Install Katello on CentOS 7

We’re going to install Foreman with Katello on CentOS 7.

This article is part of our RHCA studies.

Katello vs Spacewalk vs Red Hat Satellite

We have been using Spacewalk for quite some time. Spacewalk is an upstream product for Red Hat Satellite 5.

Red Hat Satellite 6 is a re-engineering of the Red Hat Satellite product, it has been built from the ground-up on different and more modern technologies. Red Hat Satellite 6 is a federation of several upstream open source projects, including Katello, Foreman, Pulp and Candlepin. All products are open source projects, and Red Hat is the biggest contributor in each case.

What does each product do?

  1. Foreman: provisioning on new clients.
  2. Pulp: patch and content (package repository) management.
  3. Candlepin: subscription and entitlement management.
  4. Puppet: configuration management (actual running of modules assigned in Foreman).
  5. Katello: unified workflow and WebUI for content (Pulp) and subscriptions (Candlepin).

Initially Katello was a standalone application, but it’s now a plugin to the Foreman. Foreman is a complete lifecycle management tool for physical and virtual servers. When we talk about Katello, we have in mind a Foreman server with Katello plugin.


Software used in this article:

  1. CentOS 7.2
  2. Foreman 1.12
  3. Katello 3.1
  4. Puppet 3.6
  5. Pulp server 2.8
  6. Candelpin 0.9

Virtual Machine Hardware

The VM that we are going to use for Katello has the following specifications:

  1. 2 CPU cores
  2. 4GB RAM + 4GB SSD-backed swap
  3. /var/lib/pulp – 2GB
  4. /var/lib/mongodb – 5GB, mounted with noatime
  5. / – 16GB

Be advised that you need at the very least 3GB of RAM to install Katello, otherwise you are risking to get a cannot allocate memory – fork(2) error and the installation will fail. However, we recommend giving 6-8GB of RAM if at all possible, otherwise the server will be swapping heavily. It has MongoDB, PostgreSQL, Apache and Squid, as well as Tomcat and Puppet, therefore consider yourself warned.

Time Sync

According to documentation, several Katello features will not function well if there is minor clock skew.

Setup chronyd:

# yum install chrony -y
# systemctl enable chronyd && systemctl start chronyd
# chronyc sources

DNS is configured to use our lab server:

# cat /etc/resolv.conf
# Generated by NetworkManager
search hl.local

Install Katello

Configure Firewall

# firewall-cmd --permanent --add-service={http,https}
# firewall-cmd --permanent --add-port={5647/tcp,8140/tcp,9090/tcp}
# firewall-cmd --reload
# firewall-cmd --list-all
public (default, active)
  interfaces: enp0s17
  services: dhcpv6-client http https ssh
  ports: 8140/tcp 9090/tcp 5647/tcp
  masquerade: no
  rich rules:

Add Repositories

# yum -y localinstall
# yum -y localinstall
# yum -y localinstall
# yum -y localinstall
# yum -y install foreman-release-scl
# yum clean all
# yum repolist
repo id                         repo name                                                    status
base/7/x86_64                   CentOS-7 - Base                                               9,007
centos-sclo-rh/x86_64           CentOS-7 - SCLo rh                                            4,130
centos-sclo-sclo/x86_64         CentOS-7 - SCLo sclo                                            319
epel/x86_64                     Extra Packages for Enterprise Linux 7 - x86_64               10,540
extras/7/x86_64                 CentOS-7 - Extras                                               376
foreman/x86_64                  Foreman 1.12                                                    421
foreman-plugins/x86_64          Foreman plugins 1.12                                            247
katello/x86_64                  Katello 3.1                                                      33
katello-candlepin/x86_64        Candlepin: an open source entitlement management system.          3
katello-client/x86_64           Katello Client 3.1                                               15
katello-pulp/x86_64             Pulp Community Releases                                          49
updates/7/x86_64                CentOS-7 - Updates                                            2,311

Install Katello

After setting up the appropriate repositories, we can install Katello:

# yum -y install katello

We’ve got a strange error while installing Katello:

tfm-rubygem-oauth-0.4.7-8.el7. FAILED [Errno 14] curl#6 - "Could not resolve host:; Name or service not known"
Trying other mirror.

Error downloading packages:
  tfm-rubygem-oauth-0.4.7-8.el7.noarch: [Errno 256] No more mirrors to try.

However, DNS resolution seemed OK:

# host is an alias for is an alias for has address has IPv6 address 2001:4802:7802:103:be76:4eff:fe20:c55

Might be caused by IPv6. Creating a static hosts file entry with an IPv4 address did the trick:

# echo "" >>/etc/hosts

Setup the Foreman Server

At this point the foreman-installer should be available to setup the server.

Foreman can be installed without Katello, as Katello is now a plugin to Foreman (Katello was a standalone application in early days, not the case anymore). As we want to have a WebUI, we are going for Foreman with Katello.

# foreman-installer --list-scenarios
Available scenarios
  Capsule (use: --scenario capsule)
        Install a stand-alone Capsule.
  Katello (use: --scenario katello)
        Install Foreman with Katello
  Foreman (use: --scenario foreman)
        Default installation of Foreman

Foreman is the main part, as whole architecture is based on it. The rest is just integration to do certain tasks.

To customise the installation, check a list of parameters available:

# foreman-installer --scenario katello --help

The answer file /etc/foreman-installer/scenarios.d/katello-answers.yaml can be used as well.

# foreman-installer --scenario katello \
 --foreman-initial-organization=HomeLab \
 --foreman-initial-location=Basement \
 --foreman-proxy-dhcp=false --foreman-proxy-dns=false \
 --foreman-proxy-puppet=true --foreman-proxy-tftp=false \
 --foreman-proxy-ssl=true --katello-cdn-ssl-version=TLSv1
 Installing       Done      [100%] [..........................................]
  * Katello is running at https://katello.hl.local
      Initial credentials are admin / HPb5idzbztqsLpNo
  * To install additional capsule on separate machine continue by running:

      capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar "~/$CAPSULE-certs.tar"

  The full log is at /var/log/foreman-installer/katello.log

In case we forget the admin password, we can use the following command to reset it:

# foreman-rake permissions:reset

This will reset the password of the default admin user to the one printed on the command line.

Let us check disk usage:

# du -sh /var/lib/pulp/ /var/lib/mongodb/
88K     /var/lib/pulp/
3.2G    /var/lib/mongodb/

Foreman Providers

Several Foreman packages are available to add functionality:

# yum search foreman-|grep "^foreman-.*support"
foreman-assets.noarch : Foreman asset pipeline support
foreman-console.noarch : Foreman console support
foreman-ec2.noarch : Foreman Amazon Web Services (AWS) EC2 support
foreman-gce.noarch : Foreman Google Compute Engine (GCE) support
foreman-libvirt.noarch : Foreman libvirt support
foreman-mysql2.noarch : Foreman mysql2 support
foreman-openstack.noarch : Foreman OpenStack support
foreman-ovirt.noarch : Foreman oVirt support
foreman-plugin.noarch : Foreman plugin support
foreman-postgresql.noarch : Foreman Postgresql support
foreman-rackspace.noarch : Foreman Rackspace support
foreman-sqlite.noarch : Foreman sqlite support
foreman-vmware.noarch : Foreman VMware support

If we were to run on VMware, we would likely want to install the foreman-vmware package.


Leave a Reply

Your email address will not be published. Required fields are marked *