Registering CentOS Clients

This section contains information about registering traditional and Salt clients running CentOS operating systems.

CentOS clients are based on CentOS and are unrelated to SUSE Linux Enterprise Server with Expanded Support, RES, Red Hat, or Expanded Support. You are responsible for arranging access to CentOS base media repositories and CentOS installation media, as well as connecting Uyuni Server to the CentOS content delivery network.

Traditional clients are not available on CentOS 8. CentOS 8 clients are only supported as Salt clients.

Server Requirements

Before you begin, check that your Uyuni Server meets the requirements at installation:hardware-requirements.adoc.

Taskomatic uses one CPU core, and requires at least 3072 MB of RAM. To ensure that taskomatic has access to enough memory, open the /etc/rhn/rhn.conf configuration file, and add this line:

taskomatic.java.maxmemory=3072

Restart Taskomatic:

systemctl restart taskomatic

Channel and Repository Management

Before you register CentOS clients to your Uyuni Server, check that you have the CentOS product enabled, and the required channels are fully synchronized.

For CentOS 8 clients, add both the BaseOS and Appstream channels. You will require packages from both channels. If you do not add both channels, you will not be able to create the bootstrap repository, due to missing packages.

Procedure: Adding Client Tools Channels
  1. At the command prompt on the Uyuni Server, as root, add the CentOS base, updates, and client channels, specifying the CentOS version and architecture:

    • For CentOS 6:

      spacewalk-common-channels -a x86_64 centos6 \
      centos6-uyuni-client centos6-updates
    • For CentOS 7:

      spacewalk-common-channels -a x86_64 centos7 \
      centos7-uyuni-client centos7-updates
    • For CentOS 8:

      spacewalk-common-channels -a x86_64 centos8 \
      centos8-uyuni-client centos8-appstream

The client tools channel provided by spacewalk-common-channels is sourced from Uyuni and not from SUSE.

There are two ways to check if a channel has finished synchronizing:

  • In the Uyuni Web UI, navigate to Software  Manage  Channels, then click the channel associated to the repository. Navigate to the Repositories tab, then click Sync and check Sync Status.

  • Check the synchronization log file at the command prompt:

    tail -f /var/log/rhn/reposync/<channel-label>.log

    Each child channel will generate its own log during the synchronization progress. You will need to check all the base and child channel log files to be sure that the synchronization is complete.

Create an Activation Key

You will need to create an activation key that is associated with your CentOS channels.

For more information on activation keys, see client-configuration:clients-and-activation-keys.adoc.

Trust GPG Keys on Clients

By default, CentOS does not trust the GPG key for Uyuni CentOS client tools.

The clients can be successfully bootstrapped without the GPG key being trusted.

However, they will not be able to install new client tool packages or update them.

To fix this, add this key to the ORG_GPG_KEY= parameter in all CentOS bootstrap scripts:

uyuni-gpg-pubkey-0d20833e.key

You do not need to delete any previously stored keys.

If you are bootstrapping clients from the Uyuni Web UI, you will need to use a Salt state to trust the key. Create the Salt state and assign it to the organization. You can then use an activation key and configuration channels to deploy the key to the clients.

Register Clients

CentOS clients are registered in the same way as all other clients. For more information, see client-configuration:registration-overview.adoc.

To register and use CentOS 6 clients, you need to configure the Uyuni Server to support older types of SSL encryption. For more information about how to resolve this error, see Registering Older Clients at client-configuration:tshoot-clients.adoc.

Manage Errata

When you update CentOS clients, the packages do not include metadata about the updates. You can use a third-party errata service to obtain this information.

Procedure: Installing an Errata Service
  1. From the command prompt, as root, add the sle-module-development-tools module:

    SUSEConnect --product sle-module-development-tools/15.1/x86_64
  2. Install the errata service:

    zypper in  perl-Text-Unidecode
  3. Create a file for your errata script:

    touch /usr/local/bin/cent-errata.sh
  4. Edit the new file to include this script, editing the repository details as required. This script fetches the errata details from an external errata service, unpacks it, and publishes the details:

    #!/bin/bash
    mkdir -p /usr/local/centos
    cd /usr/local/centos
    rm *.xml
    wget -c http://cefs.steve-meier.de/errata.latest.xml
    #wget -c https://www.redhat.com/security/data/oval/com.redhat.rhsa-all.xml
    wget -c https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL7.xml
    wget -c http://cefs.steve-meier.de/errata-import.tar
    tar xvf errata-import.tar
    chmod +x /usr/local/centos/errata-import.pl
    export SPACEWALK_USER='<adminname>';export SPACEWALK_PASS='<password>'
    /usr/local/centos/errata-import.pl --server '<servername>' \
    --errata /usr/local/centos/errata.latest.xml  \
    --include-channels=centos7-x86_64-updates,centos7-x86_64,centos7-x86_64-extras \
    --publish --rhsa-oval /usr/local/centos/com.redhat.rhsa-RHEL7.xml
  5. Set up a cron job to run the script daily:

    ln -s /usr/local/bin/cent-errata.sh /etc/cron.daily

For more information on this tool, see https://cefs.steve-meier.de/.