orcharhino Installation Guide

This guide describes how to install orcharhino using one of two methods.

orcharhino is available through a subscription model. Please contact us about getting access.

ATIX supports orcharhino installations on CentOS 7, Oracle Linux 7, and Red Hat Enterprise Linux 7. However, the orcharhino OVA image is CentOS 7 specific. ATIX provides Kickstart files for CentOS 7 and Oracle Linux 7. For orcharhino installations on Red Hat Enterprise Linux, go straight to the prerequisites and system requirements section.

For orcharhino installations on CentOS 7 or Oracle Linux 7, perform a Kickstart installation. ATIX provides Kickstart files to install CentOS 7 or Oracle Linux 7 on the machine where orcharhino will run on. This works in virtually any scenario including bare metal installations.

If you want to install orcharhino in a VMware vSphere (version 6.0 or greater) environment, perform an orcharhino appliance installation. This uses an open virtual appliance image (short: OVA) to create the orcharhino host in your VMware vSphere and automatically start the installation process.

Both installation methods converge in the main installation steps. Either way, start by carefully reading the prerequisites and system requirements.

Prerequisites and System Requirements

Regardless of the installation method, read all of the general requirements, the system requirements, the OS requirements, and the network requirements.

If you are performing an orcharhino appliance installation, read the appliance requirements. If you are performing a Kickstart installation, read the Kickstart requirements.

If you want to deploy hosts into networks other than the one your orcharhino is in, you also need an orcharhino proxy installed in each target network.

General Requirements

We recommend installing orcharhino on a virtual server. This allows for snapshot creation for backups among other advantages. Optionally, you can install orcharhino on a bare metal system.

Regardless of your chosen installation method, you need the following:

  • A host as outlined in the system requirements.

  • A network infrastructure as outlined in the network requirements.

  • An orcharhino activation key used to register your orcharhino instance with ATIX.

    If you have an ATIX subscription, you will receive your activation key and the required download links in your initial welcome email. If you have not received your welcome email, please contact us.

  • A browser on a secondary device that is able to resolve a route to the orcharhino host.

  • A working internet connection, either directly or by using an HTTP/HTTPS proxy.

    If you want to perform an offline installation, please contact us.

System Requirements

The system must meet the following requirements, regardless of whether it is virtual machine or bare metal server:

Minimum Recommended

OS

CentOS 7, Oracle Linux 7, or Red Hat Enterprise Linux 7

Refer to the OS requirements for more information.

CPU

4 cores

8 cores

RAM

12 GB

32 GB

HDD 1 (/)

30 GB

50 GB

HDD 2 (/var)

~ 40 GB for each CentOS, Oracle Linux, or Red Hat Enterprise Linux distribution

~ 80 GB for each Debian or Ubuntu distribution

~ 500 GB (or as appropriate) if you plan to maintain additional repositories or keep multiple versions of packages

orcharhino requires two hard drives, one is used for the root partition and the other one for the data repositories. This separation is essential for the creation of snapshots and backups, and the Kickstart files provided by ATIX will not work with a single drive system.

The main directories on /var are:

  • /var/cache/pulp/

  • /var/lib/mongodb/

  • /var/lib/pulp/

  • /var/opt/rh/rh-postgresql12/lib/pgsql/

While it’s technically possible to use different partitions for those directories, we do not recommend doing so as it will negatively affect the overall performance of the orcharhino.

Using symbolic links is not an option as they break the foreman-installer and corrupt the SELinux context if introduced at a later stage.

Ensure you allocate sufficient hard drive resources at the beginning. Running out of space for your data repositories during regular orcharhino usage leads to significant pain.

OS Requirements

You can install orcharhino on CentOS 7, Oracle Linux 7, and Red Hat Enterprise Linux 7.

Your orcharhino activation key is specific to your chosen platform. Once your orcharhino host is registered with ATIX, it receives both the package sources for orcharhino as well as packages for your respective platform directly from ATIX. ATIX updates the platform packages regularly.

The orcharhino OVA image only works for orcharhino on CentOS 7. The orcharhino Kickstart installation works on both CentOS 7 and Oracle Linux 7. If you want to install orcharhino on Red Hat Enterprise Linux 7, you need to provide a functioning base system that adheres to the system requirements. Once this base system is available, download the install_orcharhino.sh script and follow the instructions for manually launching the orcharhino installation.

If you have an ATIX subscription, you will receive your activation key and the required download links in your initial welcome email. If you have not received your welcome email, please contact us.

The install_orcharhino.sh script is also used during orcharhino installations on CentOS 7. For Kickstart installations, it is downloaded automatically and prompts the user for final execution. For orcharhino appliance installations, it runs entirely automated.

Ensure you have the necessary Oracle Linux or Red Hat Enterprise Linux subscription if you want to install orcharhino on Oracle Linux 7 or Red Hat Enterprise Linux 7. Your orcharhino subscription does not include any Oracle Linux or Red Hat Enterprise Linux subscriptions. Please contact us if you need help obtaining the relevant subscriptions or have questions on how to use your existing subscriptions.

Network Requirements

orcharhino works best when it is allowed to manage the networks it deploys hosts to, which means that it acts as DHCP, DNS, and TFTP server for those networks. Allowing orcharhino to manage networks in this way is optional but should be considered when planning an orcharhino installation. Running two DHCP services in the same network causes networking issues. Please contact us if you have any questions.

In order for orcharhino to manage hosts in one or more networks, it needs to be able to communicate with those hosts, possibly using an orcharhino proxy. As a result, you need to open a set of ports to operate orcharhino on your network if you intend to use the corresponding service.

There are generally three system types that need to connect to each other: the orcharhino, orcharhino proxies, and hosts registered against orcharhino. The following tables list all the ports required for various services to communicate from exactly one of these systems to one another:

Local Machine to orcharhino (only needed during the installation process)

Port Protocol SSL Required for

8015

TCP

no

orcharhino installer GUI

You can omit this using the --skip-gui option when running the install_orcharhino.sh script.

Clients to orcharhino

Port Protocol SSL Required for

53

TCP & UDP

no

DNS Services

67

UDP

no

DHCP Service

69

UDP

no

PXE boot

80

TCP

no

Anaconda, yum, templates, iPXE

443

TCP

yes

Subscription Management, yum, Katello

5000

TCP

yes

Katello for Docker registry

5647

TCP

yes

Deprecated (has been used by Qpid for Katello agent)

8000

TCP

yes

Anaconda for downloading Kickstart templates, iPXE

8140

TCP

yes

Puppet agent to Puppet master

9090

TCP

yes

OpenSCAP reports

Clients to orcharhino proxy

Port Protocol SSL Required for

53

TCP & UDP

no

DNS Services

67

UDP

no

DHCP Service

69

UDP

no

PXE boot

80

TCP

no

Anaconda, yum, templates, iPXE

443

TCP

yes

yum, Katello

3129

TCP

no

Squid (proxies traffic to repositories if Pulp pass-through is activated)

5000

TCP

yes

Katello for Docker registry

5647

TCP

yes

Deprecated (has been used by Qpid for Katello agent)

8000

TCP

yes

Anaconda for downloading Kickstart templates, iPXE

8140

TCP

yes

Puppet agent to Puppet master

8443

TCP

yes

Subscription Management

9090

TCP

yes

OpenSCAP reports

orcharhino proxy to orcharhino

Port Protocol SSL Required for

80

TCP

no

Anaconda, yum, Katello certificates

443

TCP

yes

yum, Katello, API, Pulp

5000

TCP

yes

Katello for Docker registry

5646

TCP

yes

Pulp mirror (Qpid dispatcher)

5647

TCP

yes

Deprecated (has been used by Qpid for Katello agent)

orcharhino to orcharhino proxy

Port Protocol SSL Required for

80

TCP

yes

bootdisk

443

TCP

yes

Pulp

9090

TCP

yes

Querying the orcharhino proxy feature set

orcharhino and orcharhino proxy to client

Port Protocol SSL Required for

7

TCP & UDP

no

DHCP, ECHO, ICMP

22

TCP

yes

Ansible, remote execution via SSH

68

UDP

no

DHCP service

8443

TCP

yes

Provisioning commands when using the host discovery plugin

Firewall Configuration

orcharhino uses firewalld. The firewall is automatically set up and configured when installing or upgrading orcharhino. Run firewall-cmd --state to view the current state of the firewall.

Refer to the firewall configuration for more information.

Appliance Requirements

If you are performing an orcharhino appliance installation, you require the following:

During the orcharhino appliance installation, you are asked to choose from a range of possible system specifications to instantiate your OVA. For this installation only, HDD 2 comes in a fixed size of 50 GiB. However, this partition is then extended with a third hard drive of arbitrary size, which is dynamically created during the OVA instantiation.

Kickstart Requirements

If you are performing a Kickstart installation, you require the following:

  • A Kickstart file

    If you have an ATIX subscription, you will receive your activation key and the required download links in your initial welcome email. If you have not received your welcome email, please contact us.

  • An .iso image, for example CentOS 7 from centos.org/download or Oracle Linux 7 from oracle.com.

ATIX maintains four different Kickstart files depending on the operating system and hard drives you are using:

  • orcharhino_centos_sdX.ks to install CentOS 7 on a host with SATA disks (/dev/sdX)

  • orcharhino_centos_vdX.ks to install CentOS 7 on a host with VirtIO disks (/dev/vdX)

  • orcharhino_oracle_sdX.ks to install Oracle Linux 7 on a host with SATA disks (/dev/sdX)

  • orcharhino_oracle_vdX.ks to install Oracle Linux 7 on a host with VirtIO disks (/dev/vdX)

Appliance Installation Steps

Use the orcharhino appliance to install orcharhino in a VMware environment.

These instructions presume prior experience using VMware’s vSphere client. The orcharhino appliance contains a parameterised but otherwise preconfigured CentOS 7 base system that significantly simplifies the deployment and installation process.

Procedure
  1. Download the orcharhino OVA image to your local client machine.

  2. Open the VMware vSphere client in a browser on your local client machine.

  3. Right-click on your datacenter, cluster, or host and select Deploy OVF Template.

  4. On the Select an OVF template screen:

    Selecting OVF Template
    1. Select Local file (1).

      You can also enter the OVA download link directly. However, we do not recommended this since it has been prone to download failures caused by random network effects.

    2. Click the Choose Files button (2) and select the previously downloaded orcharhino OVA image.

    3. Click the Next button (3) to continue.

  5. On the Select a name and folder screen:

    Selecting a name and folder
    1. Enter the Virtual machine name (1) for your orcharhino. If in doubt, use the FQDN or the host name you want to use for your orcharhino.

    2. Select a location for the new virtual machine.

    3. Click the Next button (2) to continue.

  6. On the Select a compute resource screen:

    Selecting a compute resource
    1. Select a host or cluster.

    2. Click the Next button (1) to continue.

  7. On the Review details screen:

    Reviewing details
    1. Review your settings.

    2. Click the Next button (1) to continue.

  8. On the Configuration screen:

    Configuration
    1. Choose the size for your orcharhino instance by looking at the description of each option.

    2. Click the Next button (1) to continue.

  9. On the Select storage screen:

    Selecting storage
    1. Select a hard disk format for the Select virtual disk format field (1).

      Choosing thick provision takes considerably longer to allocate storage space.

    2. Choose a data store or data store cluster in the VM Storage Policy field (2).

    3. Click the Next button (3) to continue.

  10. On the Select networks screen:

    Selecting networks
    1. Select an available network from the Destination Network field (1).

      Do not change the default values under IP Allocation Settings.

      For IP allocation, leave the default value of static - manual even if you want to use DHCP. DHCP and IP allocation are configured during the next step.

    2. Click the Next button (2) to continue.

  11. On the Customize template screen:

    Customizing template
    1. Enter your orcharhino activation key in the field provided in the Activation Key foldout menu (1).

    2. For the Hostname foldout menu (2), enter the FQDN of your orcharhino.

      The provided FQDN must contain both a host name and domain name part. That is, it must contain at least one dot, for example orcharhino.example.com.

    3. If you do not already have a DHCP service for this network and allow orcharhino to manage DHCP in the network, complete all fields from the Network Properties foldout menu (3).

    4. If your organization uses an HTTP/HTTPS proxy to access the internet, complete all fields from the Proxy Settings foldout menu (4).

    5. Set the root password of your orcharhino host in the Root Password foldout menu (5). If you leave this field blank, the root password defaults to atix. It is highly recommended to set a strong root password.

    6. Set the size of your dynamic hard drive in the Disk Properties foldout menu (6). This hard drive is added to the logical volume containing the /var partition, which houses your content repositories. The default value is set to 50 GiB. Refer to the system requirements for more information.

    7. Use the Customer CA field to upload a custom CA certificate in PEM format. This is necessary if your HTTPS proxy uses a self-signed certificate that is not trusted by a global root CA.

    8. Click the Next button (9) to continue.

  12. On the Ready to complete screen:

    Ready to complete
    1. Click the Cancel button (1) to cancel the entire installation process.

    2. Click the Back button (2) to review your settings.

    3. Click the Finish button (3) to start the deployment.

      You can track the progress of your deployment under Recent Tasks in your vSphere client:

      Recent tasks
  13. Once the deployment is complete, select the new orcharhino VM in your VMware inventory and click on Launch Remote Console or Launch Web Console.

  14. Click ACTIONS > Power > Power On to start your new VM. This automatically starts the orcharhino installation in the console you opened in step 13.

    Once your orcharhino appliance is successfully registered with ATIX and finished the main orcharhino installer, a link to the web installer is displayed in the console from step 13. The link to the installer interface generally has the following structure: http://<ip_of_your_orcharhino>:8015.

  15. Enter the link in your browser and continue with the main installation steps.

Kickstart Installation Steps

Use the Kickstart files provided by ATIX to install CentOS 7 or Oracle Linux 7 on the host orcharhino will run on.

  1. Either virtually mount your installation media or place its physical equivalent in the DVD tray for a bare metal installation.

  2. Boot your system from the installation media. Immediately halt the boot process by pressing the tab key and append the following boot option:

    ks=http://<link_to_kickstart_file>
  3. Press enter to start the automatic Kickstart installation. The installation process prompts you to press enter from time to time.

  4. Once the Kickstart installation has successfully completed, continue with the manual installation launch.

Manual Installation Launch

If you perform an orcharhino appliance installation, the install_orcharhino.sh script is started automatically. Continue with the main installation steps.

When installing orcharhino with install_orcharhino.sh, the script registers your orcharhino host with ATIX to provide it with the required orcharhino package repositories. Once successfully registered, the script launches the main orcharhino installer.

The Kickstart installation places the install_orcharhino.sh script in the /root/ directory on your orcharhino host. Alternatively, download the script directly from ATIX.

If you have an ATIX subscription, you will receive your activation key and the required download links in your initial welcome email. If you have not received your welcome email, please contact us.

The install_orcharhino.sh script supports multiple options and requires your orcharhino activation key. Run ./install_orcharhino.sh --help for a full list of options and usage instructions.

It is highly recommended to use the --name option to provide your orcharhino with a FQDN at this point. Launch your script as follows:

/root/install_orcharhino.sh --name='orcharhino.example.com' <or_activation_key>

The install_orcharhino.sh script prompts you to confirm the settings you are using for your registration with ATIX as follows:

install_orcharhino.sh: You are about to register to ACC using the following settings:
install_orcharhino.sh:   orcharhino activation key: '<or_activation_key>'
install_orcharhino.sh:   orcharhino FQDN: 'orcharhino.example.com'
install_orcharhino.sh:   orcharhino IP address: '<or_ip_address>'
install_orcharhino.sh: Proceed with these settings? [Yes/No]

Entering anything other than Yes, yes, Y, or y causes the script to exit without taking any further actions. You can always rerun the script with modified options. You can override the <or_ip_address> setting using the -i/--ip-addr=ADDR option. You can skip the above confirmation prompt using the -y/--yes option.

Once you have confirmed the prompt, the install_orcharhino.sh script launches the main orcharhino installer which displays a link to the web interface. Note that this process takes time depending on your environment. The link looks as follows:

http://<ip_of_your_orcharhino>:8015/?token=4f27b9328cc0ead7d499c93f34ec9bda5d26e7b50c4420dc0a80dcc04adcf9dd

Access the link with your browser and continue with the main installations steps.

Main Installation Steps

Use the web interface of the orcharhino installer to finish the installation process. This is the final step for both the appliance and Kickstart installation.

  1. On the Basic Configuration screen:

    Basic configuration
    • Enter the password for your orcharhino admin account (1).

    • Enter a valid email address that can be used to reach the orcharhino administrator into the Admin email field (2).

    • Enter the initial Organization and Location context of your orcharhino host. You can add additional organizations and locations later.

      One way to distinguish between orcharhino administrators and regular users is to place the orcharhino server as well as any attached orcharhino proxies into a separate location and/or organization context.

      Alternatively, you can achieve a fine grained permissions concept using roles and filters.

      Creating an Organization or Location that contains white space or non ASCII characters has been known to cause bugs. Please choose a single word that does not include umlauts or special characters.

    • Click the Next button (4) to continue.

  2. On the HTTP Proxy Configuration screen:

    HTTP proxy configuration
    • Select the Use HTTP Proxy check mark (1) and enter your HTTP/HTTPS proxy’s data in the fields provided (2-6). If your organization does not use an HTTP/HTTPS proxy, ignore this step.

      Ensure your HTTPS proxy does not modify the used certificates.

    • Click the Next button (7) to continue.

  3. On the Networking Capabilities screen:

    Network capabilities

    We recommend allowing orcharhino to manage DHCP, DNS, and TFTP on the subnet it manages hosts. Follow all of the steps below for this setup. However, if there is a good reason, then deselect the corresponding services (1), (6), and/or (11) and disregard steps (2a), (2b), and/or (2c).

    • Configure orcharhino’s DHCP capability (1).

      1. For the DHCP interface field (2), select the interface to the network orcharhino deploys hosts to. We refer to this network as the internal network hence forth.

        The orcharhino installer prefills the input fields (3), (4), and (5) with plausible values based on your DHCP interface selection. We highly recommend double checking these auto-generated values before continuing.

      2. In the DHCP gateway IP field (3), enter the gateway IP address that managed hosts use on the internal network. The auto-generated value is the default gateway on the selected interface.

      3. In the DHCP nameservers field (4), enter the IP address that managed hosts use to resolve DNS queries. If Manage DNS (6) is selected, this is the IP address of the orcharhino host on the internal interface.

      4. For the DHCP range field (5), enter the range of IP addresses that is available for managed hosts on the internal network. The installer calculates the largest free range within the IP network by excluding its own address and those of the gateway and name server. It does not verify if any other hosts already exist within this range.

    • Configure orcharhino’s DNS capability (6).

      1. For the DNS interface field (7), select the interface to the internal network which you used for the DHCP interface field (2).

        The orcharhino installer prefills the input fields (8) and (9) with plausible values based on your DNS interface selection and the systems resolv.conf file. We highly recommend double checking these auto-generated values before continuing.

      2. In the DNS forwarders field (8), enter the IP address of your DNS server. The installer pre-fills this field with a DNS server from the system’s resolv.conf file.

      3. In the DNS reverse field (9), enter the net ID part of the IP address of the internal network in decimal notation, with the byte groups in reverse order, followed by .in-addr-arpa. For example, a network address of 192.168.0.0/24 would turn into 0.168.192.in-addr-arpa; pre-filled with the appropriate value for the chosen interface.

      4. In the DNS TTL (Time to Live) in sec field (10), enter a value in seconds.

    • Select/deselect orcharhino’s TFTP capability (11).

    • Click the Next button (12) to continue.

  4. On the Operating Systems screen:

    Operating systems
    • In the Configure OS column(1), preconfigure orcharhino with a selection of operating systems. The installer automatically configures the operating system entries, the installation media entries, and the provisioning templates for any selected operating systems.

      You cannot select any Red Hat operating systems to be preconfigured by orcharhino because you need a valid subscription manifest file from Red Hat. Refer to the subscriptions and Red Hat Enterprise Linux content pages on how to import a Manifest file.

      If you want to deploy hosts running SUSE Linux Enterprise Server (short: SLES), you need to perform additional steps at the end of the installation process to set up your SLES installation media.

    • orcharhino automatically synchronizes the orcharhino client repositories for any operating system you select in the orcharhino client column (2).

    • Click the Next button (3) to continue.

  5. On the Configuration Management screen:

    Configuration management
    • Select Ansible (1) if you use Ansible for configuration management.

    • Puppet (2) is a dependency of orcharhino and installed by default.

    • Select Salt (3) if you use Salt for configuration management.

    • Click the Next button (4) to continue.

  6. On the Compute Resources screen:

    Compute resources
  7. On the Plugins screen:

    Plugins
    • Select the Plugins (1) you want to install on your orcharhino. Refer to the installing plugins page for more information. There are guides for application centric deployment, OpenSCAP, and host discovery.

    • Click the Previous button (2) to review your configuration.

    • Click the Finish button (3) to start the installation process. This displays console output in the browser window and takes time depending on your environment.

Once orcharhino has successfully installed, the web installer displays output similar to the following:

Web installer finish

Resetting SSL Certificates

Resetting the SSL certificates removes changes made to the original self-signed certificates created during the installation. You can recover an incorrectly updated SSL certificate without reverting to a previous backup or snapshot.

Procedure
  1. Connect to your orcharhino using SSH:

    # ssh root@orcharhino.example.com
  2. Reset the existing certificates:

    # foreman-installer --scenario katello --certs-reset

Setting the Host Name

Procedure
  1. Connect to your orcharhino using SSH:

    # ssh root@orcharhino.example.com
  2. Set the host name on your orcharhino.

    # katello-change-hostname $HOSTNAME -u $ADMIN_USER -p $ADMIN_USER_PASSWORD

Using Custom SSL Certificates

If you want to use custom SSL/TLS certificates, you must first install orcharhino using self-signed certificates and then replace them with your own.

In general, you can change the SSL certificates of your orcharhino, for example, if you want to use your own CA or a 3rd party non self-signed CA. You can change the katello-server-ca, but you must not change the katello-default-ca.

Ensure to carry out the following procedure with absolute caution. Aborting the procedure will irreparably damage your orcharhino. Ensure to create a backup to which you can revert to.

After this procedure, you must reconnect all external orcharhino Proxies and all managed hosts.

Prerequisites
  1. Successfully installed orcharhino with self-signed certificates

    Installing orcharhino automatically creates self-signed certificates to ensure a secure connection from your local machine to your orcharhino.

  2. Set the host name according to the name the certificates are issued to.

Migrating to Non Self-Signed Certificates

Follow this procedure if you want to migrate from a self-signed certificate to a non self-signed certificate. This allows you to use your own CA and certificates. With this procedure, you overwrite active SSL certificates on your orcharhino.

Prerequisite
  1. The certificate my_crt.pem, the server key my_key.pem, and the CA my_ca.pem must be available in PEM format in /root/or_ssl/ on your orcharhino.

Procedure
  1. Connect to your orcharhino using SSH:

    # ssh root@orcharhino.example.com
  2. Stop all orcharhino services:

    # foreman-maintain service stop
  3. Update the certificates on your orcharhino:

    # foreman-installer \
        --certs-server-ca-cert /root/or_ssl/my_ca.pem \
        --certs-server-cert /root/or_ssl/my_crt.pem \
        --certs-server-key /root/or_ssl/my_key.pem \
        --certs-update-server \
        --certs-update-server-ca \
        --foreman-proxy-puppetca-sign-all \
        --scenario katello
  4. Start all orcharhino services to enable new certificates:

    foreman-maintain service start
  5. If you use orcharhino Proxies: Transfer certificates to additional orcharhino Proxies. Create the certificates for orcharhino Proxies on your orcharhino:

    # foreman-proxy-certs-generate \
        --foreman-proxy-fqdn "$FOREMAN_PROXY" \
        --certs-tar "/root/$FOREMAN_PROXY-certs.tar"

    Replace $FOREMAN_PROXY with the FQDN of your orcharhino Proxy. Transfer the certs.tar archive to your orcharhino Proxy by following the instructions from the output of the previous command.

  6. Reconnect managed hosts because the katello-server-ca has been updated. Delete the previously used certificates, install katello-ca-consumer-latest.noarch.rpm, and reregister your managed hosts:

    # rpm -e katello-ca-consumer-orcharhino.example.com
    # subscription-manager clean
    # rpm -ivh https://orcharhino.example.com/pub/katello-ca-consumer-latest.noarch.rpm
    # subscription-manager register --org="$ORG" --activationkey="$ACTIVATIONKEY"

Update Custom Certificates

Follow this procedure to overwrite currently active custom SSL certificates on your orcharhino.

Procedure
  1. Connect to your orcharhino using SSH:

    # ssh root@orcharhino.example.com
  2. Stop all orcharhino services:

    foreman-maintain service stop
  3. If your CA certificate file has not changed, update the certificate as follows:

    # foreman-installer \
        --certs-server-cert /root/or_ssl/my_crt.pem \
        --certs-server-key /root/or_ssl/my_key.pem \
        --certs-update-server

    This procedure only updates the certificates to access the management UI and for interprocess communication. It does not update katello-ca-consumer-latest.noarch.rpm or katello-rhsm-consumer. There are no changes on your managed hosts necessary.

  4. If your non self-signed .ca file has changed, update the certificates as follows:

    # foreman-installer \
        --certs-server-ca-cert /root/or_ssl/my_ca.pem \
        --certs-server-cert /root/or_ssl/my_crt.pem \
        --certs-server-key /root/or_ssl/my_key.pem \
        --certs-update-server \
        --certs-update-server-ca

    This procedure also updates katello-ca-consumer-latest.noarch.rpm and katello-rhsm-consumer. You need to deploy this package to all managed hosts and reregister them to orcharhino as described in reconnect clients.

  5. Start your orcharhino afterwards

    # foreman-maintain service start
  6. If you use orcharhino Proxies, follow the output of foreman-installer to update the certificates on orcharhino Proxies.

Setting up Installation Media

ATIX provides file repositories for installation media. Once synchronized, you can perform offline installations using a local installation media. See ATIX Service Portal for the upstream URL.

ATIX provides the following installation media as file repository:

  • Debian 9 and 10

  • Ubuntu 18.04

  • Ubuntu 20.04

This section presumes you have selected at least one Oracle Linux or SUSE Linux Enterprise Server (short: SLES) variant from the list of operating systems during step four of the main installation steps.

Installation media for Oracle Linux and SLES are not generally available on public mirrors. Obtain the .iso files directly from Oracle or SUSE. As a result, it is necessary to add any installation media to your orcharhino manually.

This example describes how to add installation media for SLES. The process to add installation media for Oracle Linux is analogous.

Prerequisites
  • You need access to the relevant installation media in the form of .iso files.

Navigate to Hosts > Installation Media and ensure there are already entries for SLES respective Oracle Linux.

SLES installation media

However, the paths displayed for your installation media are currently pointing at non existent locations. You need to unpack the .iso files to the location specified by these paths.

Procedure
  1. Copy your SLES .iso file to your orcharhino:

    # scp sles.iso root@orcharhino.example.com:/tmp/
  2. Create the directory for your SLES medium:

    mkdir -p /var/www/html/pub/installation_media/sles/11sp4/
  3. Extract your SLES .iso file to the newly created directory.

    1. Install p7zip:

      yum install p7zip p7zip-plugins
    2. Extract the .iso file:

      7z x <path_to_sles_iso> -o'/var/www/html/pub/installation_media/sles/11sp4/'
    3. Ensure the permissions of your extracted files allow the apache user to read them:

      chmod -R go+X+r /var/www/html/pub/installation_media/sles/11sp4/*
  4. Optional: Ensure your extracted files are available at the following location using a browser:

    http://orcharhino.example.com/pub/installation_media/sles/11sp4/
  5. Optional: Remove the SLES .iso file from your orcharhino host.

Alternatively, you can also host the content of the .iso file on an arbitrary web server that is reachable from your orcharhino. Change the path to the SLES medium in the installation media entry accordingly.

Additional Steps for Oracle Linux 8

Adjust the repository paths of the installation medium for Oracle Linux 8.

  1. Point the path of the installation media to the BaseOS path within the extracted installation medium.

  2. The installation of Oracle Linux 8 requires a second repository which is located in the AppStream path within the extracted installation medium. Add the additional_media variable to the Oracle Linux 8 entry on the operating systems page with the following value:

    Oracle Linux 8 additional media parameter

    Even though this is and has to be valid JSON-data, set the parameter type to string.

    [{"url": "http://orcharhino.example.com/pub/installation_media/ol/8/AppStream/", "name": "AppStream"}]
  3. Create a symbolic link in the /BaseOS path for this version:

    cd /var/www/html/pub/installation_media/ol/8/BaseOS
    ln -s ../images

    This is required for orcharhino to find the kernel and initrd files which are used for network based installations of hosts running Oracle Linux 8.