Chapter 2. Capsule Server Overview
Capsule Servers provide content federation and run localized services to discover, provision, control, and configure hosts. You can use Capsules to extend the Satellite deployment to various geographical locations. This section contains an overview of features that can be enabled on Capsules as well as their simple classification.
For more information about Capsule requirements, installation process, and scalability considerations, see Installing Capsule Server.
2.1. Capsule Features
There are two sets of features provided by Capsule Servers. You can use Capsule to run services required for host management. You can also configure Capsule to mirror content from Satellite Server.
Infrastructure and host management services:
- DHCP – Capsule can manage a DHCP server, including integration with an existing solution such as ISC DHCP servers, Active Directory, and Libvirt instances.
- DNS – Capsule can manage a DNS server, including integration with an existing solution such as ISC BIND and Active Directory.
- TFTP – Capsule can integrate with any UNIX-based TFTP server.
- Realm – Capsule can manage Kerberos realms or domains so that hosts can join them automatically during provisioning. Capsule can integrate with an existing infrastructure, including Red Hat Identity Management and Active Directory.
- Puppet server – Capsule can act as a configuration management server by running Puppet server.
- Puppet Certificate Authority – Capsule can integrate with Puppet’s CA to provide certificates to hosts.
- Baseboard Management Controller (BMC) – Capsule can provide power management for hosts using IPMI or Redfish.
- Provisioning template proxy – Capsule can serve provisioning templates to hosts.
- OpenSCAP – Capsule can perform security compliance scans on hosts.
- Remote Execution (REX) – Capsule can run remote job execution on hosts.
Content related features:
- Repository synchronization – the content from Satellite Server (more precisely from selected life cycle environments) is pulled to Capsule Server for content delivery (enabled by Pulp).
- Content delivery – hosts configured to use Capsule Server download content from that Capsule rather than from the central Satellite Server (enabled by Pulp).
- Host action delivery – Capsule Server executes scheduled actions on hosts.
- Red Hat Subscription Management (RHSM) proxy – hosts are registered to their associated Capsule Servers rather than to the central Satellite Server or the Red Hat Customer Portal (provided by Candlepin).
2.2. Capsule Types
Not all Capsule features have to be enabled at once. You can configure a Capsule Server for a specific limited purpose. Some common configurations include:
- Infrastructure Capsules [DNS + DHCP + TFTP] – provide infrastructure services for hosts. With provisioning template proxy enabled, infrastructure Capsule has all necessary services for provisioning new hosts.
- Content Capsules [Pulp] – provide content synchronized from Satellite Server to hosts.
- Configuration Capsules [Pulp + Puppet + PuppetCA] – provide content and run configuration services for hosts.
- All-in-one Capsules [DNS + DHCP + TFTP + Pulp + Puppet + PuppetCA] – provide a full set of Capsule features. All-in-one Capsules enable host isolation by providing a single point of connection for managed hosts.
2.3. Capsule Networking
The goal of Capsule isolation is to provide a single endpoint for all of the host’s network communications so that in remote network segments, you need only open firewall ports to the Capsule itself. The following diagram shows how the Satellite components interact in the scenario with hosts connecting to an isolated Capsule.
Figure 2.1. Satellite Topology with Isolated Capsule
The following diagram shows how the Satellite components interact when hosts connect directly to Satellite Server. Note that as the base system of an external Capsule is a Client of the Satellite, this diagram is relevant even if you do not intend to have directly connected hosts.
Figure 2.2. Satellite Topology with Internal Capsule
You can find complete instructions for configuring the host-based firewall to open the required ports in the following documents:
- Ports and Firewalls Requirements in Installing Satellite Server in a Connected Network Environment
- Ports and Firewalls Requirements in Installing Satellite Server in a Disconnected Network Environment
- Ports and Firewalls Requirements in Installing Capsule Server