How to correctly register a cloned virtual machine in Satellite

Latest response

We have a virtual machine, running RHEL 7 workstation, that was cloned to make 25 additional virtual machines.

All of them have the same system identity # and same "name:" field when you run "subscription-manager identity" on them. The source virtual machine is registered in Satellite, and we would want to keep that one.

How can all of the cloned machines get registered correctly in Satellite without un-registering the original machine?

Thanks,

Paul

Responses

Prior to cloning, you should have run subscription-manager unregister.

Now that you have cloned the systems, you need to make the cloned clients 'forget' their identity. subscription-manager clean will do this.

Ok, I did the 'clean' command, registered the system again, subscribed to the correct entitlements and repos. The new hostname didn't appear in Satellite though, and I suspect it still checked in as the original one. Should that original virtual machine have been removed from Satellite before doing the above?

I deleted the original hostname in Satellite and did all of the above again, but when I go to re-register it keeps trying to re-register again under the original hostname. I also registered a different system, and again it registered as the original hostname, even though the hostname in /etc/hostname is correct, and /etc/sysconfig/network is default and doesn't have a hostname configured in it. I noticed another entry that got duplicated in the cloning that might be contributing to the problem. If you run hostnamectl status, all of these cloned virtual machines have the same "Machine ID". If Satellite is referencing that "Machine ID" when it's registering a system, maybe that is causing a problem. ??

Ah, you didn't mention that you were using Satellite.

You need to remove /etc/rhsm/facts/katello.facts from the systems. When you installed the katello-ca-consumer-latest package, that file is created (to ensure that subscription-manager reports your system via FQDN). Otherwise, the system might report a short hostname and that causes issues with puppet.

Thank you! removing the katello.facts and then un-register and re-register worked fine.

Yes, that was the last piece of the puzzle -thanks! If the machine-id is duplicated, what issues might that cause? It'll be a little tedious but I'll need to go through and reset those machine-ids on each individual VM.

When you cloned the system, you duplicated its identity certificate (which is how the node identifies itself to Satellite), and its entitlement certificates (which control what repos the system can access). From Satellite's perspective they are all effectively the same system. While it is not critical to resolve this right now, you definitely want to solve this sooner than later, especially if you wish to use management actions in Satellite that are done server side (like deploying errata via katello-agent). You may have unpredictable results if you do not fix these systems.

I've reset the machine-id on several machines, and removed the katello.facts file, and they appear to be registering as individual unique systems on the Satellite now. That should mean all is well now, right?

Yes. And you can confirm this via subscription-manager identity. (the system identity field should be unique on each host)

Hello please how did you reset the machine-id

Is there a way to force each satellite client to have a "unique" certificate? The thought process here is that this could allow the original box to keep it's registration as the certificate was originally generated for, and belongs to it, and cloned VM's would fail to check in properly / connect to the existing host record for the original box?

Perhaps when the host checks in, Satellite could verify that the reported host FQDN is the same, and matches up with the CN in the certificate, or that the cert presented from the IP of the connecting client isn't the same as a cert being presented from another connecting client with a different IP?

I followed steps as

/usr/sbin/subscription-manager clean
rm /etc/rhsm/facts/katello.facts

but still get this error, i had to remove regenerate some server certificate? Server1 cloned to Server2

/usr/sbin/subscription-manager register --org 'ORG' --name 'Server2' --activationkey 'ak---'  --serverurl=https://capsule:8443/rhsm --baseurl=https://capsule/pulp/repos --force
Multiple profiles found. Consider removing Server1, Server2 which match this host.

subscription-manager facts show name Server2, in /etc/hosts, hostnamectl status i see Server2

When you clone a machine, you may end up with the same host key as the prior, among other things which can cause issues. Additionally, the rpm named "basesystem" shows when the system is supposed to originally have been built.

rpm -qi basesystem
<examine the output to become familiar with it>
rpm -qi basesystem | egrep "Install"
<the output here shows the date the ORIGINAL system was created (not cloned, created)>

So this among other things are good to change.

I'll add more details on Monday when I have access to some more notes. In the meantime, examine this area from Red Hat, along with the other good tips above.

Regards

RJ