Chapter 2. Managing Hosts
This chapter describes creating, registering, managing, and removing hosts. This includes changing the group, and environment of a host, configuring an additional network interface, assigning the host to a specific organization, and location.
2.1. Browsing Hosts
The Satellite Server web UI provides an opportunity to browse all hosts recognized by the Satellite Server. Navigate to Hosts tab at the top of the screen to open the drop-down menu with the following items:
- All Hosts - a list of all hosts recognized by the Satellite Server.
- Discovered Hosts - a list of bare-metal hosts detected on the provisioning network by the Discovery plug-in.
- Content Hosts - a list of hosts which manage tasks related to content and subscriptions.
- Host Collections - a list of user-defined collections of hosts used for bulk actions such as Errata Installation.
To search for a host, type in the Search field, and use an asterisk (*) to perform a partial string search. For example, if searching for a content host named dev-node.example.com
, click the Content Hosts page, type dev-node*
in the Search field. Alternatively, *node*
will also find the content host dev-node.example.com.
Satellite Server will be listed as a host itself even if it is not self-registered. Do not delete the Satellite Server from the list of hosts.
2.2. Host Status Types
Each host recognized by the Satellite Server is assigned a status type in accordance with the most recent action performed on or upcoming changes to be applied to that host. Navigate to Hosts
Icon | Status | Description |
---|---|---|
| Error | An error has been detected on the host. If you hover the mouse over the error icon, a tooltip showing the actual reason of the error will appear. You can see a more detailed report of issues by clicking on the host. |
| Warning | The host has been configured, but no reports have been collected for that host over the last reporting interval. |
| OK | There are no pending actions on the host, no pending changes, and no errors over the last reporting interval. |
2.3. Host Overview
The host overview page displays information about a given host and the connection between the host and the installer. To view the host overview page, select Hosts
Details
The details bar contains a row of buttons that provide shortcuts to more information about the host, and tabs that display summaries of important details and events.
- Audits: a page containing audit entries for the current host.
- Facts: a page containing a list of facts for the current host. This button is only available after the installer has collected facts from the host.
- Reports: a page containing a list of reports for the current host. This button is only available after the installer has collected reports from the host.
- YAML: a page containing details about the host in YAML format, such as its IP address, MAC address, name, and values of parameters that have been applied to the host.
- Properties: a list of general details about the host, such as its IP address, MAC address, and the operating system entry that has been applied to the host.
- Metrics: a table showing a summary of all events reported for the host.
- Templates: a list of all provisioning templates currently accessible by the host. The provisioning templates include in this list are automatically configured in accordance with the operating system entry applied to the host.
- NICs: a table showing detailed information on NICs configured for the host.
Host Actions
Click each of these buttons to perform common actions on the host.
- Schedule Remote Job: allows running jobs on the host. For more information on running jobs see Chapter 4, Running Jobs on Hosts.
- Boot disk: a menu that allows you to select the boot disk for the host. For more information on creating a boot ISO for a host see Creating New Hosts with PXE-less Provisioning in the Red Hat Satellite Provisioning Guide.
- Edit: opens the host details page which allows you to configure settings for the host. Note that the installer configures all the settings automatically and normally no manual configurations are required.
- Build: flags the host to be provisioned on the next host boot. Note that the installer manages all aspects of the provisioning process and normally there is no need to provision hosts manually.
- Delete: deletes the host from the user interface.
Host Graphs
The host overview page contains two graphs that display the status of recent Puppet runs executed on the host.
- Runtime: tracks two data points: Config Retrieval and Runtime. The Config Retrieval data point represents the amount of time taken to collect information about the host during a given Puppet run, and the Runtime data point represents the amount of time required to execute the Puppet run. Both data points are measured in seconds.
- Resources: tracks the number of actions performed on the host during a Puppet run. The categories displayed in this graph are identical to those displayed in the Reports page, and are measured using the number of actions in each category.
2.4. Creating a Host
The following procedure describes how to create a host in Red Hat Satellite.
To Create a Host:
- Click Hosts > Create Host.
- On the Host tab, enter the required details.
- Click the Ansible Roles tab, and from the Ansible Roles list, select one or more roles that you want to add to the host. Use the arrow icon to manage the roles that you add or remove.
- On the Puppet Classes tab, select the Puppet classes you want to include.
On the Interfaces tab:
For each interface, click Edit in the Actions column and configure the following settings as required:
- Type — For a Bond or BMC interface, use the Type list and select the interface type.
- MAC address — Enter the MAC address.
- DNS name — Enter the DNS name that is known to the DNS server. This is used for the host part of the FQDN.
- Domain — Select the domain name of the provisioning network. This automatically updates the Subnet list with a selection of suitable subnets.
- IPv4 Subnet — Select an IPv4 subnet for the host from the list.
- IPv6 Subnet — Select an IPv6 subnet for the host from the list.
- IPv4 address — If IP address management (IPAM) is enabled for the subnet, the IP address is automatically suggested. Alternatively, you can enter an address. The address can be omitted if provisioning tokens are enabled, if the domain does not mange DNS, if the subnet does not manage reverse DNS, or if the subnet does not manage DHCP reservations.
- IPv6 address — If IP address management (IPAM) is enabled for the subnet, the IP address is automatically suggested. Alternatively, you can enter an address.
- Managed — Select this check box to configure the interface during provisioning to use the Capsule provided DHCP and DNS services.
- Primary — Select this check box to use the DNS name from this interface as the host portion of the FQDN.
-
Provision — Select this check box to use this interface for provisioning. This means TFTP boot will take place using this interface, or in case of image based provisioning, the script to complete the provisioning will be executed through this interface. Note that many provisioning tasks, such as downloading RPMs by anaconda, Puppet setup in a
%post
script, will use the primary interface. Virtual NIC — Select this check box if this interface is not a physical device. This setting has two options:
- Tag — Optionally set a VLAN tag. If unset, the tag will be the VLAN ID of the subnet.
- Attached to — Enter the device name of the interface this virtual interface is attached to.
- Click OK to save the interface configuration.
- Optionally, click Add Interface to include an additional network interface. See Section 2.16, “Configuring an Additional Network Interface” for details.
- Press Submit to apply the changes and exit.
- On the Operating System tab, enter the required details. For Red Hat operating systems, select Synced Content for Media Selection. If you want to use non Red Hat operating systems, select All Media, then select the installation media from the Media Selection list. You can select a partition table from the drop-down list or enter a custom partition table in the Custom partition table field. You cannot specify both.
- On the Parameters tab, click Add Parameter to add any parameter variables that you want to pass to job templates at run time. This includes all Puppet Class, Ansible playbook parameters and host parameters that you want to associate with the host. To use a parameter variable with an Ansible job template, you must add a Host Parameter.
- On the Additional Information tab, enter additional information about the host.
- Click Submit to complete your provisioning request.
2.5. Assigning Ansible Roles to Existing Hosts
You can use Ansible roles for remote management of Red Hat Enterprise Linux version 6.9 or later.
Before you can assign Ansible roles to hosts in Satellite, ensure that you import the roles to Satellite. For more information, see Adding Red Hat Enterprise Linux System Roles in the Administering Red Hat Satellite.
If you have a host that you want to add or modify Ansible roles for that host, complete the following procedure:
- In the Satellite web UI, navigate to Hosts > All Hosts, and on the host that you want to add an Ansible role to, click Edit.
- Select the Ansible Roles tab, and in the All items list, search for the roles that you want to add.
- Select the roles that you want to add, and click the arrow icon to move the roles to the Selected items list.
- Click Submit to save your changes.
When you assign Ansible roles to hosts, you can then use Ansible for remote execution. For more information, see Section 4.1, “Establishing a Secure Connection for Remote Commands”.
Overiding Parameter Variables
On the Parameters tab, click Add Parameter to add any parameter variables that you want to pass to job templates at run time. This includes all Ansible playbook parameters and host parameters that you want to associate with the host. To use a parameter variable with an Ansible job template, you must add a Host Parameter.
2.6. Running Ansible Roles on a Host
Before you begin, you must import Ansible roles in Satellite and assign the roles to your hosts. For more information, see Section 2.5, “Assigning Ansible Roles to Existing Hosts”.
To Run an Ansible Role:
- In the Satellite web UI, navigate to Hosts > All Hosts, and select the check box of the host that contains the Ansible role you want to run.
- From the Select Actions list, select Play Ansible roles.
On the Run Ansible Roles page, you can view the status of your Ansible job. To rerun a job, click the Rerun button.
2.7. Registration
This section shows you how to register hosts to Satellite Server or Capsule Server. There are two main methods for registering a host:
- Download and install the consumer RPM (server.example.com/pub/katello-ca-consumer-latest.noarch.rpm) and then run subscription manager. This method is suited for freshly installed hosts. See ] and xref:sect-Red_Hat_Satellite-Managing_Hosts-Registration-Registering_a_Host[ for more information.
- Download and run the bootstrap script (server.example.com/pub/bootstrap.py). This method is suited for both freshly installed hosts and hosts that have been previously registered, for example, to Satellite 5 or another Satellite 6. See Section 2.7.7, “Registering Hosts to Satellite 6 Using The Bootstrap Script” for more information.
Hosts registered to the Satellite Server via Red Hat Subscription Manager, which can occur either during the post phase of a kickstart or through the terminal, will appear on the Content Hosts page accessible through Hosts > Content Hosts. Hosts provisioned by Satellite Server appear on the Hosts page accessible through Hosts > All hosts.
2.7.1. Configuring a Host for Registration
Red Hat Enterprise Linux hosts register to the Customer Portal Subscription Management by default. You must update each host configuration so that they receive updates from the correct Satellite Server or Capsule Server.
Supported Host Operating Systems
Hosts must use the following Red Hat Enterprise Linux version:
- 5.7 or later
- 6.1 or later*
- 7.0 or later
Red Hat Enterprise Linux versions 6.1, 6.2 and 6.3 GA require subscription-manager
and related packages to be updated manually. For more information, see https://access.redhat.com/solutions/1256763
Supported Architectures
All architectures of Red Hat Enterprise Linux are supported:
- i386
- x86_64
- s390x
- ppc_64
Prerequisites
- Ensure that the Satellite Servers, any Capsule Servers, and all hosts are synchronized with the same NTP server.
Ensure that a time synchronization tool is enabled and running on the Satellite Servers, any Capsule Servers, and the hosts.
For Red Hat Enterprise Linux 6:
# chkconfig ntpd on; service ntpd start
For Red Hat Enterprise Linux 7:
# systemctl start chronyd; systemctl enable chronyd
Ensure that the daemon rhsmcertd is running on the hosts.
For Red Hat Enterprise Linux 6:
# service rhsmcertd start
For Red Hat Enterprise Linux 7:
# systemctl start rhsmcertd
The following procedure shows how to configure your host to register to Red Hat Satellite.
To Configure a Host for Registration:
- Take note of the fully qualified domain name (FQDN) of the Satellite Server or Capsule Server, for example server.example.com.
- In a terminal, connect to the host as the root user.
Install the consumer RPM from the Satellite Server or Capsule Server to which the host is to be registered. The consumer RPM updates the content source location of the host and allows the host to download content from the content source specified in Red Hat Satellite.
# rpm -Uvh http://server.example.com/pub/katello-ca-consumer-latest.noarch.rpm
NoteThe RPM package is not signed, if required, you can add the
--nosignature
option to install the package. Thekatello-ca-consumer-hostname-1.0-1.noarch.rpm
is an additional katello-ca-consumer RPM available that contains the server’s host name. Thekatello-ca-consumer-latest.noarch.rpm
rpm will always reflect the most recent version. Both serve the same purpose.
2.7.2. Registering a Host
Prerequisites
- Complete all steps in Section 2.7.1, “Configuring a Host for Registration”.
- Ensure that an activation key associated with the appropriate Content View and environment exists for the host. If not, see Managing Activation Keys in the Content Management Guide for more information. By default, an activation key has the auto-attach function enabled. The feature is commonly used with hosts used as hypervisors.
-
Ensure that the version of the
subscription-manager
utility installed is 1.10 or later. The package is available in the standard Red Hat Enterprise Linux repository.
To Register Hosts:
- In a terminal, connect to the host as the root user.
Clear any old host data related to Red Hat Subscription Manager (RHSM):
# subscription-manager clean
Register the host using RHSM:
# subscription-manager register --org=your_org_name \ --activationkey=your_activation_key
Example 2.1. Command Output after Registration:
# subscription-manager register --org=MyOrg --activationkey=TestKey-1 The system has been registered with id: 62edc0f8-855b-4184-b1b8-72a9dc793b96
You can use the --environment
option to override the Content View and life cycle environment defined by the activation key. For example, to register a host to the Content View "MyView" in a "Development" life cycle environment:
# subscription-manager register --org=your_org_name \ --environment=Development/MyView \ --activationkey=your_activation_key
For Red Hat Enterprise Linux 6.3 hosts, the release version defaults to Red Hat Enterprise Linux 6 Server and needs to be pointed to the 6.3 repository.
To Point Red Hat Enterprise Linux 6.3 to the Repository:
- On Red Hat Satellite, select Hosts > Content Hosts.
- Click the name of the host that needs to be changed.
- In the Content Host Content section click the edit icon to the right of Release Version.
- Select "6.3" from the Release Version drop-down menu.
- Click Save.
2.7.3. Registering an Atomic Host
Use the following procedure to register an Atomic Host with Subscription Manager.
Retrieve
katello-rhsm-consumer
from Satellite server:[root@atomic_client ~]# wget http://satellite.example.com/pub/katello-rhsm-consumer
Change the mode of
katello-rhsm-consumer
in order to make it executable:[root@atomic_client ~]# chmod +x katello-rhsm-consumer
Run
katello-rhsm-consumer
:[root@atomic_client ~]# ./katello-rhsm-consumer
Register with
Red Hat Subscription Manager
:[root@atomic_client ~]# subscription-manager register
Because Atomic is functionally an appliance, do not install katello-agent
on it.
2.7.4. Installing the Katello Agent
The following procedure shows how to install the Katello agent on a host registered to Satellite 6. The katello-agent
package depends on the gofer
package that provides the goferd service. This service must be enabled so that the Red Hat Satellite Server or Capsule Server can provide information about errata that are applicable for content hosts.
Note that yum
is the only package management command that will update Satellite by triggering a Katello package upload. Avoid using rpm
commands to install or update packages.
Prerequisites
Satellite version 6.1 and later require that you enable the Red Hat Satellite Tools 6 repository. The Red Hat Common repositories are no longer used and are not compatible with Satellite version 6.1 and later.
The Red Hat Satellite Tools 6 repository must be enabled, synchronized to the Red Hat Satellite Server and made available to your hosts as it provides the required packages.
To Verify the Red Hat Satellite Tools 6 Repository is Enabled:
- Open the Satellite web UI, navigate to Content > Red Hat Repositories and click the RPMs tab.
- Find and expand the Red Hat Enterprise Linux Server item.
Find and expand the Red Hat Satellite Tools 6 (for RHEL VERSION Server) (RPMs) item.
If the Red Hat Satellite Tools 6 items are not visible, it may be because they are not included in the subscription manifest obtained from the Customer Portal. To correct that, log in to the Customer Portal, add these repositories, download the subscription manifest and import it into Satellite.
- Ensure the Enabled check box beside the repository’s name is selected. If not, select it.
Enable the Red Hat Satellite Tools 6 repository for every supported major version of Red Hat Enterprise Linux running on your hosts.
To Install Katello Agent:
On the host, verify that the rhel-version-server-satellite-tools-6-rpms repository is enabled. If you registered the host using an activation key with auto-attach enabled, the repository is enabled automatically already.
# yum repolist enabled | grep -i rhel-version-server-satellite-tools-6-rpms
If the rhel-version-server-satellite-tools-6-rpms is not enabled, enable it using the following command:
# subscription-manager repos --enable=rhel-version-server-satellite-tools-6-rpms
Install the katello-agent RPM package using the following command:
# yum install katello-agent
Ensure the goferd service is running.
On Red Hat Enterprise Linux 6, run the following command:
# service goferd start
On Red Hat Enterprise Linux 7, run the following command:
# systemctl start goferd
2.7.5. Installing Tracer
This section describes how you can integrate Red Hat Satellite 6.4 with Tracer, and provides instructions on how to install Tracer and access Traces.
Tracer displays a list of services and applications that are outdated and require to be restarted. The list is labeled Traces and you can access this in the Satellite web UI.
The integration of Tracer with Satellite Server is a Technology Preview feature. Technology Preview features are not fully supported under Red Hat Subscription Service Level Agreements (SLAs), may not be functionally complete, and are not intended for production use. However, these features provide early access to upcoming product innovations, enabling customers to test functionality and provide feedback during the development process.
Prerequisite
For your content host, enable and synchronize the Red Hat Satellite Tools 6.4 repository.
Procedure
Tracer is an optional component, therefore you must install it separately from the rest of the Katello host tools.
On the content host, install the
katello-host-tools-tracer
RPM package:# yum install katello-host-tools-tracer
Enter the following command:
# katello-tracer-upload
- In the Satellite web UI, navigate to Hosts > All hosts, and then click the required host name.
- In the Properties tab, examine the Properties table, and then find the Traces item. If you cannot find a Traces item in the Properties table, then Tracer is not installed.
To Access Traces:
Traces is the output generated by Tracer in the Satellite web UI.
- In the Satellite web UI, navigate to Hosts > Content Hosts, and then click the required host name.
- Click the Traces tab to view Traces.
2.7.6. Installing and Configuring the Puppet Agent
This section describes how to install and configure the Puppet agent on a host. When you have correctly installed and configured the Puppet agent, you can navigate to Hosts > All hosts to list all hosts visible to Red Hat Satellite Server.
Prerequisites
The rhel-7-server-satellite-tools-6.4-rpms repository must be enabled, synchronized to the Red Hat Satellite Server and made available to your hosts as it provides the required packages.
To Verify the rhel-7-server-satellite-tools-6.4-rpms Repository is Enabled:
- In the Satellite web UI, navigate to Content > Red Hat Repositories.
-
In the search field, enter
Red Hat Satellite Tools 6.4 for RHEL 7 Server RPMs
. Select Red Hat Satellite Tools 6.4 (for RHEL 7 Server) (RPMs) and select the enable icon next to x86_64.
If the Red Hat Satellite Tools 6.4 (for RHEL 7 Server) (RPMs) items are not visible, it might be because they are not included in the subscription manifest obtained from the Customer Portal. To correct that, log in to the Customer Portal, add these repositories, download the subscription manifest and import it into Satellite.
To Install and Enable the Puppet Agent:
-
On the host, open a terminal console and log in as the
root
user. Verify that the rhel-7-server-satellite-tools-6.4-rpms repository is enabled, using the following command:
# yum repolist enabled | grep -i rhel-7-server-satellite-tools-6.4-rpms
If the rhel-7-server-satellite-tools-6.4-rpms is not enabled, enable it using the following command:
# subscription-manager repos \ --enable=rhel-7-server-satellite-tools-6.4-rpms
Install the Puppet agent RPM package using the following command:
# yum install puppet
Configure the puppet agent to start at boot:
On Red Hat Enterprise Linux 6:
# chkconfig puppet on
On Red Hat Enterprise Linux 7:
# systemctl enable puppet
Prerequisites
The following conditions must be met before configuring the Puppet Agent:
- The host must be registered to the Red Hat Satellite Server.
- The Red Hat Satellite Tools 6 repository must be enabled.
- Puppet packages must be installed on the host.
A Puppet environment is a collection of Puppet modules that can be associated with a host or a host group. Before you configure the Puppet agent environment, complete the following steps:
- To find the host’s Puppet environment, in the Satellite web UI, navigate to Hosts > All Hosts and view the Environment column in the host table.
- To assign a Puppet environment to a host, navigate to Hosts > All Hosts and click Edit next to the selected host.
-
To list Puppet environments enabled on the Satellite Server, navigate to Configure > Environments. You can also inspect the
/etc/puppetlabs/code/environments
directory on the Satellite Server to find what Puppet modules and manifests are associated with Puppet environments.
For more information see the Red Hat Satellite Puppet Guide.
To Configure the Puppet Agent:
Append the following server and environment settings to the
/etc/puppetlabs/puppet/puppet.conf
file. Set theenvironment
parameter to the name of the Puppet environment to which the host belongs:environment = My_Example_Org_Library server = satellite.example.com ca_server = satellite.example.com
Run the Puppet agent on the host:
# puppet agent -t
Sign the SSL certificate for the Puppet client in the Satellite Server web UI:
- Log in to the Satellite Server web UI.
- Select Infrastructure > Capsules.
- Select Certificates from the drop-down menu to the right of the required Capsule.
- Click Sign to the right of the required host.
Enter the
puppet agent
command again:# puppet agent -t
Assigning Context to a Host
When the Puppet agent is configured on the host, it appears in All Hosts but only when Any Organization is selected because the host is not assigned to an organization or location.
- To assign the host to an organization, see Section 2.14, “Assigning a Host to a Specific Organization”.
- To assign the host to a location, see Section 2.15, “Assigning a Host to a Specific Location”.
2.7.7. Registering Hosts to Satellite 6 Using The Bootstrap Script
The bootstrap script, which is included in 6.2 and later, can be used to register new hosts or migrate existing hosts to Satellite 6.
The bootstrap script handles content registration, product certificates, and Puppet configuration. The bootstrap script has the advantage of taking a Red Hat Enterprise Linux system, regardless of where it is registered (RHN, Satellite 5, SAM, RHSM), or if it is registered at all, and subscribing it to Satellite 6.
The bootstrap script package, katello-client-bootstrap
, is installed by default on the Satellite Server’s base system and the script itself is installed in the /var/www/html/pub/ directory to make it available to hosts. It can be accessed using a URL in the following form:
satellite6.example.com/pub/bootstrap.py
The script includes documentation in a readme file. To view the file on the Satellite CLI:
$ less /usr/share/doc/katello-client-bootstrap-version/README.md
Installing the Bootstrap Script on the Host:
As the script is only required once, and only for the root user, you can place it in /root and remove it after use, or place it in /usr/local/sbin. This example will use /root.
As root, install the bootstrap script on the host as follows:
Ensure you are in the correct directory. For example, to change to /root:
# cd
Download the script:
# curl -O http://satellite6.example.com/pub/bootstrap.py
This installs the script in the current directory.
Make the script executable:
# chmod +x bootstrap.py
To confirm that the script can now be run, view the usage statement as follows:
# ./bootstrap.py -h
Optionally, when the transition process is complete, remove the script:
# cd # rm bootstrap.py
Required Permissions The user requires certain permissions in order to run the bootstrap script. You can set these permissions using roles through the web UI or using the Hammer command line tool.
Using the web UI to set permissions for the bootstrap script:
- Navigate to Administer > Users.
- Select an existing user or create a new user especially for the purpose of running this script. Users are located under the Username field. A new pane will open with tabs to modify information about the selected user.
- Click the Roles tab.
Select Viewer and Edit hosts from the Roles list. The selected roles should appear on the Selected Items list confirming that they have been selected.
WarningBe aware that the following role Edit hosts allows the user to edit and delete hosts as well as being able to add hosts. If this is not acceptable to your security policy, create a new role with the minimal permissions required by the bootstrap script. Create the bootstrap role using the Hammer command line tool, see Using Hammer to set permissions for the bootstrap script:, then assign this role alone, to the user who will be running the bootstrap script. Alternatively, create an appropriate role using the web UI, navigate to Administer > Roles. Subsequently, use the web UI to create a role and set up the appropriate filters.
- Click Submit. The permissions required for the bootstrap script to run will now be set for the user you have specified.
Using Hammer to set permissions for the bootstrap script:
Create a role with the minimum permissions required by the bootstrap script. This example creates a role with the name Bootstrap. Modify this to provide a more specific name if you wish.
$ ROLE='Bootstrap' $ hammer role create --name "$ROLE" $ hammer filter create --role "$ROLE" --permissions view_organizations $ hammer filter create --role "$ROLE" --permissions view_locations $ hammer filter create --role "$ROLE" --permissions view_domains $ hammer filter create --role "$ROLE" --permissions view_hostgroups $ hammer filter create --role "$ROLE" --permissions view_hosts $ hammer filter create --role "$ROLE" --permissions view_architectures $ hammer filter create --role "$ROLE" --permissions view_ptables $ hammer filter create --role "$ROLE" --permissions view_operatingsystems $ hammer filter create --role "$ROLE" --permissions create_hosts
Assign the new role to an existing user.
$ hammer user add-role --id user_id --role Bootstrap
There is also the option to create a new user and assign this new role to them. For more information on how to create users through Hammer see Creating Users in the Red Hat Satellite Hammer CLI Guide.
Running the Bootstrap Script
Prerequisites
- The bootstrap script is installed as described previously.
- You have an activation key for your hosts. For configuring activation keys, see Managing Activation Keys in the Content Management Guide.
You have created a host group. For creating host groups, see Section 2.8, “Creating a Host Group”.
NotePuppet fails to retrieve the Puppet CA certificate while registering a host with a host group associated with a Puppet environment created inside a
Production
environment. To create a suitable Puppet environment to be associated with a host group, follow these steps:Manually create a directory and change the owner:
# mkdir /etc/puppetlabs/code/environments/example_environment # chown apache /etc/puppetlabs/code/environments/example_environment
-
Navigate to Configure
Environments and click Import environment from. The button name will include the FQDN of the internal or external Capsule. - Choose the created directory and click Update.
To run the bootstrap script:
Enter the bootstrap command as follows with values suitable for your environment.
WarningThe example in this section specifies the admin user. If this is not acceptable to your security policy, create a new role with the minimal permissions required by the bootstrap script that can be added to the appropriate user. This is achieved using the web UI or Hammer, see ] and xref:proc-hammer_set_permissions[ for more information.
For the
--server
option, specify the FQDN name of Satellite Server or Capsule Server. For--location
,--organization
, and--hostgroup
options, use quoted names, not labels, as arguments to the options. See Section 2.7.8, “Advanced Bootstrap Script Configuration” for advanced use cases.# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key
The script will prompt you for the password corresponding to the Satellite user name you entered with the
--login
option.The script will run and send notices of progress to stdout. Watch for output prompting you to approve the certificate. For example:
[NOTIFICATION], [2016-04-26 10:16:00], [Visit the UI and approve this certificate via Infrastructure->Capsules] [NOTIFICATION], [2016-04-26 10:16:00], [if auto-signing is disabled] [RUNNING], [2016-04-26 10:16:00], [/usr/bin/puppet agent --test --noop --tags no_such_tag --waitforcert 10]
The host will wait indefinitely until an administrator approves the Puppet certificate.
- In the web UI, navigate to Infrastructure > Capsules.
-
Select Certificates to the right of the name of the Capsule corresponding to the FQDN given with
--server
option. - In the Actions column select Sign to approve the host’s Puppet certificate.
- Return to the host to see the remainder of the bootstrap process completing.
- In the web UI, navigate to Hosts > All hosts and ensure that the host is connected to the correct host group.
If the Katello agent is not installed on the host, proceed to Section 2.7.4, “Installing the Katello Agent”.
2.7.8. Advanced Bootstrap Script Configuration
The standard workflow of using the bootstrap script has been outlined in Running the Bootstrap Script. This section covers some more examples.
The examples in this section specify the admin user. If this is not acceptable to your security policy, create a new role with the minimal permissions required by the bootstrap script. See ] and xref:proc-hammer_set_permissions[ for more information.
- Migrating a host from one Satellite 6 to another Satellite 6.
Use the script with
--force
, and the script will remove the katello-ca-consumer-* packages from the old Satellite and install the katello-ca-consumer-* packages from the new Satellite. For example:# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key \ --force
- Migrating a host from Red Hat Network (RHN) or Satellite 5 to Satellite 6.
The bootstrap script detects the presence of /etc/syconfig/rhn/systemid and a valid connection to RHN as an indicator that the system is registered to a legacy platform. The script then calls
rhn-classic-migrate-to-rhsm
to migrate the system from RHN. By default, the script does not delete the system’s legacy profile due to auditing reasons. To remove the legacy profile, use--legacy-purge
and use--legacy-login
to supply an user account that has appropriate permissions to remove a profile. Enter the user account password when prompted. For example:# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key \ --legacy-purge \ --legacy-login rhn-user
- Registering a host to Satellite 6, omitting Puppet setup.
By default, the bootstrap script configures the host for content management and configuration management. If you have an existing configuration management system and do not want to install puppet on the host, use
--skip-puppet
. For example:# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key \ --skip-puppet
- Registering a host to Satellite 6 for content management only.
To register a system as a content host, and leave out the provisioning and configuration management functions, use
--skip-foreman
. For example:# bootstrap.py --server satellite6.example.com \ --organization="Example Organization" \ --activationkey=activation_key \ --skip-foreman
- Changing the method the bootstrap script uses to download the consumer RPM.
By default, the bootstrap script uses HTTP to download the consumer RPM (server.example.com/pub/katello-ca-consumer-latest.noarch.rpm). In some environments, you might want to allow HTTPS only between the host and Satellite. Use
--download-method
to change the download method from HTTP to HTTPS. For example:# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key \ --download-method https
- Providing the host’s IP address to Satellite
On hosts with multiple interfaces or multiple IP addresses on one interface, you may need to override the auto-detection of the IP address and provide a specific IP address to Satellite. Use
--ip
. For example:# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key \ --ip 192.x.x.x
- Enabling Remote Execution on the host.
Use
--rex
and--rex-user
to enable remote execution and add the required SSH keys for the specified user. For example:# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key \ --rex \ --rex-user root
- Creating a domain for a host at registration time.
To create a host record, the DNS domain of a host needs to exist in Satellite prior to running script. If the domain does not exist, add it using
--add-domain
. For example:# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key \ --add-domain
- Providing an arbitrary Fully Qualified Domain Name (FQDN) for the host.
If the host’s host name is not an FQDN, or is not RFC compliant (containing a character such as an underscore), the script will fail at the host name validation stage. Use
--fqdn
to specify the FQDN that will be reported to Satellite. To do so, you will need to setcreate_new_host_when_facts_are_uploaded
andcreate_new_host_when_report_is_uploaded
to false usinghammer
. For example:# hammer settings set \ --name create_new_host_when_facts_are_uploaded \ --value false # hammer settings set \ --name create_new_host_when_report_is_uploaded \ --value false
# bootstrap.py --login=admin \ --server satellite6.example.com \ --location="Example Location" \ --organization="Example Organization" \ --hostgroup="Example Host Group" \ --activationkey=activation_key \ --fqdn node100.example.com
2.8. Creating a Host Group
If you create a high volume of hosts, many of the hosts can have common settings and attributes. Adding these settings and attributes for every new host is time consuming. If you use host groups, you can apply common attributes to hosts that you create.
A host group functions as a template for common host settings, containing many of the same details that you provide to hosts. When you create a host with a host group, the host inherits the defined settings from the host group. You can then provide additional details to individualize the host.
Host Group Hierarchy
You can also create a hierarchy of host groups. Aim to have one base level host group that represents all hosts in your organization and provide general settings, and then nested groups to provide specific settings. For example, you can have a base host level group that defines the operating system, and two nested host groups that inherit the base level host group:
Hostgroup:
Base
(Red Hat Enterprise Linux 7.2)Hostgroup:
Webserver
(applies thehttpd
Puppet class)-
Host:
webserver1.example.com
(web server) -
Host:
webserver2.example.com
(web server)
-
Host:
Hostgroup:
Storage
(applies thenfs
Puppet class)-
Host:
storage1.example.com
(storage server) -
Host:
storage2.example.com
(storage server)
-
Host:
-
Host:
custom.example.com
(custom host)
In this example, all hosts use Red Hat Enterprise Linux 7.2 as their operating system because of their inheritance of the Base
host group. The two web server hosts inherit the settings from the Webserver
host group, which includes the httpd
Puppet class and the settings from the Base
host group. The two storage servers inherit the settings from the Storage
host group, which includes the nfs
Puppet class and the settings from the Base
host group. The custom host only inherits the settings from the Base
host group.
To Create a Host Group
- In the Satellite web UI, navigate to Configure > Host Groups and click Create Host Group.
- If you have an existing host group that you want to inherit attributes from, you can select a host group from the Parent list. If you do not, leave this field blank.
- In the Name field, enter a name for the new host group.
- Enter any further information that you want future hosts to inherit.
- Click the Ansible Roles tab, and from the Ansible Roles list, select one or more roles that you want to add to the host. Use the arrow icon to manage the roles that you add or remove.
Click the additional tabs and add any details that you want to attribute to the host group.
NotePuppet fails to retrieve the Puppet CA certificate while registering a host with a host group associated with a Puppet environment created inside a
Production
environment. To create a suitable Puppet environment to be associated with a host group, follow these steps:Manually create a directory and change the owner:
# mkdir /etc/puppetlabs/code/environments/example_environment # chown apache /etc/puppetlabs/code/environments/example_environment
- Click Submit to save the host group.
For CLI Users
Create the host group with the hammer hostgroup create
command. For example:
# hammer hostgroup create --name "Base" \ --lifecycle-environment "Production" --content-view "Base" \ --environment "production" --content-source-id 1 \ --puppet-ca-proxy-id 1 --puppet-proxy-id 1 --domain "example.com" \ --subnet `ACME's Internal Network` --architecture "x86_64" \ --operatingsystem "RedHat 7.2" --medium-id 9 \ --partition-table "Kickstart default" --root-pass "p@55w0rd!" \ --locations "New York" --organizations "ACME"
2.9. Changing the Group of a Host
The following steps show you how to change the group of a host.
- Navigate to Hosts > All hosts.
- Select the check box of the host you want to change.
- From the Select Action menu at the upper right of the screen, select Change Group. A new option window will open.
- From the Host Group menu, select the group that you want for your host.
- Click Submit.
2.10. Changing the Environment of a Host
The following steps show you how to change the environment of a host.
- Navigate to Hosts > All hosts.
- Select the check box of the host you want to change.
- From the Select Action menu at the upper right of the screen, select Change Environment. A new option window will open.
- From the Environment menu, select the new environment for your host.
- Click Submit.
2.11. Adding an Ansible Role to a Host Group
You can use Ansible roles for remote management of Red Hat Enterprise Linux version 6.9 or later.
Before you can assign Ansible roles to host groups in Satellite, ensure that you import the roles to Satellite. For more information, see Adding Red Hat Enterprise Linux System Roles in the Administering Red Hat Satellite.
If you have an existing host group that you want to add Ansible Roles to, complete the following steps:
- In the Satellite web UI, navigate to Configure > Host Groups.
- From the list of host groups, click the host group name that you want to add an Ansible Role to.
- Click the Ansible Roles tab, and from the Ansible roles list, select one or more roles that you want to add to the host. Use the arrow icon to manage the roles that you add or remove.
- Click Submit to save your changes.
2.12. Running Ansible Roles on a Host Group
Before you begin, you must import Ansible roles in Satellite and assign the roles to your host group. For more information, see Section 2.11, “Adding an Ansible Role to a Host Group”.
You must have at least one host in your host group.
To Run an Ansible Role:
- In the Satellite web UI, navigate to Configure > Host Groups, and select the check box of the host group that contains the Ansible role you want to run.
- From the Actions column for the host group, select the arrow icon to the right of the Nest button, and then select Play Roles.
On the Run Ansible Roles page, you can view the status of your Ansible job. To rerun a job, click the Rerun button.
2.13. Managing Hosts
Hosts provisioned by Satellite are managed by default. When the host is set to managed, it is possible to configure additional host parameters from Satellite Server. These additional parameters are listed on the Operating System tab.
If you change any settings on the Operating System tab they will not take effect until you set the host to build and reboot it.
If there is a necessity to obtain reports about configuration management in systems using an operating system not supported by Satellite it is recommended to unmanage the host.
The following procedure shows how to switch a host between Managed and Unmanaged status.
- Navigate to Hosts > All hosts.
- Select the host.
- Click Edit.
- Click Manage host or Unmanage host to change the host’s status.
- Click Submit to save the changes.
2.14. Assigning a Host to a Specific Organization
The following steps show you how to assign a host to a specific organization. For general information about organizations and how to configure them, see Managing Organizations in the Content Management Guide.
- Navigate to Hosts > All hosts.
- Select the check box of the host you want to change.
- From the Select Action menu at the upper right of the screen, select Assign Organization. A new option window will open.
Navigate to the Select Organization menu and choose the organization that you want to assign for your host. Select the check box Fix Organization on Mismatch.
NoteA mismatch happens if there is a resource associated with a host, such as a domain or subnet, and at the same time not associated with the organization you want to assign the host to. The option Fix Organization on Mismatch will add such a resource to the organization, and is therefore the recommended choice. The option Fail on Mismatch, on the other hand, will always result in an error message. For example, reassigning a host from one organization to another will fail, even if there is no actual mismatch in settings.
- Click Submit.
2.15. Assigning a Host to a Specific Location
The following steps show you how to assign a host to a specific location. For general information about locations and how to configure them, see Creating a Location in the Provisioning Guide.
- Navigate to Hosts > All hosts.
- Select the check box of the host you want to change.
- From the Select Action menu at the upper right of the screen, select Assign Location. A new option window will open.
Navigate to the Select Location menu and choose the location that you want for your host. Select the check box Fix Location on Mismatch.
NoteA mismatch happens if there is a resource associated with a host, such as a domain or subnet, and at the same time not associated with the organization you want to assign the host to. The option Fix Organization on Mismatch will add such a resource to the organization, and is therefore the recommended choice. The option Fail on Mismatch, on the other hand, will always result in an error message. For example, reassigning a host from one organization to another will fail, even if there is no actual mismatch in settings.
- Click Submit to complete the assigning of the location to your host.
2.16. Configuring an Additional Network Interface
Red Hat Satellite supports specifying multiple network interfaces for a single host. You can configure these interfaces when creating a new host as described in Section 2.4, “Creating a Host” or when editing an existing host.
There are several types of network interfaces that you can attach to a host. When adding a new interface, select one of:
- Interface: Allows you to specify an additional physical or virtual interface. There are two types of virtual interfaces you can create. Use VLAN when the host needs to communicate with several (virtual) networks using a single interface, while these networks are not accessible to each other. Another type of virtual interface is alias, which is an additional IP address attached to an existing interface. See ], or xref:sect-Red_Hat_Satellite-Managing_Hosts-Configuring_an_Additional_Network_Interface-Adding_a_Physical_Interface[ for details.
- Bond: Creates a bonded interface. NIC bonding is a way to bind multiple network interfaces together into a single interface that appears as a single device and has a single MAC address. This enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy. See Section 2.16.3, “Adding a Bonded Interface” for details.
- BMC: Baseboard Management Controller (BMC) allows you to remotely monitor and manage physical state of machines. For more information about BMC, see Enabling Power Management on Managed Hosts in Installing Satellite Server from a Connected Network and for more information about configuring BMC interfaces, see Section 2.16.4, “Adding a Baseboard Management Controller (BMC) Interface”.
Additional interfaces have by default the Managed flag enabled, which means the new interface is configured automatically during provisioning by the DNS and DHCP Capsule Servers associated with the selected subnet. This requires a subnet with correctly configured DNS and DHCP Capsule Servers. If you use a kickstart method for host provisioning, configuration files are automatically created for managed interfaces in the post-installation phase at /etc/sysconfig/network-scripts/ifcfg-$interface_id.
Virtual and bonded interfaces currently require a MAC address of a physical device. Therefore, the configuration of these interfaces works only on bare-metal hosts.
2.16.1. Adding a Physical Interface
The following steps show how to add and additional physical interface to a host.
To Add a Physical Interface:
- Navigate to Hosts > All hosts to view available hosts.
- Click Edit next to the host you want to edit.
- On the Interfaces tab, click Add Interface.
- Keep the Interface option selected in the Type menu.
- Specify a MAC address of the additional interface. This setting is required.
- Specify the device Identifier, for example eth0 or eth1.1. Identifier is used for bonded interfaces (in the Attached devices field, see ]), VLANs and aliases (in the Attached to field, see xref:proc-Red_Hat_Satellite-Managing_Hosts-Adding_a_Virtual_Interface-To_Add_a_Virtual_Interface[).
- Specify the DNS name associated with the host’s IP address. Satellite saves this name in the Capsule Server associated with the selected domain (the "DNS A" field) and the Capsule Server associated with the selected subnet (the "DNS PTR" field). A single host can therefore have several DNS entries.
- Select a domain from the Domain drop-down menu. To create and manage domains, navigate to Infrastructure > Domains.
- Select a subnet from the Subnet drop-down menu. To create and manage subnets, navigate to Infrastructure > Subnets.
- Specify the interface IP address. Managed interfaces with assigned DHCP Capsule Server require this setting for creating a DHCP lease. DHCP-enabled managed interfaces provide an automatic suggestion of IP address.
- Decide if the interface will be managed. If the Managed check box is selected, the interface configuration is pulled from the associated Capsule Server during provisioning, and DNS and DHCP entries are created. If using kickstart provisioning, a configuration file is automatically created for the interface.
- Select the Virtual NIC check box to create a virtual interface. See Section 2.16.2, “Adding a Virtual Interface” for details.
- Click OK to save the interface configuration, and then click Submit to apply the changes to the host.
2.16.2. Adding a Virtual Interface
The following procedure shows how to configure an additional virtual interface for a host. This can be either a VLAN or an alias interface.
An alias interface is an additional IP address attached to an existing interface. Note that:
- An alias interface automatically inherits a MAC address from the interface it is attached to, therefore you can create an alias without specifying a MAC address.
-
The interface must be specified in a subnet with boot mode set to
static
.
To Add a Virtual Interface:
- Navigate to Hosts > All hosts to view available hosts.
- Click Edit next to the host you want to edit.
- On the Interfaces tab, click Add Interface.
- Keep the Interface option selected in the Type menu.
Specify the general interface settings. The applicable configuration options are the same as for the physical interfaces described in Section 2.16.1, “Adding a Physical Interface”.
Specify MAC address for managed virtual interfaces so that the configuration files for provisioning are generated correctly. However, MAC address is not required for virtual interfaces that are not managed.
If creating a VLAN, specify ID in the form of eth1.10 in the Identifier field. If creating an alias, use ID in the form of eth1:10.
Select the Virtual NIC check box. Additional configuration options specific to virtual interfaces are appended to the form:
- Tag: You can specify tags per interface to provide a higher-level segmentation of the network. If left blank, managed interfaces inherit the tag form the VLAN ID of the associated subnet, given that this subnet has the VLAN ID specified. User-specified entries from this field are not applied on alias interfaces.
- Attached to: Specify the identifier of the physical interface to which the virtual interface belongs, for example eth1. This setting is required.
- Click OK to save the interface configuration. Then click Submit to apply the changes to the host.
2.16.3. Adding a Bonded Interface
The following steps show how to configure a bonded interface for a host.
To Add a Bonded Interface:
- Navigate to Hosts > All hosts to view available hosts.
- Click Edit next to the host you want to edit.
- On the Interfaces tab, click Add Interface.
- Select Bond from the Type menu. Additional type-specific configuration options are appended to the form.
- Specify the general interface settings. The applicable configuration options are the same as for the physical interfaces described in Section 2.16.1, “Adding a Physical Interface”. Bonded interfaces use IDs in the form of bond0 in the Identifier field. It is sufficient if you specify a single MAC address in the MAC address field.
Specify the configuration options specific to bonded interfaces:
- Mode: Select the bonding mode that defines a policy for fault tolerance and load balancing. See Table 2.2, “Bonding Modes Available in Red Hat Satellite” for a brief description of individual bonding modes.
- Attached devices: Specify a comma separated list of identifiers of attached devices. These can be physical interfaces or VLANs.
- Bond options: Specify a space separated list of configuration options, for example miimon=100. There are several configuration options you can specify for the bonded interface, see Red Hat Enterprise Linux 7 Networking Guide for details.
- Click OK to save the interface configuration. Then click Submit to apply the changes to the host.
Bonding Mode | Description |
---|---|
balance-rr | Transmissions are received and sent out sequentially on each bonded interface. |
active-backup | Transmissions are received and sent out via the first available bonded interface. Another bonded interface is only used if the active bonded interface fails. |
balance-xor | Transmissions are based on the selected hash policy. In this mode, traffic destined for specific peers will always be sent over the same interface. |
broadcast | All transmissions are sent on all bonded interfaces. |
802.a3 | Creates aggregation groups that share the same settings. Transmits and receives on all interfaces in the active group. |
balance-tlb | The outgoing traffic is distributed according to the current load on each bonded interface. |
balance-alb | Receive load balancing is achieved through Address Resolution Protocol (ARP) negotiation. |
2.16.4. Adding a Baseboard Management Controller (BMC) Interface
This section describes how to configure a baseboard management controller (BMC) interface for a host that supports this feature.
Prerequisites
Ensure the following prerequisites are satisfied before proceeding:
- BMC is enabled on the Capsule Server. If required, see To Enable BMC Power Management on an Existing Capsule Server:.
-
The
ipmitool
package is installed. You know the MAC address, IP address, and other details of the BMC interface on the host, and the appropriate credentials for that interface.
NoteYou only need the MAC address for the BMC interface if the BMC interface is managed. This is so that it can create a DHCP reservation.
To Enable BMC Power Management on an Existing Capsule Server:
Use the
satellite-installer
routine to configure BMC power management on the Capsule Server by running the following command with the following options:#
satellite-installer --foreman-proxy-bmc=true \ --foreman-proxy-bmc-default-provider=ipmitool
Refresh the features for the Capsule Server.
- Log in to the Satellite web UI, and navigate to Infrastructure > Capsules.
- Identify the Capsule Server whose features you need to refresh. In the drop-down list on the right, click Refresh. The list of features in the Features column should now include BMC.
To Add a BMC Interface:
- Navigate to Hosts > All hosts to view available hosts.
- Click Edit next to the host you want to edit.
- On the Interfaces tab, click Add Interface.
- Select BMC from the Type menu. Type-specific configuration options are appended to the form.
- Specify the general interface settings. The applicable configuration options are the same as for the physical interfaces described in Section 2.16.1, “Adding a Physical Interface”.
Specify the configuration options specific to BMC interfaces:
- Username, Password: Specify any authentication credentials required by BMC.
- Provider: Specify the BMC provider.
- Click OK to save the interface configuration, and then click Submit to apply the changes to the host.
2.17. Removing a Host
The following procedure shows how to remove a host from Red Hat Satellite.
To Remove a Host:
- Click Hosts > All hosts or Hosts > Content Hosts.
- Select the hosts that you want to remove.
- Click Select Action and select Delete Hosts from the drop-down menu.
- Click Submit to remove the host from Red Hat Satellite permanently.
If a host record that is associated with a virtual machine is deleted, the virtual machine will be deleted as well. To avoid deleting the virtual machine in this situation, disassociate the virtual machine from Satellite without removing it from the hypervisor.
To Disassociate A Virtual Machine from Satellite without Removing it from a Hypervisor
- In the Satellite web UI, navigate to Hosts > All Hosts and select the check box to the left of the hosts to be disassociated.
- From the Select Action drop-down menu, select the Disassociate Hosts button.
In the confirmation window:
- Optionally, select the check box to keep the hosts for future action.
- Click Submit to save your changes.