Registering Ubuntu and Debian Systems

karthickitslm · January 26, 2021, 9:48am

Thanks

karthickitslm · January 26, 2021, 10:44am

I tried the above steps and still getting the following error message. I think for some reason, it’s referring to the old data in the back ground.

PLP0000: Release file verification failed! gpg: Signature made Sat 05 Dec 2020 10:37:30 UTC using RSA key ID B7D453EC
[GNUPG:] ERRSIG 04EE7237B7D453EC 1 8 00 1607164650 9
[GNUPG:] NO_PUBKEY 04EE7237B7D453EC
gpg: Can’t check signature: No public key
gpg: Signature made Sat 05 Dec 2020 10:37:31 UTC using RSA key ID 22F3D138
[GNUPG:] ERRSIG 648ACFD622F3D138 1 8 00 1607164651 9
[GNUPG:] NO_PUBKEY 648ACFD622F3D138
gpg: Can’t check signature: No public key
gpg: Signature made Sat 05 Dec 2020 10:40:27 UTC using RSA key ID 77E11517
[GNUPG:] ERRSIG DCC9EFBF77E11517 1 8 00 1607164827 9
[GNUPG:] NO_PUBKEY DCC9EFBF77E11517
gpg: Can’t check signature: No public key

Appreciate your help, thanks.

karthickitslm · January 27, 2021, 8:46am

Hello Team,

Even after creating a new product/repo/content credential there is no change in the response.

Has anyone able to apply the patches to the Debian/Ubnutu client machines with the help of published url in the Foreman.

Please advise, thanks.

quba42 · January 27, 2021, 10:42am

I am not sure why the public key is missing from your GPG home directory. As far as I know it should be placed there entirely without user intervention.

Since I have not been here for the entire discussion, perhaps you could just confirm for me if you can synchronize your repo without verifying the upstream signature.

To do that, simply remove any GPG keys from your repository and/or product, and then try to synchronize. Does that work?

karthickitslm · January 28, 2021, 7:51am

Hello @quba42,

Appreciate your help on this. It helped to resolve the issue.

can some one please guide me on the following:

I added the following entry in the sources.list

deb [trusted=yes] http://example.com/pulp/deb/Tele2/Library/custom/D10/D10/ buster-updates main contrib
deb-src [trusted=yes] http://example.com/pulp/deb/Tele2/Library/custom/D10/D10/ buster-updates main contrib

I’m getting the following error message

E: Failed to fetch http://example.com/pulp/deb/Tele2/Library/custom/D10/D10/dists/buster-updates/main/source/Sources 404 Not Found [IP: server IP]

Can someone please help on how the debian package directory management should be present so that the client machine can get the packages with the help of Foreman.

Thanks.

quba42 · January 28, 2021, 8:51am

There are two possible approaches on how to make content available to your clients:

1.) Accessing the published repos directly using HTTP
2.) Using Katello’s subscription management

So far you have been attempting to do (1). However, to make use of Katellos full feature set, you would need to use (2). However, in order to use number (2), you will need to install the subscription manager on your clients. Built versions of the subscription manager are currently only available for (Buster) and Ubuntu 20.04 (Focal) at http://apt.atix.de/. I will describe both approaches below.

Accessing published repos directly via HTTP

1.) Navigate to your repository in the Foreman UI via “Content > Products > <your_product_name> > Repositories tab > <your_repository_name>”.
2.) Make sure you have entered “Publish via HTTP: Yes”.
3.) Right below “Publish via HTTP: Yes” you should see “Published At: <url_to_repo_root>”
4.) Use the following in your /etc/apt/sources.list file on your clients:

deb <url_to_repo_root> default all

Note: Using default all presumes having "publish_default_release": true, in your /etc/pulp/server/plugins.conf.d/deb_distributor.json config file on your foreman server.

e.g.:

# cat /etc/pulp/server/plugins.conf.d/deb_distributor.json
{
  "publish_default_release": true,
}

If you are missing this configuration, add it and then use the “Republish Repository Metadata” action in your repositories.

Using the subscription-manager (available for Debian 10 and Ubuntu 20.04)

1.) Make sure you have created not only Products with Repositories, but also Content Views, Lifecycle Environments and Activation Keys on your Foreman server. You can read this guide (Content Management Guide - orcharhino documentation) or the Foreman or the Katello documentation for more information.
2.) Install The subscription-manager on all your clients. Built clients are available for Debian 10 and Ubuntu 20.04 at http://apt.atix.de/.
3.) Also install apt-transport-katello and katello-upload-profile from the client repo at http://apt.atix.de/ on your clients.
4.) Download and install certificates from your Foreman server to your clients using:

wget --no-check-certificate -O katello-rhsm-consumer http://<your_foreman_server>/pub/katello-rhsm-consumer
/bin/bash -x katello-rhsm-consumer 2> /root/katello-rhsm-consumer.log

5.) Register your host using your activation key (on your client):

subscription-manager register --org="<your_organization>" --name="<your_host_name>" --activationkey="<your_activation_key>"

Note: We recently added some of these instructions to the Foreman UI under “Hosts > Content Hosts > Register Content Hosts > Select an Operating System: Debian/Ubuntu”. I am not sure if that has been released yet.

@maximilian Did I forget anything?

quba42 · January 28, 2021, 9:01am

If you want to have client packages like python-subscription-manager, apt-transport-katello, and katello-upload-profile for systems other than Debian 10 (Buster) and Ubuntu 20.04 (Focal) (http://apt.atix.de/), you currently need to build them yourself from source. (This is not trivial to do).

Alternatively you can get commercial support: Foreman :: Professional Services
The orcharhino enterprise product (based on Foreman/Katello) provides inbuilt support for many versions of Ubuntu and Debian: https://orcharhino.com/

karthickitslm · January 28, 2021, 9:29am

Hello @quba42,

Thanks a lot for your guidance. Can you please explain me on this part.

deb <url_to_repo_root> default all

url_to_repo_root = http://example.com/pulp/deb/Tele2/Library/custom/D10/D10/

in this case ?

karthickitslm · January 28, 2021, 10:37am

Hello @quba42,

I managed to find the answer from your comment itself.

Thanks.

karthickitslm · January 28, 2021, 1:14pm

Hello @quba42 @maximilian @fgoebel,

I’m not able to resolve the issue yet.

After changing the source url to the following I’m getting the below error message.

deb [trusted=yes] http://example.com/pulp/deb/Tele2/Library/custom/D10/D10/ default all
deb-src [trusted=yes] http://example.com/pulp/deb/Tele2/Library/custom/D10/D10/ default all

Failed to fetch http://example.com/pulp/deb/Tele2/Library/custom/D10/D10/dists/default/all/source/Sources

Please advise.

Thanks.

quba42 · January 28, 2021, 1:40pm

This sounds like the APT implementation on your client is throwing an error if the repository does not have any source packages. Foreman (that is Katello, that is Pulp) does not support source packages in any way and does not publish the corresponding metadata. This is not normally required by clients.

What operating system is your client running exactly? And exactly what command are you running to get this error?

karthickitslm · January 28, 2021, 2:02pm

Hello @quba42,

Thanks, client operating system is Debian 10.5.

apt-get update --download-only

quba42 · January 28, 2021, 2:15pm

That is strange. I am running Debian unstable (which should be very similar) and I have never seen that error (and I am using binary only repositories all the time). It must be some local APT configuration on your Debian host that is demanding source package indices.

Can you show me the file you have at http://example.com/pulp/deb/Tele2/Library/custom/D10/D10/dists/default/Release on your foreman? (Perhaps that will give me some ideas.)

karthickitslm · January 28, 2021, 2:19pm

Hello @quba42,

Thanks. PFB the requested details.

# cat Release
Label: 6238bd64-766d-4b97-9997-126687e1556a
Suite: stable
Codename: buster
Date: Wed, 27 Jan 2021 11:29:37 +0000
Architectures: amd64
Components: main
MD5sum:
c70d857f653015161fa4b8cf1bb259e6 19710400 main/binary-all/Packages
70a6b643f4b68c21eaf9a452847a9635 6199513 main/binary-all/Packages.gz
f8f4d77780399531efca616e07c96955 4472758 main/binary-all/Packages.bz2
c422609e16f3742eb9451f19244848a5 43605376 main/binary-amd64/Packages
b5c2e5781ac6e992d3ee6fd7ead40247 13523431 main/binary-amd64/Packages.gz
1c3373fbb3ffd3777884d943da9e12b4 9709299 main/binary-amd64/Packages.bz2
SHA1:
a2816318ef6e13907e04bcda2eb1580438613d53 19710400 main/binary-all/Packages
8e81b1ba18705a38699c3b24a4209ba76a532799 6199513 main/binary-all/Packages.gz
ac0766a12b53aaf36f04019e587f4b42548b42ad 4472758 main/binary-all/Packages.bz2
8e30582ecc7001c1f2829f9d814a6fc4cd79620f 43605376 main/binary-amd64/Packages
5102f037405c04c6d6e8b3a0b3a79a9392b83ecb 13523431 main/binary-amd64/Packages.gz
54d60f6174add87848e8dba478c05cd5ae075987 9709299 main/binary-amd64/Packages.bz2
SHA256:
128352e44d8921d4508658cac48b8539dd5683ae6f51b726759ad38e6e0b7e50 19710400 main/binary-all/Packages
2887d875de903522647a1daddeae1be0d035cd9405ffd736070dd38a8d110079 6199513 main/binary-all/Packages.gz
a8affadc116ad2640f0401e15261eff74172e0877d0e43cfc666b81287444164 4472758 main/binary-all/Packages.bz2
6f5b052662928084600159f98ed06c3e644af7a59f74e63d07a576aec97c8404 43605376 main/binary-amd64/Packages
19498dec852143986a813cb838b6b9061c01b15d866d4f79ad53d5fad7ae9f54 13523431 main/binary-amd64/Packages.gz
8c3562f940782ab4bbda7ebdc54398e5a138dabe8a624d321d76f701348fe4f1 9709299 main/binary-amd64/Packages.bz2

karthickitslm · January 29, 2021, 6:25am

Hello @quba42,

Can you please advise me further on resolving the issue.

Thanks.

karthickitslm · January 29, 2021, 11:10am

Hello @quba42 ,

Please find below the settings.

Sync Settings

Upstream URL: Index of /debian

Releases: buster

Components: main

Architectures: amd64

Verify SSL: No

Upstream Authorization

Mirror on Sync

HTTP Proxy

Publish via HTTPS

Yes

Publish via HTTP

Published At

http:

Hope this will help to resolve the issue. Thanks.

karthickitslm · January 30, 2021, 10:19am

Hello @tbrisker @quba42 @maximilian,

Can you please assist on resolving this issue further.

Thanks.

quba42 · February 2, 2021, 5:07pm

Looking helps, I totally missed your second line! In it you specifically request a source repository (which Foreman/Katello/Pulp does not provide). Remove the line that starts with deb-src and keep only the line that starts with deb on your clients, and you should be fine…

karthickitslm · February 3, 2021, 6:23am

Hello @quba42,

Thanks a lot for your update. As per your suggestion, I’ve removed that line and I’m getting the following error message.

Can you please share the configuration details used from your end so that I can compare that with my configuration which might help me to identify the problem.

maximilian · February 3, 2021, 7:09am

Can you please be more specific about which part of your configuration you are unsure? What documentation/tutorial did you follow?