So you are using Satellite 6, but need to provision machines using KVM / Libvirt.

If you just install satellite 6, and attempt to configure a compute resource to point at a KVM hypervisor, you’ll quickly discover all kinds of certificate errors such as

Call to virConnectOpen failed: Cannot read CA certificate '/etc/pki/CA/cacert.pem': No such file or directory

In order to use satellite, you need to provide a secure way for satellite to connect to the KVM host.

In this example, i’ve chosen to allow satellite root access to my hypervisor, I would never recommend this in a production environment, but for my test lab, it works just fine.

I will write a follow up post that details how to configure this in a more secure way.

Assuming I have 2 hosts.

My satellite server - sat6 - 192.168.200.4
My kvm hypervisor - kvm - 192.168.200.1

First generate a key on my satellite

log in as the root user

ssh root@sat6

When logged into the satellite 6 server

# su - foreman -s /bin/bash
$ ssh-keygen
$ ssh-copy-id root@kvm

Then test the ssh connection to the KVM host, and make sure it works.

$ ssh root@kvm

Please note: This is a really bad idea on any system you care about, this is just a demonstration of how to make it work in a lab environment! I will follow up a post with a more secure example!

Another important point is to specify we are using ssh authentication in the URL, as well as the username. This is done by specifying qemu+ssh in the URL.

Once connected you can access the hypervisor.

You now have a really simple, and easy way to provision to a lab environment without expensive hypervisor managers!

 

 

Install the RPM Fusion Free and Non-Free repositories

$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm'

Clean and update the local dnf cache

$ sudo dnf clean all & dnf update

Install the prerequisite packages

$ sudo dnf install git perl-open ffmpeg perl-XML-Simple perl-Env perl-XML-LibXML perl-JSON-PP.noarch perl-Mojolicious.noarch AtomicParsley.x86_64

Clone the latest get-iplayer repository

$ git clone https://github.com/get-iplayer/get_iplayer.git

Change to the get_iplayer directory

$ cd get_iplayer

Run get_iplayer

$ ./get_iplayer --info
get_iplayer v2.95, Copyright (C) 2008-2010 Phil Lewis
  This program comes with ABSOLUTELY NO WARRANTY; for details use --warranty.
  This is free software, and you are welcome to redistribute it under certain
  conditions; use --conditions for details.


INFO: Getting tv Index Feeds (this may take a few minutes)

Why was it changed ?

Red Hat Enterprise Linux 7 introduced a new scheme for naming network devices called “Consistent Device Naming”. It’s called Consistent Device Naming because previously the name of the devices [eth0,eth1,eth2] was completely dependant upon the order the kernel detected them as it booted. In certain circumstances, such as adding new devices to an existing system, the naming scheme could become unreliable.

Further reading

The official Red Hat 7 Documentation on consistent device naming can be found here.

What does the new scheme look like ?

# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
 link/ether 00:0c:29:89:1b:2e brd ff:ff:ff:ff:ff:ff

How do I change it back to eth[0-9] style naming ?

In summary we need to

• Add extra parameters to the kernel configuration
• Add this to the boot configuration
• Restart the machine
• Move the existing interfaces to the new scheme
• Restart the network service

Add extra parameters to the kernel configuration

Modify the grub bootloader to pass some extra parameters to the kernel at boot time. The kernel will then use these options to decide which naming scheme to use.

First we backup and edit the grub configuration file.

# cp /etc/default/grub /etc/default/grub.bak

Then we can safely edit the grub configuration file

# vim /etc/default/grub

The config file will look similar to the following

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet "
GRUB_DISABLE_RECOVERY="true"

The line that starts “GRUB_CMDLINE_LINUX” needs to have some extra paramters added.

The extra parameters are

biosdevname=0 net.ifnames=0

So the final file looks like

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet biosdevname=0 net.ifnames=0 "
GRUB_DISABLE_RECOVERY="true"

Add this to the boot configuration

If you are using a UEFI system then rebuild grub with this command

# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg

Otherwise use the following

# grub2-mkconfig -o /boot/grub2/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-3c913eca0eab4ebcb6da402e03553776
Found initrd image: /boot/initramfs-0-rescue-3c913eca0eab4ebcb6da402e03553776.img
done

Restart the machine

Now we will restart the host, and the new naming scheme will take effect on reboot.

# shutdown -r now

Move the existing interfaces to the new scheme

It’s possible you may now need to reconfigure your network interface.

Here you can see the network interface is up, however there is no IP information associated with the new device name.

# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
 link/ether 00:0c:29:89:1b:2e brd ff:ff:ff:ff:ff:ff

For this example we will assume i’m not using NetworkManager. Therefore I’ll be editing the network configuration files in /etc/sysconfig/network-scripts directly.

Change into the network scripts directory.

# cd /etc/sysconfig/network-scripts/

Rename the old interface configuration file to new scheme

# mv ifcfg-eno16777736 ifcfg-eth0

Update the contents of the configuration file to use the new scheme

# sed -i 's/eno16777736/eth0/' ifcfg-eth0

Restart the network service

Finally restart the network service so the changes take effect.

# systemctl restart network

Now the interface can be seen with the correct IP address.

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host
 valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
 link/ether 00:0c:29:89:1b:2e brd ff:ff:ff:ff:ff:ff
 inet 192.168.100.3/24 brd 192.168.100.255 scope global eth0
 valid_lft forever preferred_lft forever
 inet6 fe80::20c:29ff:fe89:1b2e/64 scope link
 valid_lft forever preferred_lft forever

 

To use hammer without a password, we have to store the credentials in a file under the users home directory.

On the server you have hammer installed create a file called ~/.hammer/cli_config.yml

$ mkdir -p ~/.hammer/log
$ vi ~/.hammer/cli_config.yml

Add the following content, replacing USERNAME and PASSWORD with the username and password for the satellite host specified by HOSTNAME.

:ui:
    :interactive: true
    :per_page: 200
    :history_file:  '~/.hammer/history'
:foreman:
    :host: 'https://HOSTNAME/'
    :username: USERNAME
    :password: PASSWORD
:log_dir: '~/.hammer/log'
:log_level: 'error'

Now we need to lock down access to the file by setting the permissions to the owner only.

$ chmod 600 ~/.hammer/cli_config.yml

You can now use hammer without specifying the username and password each time.

 

In order to use the extra packages provided by EPEL, the repository needs to be added to your system.

Enable the EPEL repository

$ sudo yum-config-manager --add-repo=https://dl.fedoraproject.org/pub/epel/7/x86_64/

Download the EPEL GPG key

$ sudo wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

Install the GPG key

$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

Clean the local yum repository data

$ sudo yum clean all

And we are good to go!

In order to install Ansible using PIP on RHEL 7 / CentOS 7 we will configure the EPEL 7 repository, and install all of the pre-requisite packages to get Ansible up and running.

Enable the EPEL repository

$ sudo yum-config-manager --add-repo=https://dl.fedoraproject.org/pub/epel/7/x86_64/

Download the EPEL GPG key

$ sudo wget -O /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

Install the GPG key

$ sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

Clean the local yum repository data

$ sudo yum clean all

Install the required packages

$ sudo yum install -y python-devel libffi-devel openssl-devel gcc python-pip redhat-rpm-config

 

Update to the latest version of pip

$ sudo pip install --upgrade pip

Install paramiko

$ sudo pip install paramiko

Install Ansible

$ sudo pip install ansible

Check the version

$ ansible --version
ansible 2.1.0.0
 config file =
 configured module search path = Default w/o overrides

And we are good to go!