Difference between revisions of "Install Foreman 35 katello rhel8"
Jump to navigation
Jump to search
| Line 125: | Line 125: | ||
:* PROD-LATE | :* PROD-LATE | ||
The meaning of "LATE" is to patch this systems later to avoid production issues (eg: half of the systems of a Cluster (DNS, Web, ...) | The meaning of "LATE" is to patch this systems later to avoid production issues (eg: half of the systems of a Cluster (DNS, Web, ...) | ||
| + | |||
==Patch Cycle== | ==Patch Cycle== | ||
* All systems get patched at least every 4 weeks | * All systems get patched at least every 4 weeks | ||
| Line 135: | Line 136: | ||
KW03 -> Version "KW01" into "PROD" Content View | KW03 -> Version "KW01" into "PROD" Content View | ||
KW04 -> Version "KW01" into "PROD-LATE" Content View | KW04 -> Version "KW01" into "PROD-LATE" Content View | ||
| − | + | KW05 -> "Library" (daily sync) into "TEST" Content View as Version "KW05" | |
| − | KW05 -> "Library" (daily sync) into "TEST" Content View as Version " | + | KW06 -> Version "KW05" into "TEST-LATE" Content View |
| − | KW06 -> Version " | + | KW07 -> Version "KW05" into "PROD" Content View |
| − | KW07 -> Version " | + | KW08 -> Version "KW05" into "PROD-LATE" Content View |
| − | KW08 -> Version " | ||
| − | |||
... | ... | ||
| + | </pre> | ||
| + | ==Emergency Patching== | ||
| + | Due security needs, it may be necessary to apply patches immediatly. For that, you have several options | ||
| + | ===Add Packages to Conent View== | ||
[[Category:Foreman]] | [[Category:Foreman]] | ||
Revision as of 11:41, 11 May 2023
Contents
1 VM SETUP
- CPU: 4
- MEM: 20G
- DISK: 200G
2 LINKS
3 OUTSIDE CONNECTIVITY NEEDS
4 Install
subscription-manager register
dnf -y install firewalld
systemctl enable firewalld --now
firewall-cmd \
--add-port="80/tcp" --add-port="443/tcp" \
--add-port="5647/tcp" \
--add-port="8000/tcp" --add-port="9090/tcp" \
--add-port="8140/tcp" \
#--add-port="53/udp" --add-port="53/tcp" \
#--add-port="67/udp" \
#--add-port="69/udp"
firewall-cmd --runtime-to-permanent
firewall-cmd --list-all
public (active)
services: cockpit dhcpv6-client ssh
ports: 80/tcp 443/tcp 5647/tcp 8000/tcp 9090/tcp 8140/tcp
ping -c1 localhost
ping -c1 `hostname -f`
hostnamectl set-hostname `hostname -f`
dnf -y install https://yum.theforeman.org/releases/3.5/el8/x86_64/foreman-release.rpm
dnf -y install https://yum.theforeman.org/katello/4.7/katello/el8/x86_64/katello-repos-latest.rpm
dnf -y install https://yum.puppet.com/puppet7-release-el-8.noarch.rpm
dnf config-manager --set-enabled powertools
dnf module enable katello:el8 pulpcore:el8
dnf clean all
dnf makecache
dnf -y upgrade
yum -y install chrony
systemctl start chronyd
systemctl enable chronyd
echo sources | chronyc
reboot
5 Setup Foreman
foreman-installer --scenario katello --foreman-initial-organization "BITBULL" --foreman-initial-location "Verwaltung" --foreman-initial-admin-username admin --foreman-initial-admin-password admin --enable-foreman-cli-ansible --enable-foreman-cli --enable-foreman-cli-katello --enable-foreman-plugin-ansible --enable-foreman-plugin-remote-execution --enable-foreman-plugin-remote-execution-cockpit --enable-foreman-plugin-statistics --enable-foreman-plugin-tasks # --skip-checks-i-know-better --tuning development
6 Foreman Content Management - Menu Overview
7 Manage Repos with Foreman
- https://opensource.com/article/21/9/centos-stream-foreman
- https://www.youtube.com/watch?v=XsCi9Jy2lGs&t=3s
8 Create Content
- Content > Subscriptions
- Import Manifest
- Content > Red Hat Repositories
- Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
- Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
- Content > Sync Plans
- Create Sync Plan > Daily
- Content > Products > [X] Red Hat Enterprise Linux for x86_64
- Manage Sync Plan > Daily
- Sync Selected
- Content > Lifecycle Environment > Create
- TestLcEnv > ProdLcEnv
- Content > Content views > Create
- Name: cv_rhel8
- Solve dependencies: TRUE
- Content > Content views > cv_rhel8 > Publish new version
- Promote: TRUE
- Version: 1.0
- Env: TestLcEnv + ProdLcEnv
- Content > Activation Keys > Create
- Name: ak_rhel8_test
- Environment: TestLcEnv
- Content View: cv_rhel8
- Repository Sets: Disable all but needed
- Content > Activation Keys > Create
- Name: ak_rhel8_prod
- Environment: ProdLcEnv
- Content View: cv_rhel8
- Repository Sets: Disable all but needed
9 Patch Cycle Ideas Brainstorming
9.1 Prerequisites
- Daily Sync of all Foreman Libraries (Product upstream Repos)
- Working Repos as mentioned above
- Systems are grouped and registered in Lifecycle Environments
- TEST
- TEST-LATE
- PROD
- PROD-LATE
The meaning of "LATE" is to patch this systems later to avoid production issues (eg: half of the systems of a Cluster (DNS, Web, ...)
9.2 Patch Cycle
- All systems get patched at least every 4 weeks
- A Rundeck Job does update the Content Views on a regular base.
EXAMPLE: ---------------------------------- KW01 -> "Library" (daily sync) into "TEST" Content View as Version "KW01" KW02 -> Version "KW01" into "TEST-LATE" Content View KW03 -> Version "KW01" into "PROD" Content View KW04 -> Version "KW01" into "PROD-LATE" Content View KW05 -> "Library" (daily sync) into "TEST" Content View as Version "KW05" KW06 -> Version "KW05" into "TEST-LATE" Content View KW07 -> Version "KW05" into "PROD" Content View KW08 -> Version "KW05" into "PROD-LATE" Content View ...
9.3 Emergency Patching
Due security needs, it may be necessary to apply patches immediatly. For that, you have several options
