SUSE Manager/Errata Parsing CentOS

From MicroFocusInternationalWiki
Jump to: navigation, search

SUSE Manager Main Page

Native CentOS and Errata Parsing

1. Set up your channels/repos in SUSE Manager. You can follow these tips in the wiki: Managing CentOS clients

--or--

Install spacewalk-utils on your SUMA server:

zypper in spacewalk-utils

Run the spacewalk-common-channels script to add base channel, updates, Spacewalk client, and others as desired.

spacewalk-common-channels -u admin -p <secret> -a x86_64 'centos7',
spacewalk-common-channels -u admin -p <secret> -a x86_64 'centos7-updates'
spacewalk-common-channels -u admin -p <secret> -a x86_64 'spacewalk24-client-centos7'

Note: The /etc/rhn/spacewalk-common-channels.ini must contain the channel that is being added. 
If not, you can find the latest version here: 
https://github.com/spacewalkproject/spacewalk/blob/master/utils/spacewalk-common-channels.ini

Use the Manage Software Channels->channel name->Repositories->Sync web interface to schedule regular sync if desired.


2. Be sure to copy any and all relevant GPG keys to /srv/www/htdocs/pub. This includes the EPEL key, SUSE keys, Red Hat keys, and CentOS keys. By copying them there, you can reference them in a comma-delimited list in your bootstrap script (see example below)

 CentOS7 key files:  http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-7
 EPEL key file: http://mirrors.kernel.org/fedora-epel/RPM-GPG-KEY-EPEL-7
 Spacewalk key: http://spacewalk.redhat.com/yum/RPM-GPG-KEY-spacewalk-2015
 Red Hat keys: http://www.redhat.com/contact/security-response-team/gpg-keys.html

3. Install a client CentOS 7 with the default installation packages

4. Make sure the client machine can DNS resolve itself and the susemanager server. Validate there is an entry in /etc/hosts for the real IP address of the client.

5. For consistency sake, add a repository for the installation media using the CentOS-media.repo file in /etc/yum.repos.d/ prior to registration with SUMA. Disable all the other repos.

6. Create an activation key (centos7) on the SUSE Manager server that points to the right parent/child channels, including the CentOS base repo, updates, and Spacewalk client.

Traditionally managed clients (rhn stack)

Create/edit your bootstrap script to correctly reflect the following:

# can be edited, but probably correct (unless created during initial install):

# NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.

ACTIVATION_KEYS=1-centos7

ORG_GPG_KEY=res.key,RPM-GPG-KEY-CentOS-6,suse-307E3D54.key,suse-9C800ACA.key,RPM-GPG-KEY-spacewalk-2015


FULLY_UPDATE_THIS_BOX=0

yum clean all
# Install the prerequisites
yum -y install yum-rhn-plugin rhn-setup 

Add these lines to the very bottom of your script, (just before echo “-bootstrap complete -” )

# This section is for commands to be executed after registration
mv /etc/yum.repos.d/Cent* /root/
yum clean all
chkconfig rhnsd on
chkconfig osad on
service rhnsd restart
service osad restart

Salt minions

Create/edit your bootstrap script with 'mgr-bootstrap --salt --script=cent7-salt.sh'

# can be edited, but probably correct (unless created during initial install):
# NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.
ACTIVATION_KEYS=1-centos7
ORG_GPG_KEY=res.key,RPM-GPG-KEY-CentOS-7,suse-307E3D54.key,suse-9C800ACA.key,RPM-GPG-KEY-spacewalk-2015
...
ORG_CA_CERT=RHN-ORG-TRUSTED-SSL-CERT
ORG_CA_CERT_IS_RPM_YN=0
...
#echo "* removing TLS certificate used for bootstrap"
#echo "  (will be re-added via salt state)"
#removeTLSCertificate


7. Now you should be able to run the bootstrap script from your CentOS client:

curl -Sks https://<servername>/pub/bootstrap/bootstrap-centos7.sh | /bin/bash
 

Errata Parsing

8. You will need to parse the errata from the CentOS channel(s) to make your SUMA as useful as it should be for CentOS. This parser requires the perl-Text-Unidecode package, so you can:

Add this repository from OBS:

SUMA 3:

zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/perl/SLE_12/ perl

SUMA 2.1:

zypper ar -f http://download.opensuse.org/repositories/devel:/languages:/perl/SLE_11_SP3/ perl

Then refresh the repo, and accept the key permanently (choose option ‘a’):

zypper ref 

And install the required package:

zypper in  perl-Text-Unidecode

You can create a custom path (/usr/local/centos) and script this process in a file, such as '/usr/local/bin/cent-errata.sh'. Here is an example for CentOS 7:


#!/bin/bash
mkdir -p /usr/local/centos
cd /usr/local/centos
rm *.xml
wget -c http://cefs.steve-meier.de/errata.latest.xml
#wget -c https://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml 
wget -c https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
wget -c http://cefs.steve-meier.de/errata-import.tar
tar xvf errata-import.tar
chmod +x /usr/local/centos/errata-import.pl
export SPACEWALK_USER='admin';export SPACEWALK_PASS='<secret>'
/usr/local/centos/errata-import.pl --server <servername> \
--errata /usr/local/centos/errata.latest.xml  \
--include-channels=centos7-x86_64-updates,centos7-x86_64,centos7-x86_64-extras \
--publish --rhsa-oval /usr/local/centos/com.redhat.rhsa-RHEL7.xml

This can then be set to run with cron to run on a daily basis.

ln -s /usr/local/bin/cent-errata.sh /etc/cron.daily

References:

https://cefs.steve-meier.de/

http://blog.christian-stankowic.de/?p=5653

Create the CentOS Bootstrap Repository

For CentOS 7 Traditional clients only

Add the CentOS7 spacewalk client as a bootstrap repository to your SUSE Manager server:

mkdir -p /srv/www/htdocs/pub/repositories/centos7 
cd  /srv/www/htdocs/pub/repositories/centos7 

Get the public spacewalk client files:

wget -r -nH --cut-dirs=5 --no-parent --reject="index.html*" http://spacewalk.redhat.com/yum/2.4-client/RHEL/7/x86_64

CentOS7 client installation requires two packages available online only:

wget -c ftp://ftp.muug.mb.ca/mirror/centos/7.2.1511/os/x86_64/Packages/python-gudev-147.2-7.el7.x86_64.rpm
wget -c ftp://ftp.muug.mb.ca/mirror/centos/7.2.1511/os/x86_64/Packages/python-hwdata-1.7.3-4.el7.noarch.rpm

Create the repodata for this bootstrap repository:

createrepo .
 

Create the centos7-client.repo file on your server in /srv/www/htdocs/pub/repositories/centos7 with the following content:

[centos7-client]
name=centos7-client
baseurl=http://<servername>/pub/repositories/centos7
enabled=1 
gpgcheck=0
 

Make sure this gets added to your bootstrap script so it is included at time of registration/bootstrap ahead of the 'yum clean all' line:

# Download the .repo file for the client so the prerequisites are in place for registration
curl -Sks http://<servername>/pub/repositories/centos7/centos7-client.repo >> /etc/yum.repos.d/centos7-client.repo