Building the foundation – part 1 – Katello


One of the foundation building blocks is a system to manage the servers and repositories as well as keeping stock of the puppet infrastructure. For this we use Katello.

Katello gives us content management, provisioning and configuration management. With the help of so-called Capsules we can extend its capabilities with functions like DHCP, CA, TFTP and more.

Hardware requirements

Katello may be installed onto a baremetal host or on a virtual guest. The minimum requirements are:

  • Two Logical CPUs
  • 4 GB of memory (8 GB highly recommended)
  • The filesystem holding /var/lib/pulp needs to be large, but may vary depending on how many different Operating Systems you wish to syncronize:
    • Allocate 30 GB of space for each operating system. Even though an operating system may not take up this much space now, this allows space for future updates that will be syncronized later.
  • The filesystem holding /var/lib/mongodb needs at least 4 GB to install, but will vary depending on how many different Operating Systems you wish to syncronize:
    • Allocate around 40% of the capacity that has been given to the /var/lib/pulp filesystem
  • The root filesystem needs at least 20 GB of Disk Space

Required Ports

The following ports need to be open to external connections:

  • 80 TCP – HTTP, used for provisioning purposes
  • 443 TCP – HTTPS, used for web access and api communication
  • 5647 TCP – qdrouterd – used for client and capsule actions
  • 9090 TCP – HTTPS – used for communication with the smart proxy




Installing Katello

To install Katello we first need to get a number of repositories.

yum -y localinstall
yum -y localinstall
yum -y localinstall
yum -y localinstall

After installing these repositories we first need to refresh the yum cache with

yum clean all
yum repolist

Now we can install the foreman-release-scl package with

yum -y install foreman-release-scl

and install the katello packages. This will install the katello-installer

yum -y install katello

And run the actual katello installer itself with


For extra information on this installer you can add ‘–help’ to see a list of options.

Configure firewall

To enable access modify the firewall (firewalld) with

firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=5647/tcp --add-port=9090/tcp
firewall-cmd --reload

Your firewall now should look something like this

[root@node3 puppet]# firewall-cmd --list-all
public (default, active)
interfaces: eno1
services: dhcpv6-client http https ssh
ports: 9090/tcp 5647/tcp
masquerade: no
rich rules:

Configuring Katello

coming soon




Get to work with Katello

coming soon

Rik Megens has written 2 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>