Registering Ubuntu and Debian Systems

Problem: Need some advise on configuring client machines as Debian and Ubuntu

Expected outcome: Should be able to update security updates with the help of Foreman

Foreman and Proxy versions:

Foreman and Proxy plugin versions:

Distribution and version:

Other relevant data:

Can someone please help me on this problem.

I think to encourage someone to help you, it would be nice if you could describe your problem much more verbose! Maybe try aswering the following questions.

  • What background do you have with foreman?
  • What are you trying to achieve?
  • What have you tried yet?
  • Where does your problem happen?
  • How can anyone reproduce the problem?
  • Which version of Foreman do you use?
  • etc

I have found the community to be very helpful, however, they do not want to have to ask for every piece of information and I totally understand that.

Have a nice day ;-D
fgoebel

2 Likes

Hello @fgoebel,

Thanks for your update. I’ve installed Foreman 2.3.1 on top of CentOS 7.

I’m trying to setup a Debian/Ubuntu Repository with the help of Foreman.

Once I have the published URL, I can make use of this to configure the sources.list file in order to fetch the packages to the client machine.

When I’m trying to fetch the packages, I’m getting the following error message.

E: Failed to fetch http://example.com/pulp/deb/Tele2/Library/custom/Debian10/Debian_10/dists/main/contrib/source/Sources 404 Not Found IP address [Server IP ]

Please let me know if there are any additional questions.

Ok, so I do not think that I can help you here.

I have only used foreman on ubuntu without katello or content management yet… My Answer was more to provide you with some feedback why there wasnt any answer yet…

I am sorry, you should wait for someone who has more knowledge on these topis.

In the meantime you could maybe provide even more information about your setup:

  • Did you follow any instructions to get were you are now? if yes add a link
  • how was foreman installed? (installer? ansible? manual?)
  • be as precise and verbose as possible

Hello @fgoebel,

Yes, I totally agree with you on adding details as I missed to add that before.

I’ll add more details shortly.

Thanks.

Hello Team,

I’m getting the following error when I’m trying to Sync “Debain security Repo” .

PLP0000: Release file not found. Check the feed option.

Upstream URL is as follows:

http://security.debian.org/debian-security/dists/buster/updates/

Thanks. Please assist.

I am unsure which steps you followed so far & how your product and repository is currently configured.

Have you tried following these instructions Using Type deb?

Hello @maximilian,

Thanks for your help on this. I’m validating the settings and get back to you.

Hello @maximilian,

I following the same steps as mentioned by you. I’m getting the following error message.

PLP0000: gnupghome should be a directory (it isn’t): /var/lib/pulp/gpg-home

Please advise, thanks.

Check the ownership in the /var/lib/pulp/gpg-home/ directory. The files should belong to the apache user.

If not, run the following command to fix the ownership issue:

chmod apache:apache *

Hello @maximilian,

Thanks for your instant reply. I’m not finding that directory.

Am I good to create one directory or it should be auto created with the help of Foreman.

Please assist.

[root@abc ~]# cd /var/lib/pulp/
[root@abc pulp]# ls -al |grep gpg
[root@abc pulp]# pwd
/var/lib/pulp

Thanks.

I am unsure but would assume you’re ok to create it and adjust the ownership.

Thanks @maximilian

Hello @maximilian ,

I’ve added the content credential by following the below steps:

Navigate to content credentials >> create content credential >> added the key present in below url

http://ftp.debian.org/debian/dists/buster/Release.gpg

I’m getting the following error message when I’m doing a sync

PLP0000: GPG-Key not imported: [{‘text’: ‘No valid data found’, ‘problem’: ‘0’, ‘fingerprint’: None}]

Please correct me if I’m following a incorrect steps, thanks.

Are you by chance missing the public GPG key?

First, you download the public GPG key & add it to your Foreman instance as content credential.
Second, you attach the content credential to your product or repository. If you only have Debian repos bundled to one product, it’s fine to add the content credential to the product directly.

source

Hello @maximilian,

Thank you. It helped to resolve that issue as there was a conflicting gpg key.

When I do a Sync now, I’m getting the following error.

PLP0000: Release file verification failed! gpg: Signature made Sat 05 Dec 2020 10:37:30 UTC using RSA key ID B7D453EC
[GNUPG:] ERRSIG 04EE7237B7D453EC 1 8 00 1607164650 9
[GNUPG:] NO_PUBKEY 04EE7237B7D453EC
gpg: Can’t check signature: No public key
gpg: Signature made Sat 05 Dec 2020 10:37:31 UTC using RSA key ID 22F3D138
[GNUPG:] SIG_ID 4PHyQJINyWRfyKXBu1BRvpKzzDc 2020-12-05 1607164651
[GNUPG:] GOODSIG 648ACFD622F3D138 Debian Archive Automatic Signing Key (10/buster) ftpmaster@debian.org
gpg: Good signature from “Debian Archive Automatic Signing Key (10/buster) ftpmaster@debian.org
[GNUPG:] VALIDSIG 0146DC6D4A0B2914BDED34DB648ACFD622F3D138 2020-12-05 1607164651 0 4 0 1 8 00 80D15823B7FD1561F9F7BCDDDC30D7C23CBBABEE
[GNUPG:] TRUST_UNDEFINED
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 80D1 5823 B7FD 1561 F9F7 BCDD DC30 D7C2 3CBB ABEE
Subkey fingerprint: 0146 DC6D 4A0B 2914 BDED 34DB 648A CFD6 22F3 D138
gpg: Signature made Sat 05 Dec 2020 10:40:27 UTC using RSA key ID 77E11517
[GNUPG:] ERRSIG DCC9EFBF77E11517 1 8 00 1607164827 9
[GNUPG:] NO_PUBKEY DCC9EFBF77E11517
gpg: Can’t check signature: No public key

Thanks.

It looks like you’ve added the wrong GPG public key to the repository.

I’ve tried to verify the GPG signature manually:

wget http://security.debian.org/debian-security/dists/buster/updates/Release
wget http://security.debian.org/debian-security/dists/buster/updates/Release.gpg
gpg --verify Release.gpg Release

This results in the following output:

gpg: Signature made Mon Jan 25 20:46:21 2021 UTC
gpg:                using RSA key 379483D8B60160B155B372DDAA8E81B4331F7F50
gpg: Can't check signature: No public key
gpg: Signature made Mon Jan 25 20:46:21 2021 UTC
gpg:                using RSA key 5237CEEEF212F3D51C74ABE0112695A0E562B32A
gpg: Can't check signature: No public key

Download the GPG keys:

gpg --keyserver keys.gnupg.net --recv-key 379483D8B60160B155B372DDAA8E81B4331F7F50
gpg --keyserver keys.gnupg.net --recv-key 5237CEEEF212F3D51C74ABE0112695A0E562B32A

Export the GPG keys to a file (which can be imported to Foreman):

gpg --armor --export ftpmaster@debian.org > gpg_debian.txt

Hello @maximilian ,

Thanks. I’ve few doubts.

I can execute the following commands in the foreman cli.

gpg --keyserver keys.gnupg.net --recv-key 379483D8B60160B155B372DDAA8E81B4331F7F50
gpg --keyserver keys.gnupg.net --recv-key 5237CEEEF212F3D51C74ABE0112695A0E562B32A
gpg --armor --export ftpmaster@debian.org > gpg_debian.txt

Then upload the gpg_debian.txt using Foreman GUI.

Please correct me if I’m wrong.

Thanks.

You can run these commands on basically any machine with gpg installed. I’ve used a container running Debian Buster.