-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat Satellite
Getting Started Guide
Provisioning and Deployment with Red Hat Network Satellite
Edition 1
Red Hat Engineering Content Services
Abstract
Chapter 1. Introduction
Definitions
- Provisioning
- The process of configuring a machine (physical or virtual) to a predefined known state. Satellite provisions all systems using the kickstart process.
- Kickstarting
- The process of installing a Red Hat system in an automated manner requiring little or no user intervention. Technically, kickstart refers to a mechanism in the Anaconda installation program that allows you to supply a concise description of the contents and configuration of a machine to the installer, which it then acts on. Such a concise system definition is referred to as a Kickstart profile.
- Kickstart profile
- The kickstart file is a text file that specifies all of the options needed to kickstart a machine, including partitioning information, network configuration, and packages to install. In RHN Satellite, a Kickstart Profile is a superset of a traditional Anaconda kickstart definition, as Satellite's implementation builds on Cobbler's enhancements to kickstarting. A Kickstart Profile presumes the existence of a Kickstart Tree.
- Kickstart Tree
- The software and support files needed in order to kickstart a machine. This is also often called an "install tree". This is usually the directory structure and files pulled from the installation media that ships with a particular release. In Cobbler terminology, a Kickstart Tree is part of a distribution.
- PXE (Preboot eXecution Environment)
- A low-level protocol that makes it possible to kickstart bare-metal machines (usually physical, or real, machines) on power-up with no pre-configuration of the target machine itself. PXE relies on a DHCP server to inform clients about bootstrap servers (for purposes of this document, Satellite 5.3.0 or greater installations). PXE must be supported in the firmware of the target machine in order to be used. It is possible to use the virtualization and reinstall facilities of Satellite without PXE, though PXE is very useful for booting new physical machines, or reinstalling machines that are not registered to Satellite.
Provisioning Scenarios
- New installations
- Provisioning a system that has not previously had an operating system installed (also known as bare metal installations).
- Virtual installations
- Satellite supports KVM, Xen fully-virtualized guests, and Xen para-virtualized guests.
- Re-provisioning
- Both physical and guest systems can be re-provisioned, provided that they have been registered to the same Satellite instance. See Section 2.5.2, “Reprovisioning”.
Chapter 2. Kickstart
2.1. Required Packages
rhn-tools
Red Hat Network channel:
koan
spacewalk-koan
rhn-tools
channel in order to have access to these packages from your custom channel.
kernel
and initrd
files to be in specific locations within the kickstart tree. However, these locations are different for different architectures. The table below explains the different locations:
Table 2.1. Required Distribution Files by Architecture
Architecture | kernel | Initial RAM Disk image |
---|---|---|
IBM s390x | TREE_PATH/images/kernel.img | TREE_PATH/images/initrd.img |
PowerPC | TREE_PATH/ppc/ppc64/vmlinuz | TREE_PATH/images/pxeboot/vmlinux |
All other architectures | TREE_PATH/images/pxeboot/vmlinuz | TREE_PATH/images/pxeboot/initrd.img |
2.2. Kickstart Trees
Procedure 2.1. Installing Kickstart Trees Automatically
satellite-sync
.
- Choose which distribution you would like to base your kickstarts on and locate that distribution's base channel, and its corresponding RHN Tools channel.For example, if you want to use Red Hat Enterprise Linux 5 with x86 architecture, you will require the
rhel-i386-server-5
channel and its corresponding RHN Tools channelrhn-tools-rhel-i386-server-5
. - If you are using a connected Satellite, synchronize your Satellite with the Red Hat servers directly with the
satellite-sync
command. If your Satellite is disconnected, you will need to obtain disconnected channel dumps from the Red Hat servers and synchronize with those. - Synchronizing the channel will automatically create a corresponding kickstart tree for that distribution.
Procedure 2.2. Installing Kickstart Trees Manually
- Copy the installation ISO to your satellite server and mount it to
/mnt/iso
- Copy the contents of the ISO to a custom location. It is recommended that you create a directory within
/var/satellite
for all of your custom distributions. For example, you might copy a RHEL beta distribution's contents to/var/satellite/custom-distro/rhel-i386-server-5.3-beta/
- Use the RHN Satellite web interface to create a custom software channel. Use Channels → Manage Software Channels → Create New Channel to create a parent channel with an appropriate name and label. For the example used above, you might use the label rhel-5.3-beta.
- Push the software packages from the tree location to the newly created software channel using the
rhnpush
command:rhnpush --server=http://localhost/APP -c 'rhel-5.3-beta' \ -d /var/satellite/custom-distro/rhel-i386-server-5.3-beta/Server/
The sub-directory within the tree could be different depending on your distribution. - Once the software packages have been pushed, they can be deleted from within the tree path using the
rm
command. The packages are still stored on the Satellite server within the channel, and are no longer required in the tree.rm /var/satellite/custom-distro/rhel-i386-server-5.3-beta/Server/*.rpm
Note
You can choose to leave the software packages within the kickstart tree. This will allow them to be installed with theyum
command at any time later on. - Use the RHN Satellite web interface to create the distribution. Use Systems → Kickstart → Distributions → create new distribution to create the distribution, using an appropriate label and the full tree path (such as
/var/satellite/custom-distro/rhel-i386-server-5.3-beta/
. Select the base channel you created earlier, and the correct Installer Generation (such as Red Hat Enterprise Linux 5). To complete the creation, select Create Kickstart Distribution. - To maintain the same software across multiple environments and systems, the RHN Tools child channel from an existing Red Hat Enterprise Linux base channel can be cloned as a child channel of the newly created base channel. Cloning a child channel can be done by:
- On the Satellite web interface, click on Channels → Manage Software Channels → Clone Channel
- Choose the Child Channel you wish to clone from the drop down box Clone From: and choose the clone state.
- Click Create Channel.
- Fill in the necessary information and choose the parent channel that the cloned child channel needs to be under.
- Click Create Channel.
Figure 2.1. Creating a Kickstart Distribution
2.3. Kickstart Profiles
Procedure 2.3. Creating a Kickstart Profile with a Wizard
- Select Systems → Kickstart → Create a New Kickstart Profile
- Provide an appropriate Label, and select the desired Base Channel and Kickstartable Tree
- Select the desired Virtualization Type. See Virtualization Types for more information about virtualization types. Click next to continue.
- Select the download location for the kickstart profile. If you are using a custom distribution, enter the location of its tree as a URI (both HTTP and FTP are supported), otherwise, use the default option. Click next to continue.
- Enter the root password and click finish to complete the profile creation.
- The complete kickstart profile will be created. View the profile by clicking Kickstart File.
Procedure 2.4. Creating a Kickstart Profile with the Raw Method
- Select Systems → Kickstart → Upload a New Kickstart File
- Provide an appropriate label, and select the desired distribution
- Select the desired Virtualization Type. See Virtualization Types for more information about virtualization types.
- If you have an existing kickstart profile, upload the file. Otherwise, write the kickstart profile in the File Contents text box.Here is a sample raw kickstart that can be used as a starting point:
install text network --bootproto dhcp url --url http://$http_server/ks/dist/org/1/ks-rhel-i386-server-5 lang en_US keyboard us zerombr clearpart --all part / --fstype=ext3 --size=200 --grow part /boot --fstype=ext3 --size=200 part swap --size=1000 --maxsize=2000 bootloader --location mbr timezone America/New_York auth --enablemd5 --enableshadow rootpw --iscrypted $1$X/CrCfCE$x0veQO88TCm2VprcMkH.d0 selinux --permissive reboot firewall --disabled skipx key --skip %packages @ Base %post $SNIPPET('redhat_register')
- The RHN Satellite server does not handle the specified distribution as the
url
in the kickstart, so you will need to include theurl --url
option in your profile, similar to the following:url --url http://satellite.example.com/ks/dist/org/1/my_distro
Replacemy_distro
with the distribution label and1
with your org id. - Raw kickstart profiles use
$http_server
instead of the Satellite's host name. This will be filled in automatically when the kickstart template is rendered. - The
redhat_register
snippet is used to handle registration.
Figure 2.2. Raw Kickstart
All kickstart profiles have a virtualization type associated with them. This table outlines the different options:
Table 2.2. Virtualization Types
Type | Description | Uses |
---|---|---|
none | No virtualization | Use this type for normal provisioning, bare metal installations, and virtualized installation that are not Xen or KVM (such as VMware, or Virtage) |
KVM Virtualized Guest | KVM guests | Use this type for provisioning KVM guests |
Xen Fully-Virtualized Guest | Xen guests | Use this type for provisioning Xen guests
Note
This option requires hardware support on the host, but does not require a modified operating system on the guest.
|
Xen Para-Virtualized Guest | Xen Guests | Use this type for provisioning a virtual guest with Xen para-virtualization. Para-virtualization is the fastest virtualization mode. It requires a PAE flag on the system CPU, and a modified operating system. Red Hat Enterprise Linux 5 supports guests under para-virtualization. |
Xen Virtualization Host | Xen hosts | Use this type for provisioning a virtual host with Xen para-virtualization. Xen para-virtualized guests and hosts are supported, if the hardware is compatible. |
kernel-xen
package in the %packages
section.
qemu
package in the %packages
section.
Note
2.4. Templating
for
loops and if
statements in your kickstart files. This is achieved using the cheetah
tool.
- Reusing a particular section of a kickstart, such as a disk partitioning section, between multiple kickstarts.
- Performing some
%post
actions consistently across multiple kickstarts. - Defining a snippet across multiple server roles such as DNS server, proxy server, and web server. For example, a web server might have the following snippet defined:
httpd mod_ssl mod_python
To create a web server profile, include the web server snippet in the%package
section of your kickstart file. For a profile to be both a web server and a proxy server, include both snippets in the package section. To add another package to the web server snippet,mod_perl
for example, update the snippet, and all profiles that are using that snippet are dynamically updated.
Templating allows you to define a variable to be used throughout a kickstart file. Variables are subject to a form of inheritance that allows them to be set at one level and overridden at levels below them. So, if a variable is defined at the system level, it will override the same variable defined at the profile or kickstart tree levels. Likewise, if a variable is defined at the profile level, it will override the same variable defined at the kickstart tree level.
Note
Snippets reuse pieces of code between multiple kickstart templates. They can span many lines, and include variables. They can be included in a kickstart profile by using the text $SNIPPET('snippet_name')
. You can make a snippet for a package list, for a %post
script, or for any text that would normally be included in a kickstart file.
/var/lib/cobbler/snippets/
. There is a template from a wizard-style kickstart located in /var/lib/rhn/kickstarts/wizard/
, which explains the different default snippets and how they are used.
redhat_register
snippet is a default snippet that is used to register machines to a RHN Satellite server as part of a kickstart. It uses a variable called redhat_management_key
to register the machine. To use the snippet, set the redhat_management_key
variable at either the system, profile, or distribution level and then add $SNIPPET('redhat_register')
to a %post
section of the kickstart. Any wizard-style kickstarts that are generated by the RHN Satellite server will already include this snippet in the %post
section.
/var/lib/rhn/kickstarts/snippets/
directory. RHN Satellite stores snippets for different organizations in different directories, so custom snippets will be stored with a filename similar to the following, where 1 is the organization ID:
$SNIPPET('spacewalk/1/snippet_name')
Note
Figure 2.3. Kickstart Snippets
The $
and #
characters are used during templating for specifying variables and control flow. If you need to these characters for any other purpose in a script, they will need to be escaped so that they are not recognized as a variable. This can be achieved in several ways:
- Placing a backslash character (
\
) before every instance of$
or#
that you want to be ignored during templating. - Wrap the entire script in
#raw ... #end raw
All%pre
and%post
scripts created using the wizard-style kickstarts are wrapped with#raw...#end raw
by default. This can be toggled using the Template checkbox available when editing a%post
or%pre
script. - Include
#errorCatcher Echo
in the first line of the snippet.
Example 2.1. Escaping Special Characters in templates
%post
section:
%post echo $foo > /tmp/foo.txt
$
being escaped, the templating engine will try to find a variable named $foo
and would fail because foo
does not exist as a variable.
$
is by using a backslash character (\
):
%post echo \$foo > /tmp/foo.txt
\$foo
to be rendered as $foo
.
#raw ... #end raw
, as follows
%post #raw echo $foo > /tmp/foo.txt #end raw
#errorCatcher Echo
in the first line of the kickstart template. This instructs the templating engine to ignore any variables that do not exist and print out the text as is. This option is already included in the wizard-style kickstarts, and can be includes in any raw kickstarts you create manually.
2.5. Kickstarting a Machine
2.5.1. Kickstarting from Bare Metal
- Standard operating system installation media
- PXE boot
- Cobbler boot disk. For more information on Cobbler, see Section 4.2, “Cobbler”
Procedure 2.5. Booting from Installation Media
- Insert installation media into the machine. The media must match the kickstart you intend to use. For example, if the kickstart is configured to use the
ks-rhel-i386-server-5-u2
kickstart tree, use Red Hat Enterprise Linux 5.2 i386 installation media. - When you are given a boot prompt, activate the kickstart by giving this command:
linux ks=http://satellite.example.com/path/to/kickstart
- The system will boot, download the kickstart, and install automatically.
Procedure 2.6. PXE Booting
Important
If you have a DHCP server deployed on another system on the network, you will need administrative access to the DHCP server in order to edit the DHCP configuration file.If your machines reside on multiple networks, you will need to make certain that all of your machines can connect to the DHCP server. This can be achieved by multi-homing your DHCP server (using either a real or trunked VLAN) and configuring any routers or switches to pass the DHCP protocol across network boundaries.Configure your DHCP server so that it points to the PXE server by setting thenext-server
address for the systems you want to be managed by RHN Satellite.Configure your DHCP server to point to your domain and IP addresses, by including the following lines. This will allow it to use hostnames to perform the installation:option domain-name DOMAIN_NAME; option domain-name-servers IP_ADDRESS1, IP_ADDRESS2;
- On the DHCP server, switch to the root user and open the
/etc/dhcpd.conf
file. Append a new class with options for performing PXE boot installation:allow booting; allow bootp; class "PXE" { match if substring(option vendor-class-identifier, 0, 9) = "PXEClient"; next-server 192.168.2.1; filename "pxelinux.0"; }
This class will perform the following actions:- Enable network booting with the
bootp
protocol - Create a class called
PXE
. If a system is configured to have PXE first in its boot priority, it will identify itself asPXEClient
. - The DHCP server directs the system to the Cobbler server at the IP address 192.168.2.1
- The DHCP server refers to the boot image file at
/var/lib/tftpboot/pxelinux.0
- Configure Xinetd. Xinetd is a daemon that manages a suite of services including TFTP, the FTP server used for transferring the boot image to a PXE client.Enable Xinetd using the
chkconfig
command:chkconfig xinetd on
Alternatively, switch to the root user and open the/etc/xinetd.d/tftp
file. Locate thedisable = yes
line and change it to readdisable = no
. - Start the Xinetd service so that TFTP can start serving the
pxelinux.0
boot image:chkconfig --level 345 xinetd on /sbin/service xinetd start
Thechkconfig
command turns on thexinetd
service for all user runlevels, while the/sbin/service
command turns onxinetd
immediately.
2.5.2. Reprovisioning
Example 2.2. Configuring Kernel Options and Post Kernel Options
vnc vncpassword=PASSWORD
in the Kernel Options
line.
noapic
kernel option, add noapic
to the Post Kernel Options
line.
Procedure 2.7. File Preservation
Note
- Go to Systems → Kickstart → File Preservation → create new file preservation list and create a list of files to preserve.
- Go to Systems → Kickstart → Profiles and associate the file preservation list with a kickstart by selecting the desired profile.
- Go to System Details → File Preservation and select the file preservation list.
2.5.3. Virtualized Guest Provisioning
- KVM Virtualized Guest
- Xen Fully-Virtualized Guest
- Xen Para-Virtualized Guest
Procedure 2.8. Provisioning a Virtualized Guest
- Check that the host system has a Virtualization or Virtualization Platform system entitlement
- On the Systems page, select the appropriate virtual host, then select Virtualization → Provisioning. Select the appropriate kickstart profile and enter a guest name.
- To configure additional parameters such as guest memory and CPU usage, click the Advanced Configuration button. This will allow you to configure:
- Network: static or DHCP
- Kernel options
- Package profile synchronization: when the kickstart finishes the system will synchronize its package profile to that of another system or a stored profile
- Memory allocation: RAM (Defaults to 512MB)
- Virtual disk size
- Virtual CPUs (Defaults to 1)
- Virtual bridge: The networking bridge used for the install. Defaults to
xenbr0
for Xen provisioning, andvirbr0
for KVM.Note
Thevirbr0
networking bridge will not allow outside networking. If you require outside networking, configure the host to create an actual bridge instead. However,xenbr0
is an actual bridge, and it is recommended that you use it if possible. - Virtual storage path: Path to either a file, LVM Logical Volume, directory, or block device with which to store the guest's disk information, such as
/dev/sdb
,/dev/LogVol00/mydisk
,VolGroup00
, or/var/lib/xen/images/myDisk
.
- Click Schedule Kickstart and Finish
2.5.4. Provisioning Through an RHN Proxy
- When provisioning a virtual guest or doing a reprovisioning of a system, select the desired proxy from the Select Satellite Proxy drop down box.
- For a bare metal installation, replace the RHN Satellite's fully qualified domain name (FQDN) with that of the proxy's FQDN. For example if the URL to the kickstart file is:
http://satellite.example.com/ks/cfg/org/1/label/myprofile
Then to kickstart through the proxy, use:http://proxy.example.com/ks/cfg/org/1/label/myprofile
Chapter 3. Multiple Satellites
ISS Requirements
- Two or more RHN Satellite servers
- At least one RHN Satellite populated with at least one channel
- For secure connections, each slave RHN Satellite will also require a master RHN Satellite SSL certificate
3.1. Inter-Satellite Synchronization
Procedure 3.1. Configuring the Master Server
- Enable the inter-satellite synchronization (ISS) feature. Open the
/etc/rhn/rhn.conf
file, and add or amend the following line to read:disable_iss=0
- In the
/etc/rhn/rhn.conf
file, locate theallowed_iss_slaves=
line. By default, no slave satellites are specified for synchronization. Enter the hostname of each slave satellite server, separated by commas:allowed_iss_slaves=slave1.satellite.example.org,slave2.satellite.example.org
- Save the configuration file, and restart the
httpd
service:service httpd restart
Procedure 3.2. Configuring Slave Servers
- In order to securely transfer content to the slave servers, you will require the
ORG-SSL
certificate from the master server. You can download the certificate over HTTP from the/pub/
directory of any satellite. The file is calledRHN-ORG-TRUSTED-SSL-CERT
, but can be renamed and placed anywhere in the local filesystem of the slave, such as the/usr/share/rhn/
directory. - View the list of channels available for synchronization from the master server with the following command. This will display official Red Hat channels as well as any available custom channels:
satellite-sync --iss-parent=master.satellite.example.com --ca-cert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --list-channels
Replace master.satellite.example.com with the hostname of the master server.
Procedure 3.3. Performing an Inter-Satellite Synchronization
- On the slave servers, open the
/etc/rhn/rhn.conf
file in your preferred text editor, and add the master server hostname and SSL certificate file path details:iss_parent = master.satellite.example.com iss_ca_chain = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
- Begin the synchronization by running the
satellite-sync
command:satellite-sync -c your-channel
Note
Command line options you provide with thesatellite-sync
command will override any custom settings in the/etc/rhn/rhn.conf
file.
3.2. Organizational Synchronization
- If the source content belongs to the
NULL
organization (that is, it is Red Hat content) it will default to theNULL
organization even if a destination organization is specified. This ensures that specified content is always in the privilegedNULL
organization. - If an organization is specified at the command line, content will be imported from that organization.
- If no organization is specified, it will default to organization 1.
orgid
) are used to synchronize satellites:
Example 3.1. Import Content from Master to Slave Satellite
satellite-sync --parent-sat=master.satellite.example.com -c channel-name --orgid=2
Example 3.2. Import Content from an Exported Dump of an Organization
$ satellite-sync -m /dump -c channel-name --orgid=2
Example 3.3. Import Content from Red Hat Network Hosted
$ satellite-sync -c channel-name
3.3. ISS Use Cases
Example 3.4. Staging Satellite
- Run the
satellite-sync
command to synchronize data with rhn_parent (usually Red Hat Network Hosted):satellite-sync -c your-channel
- Run the following command to synchronize data from the staging server:
satellite-sync --iss-parent=staging-satellite.example.com -c custom-channel
Example 3.5. Synchronized Slaves
Example 3.6. Slave Custom Content
Example 3.7. Bi-directional sync
- Ensure both satellites can share SSL certificates.
- On the first satellite, open the
/etc/rhn/rhn.conf
file and set theiss_parent
option to point to the hostname of the second satellite. - On the second satellite, open the
/etc/rhn/rhn.conf
file and set theiss_parent
option to point to the hostname of the first satellite.
Chapter 4. Advanced Commands
4.1. The XML-RPC API
Table 4.1. XML-RPC Methods
XML-RPC Namespace | Usage |
---|---|
kickstart | Create, import, and delete kickstart profiles. Also used to list available kickstart trees and profiles. |
kickstart.tree | Create, rename, update, and delete kickstart trees. |
kickstart.filepreservation | List, create, and delete file preservation lists that can be associated to a kickstart profile. Once a file preservation list has been created, it can be associated to a kickstart profile by calling the kickstart.profile.system.add_file_preservations API method. |
kickstart.keys | List, create, and delete cryptography keys (GPG/SSL) that can be associated to different kickstart profiles.
Note
Once a cryptography key has been created, it can be associated to a kickstart profile by calling the kickstart.profile.system.add_keys API method.
|
kickstart.profile | Manipulate IP ranges, change the kickstart tree and the child channels, download the kickstart files associated with a profile, manipulate advanced options, manipulate custom options, and add pre- and post-scripts to a kickstart profile. |
kickstart.profile.keys | List, add (associate), and remove (disassociate) activation keys associated to a kickstart profile. |
kickstart.profile.software | Manipulate the list of packages associated to a kickstart profile. |
kickstart.profile.system | Manage file preservations, manage cryptography keys, enable/disable configuration management and remote commands, setup partitioning schemes, and setup locale information associated to a given kickstart profile. |
system.provision_system
system.provision_virtual_guest
https://satellite.example.com/rpc/api
.
4.2. Cobbler
Table 4.2. Cobbler Commands
Command | Usage |
---|---|
cobbler profile list | Run this command on the RHN Satellite host to display a list of profiles |
cobbler distro list | Display a list of kickstart trees, kernels, RAM disks, and other options |
cobbler system list | Display a list of system records, created when a kickstart is scheduled |
cobbler profile report --name=profile-name or cobbler system report --name=system-name | Display a more detailed output about a specific object |
cobbler profile edit --name=profile-name --virt-ram=1024 | Edit various parameters. This example will allocate each virtualized installation of a given profile 1GB of RAM. |
cobbler system edit --name=system-name --netboot-enabled=1 | Force a system to be reinstalled at the next reboot |
cobbler system edit --name=system-name --profile=new-profile-name --netboot-enabled=1 | Assign a system to a new profile for reinstallation |
cobbler system find --profile=profile-name | List all systems assigned to a profile |
cobbler system find --profile="abc" | xargs -n1 --replace cobbler system edit \ --name={} --profile="def" --netboot-enabled=1 | Assign all systems currently set to the abc profile to the def profile and reinstall them the next time they reboot |
cobbler profile edit --name=profilename --kopts="variablename=3" --in-place | Set an additional templating variable on a profile without modifying any of the other variables |
cobbler system edit --name=systemname --kopts="selinux=disabled asdf=jkl" | Assign various variables to a system record, and disregard any old variables that might be set |
cobbler profile find --name="*webserver*" | xargs -n1 --replace cobbler profile edit --name={} --profile="RHEL5-i386" | Set all new installations of any profile containing webserver as a string to use a profile named RHEL5-i386 |
There are only a few Cobbler settings that should be changed in /etc/cobbler/settings
directly. The pxe_just_once
option is one of these (described in Procedure 4.3, “Configuring Cobbler to use PXE”). The server
option can also be changed to reflect the address or hostname of the RHN Satellite server.
/etc/cobbler/settings
, run the following command to pick up the changes:
/sbin/service cobblerd restart cobbler sync
Important
/etc/cobbler/settings
. RHN Satellite requires that this file remains in a certain configuration, determined by the RHN Satellite installer. Similarly, the /etc/cobbler/modules.conf
file, which controls authentication sources, should remain as created by the RHN Satellite installer. Particularly, the authentication module must remain as authn_spacewalk
and is not changeable.
Procedure 4.1. Configuring SELinux for use with Cobbler
- To enable SELinux for Cobbler support, set the SELinux Boolean to allow HTTPD web service components, using the following command:
setsebool -P httpd_can_network_connect true
The-P
switch is essential, as it enables HTTPD connection persistently across all system reboots. - Set SELinux file context rules for TFTP to serve the boot image file, using the following command on the Cobbler server:
semanage fcontext -a -t public_content_t "var/lib/tftpboot/.*"
- IPTables must be configured to allow incoming and outgoing network traffic on the Cobbler server.If you have an existing firewall ruleset using iptables, add the following rules to open the Cobbler-related ports, as follows:For TFTP:
/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
For HTTPD:/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
For Cobbler:/sbin/iptables -A INPUT -m state --state NEW -m udp -p udp --dport 25150 -j ACCEPT /sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25150 -j ACCEPT
For Koan:/sbin/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 25151 -j ACCEPT
- Save the firewall configuration:
/sbin/iptables-save
- Ensure that the configuration files are all synchronized by running the following command:
cobbler sync
- Start the Satellite server:
/usr/sbin/rhn-satellite start
Warning
Do not start or stop thecobblerd
service independent of the Satellite service, as doing so may cause errors and other issues.Always use/usr/sbin/rhn-satellite
to start or stop RHN Satellite.
Procedure 4.2. Configuring Cobbler System Records
- Go to System Details → Provisioning for each system and select the kickstart profile to be associated.
- Click Create Cobbler System Record to make the association.
- This association will remain in place indefinitely unless you set the
pxe_just_once
option to true for any given machine. In that case the association will be broken after a successful kickstart. See Procedure 4.3, “Configuring Cobbler to use PXE” for more information about this setting.
Procedure 4.3. Configuring Cobbler to use PXE
pxe_just_once
configuration option to obtain the best possible PXE workflow in the BIOS.
- Often, the BIOS order will be set to have the PXE boot occur first. This means that the system will not boot off the local disk unless the PXE server instructs it to do so remotely. This setup can create a boot loop, where the system continually reinstalls.In order to prevent boot loops, open the
/etc/cobbler/settings
file and add the following line:pxe_just_once: 1
This setting adds a$kickstart_done
macro in the kickstart template, which tells the system to boot locally after it has completed the installation, instead of booting from the network. - If you include the
pxe_just_once: 1
setting, and you want to reinstall the system later on, you will need to toggle thenetboot-enabled
flag on the system. This can be done using either the RHN Satellite web interface, or in Cobbler directly. When the system next reboots, it will perform a PXE install, and then return to booting from the local disk until the flag is reset.If the BIOS is set to boot from local hard drives first, there is no need to have thepxe_just_once
enabled. However, to reprovision the system using PXE, it will be necessary to zero out the MBR (master boot record).
Naming Conventions
- Distributions
$tree_name:$org_id:$org_name
(if manually created)$tree_name
(if synchronized by RHN Satellite)- Profiles
$profile_name:$org_id:$org_name
Important
4.3. Koan
koan
(kickstart over a network) utility allows RHN Satellite to be accessed remotely from hosts that have already been provisioned. Koan allows you to perform kickstart provisioning, create virtual guests (on virtual hosts), and can list the kickstarts available from the RHN Satellite host. It is available in the koan
package.
Table 4.3. Koan Commands
Command | Usage |
---|---|
man koan | Read the koan manual page |
koan --replace-self --server=satellite.example.org --profile=profile-name or koan --replace-self --server=satellite.example.org --system=system-name | Reprovision an existing system. Reboot after running this command to install the new operating system. This can also be used with upgrade kickstarts (for instance, to upgrade a large number of machines from one version of Red Hat Enterprise Linux to the next). |
koan --virt --server=satellite.example.org --profile=profile-name or koan --virt --server=satellite.example.org --system=system-name | Provision a virtual guest |
koan --list=profiles --server=satellite.example.org or koan --list=systems --server=satellite.example.org | Query Cobbler to display a list of profiles or systems available for remote installation |
Chapter 5. Troubleshooting
- 5.1. Web Interface
- 5.2. Anaconda
- 5.3. Cobbler and Koan
- 5.4. Tracebacks
- 5.5. Registration
- 5.6. Kickstarts and Snippets
5.1. Web Interface
/var/log/tomcat5/catalina.out
log file.
/var/log/httpd/error_log
log file.
5.2. Anaconda
Error downloading kickstart file
. What is the problem and how do I fix it?
cobbler check
command, and read the output, which should look something like this:
# cobbler check The following potential problems were detected: #0: reposync is not installed, need for cobbler reposync, install/upgrade yum-utils? #1: yumdownloader is not installed, needed for cobbler repo add with --rpm-list parameter, install/upgrade yum-utils? #2: The default password used by the sample templates for newly installed machines (default_password_crypted in /etc/cobbler/settings) is still set to 'cobbler' and should be changed #3: fencing tools were not found, and are required to use the (optional) power management features. install cman to use them
cobbler check
does not provide any answers, check the following:
- Verify
httpd
is running - Verify
cobblerd
is running - Verify you can fetch the kickstart file using
wget
from a different host:wget http://satellite.example.com/cblr/svc/op/ks/profile/rhel5-i386-u3:1:Example-Org
The file chkconfig-1.3.30.1-2.i386.rpm cannot be opened.
. What is the problem and how do I fix it?
--url
parameter in the kickstart. For example:
url --url http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3
200 OK
response. You can do this by attempting to wget
the file located at that URL:
wget http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3 --2011-08-19 15:06:55-- http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3 Resolving satellite.example.com... 10.10.77.131 Connecting to satellite.example.com|10.10.77.131|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 0 [text/plain] Saving to: `ks-rhel-i386-server-5-u3.1' 2011-08-19 15:06:55 (0.00 B/s) - `ks-rhel-i386-server-5-u3.1' saved [0/0]
200 OK
, check the error logs to find out what the problem is. You can also check the actual file Anaconda tried to download by searching the access_log
file:
# grep chkconfig /var/log/httpd/access_log 10.10.77.131 - - [19/Aug/2011:15:12:36 -0400] "GET /rhn/common/DownloadFile.do?url=/ks/dist/ks-rhel-i386-server- 5-u3/Server /chkconfig-1.3.30.1-2.i386.rpm HTTP/1.1" 206 24744 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.76.143 - - [19/Aug/2011:15:12:36 -0400] "GET /ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig- 1.3.30.1-2.i386.rpm HTTP/1.1" 206 24744 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.76.143 - - [19/Aug/2011:15:14:20 -0400] "GET /ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig- 1.3.30.1-2.i386.rpm HTTP/1.1" 200 162580 "-" "urlgrabber/3.1.0 yum/3.2.19" 10.10.77.131 - - [19/Aug/2011:15:14:20 -0400] "GET /rhn/common/DownloadFile.do?url=/ks/dist/ks-rhel-i386-server- 5-u3/Server/chkconfig-1.3.30.1-2.i386.rpm HTTP/1.1" 200 162580 "-" "urlgrabber/3.1.0 yum/3.2.19"
access_log
file, the system might be having trouble with the networking setup. If the requests are appearing but are generating errors, check the error logs.
wget http://satellite.example.com/ks/dist/ks-rhel-i386-server-5-u3/Server/chkconfig-1.3.30.1-2.i386.rpm
5.3. Cobbler and Koan
/var/log/cobbler/
.
/var/log/koan
.
5.4. Tracebacks
Subject: WEB TRACEBACK from satellite.example.com Date: Wed, 19 Aug 2011 20:28:01 -0400 From: RHN Satellite <dev-null@redhat.com> To: admin@example.com java.lang.RuntimeException: XmlRpcException calling cobbler. at com.redhat.rhn.manager.kickstart.cobbler.CobblerXMLRPCHelper.invokeMethod(CobblerXMLRPCHelper.java:72) at com.redhat.rhn.taskomatic.task.CobblerSyncTask.execute(CobblerSyncTask.java:76) at com.redhat.rhn.taskomatic.task.SingleThreadedTestableTask.execute(SingleThreadedTestableTask.java:54) at org.quartz.core.JobRunShell.run(JobRunShell.java:203) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520) Caused by: redstone.xmlrpc.XmlRpcException: The response could not be parsed. at redstone.xmlrpc.XmlRpcClient.handleResponse(XmlRpcClient.java:434) at redstone.xmlrpc.XmlRpcClient.endCall(XmlRpcClient.java:376) at redstone.xmlrpc.XmlRpcClient.invoke(XmlRpcClient.java:165) at com.redhat.rhn.manager.kickstart.cobbler.CobblerXMLRPCHelper.invokeMethod(CobblerXMLRPCHelper.java:69) ... 4 more Caused by: java.io.IOException: Server returned HTTP response code: 503 for URL: http://someserver.example.com:80/cobbler_api at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1236) at redstone.xmlrpc.XmlRpcClient.handleResponse(XmlRpcClient.java:420) ... 7 more
taskomatic
service. Try checking the following:
- Verify
httpd
is running - Verify
cobblerd
is running - Verify that there are no firewall rules that would prevent
localhost
connections
5.5. Registration
rhnreg_ks
command is failing when I run it, saying ERROR: unable to read system id
. What is the problem?
%post
section that registers the machine to the RHN Satellite:
# begin Red Hat management server registration mkdir -p /usr/share/rhn/ wget http://satellite.example.com/pub/RHN-ORG-TRUSTED-SSL-CERT -O /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT perl -npe 's/RHNS-CA-CERT/RHN-ORG-TRUSTED-SSL-CERT/g' -i /etc/sysconfig/rhn/* rhnreg_ks --serverUrl=https://satellite.example.com/XMLRPC --sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=1-c8d01e2f23c6bbaedd0f6507e9ac079d # end Red Hat management server registration
rhn-register
configuration files, and then register to the RHN Satellite using the SSL certificate and an activation key. Every kickstart profile includes an activation key that assures that the system is assigned the correct base and child channels, and gets the correct system entitlements. If it is a reprovisioning of an existing system, the activation key will also ensure it is associated with the previous system profile.
rhnreg_ks
command fails you might see errors like this in the ks-post.log
log file:
ERROR: unable to read system id.
rhn_check
and the system has not registered to the RHN Satellite.
5.6. Kickstarts and Snippets
/var/lib/rhn/kickstarts/
. Within this directory, raw kickstarts are in the upload
subdirectory, and wizard-generated kickstarts are in the wizard
subdirectory:
Raw Kickstarts: /var/lib/rhn/kickstarts/upload/$profile_name--$org_id.cfg Wizard Kickstarts: /var/lib/rhn/kickstarts/wizard/$profile_name--$org_id.cfg
/var/lib/rhn/kickstarts/snippets
. Cobbler accesses snippets using the symbolic link /var/lib/cobbler/snippets/spacewalk
.
Snippets: /var/lib/rhn/kickstarts/snippets/$org_id/$snippet_name
Important
Appendix A. Revision History
Revision History | ||||||
---|---|---|---|---|---|---|
Revision 2-2.400 | 2013-10-31 | Rüdiger Landmann | ||||
| ||||||
Revision 2-2 | Wed Jan 2 2013 | Athene Chan | ||||
| ||||||
Revision 2-1 | Wed Aug 22 2012 | Athene Chan | ||||
| ||||||
Revision 2-0 | Tue Jul 17 2012 | Athene Chan | ||||
| ||||||
Revision 1-3 | Mon Aug 15 2011 | Lana Brindley | ||||
| ||||||
Revision 1-2 | Wed Jun 15 2011 | Lana Brindley | ||||
| ||||||
Revision 1-1 | Fri May 27 2011 | Lana Brindley | ||||
| ||||||
Revision 1-0 | Fri May 6, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-8 | Thu May 5, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-7 | Thu April 14, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-6 | Wed March 23, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-5 | Tue March 22, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-4 | Tue March 22, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-3 | Mon March 21, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-2 | Thu March 17, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-1 | Wed Jan 5, 2011 | Lana Brindley | ||||
| ||||||
Revision 0-0 | Tue Dec 21, 2010 | Lana Brindley | ||||
|