Registering CentOS Clients
This section contains information about registering traditional and Salt clients running CentOS operating systems.
|
CentOS clients are based on CentOS and are unrelated to SUSE Linux Enterprise Server with Expanded Support, RES, Red Hat, or Expanded Support. You are responsible for arranging access to CentOS base media repositories and CentOS installation media, as well as connecting Uyuni Server to the CentOS content delivery network. |
|
Traditional clients are not available on CentOS 8. CentOS 8 clients are only supported as Salt clients. |
|
Registering CentOS clients to Uyuni is tested with the default SELinux configuration of |
Add Software Channels
Before you can register CentOS clients to your Uyuni Server, you need to add the required software channels, and synchronize them.
The channels you need for this procedure are:
| OS Version | Base Channel | Client Channel | Updates/Appstream Channel |
|---|---|---|---|
CentOS 6 |
centos6 |
centos6-uyuni-client |
centos6-updates |
CentOS 7 |
centos7 |
centos7-uyuni-client |
centos7-updates |
CentOS 8 |
centos8 |
centos8-uyuni-client |
centos8-appstream |
|
CentOS 6 is now at end-of-life, and the ISO images provided in the repository are out of date. Bootstrapping new CentOS 6 clients using these packages will fail. If you need to bootstrap new CentOS 6 clients, follow the troubleshooting procedure in client-configuration:tshoot-clients.adoc. |
-
At the command prompt on the Uyuni Server, as root, use the
spacewalk-common-channelscommand to add the appropriate channels. Ensure you specify the correct architecture:spacewalk-common-channels \ -a <architecture> \ <base_channel_name> \ <child_channel_name_1> \ <child_channel_name_2> \ ... <child_channel_name_n>
-
Synchronize the channels:
spacewalk-repo-sync -p <base_channel_label>
-
Ensure the synchronization is complete before continuing.
|
The client tools channel provided by |
|
For CentOS 8 clients, add both the Base and AppStream channels. You require packages from both channels. If you do not add both channels, you cannot create the bootstrap repository, due to missing packages. |
|
You might notice some disparity in the number of packages available in the AppStream channel between upstream and the Uyuni channel. You might also see different numbers if you compare the same channel added at a different point in time. This is due to the way that CentOS manages their repositories. CentOS removes older version of packages when a new version is released, while Uyuni keeps all of them, regardless of age. |
|
The AppStream repository provides modular packages. This results in the Uyuni Web UI showing incorrect package information. You cannot perform package operations such as installing or upgrading directly from modular repositories using the Web UI or API. You can use the AppStream filter with content lifecycle management (CLM) to transform modular repositories into regular repositories.
Alternatively, you can use Salt states to manage modular packages on Salt clients, or use the |
Check Synchronization Status
-
In the Uyuni Web UI, navigate to , then click the channel associated to the repository.
-
Navigate to the
Repositoriestab, then clickSyncand checkSync Status.
-
At the command prompt on the Uyuni Server, as root, use the
tailcommand to check the synchronization log file:tail -f /var/log/rhn/reposync/<channel-label>.log
-
Each child channel generates its own log during the synchronization progress. You need to check all the base and child channel log files to be sure that the synchronization is complete.
Create an Activation Key
You need to create an activation key that is associated with your CentOS channels.
For more information on activation keys, see client-configuration:activation-keys.adoc.
Trust GPG Keys on Clients
By default, operating systems trust only their own GPG keys when they are installed, and do not trust keys provided by third party packages. The clients can be successfully bootstrapped without the GPG key being trusted. However, you cannot install new client tool packages or update them until the keys are trusted.
Salt clients are set to trust SUSE tools channels GPG keys when they are bootstrapped. For all other clients and channels, you need to manually trust third party GPG keys.
|
If you are bootstrapping Salt clients from the Uyuni Web UI, you can use a Salt state to trust the key. For more information on custom Salt states, see salt:custom-states.adoc. |
-
On the Uyuni Server, at the command prompt, check the contents of the
/srv/www/htdocs/pub/directory. This directory contains all available public keys. Take a note of the key that applies to the channel assigned to the client you are registering. -
Open the relevant bootstrap script, locate the
ORG_GPG_KEY=parameter and add the required key. For example:uyuni-gpg-pubkey-0d20833e.key
You do not need to delete any previously stored keys.
Register Clients
CentOS clients are registered in the same way as all other clients. For more information, see client-configuration:registration-overview.adoc.
|
To register and use CentOS 6 clients, you need to configure the Uyuni Server to support older types of SSL encryption.
For more information about how to resolve this error, see |
Manage Errata
When you update CentOS clients, the packages do not include metadata about the updates. You can use a third-party errata service to obtain this information.
|
The authors of CEFS provide patches or errata on a best-effort basis, in the hope they are useful but with no guarantees of correctness or currency. This could mean that the patch dates could be incorrect, and in at least one case, the published data was shown to be more than a month old. For more information on these cases, see https://github.com/stevemeier/cefs/issues/28#issuecomment-656579382 and https://github.com/stevemeier/cefs/issues/28#issuecomment-656573607. Any problems or delays with the patch data might result in unreliable patch information being imported to your Uyuni Server. This would cause reports, audits, CVE updates, or other patch-related information to also be incorrect. Please consider alternatives to using this service, such as independently verifying patch data, or choosing a different operating system, depending on your security-related requirements and certifications criteria. |
-
On the Uyuni Server, from the command prompt, as root, add the
sle-module-development-toolsmodule:SUSEConnect --product sle-module-development-tools/15.2/x86_64
-
Install errata service dependencies:
zypper in perl-Text-Unidecode
-
Add or edit this line in
/etc/rhn/rhn.conf:java.allow_adding_patches_via_api = centos7-updates-x86_64,centos7-x86_64,centos7-extras-x86_64
-
Restart Tomcat:
systemctl restart tomcat
-
Create a file for your errata script:
touch /usr/local/bin/cent-errata.sh
-
Edit the new file to include this script, editing the repository details as required. This script fetches the errata details from an external errata service, unpacks it, and publishes the details:
#!/bin/bash mkdir -p /usr/local/centos cd /usr/local/centos rm *.xml wget -c http://cefs.steve-meier.de/errata.latest.xml #wget -c https://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml wget -c https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml wget -c http://cefs.steve-meier.de/errata-import.tar tar xvf errata-import.tar chmod +x /usr/local/centos/errata-import.pl export SPACEWALK_USER='<adminname>';export SPACEWALK_PASS='<password>' /usr/local/centos/errata-import.pl --server '<servername>' \ --errata /usr/local/centos/errata.latest.xml \ --include-channels=centos7-updates-x86_64,centos7-x86_64,centos7-extras-x86_64 \ --publish --rhsa-oval /usr/local/centos/com.redhat.rhsa-RHEL7.xml
-
Set up a cron job to run the script daily:
ln -s /usr/local/bin/cent-errata.sh /etc/cron.daily
For more information on this tool, see https://cefs.steve-meier.de/.