Chapter 4. Major Satellite components
A typical Satellite deployment consists of the following components: a Satellite Server, Capsule Servers that mirror content from Satellite Server, and hosts that receive content and configuration from Satellite Server and Capsule Servers.
4.1. Satellite Server overview
Satellite Server is the central component of a Satellite deployment where you plan and manage the content lifecycle.
A typical Satellite deployment includes one Satellite Server on which you perform the following operations:
- Content lifecycle management
- Configuration of Capsule Servers
- Configuration of hosts
- Host provisioning
- Patch management
- Subscription management
Satellite Server delegates content distribution, host provisioning, and communication to Capsule Servers. Satellite Server itself also includes a Capsule.
Satellite Server also contains a fine-grained authentication system. You can grant Satellite users permissions to access precisely the parts of the infrastructure for which they are responsible.
Additional resources
- For more information about managing permissions, see Managing Users and Roles in Administering Red Hat Satellite.
4.2. Organizations and locations in Red Hat Satellite
On your Satellite Server, you can define multiple organizations and locations to help organize content, hosts, and configurations.
- Organizations
Organizations typically represent different business units, departments, or teams, such as Finance, Marketing, or Web Development.
By creating organizations, you can create logical containers to isolate and manage their configurations separately according to their specific requirements.
- Locations
Locations typically represent physical locations, such as countries or cities.
By creating locations, you can define geographical sites where hosts are located. For example, this is useful in environments with multiple data centers.
4.3. Capsule overview
With Capsule Servers, you can extend the reach and scalability of your Satellite deployment. Capsule Servers provide the following functionalities in a Red Hat Satellite deployment:
- Mirroring content from Satellite Server to establish content sources in various geographical or logical locations. By registering a host to a Capsule Server, you can configure this host to receive content and configuration from the Capsule in their location instead of from the central Satellite Server.
- Running localized services to discover, provision, control, and configure hosts.
By using content views, you can specify the exact subset of content that Capsule Server makes available to hosts. For more information, see Chapter 1, Content and patch management with Red Hat Satellite.
4.4. Overview of hosts in Satellite
A host is any Linux client that Red Hat Satellite manages. Hosts can be physical or virtual.
You can deploy virtual hosts on any platform supported by Red Hat Satellite, such as Amazon EC2, Google Compute Engine, KVM, libvirt, Microsoft Azure, OpenStack, Red Hat Virtualization, Rackspace Cloud Services, or VMware vSphere.
With Satellite, you can manage hosts at scale, including monitoring, provisioning, remote execution, configuration management, software management, and subscription management.
4.5. List of key open source components of Satellite Server
Satellite consists of several open source projects integrated with each other, such as the following:
- Foreman
- Foreman is a lifecycle management application for physical and virtual systems. It helps manage hosts throughout their lifecycle, from provisioning and configuration to orchestration and monitoring.
- Katello
- Katello is a plugin of Foreman that extends Foreman capabilities with additional features for content, subscription, and repository management. Katello enables Satellite to subscribe to Red Hat repositories and to download content.
- Candlepin
- Candlepin is a service for subscription management.
- Pulp
- Pulp is a service for repository and content management.
Additional resources
- See Satellite 6 Component Versions for a complete list of the upstream components integrated into Satellite and for information about which upstream component versions were delivered with different versions of Satellite.
4.6. Capsule features
Capsule Servers provide local host management services and can mirror content from Satellite Server.
To mirror content from Satellite Server, Capsule provides the following functionalities:
- Repository synchronization
- Capsule Servers pull content for selected lifecycle environments from Satellite Server and make this content available to the hosts they manage.
- Content delivery
- Hosts configured to use Capsule Server download content from that Capsule rather than from Satellite Server.
- Host action delivery
- Capsule Server executes scheduled actions on hosts.
- Red Hat Subscription Management (RHSM) proxy
- Hosts are registered to their associated Capsule Servers rather than to the central Satellite Server or the Red Hat Customer Portal.
You can use Capsule to run the following services for infrastructure and host management:
- DHCP
- Capsule can manage a DHCP server, including integration with an existing solution, such as ISC DHCP servers, Active Directory, and Libvirt instances.
- DNS
- Capsule can manage a DNS server, including integration with an existing solution, such as ISC BIND and Active Directory.
- TFTP
- Capsule can integrate with any UNIX-based TFTP server.
- Realm
- Capsule can manage Kerberos realms or domains so that hosts can join them automatically during provisioning. Capsule can integrate with an existing infrastructure, including Red Hat Identity Management and Active Directory.
- Puppet server
- Capsule can act as a configuration management server by running a Puppet server.
- Puppet Certificate Authority
- Capsule can integrate with the Puppet certificate authority (CA) to provide certificates to hosts.
- Baseboard Management Controller (BMC)
- Capsule can provide power management for hosts by using the Intelligent Platform Management Interface (IPMI) or Redfish standards.
- Provisioning template proxy
- Capsule can serve provisioning templates to hosts.
- OpenSCAP
- Capsule can perform security compliance scans on hosts.
- Remote Execution (REX)
- Capsule can run remote job execution on hosts.
You can configure a Capsule Server for a specific limited purpose by enabling only selected features on that Capsule. Common configurations include the following:
- Infrastructure Capsules: DNS + DHCP + TFTP
- Capsules with these services provide infrastructure services for hosts and have all necessary services for provisioning new hosts.
- Content Capsules: Pulp
- Capsules with this service provide content synchronized from Satellite Server to hosts.
- Configuration Capsules: Pulp + Puppet + PuppetCA
- Capsules with these services provide content and run configuration services for hosts.
- Capsules with DNS + DHCP + TFTP + Pulp + Puppet + PuppetCA
- Capsules with these services provide a full set of Capsule features. By configuring a Capsule with all these features, you can isolate hosts assigned to that Capsule by providing a single point of connection for the hosts.
4.7. Capsule networking
The communication between Satellite Server and hosts registered to a Capsule Server is routed through that Capsule Server. Capsule Server also provides Satellite services to hosts.
Many of the services that Capsule Server manages use dedicated network ports. However, Capsule Server ensures that all communications from the host to Satellite Server use a single source IP address, which simplifies firewall administration.
Satellite topology with hosts connecting to a Capsule
In this topology, Capsule provides a single endpoint for all host network communications so that in remote network segments, only firewall ports to the Capsule itself must be open.
Figure 4.1. How Satellite components interact when hosts connect to a Capsule
Satellite topology with hosts connecting directly to Satellite Server
In this topology, hosts connect to Satellite Server rather than a Capsule. This applies also to Capsules themselves because the Capsule Server is a host of Satellite Server.
Figure 4.2. How Satellite components interact when hosts connect directly to Satellite Server
Additional resources
You can find complete instructions for configuring the host-based firewall to open the required ports in the following documents:
- Ports and Firewalls Requirements in Installing Satellite Server in a connected network environment
- Ports and Firewalls Requirements in Installing Satellite Server in a disconnected network environment
- Ports and Firewalls Requirements in Installing Capsule Server
4.8. Additional resources
- See Installing Capsule Server for details on Capsule Server requirements, installation, and scalability considerations.
- See Configuring Capsules with a load balancer for details on distributing load among Capsule Servers.