Problem: Unable to apply updates from Foreman
Expected outcome: Expect to see installable updates listed under Content Hosts and be able to apply them from Foreman.
Foreman and Proxy versions: Foreman 3.4.1 (built-in proxy only)
Foreman and Proxy plugin versions:
- foreman-tasks 7.0.0
- foreman_remote_execution 8.0.0
- katello 4.6.2.1
Distribution and version: AlmaLinux 8.7 (Stone Smilodon)
Other relevant data:
Hi guys,
I inherited a half-finished Foreman/Katello server running AlmaLinux 8 that is intended to replace our Spacewalk server. Its main role is to manage system updates across a cluster of mostly CentOS 7 plus a few Debian 11/bullseye containers.
My goal is just to have an overview of package updates available across a LAN of a few dozen hosts and bulk apply them from Foreman.
I have a Product for CentOS 7 with one repository which successfully syncs from the upstream mirror. By generating a registration command from the web interface, I was able to register a few hosts as clients, although I got the warning below (we do not have a Red Hat subscription).
This system has already been registered with Red Hat using RHN
Classic.Your system is being registered again using Red Hat Subscription
Management. Red Hat recommends that customers only register once.
The registered hosts show up in the Content Hosts page with the correct OS and recent check-in times. However, the installable updates are all zeroes even when I know there should be available updates. I know there are updates available because I can run yum check-update
on the client and see them listed — I think it is pulling those directly from upstream though.
[gchamberlain@web3 ~]$ yum check-update
Loaded plugins: fastestmirror, product-id, search-disabled-repos, subscription-manager, tmprepo
Loading mirror speeds from cached hostfile
* base: mirrors.coreix.net
* epel: ftp.uni-bayreuth.de
* extras: mirrors.vinters.com
* updates: centos.mirrors.nublue.co.uk
httpd.x86_64 2.4.6-98.el7.centos.6 updates
httpd-devel.x86_64 2.4.6-98.el7.centos.6 updates
httpd-tools.x86_64 2.4.6-98.el7.centos.6 updates
java-1.8.0-openjdk.x86_64 1:1.8.0.362.b08-1.el7_9 updates
java-1.8.0-openjdk-headless.x86_64 1:1.8.0.362.b08-1.el7_9 updates
kernel-debug-devel.x86_64 3.10.0-1160.83.1.el7 updates
kernel-headers.x86_64 3.10.0-1160.83.1.el7 updates
libXpm.x86_64 3.5.12-2.el7_9 updates
mod_ssl.x86_64 1:2.4.6-98.el7.centos.6 updates
sudo.x86_64 1.8.23-10.el7_9.3 updates
I am trying to understand how subscription-manager
works.
[gchamberlain@web3 ~]$ sudo subscription-manager list --available
+-------------------------------------------+
Available Subscriptions
+-------------------------------------------+
Subscription Name: Debian 11/bullseye
[...]
Subscription Name: CentOS 7
Provides:
SKU: 739249773278
Contract:
Pool ID: 8a8b8a8e8438d31201843ce804810047
Provides Management: No
Available: Unlimited
Suggested: 1
Service Type:
Roles:
Service Level:
Usage:
Add-ons:
Subscription Type: Standard
Starts: 03/11/22
Ends: 01/12/49
Entitlement Type: Physical
Subscription Name: AlmaLinux 8
[...]
[gchamberlain@web3 ~]$ sudo subscription-manager attach --pool=8a8b8a8e8438d31201843ce804810047
Successfully attached a subscription for: CentOS 7
Great, I’ve attached a subscription!
[gchamberlain@web3 ~]$ sudo subscription-manager repos
+----------------------------------------------------------+
Available Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
Repo ID: Default_Organization_CentOS_7_CentOS_7_Main
Repo Name: CentOS 7 Main
Repo URL: https://foreman.domain.tld/pulp/content/Default_Organization/Library/custom/CentOS_7/CentOS_7_Main
Enabled: 1
[gchamberlain@web3 ~]$ cat /etc/yum.repos.d/foreman.repo
[foreman-base]
name=Foreman Base Repo
baseurl=https://foreman.lan/pulp/content/Default_Organization/Library/custom/CentOS_7/CentOS_7_Main/
gpgcheck=0
enabled=1
sslverify=0
Things I have tried:
- create “Operating Systems” in Foreman
- add content credentials in the form of RPM-GPG-KEY-CentOS-7 and assign to the repo
- create new activation key and re-register the clients
- publish a Content View
- using a “Production” environment
- disable simple content access for the organization
- update the Foreman host system and reboot
- suggestions on similar posts here (some kinda outdated)
Under Content Hosts, for “Installable Updates” all I see is zeroes:
My CentOS 7 repo:
I configured my firewall according to the Foreman and Katello docs, but it’s possible I made a mistake there.
Am I missing something? How can I update my client machines from Foreman?
With thanks,
Greg