Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Installation Guide

Red Hat Satellite 5.8

Configuring, registering, and updating Red Hat Satellite Server

Red Hat Satellite Documentation Team

Abstract

This guide provides requirements and instructions for installation and initial configuration of Red Hat Satellite.

Chapter 1. Introduction
Copy link

This guide provides instructions for a full installation of a Red Hat Satellite server. This includes installation, configuration, connection to Red Hat Subscription Manager, subscription management and content synchronization.

1.1. Red Hat Satellite 5
Copy link

Red Hat Satellite is a system management solution that makes Red Hat infrastructure easier to deploy, scale, and manage across physical and virtual environments. Satellite helps users provision, configure, and update systems to keep them running efficiently, securely, and in compliance with various standards. By automating most system maintenance tasks, Red Hat Satellite helps organizations increase efficiency, reduce operational costs, and better respond to strategic business needs.
Features and Functionality

The popular functionality of Satellite 5 includes the ability to provision a large number of systems using kickstart files and activation keys to install and configure systems to a predictable state. This provisioning process associates systems to designated organizations, software and configuration channels, as well as placing systems in predefined system groups. The Satellite 5 provisioning functionality enables administrators to provision thousands of systems in a consistent manner.

Another popular feature is the ability to manage software and configuration files across large numbers of systems in local or remote environments after those systems have been provisioned. One of the well understood concepts of managing software and configuration files in Satellite 5 is the concept of channels. All software and configuration is managed and distributed through channels, and any client needing access to software or configuration content needs to be associated with one or more relevant channels. Further, the ability to clone channels enabled administrators to create the much needed development-production environments required by most enterprises.
Industry Recognition

Satellite 5 is recognized as a solid platform for managing software and configuration files for a large number of systems. It is also well known for the simplicity and consistency of the provisioning process. The Satellite 5 systems management platform is also well known for delivering the correct versions and updated versions of content to the correct systems in a very structured manner. Administrators can manage the Satellite and systems management processes through the Satellite webUI and also through the Satellite API interfaces.

Red Hat Satellite 5 provides organizations with the benefits of Red Hat Subscription Manager without the need for public Internet access for servers or client systems. This brings together the tools, services, and information repositories needed to maximize the reliability, security, and performance of your systems.

1.2. System Overview
Copy link

Red Hat Satellite consists of the following components:
Red Hat Satellite Core
The core system and entry point for Red Hat Update Agent running on client systems. Red Hat Satellite also includes an Apache HTTP Server, which serves XML-RPC requests.
Red Hat Satellite Web Interface
A user interface for advanced system, system group, user, and channel management. The organization configures access to the Red Hat Satellite web interface from the local area network and, optionally, the Internet too. Red Hat Satellite provides an interface similar to the Red Hat Customer Portal website and allows full control over client systems, system groups, and users.
Database
Red Hat Satellite uses one of the following database types:
  • Embedded Database - The database comes bundled with Red Hat Satellite and is installed on the same machine as the Satellite during the installation process. The included database is PostgreSQL.
  • Managed Database - The database comes bundled with Red Hat Satellite and is installed on a separate machine during the installation process. The included database is PostgreSQL.
  • External Database - An organization's existing database or, preferably, a database contained on a separate machine. Red Hat Satellite supports PostgreSQL, Oracle Database 12c (Standard or Enterprise Edition), Oracle Database 11g (Standard or Enterprise Edition), or Oracle Database 10g Release 2 (Standard or Enterprise Edition) for this database installation type.
RPM Repository
Package repository for Red Hat RPM packages and custom RPM packages identified by the organization.
Management Tools
The Red Hat Satellite Management Tools synchronize the database and package repository with the Red Hat Content Delivery Network. Red Hat Satellite also includes management tools for:
  • Database and file system synchronization
  • Custom RPM and repository imports
  • Channel maintenance (Web-based)
  • Errata management (Web-based)
  • User management (Web-based)
  • Client system and system grouping (Web-based)
Red Hat Update Agent
The Red Hat Update Agent operates on client systems to retrieve updates from the organization's internal Red Hat Satellite. System administrators also schedule these actions through the Red Hat Satellite Web Interface.
When a client requests updates, the organization's internal Red Hat Satellite queries its database, authenticates the client system, identifies updated packages, and sends the requested RPMs back to the client system. The client also installs these packages if set in preferences. The client system can send an updated package profile to the database on the Red Hat Satellite.

Important

Red Hat strongly recommends that clients connected to Red Hat Satellite be running the latest update of Red Hat Enterprise Linux to ensure proper connectivity.
Red Hat Satellite Proxy Server
Use Red Hat Satellite in conjunction with Red Hat Satellite Proxy Server to create a distributed, self-contained Satellite environment for the organization. For example, an organization can maintain one Red Hat Satellite in a secure location while systems in proximity connect to it through local network access. Other remote offices would maintain Satellite Proxy Server installations that connect to the Satellite server. The different locations inside the organization require a networked connection, but this can be a private network; an Internet connection is not required for any of the systems. See the Red Hat Satellite Proxy Installation Guide for more information on installing and configuring Satellite Proxies.
Using Red Hat Satellite and Red Hat Satellite Proxy Server Together
View larger image
Using Red Hat Satellite and Red Hat Satellite Proxy Server Together

Figure 1.1. Using Red Hat Satellite and Red Hat Satellite Proxy Server Together

1.3. Terms to Understand
Copy link

Before using Red Hat Satellite, familiarize yourself with the following terms:
Channel
A Channel is a list of software packages. There are two types of channels: base channels and child channels. A base channel consists of a list of packages based on a specific architecture and Red Hat release. A child channel is a channel associated with a base channel that contains extra packages.
Organization Administrator
An Organization Administrator is a user role with the highest level of control over an organization's Red Hat Network account. Members of this role can add other users, systems, and system groups to the organization as well as remove them. An organization must have at least one Organization Administrator.
Channel Administrator
A Channel Administrator is a user role with full access to channel management capabilities. Users with this role are capable of creating channels, assigning packages to channels, cloning channels, and deleting channels. This role can be assigned by an Organization Administrator through the Users tab of the Red Hat Customer Portal website.
Certificate Authority
A Certificate Authority distributes digital signatures to users as part of public key infrastructure for encrypted authentication and communication.
Traceback
A Traceback is a detailed error message for troubleshooting the Red Hat Satellite. Red Hat Satellite generates Tracebacks automatically when a critical error occurs and mails the individual(s) designated in the Red Hat Satellite configuration file.

1.4. Summary of Steps
Copy link

A functional Red Hat Satellite requires more than installing software and a database. Client systems require configuration to use the Red Hat Satellite. Creation of custom channels for custom packages is also recommended. Since these tasks extend beyond the basic installation, they are covered in greater detail in other guides of the Red Hat Satellite documentation suite.
This section provides a list of all required and recommended steps, from evaluation through custom package deployment. They should take place in the following order:

  1. Obtaining Red Hat Satellite

    1. After an evaluation, contact your Red Hat sales representative to purchase Red Hat Satellite.
    2. Receive login information for the Red Hat Customer Portal from your sales representative.
    3. Log into the Red Hat Customer Portal website (access.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux and Red Hat Satellite. These can be found on the Product Downloads page under DownloadsRed Hat Enterprise Linux and DownloadsRed Hat Satellite.
    4. (Optional) While still logged into the Customer Portal, download the Channel Content ISOs to be served by your Red Hat Satellite. These are also available through the Product Downloads page under DownloadsRed Hat Enterprise LinuxDownloads. These Channel Content ISOs differ from the distribution ISOs previously mentioned in that they contain metadata necessary for parsing and serving packages by Red Hat Satellite.

  2. Preparing for Red Hat Satellite Installation

    1. Check the software, hardware, and standard database requirements. See Chapter 2, Requirements for these requirements.
    2. Create and download a manifest to activate the Satellite server.

  3. Installing Red Hat Satellite

    1. If installing Red Hat Satellite with an Embedded Database, use the following installation scenario: Section 3.1, “Scenario 1: Installing Satellite with Embedded Database”.
    2. If installing Red Hat Satellite with an Managed Database, use the following installation scenario: Section 3.2, “Scenario 2: Installing Satellite with Managed Database”.
    3. If installing Red Hat Satellite with an External Database, use the following installation scenario: Section 3.3, “Scenario 3: Installing Satellite with External Database”.

  4. Initial Use

    1. Open Red Hat Satellite's web interface in a web browser and create the first user account. This is the Administrator account (also referred to as the Organization Administrator).
    2. Finalize Red Hat Satellite with any post-installation steps.
    3. Use the Red Hat Satellite CDN Synchronization Tool to import the channels and associated packages into the Red Hat Satellite.

Chapter 2. Requirements
Copy link

This chapter contains all the requirements for a Red Hat Satellite installation. This includes variations for all database installation types.

2.1. Software Requirements
Copy link

To perform an installation, the following software components must be available:
Base Operating System
Red Hat Satellite 5 requires a Red Hat Enterprise Linux 6 operating system with the latest packages from the @Base package group and no other package-set modifications, third-party configurations, or software not directly necessary for the operation of the server. This restriction includes hardening or other non-Red Hat security software. If such software is required in your infrastructure, first install and verify a complete working Red Hat Satellite first, then create a backup of the system before adding any non-Red Hat software.
Red Hat Satellite 5 also supports installation on Red Hat Enterprise Linux to supported virtualized environments, including:
  • KVM
  • Xen
  • VMware
Performance on virtualized environments will not always equal the same performance of physical hardware. Make sure to consider your virtual environment's performance and implement any recommended tuning guidelines.

Important

Each purchased Satellite product includes one supported instance of Red Hat Enterprise Linux Server. Install Satellite on a fresh installation of Enterprise Linux where Satellite is the only application and service provided by the OS. Using the Red Hat Enterprise Linux OS included with Satellite to run other daemons, applications, or services within your environment is not supported.
Red Hat Satellite Installation Media
Red Hat provides the installation media as a disc or ISO. It contains an Red Hat Satellite Installation Script, which installs all packages required for Red Hat Satellite.

Important

The Red Hat Satellite Installation Script installs packages beyond the @Base package group. The installation script attempts to download and install these packages but prompts you to install the listed packages manually if they are unavailable. In this situation, either:
  • Install these package from your Red Hat Enterprise Linux installation media, or
  • Subscribe the base operating system to the Red Hat Enterprise Linux channel to resolve package dependencies during installation.
The installation ISO lists the packages necessary for installation in the rhelrpms file located in the updates directory.
Channel content
All software packages and data exported for all entitled Red Hat channels. This content is loaded directly on the Red Hat Satellite after installation using the Red Hat Satellite Synchronization Tool.
Perl interpreter
The installer is a Perl script, and so requires a Perl interpreter. To test if a Perl interpreter is already installed, run the command perl --version. If the output includes the text command not found, install a Perl interpreter. 
# yum install perl
Copy to Clipboard Toggle word wrap

2.2. Hardware Requirements
Copy link

This section specifies a Red Hat Satellite server's hardware considerations and requirements for installation.
Depending on the desired use case, a Red Hat Satellite environment might require multiple machines:
  • Red Hat Satellite with Embedded Database - 1 machine
  • Red Hat Satellite with Managed/External Database - 2 machines

2.2.1. x86_64 Hardware Requirements
Copy link

The following list shows the required and recommended hardware configurations on the x86_64 platform for a Red Hat Satellite server:

CPU

  • Required: Intel dual-core processor, 2.4GHz, 512K cache or equivalent
  • Recommended: Intel quad-core processor, 2.4GHz dual processor, 512K cache or equivalent

Memory

  • Required: 4 GB of memory
  • Recommended: 8 GB of memory

Storage

  • 5 GB storage for base installation
  • A minimum of 40 GB storage per software channel (including Base and child channels), in /var/satellite/, configurable at install
  • A minimum of 10 GB storage for cache files stored within /var/cache/rhn. See Section 2.4.5, “Caching” for more information.
  • Strongly Recommended: A SCSI drive connected to a level 5 RAID

Database

  • See Section 2.3.1, “Database Sizing” for standard database requirements.
  • Embedded Database: A minimum of 12 GB storage for the database repository in the /var/opt/rh/rh-postgresql95/lib/pgsql/data partition on the Satellite host. This partition must be local storage only.

    Important

    Due to an updated version of the PostgreSQL Embedded Database, the database location has changed to /var/opt/rh/rh-postgresql95/lib/pgsql/data in Red Hat Satellite 5.8. Make sure to allocate enough hard disk space to this location.
  • Managed Database: A minimum of 12 GB storage for the database repository in the /var/opt/rh/rh-postgresql95/lib/pgsql/data partition on the Managed Database host. This partition must be local storage only. The instructions for installing this database are a part of the Managed Database installation scenario (See Section 3.2.2, “Mounting the Installation Media”).
  • External Database: See Section 3.3.1, “External Database Requirements”.

Backup

  • A separate partition (or better, a separate set of physical disks) for storing backups, which can be any directory specifiable at backup time
  • An external SAN for more reliable backups

2.2.2. s/390x Hardware Requirements
Copy link

The following list shows the required and recommended hardware configurations on the s/390x mainframe platform for a Red Hat Satellite server:

CPU

  • Required: 1 IFL, either in LPAR configuration or shared through z/VM
  • Recommended: 2 or more IFLs on z9 or earlier, 1 or more IFL on z10

Memory

  • Required: 4 GB of memory
  • Recommended: 8 GB of memory

Storage

  • Required:
    • 1 GB swap on ECKD DASD
    • 1xMod3 ECKD DASD or ≥ 2 GB FCP SCSI LUN for base installation
    • A minimum of 40 GB storage per software channel (including Base and child channels), in /var/satellite/, configurable at install
    • A minimum of 10 GB storage for cache files stored within /var/cache/rhn. See Section 2.4.5, “Caching” for more information.
  • Recommended:
    • 512 MB swap on VDISK + 1 GB swap on ECKD DASD
    • 1xMod9 ECKD DASD or ≥ 2 GB multipathed FCP SCSI LUN for base installation
    • A minimum of 40 GB storage per software channel (including Base and child channels), in /var/satellite/, configurable at install
    • A minimum of 10 GB storage for cache files stored within /var/cache/rhn. See Section 2.4.5, “Caching” for more information.

Database

  • See Section 2.3.1, “Database Sizing” for standard database requirements.
  • Embedded Database: A minimum of 12 GB storage for the database repository in the /var/opt/rh/rh-postgresql95/lib/pgsql/data partition. This partition must be local storage only.

    Important

    Due to an updated version of the PostgreSQL Embedded Database, the database location has changed to /var/opt/rh/rh-postgresql95/lib/pgsql/data in Red Hat Satellite 5.8. Make sure to allocate enough hard disk space to this location.
  • Managed Database: A minimum of 12 GB storage for the database repository in the /var/opt/rh/rh-postgresql95/lib/pgsql/data partition on the Managed Database host. This partition must be local storage only. The instructions for installing this database are a part of the Managed Database installation scenario (See Section 3.2.2, “Mounting the Installation Media”).
  • External Database: See Section 3.3.1, “External Database Requirements”.

Other

  • z/VM 5.3 or later for kickstart and provisioning of guests.
  • VSWITCH or HiperSocket LAN for high speed connections to guests

2.3. General Database Requirements
Copy link

The following section contains database requirements applicable to all installation scenarios.

2.3.1. Database Sizing
Copy link

A single 12 GB tablespace is recommended for most installations, although many customers will find it possible to function with a smaller tablespace. Use the following formula to determine the required size of your database:
  • 250 KiB per client system
  • 500 KiB per channel, plus 230 KiB per package in the channel (so a channel with 5000 packages would require 1.1 Gib)
For example, a Red Hat Satellite serving 10,000 systems with four channels each containing 12,000 packages would require 2.5 GiB for its clients and 11 GiB for its channels. If establishing custom channels for testing and staging of packages, include them in this formula.
Keep in mind that the database storage needs may grow rapidly, depending upon the variance of the following factors:
  • The number of public Red Hat packages imported (typical: 5000)
  • The number of private packages to be managed (typical: 500)
  • The number of systems to be managed (typical: 1000)
  • The number of packages installed on the average system (typical: 500)
Be generous in database sizing estimates but also consider that size affects the time to conduct backups and adds load to other system resources. If the database is shared, hardware and spacing are entirely dependent on what else is using it.
Ensure block sizes are a minimum of 8 KB for Red Hat Satellite to install properly.
Ensure also the partition containing /var/opt/rh/rh-postgresql95/lib/pgsql/data contains an amount of free space equal to the tablespace size. This free space is used for the db-control restore command. For example, ensure 12 GB of free space exists for a 12 GB tablespace.

Important

Due to an updated version of the PostgreSQL Embedded Database, the database location has changed to /var/opt/rh/rh-postgresql95/lib/pgsql/data in Red Hat Satellite 5.8. Make sure to allocate enough hard disk space to this location.

2.3.2. Database Partitioning
Copy link

A mounted database partition provides various benefits such as scaling storage to accomodate a growing database, easy backup and transfer through replication, and encryption for added security.
To set up a database partition mount point, follow this procedure prior to installation.

Procedure 2.1. Creating and Mounting a Database Partition

  1. Log in to the database server as root. For Embedded Databases, this is the same server as the Red Hat Satellite.
  2. Create the postgres user. 
    # useradd -d /var/lib/pgsql -M -r -s /bin/bash -U postgres
    Copy to Clipboard Toggle word wrap
  3. Add the mount point in /etc/fstab. For example: 
    UUID="xxxxxxxx-xxxx-xxxx" /var/opt/rh/rh-postgresql95/lib/pgsql/data  ext4  defaults  0 0
    Copy to Clipboard Toggle word wrap

    Important

    Red Hat does not support storing the database on a network filesystem.
  4. Mount the partition to /var/opt/rh/rh-postgresql95/lib/pgsql/data and change ownership to postgres:postgres: 
    # mkdir -p /var/opt/rh/rh-postgresql95/lib/pgsql/data
# mount /var/opt/rh/rh-postgresql95/lib/pgsql/data
# chown postgres:postgres /var/opt/rh/rh-postgresql95/lib/pgsql/data
# chmod 700 /var/opt/rh/rh-postgresql95/lib/pgsql/data
# restorecon -Rv /var/opt/rh/rh-postgresql95/lib/pgsql/data
    Copy to Clipboard Toggle word wrap
The Red Hat Satellite Installation Script will install the database to the partition mounted at /var/opt/rh/rh-postgresql95/lib/pgsql/data.

Important

Due to an updated version of the PostgreSQL Embedded Database, the database location has changed to /var/opt/rh/rh-postgresql95/lib/pgsql/data in Red Hat Satellite 5.8. Make sure to allocate enough hard disk space to this location.

2.4. Additional Requirements
Copy link

Red Hat Satellite has some additional considerations before installation. These additional requirements must be met before starting the Satellite installation.

2.4.1. Firewall
Copy link

Protect your Red Hat Satellite environment with a firewall by blocking all unnecessary and unused ports.
The following table provides a list of port requirements for Red Hat Satellite.
Expand
Table 2.1. Ports to open on the Red Hat Satellite Server
Port Protocol Direction Reason
67 TCP/UDP Inbound Open this port to configure the Red Hat Satellite as a DHCP server for systems requesting IP addresses.
69 TCP/UDP Inbound Open this port to configure Red Hat Satellite as a PXE server and allow installation and re-installation of PXE-boot enabled systems.
80 TCP Inbound Web UI and client requests come in via HTTP.
443 TCP Inbound Web UI and client requests come in via HTTPS.
443 TCP Outbound Red Hat Satellite uses this port to reach Red Hat Subscription Manager (unless running in a disconnected mode for Satellite).
4545 TCP Inbound and Outbound Red Hat Satellite Monitoring makes connections to rhnmd running on client systems, if Monitoring is enabled and probes are configured for registered systems.
5222 TCP Inbound This port pushes actions to client systems.
5269 TCP Inbound and Outbound This port pushes actions to Red Hat Proxy Server.
5432 TCP Inbound and Outbound This is a requirement for communication with a PostgreSQL database server if using an External Database or Managed Database.
Open your firewall to the following hosts for access to Red Hat's Content Delivery Network (CDN):
  • subscription.rhsm.redhat.com
  • cdn.redhat.com
  • cert-api.access.redhat.com (if using Red Hat Insights)
  • api.access.redhat.com (if using Red Hat Insights)

2.4.2. File Permissions
Copy link

The umask command sets file permissions mask for new files. This helps secure the file permissions for new files created on a system. Users with a restrictive umask value might experience problems with installation and operation of Red Hat Satellite. Use the recommended umask value of 022.

2.4.3. SELinux Policy
Copy link

SELinux is a set of secure software policies that implement mandatory access control to Red Hat Enterprise Linux and other operating systems. Red Hat Satellite supports SELinux targeted policy in enforcing or permissive mode on Red Hat Enterprise Linux 5 and 6.

2.4.4. Bandwidth
Copy link

Network bandwith is important for communication among Satellites, Proxies, and Clients. To accomodate high volume traffic, Red Hat recommends a high bandwidth on a network capable of delivering packages to many systems and clients. As a guide, Red Hat provides a set of estimates for package transfer from one system to another over various speeds.
Expand
Table 2.2. Bandwidth estimates
Single Package (10Mb)
Minor Release (750Mb)
Major Release (6Gb)
256Kbps
5 Mins 27 Secs
6 Hrs 49 Mins 36 Secs
2 Days 7 Hrs 55 Mins
512Kbps
2 Mins 43.84 Secs
3 Hrs 24 Mins 48 Secs
1 Day 3 Hrs 57 Mins
T1 (1.5Mbps)
54.33 Secs
1 Hr 7 Mins 54.78 Secs
9 Hrs 16 Mins 20.57 Secs
10Mbps
8.39 Secs
10 Mins 29.15 Secs
1 Hr 25 Mins 53.96 Secs
100Mbps
0.84 Secs
1 Min 2.91 Secs
8 Mins 35.4 Secs
1000Mbps
0.08 Secs
6.29 Secs
51.54 Secs
Red Hat recommends at least a 100Mbps network speed for minor and major releases. This avoids timeouts for transfers longer than 10 minutes. All speeds are relative to your network setup.

2.4.5. Caching
Copy link

Beyond the space needed for the Red Hat Enterprise Linux installation and /var/satellite/, Red Hat Satellite requires space to generate cache files. These cache files are constantly regenerated as they become needed, even if the cache files are deleted. These cache files are stored within /var/cache/rhn, and the storage needs of this directory depend on the following factors:
  • How many channels you synchronize or import from Red Hat or Channel dumps.
  • How many custom packages and channels you have.
  • Whether or not you are using Red Hat Satellite Synchronization.
Provide at least 10 GB of space for /var/cache/rhn/ on a Red Hat Satellite server. For very large environments with numerous channels, packages, and using Inter Satellite Sync, usage can grow to as much as 100 GB of space for cache files in /var/cache/rhn.

2.4.6. Synchronized System Times
Copy link

The time settings on the server and clients need to be synchronized so the SSL certificate does not expire before or during use. Red Hat requires the Red Hat Satellite and all client systems to use Network Time Protocol (NTP). This also applies to the separate database machine in Red Hat Satellite with External Database or Managed Database, which must also be set to the same time zone as the Red Hat Satellite.

2.4.7. Setting System Language and Locale
Copy link

Set the UTF-8 encoding for your language and locale on your Red Hat Satellite system via the /etc/sysconfig/i18n file. The LANG setting in the file must be in the following format: 
LANG="[language_TERRITORY].UTF-8"
Copy to Clipboard Toggle word wrap
The language and TERRITORY are entered as two-letter codes. For example if your language is English and your locale is the United States, you set your LANG setting to en_US.UTF-8.

2.4.8. Fully Qualified Domain Name (FQDN)
Copy link

Red Hat Satellite requires the installation to resolve its own FQDN properly. If this is not the case, cookies will not work properly on the web interface.

Important

It is important that the hostname of a Red Hat Satellite contains no uppercase letters. A hostname that includes uppercase letters can cause Satellite Proxy communications (through jabberd) to fail.
Section 12.3, “Changing the Red Hat Satellite Hostname” contains instructions if you change your Red Hat Satellite hostname in the future.

2.4.9. Functioning Domain Name Service (DNS)
Copy link

Ensure all clients resolve Red Hat Satellite's domain name. All systems, both servers and clients, require connection to a working DNS server in the Satellite environment.

2.4.10. Red Hat Network Account
Copy link

Customers aiming to connect with central Red Hat Network servers to receive incremental updates require an external account with Red Hat Network. This account is set up at the time of purchase with the sales representative.

Warning

Do not subscribe your Red Hat Satellite to any of the following child channels:
  • Red Hat Enterprise Linux - Optional Packages
  • Red Hat Enterprise Linux - Supplementary Packages
  • Red Hat Developer Suite
  • Red Hat Application Server
  • Red Hat Extras
  • JBoss product channels
Subscribing to these channels and updating Red Hat Satellite might install incompatible versions of critical software components, causing Red Hat Satellite to fail. Make sure to subscribe Red Hat Satellite to only the Red Hat Network Tools channel.

2.4.11. Backups of Login Information
Copy link

It is imperative that customers keep track of all primary login information. For Red Hat Satellite, this includes usernames and passwords for the Organization Administrator account on access.redhat.com, the primary administrator account on the Red Hat Satellite itself, SSL certificate generation, and database connection (which also requires an SID, or net service name). Red Hat strongly recommends you copy this information to removable storage media, print out on paper, and store in a fireproof safe.

2.4.12. Channel Content ISOs
Copy link

An Internet connection is not required for Red Hat Satellites running in completely disconnected environments. This feature instead uses Channel Content ISOs to synchronize Red Hat Satellite with the central Red Hat Network Servers. All other Red Hat Satellites should synchronize directly over the Internet.

2.4.13. Service Access
Copy link

No system components should be directly, publicly available. No user, other than the system administrators, should have shell access to these machines.
All unnecessary services should be disabled using ntsysv or chkconfig.
The following services should be enabled.
  • jabberd
  • postgresql (for Embedded Database Installation)
  • tomcat6 (for installation on Red Hat Enterprise Linux 6)
  • httpd
  • osa-dispatcher
  • Monitoring
  • MonitoringScout
  • rhn-search
  • cobblerd
  • taskomatic
If Red Hat Satellite serves Monitoring-entitled systems and you wish to acknowledge via email the alert notifications you receive, configure sendmail or postfix to properly handle incoming mail.

Chapter 3. Installation Scenarios
Copy link

This scenario details the steps for an Embedded Database Installation. You would use an Embedded Database Installation to contain the whole Red Hat Satellite infrastructure within a single host.
This scenario only requires a single host with Red Hat Enterprise Linux 6 installed as the operating system.

3.1.1. Downloading the Installation Media
Copy link

The Satellite 5.8 installation media is available for download from the Red Hat Customer Portal in ISO format.

Procedure 3.1. Download the Installation Media

  1. Log on to the Customer Portal.
  2. Click Downloads.
  3. Click Red Hat Satellite.
  4. Select 5.8 for RHEL 6 from the Versions drop-down list.
  5. Select x86_64 or s390x from the Architecture list.
  6. Download the Red Hat Satellite 5.8 Binary DVD.
  7. Depending on your preferred installation source, either copy the DVD ISO image to the Satellite host, or burn it to DVD media.
    1. If you will be mounting the ISO image and running the installation program from there, copy the ISO image to the Satellite host. 
      # scp satellite.iso root@hostname:/root
      Copy to Clipboard Toggle word wrap

      Note

      If you will be installing a Managed DB instance, also copy the ISO image to that host.
    2. If you will be mounting a DVD and running the installation program from there, burn the DVD ISO image to DVD media.

3.1.2. Mounting the Installation Media
Copy link

Mount the disc or ISO image on the server chosen to host Red Hat Satellite.

Procedure 3.2. Mounting from a disc

  1. Log into the machine as root.
  2. Insert the Red Hat Satellite Server CD or DVD containing the installation files.
  3. Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the /media/cdrom/ directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the /media/cdrom/ directory with the following command: 
    # mkdir /media/cdrom
# mount /dev/cdrom /media/cdrom
    Copy to Clipboard Toggle word wrap

Procedure 3.3. Mounting from an ISO image

  1. Log into the host as root.
  2. Mount the ISO image to a location on your filesystem: 
    # mkdir /media/cdrom
# mount -o loop iso_filename /media/cdrom
    Copy to Clipboard Toggle word wrap
The installation media is mounted at /media/cdrom/. Use this location to access the Red Hat Satellite installation program.

3.1.3. Generating a Manifest
Copy link

In previous versions of Red Hat Satellite 5, details of product subscriptions and content repositories were contained in a Satellite Certificate. You downloaded the certificate from the Red Hat Customer Portal and imported it into Satellite. From Satellite 5.8, all content and subscriptions are hosted by the Red Hat Content Delivery Network (CDN), replacing Red Hat Network.
The Red Hat Customer Portal enables you to group subscriptions into multiple subscription allocations. The Red Hat CDN uses a Subscription Manifest, instead of the certificate. A Subscription Manifest is an exported file that lists the subscriptions in one subscription allocation.

Note

If you are installing multiple instances of Satellite 5.8, ensure you divide the available subscriptions amongst the individual subscription allocations. For example, if you intend running two instances of Satellite 5.8, you might divide the subscriptions equally between the two subscription allocations.

Procedure 3.4. Generate New Satellite 5.8 Manifest

  1. Log on to the Customer Portal and navigate to Subscriptions in the upper-left corner.
  2. Navigate to Subscription Allocations.
  3. Click New subscription allocation.
  4. Enter a name in the Name field, select Satellite 5.8 from the Type drop-down list, and click Create.
  5. Navigate to the Subscription tab and click Add subscriptions.
  6. For each product to be attached to the manifest, specify the desired quantity in the Entitlements field, and click Submit. It may take several minutes for the subscriptions to be attached.
  7. Click Export Manifest and save the manifest file locally.
  8. Log out of the Customer Portal.
  9. Access the terminal on the host to which the manifest file was downloaded.
    If the Satellite server is available via the network, copy the manifest file to the Satellite host. In this example, the file is copied to the /root directory. 
    # scp manifest_file.zip root@satellite.example.com:/root
    Copy to Clipboard Toggle word wrap
    If the Satellite server is disconnected, copy the manifest file to portable media, and on the Satellite server, copy the manifest file from the portable media.

Note

  • This section only applies to networks behind a HTTP proxy.
  • Satellite does not support NTLM as a HTTP access authentication method. Only Basic access authentication, and Digest access authentication methods are supported.
The registration of the Red Hat Enterprise Linux host requires communication between itself and the Red Hat Content Delivery Network. If there is an HTTP proxy between these two, Subscription Manager must be configured with the proxy server's details, and credentials.
Edit the configuration file /etc/rhsm/rhsm.conf, and edit the following lines, adding details of the HTTP proxy, and credentials. 
proxy_hostname = proxy_hostname
proxy_port = proxy_port
proxy_user = proxy_user
proxy_password = proxy_password
Copy to Clipboard Toggle word wrap
Registering the host to the Red Hat Content Delivery Network entitles it to content available via subscriptions. This includes content such as Red Hat Enterprise Linux, Red Hat Software Collections (RHSCL), and Red Hat Satellite.
Register your system with the Red Hat Content Delivery Network, entering your Customer Portal user name and password when prompted: 
# subscription-manager register
Copy to Clipboard Toggle word wrap
The command displays output similar to the following: 
The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
Copy to Clipboard Toggle word wrap

3.1.6. Activating the Satellite Repositories
Copy link

Installation of Red Hat Satellite 5.8 requires specific repositories to be enabled. The list of available repositories is determined by the subscription attached to the host. The following instructions detail how to identify and attach the required subscription, also which repositories must be enabled.

Procedure 3.5. Activate the Satellite Repositories

  1. List all available subscriptions, and identify the Red Hat Satellite 5 subscription.
    The list of available subscriptions may be long, but if you pipe the output into a pager utility, such as less or more, you can read the output one screenful at a time. 
    # subscription-manager list --all --available | less
    Copy to Clipboard Toggle word wrap
    Note the Pool ID as this is required to attach the subscription.
  2. Attach the subscription to the host. 
    # subscription-manager attach --pool=pool_id
    Copy to Clipboard Toggle word wrap
    The output should be similar to the following: 
    Successfully attached a subscription for: Red Hat Satellite
    Copy to Clipboard Toggle word wrap
  3. Disable all repositories. 
    # subscription-manager repos --disable "*"
    Copy to Clipboard Toggle word wrap
  4. Enable the Red Hat Enterprise Linux 6 repository. The Red Hat Satellite 5.8 repository will be enabled automatically by the installation program.
    For ⁠AMD64 and Intel 64 
    # subscription-manager repos --enable=rhel-6-server-rpms
    Copy to Clipboard Toggle word wrap
    For IBM System z 
    # subscription-manager repos --enable=rhel-6-for-system-z-rpms
    Copy to Clipboard Toggle word wrap

3.1.7. Running the Installation Program
Copy link

The following procedure starts the installation program for Red Hat Satellite with an Embedded Database. Ensure you complete this procedure as the root user.

Warning

The installation program updates the kernel and all required packages.

Procedure 3.6. Running Installation Program

  1. Run the installation program from the /media/cdrom/ directory: 
    # ./install.pl
    Copy to Clipboard Toggle word wrap
    The installation program first verifies the requirements in Chapter 2, Requirements are met before proceeding. 
    * Starting the Red Hat Satellite installer.
* Performing pre-install checks.
* Pre-install checks complete.  Beginning installation.
    Copy to Clipboard Toggle word wrap
  2. The script performs host registration with Red Hat Subscription Manager (if not already done), installs and updates all required packages, and populates the database on the Managed Database Host.
    If the installation program prompts with the question, "Do you want the installer to resolve dependencies [y/N]?", reply y (Yes). 
    * RHSM Registration.
** Registration: System is already registered with RHSM.  Not re-registering.
* RHSM Subscriptions.
** Subscriptions: Subscription providing 'Red Hat Satellite' already attached.
** Subscriptions: Subscription providing 'Red Hat Enterprise Linux Server' already attached.
** Subscriptions: Disabling all RHSM repositories (rhel-6-server-rpms).
** Subscriptions: All repositories disabled.
** Subscriptions: Enabling RHEL repository.
** Subscriptions: RHEL repository enabled.
* Checking for uninstalled prerequisites.
** Checking if yum is available ...
There are some packages from Red Hat Enterprise Linux that are not part
of the @base group that Satellite will require to be installed on this
system. The installer will try resolve the dependencies automatically.
However, you may want to install these prerequisites manually.
Do you want the installer to resolve dependencies [y/N]? y
* Installing Satellite packages.
Warning: yum did not install the following packages:
	libXt
* Now running spacewalk-setup.
* Setting up SELinux..
** Database: Setting up database connection for PostgreSQL backend.
Database "rhnschema" does not exist
** Database: Installing the database:
** Database: This is a long process that is logged in:
** Database:   /var/log/rhn/install_db.log
*** Progress: #
** Database: Installation complete.
** Database: Populating database.
*** Progress: ###########################
    Copy to Clipboard Toggle word wrap

3.1.8. Configuring the Satellite
Copy link

The Installation Script performs some basic configuration tasks on your Red Hat Satellite environment.
The Red Hat Satellite Installer downloads and installs the Red Hat GPG key and sets up the /root/.gnupg/ directory, if required. 
* Configuring tomcat.
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
Copy to Clipboard Toggle word wrap
At the prompt, enter the email address to which you would like notifications from Red Hat Satellite to be sent. Due to the large volume of emails, choose a general email address rather than the address of an individual. 
You must enter an email address.
Admin Email Address? admin@example.com
* Performing initial configuration.
Copy to Clipboard Toggle word wrap
To activate Red Hat Satellite, provide the location of your manifest file, downloaded in Section 3.1.3, “Generating a Manifest”. 
* Activating Red Hat Satellite.
Where is your satellite manifest file? /path/manifest_file.zip
** Loading Red Hat Satellite Manifest.
** Verifying manifest locally.
** Activating Red Hat Satellite.
Copy to Clipboard Toggle word wrap
The next step is to create a CA certificate for SSL access. Answer y to the Apache SSL configuration question, then answer the CA certificate questions.
CA cert
Enter a password for the certificate.
Organization
Enter the name of your organization.
Organization Unit
Enter the name of your department within your organization.
Email Address
Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
City
Enter your city.
State
Enter your state.
Country
Enter your country. The country code must be exactly two letters, or the certificate generation fails. Type ? to see a list of country codes. 
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? 
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password? 
Re-enter CA certificate password? 
Organization? Red Hat
Organization Unit [satellite.example.com]? Sales
Email Address [admin@example.com]? admin@example.com
City? Raleigh
State? NC
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
Copy to Clipboard Toggle word wrap
After the CA certificate is created, you are asked if you want to enable the services required by Cobbler. If you will be using PXE provisioning functionality, reply y. 
* Setting up Cobbler..
cobblerd does not appear to be running/accessible
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
Copy to Clipboard Toggle word wrap
After Cobbler is configured, the installation script restarts the associated services. 
* Restarting services.
Installation complete.
Visit https://satellite.example.com to create the Red Hat Satellite administrator account.
Copy to Clipboard Toggle word wrap
If you will be using Cobbler for provisioning hosts, grant Cobbler write access to the /tftpboot directory. 
setsebool -P cobbler_anon_write on
Copy to Clipboard Toggle word wrap
The Red Hat Satellite installation is now complete. Continue with the instructions in Chapter 4, Configuration.

Note

As an additional post-installation measure, perform a package update on the Satellite 5 server to ensure you are using the latest packages. For more information, see Section 12.2, “Performing Critical Updates to the Server”.
This scenario details the steps for a Managed Database Installation. You would use a Managed Database Installation to create a federated Red Hat Satellite infrastructure with the database separate from the Satellite server. The Managed Database also contains basic Satellite administration tools to maintain the database.
This scenario requires two hosts with Red Hat Enterprise Linux 6 installed as the operating system:
  • One host for the Satellite Server
  • One host for the Managed Database
The Satellite 5.8 installation program must be run on both the Satellite host and the Managed DB host. On the Managed DB host, the installation program installs the Satellite database prerequisites. On the Satellite host, it installs the Satellite application, and connects to the Managed DB host to create the Satellite database. The Managed DB must be installed first, and be available for the duration of the Satellite host's installation.

3.2.1. Downloading the Installation Media
Copy link

The Satellite 5.8 installation media is available for download from the Red Hat Customer Portal in ISO format.

Procedure 3.7. Download the Installation Media

  1. Log on to the Customer Portal.
  2. Click Downloads.
  3. Click Red Hat Satellite.
  4. Select 5.8 for RHEL 6 from the Versions drop-down list.
  5. Select x86_64 or s390x from the Architecture list.
  6. Download the Red Hat Satellite 5.8 Binary DVD.
  7. Depending on your preferred installation source, either copy the DVD ISO image to the Satellite host, or burn it to DVD media.
    1. If you will be mounting the ISO image and running the installation program from there, copy the ISO image to both the Satellite host and the Managed DB host. 
      # scp satellite.iso root@satellite_hostname:/root
# scp satellite.iso root@manageddb_hostname:/root
      Copy to Clipboard Toggle word wrap
    2. If you will be mounting a DVD and running the installation program from there, burn the DVD ISO image to DVD media.

3.2.2. Mounting the Installation Media
Copy link

Mount the disc or ISO image on the Satellite host and the Managed DB host.

Procedure 3.8. Mounting from a disc

  1. Log into the machine as root.
  2. Insert the Red Hat Satellite Server CD or DVD containing the installation files.
  3. Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the /media/cdrom/ directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the /media/cdrom/ directory with the following command: 
    # mkdir /media/cdrom
# mount /dev/cdrom /media/cdrom
    Copy to Clipboard Toggle word wrap

Procedure 3.9. Mounting from an ISO image

  1. Log into the host as root.
  2. Mount the ISO image to a location on your filesystem: 
    # mkdir /media/cdrom
# mount -o loop iso_filename /media/cdrom
    Copy to Clipboard Toggle word wrap
The installation media is mounted at /media/cdrom/. Use this location to access the Red Hat Satellite installation program.

3.2.3. Generating a Manifest
Copy link

In previous versions of Red Hat Satellite 5, details of product subscriptions and content repositories were contained in a Satellite Certificate. You downloaded the certificate from the Red Hat Customer Portal and imported it into Satellite. From Satellite 5.8, all content and subscriptions are hosted by the Red Hat Content Delivery Network (CDN), replacing Red Hat Network.
The Red Hat Customer Portal enables you to group subscriptions into multiple subscription allocations. The Red Hat CDN uses a Subscription Manifest, instead of the certificate. A Subscription Manifest is an exported file that lists the subscriptions in one subscription allocation.

Note

If you are installing multiple instances of Satellite 5.8, ensure you divide the available subscriptions amongst the individual subscription allocations. For example, if you intend running two instances of Satellite 5.8, you might divide the subscriptions equally between the two subscription allocations.

Procedure 3.10. Generate New Satellite 5.8 Manifest

  1. Log on to the Customer Portal and navigate to Subscriptions in the upper-left corner.
  2. Navigate to Subscription Allocations.
  3. Click New subscription allocation.
  4. Enter a name in the Name field, select Satellite 5.8 from the Type drop-down list, and click Create.
  5. Navigate to the Subscription tab and click Add subscriptions.
  6. For each product to be attached to the manifest, specify the desired quantity in the Entitlements field, and click Submit. It may take several minutes for the subscriptions to be attached.
  7. Click Export Manifest and save the manifest file locally.
  8. Log out of the Customer Portal.
  9. Access the shell prompt on the host to which the manifest file was downloaded.
    Copy the manifest file to the Satellite host. In this example, the file is copied to the /root directory. 
    # scp manifest_file.zip root@satellite.example.com:/root
    Copy to Clipboard Toggle word wrap

Note

  • This section only applies to networks behind a HTTP proxy.
  • Satellite does not support NTLM as a HTTP access authentication method. Only Basic access authentication, and Digest access authentication methods are supported.
The registration of the Red Hat Enterprise Linux host requires communication between itself and the Red Hat Content Delivery Network. If there is an HTTP proxy between these two, Subscription Manager must be configured with the proxy server's details, and credentials. These changes apply to both the Satellite host and the Managed DB host.
Edit the configuration file /etc/rhsm/rhsm.conf, and edit the following lines, adding details of the HTTP proxy, and credentials. 
proxy_hostname = proxy_hostname
proxy_port = proxy_port
proxy_user = proxy_user
proxy_password = proxy_password
Copy to Clipboard Toggle word wrap
Registering the host to the Red Hat Content Delivery Network entitles it to content available via subscriptions. This includes content such as Red Hat Enterprise Linux, Red Hat Software Collections (RHSCL), and Red Hat Satellite.

Note

Complete this procedure on both the Satellite host and the Managed DB host.
Register your system with the Red Hat Content Delivery Network, entering your Customer Portal user name and password when prompted: 
# subscription-manager register
Copy to Clipboard Toggle word wrap
The command displays output similar to the following: 
The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
Copy to Clipboard Toggle word wrap

3.2.6. Activating the Satellite Repositories
Copy link

Installation of Red Hat Satellite 5.8 requires specific repositories to be enabled. The list of available repositories is determined by the subscription attached to the host. The following instructions detail how to identify and attach the required subscription, also which repositories must be enabled.

Note

Complete this procedure on both the Satellite host and the Managed DB host.

Procedure 3.11. Activate the Satellite Repositories

  1. List all available subscriptions, and identify the Red Hat Satellite 5 subscription.
    The list of available subscriptions may be long, but if you pipe the output into a pager utility, such as less or more, you can read the output one screenful at a time. 
    # subscription-manager list --all --available | less
    Copy to Clipboard Toggle word wrap
    Note the Pool ID as this is required to attach the subscription.
  2. Attach the subscription to the host. 
    # subscription-manager attach --pool=pool_id
    Copy to Clipboard Toggle word wrap
    The output should be similar to the following: 
    		Successfully attached a subscription for: Red Hat Satellite
    Copy to Clipboard Toggle word wrap
  3. Disable all repositories. 
    # subscription-manager repos --disable "*"
    Copy to Clipboard Toggle word wrap
  4. Enable the Red Hat Enterprise Linux 6 repository. The Red Hat Satellite 5.8 repository will be enabled automatically by the installation program.
    For ⁠AMD64 and Intel 64 
    # subscription-manager repos --enable=rhel-6-server-rpms
    Copy to Clipboard Toggle word wrap
    For IBM System z 
    # subscription-manager repos --enable=rhel-6-for-system-z-rpms
    Copy to Clipboard Toggle word wrap

3.2.7. Installing the Managed Database
Copy link

The Managed Database component installs essential packages containing the database server and Red Hat Satellite tools to a host separate from the Red Hat Satellite server.

Note

The same media used for a Red Hat Satellite installation is also used for the Managed Database installation.

Procedure 3.12. Installing the Managed Database

  1. Log into the host to be used for the Managed Database as the root user.
  2. Navigate to the directory containing the Satellite installation program. 
    # cd /media/cdrom
    Copy to Clipboard Toggle word wrap
  3. Run the installation program with the --managed-db option. 
    # ./install.pl --managed-db
    Copy to Clipboard Toggle word wrap
  4. The installation program asks for the following information.
    • Database name
    • Database user
    • Database password
    • A comma-separated list of local addresses to listen. Leave blank for all addresses.
    • A comma-separated list of remote addresses in address/netmask format. The Managed Database allows connections from these addresses. 
    Database name: mydb
Database user: mydbuser
Database password:  mydbpassword
Local addresses to listen on (comma-separated, RETURN for all): 127.0.0.1
Remote addresses to allow connection from (address/netmask format, comma-separated): 192.168.1.10/32
Initializing database:                                     [  OK  ]
Starting postgresql service:                               [  OK  ]
    Copy to Clipboard Toggle word wrap
The installation program installs the necessary packages for your Managed Database, including a set of management tools for the database. It also prepares the database and starts the PostgreSQL service.
The Managed Database host is registered with the Red Hat Content Delivery Network during its installation. After Red Hat Satellite 5.8 is installed and configured, you can register the Managed Database host to Satellite. This option has the advantage that the Managed Database Host's underlying instance of Red Hat Enterprise Linux 6 is managed from Satellite. As a prerequisite, you must first synchronize the Red Hat Satellite Managed DB child channel in Satellite. For full details on registering systems to Satellite and subscribing to channels, see the Red Hat Satellite 5.8 Getting Started Guide.

3.2.8. Installing Satellite
Copy link

The following procedure starts the installation procedure for Red Hat Satellite using a Managed Database. Ensure to run this procedure as the root user.

Warning

The Installation Script installs all available package updates, which may include the kernel.

Procedure 3.13. Running Installation Script

  1. Run the installer script from the /media/cdrom/ directory: 
    # ./install.pl --external-postgresql
    Copy to Clipboard Toggle word wrap
    The installation program first verifies the requirements in Chapter 2, Requirements are met before proceeding. 
    * Starting the Red Hat Satellite installer.
* Performing pre-install checks.
* Pre-install checks complete.  Beginning installation.
    Copy to Clipboard Toggle word wrap
  2. The script performs host registration with Red Hat Subscription Manager (if not already done), installs and updates all required packages, and populates the database on the Managed Database host. 
    * RHSM Registration.
** Registration: System is already registered with RHSM.  Not re-registering.
* RHSM Subscriptions.
** Subscriptions: Subscription providing 'Red Hat Satellite' already attached.
** Subscriptions: Subscription providing 'Red Hat Enterprise Linux Server' already attached.
** Subscriptions: Disabling all RHSM repositories (rhel-6-server-rpms).
** Subscriptions: All repositories disabled.
** Subscriptions: Enabling RHEL repository.
** Subscriptions: RHEL repository enabled.
* Checking for uninstalled prerequisites.
** Checking if yum is available ...
There are some packages from Red Hat Enterprise Linux that are not part
of the @base group that Satellite will require to be installed on this
system. The installer will try resolve the dependencies automatically.
However, you may want to install these prerequisites manually.
Do you want the installer to resolve dependencies [y/N]? y
* Installing Satellite packages.
Warning: yum did not install the following packages:
	libXt
* Now running spacewalk-setup.
* Setting up SELinux..
** Database: Setting up database connection for PostgreSQL backend.
Hostname (leave empty for local)? satellite-db.example.com
Port [5432]?
Database? mydb
Username? mydbuser
Password? ************
** Database: Populating database.
*** Progress: ####################################
    Copy to Clipboard Toggle word wrap

3.2.9. Configuring the Satellite
Copy link

The installation program performs some basic configuration tasks on your Red Hat Satellite environment.
The Red Hat Satellite Installer downloads and installs the Red Hat GPG key and sets up the /root/.gnupg/ directory, if required. 
* Configuring tomcat.
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
Copy to Clipboard Toggle word wrap
At the prompt, enter the email address to which you would like notifications from Red Hat Satellite to be sent. Due to the large volume of emails, choose a general email address rather than the address of an individual. 
You must enter an email address.
Admin Email Address? admin@example.com
* Performing initial configuration.
Copy to Clipboard Toggle word wrap
To activate Red Hat Satellite, provide the location of your manifest file, downloaded in Section 3.2.3, “Generating a Manifest”. 
* Activating Red Hat Satellite.
Where is your satellite manifest file? /path/manifest_file.zip
** Loading Red Hat Satellite Manifest.
** Verifying manifest locally.
** Activating Red Hat Satellite.
Copy to Clipboard Toggle word wrap
The next step is to create a CA certificate for SSL access. Answer y to the Apache SSL configuration question, then answer the CA certificate questions.
CA cert
Enter a password for the certificate.
Organization
Enter the name of your organization.
Organization Unit
Enter the name of your department within your organization.
Email Address
Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
City
Enter your city.
State
Enter your state.
Country
Enter your country. The country code must be exactly two letters, or the certificate generation fails. Type ? to see a list of country codes. 
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? 
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password? 
Re-enter CA certificate password? 
Organization? Red Hat
Organization Unit [satellite.example.com]? Sales
Email Address [admin@example.com]? admin@example.com
City? Raleigh
State? NC
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
Copy to Clipboard Toggle word wrap
After the CA certificate is created, you are asked if you want to enable the services required by Cobbler. If you will be using PXE provisioning functionality, reply y. 
* Setting up Cobbler..
cobblerd does not appear to be running/accessible
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
Copy to Clipboard Toggle word wrap
After Cobbler is configured, the installation script restarts the associated services. 
* Restarting services.
Installation complete.
Visit https://satellite.example.com to create the satellite administrator account.
Copy to Clipboard Toggle word wrap
If you will be using Cobbler for provisioning hosts, grant Cobbler write access to the /tftpboot directory. 
setsebool -P cobbler_anon_write on
Copy to Clipboard Toggle word wrap
The Red Hat Satellite installation is now complete. Continue with the instructions in Chapter 4, Configuration.
This scenario details the steps for an External Database Installation. You would use an External Database Installation to use Red Hat Satellite with existing database infrastructure and to keep the database separate from the Satellite server.
This scenario requires two hosts:

3.3.1. External Database Requirements
Copy link

The External Database version of Red Hat Satellite requires additional hardware considerations. This section specifies these requirements when installing the Red Hat Satellite server and connecting to an external database.
Red Hat supports Red Hat Satellite installations on a External Database using one of the following:
  • PostgreSQL 9.5
  • Oracle Database 12c Standard and Enterprise Edition
  • Oracle Database 11g Standard and Enterprise Edition
  • Oracle Database 10g Release 2 Standard and Enterprise Edition
Ensure the External Database runs on a different server to the Red Hat Satellite.

Note

Red Hat Satellite 5.8 supports various database migrations specified in Section 12.8, “Migrating the Database”.

Important

Red Hat does not provide support or tools for External Database maintenance. This includes backups, upgrades, and database tuning. Customers using an External Database require their own database administrator to support and maintain the database.
3.3.1.1. PostgreSQL Database Requirements
Copy link
Red Hat Satellite requires the following packages installed on the Red Hat Enterprise Linux system chosen to host the PostgreSQL External Database:
  • rh-postgresql95
  • rh-postgresql95-postgresql
  • rh-postgresql95-postgresql-contrib
  • rh-postgresql95-postgresql-libs
  • rh-postgresql95-postgresql-server
  • rh-postgresql95-postgresql-pltcl

Note

These packages may include dependencies that also need to be installed.
To install these packages on Red Hat Enterpise Linux, log in to your External Database host and run the following command: 
# subscription-manager repos --enable=rhel-server-rhscl-6-rpms
# yum install rh-postgresql95 rh-postgresql95-postgresql rh-postgresql95-postgresql-contrib rh-postgresql95-postgresql-libs rh-postgresql95-postgresql-server rh-postgresql95-postgresql-pltcl
Copy to Clipboard Toggle word wrap
This adds the Red Hat Software Collections repository to your system. This repository contains the necessary PostgreSQL packages.
Initialize and start the database: 
# service rh-postgresql95-postgresql initdb
# service rh-postgresql95-postgresql start
# chkconfig rh-postgresql95-postgresql on
Copy to Clipboard Toggle word wrap
Switch to the postgres user and run PostgreSQL through the Software Collections tool: 
# su postgres
bash-4.1$ scl enable rh-postgresql95 'psql'
Copy to Clipboard Toggle word wrap
Create the Satellite database, Satellite database user, and enable the plpgsql and pltclu languages: 
postgres=# CREATE USER mydbuser WITH PASSWORD 'mydbpassword';
postgres=# ALTER USER mydbuser WITH SUPERUSER;
postgres=# CREATE DATABASE mydb OWNER mydbuser;
postgres=# \connect mydb
mydb=# CREATE EXTENSION plpgsql;
mydb=# CREATE EXTENSION pltclu;
mydb=# \q
Copy to Clipboard Toggle word wrap

Important

The mydb, mydbuser, and mydbpassword values are used for example purposes. Substitute these values for your own to secure the database.
Switch back to the root user and edit the /var/opt/rh/rh-postgresql95/lib/pgsql/data/pg_hba.conf file: 
bash-4.1$ exit
# vi /var/opt/rh/rh-postgresql95/lib/pgsql/data/pg_hba.conf
Copy to Clipboard Toggle word wrap
Add a line to allow access to the database from your Satellite server. For example: 
host mydb mydbuser 192.168.1.0/24 md5
Copy to Clipboard Toggle word wrap
This example allows remote access to the mydb database using the mydbuser from any system on the 192.168.1.0/24 network. The accepted authentication must also use an MD5-encrypted password.
Add or edit the following parameters in the configuration file /var/opt/rh/rh-postgresql95/lib/pgsql/data/postgresql.conf. 
listen_addresses = '*'
bytea_output = 'escape'
Copy to Clipboard Toggle word wrap
The listen_addresses parameter opens communication to the database from other systems. The bytea_output parameter sets the correct encoding for bytea datatypes. Without this parameter, Satellite's Taskomatic service fails.
Restart the PostgreSQL server for these changes to take effect: 
# service rh-postgresql95-postgresql restart
Copy to Clipboard Toggle word wrap
3.3.1.2. Oracle Database Requirements
Copy link
The Oracle database should have a user assigned to Red Hat Satellite with full DDL and DML access to that user's default tablespace. The user needs standard connection information for the database at the time of installation.
The explicit access levels required by the Oracle database user are as follows:
  • ALTER SESSION
  • CREATE SEQUENCE
  • CREATE SYNONYM
  • CREATE TABLE
  • CREATE VIEW
  • CREATE PROCEDURE
  • CREATE TRIGGER
  • CREATE TYPE
  • CREATE SESSION
  • CREATE OPERATOR
  • SELECT ON V_$PARAMETER

Warning

Database administrators must grant these privileges explicitly to the Satellite database user and not through a role.
Additional database requirements include:
  • Security Identifier (SID)
  • Listener Port
  • Username
  • UTF-8 character set

Important

Ensure that the NLS_CHARACTERSET setting is set to "UTF8" when using an external database, not 'AL32UTF8' or other charsets. Using other charsets may lead to problems later.
Red Hat Satellite does not use the NLS_NCHAR_CHARACTERSET setting. Leave this setting as the default 'AL16UTF16'.
Two additional suggested recommendation for user's default tablespace include:
  • Uniform Extent Size
  • Auto Segment Space Management
The disk layout on the database machine is independent of Red Hat Satellite and entirely up to the customer.

Important

Red Hat supports Red Hat Satellite's interactions with an external, third-party (such as Oracle) database as long as the external, third-party database is configured per Red Hat's documentation. Red Hat supports any Red Hat Satellite version-specific schema, package, tool or instruction set provided by Red Hat and designed to be used with a third-party database.
Customized database configuration can cause installation to fail. For example, the application of a strict tablespace quota on the Satellite database user can cause installation problems. As a result, Red Hat does not support general setup, maintenance, or troubleshooting of a third-party database outside of express interaction with Red Hat Satellite.

3.3.2. Downloading the Installation Media
Copy link

The Satellite 5.8 installation media is available for download from the Red Hat Customer Portal in ISO format.

Procedure 3.14. Download the Installation Media

  1. Log on to the Customer Portal.
  2. Click Downloads.
  3. Click Red Hat Satellite.
  4. Select 5.8 for RHEL 6 from the Versions drop-down list.
  5. Select x86_64 or s390x from the Architecture list.
  6. Download the Red Hat Satellite 5.8 Binary DVD.
  7. Depending on your preferred installation source, either copy the DVD ISO image to the Satellite host, or burn it to DVD media.
    1. If you will be mounting the ISO image and running the installation program from there, copy the ISO image to the Satellite host. 
      # scp satellite.iso root@hostname:/root
      Copy to Clipboard Toggle word wrap

      Note

      If you will be installing a Managed DB instance, also copy the ISO image to that host.
    2. If you will be mounting a DVD and running the installation program from there, burn the DVD ISO image to DVD media.

3.3.3. Mounting the Installation Media
Copy link

Mount the disc or ISO image on the server chosen to host Red Hat Satellite.

Procedure 3.15. Mounting from a disc

  1. Log into the machine as root.
  2. Insert the Red Hat Satellite Server CD or DVD containing the installation files.
  3. Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the /media/cdrom/ directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the /media/cdrom/ directory with the following command: 
    # mkdir /media/cdrom
# mount /dev/cdrom /media/cdrom
    Copy to Clipboard Toggle word wrap

Procedure 3.16. Mounting from an ISO image

  1. Log into the host as root.
  2. Mount the ISO image to a location on your filesystem: 
    # mkdir /media/cdrom
# mount -o loop iso_filename /media/cdrom
    Copy to Clipboard Toggle word wrap
The installation media is mounted at /media/cdrom/. Use this location to access the Red Hat Satellite installation program.

3.3.4. Generating a Manifest
Copy link

In previous versions of Red Hat Satellite 5, details of product subscriptions and content repositories were contained in a Satellite Certificate. You downloaded the certificate from the Red Hat Customer Portal and imported it into Satellite. From Satellite 5.8, all content and subscriptions are hosted by the Red Hat Content Delivery Network (CDN), replacing Red Hat Network.
The Red Hat Customer Portal enables you to group subscriptions into multiple subscription allocations. The Red Hat CDN uses a Subscription Manifest, instead of the certificate. A Subscription Manifest is an exported file that lists the subscriptions in one subscription allocation.

Note

If you are installing multiple instances of Satellite 5.8, ensure you divide the available subscriptions amongst the individual subscription allocations. For example, if you intend running two instances of Satellite 5.8, you might divide the subscriptions equally between the two subscription allocations.

Procedure 3.17. Generate New Satellite 5.8 Manifest

  1. Log on to the Customer Portal and navigate to Subscriptions in the upper-left corner.
  2. Navigate to Subscription Allocations.
  3. Click New subscription allocation.
  4. Enter a name in the Name field, select Satellite 5.8 from the Type drop-down list, and click Create.
  5. Navigate to the Subscription tab and click Add subscriptions.
  6. For each product to be attached to the manifest, specify the desired quantity in the Entitlements field, and click Submit. It may take several minutes for the subscriptions to be attached.
  7. Click Export Manifest and save the manifest file locally.
  8. Log out of the Customer Portal.
  9. Access the shell prompt on the host to which the manifest file was downloaded.
    Copy the manifest file to the Satellite host. In this example, the file is copied to the /root directory. 
    # scp manifest_file.zip root@satellite.example.com:/root
    Copy to Clipboard Toggle word wrap

Note

  • This section only applies to networks behind a HTTP proxy.
  • Satellite does not support NTLM as a HTTP access authentication method. Only Basic access authentication, and Digest access authentication methods are supported.
The registration of the Red Hat Enterprise Linux host requires communication between itself and the Red Hat Content Delivery Network. If there is an HTTP proxy between these two, Subscription Manager must be configured with the proxy server's details, and credentials.
Edit the configuration file /etc/rhsm/rhsm.conf, and edit the following lines, adding details of the HTTP proxy, and credentials. 
proxy_hostname = proxy_hostname
proxy_port = proxy_port
proxy_user = proxy_user
proxy_password = proxy_password
Copy to Clipboard Toggle word wrap
Registering the host to the Red Hat Content Delivery Network entitles it to content available via subscriptions. This includes content such as Red Hat Enterprise Linux, Red Hat Software Collections (RHSCL), and Red Hat Satellite.
Register your system with the Red Hat Content Delivery Network, entering your Customer Portal user name and password when prompted: 
# subscription-manager register
Copy to Clipboard Toggle word wrap
The command displays output similar to the following: 
The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
Copy to Clipboard Toggle word wrap

3.3.7. Activating the Satellite Repositories
Copy link

Installation of Red Hat Satellite 5.8 requires specific repositories to be enabled. The list of available repositories is determined by the subscription attached to the host. The following instructions detail how to identify and attach the required subscription, also which repositories must be enabled.

Procedure 3.18. Activate the Satellite Repositories

  1. List all available subscriptions, and identify the Red Hat Satellite 5 subscription.
    The list of available subscriptions may be long, but if you pipe the output into a pager utility, such as less or more, you can read the output one screenful at a time. 
    # subscription-manager list --all --available | less
    Copy to Clipboard Toggle word wrap
    Note the Pool ID as this is required to attach the subscription.
  2. Attach the subscription to the host. 
    # subscription-manager attach --pool=pool_id
    Copy to Clipboard Toggle word wrap
    The output should be similar to the following: 
    Successfully attached a subscription for: Red Hat Satellite
    Copy to Clipboard Toggle word wrap
  3. Disable all repositories. 
    # subscription-manager repos --disable "*"
    Copy to Clipboard Toggle word wrap
  4. Enable the Red Hat Enterprise Linux 6 repository. The Red Hat Satellite 5.8 repository will be enabled automatically by the installation program.
    For ⁠AMD64 and Intel 64 
    # subscription-manager repos --enable=rhel-6-server-rpms
    Copy to Clipboard Toggle word wrap
    For IBM System z 
    # subscription-manager repos --enable=rhel-6-for-system-z-rpms
    Copy to Clipboard Toggle word wrap

3.3.8. Running the Installation Program
Copy link

The following procedure starts the installation procedure for Red Hat Satellite using an External Database. Ensure you run this procedure as the root user.

Warning

The installation program updates the kernel and all required packages.

Procedure 3.19. Running Installation Program

  1. Run the installation program from the /media/cdrom/ directory. To install to an external PostgreSQL database: 
    # ./install.pl --external-postgresql
    Copy to Clipboard Toggle word wrap
    Or to install to an external Oracle database: 
    # ./install.pl --external-oracle
    Copy to Clipboard Toggle word wrap
    The installation program first verifies the requirements in Chapter 2, Requirements are met before proceeding. 
    * Starting the Red Hat Satellite installer.
* Performing pre-install checks.
* Pre-install checks complete.  Beginning installation.
    Copy to Clipboard Toggle word wrap
  2. The script performs host registration with Red Hat Subscription Manager (if not already done), installs and updates all required packages, and populates the database on the Managed Database Host. 
    * RHSM Registration.
** Registration: System is already registered with RHSM.  Not re-registering.
* RHSM Subscriptions.
** Subscriptions: Subscription providing 'Red Hat Satellite' already attached.
** Subscriptions: Subscription providing 'Red Hat Enterprise Linux Server' already attached.
** Subscriptions: Disabling all RHSM repositories (rhel-6-server-rpms).
** Subscriptions: All repositories disabled.
** Subscriptions: Enabling RHEL repository.
** Subscriptions: RHEL repository enabled.
* Checking for uninstalled prerequisites.
** Checking if yum is available ...
There are some packages from Red Hat Enterprise Linux that are not part
of the @base group that Satellite will require to be installed on this
system. The installer will try resolve the dependencies automatically.
However, you may want to install these prerequisites manually.
Do you want the installer to resolve dependencies [y/N]? y
* Installing Satellite packages.
Warning: yum did not install the following packages:
	libXt
* Now running spacewalk-setup.
* Setting up SELinux..
** Database: Setting up database connection for PostgreSQL backend.
Database "rhnschema" does not exist
** Database: Installing the database:
** Database: This is a long process that is logged in:
** Database:   /var/log/rhn/install_db.log
*** Progress: #
** Database: Installation complete.
** Database: Populating database.
*** Progress: ###########################
    Copy to Clipboard Toggle word wrap

3.3.9. Configuring the Satellite
Copy link

The installation program performs some basic configuration tasks on your Red Hat Satellite environment.
The Red Hat Satellite installation program downloads and installs the Red Hat GPG key and sets up the /root/.gnupg/ directory, if required. 
* Configuring tomcat.
* Setting up users and groups.
** GPG: Initializing GPG and importing key.
Copy to Clipboard Toggle word wrap
At the prompt, enter the email address to which you would like notifications from Red Hat Satellite to be sent. Due to the large volume of emails, choose a general email address rather than the address of an individual. 
You must enter an email address.
Admin Email Address? admin@example.com
* Performing initial configuration.
Copy to Clipboard Toggle word wrap
To activate Red Hat Satellite, provide the location of your manifest file, downloaded in Section 3.3.4, “Generating a Manifest”. 
* Activating Red Hat Satellite.
Where is your satellite manifest file? /path/manifest_file.zip
** Loading Red Hat Satellite Manifest.
** Verifying manifest locally.
** Activating Red Hat Satellite.
Copy to Clipboard Toggle word wrap
The next step is to create a CA certificate for SSL access. Answer y to the Apache SSL configuration question, then answer the CA certificate questions.
CA cert
Enter a password for the certificate.
Organization
Enter the name of your organization.
Organization Unit
Enter the name of your department within your organization.
Email Address
Enter an email address to be associated with this certificate, such as the admin email entered in the steps above.
City
Enter your city.
State
Enter your state.
Country
Enter your country. The country code must be exactly two letters, or the certificate generation fails. Type ? to see a list of country codes. 
* Configuring apache SSL virtual host.
Should setup configure apache's default ssl server for you (saves original ssl.conf) [Y]? 
** /etc/httpd/conf.d/ssl.conf has been backed up to ssl.conf-swsave
* Configuring jabberd.
* Creating SSL certificates.
CA certificate password? 
Re-enter CA certificate password? 
Organization? Red Hat
Organization Unit [satellite.example.com]? Sales
Email Address [admin@example.com]? admin@example.com
City? Raleigh
State? NC
Country code (Examples: "US", "JP", "IN", or type "?" to see a list)? US
** SSL: Generating CA certificate.
** SSL: Deploying CA certificate.
** SSL: Generating server certificate.
** SSL: Storing SSL certificates.
* Deploying configuration files.
* Update configuration in database.
Copy to Clipboard Toggle word wrap
After the CA certificate is created, you are asked if you want to enable the services required by Cobbler. If you will be using PXE provisioning functionality, reply y. 
* Setting up Cobbler..
cobblerd does not appear to be running/accessible
Cobbler requires tftp and xinetd services be turned on for PXE provisioning functionality. Enable these services [Y]?
Copy to Clipboard Toggle word wrap
After Cobbler is configured, the installation script restarts the associated services. 
* Restarting services.
Installation complete.
Visit https://satellite.example.com to create the satellite administrator account.
`
Copy to Clipboard Toggle word wrap
If you will be using Cobbler for provisioning hosts, grant Cobbler write access to the /tftpboot directory. 
setsebool -P cobbler_anon_write on
Copy to Clipboard Toggle word wrap
The Red Hat Satellite installation is now complete. Continue with the instructions in Chapter 4, Configuration.

Note

As an additional post-installation measure, perform a package update on the Satellite 5 server to ensure you are using the latest packages. For more information, see Section 12.2, “Performing Critical Updates to the Server”.

Chapter 4. Configuration
Copy link

4.1. Create Administrator Account
Copy link

Follow the on-screen instructions and visit the FQDN of your Red Hat Satellite with your web browser. Create the Administrator account, also referred to as the Organization Administrator.

4.2. Configure Red Hat Satellite
Copy link

In the Satellite web UI, click Configure Red Hat Satellite. Continue with the instructions in this chapter to complete the initial configuration of Satellite.

4.2.1. General Configuration
Copy link

The General Configuration page allows you to alter the most basic settings, such as the Administrator email address and whether Monitoring is enabled.

4.2.2. Certificate
Copy link

The Certificate page allows you to upload a new certificate. To identify the certificate's path, click Browse, navigate to the file, and select the certificate file. To input its contents, open your certificate in a text editor, copy all lines, and paste them directly into the large text field at the bottom. Red Hat recommends using the file locator as it is less error prone. Click Update to continue. If you receive errors related to DNS, ensure Red hat Satellite is configured correctly.

4.2.3. Bootstrap
Copy link

The Bootstrap page allows you to generate a bootstrap script for redirecting client systems from the central Red Hat Network Servers to Red Hat Satellite. This script, to be placed in the /var/www/html/pub/bootstrap/ directory of Red Hat Satellite, significantly reduces the effort involved in reconfiguring all systems, which by default obtain packages from the central Red Hat Network Servers. The required fields are pre-populated with values derived from previous installation steps. Ensure this information is accurate.
Checkboxes offer options for including built-in security SSL and GNU Privacy Guard (GPG) features. These options are recommended for security purposes. In addition, you may enable remote command acceptance and remote configuration management of the systems to be bootstrapped here. Both features are useful for completing client configuration. Finally, if you are using an HTTP proxy server, complete the related fields. When finished, click Generate Bootstrap Script. The Installation Complete page appears.

4.2.4. Organizations
Copy link

The Organizations page contains configuration options for logical groupings of systems, software channels, subscriptions and entitlements. A Red Hat Satellite can manage multiple organizations, each with an individual organization administrator.

4.2.5. Restart
Copy link

The Restart page contains the final step in configuring Red Hat Satellite. Click the Restart button to restart Red Hat Satellite in order to incorporate all of the configuration options added on the previous screens. Note that it will take between four and five minutes for the restart to finish.
Once Red Hat Satellite has restarted, the countdown notice disappears. You are now free to begin using your Satellite.

4.2.6. Cobbler Rebuild
Copy link

The Cobbler page contains options to rebuild or refresh Cobbler content if modified outside of Red Hat Satellite.
By default, Satellite connects to the PostgreSQL database through an unencrypted communication. However, you can set up your database connection to use SSL. An SSL connection encrypts communication between the Satellite and the database, which is an advantage if using a Managed or External database over a wide area network.
To enable SSL communication between the Satellite Server and PosgreSQL database server, complete the following procedures:
Prequisites

To enable SSL communication between the Satellite Server and PosgreSQL database server, you require the following. Consult your preferred Certificate Authority's documentation for instructions on how to create these files.

  • An SSL certificate for the Satellite Server, signed by a Certificate Authority. In the following procedures, the example filename is server.crt.
  • The private key with which you signed the certificate. In the following procedures, the example filename is server.key.
  • The Certificate Authority's certificate with which the certificate was signed. In the following procedures, the example filename is root-ca.cert.
Stop all Satellite services before configuring the database to use SSL. 
[root@satellite ~]# spacewalk-service stop
Copy to Clipboard Toggle word wrap

Procedure 4.1. Configuring SSL on the database server

  1. Login to the database server as root.
  2. Copy your signed certificate and private key to the required locations on the database server: 
    [root@database~]# cp server.{key,crt} /var/opt/rh/rh-postgresql95/lib/pgsql/data/.
[root@database~]# chown postgres:postgres /var/opt/rh/rh-postgresql95/lib/pgsql/data/server.{key,crt}
[root@database~]# chmod 0400 /var/opt/rh/rh-postgresql95/lib/pgsql/data/server.key
    Copy to Clipboard Toggle word wrap
  3. Edit the postgresql.conf file and add the following option: 
    ssl=on
    Copy to Clipboard Toggle word wrap
  4. Edit the pg_hba.conf file. This file is a permissions file for restricting access to the database. Look for a line similar to the following: 
    host    mydb mydbuser 192.168.122.0/24 md5
    Copy to Clipboard Toggle word wrap
    This line should contain your database name, database user, and IP address or range that allows connections. Change the host option to hostssl: 
    hostssl mydb mydbuser 192.168.122.0/24 md5
    Copy to Clipboard Toggle word wrap
    This changes the incoming communication protocol to use SSL and refuse any unencrypted PostgreSQL connections.
  5. Restart the rh-postgresql95-postgresql service so the changes take effect: 
    [root@database~]# service rh-postgresql95-postgresql restart
    Copy to Clipboard Toggle word wrap
The database server now only accepts connections from clients using SSL. The next procedure sets up the Satellite Server to communicate with the database using SSL.

Procedure 4.2. Configuring SSL on the Satellite Server

  1. Login to the Satellite Server as root.
  2. Copy your root-ca.cert certificate: 
    [root@satellite ~]# cp root-ca.cert /etc/rhn/postgresql-db-root-ca.cert
    Copy to Clipboard Toggle word wrap
  3. Edit the /etc/rhn/rhn.conf file and add the following option: 
    db_ssl_enabled = 1
    Copy to Clipboard Toggle word wrap
  4. Add the certificate to Satellite's Java web server keystore: 
    [root@satellite ~]# openssl x509 -in /etc/rhn/postgresql-db-root-ca.cert -out server.der -outform der
[root@satellite ~]# keytool -keystore /etc/rhn/javatruststore.jks -alias postgresql -import -file server.der
[root@satellite ~]# rm server.der
    Copy to Clipboard Toggle word wrap

    Important

    The /etc/rhn/javatruststore.jks requires a password for any modifications to the keystore. Change this password if necessary using the following command: 
    [root@satellite ~]# keytool -storepasswd -keystore /etc/rhn/javatruststore.jks
    Copy to Clipboard Toggle word wrap
  5. Restore the SELinux context of the new certificate files: 
    [root@satellite ~]# restorecon -R -F -v /etc/rhn/
    Copy to Clipboard Toggle word wrap
  6. Start the Satellite services: 
    [root@satellite ~]# spacewalk-service start
    Copy to Clipboard Toggle word wrap
The Satellite Server now communicates with the database server using SSL.

Chapter 5. Authentication
Copy link

5.1. Implementing PAM Authentication
Copy link

Red Hat Satellite supports network-based authentication systems such as LDAP and Kerberos, using Pluggable Authentication Modules (PAM). PAM is a suite of libraries that helps system administrators integrate the Satellite with a centralized authentication mechanism, thus eliminating the need for remembering multiple passwords.

Note

To ensure that PAM authentication functions properly, install the pam-devel package. 
# yum install pam-devel
Copy to Clipboard Toggle word wrap
Also make sure to update to the latest selinux-policy-targeted package. 
# yum update selinux-policy-targeted
Copy to Clipboard Toggle word wrap

Procedure 5.1. Configuring Red Hat Satellite to use PAM

  1. Set the allow_httpd_mod_auth_pam SELinux boolean to on: 
    # setsebool -P allow_httpd_mod_auth_pam 1
    Copy to Clipboard Toggle word wrap
  2. Open the /etc/rhn/rhn.conf file in your preferred text editor, and add the following line: 
    pam_auth_service = rhn-satellite
    Copy to Clipboard Toggle word wrap
    Create a PAM service file in the /etc/pam.d/ directory: 
    # touch /etc/pam.d/rhn-satellite
    Copy to Clipboard Toggle word wrap
  3. Edit the file and add one of the following, depending on your authentication method:

    Example 5.1. SSSD Authentication

    #%PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_sss.so
auth        required      pam_deny.so
account     sufficient    pam_sss.so
account     required      pam_deny.so
    Copy to Clipboard Toggle word wrap

    Example 5.2. Kerberos Authentication

    #%PAM-1.0
auth        required      pam_env.so
auth        sufficient    pam_krb5.so no_user_check
auth        required      pam_deny.so
account     required      pam_krb5.so no_user_check
    Copy to Clipboard Toggle word wrap

    Example 5.3. LDAP Authentication

    #%PAM-1.0
auth          required      pam_env.so
auth          sufficient    pam_ldap.so no_user_check
auth          required      pam_deny.so
account       required      pam_ldap.so no_user_check
    Copy to Clipboard Toggle word wrap
    For more detail about configuring PAM, see the Pluggable Authentication Modules (PAM) in the Red Hat Enterprise Linux Deployment Guide.

    Note

    For Kerberos-authenticating users, change the password by using kpasswd. Do not change the password on Red Hat Satellite web application as this method only changes the local password on the Satellite server. Local passwords are not in use if PAM is enabled for that user.
  4. Restart the service to pick up the changes: 
    # rhn-satellite restart
    Copy to Clipboard Toggle word wrap
  5. To enable a user to authenticate against PAM, select the checkbox labeled Pluggable Authentication Modules (PAM). It is positioned below the password and password confirmation fields on the Create User page.

5.2. Using Identity Management for Authentication
Copy link

Satellite 5 now offers authentication through an IdM or IPA server, which provides support for:
  • Kerberos authentication in the WebUI
  • Users do not need to be pre-created in Satellite database
  • The PAM authentication can be enabled for all users
  • User roles can be derived from user group membership in the external identity provider
  • System Groups administrators can be derived from user group membership in the external identity provider per Organization

Note

IPA authentication configuration only works with Satellite 5's Web UI. Client tools like rhn_register, rhnreg_ks, spacecmd, rhncfg-manager and the Satellite 5 API can not use IPA authentication.

5.2.1. Requirements
Copy link

Satellite Authentication through IPA has the following requirements:
  • A configured Satellite Server. The following instructions will use the hostname satellite.example.com to denote the Satellite server.
  • A configured IPA/IdM Server on Red Hat Enterprise Linux 6 or 7. The following instructions will use the hostname ipa.example.com to denote the IPA server.
  • Installation of additional packages on the Satellite server. Use the following command to install these packages from the standard Red Hat Enterprise Linux 6 and 7 repositories: 
    [root@satellite ~]# yum install ipa-client ipa-admintools sssd sssd-dbus mod_auth_kerb mod_authnz_pam mod_lookup_identity mod_intercept_form_submit -y
    Copy to Clipboard Toggle word wrap
  • The latest version of the selinux-policy package to ensure the latest SELinux Booleans are added. You can update this package with the following command: 
    [root@satellite ~]# yum update selinux-policy -y
    Copy to Clipboard Toggle word wrap

5.2.2. Enrolling the Satellite Server
Copy link

Enrol the Satellite server with the IPA server using the ipa-client-install command. This will step through the required configuration options to enrol the Satellite server. 
[root@satellite ~]# ipa-client-install
Provide the domain name of your IPA server (ex: example.com): example.com
Provide your IPA server name (ex: ipa.example.com): ipa.example.com
Hostname: satellite.example.com
Realm: EXAMPLE.COM
DNS Domain: example.com
IPA Server: ipa.example.com
BaseDN: dc=example,dc=com

Continue to configure the system with these values? [no]: yes
User authorized to enroll computers: admin
Synchronizing time with KDC...
Password for admin@EXAMPLE.COM: *********
Copy to Clipboard Toggle word wrap
When complete, the Satellite server acts as an client using the IPA Server details.
The IPA server also requires a HTTP Service for the Satellite server. Authenticate the Satellite server against the IPA server with the admin user and run the ipa service-add command: 
[root@satellite ~]# kinit admin
[root@satellite ~]# ipa service-add HTTP/satellite.example.com
--------------------------------------------------
Added service "HTTP/satellite.example.com@EXAMPLE.COM"
--------------------------------------------------
  Principal: HTTP/satellite.example.com@EXAMPLE.COM
  Managed by: satellite.example.com
Copy to Clipboard Toggle word wrap

5.2.3. Using the IPA Authentication Setup Tool
Copy link

Satellite contains a tool called spacewalk-setup-ipa-authentication, which configures your Satellite server to use IPA Authentication. The tool performs the following steps:
  • Configures Kerberos authentication on the Satellite server
  • Configures SSSD services on the Satellite server
  • Configures Satellite webservers to communicate with SSSD and observe PAM authentication
Run the command on the Satellite server to start the configuration: 
[root@satellite ~]# spacewalk-setup-ipa-authentication
Copy to Clipboard Toggle word wrap

5.2.4. Finalizing Authentication Configuration
Copy link

Log in as the Satellite administration user and navigate to AdminUsersExternal Authentication. Set the Default organization to the default organization for new users authenticating through IPA. Click Update to save this option.
Users can now login to Satellite using their IPA credentials.
The IPA server contains a parameter for the Organizational Unit for each user. Satellite can use this value to map to its own Organizations. This adds specific users to Organizations based upon the Organizational Unit value (ou) in the IPA server.
Log in as the Satellite administration user and navigate to AdminUsersExternal Authentication. Enable the Use organization unit name passed from IPA option and click Update.
Satellite now adds users to Organizations based on each user's Organizational Unit in the IPA server. Users with no Organizational Unit are assigned to the default organization.

5.2.6. Configuring IPA to Use Groups (Optional)
Copy link

The IPA server contains parameters for Groups, which Satellite can map to roles. This provides a method to use role-based permissions for IPA users.
Log in as the Satellite administration user and navigate to AdminUsersExternal AuthenticationGroup Role Mapping. Click the Create new external group link and enter the following details:
  • External Group Name - Enter the name of the group from the IPA server.
  • Administrative Roles and Roles - Select roles to assign to the group. For example, assign the Channel Administrator.
Click Create to complete the group creation.
Satellite now assigns permissions to users based on each user's IPA groups.

Chapter 6. Entitlements
Copy link

Red Hat manages customer entitlements through subscriptions. When you purchase a subscription, it entitles you to install and use one or more Red Hat products, and receive technical support directly from Red Hat. An active subscription provides access to one or more software repositories, including applicable errata.
Red Hat Enterprise Linux systems registered to Red Hat Subscription Management obtain software subscriptions directly from the Red Hat Content Delivery Network (CDN). Systems registered to Red Hat Satellite instead obtain software subscriptions from the Satellite server. To provide subscriptions to registered hosts, a Satellite server must have the required subscriptions available. These subscriptions are packaged in a manifest file, which must be downloaded from the Red Hat Customer Portal, and uploaded to Satellite. For hosts registered to the Satellite server, subscriptions are managed via the Satellite web UI.
The Red Hat Satellite 5.8 installer requires a manifest file to activate it. A manifest file contains details of subscriptions, products, and content repositories. Activation entitles the Satellite server to synchronize content from the Red Hat CDN. The repositories available to Satellite are determined by the active manifest. Satellite is activated on installation, but over the lifespan of a Satellite installation, the manifest may need to be updated. It is also sometimes necessary to query the activate manifest. Common use cases for updating and querying the active manifest are covered in this section.

6.1. Activating Satellite
Copy link

Sometimes it is necessary to query, or refresh the available subscriptions. Common use cases for managing subscriptions include the following:
  • Satellite was not activated on installation, and now you need to activate it.
  • You need details of the active manifest, including the quantity of subscriptions, their expiry date, and the products included.
  • You have changed subscriptions and need these changes applied to Satellite.
  • Product entitlements have been changed by Red Hat, and these changes need to be reflected in Satellite. For example, SKU, products, and associated repositories are sometimes changed by Red Hat. These changes are reflected automatically in the Red Hat Customer Portal, but Satellite must be refreshed manually.
Included in this section are example use cases, and instructions on how to complete them. There is some variation to these procedures, depending on Satellite being either in connected or disconected mode. Most of these use cases require the CLI tool rhn-satellite-activate. For details on rhn-satellite-activate, append --help, or view the man page by entering the command man rhn-satellite-activate.

Procedure 6.1. Activating Red Hat Satellite via the Satellite web UI

Prerequisite

Create the manifest on the Red Hat Customer Portal, then download the manifest file to your computer. For details, see Section 3.1.3, “Generating a Manifest”.

  1. Login to the Satellite 5 server web UI, click on Admin, then Red Hat Satellite Configuration and click Manifest.
  2. Click Choose file:, select the manifest file, then click Update.
    When the update completes, the message Manifest uploaded. Red Hat Satellite has been re-activated. indicates it has been successful.

Procedure 6.2. Activating Red Hat Satellite via the Command Line

Prerequisite

Create the manifest on the Red Hat Customer Portal, download the manifest file to your computer, then copy it to the Satellite server. For details, see Section 3.1.3, “Generating a Manifest”.

  • Activate Red Hat Satellite.
    1. Run the following command if Satellite is in connected mode. 
      # rhn-satellite-activate --manifest=manifest_file.zip
      Copy to Clipboard Toggle word wrap
    2. Run the following command if Satellite is in disconnected mode. 
      # rhn-satellite-activate --disconnected --manifest=manifest_file.zip
      Copy to Clipboard Toggle word wrap

Note

When activating Satellite with a new manifest as part of a Satellite upgrade, you need to add the --ignore-version-mismatch option to the rhn-satellite-activate command. See Chapter 10, Upgrades and /etc/sysconfig/rhn/satellite-upgrade/README for more information.
Once Red Hat Satellite is activated, it serves packages locally and, if in connected mode, synchronizes with the Red Hat Content Delivery Network. See Chapter 8, Content and Synchronization for more information.

6.2. Viewing Details of a Manifest
Copy link

You can view details of either the manifest already active in Satellite, or one you downloaded from the Red Hat Customer Portal. This can be used, for example, to confirm that content you want to distribute to hosts is contained in the manifest.
View detailed information about a manifest file. 
# rct cat-manifest manifest_file.zip
Copy to Clipboard Toggle word wrap
View brief details of the active manifest. 
# rhn-satellite-activate --manifest-info
Name: testhost.example.com
UUID: eb83a78a-caa7-4d38-8d5a-68a335a1a8a2
Owner ID: 5894300
Satellite version: 5.8
Created: 2017-06-20T03:35:57.483+0000
API URL: https://subscription.rhn.redhat.com/subscription/consumers/
Copy to Clipboard Toggle word wrap
View detailed information about the active manifest. 
# rct cat-manifest /etc/sysconfig/rhn/rhsm-manifest.zip
Copy to Clipboard Toggle word wrap
The detailed output includes the start and end dates of the current subscriptions, total quantity, service level, and a list of the products included in the subscription. The output from this command may be very long, so to see only the high-level information, append | head -n 32, to display only the first 32 lines. With this information available, you could search it for specific content, for example with a text editor, or the grep tool.

6.3. Refreshing the Current Subscriptions
Copy link

When you change subscriptions on the Red Hat Customer Portal, the subscription details in Satellite must be refreshed.
Refreshing Subscriptions on Satellite Server in Connected Mode

If Satellite server is in connected mode, you can refresh the subscriptions with one command. The parameter --manifest-refresh instructs rhn-satellite-activate to download the manifest, then reactivate it. 

# rhn-satellite-activate --manifest-refresh
Copy to Clipboard Toggle word wrap
Refreshing Subscriptions on Satellite Server in Disconnected Mode

If the Satellite server is in disconnected mode, you must first create the manifest on the Red Hat Customer Portal, download the manifest file to your computer, then copy it to the Satellite server. For details, see Section 3.1.3, “Generating a Manifest”.

Activate Satellite with the new manifest file, in disconnected mode. 
# rhn-satellite-activate --disconnected  --manifest=manifest_file.zip
Copy to Clipboard Toggle word wrap
The output of the refresh should be similar to the following: 
13:35:56 Downloading manifest...
13:37:14 Populating channel families...
13:37:14 Updating certificates...
13:37:14 Updating manifest repositories...
Copy to Clipboard Toggle word wrap

6.4. Refreshing Product Entitlements
Copy link

If product entitlements in the Customer Portal are changed, the current subscriptions in Satellite must be refreshed. The process consists of removing all subscriptions from the current manifest, attaching them again, then downloading and reactivating Satellite with the new manifest.
Refreshing Product Entitlements on Satellite Server in Connected Mode

Request regeneration of entitlement certificates on the Red Hat Customer Portal. 

# rhn-satellite-activate --manifest-reconcile-request
Copy to Clipboard Toggle word wrap
Download the manifest and reactivate Satellite. 
# rhn-satellite-activate --manifest-refresh
Copy to Clipboard Toggle word wrap
Refreshing Product Entitlements on Satellite Server in Disconnected Mode

Recreate the manifest on the Red Hat Customer Portal, download the manifest file to your computer, then copy it to the Satellite server. For details, see Section 3.1.3, “Generating a Manifest”.

Refresh Satellite with the new manifest file, in disconnected mode. 
# rhn-satellite-activate --disconnected --manifest=manifest_file.zip
Copy to Clipboard Toggle word wrap

6.5. Subscription Expiration
Copy link

Red Hat Satellite certificates expire at 11:59:59 PM on the date listed in the certificate's expires field. The Satellite server's time zone is used. New certificates become active at 12:00:00 AM on their issued date.
A manifest file may contain multiple subscriptions, each with their own validity period. A subscription can provide access to multiple product repositories. When a subscription expires, access to those repositories is no longer available, so Satellite cannot synchronize their content. However, if an active subscription provides access to one or more of the same repositories, Satellite will continue to synchronize the content of those repositories. Repositories not included in an active subscription are unable to be synchronized.
For details on confirming the validity period of subscriptions contained in a manifest, see Section 6.2, “Viewing Details of a Manifest”.

Chapter 7. Virtualization Agent (virt-who)
Copy link

virt-who is an agent for reporting virtual guest IDs to Satellite. virt-who has the ability to scan for third-party hypervisors, register the hypervisors on the Satellite, and upload a list of guest UUIDs associated with the hypervisors.

7.1. Setting up the Virtualization Agent
Copy link

The Virtualization Agent can be installed on the Satellite server or on a separate host. If using a separate host, use the following requirements guidelines for your virt-who installation:
  • Red Hat Enterprise Linux 6 or above.
  • Access to both the Red Hat Satellite and the hypervisor on port 443, TCP. In addition, you must create a user in your virtualization environment so that the Virtualization Agent can read information about hypervisors and guests. This can be a user with read-only permission.
  • The system must be registered to either Red Hat Subscription Manager, or the Red Hat Satellite and subscribed to the Satellite Tools channel.
To set up virt-who on the Red Hat Satellite:
  1. Login as root on the Red Hat Satellite.
  2. Install the virt-who package: 
    # yum install virt-who
    Copy to Clipboard Toggle word wrap
  3. Edit the following entries in the /etc/sysconfig/virt-who file: 
    # Start virt-who on background, perform doublefork and monitor for virtual guest
# events (if possible). It is NOT recommended to turn off this option for
# starting virt-who as service.
VIRTWHO_BACKGROUND=1

# Enable debugging output.
# optional
VIRTWHO_DEBUG=1

# virt-who subscription manager backend, enable ony one option from following 2:
# Report to Subscription Asset Manager (SAM)
VIRTWHO_SAM=0
# Report to Satellite
VIRTWHO_SATELLITE=1
    Copy to Clipboard Toggle word wrap
    Edit the virtualization options for your virtualization environment type. For example, for Red Hat Enterprise Virtualization: 
    # Register guests using RHEV-M
VIRTWHO_RHEVM=1

# Options for RHEV-M mode
VIRTWHO_RHEVM_ENV=not-used
VIRTWHO_RHEVM_SERVER=server_hostname_or_IP
VIRTWHO_RHEVM_USERNAME=server_login
VIRTWHO_RHEVM_PASSWORD=server_password
    Copy to Clipboard Toggle word wrap
    For VMware ESX: 
    # Register ESX machines using vCenter
VIRTWHO_ESX=1

# Option for ESX mode
VIRTWHO_ESX_ENV=not-used
VIRTWHO_ESX_OWNER=organization_id
VIRTWHO_ESX_SERVER=server_hostname_or_IP
VIRTWHO_ESX_USERNAME=server_login
VIRTWHO_ESX_PASSWORD=server_password
    Copy to Clipboard Toggle word wrap

    Note

    The user for accessing the virtualization environment only requires read-only permissions. For security, create a new user in your virtualization environment with read-only permissions and nothing else.
    Finally, edit the Satellite options and enter your server details: 
    # Option for Satellite backend
VIRTWHO_SATELLITE_SERVER=satellite_hostname
VIRTWHO_SATELLITE_USERNAME=username
VIRTWHO_SATELLITE_PASSWORD=password
    Copy to Clipboard Toggle word wrap
  4. Start the virt-who service: 
    service virt-who start
    Copy to Clipboard Toggle word wrap
    Starting the virt-who service will gather the host/guest UUID information and send the information to the Satellite. It will also scan the /var/lib/virt-who/hypervisor-systemid-[UUID] file to check if the hypervisor has already been registered to the Red Hat Satellite. If it does, the existing hypervisor system information on the Red Hat Satellite is updated. If it does not exist on the Satellite, the new hypervisor wil be registered.

Note

If a hypervisor is deleted, its corresponding file needs to be removed from /var/lib/virt-who/hypervisor-systemid-UUID, and the hypervisor needs to be manually removed via the satellite web UI.
If your environment contains more than one of the same virtualization environment type, add multiple configuration files to the /etc/virt-who.d/ instead of adding details for a single configuration in the /etc/sysconfig/virt-who file. For example: 
[test-esx-1]
type=esx
server=10.1.1.1
username=admin
password=password

[test-esx-2]
type=esx
server=10.1.2.1
username=admin
password=password
Copy to Clipboard Toggle word wrap

7.1.1. VMware Configuration Scenario
Copy link

The following scenario configures virt-who for use in a VMware environment. This includes creating the user in Active Directory with read-only permissions for virt-who to use.
Satellite requires open access to vCenter on ports 80 and 443. Before following these steps, create a firewall exception to allow connections on port 80 and 443 from the Red Hat Satellite server to the vCenter.
First, create the virtwho-readonly-user account in Active Directory and provide access to vCenter:
  1. Run the Active Directory Users and Computers program on your Windows machine with a user that has rights to add users into your domain. Create a user named virtwho-readonly-user.
  2. Log in to vSphere Web Client using an account with administrator privileges.
  3. Navigate to HomeAdministrationSingle Sign-OnConfiguration.
    Navigate to Single Sign-On Configuration
    View larger image
    Navigate to Single Sign-On Configuration

    Figure 7.1. Navigate to Single Sign-On Configuration

  4. Navigate to the Identity Sources tab, press the plus icon, and select the Active Directory identity source. This adds Active Directory identity source, including the virtwho-readonly-user user.
    Add the Identity Source
    View larger image
    Add the Identity Source

    Figure 7.2. Add the Identity Source

  5. Navigate to HomevCenter and select the vCenter to grant access to virtwho-readonly-user.
    Navigate to vCenter
    View larger image
    Navigate to vCenter

    Figure 7.3. Navigate to vCenter

  6. Navigate to ManagePermissions and press the plus icon to open the Add Permission dialog.
    Click the plus icon
    View larger image
    Click the plus icon

    Figure 7.4. Click the plus icon

  7. Select the virtwho-readonly-user.
  8. Select the Read-only role.
  9. Click OK to save the permissions.
  10. Log out and test the virtwho-readonly-user in vCenter. Make sure the inventory shows the resources that virtwho-readonly-user can access.
Next, install and configure virt-who to communicate with vCenter:
  1. Log in to the Satellite server and install virt-who: 
    # yum install virt-who
    Copy to Clipboard Toggle word wrap
  2. Edit the /etc/sysconfig/virt-who file and use the following options: 
    # virt-who options
VIRTWHO_BACKGROUND=1
VIRTWHO_DEBUG=1

# Enable virt-who with VMware
VIRTWHO_ESX=1

# Options for ESX mode
VIRTWHO_ESX_ENV=not-used
VIRTWHO_ESX_OWNER=[organization_id]
VIRTWHO_ESX_SERVER=vcenter.example.com
VIRTWHO_ESX_USERNAME=DOMAIN\\virtwho-readonly-user
VIRTWHO_ESX_PASSWORD=*******

# Report to Satellite
VIRTWHO_SAM=0
VIRTWHO_SATELLITE=1
    Copy to Clipboard Toggle word wrap
    Replace [organization_id] with the ID of your target organization on your Satellite server.
  3. Start and enable the virt-who service: 
    # service virt-who start
# chkconfig virt-who on
    Copy to Clipboard Toggle word wrap
virt-who now gathers host and guest UUIDs from vCenter for Satellite to use.

7.2. Setting up Guests
Copy link

All virtual systems on the hypervisor need to be registered to the Satellite to make sure that virt-who links these guests to the hypervisor correctly.
To register a guest on the VMWare ESX hypervisor to the Satellite:
  1. Download the SSL cert from the Satellite to the guest system: 
    # rpm -Uvh https://satellite_hostname.example.com/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
    Copy to Clipboard Toggle word wrap
  2. Edit the following entries in the /etc/sysconfig/rhn/up2date: 
    serverURL=https://satellite.hostname.example.com/XMLRPC
sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
    Copy to Clipboard Toggle word wrap
  3. Register the guest to the Satellite by running the command: 
    # rhnreg_ks --username sat_username --password sat_password
    Copy to Clipboard Toggle word wrap

7.3. Verifying the Setup
Copy link

Once all the configuration has been completed, the following steps should verify that virt-who is detecting all hypervisors and guest clients:
  1. Log in to the Satellite.
  2. Click on Systems to go to the Systems Overview page.
  3. Click on a system name.
  4. Check the following information on the System Details page:
    • Checked-In Time - this field should update every time virt-who is run.
    • System ID - this should match the system ID of the guest client in the hypervisor.
    • Guests - this column is located in the Virtualization subtab. All guest machines from the hypervisor should be listed in this section:
      • Systems that are not registered to the Satellite will appear as "virtual machine from [VMTYPE] hypervisor [UUID]" For example, "VM from esx hypervisor 92ffdfd8-14a2-11e3-ad37-a213e27ebfdc"
      • Systems that are registered to the Satellite will reflect the name given at registration and will link to the Satellite's records of the registered system

Chapter 8. Content and Synchronization
Copy link

Your Red Hat Satellite Server installation is complete. The next step is to provide it with packages and channels for use with client systems. This chapter explains how to import content and keep it up-to-date.
Ensure you meet the following prerequisites before performing a Red Hat Satellite synchronization:
  • A successful Red Hat Satellite installation.
  • The Red Hat Satellite requires access to one of the following content sources:
    • The Red Hat Content Delivery Network (CDN) via the Internet.
    • Red Hat Network Channel Content ISOs.
    • Red Hat Satellite Exporter data.
The tool used to synchronize content depends on the content source. If content is being synchronized from the Red Hat Content Delivery Network (CDN) via the Internet, the Content Delivery Network Synchronization (cdn-sync) tool is used. If content is being synchronized from Red Hat Network Channel Content ISOs, or from one Satellite instance to another Satellite instance, the Satellite Synchronization (satellite-sync) tool is used. The sections in this chapter explain the use of each tool and its use with each content source type.
The new tool was introduced with Red Hat Satellite 5.8 because of the retirement of the Red Hat Network. To ease the transition, the cdn-sync tool has many of the same parameters as the satellite-sync tool.

8.1. Red Hat Satellite CDN Synchronization Tool
Copy link

The Red Hat Satellite CDN Synchronization Tool (cdn-sync) enables a Satellite server to synchronize its repositories, and associated metadata, with the Red Hat Content Delivery Network (CDN).

Important

The cdn-sync tool imports a large amount of data, especially on newly installed Red Hat Satellite servers. If your database has performance issues after a significant amount of data changes, consider gathering statistics on the database.
In its simplest usage, run the cdn-sync command, and the synchronization of all packages in all available repositories begins. The total amount of data to be downloaded can be very large, so Red Hat recommends you first evaluate the amount of data to be downloaded, and determine a suitable strategy to minimize its impact on network load. For example, you could identify those channels with the most content, and schedule their synchronization accordingly.
In earlier versions of Red Hat Satellite, the satellite-sync -l command would list the number of packages per channel by default. The Red Hat CDN is repository based, and does not allow the number of packages per repository to be shown in real time. To provide this information, you must use the --count-packages parameter. The first time this parameter is used, it may take a long time time to process the data, depending on your manifest and the number of accessible repositories and channels. However the first run creates a cache, so subsequent runs are faster. For example, the first run might take an hour, and subsequent runs from 5 to 10 minutes.
The cdn-sync tool logs its activity in the file /var/log/rhn/cdnsync.log. It also logs the synchronization of each channel in /var/log/rhn/cdnsync/channel_name.

8.1.1. Calculating Data Download Size
Copy link

To calculate the amount of data to be downloaded, list all channels and their total disk space sizes. 
# cdn-sync --list-channels --count-packages
Copy to Clipboard Toggle word wrap
Extract from output of cdn-sync --list-channels --count-packages command. 
12:18:48   . rhel-x86_64-server-7             14232 packages (18.4G)
12:18:48   . rhel-x86_64-server-7-htb         5200 packages (4.1G)
12:18:48   . rhel-x86_64-server-7.1.eus       8056 packages (10.5G)
12:18:48   . rhel-x86_64-server-7.2.eus       11697 packages (15.3G)
Copy to Clipboard Toggle word wrap

8.1.2. Synchronize Select Channels
Copy link

When you have determined the names of channels to be synchronized, list them in the cdn-sync command's --channel parameter. Note that the --channel parameter accepts only one channel. To synchronize multiple channels, either repeat the cdn-sync command, or repeat the --channel parameter.
Example cdn-sync command to synchronize the four example channels in Section 8.1.1, “Calculating Data Download Size”. 
# cdn-sync --channel rhel-x86_64-server-7 \
--channel rhel-x86_64-server-7-htb \
--channel rhel-x86_64-server-7.1.eus \
--channel rhel-x86_64-server-7.2.eus
Copy to Clipboard Toggle word wrap

8.2. Synchronization with Local Media
Copy link

Although it is possible to conduct the import directly from the Red Hat Network website, this should be done only if Channel Content ISOs are not available. It takes a long time to download a channel's content via the Internet. For this reason, Red Hat recommends you use ISOs, if they are available, for the initial import.

8.2.1. Preparing for Import from Local Media
Copy link

Channel Content ISOs are special collections that contain both packages and XML dumps of metadata. Download the ISO images from the Red Hat Customer Portal website on a machine connected to the Internet and then transfer to the Red Hat Satellite.

Procedure 8.1. Obtain the Channel Content ISOs

  1. Log into the web interface.
  2. Click Channels in the top navigation bar.
  3. Click on the Red Hat Satellite channel. Ensure you select the Satellite channel that corresponds to your version of Satellite.
  4. Click the Downloads tab and use the instructions on the page to obtain the Channel Content ISOs, available by version of Red Hat Enterprise Linux.
  5. If the desired Channel Content ISOs do not appear, ensure your Red Hat Entitlement Certificate has been uploaded to Red Hat Network and correctly identifies the target channels.
This next procedure mounts the Channel Content ISOs and copies the contents to a temporary repository directory.

Procedure 8.2. Mount and copy Channel Content ISOs

  1. Log into the machine as root.
  2. Create a directory in /mnt/ to store the file(s) with the command: 
    # mkdir /mnt/import/
    Copy to Clipboard Toggle word wrap
  3. Mount the ISO file using the following command: 
    # mount [iso_filename] /mnt/import -o loop
    Copy to Clipboard Toggle word wrap
  4. Create a target directory for the files: 
    # mkdir /var/rhn-sat-import/
    Copy to Clipboard Toggle word wrap
  5. This sample command assumes the administrator wants to copy the contents of the ISO (mounted in /mnt/import/) into /var/rhn-sat-import/: 
    # cp -ruv /mnt/import/* /var/rhn-sat-import/
    Copy to Clipboard Toggle word wrap
  6. Then unmount /mnt/import in preparation for the next ISO: 
    # umount /mnt/import
    Copy to Clipboard Toggle word wrap
  7. Repeat these steps for the channel content ISO file of every channel that you need to import separately. Do not use combined full or incremental sources of channel content ISOs.

8.2.2. Import from Local Media
Copy link

The following process assumes the user has completed Section 8.2.1, “Preparing for Import from Local Media” and copied all data to /var/rhn-sat-import .
  1. List the channels available for import. 
    # satellite-sync --list-channels --mount-point=/var/rhn-sat-import
    Copy to Clipboard Toggle word wrap
  2. Initiate the import of a specific channel using a channel label presented in the previous list. 
    # satellite-sync --channel=[channel-label] --mount-point=/var/rhn-sat-import
    Copy to Clipboard Toggle word wrap

    Note

    Importing package data can take up to two hours per channel. Register systems to channels as soon as they appear in the Red Hat Satellite web interface. No packages are necessary for registration, although updates cannot be retrieved from the Satellite until the channel is completely populated.
  3. Repeat this step for each channel or include them all within a single command by passing each channel label preceded with an additional -c flag, like so: 
    # satellite-sync -c [channel-label-1] -c [channel-label-2] --mount-point /var/rhn-sat-import
    Copy to Clipboard Toggle word wrap
After running the preceding command, the population of the channel executes until completion. All packages move out of the repository; verify with the following command: 
# cd /var/rhn-sat-import/; ls -alR | grep rpm
Copy to Clipboard Toggle word wrap
If all RPMs are installed and moved to their permanent locations, the count appears as zero. If so, remove the temporary /var/rhn-sat-import/ repository. 
# rm -rf /var/rhn-sat-import
Copy to Clipboard Toggle word wrap

8.3. Synchronization via Export
Copy link

The Red Hat Satellite Exporter (rhn-satellite-exporter) tool exports content listing in an XML format, which a user imports into another Red Hat Satellite. Export the content into a chosen directory with the -d option, transport the directory to another Red Hat Satellite, and use the Satellite Synchronization Tool to import the contents. This synchronizes the two Red Hat Satellites so they contain identical content.
The Red Hat Satellite Exporter provides the following content:
  • Channel Families
  • Architectures
  • Channel metadata
  • Blacklists
  • RPMs
  • RPM metadata
  • Errata
  • Kickstarts
To perform a Red Hat Satellite Exporter export, meet the following prerequisites:
  • A successful Red Hat Satellite installation.
  • Sufficient disk space in the directory specified in the -d option. This directory will contain the exported contents.

8.3.1. Performing an Export
Copy link

Export the current Red Hat Satellite configuration into a backup or storage solution by executing the following command as root: 
# rhn-satellite-exporter -d /var/rhn-sat-export --no-errata --channel [channel_name]
Copy to Clipboard Toggle word wrap
When finished, move the exported directory to another Red Hat Satellite or a storage solution using rsync or scp -r.
The Red Hat Satellite Exporter offers several command line options. To use them, insert the option and appropriate value after the rhn-satellite-exporter command. See the rhn-satellite-exporter manpage for all available options and their meaning.
Select the contents, such as RPMs, errata, or kickstarts, to export using these command line options.
The amount of time it takes rhn-satellite-exporter to export data depends on the number and size of the exported channels. The --no-packages, --no-kickstarts, --no-errata, and --no-rpms options reduce the amount of time required for rhn-satellite-exporter to run, but also prevents export of potentially useful information. For that reason, only use these options when certain the content is not required and can be excluded. Additionally, use the matching options for cdn-sync when importing the data. For example, if you use --no-kickstarts with rhn-satellite-exporter, specify the same --no-kickstarts option when importing the data.
When exporting a Red Hat Network base channel, export the tools channel associated with that base channel. The tools channels contain the auto-kickstart packages, which install packages for kickstarting a machine through the Red Hat Satellite.

8.3.2. Moving Exported Data
Copy link

The following procedure copies the Red Hat Satellite Exporter data onto the local system for import.

Procedure 8.3. Moving Exporter Content

  1. Log into the machine as root.
  2. Create a target directory for the files, such as: 
    # mkdir /var/rhn-sat-import/
    Copy to Clipboard Toggle word wrap
  3. Make the export data available on the local machine in the directory created in the previous step. Either copy the data directly, or mount the data from another machine using NFS. Copy the data into the new directory with the following command: 
    # scp -r root@storage.example.com:/var/rhn-sat-export/* /var/rhn-sat-import
    Copy to Clipboard Toggle word wrap
Now that the data is available, proceed with performing the import.

8.3.3. Performing an Import
Copy link

The following process assumes the user has completed Section 8.3.2, “Moving Exported Data” and copied all data to /var/rhn-sat-import.
  1. List the channels available for import with the command: 
    # satellite-sync --list-channels --mount-point /var/rhn-sat-import
    Copy to Clipboard Toggle word wrap
  2. Initiate the import of a specific channel using a channel label presented in the previous list. Run the following command : 
    # satellite-sync --channel=[channel-label] --mount-point=/var/rhn-sat-import
    Copy to Clipboard Toggle word wrap

    Note

    Importing package data can take up to two hours per channel. Register systems to channels as soon as they appear in the Red Hat Satellite web interface. No packages are necessary for registration, although updates cannot be retrieved from the Satellite until the channel is completely populated.
    Repeat this step for each channel or include them all within a single command by passing each channel label preceded by an additional --channel flag: 
    # satellite-sync --channel=channel-label-1 -c channel-label-2 --mount-point=/var/rhn-sat-import
    Copy to Clipboard Toggle word wrap
  3. The population of channels executes until completion. Verify all of the packages are moved out of the repository with the following command: 
    # cd /var/rhn-sat-import/; ls -alR | grep rpm
    Copy to Clipboard Toggle word wrap
    If all RPMs are installed and moved to their permanent locations, the count appears as zero. If so, remove the temporary /var/rhn-sat-import/ repository. 
    # rm -rf /var/rhn-sat-import
    Copy to Clipboard Toggle word wrap
Inter-Satellite Synchronization (ISS) allows a Satellite to synchronize content and permissions from another Satellite instance in a peer-to-peer relationship. However, in the following section, a Satellite who receives content will be referred to as a "Slave Satellite" and a Satellite who acts as the source where the content is pulled is called a "Master Satellite". When using ISS to synchronize content, the Slave Satellite instance may have a different setup from that of the Master for non-content entities such as Users and Organizations. The Satellite Administrator on the Slave instance is free to add, remove, and change entities independently from what occurs on the Master instance.

Note

Master and Slave are legacy terms that carry connotations that are not enforced by the ISS protocol. Please keep their restricted meanings, as described above, in mind while studying this section.
The ISS feature can be used in different ways depending on the needs of the organization. There are ISS configurations where two Satellites may act as both masters and slaves of each other. This section contains a section on use cases, and how best to set up ISS to suit your organization.

ISS Requirements

The following are the required conditions to be able to use ISS:
  • Two or more Red Hat Satellite servers
  • At least one Red Hat Satellite populated with at least one channel
  • Satellite Administrator privileges on all Satellite systems intended for ISS

9.1. Inter-Satellite Synchronization
Copy link

ISS can be configured manually or by a new tool called spacewalk-sync-setup. Both methods are effective, and it would be left to the user's choice on which one to use.

9.1.1. Manual Configuration
Copy link

Procedure 9.1. Configuring the Master Satellite Server

With Satellite 5, ISS allows the Slave Satellite to duplicate the organizational trust hierarchy and the custom channel permissions from the settings configured on the master. This is accomplished by exporting information about specific organizations from the Master Satellite to the receiving Slave Satellite. The Satellite Administrator on the Slave Satellite can then choose to map the Master Organizations to specific Slave Organizations. Future satellite-sync operations use this information to assign custom channel ownership to the Slave Organization which is mapped to a specific Master Organization. It can also map the trust relationships between the exposed Master Organization to matching Slave Organizations, creating the equivalent relationships on the Slave.
  1. On the Web Interface:
    1. Log in as the Satellite Administrator.
    2. Click AdminISS ConfigurationMaster Setup.
    3. On the top right-hand corner, click Add New Slave.
    4. Fill in the following information:
      • Slave Fully Qualified Domain Name (FQDN)
      • Allow Slave to Sync? - Choosing this field will allow the Slave Satellite to access this Master Satellite. Otherwise, contact with this Slave will be denied.
      • Sync all orgs to Slave? - Checking this field will synchronize all organizations to the Slave Satellite.

      Note

      Choosing the Sync All Orgs to Slave? option on the Master Setup page will override any specifically selected organizations in the Local Organization table below.
    5. Click Create.
    6. (Optional) Click on any local organization to be exported to the Slave Satellite.
    7. Click Allow Orgs.

      Note

      In Satellite 5.5 and previous versions, the Master Satellite used the iss_slaves parameter in the /etc/rhn/rhn.conf file to identify which slaves could contact the Master Satellite. Satellite 5.6 and later uses the information in the Master Setup page to determine this information.
  2. On the Command Line:
    1. Enable the inter-satellite synchronization (ISS) feature in the /etc/rhn/rhn.conf file: 
      disable_iss=0
      Copy to Clipboard Toggle word wrap
    2. Save the configuration file, and restart the httpd service: 
      service httpd restart
      Copy to Clipboard Toggle word wrap

Procedure 9.2. Configuring Slave Servers

Slave Satellite servers are the machines that will receive content synchronized from the master server.
  1. In order to securely transfer content to the slave servers, the ORG-SSL certificate from the master server is needed. The certificate can be downloaded over HTTP from the /pub/ directory of any satellite. The file is called RHN-ORG-TRUSTED-SSL-CERT, but can be renamed and placed anywhere in the local filesystem of the slave, such as the /usr/share/rhn/ directory.
  2. Log in to the Slave Satellite as the Satellite Administrator.
  3. Click AdminISS ConfigurationSlave Setup.
  4. On the top right-hand corner, click Add New Master.
  5. Fill in the following information:
    • Master Fully-Qualified Domain Name
    • Default Master?
    • Filename of this Master's CA Certificate - Use the full path of the CA Certificate downloaded in the initial step of this procedure.
  6. Click Add New Master.

Procedure 9.3. Performing an Inter-Satellite Synchronization

Once the master and slave servers are configured, a synchronization can be performed between them.
  • Begin the synchronization by running the satellite-sync command: 
    satellite-sync -c your-channel
    Copy to Clipboard Toggle word wrap

    Note

    Command line options that are manually provided with the satellite-sync command will override any custom settings in the /etc/rhn/rhn.conf file.

Procedure 9.4. Mapping the Master Satellite's Exported Organizations to the Slave Satellite's Organizations

Prerequisite

After following the procedures preceding this one, the Master Satellite should show up in the Slave Satellite's Slave Setup under AdminISS ConfigurationSlave Setup. If it does not, please re-check the steps above.

A mapping between organizational names on the master Satellite allows for channel access permissions to be set on the Master Satellite and propagated when content is synced to a Slave Satellite. Not all organization and channel details need to be mapped for all Slave Satellites, Satellite administrators can select which permissions and organizations can be synchronized by allowing or omitting mappings.
To complete the mapping, follow this procedure on the Slave Satellite:
  1. Log in as the Satellite Administrator.
  2. Click on AdminISS ConfigurationSlave Setup.
  3. Select a Master Satellite by clicking on it's name.
  4. Use the drop-down box to map the exported master organization name to a matching local organization in the Slave Satellite.
  5. Click Update Mapping.
  6. On the command line, issue the satellite-sync on each of the custom channels to obtain the correct trust structure and channel permissions: 
    satellite-sync -c your-channel
    Copy to Clipboard Toggle word wrap

9.1.2. Automated Configuration
Copy link

spacewalk-sync-setup allows users to specify a Master and Slave Satellite instance and uses configuration files to set up the information described in both the Master and Slave setup. It can create a set of default configuration files if requested. Essentially, it automates the previously setup and mapped configuration for Master-Slave relationships.
Prerequisites

In order for automated configuration to succeed:

  • The spacewalk-utils package needs to be installed on the system that will issue the command spacewalk-sync-setup.
  • Existing organizations with custom permissions on the Master Satellite must be present.
  • Existing organizations within the Slave Satellite must be present.

Procedure 9.5. Configuring the Master Satellite Server

  1. Enable the inter-satellite synchronization (ISS) feature in the /etc/rhn/rhn.conf file: 
    disable_iss=0
    Copy to Clipboard Toggle word wrap
  2. Save the configuration file, and restart the httpd service: 
    service httpd restart
    Copy to Clipboard Toggle word wrap

Procedure 9.6. Configuring Slave Servers

Slave Satellite servers are the machines that will have their content synchronized to the master server.
  1. In order to securely transfer content to the slave servers, the ORG-SSL certificate from the master server is needed. The certificate can be downloaded over HTTP from the /pub/ directory of any satellite. The file is called RHN-ORG-TRUSTED-SSL-CERT, but can be renamed and placed anywhere in the local filesystem of the slave, such as the /usr/share/rhn/ directory.
  2. Log in to the Slave Satellite as the Satellite Administrator.
  3. Click AdminISS ConfigurationSlave Setup.
  4. On the top right-hand corner, click Add New Master.
  5. Fill in the following information:
    • Master Fully-Qualified Domain Name
    • Default Master?
    • Filename of this Master's CA Certificate - Use the full path of the CA Certificate downloaded in the initial step of this procedure.
  6. Click Add New Master.

Procedure 9.7. Mapping Master Satellite Organizations to Slave Satellite Organizations with spacewalk-sync-setup

  1. Log in to a system. It does not matter if it is a Master Satellite, a Slave Satellite or a different system altogether, as long as the system can access the public XMLRPC API of the Master and Slave Satellites.
  2. Issue the spacewalk-sync-setup on a command line interface: 
    spacewalk-sync-setup --ms=[Master_FQDN] \
--ml=[Master_Sat_Admin_login] \
--mp=[Master_Sat_Admin_password] \
--ss=[Slave FQDN]  --sl=[Slave_Sat_Admin_login] \
--sp=[Slave_Sat_Admin_password> \
--create-templates --apply
    Copy to Clipboard Toggle word wrap
    Where:
    • --ms=MASTER, --master-server=MASTER is the FQDN of the Master to connect to
    • --ml=MASTER_LOGIN, --master-login=MASTER_LOGIN is the Satellite Administrator login for the Master Satellite
    • --mp=MASTER_PASSWORD, --master-password=MASTER_PASSWORD is the password for the Satellite Administrator login on the Master Satellite
    • --ss=SLAVE, --slave-server=SLAVE is the FQDN of the Slave Satellite to connect to.
    • --sl=SLAVE_LOGIN, --slave-login=SLAVE_LOGIN is the Satellite Administrator login for the Slave Satellite
    • --sp=SLAVE_PASSWORD, --slave-password=SLAVE_PASSWORD is the password for the Satellite Administrator login on the Slave Satellite
    • --ct, --create-templates is the option that creates both a master and a slave setup file for the master/slave pair we've pointed at
    • --apply tells the Satellite instances to make the changes specified by the setup files to the specified Satellite instances

    Note

    For more setup options: 
    spacewalk-sync-setup --help
    Copy to Clipboard Toggle word wrap
    The output from this command will be as follows: 
    INFO: Connecting to [admin@master-fqdn]
INFO: Connecting to [admin@slave-fqdn]
INFO: Generating master-setup file $HOME/.spacewalk-sync-setup/master.txt
INFO: Generating slave-setup file $HOME/.spacewalk-sync-setup/slave.txt
INFO: Applying master-setup $HOME/.spacewalk-sync-setup/master.txt
INFO: Applying slave-setup $HOME/.spacewalk-sync-setup/slave.txt
    Copy to Clipboard Toggle word wrap
  3. On the command line, issue the satellite-sync command on each of the custom channels to obtain the correct trust structure and channel permissions: 
    satellite-sync -c your-channel
    Copy to Clipboard Toggle word wrap

9.2. Organizational Synchronization
Copy link

Inter-Satellite Synchronization can also be used to import content to any specific organization. This can be done locally or by using remote synchronization. This function is useful for a disconnected satellite with multiple organizations, where content is retrieved through channel dumps or by exporting from connected satellites and then importing it to the disconnected satellite. Organizational synchronization can be used to export custom channels from connected satellites. It can also be used to effectively move content between multiple organizations.
Organizational synchronization follows a clear set of rules in order to maintain the integrity of the source organization:
  • If the source content belongs to the NULL organization (that is, it is Red Hat content) it will default to the NULL organization even if a destination organization is specified. This ensures that specified content is always in the privileged NULL organization.
  • If an organization is specified at the command line, content will be imported from that organization.
  • If no organization is specified, it will default to organization 1.
The following are three example scenarios where organizational IDs (orgid) are used to synchronize satellites:

Example 9.1. Import Content from Master to Slave Satellite

This example imports content from master to slave satellite: 
satellite-sync --parent-sat=master.satellite.example.com -c channel-name --orgid=2
Copy to Clipboard Toggle word wrap

Example 9.2. Import Content from an Exported Dump of an Organization

This example imports content from an exported dump of a specific organization: 
$ satellite-sync -m /dump -c channel-name --orgid=2
Copy to Clipboard Toggle word wrap

Example 9.3. Import Content from Red Hat Network Hosted

This example imports content from Red Hat Network Hosted (assuming the system is registered and activated): 
$ satellite-sync -c channel-name
Copy to Clipboard Toggle word wrap

9.3. Inter-Satellite Synchronization Use Cases
Copy link

Inter-Satellite Synchronization (ISS) can be used in several different ways, depending on the needs of the organization. This section provides examples of how ISS can be used and the methods for setting up and operating these cases.

Example 9.4. Staging Satellite

This example uses one Satellite as a staging Satellite to prepare content and perform quality assurance on the packages to ensure they are fit for production use. When content is approved to go to production, the production satellite can synchronize the content from the stage satellite.
Staging Satellite
View larger image
Staging Satellite

Figure 9.1. Staging Satellite

Syncing from Red Hat Network Hosted and a Satellite Staging Server
View larger image
Syncing from Red Hat Network Hosted and a Satellite Staging Server

Figure 9.2. Syncing from Red Hat Network Hosted and a Satellite Staging Server

  1. Run the satellite-sync command to synchronize data with rhn_parent (usually Red Hat Network Hosted): 
    satellite-sync -c your-channel
    Copy to Clipboard Toggle word wrap
  2. Run the following command to synchronize data from the staging server: 
    satellite-sync --iss-parent=staging-satellite.example.com -c custom-channel
    Copy to Clipboard Toggle word wrap

Example 9.5. Synchronized Slaves

In this example, the master satellite provides data directly to the slaves and changes are regularly synchronized.
Slave Satellites are maintained exactly as the master
View larger image
Slave Satellites are maintained exactly as the master

Figure 9.3. Slave Satellites are maintained exactly as the master

Example 9.6. Slave Custom Content

This example uses the master satellite as a development channel, from which content is distributed to all production slave satellites. Some of the slave satellites have extra content that is not present in the master satellite channels. These packages are preserved, but all changes from the master satellite are synchronized to the slaves.
Slave Satellites that retain their own custom content
View larger image
Slave Satellites that retain their own custom content

Figure 9.4. Slave Satellites that retain their own custom content

Example 9.7. Bi-directional synchronization

In this environment, two Red Hat Satellite servers act as both master and salve to each other and can synchronize content between them. The Satellite server where the command satellite-sync is run will pull the content from the other Satellite server and the synchronized data will depend on the options run with satellite-sync. Without any options, the synchronization will attempt to update everything that was previously synchronized.
Bi-directional synchronization
View larger image
Bi-directional synchronization

Figure 9.5. Bi-directional synchronization

See Section 9.1.1, “Manual Configuration” for configuring a Master Satellite. Configuring both Satellite servers as a Master will create a bi-directional sync.

Chapter 10. Upgrades
Copy link

This chapter examines how to upgrade a pre-existing Red Hat Satellite to Satellite 5.8. The upgrade workflow consists of the following high-level steps. Each step is described in more detail.
  1. Complete the upgrade requirements.
  2. Perform the upgrade.
  3. Optionally, complete the post-installation tasks.

10.1. Upgrade Requirements
Copy link

Before proceeding with the Satellite 5 upgrade, the following requirements must be met.

10.1.1. Content Synchronization Changes
Copy link

From Red Hat Satellite 5.8, the tool used to synchronize content depends on the content source. If content is being synchronized from the Red Hat Content Delivery Network (CDN) via the Internet, the Content Delivery Network Synchronization (cdn-sync) tool is used. If content is being synchronized from Red Hat Network Channel Content ISOs, or from one Satellite instance to another Satellite instance, the Satellite Synchronization (satellite-sync) tool is used. The sections in this chapter explain the use of each tool and its use with each content source type. The new tool was introduced with Red Hat Satellite 5.8 because of the retirement of the Red Hat Network.
If you have scheduled synchronization of content, such as with cron, review and amend those scheduled jobs as necessary. To ease the transition, the cdn-sync and satellite-sync tools have many of the same parameters, but they are not equivalent. For further details of each tool, see Chapter 8, Content and Synchronization.

10.1.2. Backup the Satellite 5 Instance
Copy link

Ensure you have a means of recovering the Satellite 5 instance as it was, prior to the upgrade. If the Satellite 5 instance is on a virtual machine, take a snapshot. If it is on a physical host, take a full backup of the Satellite 5 instance, its database, and the underlying operating system. If the Satellite database is hosted on a Managed Database instance, take the same backup measures as for the Satellite 5 server.

10.1.3. PostgreSQL Upgrade
Copy link

For the Embedded Database and Managed Database configurations, the Satellite installation program will upgrade PostgreSQL to version 9.5. For the External Database configuration it is recommended, but not required, that PostgreSQL be upgraded to version 9.5.

10.1.4. Confirming Database Disk Space
Copy link

Changes occur in the Satellite database during the upgrade process. Before starting the upgrade, confirm the available disk space at least matches the current size of the existing PostgreSQL data directory.

Procedure 10.1. Confirm Database Disk Space

  1. Calculate the disk space occupied by the embedded database.
    1. For Satellite 5.6
      The embedded database is stored in directory /var/lib/pgsql. After the upgrade, the embedded database will be stored in directory /var/opt/rh/rh-postgresql95/lib/pgsql. 
      # du --summarize -h /var/lib/pgsql
      Copy to Clipboard Toggle word wrap
      Example output of the du command. 
      81M	/var/lib/pgsql
      Copy to Clipboard Toggle word wrap
    2. For Satellite 5.7
      The embedded database is stored in directory /opt/rh/postgresql92/root/var/lib/pgsql. After the upgrade, the embedded database will be stored in directory /var/opt/rh/rh-postgresql95/lib/pgsql. 
      # du --summarize -h /opt/rh/postgresql92/root/var/lib/pgsql
      Copy to Clipboard Toggle word wrap
      Example output of the du command. 
      81M	/opt/rh/postgresql92/root/var/lib/pgsql
      Copy to Clipboard Toggle word wrap
  2. Confirm the available disk space in the embedded database's location for Satellite 5.8. 
    # df -h /var
    Copy to Clipboard Toggle word wrap
    Example output of the df command. 
    Filesystem    Size  Used Avail Use% Mounted on
/dev/mapper/vg_testhost01-lv_root
              50G  3.4G   44G   8% /
    Copy to Clipboard Toggle word wrap
  3. Compare the disk space occupied by the embedded database and the available disk space. If the available disk space is less than the total disk space occupied by the embedded database, do not proceed until this has been corrected.

10.1.5. Downloading a Satellite 5.8 Manifest
Copy link

In previous versions of Red Hat Satellite 5, details of product subscriptions were contained in a Satellite certificate. You downloaded a certificate from the Red Hat Customer Portal and imported it into Satellite. From Satellite 5.8, all subscriptions are hosted by Red Hat Subscription Manager, replacing Red Hat Network. Instead of a certificate, a manifest file takes the place of the certificate in Satellite 5.8. This file's format is specific to Satellite 5.8 and contains details of product subscriptions.

Procedure 10.2. Download a Satellite 5.8 Manifest

  1. Log on to the Customer Portal and click Subscriptions.
  2. Click Satellite Organizations.
  3. Click Satellite.
  4. Click the name of the Satellite instance to be upgraded.
  5. Select Satellite 5.8 from the Version: drop-down list, and click Update.
  6. Click Download manifest and save the manifest file.
  7. Copy the manifest file to the Satellite 5 host which is being upgraded. 
    # scp manifest_file.zip root@satellite.example.com:/root
    Copy to Clipboard Toggle word wrap

10.1.6. Downloading Satellite 5.8 ISO
Copy link

The Satellite 5.8 installation media is available for download from the Red Hat Customer Portal in ISO format.

Procedure 10.3. Download the Installation Media

  1. Log on to the Customer Portal.
  2. Click Downloads.
  3. Click Red Hat Satellite.
  4. Select 5.8 for RHEL 6 from the Versions drop-down list.
  5. Select x86_64 or s390x from the Architecture list.
  6. Download the Red Hat Satellite 5.8 Binary DVD.
  7. Depending on your upgrade requirements, either burn the DVD ISO image to DVD media, or copy it to the host on which Red Hat Satellite will be installed.
    Run the following command on the host containing the DVD ISO image to copy it to the Satellite host. In this example, the ISO image is copied to the directory /root. 
    # scp satellite.iso root@satellite.example.com:/root
    Copy to Clipboard Toggle word wrap
    If you will be upgrading Red Hat Satellite from a DVD, burn the download ISO image to a writeable DVD.
Red Hat Network is nearing end of life, so existing Red Hat Satellite 5 installations must be migrated to Red Hat Subscription Management. Before the existing Satellite 5 instance is upgraded, complete the migration. For full details, see Chapter 11, Migrating from RHN to RHSM.

10.2. Upgrading to Satellite 5.8
Copy link

Once you have completed the upgrade requirements, proceed with the upgrade. The upgrade consists of the following steps.
  1. Mount the Satellite 5.8 installation media.
  2. Install the Satellite 5.8 upgrade package.
  3. Complete the upgrade instructions.

10.2.1. Mounting the Installation Media
Copy link

Once you have obtained a version of the Red Hat Satellite 5 installation media, mount the disc or ISO image on the server chosen to host Red Hat Satellite.

Procedure 10.4. Mounting from a disc

  1. Log into the machine as root.
  2. Insert the Red Hat Satellite Server CD or DVD containing the installation files.
  3. Red Hat Enterprise Linux might automount the disc. If so, it mounts the disc to the /media/cdrom/ directory. If Red Hat Enterprise Linux does not automount the disc, manually mount it to the /media/cdrom/ directory with the following command: 
    # mkdir /media/cdrom
# mount /dev/cdrom /media/cdrom
    Copy to Clipboard Toggle word wrap

Procedure 10.5. Mounting from an ISO image

  1. Log into the machine as root.
  2. Download the ISO image from the Red Hat Network website.
  3. Mount the ISO image to a location on your filesystem: 
    # mkdir /media/cdrom
# mount -o loop iso_filename /media/cdrom
    Copy to Clipboard Toggle word wrap

10.2.2. Performing the Satellite 5.8 Upgrade
Copy link

Install the latest rhn-upgrade package on your Red Hat Satellite 5 server. This installs scripts and a comprehensive set of upgrade instructions.
If Satellite is in connected mode, install the rhn-upgrade package directly from the Red Hat CDN. 
# yum install rhn-upgrade
Copy to Clipboard Toggle word wrap
If Satellite is in disconnected mode, or the rhn-upgrade RPM package was not available, download it manually from the Red Hat CDN, then install it.

Procedure 10.6. Download and Install Red Hat Satellite 5 Upgrade Package

Note

Complete this procedure on a computer which has access to the Red Hat Customer Portal.
  1. Log on to the Customer Portal and click Downloads.
  2. From the Product list, click Red Hat Satellite.
  3. Select the Product Variant, Version and Architecture which match the current, installed instance of Satellite. For example, Red Hat Satellite, 5.6 for RHEL 6, and x86_64.
  4. Click Packages and enter upgrade in the Search field.
  5. Click Download Latest beside the rhn-upgrade package, and download it.
  6. Copy the rhn-upgrade.rpm package to the Satellite server.
    If you have network access to the Satellite server from this computer, use the scp tool. In this example, the package is copied to the /root directory. 
    # scp rhn-upgrade.rpm root@satellite.example.com:/root
    Copy to Clipboard Toggle word wrap
    If you do not have network access to the Satellite server from this computer, copy the package to local media, transport the media to the Satellite server, and copy it from there.
  7. On the Satellite server, navigate to the directory containing the rhn-upgrade.rpm package, and install it. 
    # yum localinstall rhn-upgrade.rpm
    Copy to Clipboard Toggle word wrap
View the file /etc/sysconfig/rhn/satellite-upgrade/README, and follow the instructions it contains. It refers to other files which contain detailed instructions for specific scenarios.

10.3. Post-installation Tasks
Copy link

After Satellite has been upgraded, optionally configure the installation to be compliant with FIPS 140-2 standard, and remove unused versions of Java runtime. You can choose to complete either, or both tasks, depending on your requirements.

10.3.1. Configuring for FIPS 140-2 Compliance
Copy link

Red Hat Satellite 5.7 introduced support for Federal Information Processing Standard (FIPS) 140-2, which is a US Government standard for accrediting cryptographic modules. This support includes the following changes:
  • User passwords, previously encrypted with MD5 method, will be encrypted with SHA-256 algorithm
  • Client certificates (/etc/sysconfig/rhn/systemid), which the registered systems use to authenticate with the parent server, are changed from MD5 to SHA-256 encryption
New Red Hat Satellite installations on FIPS 140-2 enabled systems do not require any manual changes. Satellite will use FIPS 140-2 standards automatically.
However, if upgrading a system and you intend to enable FIPS 140-2, you must first update existing user passwords and client certificates using MD5 encryption.

Procedure 10.7. Updating User Passwords

  1. Export a list of users with MD5-encrypted passwords: 
    # spacewalk-report users-md5 > users-md5.csv
    Copy to Clipboard Toggle word wrap
  2. Change the password of each user using the following for loop: 
    # for i in $(cat users-md5.csv | awk -F, 'NR>1 { print $4 }'); do
      echo "Changing password for user $i";
      satpasswd $i;
      echo;
done
    Copy to Clipboard Toggle word wrap
    Alternatively, instruct all users in the file users-md5.csv to log into Satellite's Web UI. Satellite will automatically change their passwords in the database to use SHA-256.

Procedure 10.8. Updating Client Certificates

  1. Export a list of client systems using certificates using MD5-encryption: 
    # spacewalk-report system-md5-certificates > system-md5-certificates.csv
    Copy to Clipboard Toggle word wrap
  2. Use the spacewalk-fips-tool to schedule an update of systems in an organization. You need to repeat this process for each organization in your Satellite environment. First use the following commands for organization with ID 1: 
    # ORG_ID=1
# for system in $(awk -F, "NR>1 { if (\$3 == $ORG_ID) print \$1 }" system-md5-certificates.csv); do systems="$systems $system"; done
# spacewalk-fips-tool -i -u admin -d "2014-12-01 14:00:00" -o /tmp/scheduled-installations.csv $systems
    Copy to Clipboard Toggle word wrap
    This schedules the installation of packages requires for the certificate update on December 1, 2014 at 2pm.
    Next, Either run rhn_check -v on each client or wait until osad picks up the event.
    Finally, use the spacewalk-fips-tool again to schedule an update of certificates: 
    # ORG_ID=1
# for system in $(awk -F, "NR>1 { if (\$3 == $ORG_ID) print \$1 }" system-md5-certificates.csv); do systems="$systems $system"; done
# spacewalk-fips-tool -c -u admin -d "2014-12-01 14:00:00" -o /tmp/scheduled-installations.csv $systems
    Copy to Clipboard Toggle word wrap
  3. Repeat this process for each organization ID.
Once the passwords and client certificates are updated, enable FIPS 140-2 on your Satellite server's operating system.

10.3.2. Removing Redundant Java Versions
Copy link

The Satellite upgrade process includes upgrades to several prerequisites, including the Java runtime. The previous versions of Java runtime remain installed, but are redundant. If you would prefer to reclaim the disk space occupied by these versions, remove the packages.
For example, on a Satellite 5.8 installation which had been upgraded from Satellite 5.6, the following Java runtime packages could be removed. 
# yum remove java-1.6.0-ibm java-1.7.1-ibm
Copy to Clipboard Toggle word wrap

Chapter 11. Migrating from RHN to RHSM
Copy link

Red Hat Network (RHN) is to be decommissoned, and this has an impact on existing Red Hat Satellite 5 installations. All Red Hat Enterprise Linux systems must have their registration migrated to Red Hat Subscription Management (RHSM). For Satellite 5 installations, this requires the registration of the Satellite 5 system be migrated, possibly also the registration of the Managed Database system. This chapter provides the instructions for migrating the registration of an existing Red Hat Satellite 5 installation to RHSM.
Red Hat Satellite 5 currently requires access to RHN for both registration and content hosting. When a system is registered to RHN, a system ID is created. The system authenticates to Red Hat Network with its system ID, entitling it to receive updates, errata, and synchronize content. Without a valid system ID, a system cannot receive updates or synchronize content.
Before RHN is decommissoned, Satellite 5 systems must have their registration migrated to RHSM. When a system is migrated from RHN to RHSM, the system ID is deleted, and replaced with a subscription management UUID. Satellite 5 systems whose registration has been migrated to RHSM continue to synchronize content with RHN.
Red Hat Satellite 5 can be installed in one of several configurations: embedded database, managed database, and external database. All configurations require the Satellite 5 host's registration to be migrated. In the managed database configuration, if the Managed Database host is registered with RHN, its registration must also be migrated. If the Managed Database host is registered to the Satellite server, no subscription migration is required. Hosts managed by Satellite 5 continue to get their subscriptions and content from the Satellite server.

Warning

Registration migration from Red Hat Network to Red Hat Subscription Manager is a one-way process. Red Hat recommends you take a complete backup of the Satellite 5 system prior to proceeding.
To migrate the Satellite 5 host's registration, complete the following procedures, in order.
  1. Upgrade the Satellite 5 database schema (if required).
  2. Remove the Satellite 5 registration from Red Hat Network.
  3. Migrate the Satellite 5 subscription to Red Hat Subscription Management.
To migrate the Managed Database host's registration, complete the following procedures.

Note

If the Managed Database host is registered to the Satellite server, its subscription does not need to be migrated to Red Hat Subscription Manager.
  1. Remove the Satellite 5 registration from Red Hat Network.
  2. Migrate the Satellite 5 subscription to Red Hat Subscription Management.

Procedure 11.1.  Upgrading the Satellite 5 Database Schema

Before proceeding with the migration, it is important that the Satellite 5 database schema be up to date.
  • On the Satellite 5 server, list packages for which updates are applicable. 
    # yum check-update
    Copy to Clipboard Toggle word wrap
    If there is an update pending for the satellite-schema package, complete the procedure detailed in How do I upgrade the database schema of a Red Hat Satellite server?.

Procedure 11.2.  Removing the Satellite 5 Host's Subscription from Red Hat Network

The Satellite 5 subscription must be removed from Red Hat Network so that the subscription can be applied via Red Hat Subscription Manager.
  1. Open a web browser, log into the Red Hat Customer Portal, click Subscriptions, click Satellite in the list of Subscription Management Applications, then click on the Satellite tab.
  2. Find the desired Satellite instance in the list, and click on the host name.
    Details of the Satellite 5 Subscription
    View larger image
    Details of the Satellite 5 Subscription

    Figure 11.1. Details of the Satellite 5 Subscription

  3. Click the check box beside the Red Hat Satellite subscription to be migrated, click Remove Selected, then click Remove to confirm.

    Warning

    Remove only the Red Hat Satellite subscription. All other subscriptions must remain.
    The successful removal of the Red Hat Satellite subscription is confirmed by the message: The subscription(s) you selected have been removed.
  4. In the Version drop-down list, select the version of Satellite 5 which you are currently running.
  5. Click Download Satellite Certificate and save the certificate file locally.
    The Satellite 5 entitlement certificate, contained in the file downloaded, is required in Procedure 11.3, “ Migrating the Satellite 5 Host's Registration ”.

Procedure 11.3.  Migrating the Satellite 5 Host's Registration

Prerequisites
  • Red Hat Network username and password.
  1. On the Satellite 5 server, ensure that all packages are current. 
    # yum update
    Copy to Clipboard Toggle word wrap
  2. Confirm the version of the spacewalk-backend package is at version 2.0.3-42 or higher.

    Note

    If this is the Managed DB host, skip this step. 
    # rpm -q spacewalk-backend
spacewalk-backend-2.0.3-42.el6sat.noarch
    Copy to Clipboard Toggle word wrap

    Warning

    If version 2.0.3-42 (or higher) of spacewalk-backend package is not available, or cannot be installed, do NOT proceed with the migration. Contact Red Hat Support for assistance.
  3. Install the packages subscription-manager and subscription-manager-migration.
    The subscription-manager-migration package contains the Satellite 5 subscription script. 
    # yum install subscription-manager
# yum install subscription-manager-migration
    Copy to Clipboard Toggle word wrap
  4. Record the Red Hat Network username which was used to register the Red Hat Enterprise Linux instance. This username and its password is required in the next step. 
    # grep -A1 name\>username /etc/sysconfig/rhn/systemid
    Copy to Clipboard Toggle word wrap
    In this example, the username is admin@example.com. 
    <name>username</name>
<value><string>admin@example.com</string></value>
    Copy to Clipboard Toggle word wrap
  5. Run the Satellite 5 Red Hat Network to Red Hat Subscription Manager migration script. 
    # rhn-migrate-classic-to-rhsm
Legacy username: Red Hat Network username
Legacy password:  Red Hat Network password
    Copy to Clipboard Toggle word wrap
    The Legacy username and Legacy password are the same credentials which were used to register the server to Red Hat Network. The username was obtained in the prior step.
    Example output from rhn-migrate-classic-to-rhsm. 
    Retrieving existing legacy subscription information...

+-----------------------------------------------------+
System is currently subscribed to these legacy channels:
+-----------------------------------------------------+
rhel-x86_64-server-6
redhat-rhn-satellite-5.6-server-x86_64-6

+-----------------------------------------------------+
Installing product certificates for these legacy channels:
+-----------------------------------------------------+
rhel-x86_64-server-6
redhat-rhn-satellite-5.6-server-x86_64-6

Product certificates installed successfully to /etc/pki/product.

Preparing to unregister system from legacy server...
System successfully unregistered from legacy server.

Attempting to register system to destination server...
Registering to: subscription.rhsm.redhat.com:443/subscription
The system has been registered with ID: 284e025c-4a60-4084-b49c-4cb26fd7cf93

Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed

Product Name: Red Hat Satellite
Status:       Subscribed

System 'satellite.example.com' successfully registered.
    Copy to Clipboard Toggle word wrap
    The message System 'satellite.example.com' successfully registered. confirms that the Satellite 5 system's migration to Red Hat Subscription Manager has been successful. In this example, the Satellite 5 server has been given a Red Hat Subscription Management UUID of 284e025c-4a60-4084-b49c-4cb26fd7cf93.
  6. Disable all repositories. 
    # subscription-manager repos --disable '*'
    Copy to Clipboard Toggle word wrap
  7. Enable only those repositories required by Satellite 5.
    For Red Hat Enterprise Linux 6 
    # subscription-manager repos --enable rhel-6-server-rpms
# subscription-manager repos --enable=rhel-6-server-satellite-5.8-rpms
    Copy to Clipboard Toggle word wrap
  8. Reactivate the Satellite 5 instance.

    Note

    If this is the Managed DB host, skip this step.
    The rhn-satellite-activate command requires the certificate downloaded in Procedure 11.2, “ Removing the Satellite 5 Host's Subscription from Red Hat Network ”. In this example, the certificate was saved in file Satellite-5.cert. 
    # rhn-satellite-activate -vvv --rhn-cert=Satellite-5.cert
RHN_PARENT: satellite.rhn.redhat.com
    Copy to Clipboard Toggle word wrap
    When the Satellite Server is reactivated, you may see the following error message. This is expected, and can be safely ignored, because the systemid file is the Red Hat Network system ID. The system ID file is deleted when the host's registration is migrated to Red Hat Subscription Manager. 
    ERROR: Server not registered? No systemid: /etc/sysconfig/rhn/systemid
    Copy to Clipboard Toggle word wrap
  9. Optionally, if Satellite is installed on Red Hat Enterprise Linux 6, remove those packages which were previously used to communicate with Red Hat Network.

    Warning

    Do not remove these packages if Satellite is installed on Red Hat Enterprise Linux 5. Removing these packages from Red Hat Enterprise Linux 5 will result in the failure of Satellite. 
    # yum remove yum-rhn-plugin rhn-check rhn-setup rhnsd
    Copy to Clipboard Toggle word wrap

Chapter 12. Maintenance
Copy link

A Red Hat Satellite requires periodic maintenance. This chapter discusses administrative functions outside of standard use, including how to apply patches to the Red Hat Satellite Server.
Red Hat Satellite consists of several individual services. Red Hat provides a command line tool (rhn-satellite) to stop, start, or retrieve status information from these various services. This tool accepts all of the standard service commands: 
/usr/sbin/rhn-satellite start
/usr/sbin/rhn-satellite stop
/usr/sbin/rhn-satellite restart
/usr/sbin/rhn-satellite reload
/usr/sbin/rhn-satellite enable
/usr/sbin/rhn-satellite disable
/usr/sbin/rhn-satellite status
Copy to Clipboard Toggle word wrap
Use rhn-satellite to control Red Hat Satellite's operation and retrieve status messages from all services at once.

12.2. Performing Critical Updates to the Server
Copy link

Red Hat releases critical updates to Red Hat Satellite in the form of an Erratum.
For Red Hat Satellite systems connected to the Internet, apply these errata updates using the Red Hat Update Agent with Red Hat Network. Since the Red Hat Satellite is subscribed to Red Hat Network during initial installation, run the yum update on the Red Hat Satellite or use the website at https://access.redhat.com to apply the updates.

Important

Apache RPMs do not restart the httpd service upon installation. Conducting a full update of the Red Hat Satellite Server (such as with the command yum update) might cause Apache to fail. To avoid this, make sure to restart the httpd service after upgrading it.
Use the following procedure to perform a package update within the same version of Satellite:

Procedure 12.1. Performing Critical Updates to the Server

  1. Stop the satellite services. Keep the database running during the upgrade with 
    # rhn-satellite stop --exclude postgresql
    Copy to Clipboard Toggle word wrap
  2. Take a backup of the satellite's database in a working state. Run the following command and replace the [FILENAME] option with the full path to the backup file that you want to create. This location needs to be writable by the PostgreSQL user: 
    # db-control online-backup FILENAME
    Copy to Clipboard Toggle word wrap
  3. Apply the updates: 
    # yum update
    Copy to Clipboard Toggle word wrap
    Apply all Satellite updates. Updating the schema without updating the rest of the Satellite components can cause issues with the Satellite database.
  4. Update the database schema using spacewalk-schema-upgrade command. 
    # spacewalk-schema-upgrade
    Copy to Clipboard Toggle word wrap
    This process will update your database schema to latest version. The spacewalk-schema-upgrade command will inform you with the results of the upgrade and exact locations of schema upgrade log files. To double-check if the schema update passed, run the following commands: 
    # rpm -q satellite-schema
# rhn-schema-version
    Copy to Clipboard Toggle word wrap
    If the outputed versions match, continue with the process. Otherwise restore the database with db-control restore /path/to/backup.
  5. Restart Red Hat Satellite: 
    # rhn-satellite start --exclude postgresql
    Copy to Clipboard Toggle word wrap
  6. Clear the search index: 
    # service rhn-search cleanindex
    Copy to Clipboard Toggle word wrap
    It is recommended to clean the search index. The above command triggers the creation of a new one, which in most cases completes within thirty minutes to an hour. You might experience issues with the search features of Satellite 5 if you do not clean the index.
For Red Hat Satellite systems not connected to the Internet, retrieve the packages using a customer account at https://access.redhat.com. Then, apply these packages manually according to instructions in the Errata Advisory.

Warning

It is very important to read the Errata Advisory before applying any Red Hat Satellite Errata Updates. Some Errata Advisories require additional configuration steps to apply certain Red Hat Satellite updates, especially updates to the database. In such cases, the Advisory contains specific and detailed information about necessary steps required.

12.3. Changing the Red Hat Satellite Hostname
Copy link

If you need to change the hostname or IP address of your Red Hat Satellite server, the spacewalk-utils package contains the spacewalk-hostname-rename script.
To use the spacewalk-hostname-rename script, you must first ensure that you know your SSL CA passphrase by performing the following command: 
# openssl rsa -in path/RHN-ORG-PRIVATE-SSL-KEY
Copy to Clipboard Toggle word wrap
Enter passphrase when prompted.
spacewalk-hostname-rename requires one mandatory argument, which is the IP address of the Red Hat Satellite server, regardless of whether the IP address will change along with the hostname or not.
The usage of spacewalk-hostname-rename is as follows: 
spacewalk-hostname-rename <ip address> [ --ssl-country=<country> --ssl-state=<state>\
--ssl-org=<organization/company> --ssl-orgunit=<department> --ssl-email=<email address> --ssl-ca-password=<password>]
Copy to Clipboard Toggle word wrap
If there is a need to generate a new SSL certificate, the script asks for all necessary information through a series of prompts, unless options are passed at the command line (as in the above example). When the system hostname has not changed, the regeneration of a new SSL server certificate is unnecessary. However, if at least one SSL option is specified, then spacewalk-hostname-rename generates a new certificate.
For more information about using spacewalk-hostname-rename, see the following Red Hat Knowledgebase entry:
https://access.redhat.com/site/solutions/30596

12.4. Conducting Red Hat Satellite-Specific Tasks
Copy link

Using the Red Hat Satellite web interface is similar to using the hosted version of Red Hat Network. For this reason, consult the Red Hat Satellite Reference Guide to obtain detailed instructions for standard tasks, such as editing System Profiles and updating packages. Tasks directly related to managing custom channels and errata are covered in the Red Hat Satellite Channel Management Guide. This section seeks to explain activities available only to Red Hat Satellite customers.

12.4.1. Deleting Users
Copy link

Due to the isolated environment in which Red Hat Satellites operate, Red Hat grants customers the ability to delete users. To delete users:
  1. Click Users in the top navigation bar of the Red Hat Network website.
  2. Click the name of the user to be removed.
  3. Click the delete user link at the top-right corner of the page.
  4. A confirmation page appears explaining that this removal is permanent. To continue, click Delete User at the bottom-right corner of the page.

Note

Remove the Organization Administrator role from the user's profile before deleting the user from the Red Hat Satellite. Failing to do so causes the delete operation to fail.
Any Organization Administrator may remove the Organization Administrator role provided they are not the sole Organization Administrator for the organization. To do so, click the Users tab and then click the Details subtab.
Many other options exist for managing users. You can find instructions for them in the Red Hat Network website chapter of the Red Hat Satellite Reference Guide.

12.5. Automating Synchronization
Copy link

Manually synchronizing the Red Hat Satellite repository with the Red Hat Content Delivery Network (CDN) is a time-intensive task. United States business hours tend to be the peak usage time for the Red Hat CDN, so synchronization during that time can be slow. Red Hat encourages customers to automate synchronization at other times to better balance load and ensure quick synchronization. Continental United States business hours are roughly 8:00 AM to 9:00 PM EST (UTC -5), due to four time zones, Monday through Friday. These hours vary seasonally by one hour. Red Hat strongly recommends synchronization during a particular time range. This ensures better synchronization performance.
Set this automation with the addition of a simple cron job. Edit the crontab as root: 
crontab -e
Copy to Clipboard Toggle word wrap
This opens the crontab in your default text editor.

Note

Change your default text editor using the EDITOR variable, like so: export EDITOR=gedit. Choosing a graphical editor will require an enabled graphical interface.
Once opened, use the first five fields (minute, hour, day, month, and weekday) to schedule the synchronization. Use 24-hour clock format. Edit the crontab to include random synchronization, like so: 
0 1 * * * perl -le 'sleep rand 9000' && cdn-sync --email >/dev/null \
2>/dev/null
Copy to Clipboard Toggle word wrap
This cronjob will run randomly between 1:00 a.m. and 3:30 a.m. system time each night and redirect stdout and stderr from cron to prevent duplicating the more easily read messages from cdn-sync. Use other options from Section 8.1, “Red Hat Satellite CDN Synchronization Tool” if necessary.
After saving the file and exiting the editor, the system installs the modified crontab immediately.

12.6. Enabling Push to Clients
Copy link

In addition to allowing client systems to regularly poll the Satellite for scheduled actions, users can enable the Satellite to immediately initiate those actions on provisioning-entitled systems. This bypasses the typical delay between scheduling an action and the client system retrieving the action from Red Hat Network. The OSA dispatcher (osa-dispatcher) provides support for this feature.
OSA dispatcher is a service that periodically runs a query to check the Red Hat Satellite server for any commands to execute on the client. If any actions exist, it sends a message through jabberd to the osad instances running on the clients.

Important

It is mandatory to use SSL between the Red Hat Satellite and clients systems for this feature to work. If the SSL certificates are not available, the daemon on the client system fails to connect.
To use this feature, first configure your firewall rules to allow connections on the required port(s), as described in Section 2.4, “Additional Requirements”.
Install the osa-dispatcher package, which is contained in the Red Hat Satellite software channel for on the Customer Portal. Once installed, start the service on the Satellite as root using the following command: 
service osa-dispatcher start
Copy to Clipboard Toggle word wrap
Finally, install the osad package on all client systems to receive pushed actions. Find this package within the Red Hat Network Tools child channel on the Red Hat Satellite.

Warning

Do not install the osad package on the Red Hat Satellite server. This package conflicts with the osa-dispatcher package installed on the server.
Once installed, start the service on the client systems as root using the command: 
service osad start
Copy to Clipboard Toggle word wrap
Like other services, osa-dispatcher and osad accept stop, restart, and status commands, as well.
This feature depends on client systems recognizing the fully qualified domain name (FQDN) of the Satellite. The client systems use this name and not the IP address of the server when configuring the Red Hat Update Agent. See the Red Hat Satellite Client Configuration Guide for more details.
Now when you schedule actions from the Red Hat Satellite to any push-enabled system, the task begins immediately rather than waiting for the system to check with Red Hat Network.

12.7. Maintaining the Database
Copy link

It is usually recommended to provide database maintenance on a regular basis. For example, you might aim to set up a cronjob to clean redundant data from the database. Accomplish this using the following commands: 
# su postgres -
bash-4.1$ psql -d rhnschema -c 'VACUUM;'
bash-4.1$ exit
Copy to Clipboard Toggle word wrap
This changes to the postgres user to access the Satellite 5 database (rhnschema) and perform a VACUUM on the database tables. This reclaims storage that dead tuples occupy. Deleted or obsolete tuples are not usually physically removed from their table and remain present until performing a VACUUM.

12.8. Migrating the Database
Copy link

If you have installed Red Hat Satellite 5 but later need to transition your database, use the following sections to guide your migration process.
The requirements to migrate from Embedded to Managed Database are:
  • The Red Hat Satellite installation ISO
  • A complete installation of Red Hat Satellite server with an Embedded Database (satellite.example.com)
  • A new system to host the Managed Database with Red Hat Enterprise Linux 6 installed (manageddb.example.com)

Procedure 12.2. Migrating to a Managed Database

  1. Shut down the Red Hat Satellite instance: 
    [root@satellite ~]# rhn-satellite stop
    Copy to Clipboard Toggle word wrap
  2. Remove the rhn-upgrade package if it exists on your server: 
    [root@satellite ~]# yum remove rhn-upgrade
    Copy to Clipboard Toggle word wrap
  3. Use db-control to create a database backup 
    [root@satellite ~]# mkdir ~/dbbackup
[root@satellite ~]# db-control backup ~/dbbackup
    Copy to Clipboard Toggle word wrap
  4. Copy the database backup from the Satellite server to the Managed Database server. 
    [root@satellite ~]# scp -r ~/dbbackup root@manageddb.example.com:~/.
    Copy to Clipboard Toggle word wrap
  5. Install the Managed Database using the Red Hat Satellite installation ISO.
  6. After you have installed the Managed External Database, shut it down and back up the database configuration and access control files. 
    [root@manageddb ~]# db-control stop
[root@manageddb ~]# cp /var/opt/rh/rh-postgresql95/lib/pgsql/data/postgresql.conf ~/dbbackup
[root@manageddb ~]# cp /var/opt/rh/rh-postgresql95/lib/pgsql/data/pg_hba.conf ~/dbbackup
    Copy to Clipboard Toggle word wrap
    You need to backup these files because the migration process will erase them.
  7. Use db-control to restore the database backup to the Managed Database server. 
    [root@manageddb ~]# db-control restore ~/dbbackup
    Copy to Clipboard Toggle word wrap
  8. Restore the database configuration and access control files from backup to the Managed Database. 
    [root@manageddb ~]# cp ~/dbbackup/postgresql.conf /var/opt/rh/rh-postgresql95/lib/pgsql/data/postgresql.conf
[root@manageddb ~]# cp ~/dbbackup/pg_hba.conf /var/opt/rh/rh-postgresql95/lib/pgsql/data/pg_hba.conf
    Copy to Clipboard Toggle word wrap
  9. On the Satellite server, edit the /etc/rhn/rhn.conf file and change db_host to the domain name of the Managed Database and set the db_port to 5432. For example: 
    db_host = manageddb.example.com
db_port = 5432
    Copy to Clipboard Toggle word wrap
  10. Remove rh-postgresql95-postgresql from the /etc/rhn/service-list file on the Satellite server. 
    [root@satellite ~]# sed -i 's/rh-postgresql95-postgresql //g' /etc/rhn/service-list
    Copy to Clipboard Toggle word wrap
  11. On the Managed Database, edit the /etc/rhn/rhn.conf file and change db_name, db_user, db_password to reflect the same values in /etc/rhn/rhn.conf on the Satellite server. For example: 
    db_name = mydb
db_user = mydbuser
db_password = mydbpassword
    Copy to Clipboard Toggle word wrap
  12. Start the Managed Database instance using db-control. 
    [root@manageddb ~]# db-control start
    Copy to Clipboard Toggle word wrap
  13. Remove the PostgreSQL and spacewalk-dobby packages from the Satellite server. 
    [root@satellite ~]# yum remove rh-postgresql95 rh-postgresql95-postgresql rh-postgresql95-postgresql-contrib rh-postgresql95-postgresql-libs rh-postgresql95-postgresql-server rh-postgresql95-postgresql-pltcl spacewalk-dobby
    Copy to Clipboard Toggle word wrap
  14. Restart Red Hat Satellite. 
    [root@satellite ~]# rhn-satellite start
    Copy to Clipboard Toggle word wrap
The database is now migrated from an Embedded Database to a Managed Database.
The requirements to migrate from Embedded to an External PostgreSQL Database:

Procedure 12.3. Migrating to an External PostgreSQL Database

  1. Shut down all services on the Red Hat Satellite server, but start the Embedded Database with db-control: 
    [root@satellite ~]# rhn-satellite stop
[root@satellite ~]# db-control start
    Copy to Clipboard Toggle word wrap
  2. Remove the rhn-upgrade if it exists on your server: 
    [root@satellite ~]# yum remove rhn-upgrade
    Copy to Clipboard Toggle word wrap
  3. Update your database to the latest schema version: 
    [root@satellite ~]# yum update satellite-schema
[root@satellite ~]# spacewalk-schema-upgrade
    Copy to Clipboard Toggle word wrap
    This ensures that your database version matches the latest version on the External PostgreSQL Database.
  4. Create a directory to hold your database snapshot. 
    [root@satellite ~]# mkdir ~/dbbackup
[root@satellite ~]# cd ~/dbbackup
    Copy to Clipboard Toggle word wrap
  5. Export the database using spacewalk-dump-schema: 
    [root@satellite dbbackup]# spacewalk-dump-schema --to=postgresql > migrate-to-postgresql.sql
    Copy to Clipboard Toggle word wrap
  6. Stop the Embedded Database: 
    [root@satellite dbbackup]# db-control stop
    Copy to Clipboard Toggle word wrap
  7. Use spacewalk-setup to populate the External PostgreSQL Database: 
    [root@satellite dbbackup]# spacewalk-setup --db-only --external-postgresql
    Copy to Clipboard Toggle word wrap
    The script asks for your database details so Satellite can connect and populate the database. Enter your External PostgreSQL Database details: 
    ** Database: Setting up database connection for PostgreSQL backend.
Hostname (leave empty for local)? postgresql.example.com
Port [5432]?
Database? myextdb
Username? root
Password?
    Copy to Clipboard Toggle word wrap
    The script populates the database.
  8. When the script completes database population, restore the database schema 
    [root@satellite dbbackup]# spacewalk-sql -i < migrate-to-postgresql.sql
    Copy to Clipboard Toggle word wrap
  9. Remove the PostgreSQL and spacewalk-dobby packages from the Satellite server. 
    [root@satellite ~]# yum remove rh-postgresql95 rh-postgresql95-postgresql rh-postgresql95-postgresql-contrib rh-postgresql95-postgresql-libs rh-postgresql95-postgresql-server rh-postgresql95-postgresql-pltcl spacewalk-dobby
    Copy to Clipboard Toggle word wrap
  10. Start Red Hat Satellite. 
    [root@satellite ~]# rhn-satellite start
    Copy to Clipboard Toggle word wrap
The database is now migrated from an Embedded Database to an External PostgreSQL Database.
The requirements to migrate from Embedded to an External Oracle Database:
  • A complete installation of Red Hat Satellite server with an Embedded Database (satellite.example.com)
  • A system hosting a running instance of Oracle Database (oracledb.example.com). See Section 3.3.1, “External Database Requirements” for configuration details.

Procedure 12.4. Migrating to an External Oracle Database

  1. Shut down all services on the Red Hat Satellite server, but start the Embedded Database with db-control: 
    [root@satellite ~]# rhn-satellite stop
[root@satellite ~]# db-control start
    Copy to Clipboard Toggle word wrap
  2. Remove the rhn-upgrade package if it exists on your server: 
    [root@satellite ~]# yum remove rhn-upgrade
    Copy to Clipboard Toggle word wrap
  3. Update your database to the latest schema version: 
    [root@satellite ~]# yum update satellite-schema
[root@satellite ~]# spacewalk-schema-upgrade
    Copy to Clipboard Toggle word wrap
    This ensures that your database version matches the latest version on the External Oracle Database.
  4. Create a directory to hold your database snapshot. 
    [root@satellite ~]# mkdir ~/dbbackup
[root@satellite ~]# cd ~/dbbackup
    Copy to Clipboard Toggle word wrap
  5. Export the database using spacewalk-dump-schema: 
    [root@satellite dbbackup]# spacewalk-dump-schema --to=oracle > migrate-to-oracle.sql
    Copy to Clipboard Toggle word wrap
  6. Stop the Embedded Database: 
    [root@satellite dbbackup]# db-control stop
    Copy to Clipboard Toggle word wrap
  7. Exchange the PostgreSQL drivers and configuration scripts with the Oracle drivers and configuration scripts on the Satellite server: 
    [root@satellite dbbackup]# yum remove -y spacewalk-postgresql
[root@satellite dbbackup]# yum install -y spacewalk-oracle
[root@satellite dbbackup]# yum remove -y spacewalk-java-postgresql spacewalk-backend-sql-postgresql
    Copy to Clipboard Toggle word wrap
  8. Use spacewalk-setup to populate the External Oracle Database: 
    [root@satellite dbbackup]# spacewalk-setup --db-only --external-oracle
    Copy to Clipboard Toggle word wrap
    The script asks for your database details so Satellite can connect and populate the database. Enter your External Oracle Database details: 
    ** Database: Setting up database connection for Oracle backend.
Database service name (SID)? oracledb
Database hostname [localhost]? oracledb.example.com
Database (listener) port [1521]?
    Copy to Clipboard Toggle word wrap
    The script populates the database.

    Important

    Use the default Oracle Database port (1521) for the Red Hat Satellite database. Using an alternative port can cause SELinux errors.
  9. When the script completes database population, restore the database schema 
    [root@satellite dbbackup]# spacewalk-sql -i < migrate-to-oracle.sql
    Copy to Clipboard Toggle word wrap

    Important

    You might need to change SELinux context of the migration script before loading it into Oracle Database: 
    [root@satellite dbbackup]# semanage fcontext -a -t oracle_sqlplus_exec_t /root/dbbackup/migrate-to-oracle.sql
[root@satellite dbbackup]# restorecon -v /root/dbbackup/migrate-to-oracle.sql
    Copy to Clipboard Toggle word wrap
    Similarly, you might need to change SELinux context of dumped tables: 
    [root@satellite dbbackup]# semanage fcontext -a -t oracle_tmp_t "/tmp/dumped-tables(/.*)?"
[root@satellite dbbackup]# restorecon -R -v /tmp/dumped-tables/
    Copy to Clipboard Toggle word wrap
  10. Remove the PostgreSQL and spacewalk-dobby packages from the Satellite server. 
    [root@satellite ~]# yum remove rh-postgresql95 rh-postgresql95-postgresql rh-postgresql95-postgresql-contrib rh-postgresql95-postgresql-libs rh-postgresql95-postgresql-server rh-postgresql95-postgresql-pltcl spacewalk-dobby
    Copy to Clipboard Toggle word wrap
  11. Start Red Hat Satellite. 
    [root@satellite ~]# rhn-satellite start
    Copy to Clipboard Toggle word wrap
The database is now migrated from an Embedded Database to an External Oracle Database.
The requirements to migrate from Managed to Embedded Database are:
  • The Red Hat Satellite installation ISO
  • A complete installation of Red Hat Satellite server (satellite.example.com) with a Managed Database on a seperate server (manageddb.example.com)

Procedure 12.5. Migrating to an Embedded Database

  1. Stop the main services on the Satellite server. 
    [root@satellite ~]# rhn-satellite stop
    Copy to Clipboard Toggle word wrap
  2. Shut down the database on the Managed Database server. 
    [root@manageddb ~]# db-control stop
    Copy to Clipboard Toggle word wrap
  3. Remove the rhn-upgrade package if it exists on your server: 
    [root@satellite ~]# yum remove rhn-upgrade
    Copy to Clipboard Toggle word wrap
  4. Use db-control to create a database backup on the Managed Database Server and copy that backup to the Satellite server. 
    [root@manageddb ~]# mkdir ~/dbbackup
[root@manageddb ~]# db-control backup ~/dbbackup
[root@manageddb ~]# scp -r ~/dbbackup root@satellite.example.com:~/.
    Copy to Clipboard Toggle word wrap
    The Managed Database server is now free for other purposes. All further actions take place on the Satellite server.
  5. Mount the Red Hat Satellite installation ISO on the Satellite server and set and export the YUM0 variable with the Red Hat Satellite mount point value. 
    [root@satellite ~]# mkdir /media/cdrom
[root@satellite ~]# mount -o loop Red_Hat_Satellite_58.iso /media/cdrom
[root@satellite ~]# export YUM0=/media/cdrom
    Copy to Clipboard Toggle word wrap
  6. Enable the red-hat-satellite repository. If the red-hat-satellite repository definition is not present, install the satellite-repo package found in $YUM0/Satellite. After the red-hat-satellite repository is enabled, install the @satellite-database package group and disable the red-hat-satellite repository. 
    [root@satellite ~]# yum install @satellite-database --enablerepo=red-hat-satellite
    Copy to Clipboard Toggle word wrap
  7. Use db-control to restore the database backup. 
    [root@satellite ~]# db-control restore ~/dbbackup
    Copy to Clipboard Toggle word wrap
  8. Edit the /etc/rhn/rhn.conf file to remove the db_port and db_hostname values. 
    [root@satellite ~]# sed -i 's/db_host\s*=.*/db_host = /' /etc/rhn/rhn.conf
[root@satellite ~]# sed -i 's/db_port\s*=.*/db_port = /' /etc/rhn/rhn.conf
    Copy to Clipboard Toggle word wrap
  9. Add the rh-postgresql95-postgresql service to the /etc/rhn/service-list file to ensure that it is started and stopped in parallel with Red Hat Satellite. 
    [root@satellite ~]# echo "SERVICES=\"rh-postgresql95-postgresql \$SERVICES\"" >> /etc/rhn/service-list
    Copy to Clipboard Toggle word wrap
  10. Start the Red Hat Satellite services. 
    [root@satellite ~]# rhn-satellite start
    Copy to Clipboard Toggle word wrap
The database is now migrated from a Managed Database to an Embedded Database.
The requirements to migrate from an External PostgreSQL Database to an Embedded database:
  • A complete installation of Red Hat Satellite server (satellite.example.com) using an External PostgreSQL Database (postgresql.example.com).

Procedure 12.6. Migrating to an Embedded Database from an External PostgreSQL Database

  1. Shut down all services on the Red Hat Satellite server: 
    [root@satellite ~]# rhn-satellite stop
    Copy to Clipboard Toggle word wrap
  2. Make sure your External PostgreSQL Database is still running.
  3. Remove the rhn-upgrade if it exists on your server: 
    [root@satellite ~]# yum remove rhn-upgrade
    Copy to Clipboard Toggle word wrap
  4. Update the External PostgreSQL Database to the latest schema version: 
    [root@satellite ~]# yum update satellite-schema
[root@satellite ~]# spacewalk-schema-upgrade
    Copy to Clipboard Toggle word wrap
    This ensures that your database version matches the latest version for the Embedded Database.
  5. Create a directory to hold your database snapshot. 
    [root@satellite ~]# mkdir ~/dbbackup
[root@satellite ~]# cd ~/dbbackup
    Copy to Clipboard Toggle word wrap
  6. Export the database using spacewalk-dump-schema: 
    [root@satellite dbbackup]# spacewalk-dump-schema --to=postgresql > migrate-to-postgresql.sql
    Copy to Clipboard Toggle word wrap
  7. Stop the External Database. It is no longer required.
  8. Install the PostgreSQL installation and Satellite database tools packages on the Satellite server: 
    [root@satellite dbbackup]# yum install -y spacewalk-setup-postgresql spacewalk-dobby
    Copy to Clipboard Toggle word wrap
  9. Use spacewalk-setup to populate the Embedded Database: 
    [root@satellite dbbackup]# spacewalk-setup --db-only
    Copy to Clipboard Toggle word wrap
    The script populates the database. Wait until this process completes. 
    ** Database: Setting up database connection for PostgreSQL backend.
** Database: Installing the database:
** Database: This is a long process that is logged in:
** Database:   /var/log/rhn/install_db.log
*** Progress: #
** Database: Installation complete.
** Database: Populating database.
*** Progress: ####################################
    Copy to Clipboard Toggle word wrap
  10. When the script completes database population, restore the database schema: 
    [root@satellite dbbackup]# spacewalk-sql -i < migrate-to-postgresql.sql
    Copy to Clipboard Toggle word wrap
  11. Start Red Hat Satellite. 
    [root@satellite ~]# rhn-satellite start
    Copy to Clipboard Toggle word wrap
The database is now migrated from an External PostgreSQL Database to an Embedded Database.
The requirements to migrate from an External Oracle Database to an Embedded database:
  • A complete installation of Red Hat Satellite server (satellite.example.com) using an External Oracle Database (oracledb.example.com).

Procedure 12.7. Migrating to an Embedded Database from Oracle Database

  1. Shut down all services on the Red Hat Satellite server: 
    [root@satellite ~]# rhn-satellite stop
    Copy to Clipboard Toggle word wrap
  2. Make sure your External Oracle Database is still running.
  3. Remove the rhn-upgrade if it exists on your server: 
    [root@satellite ~]# yum remove rhn-upgrade
    Copy to Clipboard Toggle word wrap
  4. Update the External Oracle Database to the latest schema version: 
    [root@satellite ~]# yum update satellite-schema
[root@satellite ~]# spacewalk-schema-upgrade
    Copy to Clipboard Toggle word wrap
    This ensures that your database version matches the latest version for the Embedded Database.
  5. Create a directory to hold your database snapshot. 
    [root@satellite ~]# mkdir ~/dbbackup
[root@satellite ~]# cd ~/dbbackup
    Copy to Clipboard Toggle word wrap
  6. Export the database using spacewalk-dump-schema: 
    [root@satellite dbbackup]# spacewalk-dump-schema --to=postgresql > migrate-to-postgresql.sql
    Copy to Clipboard Toggle word wrap
  7. Stop the External Oracle Database. It is no longer required.
  8. Exchange the Oracle drivers and configuration scripts with the PostgreSQL drivers and configuration scripts on the Satellite server: 
    [root@satellite dbbackup]# yum remove -y spacewalk-oracle
[root@satellite dbbackup]# yum install -y spacewalk-postgresql spacewalk-setup-postgresql spacewalk-dobby
[root@satellite dbbackup]# yum remove -y spacewalk-java-oracle spacewalk-backend-sql-oracle
    Copy to Clipboard Toggle word wrap
  9. Use spacewalk-setup to populate the Embedded Database: 
    [root@satellite dbbackup]# spacewalk-setup --db-only
    Copy to Clipboard Toggle word wrap
    The script populates the database. Wait until this process completes. 
    ** Database: Setting up database connection for PostgreSQL backend.
** Database: Installing the database:
** Database: This is a long process that is logged in:
** Database:   /var/log/rhn/install_db.log
*** Progress: #
** Database: Installation complete.
** Database: Populating database.
*** Progress: ####################################
    Copy to Clipboard Toggle word wrap
  10. When the script completes database population, restore the database schema 
    [root@satellite dbbackup]# spacewalk-sql -i < migrate-to-postgresql.sql
    Copy to Clipboard Toggle word wrap
  11. Start Red Hat Satellite. 
    [root@satellite ~]# rhn-satellite start
    Copy to Clipboard Toggle word wrap
The database is now migrated from an External Oracle Database to an Embedded Database.
The requirements to migrate from an External Oracle Database to an External PostgreSQL database:
  • A complete installation of Red Hat Satellite server (satellite.example.com) using an External Oracle Database (oracledb.example.com).
  • A system hosting a running instance of PostgreSQL (postgresql.example.com), See Section 3.3.1.1, “PostgreSQL Database Requirements” for configuration details.

Procedure 12.8. Migrating to an External Database from Oracle Database

  1. Shut down all services on the Red Hat Satellite server: 
    [root@satellite ~]# rhn-satellite stop
    Copy to Clipboard Toggle word wrap
  2. Make sure your External Oracle Database is still running.
  3. Remove the rhn-upgrade if it exists on your server: 
    [root@satellite ~]# yum remove rhn-upgrade
    Copy to Clipboard Toggle word wrap
  4. Update the External Oracle Database to the latest schema version: 
    [root@satellite ~]# yum update satellite-schema
[root@satellite ~]# spacewalk-schema-upgrade
    Copy to Clipboard Toggle word wrap
    This ensures that your database version matches the latest version for the External Database.
  5. Create a directory to hold your database snapshot. 
    [root@satellite ~]# mkdir ~/dbbackup
[root@satellite ~]# cd ~/dbbackup
    Copy to Clipboard Toggle word wrap
  6. Export the database using spacewalk-dump-schema: 
    [root@satellite dbbackup]# spacewalk-dump-schema --to=postgresql > migrate-to-postgresql.sql
    Copy to Clipboard Toggle word wrap
  7. Stop the External Oracle Database. It is no longer required.
  8. Exchange the Oracle drivers and configuration scripts with the PostgreSQL drivers and configuration scripts on the Satellite server: 
    [root@satellite dbbackup]# yum remove -y spacewalk-oracle
[root@satellite dbbackup]# yum install -y spacewalk-postgresql
[root@satellite dbbackup]# yum remove -y spacewalk-java-oracle spacewalk-backend-sql-oracle
    Copy to Clipboard Toggle word wrap
  9. Use spacewalk-setup to populate the External Database: 
    [root@satellite dbbackup]# spacewalk-setup --db-only --external-postgresql
    Copy to Clipboard Toggle word wrap
    The script asks for your database details so Satellite can connect and populate the database. Enter your External PostgreSQL Database details: 
    ** Database: Setting up database connection for PostgreSQL backend.
Hostname (leave empty for local)? postgresql.example.com
Port [5432]?
Database? myextdb
Username? root
Password?
    Copy to Clipboard Toggle word wrap
  10. When the script completes database population, restore the database schema 
    [root@satellite dbbackup]# spacewalk-sql -i < migrate-to-postgresql.sql
    Copy to Clipboard Toggle word wrap
  11. Start Red Hat Satellite. 
    [root@satellite ~]# rhn-satellite start
    Copy to Clipboard Toggle word wrap
The database is now migrated from an External Oracle Database to an External PostgreSQL Database.
The Red Hat Satellite can be installed and configured in multiple ways. Select one method depending on the following factors:
  • The total number of client systems to be served by the Red Hat Satellite.
  • The maximum number of clients expected to connect concurrently to the Red Hat Satellite.
  • The number of custom packages and channels to be served by the Red Hat Satellite.
  • The number of Red Hat Satellites being used in the customer environment.
  • The number of Red Hat Proxy Servers being used in the customer environment.
The rest of this chapter describes possible configurations and explains their benefits.

A.1. Single Red Hat Satellite Topology
Copy link

The simplest configuration is to use a single Red Hat Satellite to serve your entire network. This configuration is adequate to service a medium-size group of clients and network.
The disadvantage of using one Red Hat Satellite is that performance will be compromised as the number of clients requesting packages grows.
Single Red Hat Satellite Topology
View larger image
Single Red Hat Satellite Topology

Figure A.1. Single Red Hat Satellite Topology

For very large networks, a more distributed method may be needed, such as having multiple Red Hat Satellites in a horizontally tiered configuration and balancing the load of client requests.
It is possible to synchronize content between Red Hat Satellites using the rhn-satellite-exporter and satellite-sync -m commands. Alternatively, the Inter-Satellite Sync 2 feature is designed for this purpose.
Additional maintenance is the biggest disadvantage of this horizontal structure.
Multiple Red Hat Satellite Horizontally Tiered Topology
View larger image
Multiple Red Hat Satellite Horizontally Tiered Topology

Figure A.2. Multiple Red Hat Satellite Horizontally Tiered Topology

An alternative method to balance load is to install Red Hat Proxy Servers below a Red Hat Satellite. These Proxies connect to the Red Hat Satellite for RPMs from Red Hat Network and custom packages created locally. In essence, the Red Hat Proxy Servers act as clients of Red Hat Satellite.
This vertically tiered configuration requires that channels and RPMs be created only on the Red Hat Satellite. In this manner, the Red Hat Proxy Servers inherit and then serve packages from a central location. For details, see the Red Hat Satellite Channel Management Guide.
The Red Hat Proxy Servers' SSL certificates should also be set up so that the Red Hat Proxy Servers become clients of the Red Hat Satellite. These Proxy servers should also be set up to serve content out to client systems simultaneously. This process is described in the Red Hat Satellite Client Configuration Guide.
Red Hat Satellite-to-Proxy Vertically Tiered Topology
View larger image
Red Hat Satellite-to-Proxy Vertically Tiered Topology

Figure A.3. Red Hat Satellite-to-Proxy Vertically Tiered Topology

The /etc/rhn/rhn.conf configuration file for the Red Hat Satellite provides a means for you to establish key settings. Be warned, however, that errors inserted into this file may cause Satellite failures. So make configuration changes with caution.
You should be particularly concerned with the following parameters: traceback_mail, default_db, and server.satellite.http_proxy. Review the sample and its comments, beginning with a hash mark (#), for additional details. 
#/etc/rhn/rhn.conf example for a Red Hat Satellite
#-------------------------------------------------

# Destination of all tracebacks, such as crash information, etc.
traceback_mail = test@pobox.com, test@redhat.com
mount_point = /var/satellite
kickstart_mount_point = /var/satellite
repomd_cache_mount_point = /var/cache
server.satellite.rhn_parent = satellite.rhn.redhat.com

# Use proxy FQDN, or FQDN:port
server.satellite.http_proxy =
server.satellite.http_proxy_username =
server.satellite.http_proxy_password =
server.satellite.ca_chain = /usr/share/rhn/RHNS-CA-CERT

# Use these options if this server is intended to be a slave.
# Name of parent for ISS.
# # If left blank rhn_parent is taken by default.
# # This option can be overriden on satellite-sync command line.
iss_parent      =
iss_ca_chain    = /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

# Use this option if this server is intended to be a master
# Comma separated list of allowed iss slaves, like:
# allowed_iss_slaves=slave1-satellite.redhat.com,slave2-satellite.redhat.com
allowed_iss_slaves=

# Completely disable ISS.
# If set to 1, then no slave will be able to sync from this server
# this option does not affect ability to sync to this server from
# another spacewalk (or hosted).
disable_iss=0

db_backend = postgresql
db_user = rhnuser
db_password = rhnpw
db_name = rhnschema
db_host =
db_port =

server.nls_lang = english.UTF8

hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
hibernate.connection.driver_class=org.postgresql.Driver
hibernate.connection.driver_proto=jdbc:postgresql


web.satellite = 1
web.satellite_install =

web.session_swap_secret_1 = 9c3da20106d2968d838ee0e8a0431d25
web.session_swap_secret_2 = 9d6dcb05f90586c9aa0cba72328f9abb
web.session_swap_secret_3 = 296ddef52ea5df4bc5ee666a238c0454
web.session_swap_secret_4 = 0863e7427021c045fe4c19dbd3db1900

session_secret_1 = 2ae50e0414ecc9d42e15fece90cce4b5
session_secret_2 = da2abb2f77c328f879d7b4f24a2d68fa
session_secret_3 = 60531c88064d0d00edbfe683a1c962da
session_secret_4 = 1af4c9e335d427761d17bb93d051df87

server.secret_key = d8e7f083a9c40bf76d09c38fb5d0e52b

encrypted_passwords = 1

web.param_cleansers = RHN::Cleansers->cleanse
web.base_acls = RHN::Access

web.restrict_mail_domains =

web.ssl_available = 1

web.is_monitoring_backend = 1
web.is_monitoring_scout = 1

# OSA configuration #

server.jabber_server = sat570.example.com
osa-dispatcher.jabber_server = sat570.example.com

# set up SSL on the dispatcher
osa-dispatcher.osa_ssl_cert = /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT

# Enable Solaris support

web.enable_solaris_support = 0

# force removing entitlements from systems when modifying multiorg entitlements
# below the current usage amount.
web.force_unentitlement=0

# system snapshots enabled
enable_snapshots = 1

#cobbler host name
cobbler.host = sat570.example.com
#option generated from rhn-config-satellite.pl
web.subscribe_proxy_channel=1

#option generated from rhn-config-satellite.pl
force_package_upload=1

#option generated from rhn-config-satellite.pl
enable_nvrea=0

#option generated from rhn-config-satellite.pl
web.default_mail_from=RHN Satellite dev-null@localhost

#option generated from rhn-config-satellite.pl
web.l10n_resourcebundles=com.redhat.rhn.frontend.strings.jsp.StringPackage,com.redhat.rhn.frontend.strings.java.StringPackage,com.redhat.rhn.frontend.strings.database.StringPackage,com.redhat.rhn.frontend.strings.nav.StringPackage,com.redhat.rhn.frontend.strings.template.StringPackage,com.redhat.rhn.branding.strings.StringPackage

#option generated from rhn-config-satellite.pl
product_name=RHN Satellite

#option generated from rhn-config-satellite.pl
web.version=5.8.0

#option generated from rhn-config-satellite.pl
disconnected=1
Copy to Clipboard Toggle word wrap

Appendix C. Revision History
Copy link

Revision History
Revision 1.1-0Wed Feb 1 2017Satellite Documentation Team
Initial revision for the Red Hat Satellite 5.8 release.

Legal Notice
Copy link

Copyright © 2017 Red Hat.
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red Hat