9.3. Configuring Provisioning Settings
9.3.1. Domains
Procedure 9.6. To Create a Domain:
- Click
. - Click Domain tab, specify the following settings:. On the
- Specify a Name for the Domain. This is the required DNS domain name.
- Type a Description for the Domain.
- Select a DNS-enabled Capsule Server.
- On the Parameters tab, specify domain parameters.
- On the Locations tab, select locations for the domain.
- On the Organizations tab, select organizations for the domain.
Important
Ensure that the Locations and Organizations are configured as they will help with future debugging. - Click.
9.3.2. Subnets
9.3.2.1. Creating a Subnet
Procedure 9.7. To Create a Subnet:
- Click
. - Click New Subnet. On the Subnet tab, specify the following settings:
- Specify a Name, Network address (IP address), and Network mask for the subnet. These settings are required.
- Optionally, specify the Gateway address, Primary DNS server, Secondary DNS server, and VLAN ID. Note that the gateway address and DNS server settings are optional only with IPAM and Boot modes set to DHCP (default). If you decide to change these default modes, you also have to specify gateway and DNS.You can also select the IPAM mode (DHCP, Internal DB, or None) and define the IP assignment range with the Start of IP range and End of IP range fields.
- Select the default Boot mode for the subnet (DHCP or Static).
- On the Domains tab, select the applicable domains for the subnet.
- On the Capsules tab, select the Capsule Servers to be used for hosting the DHCP Proxy, TFTP Proxy, DNS Proxy, and Discovery Proxy services.
- On the Locations tab, select locations for the subnet.
- On the Organizations tab, select organizations for the subnet.
Important
Ensure that the Locations and Organizations are configured as they will help with future debugging. - Click.
9.3.3. Architectures
Procedure 9.8. To Create an Architecture:
- Click
and then click New Architecture. - Specify a Name for the architecture.
- Select any Operating Systems that include this architecture. If none are available, you can create and assign them under
. - Click.
9.3.4. Compute Resources
Procedure 9.9. To Add a Compute Resource:
- Navigate to
. - Click New Compute Resource. On the Compute Resource tab, specify the following settings:
- Specify a Name and a Provider type for the Compute Resource. Optionally, insert a Description.
- Depending on the provider type chosen, the next few fields ask for authentication and datacenter details. Refer to the following table for more information about each provider type.
Table 9.2. Provider Settings TypeDescriptionRHEVSuits Red Hat Enterprise Virtualization environments. Requires the URL of the Manager API, a valid Username and Password, and a Datacenter on the system to abstract compute resources. Click Load Datacenters to populate the drop-down menu. Optionally, you can specify a Quota ID and provide one or more certificate authorities in the X509 Certification Authorities field.LibvirtSuits Libvirt-based environments. Requires the URL of the virtual machine. Select the Display type. Click to test if the virtual machine is available. Select Console passwords to set a randomly generated password on the display connection.VMwareSuits VMware-based environments. Requires the host name of the VCenter/Server, a valid VMware Username and Password, and a Datacenter to abstract compute resources. Click Load Datacenters to populate the drop-down menu. You can specify a certificate Fingerprint and select Console passwords to set a randomly generated password on the display connection.RHEL OpenStack PlatformSuits OpenStack-based environments. Requires the URL of the OpenStack server, a valid OpenStack Username and Password, and a Tenant to abstract compute resources. Click Load Tenants to populate the drop-down menu.RackspaceSuits Rackspace public cloud accounts. Requires the URL of the Rackspace API, a valid Rackspace Username and API Key, and a Region to abstract compute resources. Click to make sure your connection to the chosen region is valid.EC2Suits Amazon EC2 public cloud accounts. Requires the Access Key and Secret Key available from any valid Amazon EC2 account. Requires a Region to act as a Datacenter for resource abstraction. Click to populate the selection drop-down menu.GoogleSuits Google Compute Engine public cloud accounts. Requires the Google Project ID, a valid Client Email and a Certificate path to the p12 file. You can also specify a Zone to abstract compute resources. Click to populate the drop-down menu.DockerSuits container registries. Requires the URL of the internal or external compute resource. Optionally, specify a Username, Password, and a contact Email. Click to test if the connection is available.
- On the Locations tab, select desired locations to add them to the Selected Items list.
- On the Organizations tab, select the desired organizations to add them to the Selected Items list.
Important
Ensure that the Locations and Organizations are configured as they will help with future debugging. - Click.
9.3.5. Configuring Libvirt as a Compute Resource
# yum install qemu-kvm libvirt virt-manager
- If the web UI browser is running on separate system to
virt-manager
, proceed to Procedure 9.11, “To Configure SSH Access to Libvirt:”. - If the web UI browser is running on the same system as
virt-manager
, complete the following procedure to add a Libvirt compute resource.
Procedure 9.10. To Add a Libvirt Compute Resource:
- Navigate to
. - Click New Compute Resource. On the Compute Resource tab, specify the following settings:
- Specify a Name and from the Provider drop-down menu, select Libvirt as the type for the Compute Resource. Optionally, insert a Description.
- In thefield, enter a string as follows:
qemu:///system
- From thedrop-down menu, select .
- Optionally select thecheck box if this compute resource will only be used for new Libvirt guests. This option cannot be used together with previously configured Libvirt guests.
- Click. If the connection is successful the button turns green.
- Clickto save the configuration.
- Select thetab. Previously configured Libvirt guests will be shown.
Procedure 9.11. To Configure SSH Access to Libvirt:
- Ensure the SSH file permissions and SELinux context for the
foreman
user are correct:#
ls -Zd /usr/share/foreman/.ssh
drwx------. foreman foreman system_u:object_r:ssh_home_t:s0 /usr/share/foreman/.ssh - Create SSH keys for the
foreman
user:#
su - foreman -s /bin/bash
-bash-4.2$ssh-keygen
Generating public/private rsa key pair. Enter file in which to save the key (/usr/share/foreman/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /usr/share/foreman/.ssh/id_rsa. Your public key has been saved in /usr/share/foreman/.ssh/id_rsa.pub. The key fingerprint is: 07:47:a9:23:d2:fe:2f:07:fb:55:75:46:3e:8e:6e:69 foreman@satellite.example.com The key's randomart image is: +--[ RSA 2048]----+ | .. .| | .. o | | . ... .=| | . o oo ooo| | o .S.. ... | | . .. ... | | . o .E | | + ..o | | =o | +-----------------+ - Copy the
SSH
public key to the remote hypervisor system. For example, if your Libvirt host is kvm.example.com:-bash-4.2$
ssh-copy-id root@kvm.example.com
The authenticity of host 'kvm.example.com (192.168.1.2)' can't be established. ECDSA key fingerprint is 78:79:41:d0:b8:40:d5:4a:6d:7f:22:03:bd:cd:a0:dd. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys foreman@192.168.1.2's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@kvm.example.com'" and check to make sure that only the key(s) you wanted were added. - Make an
SSH
connection to the remote system to confirm that no password prompt appears:-bash-4.2$
ssh root@kvm.example.com
You should not be prompted for the password. The public key can be found in the.ssh/authorized_keys
file on the remote system. Exit after successfully logging in and checking the keys:-bash-4.2$
exit
- In the web UI, navigate to
and click . - In thefield enter a suitable name.
- From thedrop-down menu, select .
- In thefield, enter a string in the following format:
qemu+ssh://root@kvm.example.com/system
Where kvm.example.com is the FQDN of your Libvirt host. - From thedrop-down menu, select .
- Optionally select thecheck box if this compute resource will only be used for new Libvirt guests. This option cannot be used together with previously configured Libvirt guests.
- Click. If the connection is successful the button turns green.
- Clickto save the configuration.
- Select thetab. Previously configured Libvirt guests will be shown.
Procedure 9.12. To Configure the noVNC Console:
Prerequisites:
- SSH keys must be configured for the
foreman
user on the Satellite Server's base system (as explained previously). - Existing Libvirt guests must be configured to use VNC server as the display type, the port settings set to
Auto
, and no VNC password selected.
- On the hypervisor host system, configure the firewall to allow
VNC
service on ports5900 to 5930
:- On Red Hat Enterprise Linux 6:
#
iptables -A INPUT -p tcp --dport 5900:5930 -j ACCEPT
#service iptables save
- On Red Hat Enterprise Linux 7:
#
firewall-cmd --add-port=5900-5930/tcp
#firewall-cmd --add-port=5900-5930/tcp --permanent
- In the browser used for the web UI, trust the Satellite Server certificate as follows:
- Visit the public downloads page of the Satellite Server, for example
https://satellite.example.com/pub/
, and click the certificate filekatello-server-ca.crt
. - Select to trust the certificate for identifying websites.
- In the browser used for the web UI, disable HTTP strict transport security (HSTS). HSTS is described in RFC 6797. For example, in Firefox, enter
About:Config
in the browser address bar and set the following boolean toTrue
:network.websocket.allowInsecureFromHTTPS
- Ensure you are using the FQDN in the browser for the web UI. NoVNC will not work if the domain name in the URL does not match the CN value in the certificate, which should be the same as the FQDN. Use a command as follows to check the CN value:
#
openssl x509 -text -noout -in /etc/pki/katello/certs/katello-apache.crt | grep CN
Issuer: C=US, ST=North Carolina, L=Raleigh, O=Katello, OU=SomeOrgUnit, CN=satellite.example.com Subject: C=US, ST=North Carolina, O=Katello, OU=SomeOrgUnit, CN=satellite.example.com output truncated - Navigate to+ . Select the name of a Libvirt resource. On the tab, select the name of a Libvirt guest. Ensure the machine is powered on and then select . The console window appears after the noVNC handshake completes.
9.3.6. Hardware Models
Procedure 9.13. To Create a Hardware Model:
- Click
. - Click.
- Specify a Name for the Hardware Model.
- For SPARC builds, insert the CPU Hardware model and Vendor class. Other architectures do not require values in these fields.
- Type a description of the Hardware Model in the Information field.
- Click.
9.3.7. Installation Media
Procedure 9.14. To Add an Installation Medium:
- Click
. - Click New Medium. On the Medium tab, specify the following settings:
- Type a Name for the Installation Media. This setting is required.
- Type a Path to the Installation Medium. Options include either a URL or a valid NFS server. This setting is required.
- Select an Operating System Family to define the type of the Installation Medium.
- On the Locations tab, select the desired locations to add them to the Selected Items list.
- On the Organizations tab, select the desired organizations to add them to the Selected Items list.
Important
Ensure that the Locations and Organizations are configured as they will help with future debugging. - Click.
9.3.8. Partition Tables
Procedure 9.15. To Create a Partition Table:
- Click
. - Click.
- Type a Name for the partition table.
- Optionally select Default. This check box defines if the partition is automatically associated with new organizations or locations.
- Optionally select Snippet. This check box defines if the partition is a reusable snippet for other partition table layouts.
- Select the operating system from the Operating system family drop-down list.
- Specify the Layout of the partition table. You can enter the layout in the text area under Template editor or click Choose File to upload a template file.
Note
The format of the layout must match that for the intended operating system. For example, Red Hat Enterprise Linux 7.2 requires a layout that matches a kickstart file. - Use the Audit Comment field to add a summary of changes to the partition layout.
- Click.
9.3.9. Provisioning Templates
Procedure 9.16. To Create a Provisioning Template:
- Click
. - Click New Template. On the Provisioning Template tab, specify the following settings:
- Specify a Name for the template.
- Insert your template in the Template editor field. Alternatively, click to upload the template. This replaces the content in the Template editor field with the content of your chosen file.
- Optionally, type a comment in the Audit Comment field. Satellite adds the comment to the template history to track changes. View the template history under the History tab.
- On the Type tab, select Snippet to store the template code without defining it as particular script or template type, or select the type from the Type drop-down menu.
- On the Association tab, select host groups, environments and operating systems to be associated with the template. Select the operating systems from the Applicable Operating Systems list. Click and select a Hostgroup and Environment to limit the template's use. Note that associations are not available for templates of type snippet.
- On the Association tab, you can view the history of existing templates. No history is available when creating a new template.
- On the Locations tab, select locations for the template.
- On the Organizations tab, select organizations for the template.
Important
Ensure that the Locations and Organizations are configured as they will help with future debugging. - Click.
9.3.10. Configuring gPXE to Reduce Provisioning Times
HTTP
to reduce download time. To make use of gPXE, proceed as follows:
- On systems configured to be a
TFTP
server, copy/usr/share/syslinux/gpxelinuxk.0
to/var/lib/tftpboot
. - In the
PXE Handoff
section of/etc/dhcp/dhcpd.conf
, change theDHCP
filename
option frompxelinux.0
togpxelinuxk.0
. - Create provisioning templates as follows and then assign them, together with the default template, to the operating systems.
Procedure 9.17. To Configure a gPXE Provisioning Template:
- Click
. - Find the templateand select .
- Enter a name, for example,
Kickstart default gPXELinux
. - In the Template editor, search and replace
@initrd
with@host.url_for_boot(:initrd)
- In the Template editor, search and replace
@kernel
with@host.url_for_boot(:kernel)
- Select thetab. From the drop-down menu, select .
- On the Association tab, select host groups, environments and operating systems to be associated with the template. Select the operating systems from the Applicable Operating Systems list. Click and select a Hostgroup and Environment to limit the template's use.
- Click.
9.3.11. Operating Systems
RedHat
family. Families allow Satellite to change certain behaviors when provisioning hosts.
Procedure 9.18. To Add an Operating System:
- Click
. - Click New Operating system. On the Operating System tab, specify the following settings:
- Type the Name of the Operating System and its Major Version. These settings are required.
- Optionally, define the Minor Version, select the OS Family, and add a Description of the operating system.
- Select a Root password hash (MD5, SHA256, of SHA512).
- Select the Architectures from the list of available Architectures. If none are available, create and assign them under
as described in Section 9.3.3, “Architectures”.
- On the Partition tables tab, select the applicable file system layouts from the list. For more information on creating partition tables, see Section 9.3.8, “Partition Tables”.
- On the Installation Media tab, select the applicable installation media from the list. For more information on adding installation media, see Section 9.3.7, “Installation Media”.
- On the Templates tab, you can assign provisioning templates when editing an existing operating system. This option is not available when creating a new operating system. For more information on creating provisioning templates, see Section 9.3.9, “Provisioning Templates”.
- On the Parameters tab, you can add parameters for the operating system.
- Click.