How to correctly register a cloned virtual machine in Satellite

Latest response

We have a virtual machine, running RHEL 7 workstation, that was cloned to make 25 additional virtual machines.

All of them have the same system identity # and same "name:" field when you run "subscription-manager identity" on them. The source virtual machine is registered in Satellite, and we would want to keep that one.

How can all of the cloned machines get registered correctly in Satellite without un-registering the original machine?

Thanks,

Paul

Responses

Prior to cloning, you should have run subscription-manager unregister.

Now that you have cloned the systems, you need to make the cloned clients 'forget' their identity. subscription-manager clean will do this.

Ok, I did the 'clean' command, registered the system again, subscribed to the correct entitlements and repos. The new hostname didn't appear in Satellite though, and I suspect it still checked in as the original one. Should that original virtual machine have been removed from Satellite before doing the above?

I deleted the original hostname in Satellite and did all of the above again, but when I go to re-register it keeps trying to re-register again under the original hostname. I also registered a different system, and again it registered as the original hostname, even though the hostname in /etc/hostname is correct, and /etc/sysconfig/network is default and doesn't have a hostname configured in it. I noticed another entry that got duplicated in the cloning that might be contributing to the problem. If you run hostnamectl status, all of these cloned virtual machines have the same "Machine ID". If Satellite is referencing that "Machine ID" when it's registering a system, maybe that is causing a problem. ??

Ah, you didn't mention that you were using Satellite.

You need to remove /etc/rhsm/facts/katello.facts from the systems. When you installed the katello-ca-consumer-latest package, that file is created (to ensure that subscription-manager reports your system via FQDN). Otherwise, the system might report a short hostname and that causes issues with puppet.

Yes, that was the last piece of the puzzle -thanks! If the machine-id is duplicated, what issues might that cause? It'll be a little tedious but I'll need to go through and reset those machine-ids on each individual VM.

When you cloned the system, you duplicated its identity certificate (which is how the node identifies itself to Satellite), and its entitlement certificates (which control what repos the system can access). From Satellite's perspective they are all effectively the same system. While it is not critical to resolve this right now, you definitely want to solve this sooner than later, especially if you wish to use management actions in Satellite that are done server side (like deploying errata via katello-agent). You may have unpredictable results if you do not fix these systems.

I've reset the machine-id on several machines, and removed the katello.facts file, and they appear to be registering as individual unique systems on the Satellite now. That should mean all is well now, right?

Yes. And you can confirm this via subscription-manager identity. (the system identity field should be unique on each host)

Hello please how did you reset the machine-id

Is there a way to force each satellite client to have a "unique" certificate? The thought process here is that this could allow the original box to keep it's registration as the certificate was originally generated for, and belongs to it, and cloned VM's would fail to check in properly / connect to the existing host record for the original box?

Perhaps when the host checks in, Satellite could verify that the reported host FQDN is the same, and matches up with the CN in the certificate, or that the cert presented from the IP of the connecting client isn't the same as a cert being presented from another connecting client with a different IP?