Posts

Showing posts from October, 2015

Setup dynamc DNS updates with Active Directory DNS to be used by Smart Proxy of Katello/Foreman

Both BIND as configured in FreeIPA and Microsoft AD DNS servers can accept DNS updates using GSS-TSIG authentication. This uses Kerberos principals to authenticate to the DNS server. Under Microsoft AD, this is known as "Secure Dynamic Update". Pre-requisites     Kerberos principal in the realm/domain that Smart Proxy can use     Kerberos keytab for the above principal Setup krb5.conf cat > /etc/krb5.conf << "EOF" [logging]  default = FILE:/var/log/krb5libs.log  kdc = FILE:/var/log/krb5kdc.log  admin_server = FILE:/var/log/kadmind.log [libdefaults]  default_realm = EXAMPLE.COM  dns_lookup_realm = true  dns_lookup_kdc = true  ticket_lifetime = 24h  renew_lifetime = 7d  forwardable = true [realms]  EXAMPLE.COM = {   kdc = dc01.example.com   admin_server = dc01.example.com  } [domain_realm]  example.com = EXAMPLE.COM  .example.com = EXAMPLE.COM EOF Microsoft AD configuration A user has to be created in Active Directory t
Post a Comment
Read more

Sync Repos finish with warning hostname does not match the server certificate

This is happening because the following: Actions::Katello::Repository::ErrataMail Input: {"repo"=>4, "last_updated"=>"2015-10-17 02:20:18 +1300", "locale"=>"en"} Output: {} Exception: OpenSSL::SSL::SSLError: hostname does not match the server certificate   As we can see the sync of repos is failed because the errata mail can't be send it to resolve this issue we need to configure our email.yml   # cat /etc/foreman/email.yaml # Outgoing email settings production: delivery_method: :smtp smtp_settings: address: smtp.example.com port: 25 enable_starttls_auto: false << add this to avoid the connection via tls to  the mail server if you don't needed.
Post a Comment
Read more

How to execute remote commands with Katello 2.3 and 2.4 on remote clients

This can be achieve installing the following foreman plugin http://theforeman.org/plugins/foreman_remote_execution/0.0/ Start by installing  repository and EPEL7, see Quickstart instructions and Foreman manual for more information.   After it sucessfully finishes you'll have to manually install plugins by following command   yum install ruby193-rubygem-foreman_remote_execution rubygem-smart_proxy_remote_execution_ssh Note : the plugin only works if you satellite was install on RHEL7/Centos 7 for Katello after that you going to have job   templates in hosts tab just create a new job template for example   Template that allow install remove and update packages   Name: Package Actions die() { echo "${1}, exiting..." exit $2 } <% unless input("pre_script").blank? -%> # Pre Script <%= input("pre_script") %> RETVAL=$? [ $RETVAL -eq 0 ] || die "Pre script failed" $RETVAL <% end -%>
Post a Comment
Read more