Key components built on mature open source projects:
- Puppet: Configuration Management
- FOREMAN: Provisioning
- Pulp: Repository Management
- KATELLO: Content/LifeCycle Management
- Candlepin: Subscription Management
Orginization: Organizations divide hosts into logical groups based on ownership, purpose, content, security level, and other divisions. Subscription manifests can be imported only into a single organization. Satellite will not upload a certificate that has already been uploaded into a different organization.
Manifests: Manifest files are signed ZIP files, which provide SKU-level mapping of products, including SLA and expiration dates. Manifests contain information in JSON format and are fairly cryptic. Red Hat Enterprise Linux include the rct tool, which you use to work with manifests.
LifeCycle Management: The lifecycle envirnment is a means to manage versions with in the datacenter. By default all content that come in to Satellite goes into the evnirnment called ‘Library’ from the Library administrators can move content to other envirnments such as Dev, Testing, Prod etc
The application life cycle is divided into life cycle environments that mimic each stage of the life cycle. Life cycle environments are linked in an environment path. You can promote content along the environment path to the next life cycle stage when required.
Content Views: A repository (yum/Puppet) provides storage for a collection of content. You can associate a repository with specific content views. Content views are managed selections of content that contain one or more repositories with optional filtering. Published content views are used with life cycle environments. Content View is a new feature that comes with satellite 6, it is means for modeling content
Composite content view: Is a combination of multiple content views. We can take this composite content view and promote it into over lifecycle environment
Discovery: RH Satellite can automatically identify non provisioned host
Hammer: Is the cli tool to manage Red Hat Satellite 6
Activation Key: Activation keys are preset keys used when registering the host. They defines life-cycle environment, host collection, organization, subscription usage limit.
Host Groups: Defines a set of default values for a host
Red Hat Satellite Server can still provision systems with the latest security updates, errata, and packages. This is achieved by using katello-disconnected utility and Synchronization host
synchronization host is an intermediary system with an Internet connection. This host is in a separate network from the Satellite server.
The synchronization host download content through Pulp. The content is then exported onto physical media and transferred to the disconnected Satellite server.
foreman-tasks: Provides Dynflow infrastructure for using Dynflow for managing the tasks.
foreman_bootdisk: Satellite plug-in for creating iPXE-based boot disks to provision hosts without the need for PXE infrastructure.
foreman_discovery: MaaS Discovery plug-in engine for Satellite.
foreman_docker: Provisions and manages Docker containers and images from Satellite.
foreman_openscap: Satellite plug-in for managing security compliance reports.
foreman_remote_execution: Brings remote execution to Satellite, completing the configuration management functionality with remote management functionality.
foreman_theme_satellite: Enables building themes for Satellite.
Katello: Content and subscription management plug-in for Satellite. redhat_access: Adds Red Hat Access knowledgebase search, case management, and diagnostics to Satellite.
- Red Hat Enterprise Linux 7 Server 64-bit
- A minimum of 2 CPU cores, 4 CPU cores are recommended
- A minimum of 12 GB memory is required for the Satellite Server to function, 16 GB of memory or more is recommended
- A unique host name, which can contain lower-case letters, numbers, dots (.) and hyphens (-)
- A current Red Hat Satellite subscription
- Full forward and reverse DNS resolution using a fully-qualified domain name
The XFS file system is recommended for Red Hat Satellite 6 because it does not have the inode limitations that ext4 does.
Repository Required :
Red Hat Enterprise Linux $releasever - $basearch
Red Hat Enterprise Linux Software collections
Installing Satellite 6
Instead of having distinct installation programs for Satellite and Capsule (katello-installer, capsule-installer), Satellite 6.3 has “scenarios” to determine which features are installed, Satellite-installer –list-scenarios
yum install satellite -y #list satellite scenarios satellite-installer --list-scenarios #The installer can be run multiple times to add, disable, and configure features. satellite-installer --foreman-initial-organization hazaq-me \ --foreman-initial-location dxb \ --scenario satellite \ --foreman-proxy-tftp true \ --foreman-proxy-dhcp true \ --foreman-proxy-dhcp-gateway "192.168.0.2" \ --foreman-proxy-dhcp-interface "eth0" \ --foreman-proxy-dhcp-range "192.168.0.200 192.168.0.250" \ --foreman-proxy-dns true \ --foreman-proxy-dns-forwarders "192.168.0.10" \ --foreman-proxy-dns-interface "eth0" \ --foreman-proxy-dns-reverse 0.168.192.in-addr.arpa \ --foreman-proxy-dns-server "127.0.0.1" \ --foreman-proxy-dns-zone "hazaq.me" \ --foreman-admin-password 'password' #Alternatively, this can be done interactively with satellite-installer -i.
After installing you can set the default Orginization and Location by going in to
Admin User → My Account
Set Up Hammer:
mkdir ~/.hammer touch ~/.hammer/cli_config.yml chmod 600 ~/.hammer/cli_config.yml cat > ~/.hammer/cli_config.yml << EOF :foreman: :host: 'https://satellite.hazaq.me/' :username: 'admin' :password: 'password' EOF hammer organization list
Next step is to download the manifest for rh customer portal. And import it into satellite 6 by Select Content → Red Hat Subscriptions
Now we can select repos that we need by going into Content → Red Hat Repositories
Red Hat Satellite Tools 6.2 Repo should be selected.
Once the repos are select we can start synchronize content. To do that we need to select Content → Sync Status then check the produects and click Synchronize Now
you can see the sync progress by useing the below log file
tail -f /var/log/foreman/production.log
The date and time should be correct and synchronized on client and satellite server.
Virtualized environments should have ntpd or chronyd.
Red Hat Subscription Manager should be installed and updated. YUM and yum-rhn-plugin should be updated.
#Download and the CA intallation rpm wget http://satellite.hazaq.me/pub/katello-ca-consumer-latest.noarch.rpm yum -y install katello-ca-consumer-latest.noarch.rpm #To verfy that CA is installed run grep -i baseurl /etc/rhsm/rhsm.conf #Now we can register this system to the satellite server subscription-manager register --org=hazaq-me --environment=Library subscription-manager attach --pool <ID> #Enable Satellite tools which has the katello agent subscription-manager repos --enable rhel-7-server-satellite-tools-6.2-rpms #Install katello agent yum -y install katello-agent
You can leverage puppet with satellite, run below command on client to install and enable puppet
yum -y install puppet systemctl enable puppet /usr/bin/puppet config set server satellite.hazaq.me --section agent /usr/bin/puppet config set ca_server satellite.hazaq.me --section agent
The first time you run Puppet on a client system and connect it to the master, the agent creates an SSL certificate for itself and sends it to the master. The master signs the certificate and returns it to the agent.
puppet agent --test --onetime
Output should look something like this.
Info: Creating a new SSL key for localhost.integra.lan Info: Caching certificate for ca Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for localhost.integra.lan Info: Certificate Request fingerprint (SHA256): BB:72:25:D0:7D:99:74:AF:17:B2:2E:9E:C4:19:2B:5A:96:44:A9:47:5C:8B:4D:13:13:B7:A3:1E:CA:DD:77:13 Info: Caching certificate for ca Exiting; no certificate found and waitforcert is disabled
In the Satellite 6 web interface, select Infrastructure → Capsules.
In the row with the Satellite server’s host name, at the right in the Actions column, click the down arrow and select Certificates.
To the right of your listed client system, click Sign.