Working with Katello – part 2. We will be importing CentOS errata into Pulp.
This article is part of the Homelab Project with KVM, Katello and Puppet series.
Homelab
We have Katello installed on a CentOS 7 server:
katello.hl.local (10.11.1.4) – see here for installation instructions
See the image below to identify the homelab part this article applies to.
Credits
This is possible thanks to the following sites:
- https://cefs.steve-meier.de/ – CEFS: CentOS Errata for Spacewalk
- https://github.com/rdrgmnzs/pulp_centos_errata_import – the script that imports CentOS errata into Pulp/Katello
Installation
Install the following packages:
# yum install git \ pulp-admin-client \ pulp-rpm-admin-extensions \ pulp-rpm-consumer-extensions \ pulp-rpm-handlers \ pulp-rpm-yumplugins \ pulp-rpm-admin-extensions \ pulp-consumer-client \ python-pulp-agent-lib \ perl-Text-Unidecode \ perl-XML-Simple \ perl-XML-Parser
Configure CentOS Errata Import
Make sure that the CentOS repositories have been synched. We’ve done this in the previous article.
Clone the repository:
# cd /opt && git clone https://github.com/rdrgmnzs/pulp_centos_errata_import.git # cd ./pulp_centos_errata_import
Download the latest errata file:
# wget -N http://cefs.steve-meier.de/errata.latest.xml
Configure Pulp authetication:
# mkdir -m0700 ~/.pulp
# cat /etc/pki/katello/certs/pulp-client.crt /etc/pki/katello/private/pulp-client.key > ~/.pulp/user-cert.pem
# chmod 0400 ~/.pulp/user-cert.pem
Import CentOS Errata into Pulp
Chances are that we won’t know which repository IDs to use when importing CentOS errata, therefore we can run the following command without specifying any (it may take longer):
# perl ./errata_import.pl --errata=errata.latest.xml
Alternatively, we can view a list of Pulp repositories by using following command:
# pulp-admin repo list | less
And then import errata into repositories required, e.g.:
# perl ./errata_import.pl \ --errata=errata.latest.xml \ --include-repo=83418f8f-e069-4b24-8e67-4b07af5e87d2 \ --include-repo=0abbd033-67cc-4e42-bff0-237d52f1bcdb
There was a case when we got the error saying “Skipping errata […] — No packages found”. If that happens, try passing the repository ID you want to load the errata for with the –include-repo flag.
After importing errata, use the mighty Hammer to force post-sync actions (Katello 3.0 and up):
# hammer settings set \ --name "force_post_sync_actions" \ --value "true"
We have to sync the repositories so that errata is published (and visible in the Katello interface).
# hammer repository synchronize \ --name "base_x86_64" \ --product "el7_repos"
If all goes well, we should see some errata:
# hammer repository info \ --name "base_x86_64" \ --product "el7_repos" ID: 1 Name: base_x86_64 Label: base_x86_64 Organisation: Lisenet Red Hat Repository: no Content Type: yum Checksum Type: sha256 Mirror on Sync: no URL: http://mirror.centos.org/centos/7/os/x86_64/ Publish Via HTTP: yes Published At: http://katello.hl.local/pulp/repos/lisenet/Library/custom/el7_repos/base_x86_64/ Relative Path: lisenet/Library/custom/el7_repos/base_x86_64 Download Policy: on_demand Product: ID: 1 Name: el7_repos GPG Key: ID: 1 Name: RPM-GPG-KEY-CentOS-7 Sync: Status: Success Last Sync Date: 28 days Created: 2018/02/20 20:56:52 Updated: 2018/02/21 23:16:44 Content Counts: Packages: 9591 Package Groups: 84 Errata: 830
Note how “Mirror on Sync” is set to “no”. This is to prevent loaded errata from being cleared on next sync.
Here is some info for a randomly selected errata ID:
# hammer erratum info --id 4191 ID: 4191 Errata ID: CESA-2018:0260 Title: CentOS systemd Security Update Type: security Severity: Moderate Issued: 2018-02-01 Updated: 2018-02-01 Description: Not available Summary: Solution: