Open Grieves

Open Grieves

Assimilate quickly!

You must comply!

Satellite 6.1: Facts vs. Global hostgroup parameters

Out of troublePosted by Magnus Glantz 2016-02-02 23:00:06
If you ever wondered what wins.. facts or global hostgroup parameters, the answer is global hostgroup parameters.

So.. if you have a global hostgroup parameter, you can refer to it in a manifest as such:

if $myhostgroupparameter == 'bluesbrothers' {

That was all.

  • Comments(0)//

Fast import/export of Satellite 5 repository to Satellite 6

Out of troublePosted by Magnus Glantz 2016-01-30 13:32:17
So, you have a Satellite <=5.4 installation (if you have the latest version of Satellite 5, see this link) and you want your custom repositories into Satellite 6. Here's briefly how you can go about it. Please note that this method is ~100 times faster than using Hammer to upload the RPMs. Hammer is as of this writing extremely slow in uploading RPMs.

1. Logon to your Satellite 5 server.
2. Use spacecmd to list all packages
in your repository and put the list into a file ('rpmlist').
3. Run:

# updatedb
# mkdir my-custom-channel
# cd my-custom-channel
# for item in $(cat rpmlist); do cp $(locate $item|head -1) . ; done
# cd ..
# tar xvzf my-custom-channel.tar.gz my-custom-channel
4. Logon to Satellite 6 server
5. Run:
# cd /var/lib/pulp
# scp user@satellite5-server:/path/to/my-custom-channel.tar.gz .
# tar xvzf my-custom-channel.tar.gz
# chmod a+rx my-custom-channel
# cd my-custom-channel
# createrepo -v .
# chmod a+rx repodata
# cd /var/lib/pulp
# chmod a+r my-custom-channel -R
6. Logon to Satellite 6 Webgui, create a new product, add your custom repository and modify Sync source to be: file:///var/lib/pulp/my-custom-channel
7. Synchronize repository (it will be much much much much quicker than running Hammer).
8. Done.

  • Comments(0)//

Abnormal high CPU and memory consumption in Satellite 6

Out of troublePosted by Magnus Glantz 2016-01-28 22:24:01
It seems that when abrt detects crashes, it generates traffic to Satellite 6 candlepin...
Be aware of running abrt on RHEL 6.7 when using Satellite 6. abrt can get stuck in a loop of reporting crashes that itself causes. This generates enormous amounts of traffic to candlepin (tomcat) (postgresql) and foreman causing it to consume fantastic amounts of CPU and memory.

Check if you are affected on RHEL 6.7 by looking at number of crash counts:
# abrt-cli list|grep -i count

# for item in abrtd abrt-oops abrt-ccpp; do service $item stop; chkconfig $item off; done


  • Comments(0)//

RHEL7: Docker: Error starting daemon: error initializing graphdriver

Out of troublePosted by Magnus Glantz 2016-01-13 10:50:15
Installing docker and then upgrading from Red Hat Enterprise Linux 7.1 to Red Hat Enteprise Linux 7.2 (which took me from 1.6.0-11.el7.x86_64 to docker-1.8.2-8.el7.x86_64) I hit this problem.

[root@thehostname ~]# systemctl start docker
Job for docker.service failed because the control process exited with error code. See "systemctl status docker.service" and "journalctl -xe" for details.

[root@thehostname ~]# systemctl status docker
‚óŹ docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2016-01-13 09:39:03 UTC; 5s ago
Main PID: 7711 (code=exited, status=1/FAILURE)

Jan 13 09:39:03 thehostname.domainname systemd[1]: Starting Docker Application Container Engine...
Jan 13 09:39:03 thehostname.domainname docker[7711]: time="2016-01-13T09:39:03.894323859Z" level=info msg="Listening for HTTP on unix (/var/run/docker.sock)"
Jan 13 09:39:03 thehostname.domainname docker[7711]: time="2016-01-13T09:39:03.916209315Z" level=fatal msg="Error starting daemon: error initializing graphdriver: Unable to take ownership of thin-pool (rootvg-docke...ed data blocks"
Jan 13 09:39:03 thehostname.domainname systemd[1]: docker.service: main process exited, code=exited, status=1/FAILURE
Jan 13 09:39:03 thehostname.domainname systemd[1]: Failed to start Docker Application Container Engine.
Jan 13 09:39:03 thehostname.domainname systemd[1]: Unit docker.service entered failed state.
Jan 13 09:39:03 thehostname.domainname systemd[1]: docker.service failed.


# systemctl stop docker
# rm -rf /var/lib/docker
# lvremove /dev/volumegroupxyz/docker-pool
# docker-storage-setup
# systemctl start docker


More info:

  • Comments(0)//

Upgrade from Satellite 6.0 to 6.1: IMPORTANT

Out of troublePosted by Magnus Glantz 2015-12-11 14:26:39
If you are running Capsules. Do not forget to update katello-agent, goferd, katello-ca-consumer (from the capsule) on all clients and then to re-register all clients using subscription-manager. If you do not do that, clients will keep communicating to 5671 on the Satellite and if you have a lot of hosts, this will within time cause qpid to fail on the Satellite, which is very serious as pretty much everything then will fail.

  • Comments(0)//

Complete workflow: Properly signed certificates and Satellite/Capsule 6.1

Out of troublePosted by Magnus Glantz 2015-12-10 19:23:12
So I never ever forget.

1. Install tools on the Capsule
# yum install crypto-utils mod_ssl

2. Generate certificate request
# genkey $(hostname)

3. Submit certificate request and get an certificate.
# Not sure how you do that..

4. Download signed certificate. Convert to PEM format if it's not already that. If in DER format, convert like so:
# openssl x509 -inform der -in mysignedcertficates.cer -out /etc/pki/tls/certs/capsule-fqdn.crt

5. Perhaps, download certificate chain from CA (if you have your own CA).
# Not sure how you do that..

6. Upload files to Satellite from Capsule:
# Certificate Request:
# Key

7. Upload other files to Satellite:
# Certificate chain from CA
# Signed certificate for Capsule:

8. Move all files to /root/capsule-fqdn on Satellite

9. Generate certificate tar for Capsule on Satellite:
capsule-certs-generate --capsule-fqdn CAPSULE-FQDN --server-ca-cert /root/capsule-fqdn/my-certificate-chain.pem --server-cert /root/capsule-fqdn/capsule-fqdn.crt --server-cert-req /root/capsule-fqdn/capsule-fqdn.0.csr --server-key /root/capsule-fqdn/capsule-fqdn.key --certs-tar /root/capsule-fqdn.tar --certs-update-server

10. Install Capsule as described from the output from the capsule-certs-generate command.

11. Done.

  • Comments(0)//

Red Hat Satellite 6.1 My repositories disappeared from my Products and Content Views

Out of troublePosted by Magnus Glantz 2015-12-03 15:31:48
If your repositories disappear from your Products and Content Views, you may be able to solve that by issuing a Sync of those repositories.

Worked for me :-)

  • Comments(0)//

Red Hat Satellite 6.1, VMware and resource pools

Out of troublePosted by Magnus Glantz 2015-09-22 22:59:41
FYI. In the current release of Red Hat Satellite 6.1 there is no way to set resource pools in VMware. A new VM will default to the root resource pool, meaning you have to either drag and drop VMs into correct resource pool in Vsphere, create a script that does this or create a hook script to set the resource pool for a VM.

Patches providing this functionality are available upstream in Foreman and I am using hotfixes that provides this functionality in Satellite 6.1, so I'm guessing a solution is not that far away.

  • Comments(0)//

Red Hat Satellite 6.1 and Docker firewall prerequisite

Out of troublePosted by Magnus Glantz 2015-09-18 17:29:21
To be able to sync with Red Hats Docker registry you will need to open up in our firewall to the two following URLs:


That is all.

  • Comments(0)//

Red Hat Satellite 6.0 to 6.1 upgrade: SE-Linux relabling, errata sync, LDAPS integratiom and other stuff

Out of troublePosted by Magnus Glantz 2015-09-07 12:34:57

So, if you are wondering what's happening with your Satellite 6.0 to 6.1 upgrade, when being stuck in yum cleanup, it's SE-Linux relabling of /var/lib/pulp.

For me, having synced RHEL 5, 6 and 7 and having 6-7 content views, it took 1 1/2 hours. So, be patient.

Also, when you run the actuall katello-upgrade there will be a stage where it does errata, repo metadata and gpg resync, this will also take about 1 to 1 1/2 hours, if you are looking at a similar setup as mine.

For the complete upgrade to 6.1, it's not over the top to schedule 1-2 days for this as there are plenty of tasks that takes time.

A heads up if you are using LDAP integration with LDAPS, you have to add your own certificates as follows:

# cat /my-bundle.crt/pem >>/etc/pki/tls/certs/ca-bundle.crt

Or you will not be able to login with your LDAP user(s).

An error message as follows will appear:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed

Or detailed:

SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
app/models/auth_sources/auth_source_ldap.rb:50:in `authenticate'
app/models/user.rb:190:in `try_to_login'
app/controllers/users_controller.rb:71:in `login'
app/models/concerns/foreman/thread_session.rb:33:in `clear_thread'
lib/middleware/catch_json_parse_errors.rb:9:in `call'

  • Comments(0)//
« PreviousNext »