Category: Red Hat Satellite

How to Create a New Host in Foreman with Ansible

Okay…this one was quite difficult to find online. Seems like the ansible documentation for the foreman module was seriously lacking or not kept up to date by anyone. I searched for awhile to see if anyone had an actual working model of it.
Not even in the ansible chat rooms did anyone know….which was weak.

So I spent some time getting this to work smoothly, and you will probably not find anywhere else on the web on how to do this. If you do show me….so I can kick myself.

Lets get dangerous then. 😊

Step by step:

Foreman – Already setup and your “computer resource” is hooked in (VMware)
Note: The compute profile(vmware) when hooked in, will also trigger a new vm creation in vsphere prepped to do DHCP. You can combine variables from vmware_guest module and this module as they require similar variables to be passed. To setup a one stop shop to deploy in foreman and vmware with just using ansible. Iv done this already…..

Special notes: The foreman I had setup did not have organisation or location configured. This caused the module to not function properly and I had to contact one of the developers who helped me patch the code so I didn’t require them to be configured or defined. Which I will show you all how to do.

Ansible – Assuming you have it setup and working with python 2.7 not sure this module will work with python 3. Havent tried that yet…..

Module – TheForeman Collection

1.To install it
a.ansible-galaxy collection install theforeman.foreman
b.edit ansible.cfg file and add the following lines.

Note: You can find the locations of these certs on foreman server. You will to copy them over to ansible for the callback to work properly. However, it is not needed to complete the host creation, you likely just see an error at the end of the play.

[callback_foreman]

url = ‘http://foreman-1.tdr.corp-apps.com’

ssl_cert = /etc/foreman-proxy/ssl-cert.pem

ssl_key = /etc/foreman-proxy/ssl-pvt.pem

verify_certs = /etc/foreman-proxy/ssl-ca

.

Okay once installed you. If you look at the ansible documentation on how to manage hosts using this module…from redhat.

It utterly useless…and will not work if you try to use the examples below.

https://people.redhat.com/evgeni/fam-antsibull/plugins/host_module.html

             name: “Create a host”

    host:

        username: “admin”

        password: changeme

        server_url: “https://foreman.example.com”

        name: new_host

        hostgroup: my_hostgroup

        state: present

.

2.Okay now since my foreman is not configured with Organisation and Locations. I had to patch the python code with the help of one of contributing authors of the module.

.

3.Apply the following patch.

.The fix was to avoid trying to touch a specific resource that is only available when you have Org/Loc enabled.

.

diff –git plugins/module_utils/foreman_helper.py plugins/module_utils/foreman_helper.py

index 432c76df..c9a3abda 100644

— plugins/module_utils/foreman_helper.py

+++ plugins/module_utils/foreman_helper.py

@@ -396,8 +396,9 @@ class ForemanAnsibleModule(AnsibleModule):

_host_update = next(x for x in _host_methods if x[‘name’] == ‘update’)

for param in [‘location_id‘, ‘organization_id‘]:

– _host_update_taxonomy_param = next(x for x in _host_update[‘params’] if x[‘name’] == param)

– _host_update[‘params’].remove(_host_update_taxonomy_param)

+ _host_update_taxonomy_param = next((x for x in _host_update[‘params’] if x[‘name’] == param), None)

+ if _host_update_taxonomy_param is not None:

+ _host_update[‘params’].remove(_host_update_taxonomy_param)

@_check_patch_needed(fixed_version=’2.0.0′)

def _patch_templates_resource_name(self):

.

4.Once this patch is implemented. You will need a role that has all the correct variables to pass to your foreman in order for it to be able create a host without erroring.

.

Trick: with ansible you can write some of the code and run the playbook and if there are missing variables it will tell you what they are.

.

fatal: [testnick1]: FAILED! => {

“changed”: false,

“invocation”: {

module_args“: {

activation_keys“: null,

“architecture”: null,

“build”: null,

“comment”: null,

compute_attributes“: null,

compute_profile“: null,

compute_resource“: null,

config_groups“: null,

content_source“: null,

content_view“: null,

“domain”: null,

“enabled”: null,

“environment”: null,

hostgroup“: “my_hostgroup“,

“image”: null,

interfaces_attributes“: null,

ip“: null,

kickstart_repository“: null,

lifecycle_environment“: null,

“location”: null,

“mac”: null,

“managed”: null,

“medium”: null,

“name”: “testnick1”,

openscap_proxy“: null,

operatingsystem“: null,

“organization”: null,

“owner”: null,

owner_group“: null,

“parameters”: null,

“password”: “VALUE_SPECIFIED_IN_NO_LOG_PARAMETER”,

provision_method“: null,

ptable“: null,

puppet_ca_proxy“: null,

puppet_proxy“: null,

puppetclasses“: null,

pxe_loader“: null,

“realm”: null,

root_pass“: null,

server_url“: “http://foreman-1.nictailor.com/”,

“state”: “present”,

“subnet”: null,

“subnet6”: null,

“username”: “ntailor“,

validate_certs“: true

}

},

msg“: “The hostname must be FQDN”

}

.

PLAY RECAP ************************************************************************************************************************************************************************

testnick1 : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

.

.

5.Okay so once you get all the variables. Its just a matter of playing around until you’re able to get to work.
c.Mkdir a directory inside /etc/ansible/roles
i.mkdir ansible-provision-foreman
d.Inside the directory create two directories (defaults & tasks)
ii.Mkdir defaults && mkdir tasks

.

6.Now inside the tasks directory, create a file called main.yml and insert the code below
e.vi main.yml

Create a Host: This code is what you need for this module to work.

– name: “Create a host”

  theforeman.foreman.host:

username: “{{ foreman_user }}”

password: “{{ vcenter_password }}”

    server_url: “{{ server_url }}”

name: “{{ inventory_hostname }}”

    hostgroup: “{{ host_group }}”

managed: no

build: no

    compute_profile: “{{ compute_profile }}”

    compute_resource: “{{ computer_resource }}”

    compute_attributes:

      cpus: “{{ vm_cpu_count }}”

      memory_mb: “{{ vm_memory }}”

    interfaces_attributes:

– type: “interface”

primary: true

      compute_attributes:

name: nic1

network: “{{ vm_vlan_name }}”

interface: “{{ vm_interface }}”

subnet: “{{ vm_subnet }}”

        ip: “{{ vm_ip }}”

domain: “{{ domain }}”

provision: yes

    operatingsystem: “{{ operating_system }}”

medium: “{{ medium }}”

architecture: x86_64

    pxe_loader: PXELinux BIOS

    puppet_ca_proxy: “{{ puppet_ca_proxy }}”

    puppet_proxy: “{{ puppet_proxy }}”

    root_pass: “{{ root_pass }}”

environment: tdr

# ptable: Centos – LVM – / , swap

    ptable: “{{ ptable }}”

# owner: unix

state: present

    validate_certs: false

  delegate_to: localhost

– name: “Switch host on”

  theforeman.foreman.host_power:

username: “{{ foreman_user }}”

password: “{{ foreman_password }}”

    server_url: “{{ server_url  }}”

hostname: “{{ inventory_hostname }}”

state: on

    validate_certs: false

  delegate_to: localhost

.

f.save file.

.

7.Okay so next want now want to pass the basic defaults for new host creating. How we do that is define what those are under defaults. These variables wont change
g.Cd ../defaults
h.Vi main.yml

Note: You can find all these variables inside foreman GUI with a bit of digging.

foreman_user: Reptilianfilth
foreman_password: { generally want a ansible vault password }
compute_profile: vmware
computer_resource: vcenter.nic.internal
domain: nic.internal
medium: 7.8-CentOS
puppet_ca_proxy: puppet-2.nic.internal
puppet_proxy: puppet-2.nic.internal

i.Save file

.

8.Okay now we want to pass the host specific variables for new host creations and or vm deployments.
j.Move into to your /etc/ansible/inventory/{{environment}}/host_vars directory
iii.CD /etc/ansible/inventory/{{environment}}/host_vars
iv.Create a file called testserver
v.Vi testserver

#VM creation variables

vm_network: niccorp-192.168.65_corp

vm_interface: VMXNET3

vm_subnet: 192.168.65.0

vm_ip: 192.168.65.103

domain: nic.internal

managed: no

host_group: Base-Server/Centos-7.8.2003

operating_system: Centos 7.8.2003

ptable: Centos – LVM – / , swap

root_pass: changemetwiceaday

medium: 7.8-CentOS

.

k.Past the above and save the file

Special Note: Now if you wanted to have it so you can use foreman module or vmware_guest module combining the variables names between the modules.

You can do as below. You will need to ensure the variables match but it works. You can get around having to rely on DHCP with this.

#VM creation variables foreman and vmware together

vm_vlan_name: nic_192.168.44_db_stor2

vm_datastore: esx_nicrcorp

vm_dvswitch: VDS-nic-Corporate

vm_interface: VMXNET3

vm_subnet: 192.1268.44.0

vm_ip: 192.168.44.14

vm_netmask: 255.255.255.0

vm_gateway: 192.168.44.254

vm_dns_servers: [192.168.1.1]

vm_dns_suffix: nic.internal

vm_cpu_count: 4

vm_memory: 16384

vm_state: poweredon

vm_connected: true

domain: tdr.internal

managed: no

host_group: Base-Server/Centos-7.8.2003

operating_system: Centos 7.8.2003

ptable: Centos – LVM – / , swap

root_pass: changemetwiceaday

medium: 7.8-CentOS

9.Next you need to ensure your host are listed in your inventory host file
l.vi ../hosts
m.testnick3.nic.internal
10.save file

.

Before you to start one last thing. If you remember in the defaults we outlined

compute_profile: vmware
(this is the foreman profile it will use, so whatever defaults you have set for network and disksize here is what will be used to trigger foreman to create a host in vcenter, so it good to go check this in foreman first.)

.

.Run playbook: from /etc/ansible

[root@nick ansible]# ansible-playbook –i inventory/TDR/hosts foremancreatehost.yml –ask-vault-pass –limit ‘testnick3.tdr.internal’

Vault password:

.

PLAY [all] **********************************************************************************************************************************************

.

TASK [ansible-provision-foreman : Create a host] ********************************************************************************************************

changed: [testnick3.tdr.internal]

.

PLAY RECAP *******************************************************************************************************************************************************************************

testnick3.tdr.internal : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

.

403 Client Error: Forbidden for url: http://foreman-1.nic.corp.com/api/v2/reports (if you see this, just ignore it) Its just callback report.

.

How to build a server using kickstart satellite 6.x

Note: This document is assuming that your capsule server are already configured and your dhcpd service is running and your subnets have been added to the config already.

Manual process:

HOST TAB

1.On the top menu bar click on the HOSTS
a.Create hosts

Under Create hosts there are a bunch of tabs that need to be filled out.

Name * (This is the name of your vm) – “nick.test1.com”
This value is used also as the host’s primary interface name.

Organisation * Which ever ORG which want the host to live in (LCH)

Location * london

Host Group – We will do this late for now just choose an existing non-prod group.

Deploy on – Bare Metal

Lifecycle Environment Non-Prod

Content View – Select a content view that exists, check under content view

Content Source – leave blank

Interfaces TAB

Type : Interface

MAC address : Grab the mac address from vcenter or login in existing OS and get interface mac-address

Device identifier :  en016780032

DNS name “nick.test1.com

Domain : nicktailor.com

IPv4 Subnet: subnet the vlan lives on(this is setup on capsule server)
nick-10.61.120.0-26(10.61.120.0/26)

IPv6 Subnet

IPv4 address : 10.61.120.45

Managed (checked)

Primary (checked)

Provision(checked)

Remote execution(checked)

.

Operating System TAB

Architecture * :x86_64

Operating system *: RHEL Server 7.4

Media SelectionSynced Content All Media

Select the installation media that will be used to provision this host. Choose ‘Synced Content’ for Synced Kickstart Repositories or ‘All Media’ for other media.

Media *: RHE7-cap01 (this is where the repositories live)

Partition table *: RHEL7-TESTING (make sure this attached to a hostgroup and operating sytem) Under HOSTS & CONFIGURE)

PXE loader : PXELinux BIOS (this is for the PXE Boot)

Custom partition table (leave blank unless you want to overide

What ever text(or ERB template) you use in here, would be used as your OS disk layout options If you want to use the partition table option, delete all of the text from this field

Root password : password

Password must be 8 characters or more

Pamameters TAB

Puppet class parameters

Puppet class  Name  Value  Omit

.

Global parameters:

Capsule : nick-cap01.com

Activation_keys: RHEL7-2017-12-PROD

                      nick-cap01.com
                       kt_activation_keys: RHEL7-2017-12-Prod

                      (if you override the default key it shows up below)

                      puppet_server  : nick-pup02.com

.

Host parameters:

Name  Value  Actions

kt_activation_keys

RHEL7-2017-12-Non-Prod (nonprod)

Additional Information TAB

Owned by: Nick Tailor

Enabled: Include this host within satellite reporting (check this)

Hardware Model

Commen: Blank

.

Next Step – Create a hostgroup

Under Configure select Host Groups( You need a host group in for your deployment to work properly without this is will not work )

Note: Generally its easier to clone an existing hostgroup, change the name and edit the settings to save you time. However for the purposes of this document. We are going to go through the process.

1.Click on Create Host Group (Top right)

Host Group Tab

Parent

Name *:  Nick-hax0r-servers (Project name – servers)

Lifecycle Environment: NON-PROD (make sure you have lifecycle environment configured)

Content View : RHEL7-2019-03 (Make sure to select a content view that exists, you can go to content views and look at which it exists and the copy and paste the name exactly)

Content Source: nick-cap01.com(This is the capsule server where the content for the repositories exist for the dev environment, in addition where the subnets are defined that these project servers can dhcp from pxeboot)

Puppet Environment: Non_Production_RHEL7_2019_03_127
Note: (Define this is you have a puppet environment configured with satellite. You will need to have your puppet environment match this content view if you do)

Compute profile : Blank

Puppet Master: Blank

Puppet CA: Blank

OpenSCAP Capsule : Blank

Note: (This is good for pulling server information and vulnerabilities)

Network TAB

Domain: nicktailor.com

IPv4 Subnet: NTC-10.61.120.0-26(10.61.120.0/26)
Note: (
These subnets are defined in satellite under Infrastructure and then Subnets)

IPv6 : No Subnet

Realm: Blank

.

Operating System TAB

Architecture: x86_64

Operating system * : RHEL Server 7.4
(Note: This section is very important. You will need to attach the partition table to the operating system under Hosts and Operating System. If you do not when you make your provision template this host group will not be able to see the partition table you created when you choose the OS you want to deploy.

Media Selection    Synced Content All Media

Select the installation media that will be used to provision this host. Choose ‘Synced Content’ for Synced Kickstart Repositories or ‘All Media’ for other media.

Media *: RHEL7-nick-cap01

Partition table *: RHEL7-Testing
(Note: This is created under HOSTS and Partition Table)

PXE loader: Blank

Root password: Password (set this for your server to desired setting)

.

Parameters TAB

Global Parameters

Host group parameters:

Name:         Value:

Capsule       nick-cap01.com

puppet_server      nick-pup02.com
Note:(You only need this define i`f you have a puppet server environment configured)

.

Locations TAB

Under Selected Items:

  Add London

Organizations TAB

Under Selected Items:
Add organizations you want to have access to the host group
ADD: LCH

.

Activation Keys TAB

Activation keys: RHEL7-2017-12-Non-Prod (this key defines which organization, host group, repositories, life cycle environment and organization the host initially gets registered with. You can manually change these setting after, however its probably good to make a proper key to save you lots of time.

.

Next Step – Created Patition Table
HOSTS and Partition Tables

.

1.Click On Create Parition Table
(Note: Its generally better to clone an exitsing table and edit as needed, however for the purposes of this doc, we will go through the settings) You will also need to add this table to your operating system under Hosts and Operating system for the provision template to work properly)

Template TAB

Name * : GTP-RHEL7-Testing (Name your partition table scheme)

Default

Default templates are automatically added to new organisations and locations

Snippet

Operating system family: RED HAT

Input:

Note: This is a standard lvm setup using ext4 for the OS. If you are going to use dual boot, then you want to change the first 3 lines

zerombr

clearpart –drives=sda –all –initlabel

part /boot –fstype ext4 –size=1024 –asprimary –ondisk=sda

part pv.00 –size=1 –grow –asprimary –ondisk=sda

volgroup vgroot pv.00

logvol / –name=lv_root –vgname=vgroot –size=15360 –fstype ext4

logvol swap –name=lv_swap –vgname=vgroot –size 6144 –fstype swap

logvol /var –name=lv_var –vgname=vgroot –size 10240 –fstype ext4

logvol /opt –name=lv_opt –vgname=vgroot –size 10240 –fstype ext4

logvol /var/tmp –name=lv_var_tmp –vgname=vgroot –size 5120 –fstype ext4 –fsoptions=nodev,nosuid,noexec

logvol /var/log –name=lv_var_log –vgname=vgroot –size 5120 –fstype ext4

logvol /var/log/audit –name=lv_var_log_audit –vgname=vgroot –size 2048 –fstype ext4

logvol /var/coredumps –name=lv_crash –vgname=vgroot –size 16384 –fstype ext4

logvol /tmp –name=lv_tmp –vgname=vgroot –size 5120 –fstype ext4 –fsoptions=nodev,nosuid,noexec

logvol /home –name=lv_home –vgname=vgroot –size 5120 –fstype ext4 –fsoptions=nodev

.

Dual Boot template:

.

Note: Change the drive designation from sda to sdx (x being whatever the new drive designation is) In the example below its /dev/sdc

.

clearpart –drives=sdc –all –initlabel

part /boot –fstype ext4 –size=1024 –asprimary –ondisk=sdc

part pv.00 –size=1 –grow –asprimary –ondisk=sdc

volgroup vgroot pv.00

logvol / –name=lv_root –vgname=vgroot –size=15360 –fstype ext4

logvol swap –name=lv_swap –vgname=vgroot –size 6144 –fstype swap

logvol /var –name=lv_var –vgname=vgroot –size 10240 –fstype ext4

logvol /opt –name=lv_opt –vgname=vgroot –size 10240 –fstype ext4

logvol /var/tmp –name=lv_var_tmp –vgname=vgroot –size 5120 –fstype ext4 –fsoptions=nodev,nosuid,noexec

logvol /var/log –name=lv_var_log –vgname=vgroot –size 5120 –fstype ext4

logvol /var/log/audit –name=lv_var_log_audit –vgname=vgroot –size 2048 –fstype ext4

logvol /var/coredumps –name=lv_crash –vgname=vgroot –size 16384 –fstype ext4

logvol /tmp –name=lv_tmp –vgname=vgroot –size 5120 –fstype ext4 –fsoptions=nodev,nosuid,noexec

logvol /home –name=lv_home –vgname=vgroot –size 5120 –fstype ext4 –fsoptions=nodev

.

Locations TAB

.

Under Selected Items:

  ADD: London

.

Organization TAB

.

Under Selected Items:

  ADD: NTC

.

.

Next Step – ADD New Partition Table to Operating System

1.Click on HOSTS and Operating Systems
2.Select the OS
a. RHEL 7.2
Note- (This part is important. The way to figure out which OS to choose is to check the which repositories are available on the capsule server defined. Say you chose RHEL7. 4, but the repository doesn’t exist there. The provision template will then choose the default template and your partition template and everything will no longer be there and you could accident deploy on the wrong disk wiping out data potentially)

.

Example if we chose the content view RHEL7-2019-03 and the OS RHEL7.4 in the provision template but on the capsule server. The path shows only 7.5 under that content view, the url would fail during the deployment and revert 7.2 default settings and would use a different partition table if the one you created wasn’t available under the default OS setting.

.

root@nick-cap01:/var/lib/pulp/published/yum/http/repos/NTC/Non-Production/RHEL7-2019-03/content/dist/rhel/server/7/7.5

.

I found its best to use the default OS and then just ensure that yum update is in the kickstart file that is going to be used

.

Will look like this in the kickstart file.

# update all the base packages from the updates repository

yum -t -y -e 0 update

b.Next under Parition Table tab
i.Under selected Items:
ii.Add new partition table (GTP-RHEL7-TESTING)

.

Now go back to your New your provision template.

.

Under Hosts and Provision Template.

1.Select your new template (GTP-kickstartprofile-testing)
a.Under Association TAB
i.Ensure the OS RHEL 7.2 is under selected items
b.Under Host Group
ii.Your new Host Group is selected (GTP-servers)

.

Now to set your server to build status so that the PXEboot is able to pick it up on network book.

.

1.Under Hosts and All hosts
2.Search for your host
a.Click on the host nick.test1.com
b.Click on BUILD on the far right (Note this will create the pxeboot file on the capsule server so when you network boot this host it will know which server to deploy the provision templates to.

.

.

Now we can test the deployment from VCENTER

.

1.Under VM’s
a.Find your Vm (nick.test2.com)
b.Open your console on the vm
c.Reboot
i.During the reboot hit f12 for the network boot option.
d.If all goes well the kickstart server should deploy without any intervention and reboot into your OS

.

.

.

.

.

.

How to automate your RedHat Satellite 5.x Channel Cloning

  • In order for the scripts to work without sending your password to “ps” you will need to setup a config for spacecmd

Credential FileEdit section

Spacecmd can be configured with a credentials file so you are not prompted for a username/password each time. This allows for easier scripting.

  1. Create a hidden spacecmd directory in your home. Lock down permissions.
    mkdir ~/.spacecmd
    chmod 700 ~/.spacecmd
    
  1. Create a config file in the directory and give proper permissions.
    touch ~/.spacecmd/config
    chmod 600 ~/.spacecmd/config
    
  1. Edit the config file and fill in the header, Spacewalk server fqdn, username, and password.
    vim ~/.spacecmd/config
    
    [spacecmd]
    server=spacewalk.nicktailor.com
    username=usernamehere
    password=passwordhere

Clone scripts
http://www.nicktailor.com/files/clonechannel.redhat7.sh
http://www.nicktailor.com/files/clonechannel.redhat6.sh
http://www.nicktailor.com/files/clonechannel.redhat5.sh

REDHAT 7 (EXAMPLE)
#!/bin/bash
spacewalkServer=spacewalk.nicktailor.com
defaultOrgAdmin=USER

read -p “Enter to Continue”

BASE_CHANNEL=”rhel-x86_64-server-7″
CHILD_CHANNELS=”rhel-x86_64-server-7-thirdparty-oracle-java rhel-x86_64-server-7-rhscl-1 rhel-x86_64-server-optional-7 rhel-x86_64-server-supplementary-7 rhn-tools-rhel-x86_64-server-7 epel_rhel7_x86_64 nginx.org-packages”
SPECIAL=”rhel-tools-rhel-x86_64-server-6″
DATESTRING=`date +20%y-%B-%d`
echo Run on $DATESTRING >> clonechannels-$DATESTRING.log
UNDO_FILE=clonechannels-$DATESTRING.undo
rm -f $UNDO_FILE
rm -f clonechannels-$DATESTRING.log
echo Undo file is $UNDO_FILE
echo DATESTRING = $DATESTRING
BASE_CHANNEL_NAME=$BASE_CHANNEL-$DATESTRING
echo BASE_CHANNEL_NAME = $BASE_CHANNEL_NAME
echo spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_clone -n $BASE_CHANNEL_NAME -l $BASE_CHANNEL_NAME -s $BASE_CHANNEL -g >> clonechannels-$DATESTRING.log
spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_clone -n $BASE_CHANNEL_NAME -l $BASE_CHANNEL_NAME -s $BASE_CHANNEL -g
echo spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_setorgaccess $BASE_CHANNEL_NAME -e >> clonechannels-$DATESTRING.log
spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_setorgaccess $BASE_CHANNEL_NAME -e
for CHILD_CHANNEL in ${CHILD_CHANNELS}
do
CHILD_CHANNEL_NAME=$CHILD_CHANNEL-$DATESTRING
echo CHILD_CHANNEL_NAME = $CHILD_CHANNEL_NAME
echo spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_clone -n $CHILD_CHANNEL_NAME -l $CHILD_CHANNEL_NAME -p $BASE_CHANNEL_NAME -s $CHILD_CHANNEL -g >> clonechannels-$DATESTRING.log
spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_clone -n $CHILD_CHANNEL_NAME -l $CHILD_CHANNEL_NAME -p $BASE_CHANNEL_NAME -s $CHILD_CHANNEL -g
if [ $CHILD_CHANNEL == “rhn-tools-rhel-x86_64-server-7” ]
then spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_clone -n $SPECIAL -l $SPECIAL -p $BASE_CHANNEL_NAME -s $CHILD_CHANNEL -g
fi
echo spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_setorgaccess $CHILD_CHANNEL_NAME -e >> clonechannels-$DATESTRING.log
spacecmd -u $defaultOrgAdmin -s $spacewalkServer — softwarechannel_setorgaccess $CHILD_CHANNEL_NAME -e
echo spacecmd -u $defaultOrgAdmin -s $spacewalkServer -y — softwarechannel_delete $CHILD_CHANNEL_NAME >> $UNDO_FILE
done

How to deploy servers with KickStart 5.0

  1. Open up Vcenter and login
  1. Find the folder you wish to create the new vm
    1. Right click on the folder and select create a new vm
    2. Go through and select the VM parameters you require ie(CPU, Memory, HD space, etc)
      NOTE: that you should keep the HD space to 50 gigs and thin provision the vm.
  2. Next you want to edit the VM settings
    1. Select the CD/DVD option and then boot off a redhat linux 6.6 install dvd.
      1. Enable the connect on start and conneted check boxes at the top.
    2. Next you want to select the Network adapter and select the correct Network Label(VLAN) so the server will be able to communicate dependant on which ever ip/network you chose.

Note: You will not be able to kickstart if you do not have the proper vlan for your ip.

  1. Next Login into satellite
    1. Click on kickstart on the left pane and then profiles
    2. Select the button “Advanced options
    3. Scroll down to network and edit the line as needed.
      1. –bootproto=static –ip=10.2.10.13 –netmask=255.255.255.0 –gateway=10.2.10.254  –hostname=server1.nicktailor.com –nameserver=10.20.0.17.

Note: You need to do this if you want the server provisioned with ip and hostname post install.

  1. Scroll down and click update for settings to take effect.
  2. Next click on System Details and then Paritioning.
  3. Edit the partitions to the specification required. You in most cases wont need to update this will be a standard template. However for the purposes of documentation its here.

Example of standard partition scheme

part /boot –fstype=ext4 –size=500
part pv.local –size=1000 –grow
volgroup vg_local pv.local
logvol / –fstype ext4 –name=root –vgname=vg_local –size=2048
logvol swap –fstype swap –name=swap –vgname=vg_local –recommended
logvol /tmp –fstype ext4 –name=tmp –vgname=vg_local –size=1024
logvol /usr –fstype ext4 –name=usr –vgname=vg_local –size=4096
logvol /home –fstype ext4 –name=home –vgname=vg_local –size=2048
logvol /var –fstype ext4 –name=var –vgname=vg_local –size=4096 –grow
logvol /var/log –fstype ext4 –name=log –vgname=vg_local –size=2048 –grow
logvol /var/log/audit –fstype ext4 –name=audit –vgname=vg_local –size 1024
logvol /opt –fstype ext4 –name=opt –vgname=vg_local –size=4096 –grow

  • Once you have the desired setting, select “Update Paritions”

4. Next Select Software
     5. You can add or remove any necessary or un-necessary packages.

By using the (-) before the package name it will remove it from the base install. If you simply type in the package name it will ensure its added to the base install.

The packages indicated below are an example of how you
@ Base
@X Window System
@Desktop
@fonts
python-dmidecode
python-ethtool
rhn-check
rhn-client-tools
rhn-setup
rhncfg-actions
rhncfg-client
yum-rhn-plugin
sssd

6.  Select update packages once you have chosen your base packages

7. Now boot up the vm, once your cd/image is booted you should see a grub line, before it boots into the install, follow the steps below.

8. At the grub line issue the following command. (Update the ip according to above step as needed. If you are using DHCP then you just need the url without the additional parameters.

linux ks=http://satellite.nicktailor.com/ks/cfg/org/5/label/Kickstartname ip=10.0.12.99 netmask=255.255.255.0 gateway=10.0.12.254 nameserver=10.20.0.17

9. Your VM at this point should go through without any user interaction and install and reboot with a functional OS.

Note: Since you have kickstarted your server using satellite, it will automatically be registered to satellite server, saving you the hassel of doing it after the fact.

 

How to Upgrade and Downgrade Packages with RHN Satellite 5.0

RHN Satellite Package upgrade and downgrade processes

Listing packages installed or available for upgrading on a host.

  1. Click on systems
    1. Next click on the target hostname
    2. Now click on the software tab
  • · If you click on list/remove Installed packages this will show you the current listed packages for the target host, you can also search by the specific package in the search field above the listed packages
  • · If you click on upgrade packages, this will only list the current available packages the host system is currently subscribed to.

Note: just because you don’t see newer packages available does not mean they are not out there.

 

Package Search on all available channels

 

  1. There are two ways you can do this
    1. Method 1 – Click on Channels at the very top, then package search, next type in the package name
  • · Once you have found the package, click on the package name, and it will take you to a details screen, on that screen it will have available from: in that section it will list out the channels that are subscribed to satellite that have the package you are looking for available from.
  1. Method 2 – This is the way I like to do it – Click on systems, then software tab, and then install new packages
  • · Next search for the package you wish to install, this will the latest available package from all channels available, and if you click on the package it will show the available channels for that specified package.

 

Upgrading  packages

  1. Click on systems, select the host, then software tab, and then upgrade
    1. Search for the packages you wish to upgrade and select them by checking the box to to the left of it

Note: if you are going to do select all, I would recommend against this, as if you select this button, even its not listed on the page it will literally select all the packages available. So select them individually is the way to go.

  1. Once completed check boxing scroll down to the bottom right and select upgrade packages, it will go to another confirmation screen, click on confirm.
  2. This will then be queued.
  3. If you click on Events, you should see it there and shortly within 5 min window it should disappear, if it does not then something is wrong, and you need to get a hold of satellite admin to investigate.

Downgrading  packages

  1. Click on systems, select the host, then software tab, and then profiles
    1. Select the stored profile of the date/time that Under “Compare to Stored Profile” and hit compare.
    2. You should see a list of packages that it is now going to synch back to, select sync package bottom right.
    3. You should see it go the events page, after about 5 mins it should no longer be listed in events, which means the server picked up the process and should begin downgrading shortly.

How to patch using RHN Satellite 5.0

Create a roll back tag

.

1.Log into satellite
2.Click on Systems
a.Now select Systems Groups
b.Next to the group you wish to patch click on “Use in SSM”
c.Top right of screen click on Manage (you should see the number of machines for that group selected in brackets)
3.Under Provisioning
d.Click on snapshot rollback
e.Now click on “Tag systems” tab
f.Type in the name of the Tag as depending on the group ie (DEV1-Sept26-2013)
g.Click on Tag current snapshots (this will tag the whole group with a rollback tag, should you ever need to.
h.If you needed to roll back instead of “tagsystems” You would select the “Rollbback” tab
i.Now Click on Manage again top right
4.Under Channels
j.Click on Channel memberships
k.Now Select Base Channels
l.Change the i386 channel to the Latest i386 channel available and do the same x86_64, you may also notice there are RHN5 & RHN6 channels.
m.Click on confirm subscriptions
n.Then click on Alter subscriptions bottom right
o.Now select child channels and ensure any childs you need are subscribed as well (Ie Clustering storage, Network tools, Vmware etc.
5.Now click on Manage again, ensuring the correct number of servers is still being managed.
p.Click on Schedule errata updates
q.Scroll to bottom of screen and select all
r.Click on Apply Errata
s.And now Schedule Updates
6.If you click on Schedule on the top menu should show you all the updates running
7.Click on Systems
t.Click on System Groups
u.Select the group you wish to view
v.Click on the “systems” tab inside the systems group
w.Now if you click on “systems” tab periodically you should see the patching counting down to zero, any server that is not counting down has an issue and you will need to log in as root to figure out what is wrong. (Refer Common problems and fixes)

.

Troubleshooting Guide

Errata does not appear to be counting down in systems group

 Log into Culprit server
 confirm that enabled = 1 is set in the file, cat /etc/yum/pluginconf.d/rhnplugin.conf

type cat

If it isn’t set, the Satellite will try to use the local repos, and not the channels on the Satellite server

 If the above doesn’t work you may want to ensure the you can connect to the satellite server by running telnet to the satellite on the following ports
 telnet kam1opapp99.connex.bclc.com 80
 telnet kam1opapp99.connex.bclc.com 443
 telnet kam1opapp99.connex.bclc.com 5222
1.The response you for all of these should look like

Trying 10.20.0.8…

Connected to kam1opapp99.connex.bclc.com.

Escape character is ‘^]’.

 

 Next run Yum –y update, if you see any of the following errors
 A common error is “cpio: open failed – Permission denied cpio: open failed – Permission denied“ or something similar
2.This usually means you have a mount point that is read only
3.Type mount at the command prompt to see if that is the case.

[root@kam1odapp19<dev>:~]# mount

/dev/mapper/vg_local-root on / type ext3 (rw)

proc on /proc type proc (rw)

sysfs on /sys type sysfs (rw)

devpts on /dev/pts type devpts (rw,gid=5,mode=620)

/dev/mapper/vg_local-usr on /usr type ext3 (rw,nodev)

/dev/mapper/vg_local-tmp on /tmp type ext3 (rw,noexec,nosuid,nodev)

/dev/mapper/vg_local-home on /home type ext3 (rw,nodev)

 If you see (rw,nodev) on the /usr mount

(this mean you the partition is read only and yum can not write updates to the /usr directory)

 To fix type mount –o remount,rw /usr
 And yum –y update again.

 If this still fails then escalate to a Senior Linux System Administrator..hahaha, JUST JOKES 😛

 Upon reboot Server does not come backup
 This could be the result of many things, however the most common is grub failure, to correct this we need to re-install grub manually from a RHN boot CD
4.Mount the VM or Server to a redhat disk 1.img file and boot to the prompt
5.At the prompt type “Linux Rescue” and hit <enter>
6.Once you reach the boot prompt type “chroot /mnt/sysimage” (you should see a note telling you above the prompt on how to do it.
7.Now you want to view grub conf “cat /boot/grub/grub.conf” and write down the following lines somewhere in notepad as you will need them
 kernel /vmlinuz-2.6.18-348.6.1.el5 ro root=/dev/vg_local/root rhgb quiet audit=1
 initrd /initrd-2.6.18-348.6.1.el5.img
8.next cd into the /boot directory
9.type “grub” <enter> this will take you to the grub prompt
 now you need to tell grub to load the kernel & initrd manually indicated below
 grub> kernel /boot/ vmlinuz-2.6.18-348.6.1.el5

(result will look something like this)

[Linux-bzImage, setup=0x1400, size=0x15f464]

 grub> initrd /boot/ initrd-2.6.18-348.6.1.el5.img
 (result will look something like this )
 [Linux-initrd @ 0x376000, 0x79e3d bytes]
 If the initrd gives an error don’t worry, it does that sometimes, proceed to setting up the on boot partition anyway
 grub> setup (hd0)

(Result –should look like below)

Checking if “/boot/grub/stage1” exists… yes

Checking if “/boot/grub/stage2” exists… yes

Checking if “/boot/grub/e2fs_stage1_5” exists… yes

Running “embed /boot/grub/e2fs_stage1_5 (hd0)”… failed (this is not fatal)

Running “embed /boot/grub/e2fs_stage1_5 (hd0,2)”… failed (this is not fatal)

Running “install /boot/grub/stage1 (hd0) /boot/grub/stage2 p /boot/grub/menu.lst “… succeeded

 Done.
 Reboot image

10.If that does not work escalate to Senior Systems Administrator
HAHAH…JUST JOKES 😛

.

 File System Check Fails upon reboot
 If you see the following message after a reboot

Give root password for maintenance (or type Control-D to continue)

 You will need to boot into single user mode and run an fsck on the partition that is failing a file system check.
 To boot into single user mode you edit the boot instructions for the GRUB menu entry you wish to boot and add the kernel parameter/option single. Brief instructions for how to do this are below.
11.Select (highlight) the GRUB boot menu entry you wish to use.
12.Press e to edit the GRUB boot commands for the selected boot menu entry.
13.Look near the bottom of the list of commands for lines similar to

kernel /vmlinuz-2.6.18-348.12.1.el5PAE ro root=LABEL=/

14.You want to add “init=/bin/sh” to the end of the kernel line and then hit “B” to Boot
 It should look like so

kernel /vmlinuz-2.6.18-348.12.1.el5PAE ro root=LABEL=/ init=/bin/sh

15.Next you want to run fsck –y <whatever partition that needs to checked>
 You will run this on a unmounted partition, never run on a mounted partition as you can corrupt the data if you do.

.


RHN Satellite Package
upgrade and downgrade processes

Listing packages installed or available for upgrading on a host.

1.Click on systems
a.Next click on the target hostname
b.Now click on the software tab
 If you click on list/remove Installed packages this will show you the current listed packages for the target host, you can also search by the specific package in the search field above the listed packages
 If you click on upgrade packages, this will only list the current available packages the host system is currently subscribed to.

Note: just because you don’t see newer packages available does not mean they are not out there.

.

Package Search on all available channels

.

2.There are two ways you can do this
c.Method 1 – Click on Channels at the very top, then package search, next type in the package name
 Once you have found the package, click on the package name, and it will take you to a details screen, on that screen it will have available from: in that section it will list out the channels that are subscribed to satellite that have the package you are looking for available from.
d.Method 2 – This is the way I like to do it – Click on systems, then software tab, and then install new packages
 Next search for the package you wish to install, this will the latest available package from all channels available, and if you click on the package it will show the available channels for that specified package.

.

Upgrading packages

3.Click on systems, select the host, then software tab, and then upgrade
e.Search for the packages you wish to upgrade and select them by checking the box to to the left of it

Note: if you are going to do select all, I would recommend against this, as if you select this button, even its not listed on the page it will literally select all the packages available. So select them individually is the way to go.

f.Once completed check boxing scroll down to the bottom right and select upgrade packages, it will go to another confirmation screen, click on confirm.
g.This will then be queued.
h.If you click on Events, you should see it there and shortly within 5 min window it should disappear, if it does not then something is wrong, and you need to get a hold of satellite admin to investigate.

.

Downgrading packages

4.Click on systems, select the host, then software tab, and then profiles
i.Select the stored profile of the date/time that Under “Compare to Stored Profile” and hit compare.
j.You should see a list of packages that it is now going to synch back to, select sync package bottom right.
k.You should see it go the events page, after about 5 mins it should no longer be listed in events, which means the server picked up the process and should begin downgrading shortly.

.

.

.

.

.

.

.

.

.

.

0