root@memcached4 ~]# subscription-manager config
[server]
hostname = theforeman.nodes.rto.de
insecure = [0]
port = [443]
prefix = /rhsm
proxy_hostname = []
proxy_password = []
proxy_port = []
proxy_user = []
ssl_verify_depth = [3]

[rhsm]
baseurl = https://theforeman.nodes.rto.de/pulp/repos
ca_cert_dir = [/etc/rhsm/ca/]
consumercertdir = [/etc/pki/consumer]
entitlementcertdir = [/etc/pki/entitlement]
full_refresh_on_yum = 1
manage_repos = [1]
pluginconfdir = [/etc/rhsm/pluginconf.d]
plugindir = [/usr/share/rhsm-plugins]
productcertdir = [/etc/pki/product]
repo_ca_cert = /etc/rhsm/ca/katello-server-ca.pem
report_package_profile = [1]

[rhsmcertd]
autoattachinterval = [1440]
certcheckinterval = [240]

[] - Standardwert wird verwendet

Hi Denis,
You need to install the bootstrap rpm on all your client hosts with

rpm -Uvh http://$KATELLO_HOSTNAME/pub/katello-ca-consumer-latest.noarch.rpm

This will install the required certificates for your Katello host and will
point subscription manager to your Katello instance. Have a look at the
Content Hosts
documentation: http://www.katello.org/docs/user_guide/content_hosts/index.html

Hello Abir,

i tried all the steps once again and it worked for me. Thank you!

I still have the same issue when im using activation
keys: rhsm.connection:778 - Connection built:
host=subscription.rhn.redhat.com port=443 handler=/subscription
auth=identity_cert ca_dir=/etc/rhsm/ca/ verify=False
but if i register host manually it works fine. What i do wrong?

The solution was to provide --baseurl="" subscription-manager.

Hi Denis

I don't know what kind of template you are using for this here is mine

<% if @host.params['kt_activation_keys'] %>

add subscription manager

rm -rf /etc/yum.repos.d/*
rpm -ivh <%= subscription_manager_configuration_url(@host) %>

echo "Registering the System"
subscription-manager register --org="<%= @host.rhsm_organization_label %>"
–name="<%= @host.name %>" --activationkey="<%=
@host.params['kt_activation_keys'] %>"

echo "Installing Katello Agent"
yum -t -y -e 0 install katello-agent
chkconfig goferd on
<% end %>

also i download the latest subscription manager packages from this repo

http://repos.fedorapeople.org/repos/candlepin/subscription-manager/epel-subscription-manager.repo

Next step

i added the subscription manager packages into the Centos Repo on katello and change the kickstart in the packages section to include the subscription manager

%packages --ignoremissing
yum
dhclient
ntp
wget
subscription-manager
@Core
<%= section_end -%>

this is my complete kickstart for centos
<%#
kind: provision
name: Verifone Kickstart Default
oses:

• CentOS 5
• CentOS 6
• CentOS 7
• RedHat 5
• RedHat 6
• RedHat 7
• Fedora 19
• Fedora 20
  %>
  <%
  rhel_compatible = @host.operatingsystem.family == 'Redhat' && @host.operatingsystem.name != 'Fedora'
  os_major = @host.operatingsystem.major.to_i

  safemode renderer does not support unary negation

  pm_set = @host.puppetmaster.empty? ? false : true
  puppet_enabled = pm_set || @host.params['force-puppet']
  salt_enabled = @host.params['salt_master'] ? true : false
  section_end = (rhel_compatible && os_major <= 5) ? '' : '%end'
  %>
  install
  <%= @mediapath %>
  lang en_US.UTF-8
  selinux --enforcing
  keyboard us
  skipx

<% subnet = @host.subnet -%>
<% if subnet.respond_to?(:dhcp_boot_mode?) -%>
<% dhcp = subnet.dhcp_boot_mode? && !@static -%>
<% else -%>
<% dhcp = !@static -%>
<% end -%>

network --bootproto <%= dhcp ? 'dhcp' : "static --ip=#{@host.ip} --netmask=#{subnet.mask} --gateway=#{subnet.gateway} --nameserver=#{[subnet.dns_primary, subnet.dns_secondary].select(&:present?).join(',')}" %> --hostname <%= @host %><%= os_major >= 6 ? " --device=#{@host.mac}" : '' -%>

rootpw --iscrypted <%= root_pass %>
firewall --<%= os_major >= 6 ? 'service=' : '' %>ssh
authconfig --useshadow --passalgo=sha256 --kickstart
timezone --utc <%= @host.params['time-zone'] || 'UTC' %>

<% if @host.operatingsystem.name == 'Fedora' and os_major <= 16 -%>

Bootloader exception for Fedora 16:

bootloader --append="nofb quiet splash=quiet <%=ks_console%>" <%= grub_pass %>
part biosboot --fstype=biosboot --size=1
<% else -%>
bootloader --location=mbr --append="nofb quiet splash=quiet" <%= grub_pass %>
<% end -%>

<% if os_major == 5 -%>
key --skip
<% end -%>

<% if @dynamic -%>
%include /tmp/diskpart.cfg
<% else -%>
<%= @host.diskLayout %>
<% end -%>

text
reboot

%packages --ignoremissing
yum
dhclient
ntp
wget
subscription-manager
@Core
<%= section_end -%>

<% if @dynamic -%>
%pre
<%= @host.diskLayout %>
<%= section_end -%>
<% end -%>

%post --nochroot
exec < /dev/tty3 > /dev/tty3
#changing to VT 3 so that we can see whats going on…
/usr/bin/chvt 3
(
cp -va /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
/usr/bin/chvt 1
) 2>&1 | tee /mnt/sysimage/root/install.postnochroot.log
<%= section_end -%>

%post
logger "Starting anaconda <%= @host %> postinstall"
exec < /dev/tty3 > /dev/tty3
#changing to VT 3 so that we can see whats going on…
/usr/bin/chvt 3
(
<% if subnet.respond_to?(:dhcp_boot_mode?) -%>
<%= snippet 'kickstart_networking_setup' %>
<% end -%>

#update local time
echo "updating system time"
/usr/sbin/ntpdate -sub <%= @host.params['ntp-server'] || '172.25.176.37' %>
/usr/sbin/hwclock --systohc

<%= snippet "registration" %>
#Push sshkeys for foreman-proxy

<% if @host.respond_to?(:realm) && @host.otp && @host.realm && @host.realm.realm_type == "FreeIPA" -%>
<%= snippet "freeipa_register" %>
<% end -%>

update all the base packages from the updates repository

yum -t -y -e 0 update

<% if salt_enabled %>
yum -t -y -e 0 install salt-minion
cat > /etc/salt/minion << EOF
<%= snippet 'saltstack_minion' %>
EOF

Setup salt-minion to run on system reboot

/sbin/chkconfig --level 345 salt-minion on

Running salt-call to trigger key signing

salt-call --no-color --grains >/dev/null
<% end -%>

<% if puppet_enabled %>

and add the puppet package

yum -t -y -e 0 install puppet

echo "Configuring puppet"
cat > /etc/puppet/puppet.conf << EOF
<%= snippet 'puppet.conf' %>
EOF

Setup puppet to run on system reboot

/sbin/chkconfig --level 345 puppet on

/usr/bin/puppet agent --config /etc/puppet/puppet.conf -o --tags no_such_tag <%= @host.puppetmaster.blank? ? '' : "–server #{@host.puppetmaster}" %> --no-daemonize
<% end -%>

#provisioning SSH Remote Execution
<%= snippet "remote_execution_ssh_keys" %>
#Provisioning Security Agents
<%= snippet "netjoin" %>
<%= snippet "hs" %>

sync

<% if @provisioning_type == nil || @provisioning_type == 'host' -%>

Inform the build system that we are done.

echo "Informing Foreman that we are built"
wget -q -O /dev/null --no-check-certificate <%= foreman_url %>
<% end -%>
) 2>&1 | tee /root/install.post.log
exit 0

<%= section_end -%>

Here the snippet used
##registration snippet##
<% if @host.params['kt_activation_keys'] %>

add subscription manager

rm -rf /etc/yum.repos.d/*
rpm -ivh <%= subscription_manager_configuration_url(@host) %>

echo "Registering the System"
subscription-manager register --org="<%= @host.rhsm_organization_label %>" --name="<%= @host.name %>" --activationkey="<%= @host.params['kt_activation_keys'] %>"

echo "Installing Katello Agent"
yum -t -y -e 0 install katello-agent
chkconfig goferd on
<% end %>

###puppet.conf##
<%#
kind: snippet
name: puppet.conf
%>
[main]
<% if @host.operatingsystem.name == 'FreeBSD' -%>
vardir = /var/puppet
logdir = $vardir/log
<% else -%>
vardir = /var/lib/puppet
logdir = /var/log/puppet
<% end -%>
rundir = /var/run/puppet
ssldir = $vardir/ssl

[agent]
pluginsync = true
report = true
ignoreschedules = true
daemon = false
<%- if @host.puppet_ca_server.strip -%>
ca_server = <%= @host.puppet_ca_server %>
<%- end -%>
certname = <%= @host.certname %>
environment = <%= @host.environment %>
server = <%= @host.puppetmaster %>

And you need to create a hostgroup or when you create you host with centos use activation key as you can see in my kickstart the registration is only trigger if you have activation key if no is going to try to subscribe via rehdhat possible this is the issue you are presenting right now just make sure to have an activation key to trigger the installation of the consumer

just remove from my kickstart

<%= snippet "remote_execution_ssh_keys" %>
#Provisioning Security Agents
<%= snippet "netjoin" %>
<%= snippet "hs" %>

This is a greate Template for me to try, thank you!

>
> i miss to give you also this snippet
>

<%#
kind: snippet
name: kickstart_networking_setup
description: this will configure your host networking, it configures your
primary interface as well
as other configures NICs. It supports physical, VLAN and Alias
interfaces. It's intended to be
called from %post in your kickstart template. Note that this snippet
can be used with Foreman 1.7
and later
%>
<% subnet = @host.subnet -%>
<% dhcp = subnet.dhcp_boot_mode? -%>

<% if @host.respond_to?(:has_primary_interface?) %>
<%# Foreman 1.7 - primary interface contained in @host %>

primary interface

real=ip -o link | grep <%= @host.mac -%> | awk '{print $2;}' | sed s/://
<% if @host.has_primary_interface? %>
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$real
BOOTPROTO="<%= dhcp ? 'dhcp' : 'none' -%>"
<% unless dhcp -%>
IPADDR="<%= @host.ip -%>"
NETMASK="<%= subnet.mask -%>"
<% if !subnet.gateway.nil? && !subnet.gateway.empty? -%>
GATEWAY="<%= subnet.gateway %>"
<% end -%>
<% end -%>
DEVICE="$real"
HWADDR="<%= @host.mac -%>"
ONBOOT=yes
EOF
<% end -%>
<% end -%>

<% bonded_interfaces = [] %>
<% bonds = @host.bond_interfaces %>
<% bonds.each do |bond| %>
<% subnet = bond.subnet -%>
<% dhcp = subnet.nil? ? false : subnet.dhcp_boot_mode? -%>

<%= bond.identifier %> interface

real="<%= bond.identifier -%>"
cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$real
BOOTPROTO="<%= dhcp ? 'dhcp' : 'none' -%>"
<% unless dhcp || subnet.nil? -%>
IPADDR="<%= bond.ip -%>"
NETMASK="<%= subnet.mask -%>"
<% if !subnet.gateway.nil? && !subnet.gateway.empty? -%>
GATEWAY="<%= subnet.gateway %>"
<% end -%>
<% end -%>
DEVICE="$real"
ONBOOT=yes
PEERDNS=no
PEERROUTES=no
DEFROUTE=no
TYPE=Bond
BONDING_OPTS="<%= bond.bond_options -%> mode=<%= bond.mode -%>"
BONDING_MASTER=yes
NM_CONTROLLED=no
EOF

<% @host.interfaces_with_identifier(bond.attached_devices_identifiers).each
do |interface| -%>
<% next if !interface.managed? -%>

<% subnet = interface.subnet -%>
<% virtual = interface.virtual? -%>
<% vlan = virtual && subnet.has_vlanid? -%>
<% alias_type = virtual && !subnet.nil? && !subnet.has_vlanid? &&
interface.identifier.include?(':') -%>
<% dhcp = !subnet.nil? && subnet.dhcp_boot_mode? -%>

<%= interface.identifier %> interface

real=ip -o link | grep <%= interface.respond_to?(:inheriting_mac) ? interface.inheriting_mac : interface.mac -%> | awk '{print $2;}' | sed s/:$//
<% if virtual -%>
real=echo <%= interface.identifier -%> | sed s/<%= interface.attached_to -%>/$real/
<% end -%>

ifcfg files are ignored by NM if their name contains colons so we convert

colons to underscore
<% if alias_type -%>
sanitized_real=echo $real | sed s/:/_/
<% else -%>
sanitized_real=$real
<% end -%>

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
BOOTPROTO="none"
DEVICE="$real"
<% unless virtual -%>
HWADDR="<%= interface.mac -%>"
<% end -%>
ONBOOT=yes
PEERDNS=no
PEERROUTES=no
<% if vlan -%>
VLAN=yes
<% elsif alias_type -%>
TYPE=Alias
<% end -%>
NM_CONTROLLED=no
MASTER=<%= bond.identifier %>
SLAVE=yes
EOF

<% bonded_interfaces.push(interface.identifier) -%>
<% end %>
<% end %>

<% @host.managed_interfaces.each do |interface| %>
<% next if !interface.managed? || interface.subnet.nil? -%>
<% next if bonded_interfaces.include?(interface.identifier) -%>

<% subnet = interface.subnet -%>
<% virtual = interface.virtual? -%>
<% vlan = virtual && subnet.has_vlanid? -%>
<% alias_type = virtual && !subnet.has_vlanid? &&
interface.identifier.include?(':') -%>
<% dhcp = subnet.dhcp_boot_mode? -%>

<%= interface.identifier %> interface

real=ip -o link | grep <%= interface.mac -%> | awk '{print $2;}' | sed s/:$//
<% if virtual -%>
real=echo <%= interface.identifier -%> | sed s/<%= interface.attached_to -%>/$real/
<% end -%>

ifcfg files are ignored by NM if their name contains colons so we convert

colons to underscore
<% if alias_type -%>
sanitized_real=echo $real | sed s/:/_/
<% else -%>
sanitized_real=$real
<% end -%>

cat << EOF > /etc/sysconfig/network-scripts/ifcfg-$sanitized_real
BOOTPROTO="<%= dhcp ? 'dhcp' : 'none' -%>"
<% unless dhcp -%>
IPADDR="<%= interface.ip -%>"
NETMASK="<%= subnet.mask -%>"
<% if !subnet.gateway.nil? && !subnet.gateway.empty? -%>
GATEWAY="<%= subnet.gateway %>"
<% end -%>
<% end -%>
DEVICE="$real"
<% unless virtual -%>
HWADDR="<%= interface.mac -%>"
<% end -%>
ONBOOT=yes
<% if interface.respond_to?(:primary) && interface.primary -%>
PEERDNS=yes
PEERROUTES=yes
<% else -%>
PEERDNS=no
PEERROUTES=no
<% end -%>
<% if vlan -%>
VLAN=yes
<% elsif alias_type -%>
TYPE=Alias
<% end -%>
EOF

<% end %>