Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Appendix C. Building Cloud Images for Red Hat Satellite
Use this section to build and register images to Red Hat Satellite.
You can use a preconfigured Red Hat Enterprise Linux KVM guest QCOW2 image:
These images contain cloud-init
. To function properly, they must use ec2-compatible metadata services for provisioning an SSH key.
For the KVM guest images:
-
The
root
account in the image is disabled, butsudo
access is granted to a special user namedcloud-user
. -
There is no
root
password set for this image. Theroot
password is locked in/etc/shadow
by placing!!
in the second field.
If you want to create custom Red Hat Enterprise Linux images, see Composing a customized Red Hat Enterprise Linux 9 Image or Composing a customized Red Hat Enterprise Linux 8 Image.
C.1. Creating Custom Red Hat Enterprise Linux Images
Prerequisites
- Use a Linux host machine to create an image. In this example, we use a Red Hat Enterprise Linux 7 Workstation.
-
Use
virt-manager
on your workstation to complete this procedure. If you create the image on a remote server, connect to the server from your workstation withvirt-manager
. - A Red Hat Enterprise Linux 7 or 6 ISO file (see Red Hat Enterprise Linux 7.4 Binary DVD or Red Hat Enterprise Linux 6.9 Binary DVD).
For more information about installing a Red Hat Enterprise Linux Workstation, see Red Hat Enterprise Linux 7 Installation Guide.
Before you can create custom images, install the following packages:
Install
libvirt
,qemu-kvm
, and graphical tools:# dnf install virt-manager virt-viewer libvirt qemu-kvm
Install the following command line tools:
# dnf install virt-install libguestfs-tools-c
In the following procedures, enter all commands with the [root@host]#
prompt on the workstation that hosts the libvirt
environment.
C.2. Supported Clients in Registration
Satellite supports the following operating systems and architectures for registration.
- Supported Host Operating Systems
The hosts can use the following operating systems:
- Red Hat Enterprise Linux 9, 8, 7
- Red Hat Enterprise Linux 6 with the ELS Add-On
- Supported Host Architectures
The hosts can use the following architectures:
- i386
- x86_64
- s390x
- ppc_64
C.3. Configuring a Host for Registration
Configure your host for registration to Satellite Server or Capsule Server.
Prerequisites
- The host must be using a supported operating system. For more information, see Section C.2, “Supported Clients in Registration”.
Procedure
Ensure that a time-synchronization tool is enabled and running on the host.
For Red Hat Enterprise Linux 7 and newer:
# systemctl enable --now chronyd
For Red Hat Enterprise Linux 6:
# chkconfig --add ntpd # chkconfig ntpd on # service ntpd start
C.4. Registering a Host
You can register a host by using registration templates and set up various integration features and host tools during the registration process.
Prerequisites
-
Your user account has a role assigned that has the
create_hosts
permission. - You must have root privileges on the host that you want to register.
- Satellite Server, any Capsule Servers, and all hosts must be synchronized with the same NTP server, and have a time synchronization tool enabled and running.
- An activation key must be available for the host. For more information, see Managing Activation Keys in Managing Content.
-
Optional: If you want to register hosts to Red Hat Insights, you must synchronize the
rhel-8-for-x86_64-baseos-rpms
andrhel-8-for-x86_64-appstream-rpms
repositories and make them available in the activation key that you use. This is required to install theinsights-client
package on hosts. - If you want to use Capsule Servers instead of your Satellite Server, ensure that you have configured your Capsule Servers accordingly. For more information, see Configuring Capsule for Host Registration and Provisioning in Installing Capsule Server.
- If your Satellite Server or Capsule Server is behind an HTTP proxy, configure the Subscription Manager on your host to use the HTTP proxy for connection. For more information, see How to access Red Hat Subscription Manager (RHSM) through a firewall or proxy in the Red Hat Knowledgebase.
Procedure
- In the Satellite web UI, navigate to Hosts > Register Host.
- Optional: Select a different Organization.
- Optional: Select a different Location.
- Optional: From the Host Group list, select the host group to associate the hosts with. Fields that inherit value from Host group: Operating system, Activation Keys and Lifecycle environment.
- Optional: From the Operating system list, select the operating system of hosts that you want to register.
- Optional: From the Capsule list, select the Capsule to register hosts through.
Optional: Select the Insecure option, if you want to make the first call insecure. During this first call, hosts download the CA file from Satellite. Hosts will use this CA file to connect to Satellite with all future calls making them secure.
Red Hat recommends that you avoid insecure calls.
If an attacker, located in the network between Satellite and a host, fetches the CA file from the first insecure call, the attacker will be able to access the content of the API calls to and from the registered host and the JSON Web Tokens (JWT). Therefore, if you have chosen to deploy SSH keys during registration, the attacker will be able to access the host using the SSH key.
Instead, you can manually copy and install the CA file on each host before registering the host.
To do this, find where Satellite stores the CA file by navigating to Administer > Settings > Authentication and locating the value of the SSL CA file setting.
Copy the CA file to the
/etc/pki/ca-trust/source/anchors/
directory on hosts and enter the following commands:# update-ca-trust enable # update-ca-trust
Then register the hosts with a secure
curl
command, such as:# curl -sS https://satellite.example.com/register ...
The following is an example of the
curl
command with the--insecure
option:# curl -sS --insecure https://satellite.example.com/register ...
- Select the Advanced tab.
From the Setup REX list, select whether you want to deploy Satellite SSH keys to hosts or not.
If set to
Yes
, public SSH keys will be installed on the registered host. The inherited value is based on thehost_registration_remote_execution
parameter. It can be inherited, for example from a host group, an operating system, or an organization. When overridden, the selected value will be stored on host parameter level.From the Setup Insights list, select whether you want to install
insights-client
and register the hosts to Insights.The Insights tool is available for Red Hat Enterprise Linux only. It has no effect on other operating systems.
You must enable the following repositories on a registered machine:
-
Red Hat Enterprise Linux 6:
rhel-6-server-rpms
-
Red Hat Enterprise Linux 7:
rhel-7-server-rpms
Red Hat Enterprise Linux 8:
rhel-8-for-x86_64-appstream-rpms
The
insights-client
package is installed by default on Red Hat Enterprise Linux 8 except in environments whereby Red Hat Enterprise Linux 8 was deployed with "Minimal Install" option.
-
Red Hat Enterprise Linux 6:
-
Optional: In the Install packages field, list the packages (separated with spaces) that you want to install on the host upon registration. This can be set by the
host_packages
parameter. -
Optional: Select the Update packages option to update all packages on the host upon registration. This can be set by the
host_update_packages
parameter. -
Optional: In the Repository field, enter a repository to be added before the registration is performed. For example, it can be useful to make the
subscription-manager
package available for the purpose of the registration. For Red Hat family distributions, enter the URL of the repository, for examplehttp://rpm.example.com/
. - Optional: In the Repository GPG key URL field, specify the public key to verify the signatures of GPG-signed packages. It needs to be specified in the ASCII form with the GPG public key header.
Optional: In the Token lifetime (hours) field, change the validity duration of the JSON Web Token (JWT) that Satellite uses for authentication. The duration of this token defines how long the generated
curl
command works. You can set the duration to 0 – 999 999 hours or unlimited.Note that Satellite applies the permissions of the user who generates the
curl
command to authorization of hosts. If the user loses or gains additional permissions, the permissions of the JWT change too. Therefore, do not delete, block, or change permissions of the user during the token duration.The scope of the JWTs is limited to the registration endpoints only and cannot be used anywhere else.
- Optional: In the Remote Execution Interface field, enter the identifier of a network interface that hosts must use for the SSH connection. If you keep this field blank, Satellite uses the default network interface.
From the REX pull mode list, select whether you want to deploy Satellite remote execution pull client.
If set to
Yes
, the remote execution pull client is installed on the registered host. The inherited value is based on thehost_registration_remote_execution_pull
parameter. It can be inherited, for example from a host group, an operating system, or an organization. When overridden, the selected value is stored on the host parameter level.The registered host must have access to the Red Hat Satellite Client 6 repository.
For more information about the pull mode, see Transport Modes for Remote Execution in Managing Hosts.
- In the Activation Keys field, enter one or more activation keys to assign to hosts.
- Optional: Select the Lifecycle environment.
- Optional: Select the Ignore errors option if you want to ignore subscription manager errors.
-
Optional: Select the Force option if you want to remove any
katello-ca-consumer
rpms before registration and runsubscription-manager
with the--force
argument. - Click the Generate button.
-
Copy the generated
curl
command. -
On the host that you want to register, run the
curl
command asroot
.
C.5. Installing the Katello Agent
You can install the Katello agent to remotely update Satellite clients.
The Katello agent is deprecated and will be removed in a future Satellite version. Migrate your processes to use the remote execution feature to update clients remotely. For more information, see Migrating from Katello Agent to Remote Execution in Managing Hosts.
The katello-agent
package depends on the gofer
package that provides the goferd
service.
Prerequisites
- You have enabled the Satellite Client 6 repository on Satellite Server. For more information, see Enabling the Satellite Client 6 Repository in Installing Satellite Server in a Connected Network Environment.
- You have synchronized the Satellite Client 6 repository on Satellite Server. For more information, see Synchronizing the Satellite Client 6 Repository in Installing Satellite Server in a Connected Network Environment.
- You have enabled the Satellite Client 6 repository on the client.
Procedure
Install the
katello-agent
package:# dnf install katello-agent
Start the
goferd
service:# systemctl start goferd
C.6. Installing and Configuring Puppet Agent Manually
You can install and configure the Puppet agent on a host manually. A configured Puppet agent is required on the host for Puppet integration with your Satellite. For more information about Puppet, see Managing Configurations Using Puppet Integration in Red Hat Satellite.
Prerequisites
- Puppet must be enabled in your Satellite. For more information, see Enabling Puppet Integration with Satellite in Managing Configurations Using Puppet Integration in Red Hat Satellite.
- The host must have a Puppet environment assigned to it.
- The Satellite Client 6 repository must be enabled and synchronized to Satellite Server, and enabled on the host. For more information, see Importing Content in Managing Content.
Procedure
-
Log in to the host as the
root
user. Install the Puppet agent package.
On hosts running Red Hat Enterprise Linux 8 and above:
# dnf install puppet-agent
On hosts running Red Hat Enterprise Linux 7 and below:
# yum install puppet-agent
Add the Puppet agent to
PATH
in your current shell using the following script:. /etc/profile.d/puppet-agent.sh
Configure the Puppet agent. Set the
environment
parameter to the name of the Puppet environment to which the host belongs:# puppet config set server satellite.example.com --section agent # puppet config set environment My_Puppet_Environment --section agent
Start the Puppet agent service:
# puppet resource service puppet ensure=running enable=true
Create a certificate for the host:
# puppet ssl bootstrap
- In the Satellite web UI, navigate to Infrastructure > Capsules.
- From the list in the Actions column for the required Capsule Server, select Certificates.
- Click Sign to the right of the required host to sign the SSL certificate for the Puppet agent.
On the host, run the Puppet agent again:
# puppet ssl bootstrap
C.7. Completing the Red Hat Enterprise Linux 7 Image
Procedure
Update the system:
# yum update
Install the
cloud-init
packages:# yum install cloud-utils-growpart cloud-init
Open the
/etc/cloud/cloud.cfg
configuration file:# vi /etc/cloud/cloud.cfg
Under the heading
cloud_init_modules
, add:- resolv-conf
The
resolv-conf
option automatically configures theresolv.conf
when an instance boots for the first time. This file contains information related to the instance such asnameservers
,domain
and other options.Open the
/etc/sysconfig/network
file:# vi /etc/sysconfig/network
Add the following line to avoid problems accessing the EC2 metadata service:
NOZEROCONF=yes
Un-register the virtual machine so that the resulting image does not contain the same subscription details for every instance cloned based on it:
# subscription-manager repos --disable=* # subscription-manager unregister
Power off the instance:
# poweroff
On your Red Hat Enterprise Linux Workstation, connect to the terminal as the root user and navigate to the
/var/lib/libvirt/images/
directory:# cd /var/lib/libvirt/images/
Reset and clean the image using the
virt-sysprep
command so it can be used to create instances without issues:# virt-sysprep -d rhel7
Reduce image size using the
virt-sparsify
command. This command converts any free space within the disk image back to free space within the host:# virt-sparsify --compress rhel7.qcow2 rhel7-cloud.qcow2
This creates a new
rhel7-cloud.qcow2
file in the location where you enter the command.
C.8. Completing the Red Hat Enterprise Linux 6 Image
Procedure
Update the system:
# {package-update}
Install the
cloud-init
packages:# dnf install cloud-utils-growpart cloud-init
Edit the
/etc/cloud/cloud.cfg
configuration file and undercloud_init_modules
add:- resolv-conf
The
resolv-conf
option automatically configures theresolv.conf
configuration file when an instance boots for the first time. This file contains information related to the instance such asnameservers
,domain
, and other options.To prevent network issues, create the
/etc/udev/rules.d/75-persistent-net-generator.rules
file as follows:# echo "#" > /etc/udev/rules.d/75-persistent-net-generator.rules
This prevents
/etc/udev/rules.d/70-persistent-net.rules
file from being created. If/etc/udev/rules.d/70-persistent-net.rules
is created, networking might not function properly when booting from snapshots (the network interface is created as "eth1" rather than "eth0" and IP address is not assigned).Add the following line to
/etc/sysconfig/network
to avoid problems accessing the EC2 metadata service:NOZEROCONF=yes
Un-register the virtual machine so that the resulting image does not contain the same subscription details for every instance cloned based on it:
# subscription-manager repos --disable=* # subscription-manager unregister # dnf clean all
Power off the instance:
# poweroff
On your Red Hat Enterprise Linux Workstation, log in as root and reset and clean the image using the
virt-sysprep
command so it can be used to create instances without issues:# virt-sysprep -d rhel6
Reduce image size using the
virt-sparsify
command. This command converts any free space within the disk image back to free space within the host:# virt-sparsify --compress rhel6.qcow2 rhel6-cloud.qcow2
This creates a new
rhel6-cloud.qcow2
file in the location where you enter the command.NoteYou must manually resize the partitions of instances based on the image in accordance with the disk space in the flavor that is applied to the instance.
C.8.1. Next steps
- Repeat the procedures for every image that you want to provision with Satellite.
- Move the image to the location where you want to store for future use.
C.9. Next Steps
- Repeat the procedures for every image that you want to provision with Satellite.
- Move the image to the location where you want to store for future use.