Suchen

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Appendix C. Building Cloud Images for Red Hat Satellite

download PDF

Use this section to build and register images to Red Hat Satellite.

You can use a preconfigured Red Hat Enterprise Linux KVM guest QCOW2 image:

These images contain cloud-init. To function properly, they must use ec2-compatible metadata services for provisioning an SSH key.

Note

For the KVM guest images:

  • The root account in the image is disabled, but sudo access is granted to a special user named cloud-user.
  • There is no root password set for this image. The root password is locked in /etc/shadow by placing !! in the second field.

If you want to create custom Red Hat Enterprise Linux images, see Composing a customized Red Hat Enterprise Linux 9 Image or Composing a customized Red Hat Enterprise Linux 8 Image.

C.1. Creating Custom Red Hat Enterprise Linux Images

Prerequisites

  • Use a Linux host machine to create an image. In this example, we use a Red Hat Enterprise Linux 7 Workstation.
  • Use virt-manager on your workstation to complete this procedure. If you create the image on a remote server, connect to the server from your workstation with virt-manager.
  • A Red Hat Enterprise Linux 7 or 6 ISO file (see Red Hat Enterprise Linux 7.4 Binary DVD or Red Hat Enterprise Linux 6.9 Binary DVD).

For more information about installing a Red Hat Enterprise Linux Workstation, see Red Hat Enterprise Linux 7 Installation Guide.

Before you can create custom images, install the following packages:

  • Install libvirt, qemu-kvm, and graphical tools:

    # dnf install virt-manager virt-viewer libvirt qemu-kvm
  • Install the following command line tools:

    # dnf install virt-install libguestfs-tools-c
Note

In the following procedures, enter all commands with the [root@host]# prompt on the workstation that hosts the libvirt environment.

C.2. Supported Clients in Registration

Satellite supports the following operating systems and architectures for registration.

Supported Host Operating Systems

The hosts can use the following operating systems:

  • Red Hat Enterprise Linux 9, 8, 7
  • Red Hat Enterprise Linux 6 with the ELS Add-On
Supported Host Architectures

The hosts can use the following architectures:

  • i386
  • x86_64
  • s390x
  • ppc_64

C.3. Configuring a Host for Registration

Configure your host for registration to Satellite Server or Capsule Server.

Prerequisites

Procedure

  • Ensure that a time-synchronization tool is enabled and running on the host.

    • For Red Hat Enterprise Linux 7 and newer:

      # systemctl enable --now chronyd
    • For Red Hat Enterprise Linux 6:

      # chkconfig --add ntpd
      # chkconfig ntpd on
      # service ntpd start

C.4. Registering a Host

You can register a host by using registration templates and set up various integration features and host tools during the registration process.

Prerequisites

  • Your user account has a role assigned that has the create_hosts permission.
  • You must have root privileges on the host that you want to register.
  • Satellite Server, any Capsule Servers, and all hosts must be synchronized with the same NTP server, and have a time synchronization tool enabled and running.
  • An activation key must be available for the host. For more information, see Managing Activation Keys in Managing Content.
  • Optional: If you want to register hosts to Red Hat Insights, you must synchronize the rhel-8-for-x86_64-baseos-rpms and rhel-8-for-x86_64-appstream-rpms repositories and make them available in the activation key that you use. This is required to install the insights-client package on hosts.
  • If you want to use Capsule Servers instead of your Satellite Server, ensure that you have configured your Capsule Servers accordingly. For more information, see Configuring Capsule for Host Registration and Provisioning in Installing Capsule Server.
  • If your Satellite Server or Capsule Server is behind an HTTP proxy, configure the Subscription Manager on your host to use the HTTP proxy for connection. For more information, see How to access Red Hat Subscription Manager (RHSM) through a firewall or proxy in the Red Hat Knowledgebase.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Register Host.
  2. Optional: Select a different Organization.
  3. Optional: Select a different Location.
  4. Optional: From the Host Group list, select the host group to associate the hosts with. Fields that inherit value from Host group: Operating system, Activation Keys and Lifecycle environment.
  5. Optional: From the Operating system list, select the operating system of hosts that you want to register.
  6. Optional: From the Capsule list, select the Capsule to register hosts through.
  7. Optional: Select the Insecure option, if you want to make the first call insecure. During this first call, hosts download the CA file from Satellite. Hosts will use this CA file to connect to Satellite with all future calls making them secure.

    Red Hat recommends that you avoid insecure calls.

    If an attacker, located in the network between Satellite and a host, fetches the CA file from the first insecure call, the attacker will be able to access the content of the API calls to and from the registered host and the JSON Web Tokens (JWT). Therefore, if you have chosen to deploy SSH keys during registration, the attacker will be able to access the host using the SSH key.

    Instead, you can manually copy and install the CA file on each host before registering the host.

    To do this, find where Satellite stores the CA file by navigating to Administer > Settings > Authentication and locating the value of the SSL CA file setting.

    Copy the CA file to the /etc/pki/ca-trust/source/anchors/ directory on hosts and enter the following commands:

    # update-ca-trust enable
    # update-ca-trust

    Then register the hosts with a secure curl command, such as:

    # curl -sS https://satellite.example.com/register ...

    The following is an example of the curl command with the --insecure option:

    # curl -sS --insecure https://satellite.example.com/register ...
  8. Select the Advanced tab.
  9. From the Setup REX list, select whether you want to deploy Satellite SSH keys to hosts or not.

    If set to Yes, public SSH keys will be installed on the registered host. The inherited value is based on the host_registration_remote_execution parameter. It can be inherited, for example from a host group, an operating system, or an organization. When overridden, the selected value will be stored on host parameter level.

  10. From the Setup Insights list, select whether you want to install insights-client and register the hosts to Insights.

    The Insights tool is available for Red Hat Enterprise Linux only. It has no effect on other operating systems.

    You must enable the following repositories on a registered machine:

    • Red Hat Enterprise Linux 6: rhel-6-server-rpms
    • Red Hat Enterprise Linux 7: rhel-7-server-rpms
    • Red Hat Enterprise Linux 8: rhel-8-for-x86_64-appstream-rpms

      The insights-client package is installed by default on Red Hat Enterprise Linux 8 except in environments whereby Red Hat Enterprise Linux 8 was deployed with "Minimal Install" option.

  11. Optional: In the Install packages field, list the packages (separated with spaces) that you want to install on the host upon registration. This can be set by the host_packages parameter.
  12. Optional: Select the Update packages option to update all packages on the host upon registration. This can be set by the host_update_packages parameter.
  13. Optional: In the Repository field, enter a repository to be added before the registration is performed. For example, it can be useful to make the subscription-manager package available for the purpose of the registration. For Red Hat family distributions, enter the URL of the repository, for example http://rpm.example.com/.
  14. Optional: In the Repository GPG key URL field, specify the public key to verify the signatures of GPG-signed packages. It needs to be specified in the ASCII form with the GPG public key header.
  15. Optional: In the Token lifetime (hours) field, change the validity duration of the JSON Web Token (JWT) that Satellite uses for authentication. The duration of this token defines how long the generated curl command works. You can set the duration to 0 – 999 999 hours or unlimited.

    Note that Satellite applies the permissions of the user who generates the curl command to authorization of hosts. If the user loses or gains additional permissions, the permissions of the JWT change too. Therefore, do not delete, block, or change permissions of the user during the token duration.

    The scope of the JWTs is limited to the registration endpoints only and cannot be used anywhere else.

  16. Optional: In the Remote Execution Interface field, enter the identifier of a network interface that hosts must use for the SSH connection. If you keep this field blank, Satellite uses the default network interface.
  17. From the REX pull mode list, select whether you want to deploy Satellite remote execution pull client.

    If set to Yes, the remote execution pull client is installed on the registered host. The inherited value is based on the host_registration_remote_execution_pull parameter. It can be inherited, for example from a host group, an operating system, or an organization. When overridden, the selected value is stored on the host parameter level.

    The registered host must have access to the Red Hat Satellite Client 6 repository.

    For more information about the pull mode, see Transport Modes for Remote Execution in Managing Hosts.

  18. In the Activation Keys field, enter one or more activation keys to assign to hosts.
  19. Optional: Select the Lifecycle environment.
  20. Optional: Select the Ignore errors option if you want to ignore subscription manager errors.
  21. Optional: Select the Force option if you want to remove any katello-ca-consumer rpms before registration and run subscription-manager with the --force argument.
  22. Click the Generate button.
  23. Copy the generated curl command.
  24. On the host that you want to register, run the curl command as root.

C.5. Installing the Katello Agent

You can install the Katello agent to remotely update Satellite clients.

Note

The Katello agent is deprecated and will be removed in a future Satellite version. Migrate your processes to use the remote execution feature to update clients remotely. For more information, see Migrating from Katello Agent to Remote Execution in Managing Hosts.

The katello-agent package depends on the gofer package that provides the goferd service.

Prerequisites

  • You have enabled the Satellite Client 6 repository on Satellite Server. For more information, see Enabling the Satellite Client 6 Repository in Installing Satellite Server in a Connected Network Environment.
  • You have synchronized the Satellite Client 6 repository on Satellite Server. For more information, see Synchronizing the Satellite Client 6 Repository in Installing Satellite Server in a Connected Network Environment.
  • You have enabled the Satellite Client 6 repository on the client.

Procedure

  1. Install the katello-agent package:

    # dnf install katello-agent
  2. Start the goferd service:

    # systemctl start goferd

C.6. Installing and Configuring Puppet Agent Manually

You can install and configure the Puppet agent on a host manually. A configured Puppet agent is required on the host for Puppet integration with your Satellite. For more information about Puppet, see Managing Configurations Using Puppet Integration in Red Hat Satellite.

Prerequisites

  • Puppet must be enabled in your Satellite. For more information, see Enabling Puppet Integration with Satellite in Managing Configurations Using Puppet Integration in Red Hat Satellite.
  • The host must have a Puppet environment assigned to it.
  • The Satellite Client 6 repository must be enabled and synchronized to Satellite Server, and enabled on the host. For more information, see Importing Content in Managing Content.

Procedure

  1. Log in to the host as the root user.
  2. Install the Puppet agent package.

    • On hosts running Red Hat Enterprise Linux 8 and above:

      # dnf install puppet-agent
    • On hosts running Red Hat Enterprise Linux 7 and below:

      # yum install puppet-agent
  3. Add the Puppet agent to PATH in your current shell using the following script:

    . /etc/profile.d/puppet-agent.sh
  4. Configure the Puppet agent. Set the environment parameter to the name of the Puppet environment to which the host belongs:

    # puppet config set server satellite.example.com --section agent
    # puppet config set environment My_Puppet_Environment --section agent
  5. Start the Puppet agent service:

    # puppet resource service puppet ensure=running enable=true
  6. Create a certificate for the host:

    # puppet ssl bootstrap
  7. In the Satellite web UI, navigate to Infrastructure > Capsules.
  8. From the list in the Actions column for the required Capsule Server, select Certificates.
  9. Click Sign to the right of the required host to sign the SSL certificate for the Puppet agent.
  10. On the host, run the Puppet agent again:

    # puppet ssl bootstrap

C.7. Completing the Red Hat Enterprise Linux 7 Image

Procedure

  1. Update the system:

    # yum update
  2. Install the cloud-init packages:

    # yum install cloud-utils-growpart cloud-init
  3. Open the /etc/cloud/cloud.cfg configuration file:

    # vi /etc/cloud/cloud.cfg
  4. Under the heading cloud_init_modules, add:

    - resolv-conf

    The resolv-conf option automatically configures the resolv.conf when an instance boots for the first time. This file contains information related to the instance such as nameservers, domain and other options.

  5. Open the /etc/sysconfig/network file:

    # vi /etc/sysconfig/network
  6. Add the following line to avoid problems accessing the EC2 metadata service:

    NOZEROCONF=yes
  7. Un-register the virtual machine so that the resulting image does not contain the same subscription details for every instance cloned based on it:

    # subscription-manager repos --disable=*
    # subscription-manager unregister
  8. Power off the instance:

    # poweroff
  9. On your Red Hat Enterprise Linux Workstation, connect to the terminal as the root user and navigate to the /var/lib/libvirt/images/ directory:

    # cd /var/lib/libvirt/images/
  10. Reset and clean the image using the virt-sysprep command so it can be used to create instances without issues:

    # virt-sysprep -d rhel7
  11. Reduce image size using the virt-sparsify command. This command converts any free space within the disk image back to free space within the host:

    # virt-sparsify --compress rhel7.qcow2 rhel7-cloud.qcow2

    This creates a new rhel7-cloud.qcow2 file in the location where you enter the command.

C.8. Completing the Red Hat Enterprise Linux 6 Image

Procedure

  1. Update the system:

    # {package-update}
  2. Install the cloud-init packages:

    # dnf install cloud-utils-growpart cloud-init
  3. Edit the /etc/cloud/cloud.cfg configuration file and under cloud_init_modules add:

    - resolv-conf

    The resolv-conf option automatically configures the resolv.conf configuration file when an instance boots for the first time. This file contains information related to the instance such as nameservers, domain, and other options.

  4. To prevent network issues, create the /etc/udev/rules.d/75-persistent-net-generator.rules file as follows:

    # echo "#" > /etc/udev/rules.d/75-persistent-net-generator.rules

    This prevents /etc/udev/rules.d/70-persistent-net.rules file from being created. If /etc/udev/rules.d/70-persistent-net.rules is created, networking might not function properly when booting from snapshots (the network interface is created as "eth1" rather than "eth0" and IP address is not assigned).

  5. Add the following line to /etc/sysconfig/network to avoid problems accessing the EC2 metadata service:

    NOZEROCONF=yes
  6. Un-register the virtual machine so that the resulting image does not contain the same subscription details for every instance cloned based on it:

    # subscription-manager repos --disable=*
    # subscription-manager unregister
    # dnf clean all
  7. Power off the instance:

    # poweroff
  8. On your Red Hat Enterprise Linux Workstation, log in as root and reset and clean the image using the virt-sysprep command so it can be used to create instances without issues:

    # virt-sysprep -d rhel6
  9. Reduce image size using the virt-sparsify command. This command converts any free space within the disk image back to free space within the host:

    # virt-sparsify --compress rhel6.qcow2 rhel6-cloud.qcow2

    This creates a new rhel6-cloud.qcow2 file in the location where you enter the command.

    Note

    You must manually resize the partitions of instances based on the image in accordance with the disk space in the flavor that is applied to the instance.

C.8.1. Next steps

  • Repeat the procedures for every image that you want to provision with Satellite.
  • Move the image to the location where you want to store for future use.

C.9. Next Steps

  • Repeat the procedures for every image that you want to provision with Satellite.
  • Move the image to the location where you want to store for future use.
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.