Chapter 2. Creating Organizations
Organizations divide Red Hat Satellite 6 resources into logical groups based on ownership, purpose, content, security level, or other divisions. You can create and manage multiple organizations through Red Hat Satellite 6, then divide and assign your Red Hat subscriptions to each individual organization. This provides a method of managing the content of several individual organizations under one management system. Here are some examples of organization management:
- Single Organization
- A small business with a simple system administration chain. In this case, we create a single organization for the business and assign content to it.
- Multiple Organizations
- A large company that owns several smaller business units. For example, a company with separate system administration and software development groups. In this case, we create organizations for the company and each of the business units it owns. This keeps the system infrastructure for each separate. We then assign content to each organization based on their needs.
- External Organizations
- A company that manages external systems for other organizations. For example, a company offering cloud computing and web hosting resources to customers. In this case, we might create an organization for the company’s own system infrastructure and then an organization for each external business. We then assign content to each organization where necessary.
For our scenario, ACME acts as a single entity organization so the aim is to create and manage the organization for it. A default installation of Red Hat Satellite 6 provides a default organization called Default_Organization. However, this scenario steps through the creation and configuration of a custom organization for ACME.
If a new user is not assigned a default organization their access is limited. To grant systems rights to users, assign them to a default organization and have them log out and log back in again.
2.1. Creating an Organization
For Web UI Users
Navigate to Administer > Organizations. This displays the list of organizations that your Satellite Server currently manages.
Click New Organization.
A creation wizard appears with three sections:
- Create Organization
Provide the base details for the organization. This includes:
-
Name - A plain text name for the organization. For our scenario, use
ACME
. -
Label - A unique identifier for the organization. This is used for creating and mapping certain assets, such as directories for content storage. Use letters, numbers, underscores, and dashes, but no spaces. For our scenario, use
ACME
too. -
Description - An optional plain text description for our organization. For our scenario, use
Our example organization
.
-
Name - A plain text name for the organization. For our scenario, use
- Select Hosts
- All hosts must have an organization. However, in some circumstances, hosts might become orphaned. For example, deleting an old organization might orphan its hosts. In these situations, you can assign orphaned hosts to your newly created organization if necessary. Select Assign All to assign all orphaned hosts or Manually Assign to select which orphaned hosts to assign. In our scenario for ACME, no orphaned hosts exist yet, so click Proceed to Edit to move to the Edit Properties section.
- Edit Properties
- This section allows us to assign certain infrastructure resources to our organization. This includes networking resources, installation media, kickstart templates, and other parameters. You can return to this screen at any time by navigating to Administer > Organization and then selecting an organization to edit. In terms of our scenario, no further configuration is required. However, we return to this section later in this guide after we synchronize a kickstart tree.
After completing your organization creation, click Submit.
For CLI Users
# hammer organization create \ --name "ACME" \ --label "ACME" \ --description "Our example organization for managing content."
This creates your first organization.
2.2. Setting the Context
Before managing content in Red Hat Satellite 6, we must set the context. A context defines which organization to use for our content.
For Web UI Users
The Context menu is in the top-left corner of the screen. If you have not selected a context, the menu says "Any Context". Hover over this menu, then select ACME for the Organization selector. This changes the context to our ACME organization.
For CLI Users
If using the CLI, ensure to include either --organization "ACME"
or --organization-label "ACME"
as an option. For example:
# hammer subscription list --organization "ACME"
This sets the context for each interaction through the CLI.
2.3. Creating an Organization Debug Certificate
To Create a New Organization Debug Certificate:
- Navigate to Administer > Organizations.
- Select an organization for which you want to generate a debug certificate.
- Click Generate and Download. This generates a debug certificate.
- Save the certificate file in a secure location.
Debug Certificates are automatically generated for provisioning template downloads if they do not already exist in the organization for which they are being downloaded.
2.4. Using an Organization Debug Certificate
You can view an organization’s repository content using a browser or using the API if you have a debug certificate for that organization. The previous section describes creating and downloading the certificate which is in the X.509 format. To use a browser you must first convert the X.509 certificate to a format your browser supports and then import the certificate. The curl
utility only requires extracting the certificate and key into separate files.
To Use an Organization Debug Certificate in Firefox.
- Create and download an organization certificate as described in Section 2.3, “Creating an Organization Debug Certificate”.
Open the X.509 certificate, for example, for the default organization:
$ vi 'Default Organization-key-cert.pem'
-
Copy the contents of the file from:
-----BEGIN RSA PRIVATE KEY-----
to-----END RSA PRIVATE KEY-----
inclusive, into a file calledkey.pem
. -
Copy the contents of the file from
-----BEGIN CERTIFICATE-----
to-----END CERTIFICATE-----
inclusive, into a file calledcert.pem
. Enter a command as follows to create a PKCS12 format certificate and enter a password or phrase when prompted:
$ openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in cert.pem -inkey key.pem -out organization_label.pfx -name organization_name Enter Export Password: Verifying - Enter Export Password:
-
Using the preferences tab, import the resulting
pfx
file into your browser: Navigate to Edit > Preferences > Advanced Tab. Select View Certificates in the Certificates view to open the Certificate Manager. On the Your Certificates tab, click Import and select thepfx
file to load. You are prompted for the password or phrase used when making the certificate. Enter a URL in the following format into your browser’s address bar to begin browsing for repositories:
http://satellite.example.com/pulp/repos/organization_label
Pulp uses the organization label so the URL must use the organization label too.
To Use an Organization Debug Certificate with Curl:
- Create and download an organization certificate as described in Section 2.3, “Creating an Organization Debug Certificate”
Open the X.509 certificate, for example, for the default organization:
$ vi 'Default Organization-key-cert.pem'
-
Copy the contents of the file from:
-----BEGIN RSA PRIVATE KEY-----
to-----END RSA PRIVATE KEY-----
inclusive, into a file calledkey.pem
. -
Copy the contents of the file from
-----BEGIN CERTIFICATE-----
to-----END CERTIFICATE-----
inclusive, into a file calledcert.pem
. - Find a valid URL for a repository. You can use the browsing method described in the previous procedure or use the web UI. For example, using the web UI, navigate to Content > Products and select a Product by name. On the Repositories tab, select a repository by name and look for the Published At entry.
To use
curl
to access a repository, enter the following command:$ curl -k --cert cert.pem --key key.pem http://satellite.example.com/pulp/repos/Default_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/sat-tools/6.3/os/
Ensure the paths to
cert.pem
andkey.pem
are the correct absolute paths otherwise the command fails silently.
2.5. Removing an Organization
To Remove an Organization:
You can delete an organization if the organization is not associated with any life cycle environments or host groups. If there are any life cycle environments or host groups associated with the organization you are about to delete, remove them by going to Organizations and clicking the relevant tabs. It is not recommended to delete the default organization created during installation because the default organization is a placeholder for any unassociated hosts in the Satellite environment. There must be at least one organization in the environment in any given time.
- Navigate to Administer > Organizations.
- Select Delete from the list to the right of the name of the organization you want to remove.
An alert box appears:
Delete Organization?
- Click OK to delete the organization.
2.6. Chapter Summary
This chapter showed how to create new organizations, create organization debug certificates, remove organizations, and set an organization as our context for content management.
The next chapter explores how Red Hat Satellite 6 imports your subscriptions into your organization. After the subscriptions are imported, so you can start managing Red Hat content.