Chapter 3. Configuring Capsule Servers with default SSL certificates for load balancing


You can configure one or more Capsule Servers that use default SSL certificates for load balancing.

If you use Puppet in your Satellite deployment, the configuration steps are different. See Chapter 5, Configuring Capsule Servers with default SSL certificates for load balancing (with Puppet).

3.1. Prerequisites

3.2. Configuring Capsule Server with default SSL certificates for load balancing without Puppet

On each Capsule Server that you want to configure for load balancing, install Katello certificates.

Procedure

  1. On Satellite Server, generate Katello certificates for Capsule Server:

    # capsule-certs-generate \
    --certs-tar "/root/capsule.example.com-certs.tar" \
    --foreman-proxy-cname loadbalancer.example.com \
    --foreman-proxy-fqdn capsule.example.com

    Retain a copy of the example satellite-installer command that is output by the capsule-certs-generate command for installing Capsule Server certificate.

  2. Copy the certificate archive file from Satellite Server to Capsule Server.

    # scp /root/capsule.example.com-certs.tar root@capsule.example.com:/root/capsule.example.com-certs.tar
  3. Append the following options to the satellite-installer command that you obtain from the output of the capsule-certs-generate command:

    --certs-cname "loadbalancer.example.com" \
    --enable-foreman-proxy-plugin-remote-execution-script
  4. On Capsule Server, enter the satellite-installer command:

    # satellite-installer --scenario capsule \
    --certs-cname "loadbalancer.example.com" \
    --certs-tar-file "capsule.example.com-certs.tar" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-foreman-base-url "https://satellite.example.com" \
    --foreman-proxy-oauth-consumer-key "oauth key" \
    --foreman-proxy-oauth-consumer-secret "oauth secret" \
    --foreman-proxy-register-in-foreman "true" \
    --foreman-proxy-trusted-hosts "satellite.example.com" \
    --foreman-proxy-trusted-hosts "capsule.example.com"
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.