Installing Katello on CentOS 7

Posted on by Werner

Katello is a plugin for Foreman that provides the functionality to manage the patching life cycle of servers.
It should be noted that, even if Katello is a plugin, one cannot install Katello on a existing Foreman install – it WILL break things.
Best to start with a fresh install…

This first post will cover the initial install of Katello as central management server for an organisation. We will use Katello for DNS provision as well.

For the demo, we will use a VM guest running on VMWare 6.7. Hardware settings will be 4vCPU and 16Gb RAM. Initially we will start with a 3-disk LVM setup, a 1Gb drive for /boot, a 10Gb drive for the system, and a 80Gb drive for the pulp data. If this will be used as a production server, the storage will have to be sufficiently upgraded.

At the time of writing, the latest GA version of Katello was 3.12. Install the relevant yum repositories in order to source the packages.

Prior to running the installer, the machine should be set up with a time service such as ntpd or chrony, since several Katello features will not function well if there is minor clock skew. 

yum -y localinstall https://fedorapeople.org/groups/katello/releases/yum/3.12/katello/el7/x86_64/katello-repos-latest.rpm
yum -y localinstall https://yum.theforeman.org/releases/1.22/el7/x86_64/foreman-release.rpm
yum -y localinstall https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
yum -y localinstall https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install foreman-release-scl

Ensure the system is up to date: 

[root@katello ~]# yum upgrade
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.scalabledns.com
 * extras: mirror.scalabledns.com
 * updates: centos-distro.cavecreek.net
No packages marked for update

Next, install the Katello package:

yum -y install katello

This will download and install the ~500 packages required to run Katello, so it might take a few minutes to complete.

Katello is hugely configurable, so check out all the options and tweak the installer as neccesary. To see the options, run

foreman-installer --scenario katello --help

For this install, we’ll start with enabling VMWare integration, and only DNS and TFTP services enabled.

So, for this example, we’ll use the following switches:

foreman-installer  --scenario katello \
\
--lock-package-versions \
-v \
-l \
--enable-foreman-compute-vmware \
--foreman-puppetrun=true \
\
--foreman-proxy-dns=true \
--foreman-proxy-dns-forwarders=8.8.8.8 \
--foreman-proxy-dns-forwarders=8.8.4.4 \
--foreman-proxy-dns-interface=ens192 \
--foreman-proxy-dns-listen-on=both \
--foreman-proxy-dns-reverse=50.168.192.in-addr.arpa \
--foreman-proxy-dns-zone=ics.dmz \
\
--foreman-proxy-tftp=true \
--foreman-proxy-tftp-listen-on=both \
--foreman-proxy-tftp-managed=true \
--foreman-proxy-tftp-servername=$(hostname) \
\
--foreman-proxy-dhcp=true \
--foreman-proxy-dhcp-gateway="192.168.50.245" \
--foreman-proxy-dhcp-listen-on=both \
--foreman-proxy-dhcp-nameservers="192.168.50.245,192.168.1.1,8.8.8.8" \
--foreman-proxy-dhcp-range="192.168.50.150 192.168.50.199" \
--foreman-proxy-dhcp-search-domains="ics.dmz" \
\
--foreman-initial-admin-email=REDACTED \
--foreman-initial-admin-first-name=Werner \
--foreman-initial-admin-last-name='van der Merwe' \
--foreman-initial-admin-password=7XTFGRPxC4mWcZDv

Once that completes, we should be able to navigate to (in our case) https://katello.ics.dmz providing we made provisioning for the DNS resolution.

If you cannot reach the site, firstly ensure that you have a firewall rule allowing traffic.

To see if https and http are allowed:

firewall-cmd --list-all

If https is not in the services line, you can add it as follow:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Browsing to the URL now, should bring you to an non-trusted page:

This is expected, and one can import the cert from http://katello.ics.dmz/pub/katello-server-ca.crt

This will be important if one want to set up NoVNC connections later.

You should now be greeted with the login screen for Katello, where you can use the username/password combination we specified in the install command.

Log into the system, click on the name top right, and change the password as a first step!

Congratulations, you’ve just installed Katello! Next post will be around configuring Katello.

Leave a Reply

Your email address will not be published. Required fields are marked *