Beruflich Dokumente
Kultur Dokumente
of Contents
Satellite 6 1.1
Installation 1.2
Base Install 1.2.1
Registration 1.2.2
Attach Entitlements 1.2.3
Installation 1.2.4
Initial Setup 1.2.5
Initial Configuration, adding Red Hat Repos 1.3
Creating the Manifest 1.3.1
Prepare for Manifest Import 1.3.2
Importing the Manifest 1.3.3
Adding Red Hat Repositories 1.3.4
Synchronising Repositories 1.3.5
Lifecycle Environments 1.4
Content Views 1.5
Defining Content Views 1.5.1
Capsules / Smart Proxies 1.6
Configure the Server for Provisioning 1.7
Architectures 1.7.1
Domains 1.7.2
Activation Keys 1.7.3
Partition Tables 1.7.4
Subnets 1.7.5
Provisioning Templates 1.7.6
Operating systems 1.7.7
Host Groups 1.8
Defining Host Groups 1.8.1
Host Creation 1.9
Troubleshooting 1.10
Locations and Organisations 1.10.1
2
Capsules / Proxies 1.10.2
Tasks 1.10.3
Next Steps 1.11
3
Satellite 6
Introduction
Red Hats latest version of their Lifecycle Management tool, Red Hat Satellite 6, is a big
change from earlier versions
Version 5 was based on the upstream, open source project called Spacewalk, which also
included the Cobbler project, where as the latest version is a combination of a few other
open source projects - Katello & Foreman.
Foreman itself is also a combination of open source code written by themselves and and
open source project called Puppet (by Puppet Labs). While Katello is also a combination of
Candlepin and Pulp
As such, while the latest version has the potential to do much more and scale far beyond
earlier versions, with this comes some more complexity.
About you
You are someone who is familiar with administering Linux. You will hopefully have some
experience of installing/provisioning and Knowledge of Puppet would also be beneficial but
not essential
Note
The book covers Satellite 6.0, 6.1 and the 6.2 beta. The sister book (Getting started with
Hammer) has been updated to 6.1
4
Satellite 6
Authors
Adrian Bradshaw (abradsha@redhat.com)
5
Installation
Installation
Pre-Requisites
Before we start, you need
vanilla install of RHEL. (we will be using RHEL6, but RHEL7 is also supported)
valid entitlement for RHEL and entitlement for Satellite
a login to access.redat.com (for creating and downloading the manifest)
Firewall configuration
Its worth getting the firewall configured at this stage, so that we dont forget later. I shall
assume a default firewall config exists. Configure the firewall any way you feel confortable,
there is a quick option below.
RHEL 6 Firewall
iptables -F
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 5671 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8140 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 9090 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
# And for the Capsule services
iptables -I INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 67 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 68 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 69 -j ACCEPT
service iptables save
RHEL 7 Firewall
RHEL 7 uses firewalld, which is new to all of us. Below are some simple steps to get the
firewall setup as we need it
firewall-cmd --get-active-zones
6
Installation
You should see something like this that indicates its active zone is public
public
interfaces: eth0
If the active zones list is empty, its probably because the NIC has not been assigned to a
group:
firewall-cmd --zone=public \
--change-interface=nicInterfaceName
OK, now we have verified that, lets take a look at the default rules in place
Of course this is not what we require, so lets add in all the ports we require including the
ones for the additional capsules (DNS & DHCP)
As I have used --permanent above, we will have to restart the firewall for this to take effect.
We use firewall-cmd --reload as it will keep the existing state information. See the man
page for more details
firewall-cmd --reload
7
Installation
More information on what each of these ports are for can be found here (Satellite 6.0):
Installation Guide Prerequisites
More information on what each of these ports are for can be found here (Satellite 6.1):
Installation Guide Prerequisites
More information on what each of these ports are for can be found here (Satellite 6.2 Beta -
Section 2.4): Installation Guide Prerequisites
8
Base Install
Base Install
Start with a fresh installation of RHEL 6.6, which was installed via ISO. I prefer this, over
templates or machines deployed by Satellite/Foreman as it keeps it as clean as possible and
there is no existing puppet configuration, might have lead to problems later on.
NOTE: I am currently working back through this book and adding in any RHEL7 specific
steps
Once installed, we will register the machine to Red Hat, and fully update it. Then we will
change its Satellite version, add some subscriptions and download its manifest file and get
the Satellite software installed
9
Registration
Registration
I like to follow a very precise way of registering the box, one that I have worked out over
many installation methods. While its not the way currently mentioned in the official
documentation, it works for me 100% of the time.
You will then be prompted for your credentials, enter them and the system should be
correctly registered, but not attached/consuming entitlements
At this point its important to logon to the Red Hat Customer Portal and set the version of
Satellite to 6.0 (or higher depending on what version you are using).
10
Attach Entitlements
Attach Entitlements
OK, lets get a list of whats availble to you, you are specifically looking for the Pool IDs here
This will give you a quicker output if you don't want to browse each one:
Search for the Satellite Subscription, as a Red Hat employee, some of the output I see is as
follows, yours will look a little different
SKU: SER---US
Pool ID: aaaabbbbccccddddeeeeffffgggghhh
Available: 17
Suggested: 1
Service Level: Self-Support
Service Type: L1-L3
Multi-Entitlement: No
Ends: 01/01/22
System Type: Physical
11
Attach Entitlements
NOTE: If you're looking to install the Satellite 6.2 Beta or a newer version of the
product, make sure you use the subscription which provides Satellite 6 Beta.
then make sure you log on to Red Hat and select the verison of Satellite, as mentioned
in the previous section. Be sure to click the update button
You will then be able to attach to that pool. However, depending on your entitlemenmts, the
pool you have atached to may not have Software Collections. If this is the case, use
subscription manager to list all availble pools and attach one that contains Software
Collections
This may enable too many repositories. The Satellite documentation makes clear which
repositories you will need, and shows how to disable the ones you dont.
12
Attach Entitlements
Once done, check that you have access to **exactly** three repos
yum repolist
...
### RHEL 7 Repos for Satellite 6.2 Beta and newer versions of the product.
Once done, check that you have access to **exactly** three repos
13
Attach Entitlements
yum repolist
...
Once you have confirmed that you have access to exactly those three repositories, carry on
to the next part.
14
Installation
Installation
Now we have the correct repos configured, update the server with the latest updates from
Red Hat.
yum -y update -y
15
Initial Setup
We will create an "all-in-one" deployment, meaning that the Satellite will have the additional
roles of TFTP proxy, DHCP server and DNS server added at install time.
Note: It is highly recommended that you set an initial organisation and location before
installing the product. The organisation should be the company using the product such
as Redhat. The Location should be the datacenter location at which the product is
installed (such as Europe, West Europe or EMEA).
Once the installer has finished, you should be able to login by pointing your browser to
https://<servername> (assuming you have made the necessary firewall changes).
The installer can be re-run to enable missing options or options that have been
misconfigured. It can also be used if the admin password has been lost.
16
Initial Setup
The katello-installer has been replaced in Satellite 6.2 and above with foreman-installer. To
find the full list of options available for the foreman-installer run the command:
foreman-installer --help
Note: It is highly recommended that you set an initial organisation and location before
installing the product. The organisation should be the company using the product such
as Redhat. The Location should be the datacenter location at which the product is
installed (such as Europe, West Europe or EMEA).
The installer can be re-run to enable missing options or options that have been
misconfigured. It can also be used if the admin password has been lost.
17
Initial Configuration, adding Red Hat Repos
Each type of repo can either be synchronised on demand or alternatively can be scheduled
to synchronise on a regular basis.
Before we can add Red Hat repositories, we need to create an organisation and location
then create and import a manifest file however.
18
Creating the Manifest
Be sure to re-set the Version, if it has become unset (as in the screenshot below) and hit
Update
NOTE: If the version of satellite you are not using isn't available in the list try using the
previous version. For example, the Satellite 6.2 beta will accept a 6.1 manifest, though
it will error, it will work fine.
Then locate the "Attach a subscription" (bottom right in the screenshot below).
Navigate to the subscription you wish to add, select the checkbox on the left and enter a
quantity on the right before selecting Attach Selected
It may take some time to attach the subscription, as it will say on the screen (see screenshot
below).
19
Creating the Manifest
Hit refresh from time to time until it completes and then click on the Download Manifest
button and save the manifest somewhere safe
20
Prepare for Manifest Import
NOTE: If you added the initial-organization and initial-location options to the installer
you don't need to perform these steps unless you want to create additional locations or
organisations. Also note that organisations and locations can be nested such as
EMEA/UK or EMEA/Spain.
Login to the Satellite web interface and select the Manage Organisation menu item
and fill in the entries on the first page and hit submit
21
Prepare for Manifest Import
This takes you to the second page (seen below). Here it is asking where to assign the
existing node (the Satellite server itself)
22
Prepare for Manifest Import
Now you will see that your new organisation has been created
23
Prepare for Manifest Import
24
Importing the Manifest
In the first drop down menu, select your Organisation and Location In my case these were
"Example Org" and "Europe"
The left side of your menu bar should look like this
Use the Browse and Upload buttons to locate and upload the manifest you downloaded
earlier
25
Importing the Manifest
Once that has imported successfully, you can proceed to selecting the Red Hat Repositories
you wish to synchronise.
26
Adding Red Hat Repositories
NOTE: I shall focus on provisioning RHEL 6.5 hosts in my example but if you prefer to
stick with the latest version, its better to use the 6Server repository. The RHEL7
repositories have t
27
Adding Red Hat Repositories
RH Common RPMs
28
Adding Red Hat Repositories
29
Synchronising Repositories
Syncronising Repositories
As mentioned at the earlier, repositories syncronisation can either be manually syncronised
or configured to syncronise on a schedule
NOTE: It is highly recommended that you use a sync plan to regularly syncronise
repositories.
At this stage lets get the Red Hat repositories, that we need for provisioning to work,
downloaded.
Click on the Expand All and Select All links and click on the Synchronise Now button
We will leave other Repsoitory types until later but there is no need to wait for those
repositories to sync, we can proceed to Lifecycle Environments next
30
Synchronising Repositories
31
Lifecycle Environments
Lifecycle Environments
Satellite 6 has the concept of Lifecycle Environments. These should generally match the
names of your tiers, such as Crash, Development, QA, Production etc etc
The idea is that your hosts or clients will exist in one of these tiers. A Content View
describing how the host should be configured is defined and pushed or promoted to the first
tier (Crash in our example) where it is tested and refined before it is promoted to the next
environment for the next team to test. We will discuss Content Views in another section
Creating Lifecycle Environments is easy, simple select Lifecycle Environments from the
Content Menu and click on New Environment Path
Here is an example I created for the book, by default all repositories download to the built-in
Library Environment.
In this book we shall be using the Library environment for simplicity. In reality you should be
promoting content to other environments.
32
Content Views
Content Views
At this point we will have to wait for our Red Hat Repositories to be syncronised before we
define content views.
Content views contain RPM packages from repos as well as puppet modules from puppet
repos. Everything needed in order to correctly configure the hosts.
Once defined, your content views will be published to the appropriate Lifecycle
Environment
33
Defining Content Views
On the Content tab, selected the repositories that you want to add to this view and click
Add Repositories
As a bare minimum, for provisioning you will need (or the RHEL7 equivalent):
Depending on if you have changed the Provision Template you may also need
If you want to include some Puppet Repositories, feel free, but for now we can leave those
out. They will be covered later on.
Now we need to Publish a new version of our Content View so that we can use it. Simply
click the Publish New Version
34
Defining Content Views
The process will take time, progress can be tracked on the Tasks tab
35
Capsules / Smart Proxies
These are usually, but not always, on remote servers and not on the main Satellite server
itself. However, that said, in this introductory session we configured our Satellite to have
multiple local Capsules.
We chose to run TFTP,DHCP & DNS Capsules on our main Satellite server
36
Configure the Server for Provisioning
Architecture
Domain
Activation Key
Partition Table
Subnet
DHCP Proxy
DNS Proxy
Realm Proxy
TFTP Proxy
Provisioning Templates
Operating Systems
37
Architectures
Architectures
First we will check that out architectures are present and visible in out Org/Location
If its not visible go to the "Any Organisation" and see if its there, if it is, click on it and make
sure that you add the correct Location and Oragisation to it. Then switch back to your
organisation again
38
Domains
Domains
Next we do the same for Domains. The first domain should have been setup by the installer.
With your orgainisation and location selected, go to
Infrastructure > Domains
If its not visible go to the "Any Organisation" and see if its there, if it is, click on it and make
sure that you add the correct Location and Organisation to it. Then switch back to your
organisation again.
39
Activation Keys
Activation Keys
Now we shall create an Activation Key.
NOTE Satellite can provision and update RHEL5 machines as well as RHEL6/7 but just
like RHEL6.5, subscription-manager wasn't introduced until around RHEL 5.7
Before doing this step, make sure your Content View has finished publishing
followed by the New Activation Key button. Fill in the Name, select the Lifecycle
Environment and Content View and click Save
Once the key is created, make sure that the Release Version is set
40
Activation Keys
Optionally, take a look on the Product Content to see if you you want change any of the
defaults
41
Partition Tables
Partition Tables
Next we check that our Partition tables are visible in our Org/Location. This should have
been setup by the installer.
42
Subnets
Subnets
The next stop is to verify that our subnet is visible under our Org/Location. Navigate to
Infrastructrue > Subnets
If you cant see any, swicth to Any Organisation / Any Location and see if its there. If it is,
then make sure that you move it to your Org/Location
If you cant see it, then maybe we need to Import Subnets from our Capsule
Navigate to
Infrastructure > Capsules and use the pull down menu on your severs entry to Import
Subnets
This will open up the Import subnets dialog. Fill in the details that are appropriate to your
network segment
43
Subnets
Once its created, click on it again and verify that its visible to your Location / Organisation.
While we are there, we will link our Domain to our Subnet from the Domains tab, by ticking
the box
44
Subnets
45
Provisioning Templates
Provisioning Templates
One of the changes from the beta version is that now, copies of provisioning templates are
copied to your location and organisation, but they are read only copies. You can see this
from the small padlocks in the Locked Column
This is a nice last minute change (from the beta) as editing one template no longer affects
other orgs.
If you want to change one of them, then you will need to clone it
The two that we require for provisioning are Kickstart default PXELinux and Satellite
Kickstart Default. The later brings in the subscription_manager_registration snippet also
Only one change is required at this point. For both Kickstart default PXELinux and
Satellite Kickstart Default click on them and go to the Association tab and associate them
to the Operating System - in this case RHEL Server 6.5
46
Provisioning Templates
47
Operating systems
Operating systems
Next we configure the Operating Systems. As my Satellite is running RHEL 6.5, the
installation has already created one entry for me, but we need to make the following
changes. Go to
On the first tab, ensure that the Architectures entry has x86_64 ticked
48
Host Groups
Host Groups
Rather than applying settings to an individual host, Satellite 6 uses hostgroups.
Multiple HostGroups can be added and they can also be nested in a hierarchical manner.
Examples
DC North
Applications
Database
PostgSQL
MariaDB
Infrastructure
Online
DC South
Applications
Database
Oracle
Mongo
Infrastructure
Online
Webservers
For example, your DNS servers can be set at the top level (DC North/DC South) where as
mail server settings may be defined lower down the hierarchy
49
Host Groups
50
Defining Host Groups
Host Group
Network
51
Defining Host Groups
Operating System
Parameters - skip
Activation Keys
52
Host Creation
Host Creation
So, finally, we are in a position to get our first host provisioned.
From
Hosts > New Host
Enter the hostname (without the domain name) of your new host. The Organisation and
Location fields should be correct already. Select the Host Group from the dropdown, most
other entries will now auto populate, with the exception of Content Source. Select the
Content Source
Now over on the Network tab, check that the Domain is correct (leave Realm empty) and
paste in the MAC address of the host you are provisioning. (check that IP is auto suggetsed
- if not see troubleshooting section)
Verify that, on the Operating System Tab, that Architecture, Operating system, Media and
Partition table are set and hit Submit
53
Host Creation
Next the post section will run, switching you to VT3 so that you can follow.
54
Host Creation
55
Host Creation
After the full update, the final install will happen, it will install puppet
Finally, once puppet installs, it will configure puppet and inform the Satellite server that it is
built
56
Host Creation
Back on the Satellite Server, under Hosts > All Hosts , you will see the new host initally
has a blue A (Active) next to it. This simply means that puppet has made changes during its
initial run. It will change to a green O (no changes) next time puppet runs -in about 30 mins
time.
Also on the Satellite Server, check the status of the Content Hosts Hosts > Content Hosts
57
Host Creation
58
Troubleshooting
Troubleshooting
Its quite possible, with all the configuration that we have just done, that we missed
something or that a bug (this is a *.0 release after all) has meant that we are unable to
provision.
In this section I will give you a few places to check that have been common issues with my
own Satellite configuration.
59
Locations and Organisations
One of the quickest ways to ensure that everything you need is available in your
Organisation and Location is to go to Manage Organisations in the first menu.
Select your Organisation and scroll down until you see a list on the left of each of the
components. Click on each one and verify that it is in the Selected Items panel
60
Locations and Organisations
61
Capsules / Proxies
Capsules / Proxies
If you are using DHCP / TFTP / DNS proxies, its always worth double-checking your
definitions.
Subnet
Go to you Subnet definition (Infrastructure > Subnets), and make sure that the Capsules
page has the correct entries on it.
Domains
If you are using a DNS proxy, also verify the Domain entry (Infrastructure > Domains) has
the DNS Capsule correctly set
62
Tasks
Tasks
From time to time a task with either get stuck or fail. The steps listed on this upstream
webpage can be very useful to help on these occasions
http://www.katello.org/docs/user_guide/troubleshooting/index.html
63
Next Steps
Next Steps
In the next book in the series, Next Steps with Satellite 6, I will cover
The sister book this one, Getting Started with Satellite 6 Command line is aimed to achieving
the same results as this book but by using only the command line interface, called Hammer
Other Books
Here are details of other books I have planned.
Next Steps with Satellite 6 Command line (sister to the above book, not started)
Doing More with Satellite 6 (not started)
Doing More with Satellite 6 Command line (not started)
64