Content Management Guide

Red Hat Satellite 6.6

A guide to managing content from Red Hat and custom sources

Red Hat Satellite Documentation Team

satellite-doc-list@redhat.com

Abstract

Use this guide to understand and manage content in Satellite 6. Examples of such content include RPM files, ISO images, and Puppet modules. Red Hat Satellite 6 manages this content using a set of Content Views promoted across the application lifecycle. This guide demonstrates how to create an application lifecycle that suits your organization and content views that fulfils host states within lifecycle environments. These content views eventually form the basis for provisioning and updating hosts in your Red Hat Satellite 6 environment.

Chapter 1. Introduction

In the context of Satellite 6, content is defined as the software installed on systems. This includes, but is not limited to, the base operating system, middleware services, and end-user applications. With Red Hat Satellite 6, you can manage the various types of content for Red Hat Enterprise Linux systems at every stage of the software life cycle.

Red Hat Satellite 6 manages the following content:

Subscription management: This provides organizations with a method to manage their Red Hat subscription information.
Content management: This provides organizations with a method to store Red Hat content and organize it in various ways.

1.1. Content Management Types Overview

With Red Hat Satellite 6, you can manage the following Red Hat content types:

RPM Packages: Import RPM files from repositories related to your Red Hat subscriptions. Satellite Server downloads the RPM files from Red Hat’s Content Delivery Network and stores them locally. You can use these repositories and their RPM files in Content Views.
Kickstart Trees: Import the kickstart trees for creating a system. New systems access these kickstart trees over a network to use as base content for their installation. Red Hat Satellite 6 also contains some predefined kickstart templates as well as the ability to create your own, which are used to provision systems and customize the installation.

You can also manage custom content in Red Hat Satellite 6. For example:

ISO and KVM Images: Download and manage media for installation and provisioning. For example, Satellite downloads, stores and manages ISO images and guest images for specific Red Hat Enterprise Linux and non-Red Hat operating systems.
Puppet Modules: You can upload Puppet modules alongside RPM content so that Puppet can configure the system’s state after provisioning. Users can also manage Puppet classes and parameters as part of the provisioning process.
OSTree: You can import OSTree branches and publish this content to an HTTP location.

You can use the procedure to add custom content for any type of content you require, for example, SSL certificates and OVAL files.

Chapter 2. Managing Organizations

Organizations divide Red Hat Satellite 6 resources into logical groups based on ownership, purpose, content, security level, or other divisions. You can create and manage multiple organizations through Red Hat Satellite 6, then divide and assign your Red Hat subscriptions to each individual organization. This provides a method of managing the content of several individual organizations under one management system. Here are some examples of organization management:

Single Organization: A small business with a simple system administration chain. In this case, you can create a single organization for the business and assign content to it.
Multiple Organizations: A large company that owns several smaller business units. For example, a company with separate system administration and software development groups. In this case, you can create organizations for the company and each of the business units it owns. This keeps the system infrastructure for each separate. You can then assign content to each organization based on its needs.
External Organizations: A company that manages external systems for other organizations. For example, a company offering cloud computing and web hosting resources to customers. In this case, you can create an organization for the company’s own system infrastructure and then an organization for each external business. You can then assign content to each organization where necessary.

A default installation of Red Hat Satellite 6 has a default organization called Default_Organization.

New Users

If a new user is not assigned a default organization, their access is limited. To grant systems rights to users, assign them to a default organization. The next time the user logs on to Satellite, the user’s account has the correct system rights.

2.1. Creating an Organization

Use this procedure to create an organization.

Procedure

To create an organization, complete the following steps:

In the Satellite web UI, navigate to Administer > Organizations.
Click New Organization.
In the Name field, enter a name for the organization.
In the Label field, enter a unique identifier for the organization. This is used for creating and mapping certain assets, such as directories for content storage. Use letters, numbers, underscores, and dashes, but no spaces.
Optional: in the Description field, enter a description for the organization.
Click Submit.
If you have hosts with no organization assigned, select the hosts that you want to add to the organization, then click Proceed to Edit.
In the Edit page, assign the infrastructure resources that you want to add to the organization. This includes networking resources, installation media, kickstart templates, and other parameters. You can return to this page at any time by navigating to Administer > Organizations and then selecting an organization to edit.
Click Submit.

For CLI Users

To create an organization, enter the following command:

# hammer organization create \
--name "your_organization_name" \
--label "your_organization_label \
--description "your_organization_description"

Optional: To edit an organization, enter the hammer organization update command. For example, the following command assigns a compute resource to the organization:
```
# hammer organization update \
--name "your_organization_name" \
--compute-resource-ids 1
```

2.2. Setting the Organization Context

An organization context defines the organization to use for a host and its associated resources.

Procedure

The organization menu is the first menu item in the menu bar, on the upper left of the Satellite web UI. If you have not selected a current organization, the menu says Any Organization. Click the Any Organization button and select the organization to use.

For CLI Users

While using the CLI, include either --organization "your_organization_name" or --organization-label "your_organization_label" as an option. For example:

# hammer subscription list --organization "Default_Organization"

This command outputs subscriptions allocated for the Default_Organization.

2.3. Creating an Organization Debug Certificate

If you require a debug certificate for your organization, use the following procedure.

Procedure

To create a debug certificate for an organization, complete the following steps:

In the Satellite web UI, navigate to Administer > Organizations.
Select an organization that you want to generate a debug certificate for.
Click Generate and Download.
Save the certificate file in a secure location.

Debug Certificates for Provisioning Templates

Debug Certificates are automatically generated for provisioning template downloads if they do not already exist in the organization for which they are being downloaded.

2.4. Browsing Repository Content Using an Organization Debug Certificate

You can view an organization’s repository content using a web browser or using the API if you have a debug certificate for that organization.

Prerequisites

Create and download an organization certificate as described in Section 2.3, “Creating an Organization Debug Certificate”.
Open the X.509 certificate, for example, for the default organization:
```
$ vi 'Default Organization-key-cert.pem'
```
Copy the contents of the file from -----BEGIN RSA PRIVATE KEY----- to -----END RSA PRIVATE KEY-----, into a key.pem file.
Copy the contents of the file from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----, into a cert.pem file.

Procedure

To use a browser, you must first convert the X.509 certificate to a format your browser supports and then import the certificate.

For Firefox Users

To use an organization debug certificate in Firefox, complete the following steps:

To create a PKCS12 format certificate, enter the following command:

$ openssl pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in cert.pem -inkey key.pem -out organization_label.pfx -name organization_name

In the Firefox browser, navigate to Edit > Preferences > Advanced Tab.
Select View Certificates, and click the Your Certificates tab.
Click Import and select the .pfx file to load.
In the address bar, enter a URL in the following format to browse for repositories:
```
http://satellite.example.com/pulp/repos/organization_label
```
Pulp uses the organization label, therefore, you must enter the organization label into the URL.

For CURL Users

To use the organization debug certificate with CURL, enter the following command:

$ curl -k --cert cert.pem --key key.pem \
http://satellite.example.com/pulp/repos/Default_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/sat-tools/6.6/os/

Ensure that the paths to cert.pem and key.pem are the correct absolute paths otherwise the command fails silently.

2.5. Deleting an Organization

You can delete an organization if the organization is not associated with any life cycle environments or host groups. If there are any life cycle environments or host groups associated with the organization you are about to delete, remove them by navigating to Administer > Organizations and clicking the relevant organization. Do not delete the default organization created during installation because the default organization is a placeholder for any unassociated hosts in the Satellite environment. There must be at least one organization in the environment at any given time.

Procedure

To delete an organization, complete the following steps:

In the Satellite web UI, navigate to Administer > Organizations.
From the list to the right of the name of the organization you want to delete, select Delete.
Click OK to delete the organization.

For CLI Users

Enter the following command to retrieve the ID of the organization that you want to delete:
```
# hammer organization list
```
From the output, note the ID of the organization that you want to delete.
Enter the following command to delete an organization:
```
# hammer organization delete --id Organization_ID
```

Chapter 3. Managing Locations

Locations function similar to organizations: they provide a method to group resources and assign hosts. Organizations and locations have the following conceptual differences:

Locations are based on physical or geographical settings.
Locations have a hierarchical structure.

3.1. Creating a Location

Use this procedure to create a location so that you can manage your hosts and resources by location.

Procedure

To create a location, complete the following steps:

In the Satellite web UI, navigate to Administer > Locations.
Click New Location.
Optional: from the Parent list, select a parent location. This creates a location hierarchy.
In the Name field, enter a name for the location.
Optional: in the Description field, enter a description for the location.
Click Submit.
If you have hosts with no location assigned, add any hosts that you want to assign to the new location, then click Proceed to Edit.
Assign any infrastructure resources that you want to add to the location. This includes networking resources, installation media, kickstart templates, and other parameters. You can return to this page at any time by navigating to Administer > Locations and then selecting a location to edit.
Click Submit to save your changes.

For CLI Users

Enter the following command to create a location:

# hammer location create \
--parent-id "parent_location_id" \
--name "your_location_name" \
--description "your_location_description"

3.2. Creating Multiple Locations

The following example Bash script creates three locations - London, Munich, Boston - and assigns them to the Example Organization.

ORG="Example Organization"
LOCATIONS="London Munich Boston"

for LOC in ${LOCATIONS}
do
  hammer location create --name "${LOC}"
  hammer location add-organization --name "${LOC}" --organization "${ORG}"
done

3.3. Setting the Location Context

A location context defines the location to use for a host and its associated resources.

Procedure

The location menu is the second menu item in the menu bar, on the upper left of the Satellite web UI. If you have not selected a current location, the menu displays Any Location. Click Any location and select the location to use.

For CLI Users

While using the CLI, include either --location "your_location_name" or --location-id "your_location_id" as an option. For example:

# hammer subscription list --location "Default_Location"

This command outputs subscriptions allocated for the Default_Location.

3.4. Deleting a Location

You can delete a location if the location is not associated with any life cycle environments or host groups. If there are any life cycle environments or host groups associated with the location you are about to delete, remove them by navigating to Administer > Locations and clicking the relevant location. Do not delete the default location created during installation because the default location is a placeholder for any unassociated hosts in the Satellite environment. There must be at least one location in the environment at any given time.

Procedure

To delete a location, complete the following steps:

In the Satellite web UI, navigate to Administer > Locations.
Select Delete from the list to the right of the name of the location you want to delete.
Click OK to delete the location.

For CLI Users

Enter the following command to retrieve the ID of the location that you want to delete:
```
# hammer location list
```
From the output, note the ID of the location that you want to delete.
Enter the following command to delete the location:
```
# hammer location delete --id Location ID
```

Chapter 4. Managing Subscriptions

Red Hat Satellite 6 imports content from the Red Hat Content Delivery Network (CDN). Satellite 6 requires a Subscription Manifest to find, access, and download content from the corresponding repositories. You must have a Subscription Manifest containing a subscription allocation for each organization on Satellite Server. All subscription information is available in your Red Hat Customer Portal account.

Before you can complete the tasks in this chapter, you must create a Subscription Manifest in the Customer Portal.

To create, manage, and export a Subscription Manifest, see Creating and managing manifests for a connected Satellite Server.

Use this chapter to import a Subscription Manifest and manage the manifest within the Satellite web UI.

Subscription Allocations and Organizations

You can manage more than one organization if you have more than one subscription allocation. Satellite 6 requires a single allocation for each organization configured in Satellite Server. The advantage of this is that each organization maintains separate subscriptions so that you can support multiple organizations, each with their own Red Hat accounts.

Future-Dated subscriptions

You can use future-dated subscriptions in a subscription allocation. When you add future-dated subscriptions to content hosts before the expiry date of the existing subscriptions, you can have uninterrupted access to repositories.

Manually attach the future-dated subscriptions to your content hosts before the current subscriptions expire. Do not rely on the auto-attach method because this method is designed for a different purpose and might not work. For more information, see Section 4.6, “Attaching Subscriptions to Content Hosts”.

4.1. Importing a Subscription Manifest into Satellite Server

Use the following procedure to import a Subscription Manifest into Satellite Server.

Prerequisites

You must have a Subscription Manifest file exported from the Customer Portal.

Procedure

To import a Subscription Manifest, complete the following steps:

In the Satellite web UI, ensure the context is set to the organization you want to use.
Navigate to Content > Subscriptions and click Manage Manifest.
In the Manage Manifest window, click Browse.
Navigate to the location that contains the Subscription Manifest file, then click Open. If the Manage Manifest window does not close automatically, click Close to return to the Subscriptions window.

For CLI Users

Copy the Subscription Manifest file from your client to Satellite Server:
```
$ scp ~/manifest_file.zip root@satellite.example.com:~/.
```

# hammer subscription upload \
--file ~/manifest_file.zip \
--organization "organization_name"

You can now enable repositories and import Red Hat content. For more information, see Chapter 5, Importing Red Hat Content.

4.2. Locating a Subscription in the Satellite Web UI

When you import a Subscription Manifest into Satellite Server, the subscriptions from your manifest are listed in the Subscriptions window. If you have a high volume of subscriptions, you can filter the results to find a specific subscription.

Prerequisite

You must have a Subscription Manifest file imported to Satellite Server.

Procedure

To locate a subscription, complete the following steps:

In the Satellite web UI, ensure the context is set to the organization you want to use.
Navigate to Content > Subscriptions.
In the Subscriptions window, click the Search field to view the list of search criteria for building your search query.
Select search criteria to display further options.
When you have built your search query, click the search icon.

For example, if you place your cursor in the Search field and select expires, then press the space bar, another list appears with the options of placing a >, <, or = character. If you select > and press the space bar, another list of automatic options appears. You can also enter your own criteria.

4.3. Adding Subscriptions to Subscription Allocations in the Satellite Web UI

Use the following procedure to add subscriptions to a subscription allocation in the Satellite web UI.

Prerequisite

You must have a Subscription Manifest file imported to Satellite Server. For more information, see Section 4.1, “Importing a Subscription Manifest into Satellite Server”.

Procedure

To add subscriptions to a subscription allocation, complete the following steps:

In the Satellite web UI, ensure the context is set to the organization you want to use.
Navigate to Content > Subscriptions.
In the Subscriptions window, click Add Subscriptions.
On the row of each subscription you want to add, enter the quantity in the Quantity to Allocate column.
Click Submit.

4.4. Removing Subscriptions from Subscription Allocations in the Satellite Web UI

Use the following procedure to remove subscriptions from a subscription allocation in the Satellite web UI.

Note

Manifests must not be deleted. If you delete the manifest from the Red Hat Customer Portal or in the Satellite web UI, all of the entitlements for all of your content hosts will be removed.

Prerequisite

You must have a Subscription Manifest file imported to Satellite Server. For more information, see Section 4.1, “Importing a Subscription Manifest into Satellite Server”.

Procedure

To remove subscriptions, complete the following steps:

In the Satellite web UI, ensure the context is set to the organization you want to use.
Navigate to Content > Subscriptions.
On the row of each subscription you want to remove, select the corresponding check box.
Click Delete, and then confirm deletion.

4.5. Updating and Refreshing Subscription Manifests

Every time that you change a subscription allocation, you must refresh the manifest to reflect these changes. For example, you must refresh the manifest if you take any of the following actions:

Renewing a subscription
Adjusting subscription quantities
Purchasing additional subscriptions

You can refresh the manifest directly in the Satellite web UI. Alternatively, you can import an updated manifest that contains the changes.

Procedure

In the Satellite web UI, ensure the context is set to the organization you want to use.
Navigate to Content > Subscriptions.
In the Subscriptions window, click Manage Manifest.
In the Manage Manifest window, click Refresh.

4.6. Attaching Subscriptions to Content Hosts

Using activation keys is the main method to attach subscriptions to content hosts during the provisioning process. However, an activation key cannot update an existing host. If you need to attach new or additional subscriptions, such as future-dated subscriptions, to one host, use the following procedure.

For more information about updating multiple hosts, see Section 4.7, “Bulk Updating Content Hosts' Subscriptions”.

For more information about activation keys, see Chapter 10, Managing Activation Keys.

Smart Management Subscriptions

In Satellite 6, you must maintain a Red Hat Enterprise Linux Smart Management subscription for every Red Hat Enterprise Linux host that you want to manage.

However, you are not required to attach Smart Management subscriptions to each content host. Smart Management subscriptions cannot attach automatically to content hosts in Satellite because they are not associated with any product certificates. Adding a Smart Management subscription to a content host does not provide any content or repository access. If you want, you can add a Smart Management subscription to a manifest for your own recording or tracking purposes.

Prerequisite

You must have a Subscription Manifest file imported to Satellite Server.

Procedure

To attach subscriptions to content hosts, complete the following steps:

In the Satellite web UI, ensure the context is set to the organization you want to use.
Navigate to Hosts > Content Hosts.
On the row of each content host whose subscription you want to change, select the corresponding check box.
From the Select Action list, select Manage Subscriptions.
Optionally, enter a key and value in the Search field to filter the subscriptions displayed.
Select the check box to the left of the subscriptions that you want to add or remove and click Add Selected or Remove Selected as required.
Click Done to save the changes.

For CLI Users

Connect to Satellite Server as the root user, and then list the available subscriptions:
```
# hammer subscription list \
--organization-id 1
```

Attach a subscription to the host:

# hammer host subscription attach \
--host host_name \
--subscription-id subscription_id

4.7. Bulk Updating Content Hosts' Subscriptions

Use this procedure for post-installation changes to multiple content hosts at the same time. Note that the hammer csv command is deprecated in Satellite 6.6 and later, therefore you must use the Satellite web UI to bulk update hosts.

Procedure

To update multiple content hosts, complete the following steps:

In the Satellite web UI, ensure the context is set to the organization you want to use.
Navigate to Hosts > Content Hosts.
On the row of each content host whose subscription you want to change, select the corresponding check box.
From the Select Action list, select Manage Subscriptions.
Optionally, enter a key and value in the Search field to filter the subscriptions displayed.
Select the check box to the left of the subscriptions to be added or removed and click Add Selected or Remove Selected as required.
Click Done to save the changes.

Chapter 5. Importing Red Hat Content

This section describes how to use products and repositories in Satellite, and to create synchronization plans to ensure your Satellite content remains up to date with the content on the Red Hat Content delivery network (CDN).

5.1. Products in Red Hat Satellite

In Satellite, a Product is an organizational unit to group multiple repositories together. For example, Red Hat Enterprise Linux Server is a Product in Satellite, the repositories for that product consist of different versions, different architectures, and different add-ons. Using Products ensures repositories that depend on each other are synchronized together. For Red Hat repositories, products are created automatically after enabling the repository.

5.2. Content Synchronization Overview

Satellite Server synchronizes its own repositories with the repositories on the Red Hat CDN. This ensures that Satellite Server retains an exact copy of Red Hat’s repositories. Satellite Server fetches this repository information and stores it on Satellite Server’s file system. After an initial synchronization, you can create a synchronization plan that checks to ensure the repositories are up to date with the CDN’s repositories.

You can perform an initial synchronization using ISO images. For more information about using content ISOs, see Appendix E, Importing Content ISOs into a Connected Satellite.

5.3. Disabling the Global HTTP Proxy

If you want to synchronize local repositories without using the configured proxy, you can ignore the global proxy that is set when you run the satellite-installer tool.

Procedure

To ignore the global HTTP proxy, complete the following steps:

In the Satellite web UI, navigate to Content > Products and select the product that you want to change.
Click the Repositories tab, and select the repository that you want to change.
In the Sync Settings area, navigate to Ignore Global HTTP Capsule. Click the edit icon, select the check box, and then click Save.

For CLI users

# hammer repository update --id Repository_ID --ignore-global-proxy yes

5.4. Download Policies Overview

Red Hat Satellite provides multiple download policies for synchronizing RPM content. For example, you might want to download only the content metadata while deferring the actual content download for later.

Satellite Server has the following policies:

Immediate: Satellite Server downloads all metadata and packages during synchronization.
On Demand: Satellite Server downloads only the metadata during synchronization. Satellite Server only fetches and stores packages on the file system when Capsules or directly connected clients request them. This setting has no effect if you set a corresponding repository on a Capsule to Immediate because Satellite Server is forced to download all the packages.
Background: Satellite Server creates a background task to download all packages after the initial synchronization.

The On Demand and Background policies act as a Lazy Synchronization feature because they save time synchronizing content. The lazy synchronization feature must be used only for yum repositories. You can add the packages to Content Views and promote to life cycle environments as normal.

Capsule Server offers the following policies:

Immediate: Capsule Server downloads all metadata and packages during synchronization. Do not use this setting if the corresponding repository on Satellite Server is set to On Demand as Satellite Server is forced to download all the packages.
On Demand: Capsule Server only downloads the metadata during synchronization. Capsule Server fetches and stores packages only on the file system when directly connected clients request them. When you use an On Demand download policy, content is downloaded from Satellite Server if it is not available on Capsule Server.
Background: Capsule Server creates a background task to download all packages after the initial synchronization.
Inherit: Capsule Server inherits the download policy for the repository from the corresponding repository on Satellite Server.

These policies are not available if a Capsule was installed or updated with --enable-foreman-proxy-plugin-pulp set to false.

5.5. Changing the Default Download Policy

You can set the default download policy that Satellite applies to new repositories you create in all organizations. Changing the default value does not change existing settings.

Procedure

To change the default download policy for repositories, complete the following steps:

In the Satellite web UI, navigate to Administer > Settings.
Click the Content tab and locate the Default Repository download policy.
In the Value field, click the edit icon.
Select the required download policy, and then click Save.

For CLI Users

To change the default download policy to one of immediate, on_demand, background, enter the following command:

# hammer settings set \
--name default_download_policy \
--value immediate

5.6. Changing the Download Policy for a Repository

You can also set the download policy for a repository.

Procedure

To set the download policy for a repository, complete the following steps:

In the web UI, navigate to Content > Products, and click the required product name.
On the Repositories tab, click the required repository name, locate the Download Policy field, and click the edit icon.
From the list, select the required download policy and then click Save.

For CLI Users

List the repositories for an organization:

# hammer repository list \
--organization-label organization-label

Change the download policy for a repository to one of immediate, on_demand, background:

# hammer repository update \
--organization-label organization-label  \
--product "Red Hat Enterprise Linux Server" \
--name "Red Hat Enterprise Linux 7 Server Kickstart x86_64 7.5"  \
--download-policy immediate

5.7. Enabling Red Hat Repositories

To select the repositories to synchronize, you must first identify the product that contains the repository, and then enable that repository based on the relevant release version and base architecture. For Red Hat Enterprise Linux 8, you must enable both AppStream and BaseOS repositories.

Disconnected Satellite

If you use Disconnected Satellite Server, you must configure Satellite to synchronize content with a local CDN server before synchronizing content. For more information, see Appendix B, Configuring Satellite to Synchronize Content with a Local CDN Server.

Repository Versioning

The difference between associating Red Hat Enterprise Linux operating system with either 7 Server repositories or 7.X repositories is that 7 Server repositories contain all the latest updates while Red Hat Enterprise Linux 7.X repositories stop getting updates after the next minor version release. Note that Kickstart repositories only have minor versions.

For Red Hat Enterprise Linux 8 Clients

To provision Red Hat Enterprise Linux 8 clients, you require the Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMS) and Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) repositories.

For Red Hat Enterprise Linux 7 Clients

To provision Red Hat Enterprise Linux 7 clients, you require the Red Hat Enterprise Linux 7 Server (RPMs) repository.

Procedure

In the Satellite web UI, navigate to Content > Red Hat Repositories.
To find repositories, either enter the repository name, or toggle the Recommended Repositories button to the on position to view a list of repositories that you require.
In the Available Repositories pane, click a repository to expand the repository set.
Click the Enable icon next to the base architecture and release version that you want.

For CLI Users

To search for your product, enter the following command:
```
# hammer product list --organization "My_Organization"
```

List the repository set for the product:

# hammer repository-set list \
--product "Red Hat Enterprise Linux Server" \
--organization "My_Organization"

Enable the repository using either the name or ID number. Include the release version, for example,7Server and base architecture, for example, x86_64. For example:

# hammer repository-set enable \
--name "Red Hat Enterprise Linux 7 Server (RPMs)" \
--releasever "7Server" \
--basearch "x86_64" \
--product "Red Hat Enterprise Linux Server" \
--organization "My_Organization"

5.8. Synchronizing Red Hat Repositories

Synchronize the repositories with the Red Hat CDN’s repositories.

For Web UI Users

In the Satellite web UI, navigate to Content > Products and select the product that contains the repositories that you want to synchronize.
Select the repositories that you want to synchronize and click Sync Now.

To view the progress of the synchronization in the web UI, navigate to Content > Sync Status and expand the corresponding product or repository tree.

For CLI Users

Synchronize the enabled repositories in the Red Hat Enterprise Linux Server product:

# hammer product synchronize \
--name "Red Hat Enterprise Linux Server" \
--organization "My_Organization"

You can also synchronize each repository individually. List all repositories in the product, then synchronize using the ID number for the corresponding repositories. For example:

# hammer repository list \
--product "Red Hat Enterprise Linux Server" \
--organization "My_Organization"
# hammer repository synchronize \
--name "Red Hat Enterprise Linux 7 Server RPMs x86_64 7Server" \
--product "Red Hat Enterprise Linux Server" \
--organization "My_Organization"

The synchronization duration depends on the size of each repository and the speed of your network connection. The following table provides estimates of how long it would take to synchronize content, depending on the available Internet bandwidth:

	Single Package (10Mb)	Minor Release (750Mb)	Major Release (6Gb)
256 Kbps	5 Mins 27 Secs	6 Hrs 49 Mins 36 Secs	2 Days 7 Hrs 55 Mins
512 Kbps	2 Mins 43.84 Secs	3 Hrs 24 Mins 48 Secs	1 Day 3 Hrs 57 Mins
T1 (1.5 Mbps)	54.33 Secs	1 Hr 7 Mins 54.78 Secs	9 Hrs 16 Mins 20.57 Secs
10 Mbps	8.39 Secs	10 Mins 29.15 Secs	1 Hr 25 Mins 53.96 Secs
100 Mbps	0.84 Secs	1 Min 2.91 Secs	8 Mins 35.4 Secs
1000 Mbps	0.08 Secs	6.29 Secs	51.54 Secs

Create a synchronization plan to ensure updates on a regular basis.

5.9. Synchronizing All Repositories in an Organization

Use this procedure to synchronize all repositories within an organization.

Procedure

To synchronize all repositories within an organization, run the following Bash script on your Satellite Server:

ORG="Your_Organization"

for i in $(hammer --no-headers --csv repository list --organization $ORG | awk -F, {'print $1'})
do
  hammer repository synchronize --id ${i} --organization $ORG --async
done

5.10. Recovering a Repository

In the case of repository corruption, you can recover it by using an advanced synchronization, which has three options:

Optimized Sync

Synchronizes the repository bypassing RPMs that have no detected differences from the upstream RPMs.

Complete Sync

Synchronizes all RPMs regardless of detected changes. Use this option if specific RPMs could not be downloaded to the local repository even though they exist in the upstream repository.

Validate Content Sync

Synchronizes all RPMs and then verifies the checksum of all RPMs locally. If the checksum of an RPM differs from the upstream, it re-downloads the RPM. This option is relevant only for yum repositories. Use this option if you have one of the following errors:

Specific RPMs cause a 404 error while synchronizing with yum.
Package does not match intended download error, which means that specific RPMs are corrupted.

Procedure

To synchronize a specific repository with an advanced option, complete the following steps:

In the Satellite web UI, navigate to Content > Products.
Select the product containing the corrupted repository.
Select the name of a repository you want to synchronize.
From the Select Action menu, select Advanced Sync.
Select the option and click Sync.

For CLI users

Obtain a list of repository IDs:

# hammer repository list --organization "My_Organization"

Synchronize a corrupted repository using the necessary option:

For the optimized synchronization:

# hammer repository synchronize --incremental true --id 1

For the complete synchronization:

# hammer repository synchronize --skip-metadata-check true --id 1

For the validate content synchronization:

# hammer repository synchronize --validate-contents true --id 1

5.11. Limiting Synchronization Speed

You can control the speed of synchronization to avoid exhaustion of available bandwidth and to prevent other performance issues. This is done by configuring PULP_CONCURRENCY and max_speed parameters. Note that these settings are overwritten on an upgrade. Back up any changed files prior to an upgrade to be able to restore the configuration.

To control the number of synchronization jobs that run in parallel, configure the PULP_CONCURRENCY parameter in the /etc/default/pulp_workers file. For example, to set the number of jobs that run in parallel to 1, change PULP_CONCURRENCY to 1:
```
PULP_CONCURRENCY=1
```
By default, on a system with less than 8 CPUs, PULP_CONCURRENCY is set to the number of CPUs. On a system with more than 8 CPUs, it is set to 8.
To set the maximum network speed for synchronizing in bytes per second, configure the max_speed parameter. This parameter must be configured separately for each importer in the /etc/pulp/server/plugins.conf.d/ directory. For example, to set the maximum speed for synchronizing RPM content to 10 bytes per second, set the "max_speed" parameter in the /etc/pulp/server/plugins.conf.d/yum_importer.json file to 10:
```
# cat /etc/pulp/server/plugins.conf.d/yum_importer.json
{
    "proxy_host": null,
    "proxy_port": null,
    "proxy_username": null,
    "proxy_password": null,
    "max_speed": 10
}
```

Verify the syntax of the file after editing:

# json_verify < /etc/pulp/server/plugins.conf.d/yum_importer.json
JSON is valid

Restart the satellite-maintain services to apply the changes:
```
# satellite-maintain service restart
```

5.12. Creating a Synchronization Plan

A synchronization plan checks and updates the content at a scheduled date and time. In Red Hat Satellite 6, you can create a synchronization plan and assign products to the plan.

Procedure

To create a synchronization plan, complete the following steps:

In the Satellite web UI, navigate to Content > Sync Plans and click New Sync Plan.
In the Name field, enter a name for the plan.
In the Description field, enter a description of the plan.
From the Interval list, select the interval at which you want the plan to run.
From the Start Date and Start Time lists, select when to start running the synchronization plan.
Click Save.
Click the Products tab, then click Add. Select the Red Hat Enterprise Linux Server product and click Add Selected.

For CLI Users

To create the synchronization plan, enter the following command:

# hammer sync-plan create \
--name "Red Hat Products 2" \
--description "Example Plan for Red Hat Products" \
--interval daily \
--sync-date "2016-02-01 01:00:00" \
--enabled true \
--organization "My_Organization"

Assign the Red Hat Enterprise Linux Server product to it:

# hammer product set-sync-plan \
--name "Red Hat Enterprise Linux Server" \
--sync-plan "Red Hat Products" \
--organization "My_Organization"

View the available synchronization plans for an organization to verify that the synchronization plan is created:
```
# hammer sync-plan list --organization "Default Organization"
```

5.13. Assigning a Synchronization Plan to Multiple Products

Use this procedure to assign a synchronization plan to the products in an organization that have been synchronized at least once and contain at least one repository

Procedure

To assign a synchronization plan to the selected products, complete the following steps:

Run the following Bash script:

ORG="Your_Organization"
SYNC_PLAN="daily_sync_at_3_a.m"

for i in $(hammer --no-headers --csv product list --organization $ORG --per-page 999 | grep -vi not_synced | awk -F, {'{ if ($5!=0) print $1}'})
do
  hammer sync-plan create --name $SYNC_PLAN --interval daily --sync-date "2018-06-20 03:00:00" --enabled true --organization $ORG
  hammer product set-sync-plan --sync-plan $SYNC_PLAN --organization $ORG --id $i
done

After executing the script, view the products assigned the synchronization plan:
```
# hammer product list --organization $ORG --sync-plan $SYNC_PLAN
```

Chapter 6. Importing Custom Content

This chapter outlines how you can import custom content of different types to Satellite. If you want to import ISOs, Puppet modules, or different content types to Satellite, it is done with largely the same procedures in this chapter.

For example, you can use the following chapters for information on specific types of custom content but the underlying procedures are the same:

Chapter 12, Managing OSTree Content
Chapter 14, Managing ISO Images
Chapter 15, Managing Custom File Type Content
Chapter 16, Managing Custom Puppet Content

6.1. Using Custom Products in Satellite

Both Red Hat content and custom content in Red Hat Satellite 6 have similarities:

The relationship between a product and its repositories is the same and the repositories still require synchronization.
Custom products require a subscription for clients to access, similar to subscriptions to Red Hat Products. Red Hat Satellite 6 creates a subscription for each custom product you create.

For more information about creating and packaging RPMs, see the RPM Packaging Guide in the Red Hat Enterprise Linux documentation.

6.2. Importing Custom SSL Certificates

Before you create custom content, ensure that you import any Custom SSL certificates that you require.

If you require SSL certificates and keys to download RPMs, you can add them to Satellite.

In the Satellite web UI, navigate to Content > Content Credentials. In the Content Credentials window, click Create Content Credential.
In the Name field, enter a name for your SSL certificate.
From the Type list, select SSL Certificate.
In the Content Credentials Content field, paste your SSL certificate, or click Browse to upload your SSL certificate.
Click Save.

6.3. Importing a Custom GPG Key

Before you create custom content, ensure that you import any GPG keys that you require.

Prerequisites

Download a copy of the version specific repository package to your client system:
```
$ wget http://www.example.com/9.5/example-9.5-2.noarch.rpm
```

Extract the RPM file without installing it:

$ rpm2cpio example-9.5-2.noarch.rpm | cpio -idmv

The GPG key is located relative to the extraction at etc/pki/rpm-gpg/RPM-GPG-KEY-EXAMPLE-95.

Procedure

To import a GPG key, complete the following procedure:

In the Satellite web UI, navigate to Content > Content Credentials and in the upper-right of the window, click Create Content Credential.
Enter the name of your repository and select GPG Key from the Type list.

Either paste the GPG key into the Content Credential Contents field, or click Browse and select the GPG key file that you want to import.

If your custom repository contains content signed by multiple GPG keys, you must enter all required GPG keys in the Content Credential Contents field with new lines between each key, for example:

Click Save.

For CLI Users

Copy the GPG key to your Satellite Server:

$ scp ~/etc/pki/rpm-gpg/RPM-GPG-KEY-EXAMPLE-95 root@satellite.example.com:~/.

Upload the GPG key to Satellite:

# hammer gpg create \
--key ~/RPM-GPG-KEY-EXAMPLE-95 \
--name "My_Repository" \
--organization "My_Organization"

6.4. Creating a Custom Product

Use this procedure to create a custom product that you can then add repositories to.

Procedure

To create a custom product, complete the following procedure:

In the Satellite web UI, navigate to Content > Products, click Create Product.
In the Name field, enter a name for the product. Red Hat Satellite 6 automatically completes the Label field based on what you have entered for Name.
Optional: From the GPG Key list, select the GPG key for the product.
Optional: From the SSL CA Cert list, select the SSL CA certificate for the product.
Optional: From the SSL Client Cert list, select the SSL client certificate for the product.
Optional: From the SSL Client Key list, select the SSL client key for the product.
Optional: From the Sync Plan list, select an existing sync plan or click Create Sync Plan and create a sync plan for your product requirements.
In the Description field, enter a description of the product.
Click Save.

For CLI Users

To create the product, enter the following command:

# hammer product create \
--name "My_Product" \
--sync-plan "Example Plan" \
--description "Content from My Repositories" \
--organization "My_Organization"

6.5. Adding a Custom RPM Repository

Use this procedure to add a custom RPM repository in Satellite.

The Products window in the Satellite web UI also provides a Repo Discovery function that finds all repositories from a URL and you can select which ones to add to your custom product. For example, you can use the Repo Discovery to search, for example, http://yum.postgresql.org/9.5/redhat/ and list all repositories for different Red Hat Enterprise Linux versions and architectures. This helps users save time importing multiple repositories from a single source.

Support for Custom RPMs

Red Hat does not support the upstream RPMs directly from third-party sites. These RPMs are used to demonstrate the synchronization process. For any issues with these RPMs, contact the third-party developers.

Procedure

In the Satellite web UI, navigate to Content > Products and select the product that you want to use, and then click Create Repository.
In the Name field, enter a name for the repository. Red Hat Satellite 6 automatically completes the Label field based on what you have entered for Name.
From the Type list, select the type of repository. You can select either a repository for RPM files (yum), Puppet modules (puppet), or Docker images (docker).
In the URL field, enter the URL of the external repository to use as a source.
From the Download Policy list, select the type of synchronization Satellite Server performs.
Ensure that the Mirror on Sync check box is selected. This ensures that the content that is no longer part of the upstream repository is removed during synchronization.
From the Checksum list, select the checksum type for the repository.
Optional: If you want, you can clear the Publish via HTTP check box to disable this repository from publishing through HTTP.
Optional: From the GPG Key list, select the GPG key for the product.
Click Save.

If you want to perform an immediate synchronization, in your product window, click Sync Now.

For CLI Users

Enter the following command to create the repository:

# hammer repository create \
--name "My_Repository" \
--content-type "yum" \
--publish-via-http true \
--url http://yum.postgresql.org/9.5/redhat/rhel-7-x86_64/ \
--gpg-key "My_Repository" \
--product "My_Product" \
--organization "My_Organization"

Synchronize the repository:

# hammer repository synchronize \
--name "My_Repository" \
--product "My Product" \
--organization "My_Organization"

Chapter 7. Managing Application Life Cycles

This chapter outlines the application life cycle in Satellite and how to create and remove application life cycles for Satellite and Capsule.

7.1. Application Life Cycle Overview

The application life cycle is a concept central to Red Hat Satellite 6’s content management functions. The application life cycle defines how a particular system and its software look at a particular stage. For example, an application life cycle might be simple; you might only have a development stage and production stage. In this case the application life cycle might look like this:

Development
Production

However, a more complex application life cycle might have further stages, such as a phase for testing or a beta release. This adds extra stages to the application life cycle:

Development
Testing
Beta Release
Production

Red Hat Satellite 6 provides methods to customize each application life cycle stage so that it suits your specifications.

Each stage in the application life cycle is called an environment in Red Hat Satellite 6. Each environment uses a specific collection of content. Red Hat Satellite 6 defines these content collections as a Content View. Each Content View acts as a filter where you can define what repositories, packages, and Puppet modules to include in a particular environment. This provides a method for you to define specific sets of content to designate to each environment.

For example, an email server might only require a simple application life cycle where you have a production-level server for real-world use and a test server for trying out the latest mail server packages. When the test server passes the initial phase, you can set the production-level server to use the new packages.

Another example is a development life cycle for a software product. To develop a new piece of software in a development environment, test it in a quality assurance environment, pre-release as a beta, then release the software as a production-level application.

Figure 7.1. The Red Hat Satellite 6 Application Life Cycle

7.2. Promoting Content across the Application Life Cycle

In the application life cycle chain, when content moves from one environment to the next, this is called promotion.

Example Content Promotion Across Satellite Life Cycle Environments

Each environment contains a set of systems registered to Red Hat Satellite 6. These systems only have access to repositories relevant to their environment. When you promote packages from one environment to the next, the target environment’s repositories receive new package versions. As a result, each system in the target environment can update to the new package versions.

Development	Testing	Production
example_software-1.1-0.noarch.rpm	example_software-1.0-0.noarch.rpm	example_software-1.0-0.noarch.rpm

After completing development on the patch, you promote the RPM to the Testing environment so the Quality Engineering team can review the patch. The application life cycle then contains the following package versions in each environment:

Development	Testing	Production
example_software-1.1-0.noarch.rpm	example_software-1.1-0.noarch.rpm	example_software-1.0-0.noarch.rpm

While the Quality Engineering team reviews the patch, the Development team starts work on example_software 2.0. This results in the following application life cycle:

Development	Testing	Production
exampleware-2.0-0.noarch.rpm	exampleware-1.1-0.noarch.rpm	exampleware-1.0-0.noarch.rpm

The Quality Engineering team completes their review of the patch. Now example_software 1.1 is ready to release. You promote 1.1 to the Production environment:

Development	Testing	Production
example_software-2.0-0.noarch.rpm	example_software-1.1-0.noarch.rpm	example_software-1.1-0.noarch.rpm

The Development team completes their work on example_software 2.0 and promotes it to the Testing environment:

Development	Testing	Production
example_software-2.0-0.noarch.rpm	example_software-2.0-0.noarch.rpm	example_software-1.1-0.noarch.rpm

Finally, the Quality Engineering team reviews the package. After a successful review, promote the package to the Production environment:

Development	Testing	Production
exampleware-2.0-0.noarch.rpm	exampleware-2.0-0.noarch.rpm	exampleware-2.0-0.noarch.rpm

For more information, see Section 8.4, “Promoting a Content View”.

7.3. Creating a Life Cycle Environment Path

To create an application life cycle for developing and releasing software, use the Library environment as the initial environment to create environment paths. Then optionally add additional environments to the environment paths.

Procedure

In the Satellite web UI, navigate to Content > Lifecycle Environments.
Click New Environment Path to start a new application life cycle.
In the Name field, enter a name for your environment.
In the Description field, enter a description for your environment.
Click Save.
Optional: To add an environment to the environment path, click Add New Environment, complete the Name and Description fields, and select the prior environment from the Prior Environment list.

For CLI Users

To create an environment path, enter the hammer lifecycle-environment create command and specify the Library environment with the --prior option:

# hammer lifecycle-environment create \
--name "Environment Path Name" \
--description "Environment Path Description" \
--prior "Library" \
--organization "My_Organization"

Optional: To add an environment to the environment path, enter the hammer lifecycle-environment create command and specify the parent environment with the --prior option:

# hammer lifecycle-environment create \
--name "Environment Name" \
--description "Environment Description" \
--prior "Prior Environment Name" \
--organization "My_Organization"

To view the chain of the life cycle environment, enter the following command:
```
# hammer lifecycle-environment paths --organization "My_Organization"
```

7.4. Removing Life Cycle Environments from Satellite Server

Use this procedure to remove a life cycle environment.

Procedure

To remove a life cycle environment, complete the following steps:

In the Satellite web UI, navigate to Content > Life Cycle Environments.
Click the name of the life cycle environment that you want to remove, and then click Remove Environment.
Click Remove to remove the environment.

For CLI Users

List the life cycle environments for your organization and note the name of the life cycle environment you want to remove:
```
# hammer lifecycle-environment list --organization "My_Organization"
```

Use the hammer lifecycle-environment delete command to remove an environment:

# hammer lifecycle-environment delete \
--name "your_environment" \
--organization "My_Organization"

7.5. Removing Life Cycle Environments from Capsule Server

When life cycle environments are no longer relevant to the host system or environments are added incorrectly to Capsule Server, you can remove the life cycle environments from Capsule Server.

You can use both the Satellite web UI and the Hammer to remove life cycle environments from Capsule.

Procedure

To remove a life cycle environment from Capsule Server, complete the following step:

In the Satellite web UI, navigate to Infrastructure > Capsules, and select the Capsule that you want to remove a life cycle from.
Click Edit and click the Life Cycle Environments tab.
From the right menu, select the life cycle environments that you want to remove from Capsule, and then click Submit.
To synchronize Capsule’s content, click the Overview tab, and then click Synchronize.
Select either Optimized Sync or Complete Sync.

For CLI Users

To remove a life cycle environment from Capsule Server, complete the following steps:

Select the Capsule Server that you want from the list and take note of its id:
```
# hammer capsule list
```
To verify the Capsule Server’s details, enter the following command:
```
# hammer capsule info --id capsule_id
```
Verify the list of life cycle environments currently attached to the Capsule Server and take note of the environment id:
```
# hammer capsule content lifecycle-environments \
--id capsule_id
```
Remove the life cycle environment from Capsule Server:
```
# hammer capsule content remove-lifecycle-environment \
--id capsule_id \
--lifecycle-environment-id lifecycle_environment_id
```
Repeat this step for every life cycle environment that you want to remove from Capsule Server.
Synchronize the content from Satellite Server’s environment to Capsule Server:
```
# hammer capsule content synchronize \
--id capsule_id
```

7.6. Adding Life Cycle Environments to Capsule Servers

If your Capsule Server has the content functionality enabled, you must add an environment so that Capsule can synchronize content from Satellite Server and provide content to host systems.

Do not assign the Library lifecycle environment to your Capsule Server because it triggers an automated Capsule sync every time the CDN updates a repository. This might consume multiple system resources on Capsules, network bandwidth between Satellite and Capsules, and available disk space on Capsules.

You can use Hammer CLI on Satellite Server or the Satellite web UI.

Procedure

To add a life cycle environment to Capsule Server, complete the following steps:

In the Satellite web UI, navigate to Infrastructure > Capsules, and select the Capsule that you want to add a life cycle to.
Click Edit and click the Life Cycle Environments tab.
From the left menu, select the life cycle environments that you want to add to Capsule and click Submit.
To synchronize the content on the Capsule, click the Overview tab and click Synchronize.
Select either Optimized Sync or Complete Sync.
For definitions of each synchronization type, see Section 5.10, “Recovering a Repository”.

For CLI Users

To display a list of all Capsule Servers, on Satellite Server, enter the following command:
```
# hammer capsule list
```
Note the Capsule ID of the Capsule that you want to add a life cycle to.
Using the ID, verify the details of your Capsule:
```
# hammer capsule info --id capsule_id
```
Display the life cycle environments that are available and note the environment ID:
```
# hammer capsule content available-lifecycle-environments \
--id capsule_id
```
To view the life cycle environments available for your Capsule Server, enter the following command and note the ID and the organization name:
```
# hammer capsule content available-lifecycle-environments --id capsule_id
```

Add the life cycle environment to your Capsule Server:

# hammer capsule content add-lifecycle-environment \
--id capsule_id --organization "My_Organization" \
--environment-id environment_id

Repeat for each life cycle environment you want to add to Capsule Server.

Synchronize the content from Satellite to Capsule.
- To synchronize all content from your Satellite Server environment to Capsule Server, enter the following command:
```
# hammer capsule content synchronize --id capsule_id
```
- To synchronize a specific life cycle environment from your Satellite Server to Capsule Server, enter the following command:
```
# hammer capsule content synchronize --id external_capsule_id \
--environment-id environment_id
```

Chapter 8. Managing Content Views

Red Hat Satellite 6 uses Content Views to create customized repositories from the repositories. To do this, you must define which repositories to use and then apply certain filters to the content. These filters include both package filters, package group filters, and errata filters. You can use Content Views to define which software versions a particular environment uses. For example, a Production environment might use a Content View containing older package versions, while a Development environment might use a Content View containing newer package versions.

Each Content View creates a set of repositories across each environment, which Satellite Server stores and manages. When you promote a Content View from one environment to the next environment in the application life cycle, the respective repository on Satellite Server updates and publishes the packages.

	Development	Testing	Production
Content View Version and Contents	Version 2 - example_software-1.1-0.noarch.rpm	Version 1 - example_software-1.0-0.noarch.rpm	Version 1 - example_software-1.0-0.noarch.rpm

The repositories for Testing and Production contain the example_software-1.0-0.noarch.rpm package. If you promote Version 2 of the Content View from Development to Testing, the repository for Testing regenerates and then contains the example_software-1.1-0.noarch.rpm package:

	Development	Testing	Production
Content View Version and Contents	Version 2 - example_software-1.1-0.noarch.rpm	*Version 2 - example_software-1.1-0.noarch.rpm*	Version 1 - example_software-1.0-0.noarch.rpm

This ensures systems are designated to a specific environment but receive updates when that environment uses a new version of the Content View.

The general workflow for creating Content Views for filtering and creating snapshots is as follows:

Create a Content View.
Add the repository and the Puppet modules that you want to the Content View.
Optionally, create one or more filters to refine the content of the Content View.
Optionally, resolve any package dependencies for a Content View.
Publish the Content View.
Optionally, promote the Content View to another environment.
Attach the content host to the Content View.

If a repository is not associated with the Content View, the file /etc/yum.repos.d/redhat.repo remains empty and systems registered to it cannot receive updates.

Hosts can only be associated with a single Content View. To associate a host with multiple Content Views, create a composite Content View. For more information, see Section 8.7, “Creating a Composite Content View”.

Package Dependency Resolution

Package dependency is a complication of package management. For more information about how to manage package dependencies within Content Views, see Section 8.9, “Resolving Package Dependencies”.

8.1. Creating a Content View

Use this procedure to create a simple Content View.

Prerequisites

While you can stipulate whether you want to resolve any package dependencies on a Content View by Content View basis, you might want to change the default Satellite settings to enable or disable package resolution for all Content Views. For more information, see Section 8.9, “Resolving Package Dependencies”.

Procedure

To create a content view, complete the following steps:

In the Satellite web UI, navigate to Content > Content Views and click Create New View.
In the Name field, enter a name for the view. Satellite automatically completes the Label field from the name you enter.
In the Description field, enter a description of the view.
Optional: if you want to solve dependencies automatically every time you publish this Content View, select the Solve Dependencies check box. Dependency solving slows the publishing time and might ignore any Content View filters you use. This can also cause errors when resolving dependencies for errata.
Click Save to create the Content View.
In the Repository Selection area, select the repositories that you want to add to your Content View, then click Add Repositories.
Click Publish New Version and in the Description field, enter information about the version to log changes.
Click Save.
Optional: to force metadata regeneration on Yum repositories, from the Actions list for your Content View versions, select Regenerate Repository Metadata.

You can view the Content View in the Content Views window. To view more information about the Content View, click the Content View name.

To register a host to your content view, see Registering Hosts in the Managing Hosts guide.

Creating a Content View with Hammer CLI

Obtain a list of repository IDs:

# hammer repository list --organization "My_Organization"

Create the Content View and add repositories:

# hammer content-view create \
--name "Example_Content_View" \
--description "Example Content View" \
--repository-ids 1,2 \
--organization "My_Organization"

For the --repository-ids option, you can find the IDs in the output of the hammer repository list command.

Publish the view:

# hammer content-view publish \
--name "Example_Content_View" \
--description "Example Content View" \
--organization "My_Organization"

Optional: To add a repository to an existing Content View, enter the following command:

# hammer content-view add-repository \
--name "Example_Content_View" \
--organization "My_Organization" \
--repository-id repository_ID

Satellite Server creates the new version of the view and publishes it to the Library environment.

8.2. Viewing Module Streams

In Satellite, you can view the module streams of the repositories in your Content Views.

Procedure

To view module streams for the repositories in your content view, complete the following steps:

In the Satellite web UI, navigate to Content > Content Views, and select the Content View that contains the modules you want to view.
Click the Versions tab and select the Content View version that you want to view.
Click the Module Streams tab to view the module streams that are available for the Content View.
Use the Filter field to refine the list of modules.
To view the information about the module, click the module.

8.3. Creating a Content View with a Puppet Module

Use this procedure to create a Content View using one repository and no filters.

Prerequisites

Before you begin, upload the required Puppet module to a repository within a custom product. For more information, see Adding Puppet Modules to Red Hat Satellite 6 in the Puppet Guide.

Procedure

To create a Content View with a Puppet module, complete the following steps:

In the Satellite web UI, navigate to Content > Content Views and click Create New View.
In the Name field, enter a name for the view. Red Hat Satellite 6 automatically completes the Label field from the name you enter.
In the Description field, enter a description of the view.
Click Save to complete.
In the Repository Selection area, select the repositories that you want to add to your Content View, then click Add Repositories.
Click the Puppet Modules tab, then click Add New Module.
Search for the module that you want to add and click Select a Version.
Navigate to the entry for Use Latest and click Select Version in the Actions column.
To publish, click the Versions tab and click Publish New Version. In the Description field, enter a description to log the changes and click Save.

To register a host to your content view, see Registering Hosts in the Managing Hosts guide.

For CLI Users

To add a Puppet module to a Content View, enter the following command:

# hammer content-view puppet-module add \
--content-view cv_name \
--name module_name

8.4. Promoting a Content View

Use this procedure to promote Content Views across different lifecycle environments.

Permission Requirements for Content View Promotion

Non-administrator users require two permissions to promote a Content View to an environment:

promote_or_remove_content_views
promote_or_remove_content_views_to_environment.

The promote_or_remove_content_views permission restricts which Content Views a user can promote.

The promote_or_remove_content_views_to_environment permission restricts the environments to which a user can promote Content Views.

With these permissions you can assign users permissions to promote certain Content Views to certain environments, but not to other environments. For example, you can limit a user so that they are permitted to promote to test environments, but not to production environments.

You must assign both permissions to a user to allow them to promote Content Views.

Procedure

To promote a Content View, complete the following steps:

In the Satellite web UI, navigate to Content > Content Views and select the Content View that you want to promote.
Click the Versions tab for the Content View.
Select the version that you want to promote and in the Actions column, click Promote.
Select the environment where you want to promote the Content View, and click Promote Version.
Click the Promote button again. This time select the Testing environment and click Promote Version.
Finally click on the Promote button again. Select the Production environment and click Promote Version.

Now the repository for the Content View appears in all environments.

For CLI Users

Promote the Content View using the hammer content-view version promote each time:

# hammer content-view version promote \
--content-view "Database" \
--version 1 \
--to-lifecycle-environment "Development" \
--organization "My_Organization"
# hammer content-view version promote \
--content-view "Database" \
--version 1 \
--to-lifecycle-environment "Testing" \
--organization "My_Organization"
# hammer content-view version promote \
--content-view "Database" \
--version 1 \
--to-lifecycle-environment "Production" \
--organization "My_Organization"

Now the database content is available in all environments.

To register a host to your content view, see Registering Hosts in the Managing Hosts guide.

8.5. Promoting a Content View Across All Life Cycle Environments within an Organization

Use this procedure to promote Content Views across all lifecycle environments within an organization.

Procedure

To promote a Content Views version across all lifecycle environments within an organization, complete the following steps:

To promote a selected Content View version from Library across all life cycle environments within an organization, run the following Bash script:

ORG="Your_Organization"
CVV_ID=3

for i in $(hammer --no-headers --csv lifecycle-environment list --organization $ORG | awk -F, {'print $1'} | sort -n)
do
   hammer content-view version promote --organization $ORG --to-lifecycle-environment-id $i --id $CVV_ID
done

Display information about your Content View version to verify that it is promoted to the required lifecycle environments:
```
# hammer content-view version info --id 3
```

8.6. Composite Content Views Overview

A Composite Content View combines the content from several Content Views. For example, you might have separate Content Views to manage an operating system and an application individually. You can use a Composite Content View to merge the contents of both Content Views into a new repository. The repositories for the original Content Views still exist but a new repository also exists for the combined content.

If you want to develop an application that supports different database servers. The example_application appears as:

example_software
Application
Database
Operating System

Example of four separate Content Views:

Red Hat Enterprise Linux (Operating System)
PostgreSQL (Database)
MariaDB (Database)
example_software (Application)

From the previous Content Views, you can create two Composite Content Views.

Example Composite Content View for a PostgreSQL database:

Composite Content View 1 - example_software on PostgreSQL
example_software (Application)
PostgreSQL (Database)
Red Hat Enterprise Linux (Operating System)

Example Composite Content View for a MariaDB:

Composite Content View 2 - example_software on MariaDB
example_software (Application)
MariaDB (Database)
Red Hat Enterprise Linux (Operating System)

Each Content View is then managed and published separately. When you create a version of the application, you publish a new version of the Composite Content Views. You can also select the Auto Publish option when creating a Composite Content View, and then the Composite Content View is automatically republished when a Content View it includes is republished.

Repository Restrictions

You cannot include more than one of each repository in Composite Content Views. For example, if you attempt to include two Content Views using the same repository in a Composite Content View, Satellite Server reports an error.

8.7. Creating a Composite Content View

Procedure

To create a Composite Content View, complete the following steps:

In the Satellite web UI, navigate to Content > Content Views and click Create New View.
In the Name field, enter a name for the view. Red Hat Satellite 6 automatically completes the Label field from the name you enter.
In the Description field, enter a description of the view.
Select the Composite View? check box to create a Composite Content View.
Optional: select the Auto Publish check box if you want the Composite Content View to be republished automatically when a Content View is republished.
Click Save.
In the Add Content Views area, select the Content Views that you want to add to the Composite Content View, and then click Add Content Views.
Click Publish New Version to publish the Composite Content View. In the Description field, enter a description and click Save.
Click Promote and select the lifecycle environments to promote the Composite Content View to, enter a description, and then click Promote Version.

For CLI Users

Before you create the Composite Content Views, list the version IDs for your existing Content Views:
```
# hammer content-view version list \
--organization "My_Organization"
```

Create a new Composite Content View. When the --auto-publish option is set to yes, the Composite Content View is automatically republished when a Content View it includes is republished:

# hammer content-view create \
--composite \
--auto-publish yes \
--name "Example_Composite_Content_View" \
--description "Example Composite Content View" \
--organization "My_Organization"

Add a component Content View to the Composite Content View. You must include the Content View Version ID and use the --latest option. To include multiple component Content Views to the Composite Content View, repeat this step for every Content View you want to include:
```
# hammer content-view component add \
--component-content-view-id Content_View_Version_ID \
--latest \
--composite-content-view "Example_Composite_Content_View"
```

Publish the Composite Content View:

# hammer content-view publish \
--name "Example_Composite_Content_View" \
--description "Initial version of Composite Content View" \
--organization "My_Organization"

Promote the Composite Content View across all environments:

# hammer content-view version promote \
--content-view "Example_Composite_Content_View" \
--version 1 \
--to-lifecycle-environment "Development" \
--organization "My_Organization"
# hammer content-view version promote \
--content-view "Example_Composite_Content_View" \
--version 1 \
--to-lifecycle-environment "Testing" \
--organization "My_Organization"
# hammer content-view version promote \
--content-view "Example_Composite_Content_View" \
--version 1 \
--to-lifecycle-environment "Production" \
--organization "My_Organization"

8.8. Content Filter Overview

Content Views also use filters to include or restrict certain RPM content. Without these filters, a Content View includes everything from the selected repositories.

There are two types of content filters:

Table 8.1. Filter Types
Filter Type	Description
Include	You start with no content, then select which content to add from the selected repositories. Use this filter to combine multiple content items.
Exclude	You start with all content from selected repositories, then select which content to remove. Use this filter when you want to use most of a particular content repository but exclude certain packages, such as blacklisted packages. The filter uses all content in the repository except for the content you select.

Include and Exclude Filter Combinations

If using a combination of Include and Exclude filters, publishing a Content View triggers the include filters first, then the exclude filters. In this situation, select which content to include, then which content to exclude from the inclusive subset.

Content Types

There are also four types of content to filter:

Table 8.2. Content Types
Content Type	Description
Package	Filter packages based on their name and version number.
Package Group	Filter packages based on package groups. The list of package groups is based on the repositories added to the Content View.
Erratum (by ID)	Select which specific errata to add to the filter. The list of Errata is based on the repositories added to the Content View.
Erratum (by Date and Type)	Select a issued or updated date range and errata type (Bugfix, Enhancement, or Security) to add to the filter.

8.9. Resolving Package Dependencies

In Satellite, you can use the package dependency resolution feature to ensure that any dependencies that packages have within a Content View are added to the dependent repository as part of the Content View publication process.

You can select to resolve package dependencies for any Content View that you want, or you can change the default setting to enable or disable resolving package dependencies for all new Content Views.

Note that resolving package dependencies can cause significant delays to Content View promotion. The package dependency resolution feature does not consider packages that are installed on your system independently of the Content View or solve dependencies across repositories.

Resolving Package Dependencies and Filters

Filters do not resolve any dependencies of the packages listed in the filters. This might require some level of testing to determine what dependencies are required.

If you add a filter that excludes some packages that are required and the Content View has dependency resolution enabled, Satellite ignores the rules you create in your filter in favor of resolving the package dependency.

If you create a content filter for security purposes, to resolve a package dependency, Satellite can add packages that you might consider insecure.

Procedure

To resolve package dependencies by default, complete the following steps:

In the Satellite web UI, navigate to Administer > Settings and click the Content tab.
Locate the Content View Dependency Solving Default, and select Yes.

You can also set the default level of dependency resolution that you want. You can select between adding packages to solve dependencies only if the required package does not exist, or to add the latest packages to resolve the dependency even if the package exists in the repository.

To set the default level of dependency resolution, complete the following steps:

In the Satellite web UI, navigate to Administer > Settings and click the Content tab.
Locate the Content View Dependency Solving Algorithm and select one of the following options:
- To add the package that resolves the dependency only if it does not exist in the repository, select Conservative.
- To add the package that resolves the dependency regardless of whether or not it exists in the repository, select Greedy.

8.10. Content Filter Examples

Use any of the following examples with the procedure that follows to build custom content filters.

Example 1

Create a repository with the base Red Hat Enterprise Linux packages. This filter requires a Red Hat Enterprise Linux repository added to the Content View.

Filter:

Inclusion Type: Include
Content Type: Package Group
Filter: Select only the Base package group

Example 2

Create a repository that excludes all errata, except for security updates, after a certain date. This is useful if you want to perform system updates on a regular basis with the exception of critical security updates, which must be applied immediately. This filter requires a Red Hat Enterprise Linux repository added to the Content View.

Filter:

Inclusion Type: Exclude
Content Type: Erratum (by Date and Type)
Filter: Select only the Bugfix and Enhancement errata types, and clear the Security errata type. Set the Date Type to Updated On. Set the Start Date to the date you want to restrict errata. Leave the End Date blank to ensure any new non-security errata is filtered.

Example 3

A combination of Example 1 and Example 2 where you only require the operating system packages and want to exclude recent bug fix and enhancement errata. This requires two filters attached to the same Content View. The Content View processes the Include filter first, then the Exclude filter.

Filter 1:

Inclusion Type: Include
Content Type: Package Group
Filter: Select only the Base package group

Filter 2:

Inclusion Type: Exclude
Content Type: Erratum (by Date and Type)
Filter: Select only the Bugfix and Enhancement errata types, and clear the Security errata type. Set the Date Type to Updated On. Set the Start Date to the date you want to restrict errata. Leave the End Date blank to ensure any new non-security errata is filtered.

For another example of how content filters work, see the following article: "How do content filters work in Satellite 6"

8.11. Creating a Content Filter

Use this procedure to create a content filter. For examples of how to build a filter, see Section 8.10, “Content Filter Examples”

Procedure

To create a content filter, complete the following steps:

In the Satellite web UI, navigate to Content > Content Views and select a Content View.
Navigate to Yum Content > Filters and click New Filter.
In the Name field, enter a name for your filter.
From the Content Type list, select the content type that you want to filter. Depending on what you select for the new filter’s content type, different options appear.
From the Inclusion Type list, select either Include or Exclude.
In the Description field, enter a description for the filter, and click Save.
Depending on what you enter for Content Type, add rules to create the filter that you want.
Click the Affected repositories tab to select which specific repositories use this filter.
Click Publish New Version to publish the filtered repository. In the Description field, enter a description of the changes, and click Save.

You can promote this Content View across all environments.

For CLI Users

Add a filter to the Content View. Use the --inclusion false option to set the filter to an Exclude filter:

# hammer content-view filter create \
--name "Errata Filter" \
--type erratum --content-view "Example_Content_View" \
--description "My latest filter" \
--inclusion false \
--organization "My_Organization"

Add a rule to the filter:

# hammer content-view filter rule create \
--content-view "Example_Content_View" \
--content-view-filter "Errata Filter" \
--start-date "YYYY-MM-DD" \
--types enhancement,bugfix \
--date-type updated \
--organization "My_Organization"

Publish the Content View:

# hammer content-view publish \
--name "Example_Content_View" \
--description "Adding errata filter" \
--organization "My_Organization"

Promote the view across all environments:

# hammer content-view version promote \
--content-view "Example_Content_View" \
--version 1 \
--to-lifecycle-environment "Development" \
--organization "My_Organization"
# hammer content-view version promote \
--content-view "Example_Content_View" \
--version 1 \
--to-lifecycle-environment "Testing" \
--organization "My_Organization"
# hammer content-view version promote \
--content-view "Example_Content_View" \
--version 1 \
--to-lifecycle-environment "Production" \
--organization "My_Organization"

Chapter 9. Synchronizing Content Between Satellite Servers

Red Hat Satellite 6.6 uses Inter-Satellite Synchronization (ISS) to synchronize content Satellite Servers, or between organizations on Satellite Server.

You can use ISS in the following scenarios:

If you have both connected and disconnected Satellite Servers, and want to copy content from the connected servers to the disconnected servers. For example, you require complete isolation of management infrastructure for security or other purposes.
If you want to copy some but not all content from your Satellite Server to other Satellite Servers. For example, you have Content Views that your IT department validates on Satellite Server, and you want to copy content from those Content Views to other Satellite Servers.
If you want to clone a Content View from one organization to another organization on Satellite Server.

You cannot use ISS to synchronize content from Satellite Server to Capsule Server. Capsule Server supports synchronization natively. For more information, see Capsule Server Overview in Planning for Red Hat Satellite 6.

9.1. Exporting a Content View Version

You can export a version of a Content View to an archive file from Satellite Server and use this archive file to create the same Content View version on another Satellite Server or on another Satellite Server organization. Satellite does not export composite Content Views. The exported archive file contains the following data:

A JSON file containing Content View version metadata
An archive file containing all the repositories included into the Content View version

Satellite Server exports only RPM and kickstart files added to a version of a Content View. Satellite does not export the following content:

Puppet content
Docker content
OSTree content
Content View definitions and metadata, such as package filters.

Changes to the hammer content-view version export command

The new hammer content-view version export and hammer content-view version import commands work differently from the commands in the previous versions of Satellite. The old feature is still available with the hammer content-view version export-legacy command. The old feature has the following functionality that does not exist in the new feature:

You can patch a disconnected Satellite Server from a connected Satellite Server directly. hammer content-view version export-legacy exports the CDN structure, therefore, you do not have to use a DVD ISO from the Red Hat Customer Portal.
When exporting a Content View that contains non-yum content, hammer content-view version export-legacy skips the non-yum content and exports the Content View, while hammer content-view version export prompts you to remove a non-yum repository and fails.

For more information about using the old feature, see Synchronizing Content Between Satellite Servers in the Satellite 6.4 Content Management Guide.

Prerequisites

To export a Content View, ensure that the Satellite Server where you want to export meets the following conditions:

Ensure that the export directory has free storage space to accommodate the export.
Ensure that the /var/lib/pulp/ directory has free storage space equivalent to the size of the repositories being exported for temporary files created during the export process.
Ensure that the /var/cache/pulp directory has free storage space equivalent to twice of the size of the repository being exported for temporary files created during the export process.
Ensure that you set download policy to Immediate for all repositories within the Content View you export. For more information, see Section 5.4, “Download Policies Overview”.
Ensure that you clear the Mirror on Sync check box for the repositories that you import on the repository settings page.
Ensure that you synchronize Products that you export to the required date.

To Export a Content View Version:

List Content Views to determine the ID of a Content View version you want to export:
```
# hammer content-view version list \
--organization "Default Organization"
```
Export the version of a Content View. Specify the directory where to store the export with the --export-dir option and the ID of the Content View version that you export with the --id option. The pulp_export_destination setting does not work for this procedure.
```
# hammer content-view version export --export-dir export_directory \
--id content_view_version_ID
```
Verify that the archive containing the exported version of a Content View is located in the export directory:
```
# ls export_directory
export-1.tar
```

9.2. Importing a Content View Version

You can use the archive that the hammer content-view version export command outputs to create a version of a Content View with the same content as the exported Content View version. For more information about exporting a Content View version, see Section 9.1, “Exporting a Content View Version”.

When you import a Content View version, it has the same major and minor version numbers and contains the same repositories with the same packages and errata. You can customize the version numbers by changing the major and minor settings in the json file that is located in the exported archive.

Prerequisites

To import a Content View, ensure that the Satellite Server where you want to import meets the following conditions:

If you want to import a Content View to Satellite in a disconnected environment, you must configure Satellite to synchronize content with a local CDN server and then synchronize content that the CV you export contains. For more information, see Appendix B, Configuring Satellite to Synchronize Content with a Local CDN Server.
Ensure that you set download policy to Immediate for all repositories within the Content View you export. For more information, see Section 5.4, “Download Policies Overview”.
Ensure that you clear the Mirror on Sync check box for the repositories that you import on the repository settings page.

Procedure

Copy the archived file with the exported Content View version to the /var/lib/pulp/katello-export directory on the Satellite Server where you want to import.
On the Satellite Server where you want to import, create a Content View with the same name and label as the exported Content View. For more information, see Creating a Content View with Hammer CLI.
Ensure that you enable the repositories that the Products in the exported Content View version include. For more information, see Section 5.7, “Enabling Red Hat Repositories”.
In the Satellite web UI, navigate to Content > Products, click the Yum content tab and add the same Yum content that the exported Content View version includes.
Until BZ#1745081 is resolved, navigate to the /var/lib/pulp/katello-export directory:
```
# cd /var/lib/pulp/katello-export
```
To import the Content View version to Satellite Server, enter the following command:
```
# hammer content-view version import \
--export-tar /var/lib/pulp/katello-export/exported_CV_archive.tar \
--organization-id Your_Organization_ID
```
Note that until BZ#1745081 is resolved, you must enter the full path /var/lib/pulp/katello-export/. Relative paths do not work.
To verify that you import the Content View version successfully, list Content Views for your organization:
```
# hammer content-view version list --organization "Your_Organization"
```

Chapter 10. Managing Activation Keys

Activation keys provide a method to automate system registration and subscription attachment. You can create multiple keys and associate them with different environments and Content Views. For example, you might create a basic activation key with a subscription for Red Hat Enterprise Linux workstations and associate it with Content Views from a particular environment.

You can use activation keys during content host registration to improve the speed, simplicity and consistency of the process.

Activation keys can define the following properties for content hosts:

Associated subscriptions and subscription attachment behavior.
Available products and repositories.
A life cycle environment and a Content View.
Host collection membership.

Note that activation keys are used only when hosts are registered. If changes are made to an activation key, it is applicable only to hosts that are registered with the amended activation key in the future. The changes are not made to existing hosts.

Content View Conflicts between Host Creation and Registration

When you provision a host, Satellite uses provisioning templates and other content from the Content View that you set in the host group or host settings. When the host is registered, the Content View from the activation key overwrites the original Content View from the host group or host settings. Then Satellite uses the Content View from the activation key for every future task, for example, rebuilding a host.

When you rebuild a host, ensure that you set the Content View that you want to use in the activation key and not in the host group or host settings.

Using the Same Activation Key with Multiple Content Hosts

You can apply the same activation key to multiple content hosts if it contains enough subscriptions. However, activation keys set only the initial configuration for a content host. When the content host is registered to an organization, the organization’s content can be attached to the content host manually.

Using Multiple Activation Keys with a Content Host

A content host can be associated with multiple activation keys that are combined to define the host settings. In case of conflicting settings, the last specified activation key takes precedence. You can specify the order of precedence by setting a host group parameter as follows:

$ hammer hostgroup set-parameter \
--name kt_activation_keys \
--value name_of_first_key, name_of_second_key,... \
--hostgroup hostgroup_name

10.1. Creating an Activation Key

You can use activation keys to define a specific set of subscriptions to attach to hosts during registration. The subscriptions that you add to an activation key must be available within the associated Content View.

Subscription Manager attaches subscriptions differently depending on the following factors:

Are there any subscriptions associated with the activation key?
Is the auto-attach option enabled?

Based on the previous factors, there are three possible scenarios for subscribing with activation keys:

Activation key with no subscriptions specified.
With no subscriptions specified and auto-attach enabled, hosts using the activation key search for the best fitting subscription from the ones provided by the Content View associated with the activation key. This is similar to entering the subscription-manager --auto-attach command.
Activation key providing a custom subscription pool for auto-attach.
If there are subscriptions specified and auto-attach is enabled, hosts using the activation key select the best fitting subscription from the list specified in the activation key.
Activation key with the exact set of subscriptions.
If there are subscriptions specified and auto-attach is disabled, hosts using the activation key are associated with all subscriptions specified in the activation key.

Custom Products

If a custom product, typically containing content not provided by Red Hat, is assigned to an activation key, this product is always enabled for the registered content host regardless of the auto-attach setting.

Procedure

To create an activation key, complete the following steps:

In the Satellite web UI, navigate to Content > Activation keys and click Create Activation Key.
In the Name field, enter the name of the activation key.
If you want to set a limit, clear the Unlimited hosts check box, and in the Limit field, enter the maximum number of systems you can register with the activation key. If you want unlimited hosts to register with the activation key, ensure the Unlimited Hosts check box is selected.
In the Description field, enter a description for the activation key.
From the Environment list, select the environment to use.
From the Content View list, select a Content View to use. If you want to use this activation key to register hosts, the Content View must contain the Satellite Tools repository because it is required to install the katello-agent.
Click Save and when your new activation key appears in the Activation Keys window, click the name to edit.

For CLI Users

Create the activation key:

# hammer activation-key create \
--name "My_Activation_Key" \
--unlimited-hosts \
--description "Example Stack in the Development Environment" \
--lifecycle-environment "Development" \
--content-view "Stack" \
--organization "My_Organization"

Obtain a list of your subscription IDs:

# hammer subscription list --organization "My_Organization"

Attach the Red Hat Enterprise Linux subscription UUID to the activation key:

# hammer activation-key add-subscription \
--name "My_Activation_Key" \
--subscription-id ff808181533518d50152354246e901aa \
--organization "My_Organization"

List the product content associated with the activation key:

# hammer activation-key product-content \
--name "My_Activation_Key" \
--organization "My_Organization"

Override the default auto-enable status for the Red Hat Satellite Tools 6.6 repository. The default status is set to disabled. To enable, enter the following command:

# hammer activation-key content-override \
--name "My_Activation_Key" \
--content-label rhel-7-server-satellite-tools-6.6-rpms \
--value 1 \
--organization "My_Organization"

10.2. Updating Subscriptions Associated with an Activation Key

You can change the subscriptions associated with an activation key using the web UI or using the Hammer command-line tool.

Note that changes to an activation key apply only to machines provisioned after the change. To update subscriptions on existing content hosts, see Section 4.7, “Bulk Updating Content Hosts' Subscriptions”.

Procedure

To update the subscriptions associated with an activation key, complete the following steps:

In the Satellite web UI, navigate to Content > Activation keys and click the name of the activation key.
Click the Subscriptions tab.
To remove subscriptions, select List/Remove, and then select the check boxes to the left of the subscriptions to be removed and then click Remove Selected.
To add subscriptions, select Add, and then select the check boxes to the left of the subscriptions to be added and then click Add Selected.
Click the Repository Sets tab and review the repositories' status settings.
To enable or disable a repository, select the check box for a repository and then change the status using the Select Action list.
Click the Details tab, select a Content View for this activation key, and then click Save.

For CLI Users

List the subscriptions that the activation key currently contains:

# hammer activation-key subscriptions \
--name My_Activation_Key \
--organization "My_Organization"

Remove the required subscription from the activation key:

# hammer activation-key remove-subscription \
--name "My_Activation_Key" \
--subscription-id ff808181533518d50152354246e901aa \
--organization "My_Organization"

For the --subscription-id option, you can use either the UUID or the ID of the subscription.

Attach new subscription to the activation key:

# hammer activation-key add-subscription \
--name "My_Activation_Key" \
--subscription-id ff808181533518d50152354246e901aa \
--organization "My_Organization"

For the --subscription-id option, you can use either the UUID or the ID of the subscription.

List the product content associated with the activation key:

# hammer activation-key product-content \
--name "My_Activation_Key" \
--organization "My_Organization"

Override the default auto-enable status for the required repository:

# hammer activation-key content-override \
--name "My_Activation_Key" \
--content-label content_label \
--value 1 \
--organization "My_Organization"

For the --value option, enter 1 for enable, 0 for disable.

10.3. Using Activation Keys for Host Registration

You can use activation keys to complete the following tasks:

Registering new hosts during provisioning through Red Hat Satellite 6. The kickstart provisioning templates in Red Hat Satellite 6 contain commands to register the host using an activation key that is defined when creating a host.
Registering existing Red Hat Enterprise Linux hosts. Configure Red Hat Subscription Manager to use Satellite Server for registration and specify the activation key when running the subscription-manager register command.

Procedure

To use an activation key for host registration with an existing Red Hat Enterprise Linux 7 host to Satellite Server, complete the following steps:

Download the consumer RPM for your Satellite Server. This is located in the pub directory on the host’s web server. For example, for a Satellite Server with the host name satellite.example.com, enter the following command on the host to register:
```
# rpm -Uvh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
```
This RPM installs the necessary certificates for accessing repositories on Satellite Server and configures Red Hat Subscription Manager to use the server’s URL.
On the host, enter the following command to register the host to Satellite using the activation key:
```
# subscription-manager register --activationkey="My_Activation_Key" \
--org="My_Organization"
```
To view a list of hosts for an organization, on Satellite Server, enter the following command:
```
# hammer host list --organization "My_Organization"
```
After registering a host to Satellite Server, install the katello-agent package on the host so that it can report back to Satellite Server:
```
# yum install katello-agent
```
The Red Hat Satellite Tools 6.6 repository provides this package.

Multiple Activation Keys

You can use multiple activation keys when registering a content host. You can then create activation keys for specific subscription sets and combine them according to content host requirements. For example, the following command registers a content host to your organization with both VDC and OpenShift subscriptions:

# subscription-manager register --org="My_Organization" \
--activationkey="ak-VDC,ak-OpenShift"

Settings Conflicts

If there are conflicting settings in activation keys, the rightmost key takes precedence.

Settings that conflict: Service Level, Release Version, Environment, Content View, and Product Content.
Settings that do not conflict and the host gets the union of them: Subscriptions and Host Collections.
Settings that influence the behavior of the key itself and not the host configuration: Content Host Limit and Auto-Attach.

10.4. Enabling Auto-Attach

When auto-attach is enabled on an activation key and there are subscriptions associated with the key, the subscription management service selects and attaches the best-matched associated subscriptions based on a set of criteria like currently installed products, architecture, and preferences like service level.

You can enable auto-attach and have no subscriptions associated with the key. This type of key is commonly used to register virtual machines when you do not want the virtual machine to consume a physical subscription, but to inherit a host-based subscription from the hypervisor. For more information, see Configuring Virtual Machine Subscriptions in Red Hat Satellite.

Auto-attach is enabled by default. Disable the option if you want to force attach all subscriptions associated with the activation key.

Procedure

To enable auto-attach, complete the following steps:

In the Satellite web UI, navigate to Content > Activation Keys.
Click the activation key name that you want to edit.
Click the Subscriptions tab.
Click the edit icon next to Auto-Attach.
Select or clear the check box to enable or disable auto-attach.
Click Save.

For CLI Users

To enable auto-attach on the activation key:

# hammer activation-key update --name "My_Activation_Key" \
--organization "My_Organization" --auto-attach true

10.5. Setting the Service Level

You can configure an activation key to define a default service level for the new host created with the activation key. Setting a default service level selects only the matching subscriptions to be attached to the host. For example, if the default service level on an activation key is set to Premium, only subscriptions with premium service levels are attached to the host upon registration.

Procedure

To set the service level, complete the following steps:

In the Satellite web UI, navigate to Content > Activation Keys.
Click the activation key name you want to edit.
Click the edit icon next to Service Level.
Select the required service level from the list. The list only contains service levels available to the activation key.
Click Save.

For CLI Users

To set a default service level to Premium on the activation key:

# hammer activation-key update --name "My_Activation_Key" \
--organization "My_Organization" --service-level premium

Chapter 11. Managing Errata

As a part of Red Hat’s quality control and release process, we provide customers with updates for each release of official Red Hat RPMs. Red Hat compiles groups of related package into an erratum along with an advisory that provides a description of the update. There are three types of advisories (in order of importance):

Security Advisory: Describes fixed security issues found in the package. The security impact of the issue can be Low, Moderate, Important, or Critical.
Bug Fix Advisory: Describes bug fixes for the package.
Product Enhancement Advisory: Describes enhancements and new features added to the package.

Red Hat Satellite 6 imports this errata information when synchronizing repositories with Red Hat’s Content Delivery Network (CDN). Red Hat Satellite 6 also provides tools to inspect and filter errata, allowing for precise update management. This way, you can select relevant updates and propagate them through Content Views to selected content hosts.

Errata are labeled according to the most important advisory type they contain. Therefore, errata labeled as Product Enhancement Advisory can contain only enhancement updates, while Bug Fix Advisory errata can contain both bug fixes and enhancements, and Security Advisory can contain all three types.

In Red Hat Satellite, there are two keywords that describe an erratum’s relationship to the available content hosts:

Applicable: An erratum that applies to one or more content hosts, which means it updates packages present on the content host. Although these errata apply to content hosts, until their state changes to Installable, the errata are not ready to be installed. Installable errata are automatically applicable.
Installable: An erratum that applies to one or more content hosts and is available to install on the content host. Installable errata are available to a content host from life cycle environment and the associated Content View, but are not yet installed.

This chapter shows how to manage errata and apply them to either a single host or multiple hosts.

11.1. Inspecting Available Errata

The following procedure describes how to view and filter the available errata and how to display metadata of the selected advisory.

Navigate to Content > Errata to view the list of available errata.
Use the filtering tools at the top of the page to limit the number of displayed errata:
- Select the repository to be inspected from the list. All Repositories is selected by default.
- The Applicable check box is selected by default to view only errata applicable to the selected repository. Select the Installable check box to view only errata marked as installable.
- To search the table of errata, type the query in the Search field in the form of:
```
parameter operator value
```
  See Table 11.1, “Parameters Available for Errata Search” for the list of parameters available for search. Find the list of applicable operators in Supported Operators for Granular Search in Administering Red Hat Satellite. Automatic suggestion works as you type. You can also combine queries with the use of and and or operators. For example, to display only security advisories related to the kernel package, type:
```
type = security and package_name = kernel
```
  Press Enter to start the search.
Click the Errata ID of the erratum you want to inspect:
- The Details tab contains the description of the updated package as well as documentation of important fixes and enhancements provided by the update.
- On the Content Hosts tab, you can apply the erratum to selected content hosts as described in Section 11.7, “Applying Errata to Multiple Hosts”.
- The Repositories tab lists repositories that already contain the erratum. You can filter repositories by the environment and Content View, and search for them by the repository name.

For CLI Users

To view errata that are available for all organizations, enter the following command:
```
# hammer erratum list
```
To view details of a specific erratum, enter the following command:
```
# hammer erratum info --id erratum_ID
```
You can search errata by entering the query with the --search option. For example, to view applicable errata for the selected product that contains the specified bugs ordered so that the security errata are displayed on top, enter the following command:
```
# hammer erratum list \
--product-id 7 \
--search "bug = 1213000 or bug = 1207972" \
--errata-restrict-applicable 1 \
--order "type desc"
```

Table 11.1. Parameters Available for Errata Search
Parameter	Description	Example
bug	Search by the Bugzilla number.	bug = 1172165
cve	Search by the CVE number.	cve = CVE-2015-0235
id	Search by the errata ID. The auto-suggest system displays a list of available IDs as you type.	id = RHBA-2014:2004
issued	Search by the issue date. You can specify the exact date, like "Feb16,2015", or use keywords, for example "Yesterday", or "1 hour ago". The time range can be specified with the use of the "<" and ">" operators.	issued < "Jan 12,2015"
package	Search by the full package build name. The auto-suggest system displays a list of available packages as you type.	package = glib2-2.22.5-6.el6.i686
package_name	Search by the package name. The auto-suggest system displays a list of available packages as you type.	package_name = glib2
severity	Search by the severity of the issue fixed by the security update. Specify Critical, Important, or Moderate.	severity = Critical
title	Search by the advisory title.	title ~ openssl
type	Search by the advisory type. Specify security, bugfix, or enhancement.	type = bugfix
updated	Search by the date of the last update. You can use the same formats as with the `issued` parameter.	updated = "6 days ago"

11.2. Subscribing to Errata Notifications

You can configure email notifications for Satellite users. Users receive a summary of applicable and installable errata, notifications on Content View promotion or after synchronizing a repository. For more information, see the Configuring Email Notifications section in the Administering Red Hat Satellite guide.

11.3. Limitations to Repository Dependency Resolution

There are a number of challenges to solving repository dependencies in Satellite 6. This is a known issue. For more information, see BZ#1508169, BZ#1640420, BZ#1508169, and BZ#1629462. With Satellite, using incremental updates to your Content Views solves some repository dependency problems. However, dependency resolution at a repository level still remains problematic on occasion.

When a repository update becomes available with a new dependency, Satellite retrieves the newest version of the package to solve the dependency, even if there are older versions available in the existing repository package. This can create further dependency resolution problems when installing packages.

Example scenario

A repository on your client has the package example_repository-1.0 with the dependency example_repository-libs-1.0. The repository also has another package example_tools-1.0.

A security erratum becomes available with the package example_tools-1.1. The example_tools-1.1 package requires the example_repository-libs-1.1 package as a dependency.

After an incremental Content View update, the example_tools-1.1, example_tools-1.0, and example_repository-libs-1.1 are now in the repository. The repository also has the packages example_repository-1.0 and example_repository-libs-1.0. Note that the incremental update to the Content View did not add the package example_repository-1.1. Because you can install all these packages using yum, no potential problem is detected. However, when the client installs the example_tools-1.1 package, a dependency resolution problem occurs because both example_repository-libs-1.0 and example_repository-libs-1.1 cannot be installed.

There is currently no workaround for this problem. The larger the time frame, and major Y releases between the base set of RPMs and the errata being applied, the higher the chance of a problem with dependency resolution.

11.4. Creating a Content View Filter for Errata

You can use content filters to limit errata. Such filters include:

ID - Select specific erratum to allow into your resulting repositories.
Date Range - Define a date range and include a set of errata released during that date range.
Type - Select the type of errata to include such as bug fixes, enhancements, and security updates.

Create a content filter to exclude errata after a certain date. This ensures your production systems in the application life cycle are kept up to date to a certain point. Then you can modify the filter’s start date to introduce new errata into your testing environment to test the compatibility of new packages into your application life cycle.

Prerequisites

A Content View with the repositories that contain required errata is created. For more information, see Section 8.1, “Creating a Content View”.

Procedure

In the Satellite web UI, navigate to Content > Content Views and select a Content View that you want to use for applying errata.
Navigate to Yum Content > Filters and click New Filter.
In the Name field, enter Errata Filter.
From the Content Type list, select Erratum - Date and Type.
From the Inclusion Type list, select Exclude.
In the Description field, enter Exclude errata items from YYYY-MM-DD.
Click Save.
For Errata Type, select the check boxes of errata types you want to exclude. For example, select the Enhancement and Bugfix check boxes and clear the Security check box to exclude enhancement and bugfix errata after certain date, but include all the security errata.
For Date Type, select one of two check boxes:
- Issued On for the issued date of the erratum.
- Updated On for the date of the erratum’s last update.
Select the Start Date to exclude all errata on or after the selected date.
Leave the End Date field blank.
Click Save.
Click Publish New Version to publish the resulting repository.
Enter Adding errata filter in the Description field.
Click Save.
When the Content View completes publication, notice the Content column reports a reduced number of packages and errata from the initial repository. This means the filter successfully excluded the all non-security errata from the last year.
Click the Versions tab.
Click Promote to the right of the published version.
Select the environments you want to promote the Content View version to.
In the Description field, enter the description for promoting.
Click Promote Version to promote this Content View version across the required environments.

For CLI Users

Create a filter for the errata:

# hammer content-view filter create --name "Filter Name" \
--description "Exclude errata items from the YYYY-MM-DD" \
--content-view "CV Name" --organization "Default Organization" \
--type "erratum"

Create a filter rule to exclude all errata on or after the Start Date that you want to set:

# hammer content-view filter rule create --start-date "YYYY-MM-DD" \
--content-view "CV Name" --content-view-filter="Filter Name" \
--organization "Default Organization" --types=security,enhancement,bugfix

Publish the Content View:

# hammer content-view publish --name "CV Name" \
--organization "Default Organization"

Promote the Content View to the lifecycle environment so that the included errata are available to that lifecycle environment:

# hammer content-view version promote \
--content-view "CV Name" \
--organization "Default Organization" \
--to-lifecycle-environment "Lifecycle Environment Name"

11.5. Adding Errata to an incremental Content View

If errata are available but not installable, you can create an incremental Content View version to add the errata to your content hosts. For example, if the Content View is version 1.0, it becomes Content View version 1.1, and when you publish, it becomes Content View version 2.0.

In the Satellite web UI, navigate to Content > Errata.
From the Errata list, click the name of the errata that you want to apply.
Select the content hosts that you want to apply the errata to, and click Apply to Hosts. This creates the incremental update to the Content View.
If you want to apply the errata to the content host, select the Apply Errata to Content Hosts immediately after publishing check box.
Note
Until BZ#1459807 is resolved, if you apply non-installable errata to hosts registered to Capsule Servers, do not select the Apply errata to Content Hosts immediately after publishing check box.
Instead, after clicking Confirm, wait for the errata Content View to be promoted and for the Capsule synchronization task to finish. Then, the errata will be marked as Installable and you can use the procedure again to apply it.
Click Confirm to apply the errata.

For CLI Users

List the errata and its corresponding IDs:
```
# hammer erratum list
```
List the different content-view versions and the corresponding IDs:
```
# hammer content-view version list
```

Apply a single erratum to content-view version. You can add more IDs in a comma-separated list.

# hammer content-view version incremental-update \
--content-view-version-id 319 --errata-ids 34068b

11.6. Applying Errata to a Host

Use these procedures to review and apply errata to a host.

Prerequisites

Synchronize Red Hat Satellite repositories with the latest errata available from Red Hat. For more information, see Section 5.8, “Synchronizing Red Hat Repositories”.
Register the host to an environment and Content View on Satellite Server. For more information, see Registering Hosts in the Managing Hosts guide.
For RHEL 7 hosts, ensure that you install the katello-agent package. For more information, see Installing the Katello Agent in the Managing Hosts guide.

For Red Hat Enterprise Linux 8

To apply an erratum to a RHEL 8 host, you can run a remote execution job on Satellite Server or update the host. For more information about running remote execution jobs, see Running Jobs on Hosts in the Managing Hosts guide.

To apply an erratum to a RHEL 8 host, complete the following steps:

On Satellite, list all errata for the host:

# hammer host errata list \
--host client.example.com

Find the module stream an erratum belongs to:
```
# hammer erratum info --id ERRATUM_ID
```
On the host, update the module stream:
```
# yum update Module_Stream_Name
```

For Red Hat Enterprise Linux 7

To apply an erratum to a RHEL 7 host, complete the following steps:

In the Satellite web UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
Navigate to the Errata tab to see the list of errata.
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.

For CLI Users

To apply an erratum to a RHEL 7 host, complete the following steps:

List all errata for the host:

# hammer host errata list \
--host client.example.com

Apply the most recent erratum to the host. Identify the erratum to apply using the erratum ID:
```
# hammer host errata apply --host "Host Name" \
--errata-ids ERRATUM_ID1,ERRATUM_ID2...
```

11.7. Applying Errata to Multiple Hosts

Use these procedures to review and apply errata to multiple RHEL 7 hosts.

Prerequisites

Synchronize Red Hat Satellite repositories with the latest errata available from Red Hat. For more information, see Section 5.8, “Synchronizing Red Hat Repositories”.
Register the hosts to an environment and Content View on Satellite Server. For more information, see Registering Hosts in the Managing Hosts guide.
Install the katello-agent package on hosts. For more information, see Installing the Katello Agent in the Managing Hosts guide.

Procedure

Navigate to Content > Errata.
Click the name of an erratum you want to apply.
Click to Content Hosts tab.
Select the hosts you want to apply errata to and click Apply to Hosts.
Click Confirm.

For CLI Users

Although the CLI does not have the same tools as the Web UI, you can replicate a similar procedure with CLI commands.

List all installable errata:

# hammer erratum list \
--errata-restrict-installable true \
--organization "Default Organization"

Select the erratum you want to use and list the hosts that this erratum is applicable to:

# hammer host list \
--search "applicable_errata = ERRATUM_ID" \
--organization "Default Organization"

Apply the errata to a single host:

# hammer host errata apply \
--host client.example.com \
--organization "Default Organization" \
--errata-ids ERRATUM_ID1,ERRATUM_ID2...

The following Bash script applies an erratum to each host for which this erratum is available:

for HOST in hammer --csv --csv-separator "|" host list --search "applicable_errata = ERRATUM_ID" --organization "Default Organization" | tail -n+2 | awk -F "|" '{ print $2 }' ;
do
  echo "== Applying to $HOST ==" ; hammer host errata apply --host $HOST --errata-ids ERRATUM_ID1,ERRATUM_ID2 ;
done

This command identifies all hosts with erratum_IDs as an applicable erratum and then applies the erratum to each host.

To see if an erratum is applied successfully, find the corresponding task in the output of the following command:
```
# hammer task list
```
View the state of a selected task:
```
# hammer task progress --id task_ID
```

11.8. Applying Errata to a Host Collection

To apply selected errata to a host collection, enter the following command:

# hammer host-collection erratum install \
--errata "erratum_ID1,erratum_ID2,..." \
--name "host_collection_name"\
--organization "Your_Organization"

Chapter 12. Managing OSTree Content

OSTree is a tool to manage bootable, immutable, versioned file system trees. You can use a custom OSTree content on a build system, then export an OSTree repository to a static HTTP. Red Hat Enterprise Linux Atomic Server uses OSTree content composed from RPM files as a method to keep the operating system up to date.

You can use Red Hat Satellite 6 to synchronize and manage OSTree branches from an OSTree repository.

In Satellite Server 6.6, OSTree management tools are enabled by default. If you ever have a reason to enable the tool, enter the following command:

# satellite-installer --katello-enable-ostree=true

12.1. Selecting Red Hat OSTree Content to Synchronize

Red Hat CDN provides OSTree Content for you to select and synchronize.

Procedure

To find and synchronize OSTree content, complete the following steps:

In the Satellite web UI, navigate to Content > Red Hat Repositories.
From the list, select the OSTree content type.
In the Available Repositories pane, locate the OSTree repisotry set you want to use, for example, the Red Hat Enterprise Linux Atomic Host Trees set from the Red Hat Enterprise Linux Atomic Host product group.
Click the Enable icon to enable the repository you want to use.
Navigate to Content > Products and click the product that you want to use, for example Red Hat Enterprise Linux Atomic Host.
Select the upstream synchronization policy for this repository. By default, Satellite synchronizes only the latest OSTree branch.
1. Click the repository you want to synchronize.
2. From the Upstream Sync Policy menu, select one of the following policies to synchronize OSTree branches for this repository:
  - Latest Only - synchronize only the latest OSTree branch.
  - All History - synchronize all OSTree branches.
  - Custom - synchronize a custom number of OSTree branches. Enter the required number into the field below.
3. Click Save.
From the Select Action menu, select Sync Now.

To view the Synchronization Status

In the Satellite web UI, navigate to Content > Sync Status and expand, for example, Red Hat Enterprise Linux Atomic Host.

For CLI Users

Search the Red Hat Enterprise Linux Server product for ostree repositories:

# hammer repository-set list \
--product "Red Hat Enterprise Linux Atomic Host" \
--organization "My_Organization" | grep "ostree"

Enable the ostree repository for Red Hat Enterprise Linux Atomic Host or any product that you want to use:

# hammer repository-set enable \
--product "Red Hat Enterprise Linux Atomic Host" \
--name "Red Hat Enterprise Linux Atomic Host (Trees)" \
--organization "My_Organization"

Locate and synchronize the repository for the product:

# hammer repository list \
--product "Red Hat Enterprise Linux Atomic Host" \
--organization "My_Organization"
# hammer repository synchronize \
--name "Red Hat Enterprise Linux Atomic Host Trees" \
--product "Red Hat Enterprise Linux Atomic Host" \
--organization "My_Organization"

12.2. Importing Custom OSTree Content

In addition to importing OSTree content from Red Hat CDN, you can also import content from other sources. This requires a published HTTP location for the OSTree to import.

Procedure

To import custom OSTree content, complete the following steps:

In the Satellite web UI, navigate to Content > Products and click Create Product.
In the Name field, enter a name for your OSTree content. This automatically populates the Label field.
Optional: In the GPG Key field, enter a GPG Key for the entire product.
From the Sync Plan menu, select a synchronization plan to associate with the product.
In the Description field, enter a description of the product and click Save.
When the product creation completes, click Create Repository.
In the Name field, enter a name for the repository. This automatically populates the Label field.
From the Type list, select ostree.
In the URL field, enter the URL of the registry to use as a source. For example http://www.example.com/rpm-ostree/.
From the Upstream Sync Policy menu, select one of the following policies to synchronize OSTree branches for this repository:
- Latest Only - synchronize only the latest OSTree branch.
- All History - synchronize all OSTree branches.
- Custom - synchronize a custom number of OSTree branches. Enter the required number into the field below.
Click Save.
When the repository creation completes, select the new repository and click Sync Now to start the synchronization process.

To view the Synchronization Status:

In the Satellite web UI, navigate to Content > Sync Status and expand the entry that you want to view.

For CLI Users

Create the custom OSTree Content product:

# hammer product create \
--name "Custom OSTree Content" \
--sync-plan "Example_Plan" \
--description "OSTree Content" \
--organization "My_Organization"

Create the repository for the OSTree:

# hammer repository create \
--name "Custom OSTree" \
--content-type "ostree" \
--url "http://www.example.com/rpm-ostree/" \
--product "OSTree Content" \
--organization "My_Organization"

Synchronize the repository:

# hammer repository synchronize \
--name "Custom OStree" \
--product "OSTree Content" \
--organization "My_Organization"

12.3. Managing OSTree Content with Content Views

Use Content Views to manage OSTree branches across the application life cycle. This process uses the same publication and promotion method that RPMs and Puppet modules use.

Procedure

To create a content view for your OSTree and add a repository, complete the following steps:

In the Satellite web UI, navigate to Content > Content Views and click Create New View.
In the Name field, enter a plain text name for the view. This automatically populates the Label field.
In the Description field, enter a description of the OSTree Content View.
If you want to use a Composite Content View, select the Composite View check box.
Click Save to complete.
Navigate to the OSTree Content tab, then click Add.
Select the OSTree repository for that you want to use. Click Add Repository to add the OSTree content from this repository to the Content View.
Navigate to Versions and click Publish New Version.
In the Description field, enter a description for the version, and click Save.

You can also click Promote to promote this Content View across environments in the application life cycle.

For CLI Users

Obtain a list of repository IDs:

# hammer repository list --organization "_My_Organization_"

Create the Content View and add the repository:

# hammer content-view create \
--name "OSTree" \
--description "OSTree for Red Hat Enterprise Linux Atomic Host" \
--repository-ids 5 \
--organization "My_Organization"

Publish the view:

# hammer content-view publish \
--name "OSTree" \
--description "Example Content View for the OSTree" \
--organization "My_Organization"

Chapter 13. Managing Container Images

With Red Hat Satellite 6, you can import container images from various sources and distribute them to external containers using Content Views.

For information about containers, see Getting Started with Containers in Red Hat Enterprise Linux Atomic Host 7.

13.1. Importing Container Images

You can import container image repositories from Red Hat Registry or from other image registries.

This procedure uses repository discovery to find container images and import them as repositories. For more information about creating a product and repository manually, see Chapter 6, Importing Custom Content.

Procedure

To import container image repositories and create or associate them with a product, complete the following steps:

In the Satellite web UI, navigate to Content > Products and click Repo Discovery.
From the Repository Type list, select Container Images.
In the Registry to Discover field, enter the URL of the registry to import images from.
In the Registry Username field, enter the name that corresponds with your user name for the container image registry.
In the Registry Password field, enter the password that corresponds with the user name that you enter.
In the Registry Search Parameter field, enter any search criteria that you want to use to filter your search, and then click Discover.
Optional: To further refine the Discovered Repository list, in the Filter field, enter any additional search criteria that you want to use.
From the Discovered Repository list, select any repositories that you want to import, and then click Create Selected.
Optional: If you want to create a product, from the Product list, select New Product.
In the Name field, enter a product name.
Optional: In the Repository Name and Repository Label columns, you can edit the repository names and labels.
Click Run Repository Creation.
When repository creation is complete, you can click each new repository to view more information.
Optional: To filter the content you import to a repository, click a repository, and then navigate to Limit Sync Tags. Click to edit, and add any tags that you want to limit the content that synchronizes to Satellite.
Navigate to Content > Products and select the name of your product.
Select the new repositories and then click Sync Now to start the synchronization process.

To view the progress of the synchronization navigate to Content > Sync Status and expand the repository tree.

When the synchronization completes, you can click Container Image Manifests to list the available manifests. From the list, you can also remove any manifests that you do not require.

For CLI Users

Create the custom Red Hat Container Catalog product:

# hammer product create \
--name "Red Hat Container Catalog" \
--sync-plan "Example Plan" \
--description "Red Hat Container Catalog content" \
--organization "My_Organization"

Create the repository for the container images:

# hammer repository create \
--name "RHEL7" \
--content-type "docker" \
--url "http://registry.access.redhat.com/" \
--docker-upstream-name "rhel7" \
--product "Red Hat Container Catalog" \
--organization "My_Organization"

Synchronize the repository:

# hammer repository synchronize \
--name "RHEL7" \
--product "Red Hat Container Catalog" \
--organization "My_Organization"

13.2. Managing Container Name Patterns

When you use Satellite to create and manage your containers, as the container moves through Content View versions and different stages of the Satellite lifecycle environment, the container name changes at each stage. For example, if you synchronize a container image with the name ssh from an upstream repository, when you add it to a Satellite product and organization and then publish as part of a Content View, the container image can have the following name: my_organization_production-custom_spin-my_product-custom_ssh. This can create problems when you want to pull a container image because container registries can contain only one instance of a container name. To avoid problems with Satellite naming conventions, you can set a registry name pattern to override the default name to ensure that your container name is clear for future use.

Limitations

If you use a registry name pattern to manage container naming conventions, because registry naming patterns must generate globally unique names, you might experience naming conflict problems. For example:

If you set the repository.docker_upstream_name registry name pattern, you cannot publish or promote Content Views with container content with identical repository names to the Production lifecycle.
If you set the lifecycle_environment.name registry name pattern, this can prevent the creation of a second container repository with the identical name.

You must proceed with caution when defining registry naming patterns for your containers.

Procedure

To manage container naming with a registry name pattern, complete the following steps:

In the Satellite web UI, navigate to Content > Lifecycle Environments, and either create a lifecycle environment or select a lifecycle environment to edit.
In the Container Image Registry area, click the edit icon to the right of Registry Name Pattern area.
Use the list of variables and examples to determine which registry name pattern you require.
In the Registry Name Pattern field, enter the registry name pattern that you want to use. For example, to use the repository.docker_upstream_name:
```
<%= repository.docker_upstream_name %>
```
Click Save.

13.3. Managing Container Registry Authentication

By default, users must authenticate to access containers images in Satellite.

You can specify whether you want users to authenticate to access container images in Satellite in a lifecycle environment. For example, you might want to permit users to access container images from the Production lifecycle without any authentication requirement and restrict access the Development and QA environments to authenticated users.

Procedure

To manage the authentication settings for accessing containers images from Satellite, complete the following steps:

In the Satellite web UI, navigate to Content > Lifecycle Environments and select the lifecycle environment that you want to manage authentication for.
To permit unauthenticated access to the containers in this lifecycle environment, select the Unauthenticated Pull check box. To restrict unauthenticated access, clear the Unauthenticated Pull check box.
Click Save.

Chapter 14. Managing ISO Images

You can use Red Hat Satellite 6 to store ISO images, either from Red Hat’s Content Delivery Network or other sources. You can also upload other files, such as virtual machine images, and publish them in repositories.

14.1. Importing ISO Images from Red Hat

The Red Hat Content Delivery Network provides ISO images for certain products. The procedure for importing this content is similar to the procedure for enabling repositories for RPM content.

Procedure

To import Red Hat ISO images, complete the following steps:

In the Satellite web UI, navigate to Content > Red Hat Repositories.
In the Search field, enter an image name, for example, Red Hat Enterprise Linux 7 Server (ISOs).
In the Available Repositories window, expand Red Hat Enterprise Linux 7 Server (ISOs).
For the x86_64 7.2 entry, click the Enable icon to enable the repositories for the image.
Navigate to Content > Products and click Red Hat Enterprise Linux Server.
Click the Repositories tab of the Red Hat Enterprise Linux Server window, and click Red Hat Enterprise Linux 7 Server ISOs x86_64 7.2.
In the upper right of the Red Hat Enterprise Linux 7 Server ISOs x86_64 7.2 window, click Select Action and select Sync Now.

To view the Synchronization Status

In the web UI, navigate to Content > Sync Status and expand Red Hat Enterprise Linux Server.

For CLI Users

Locate the Red Hat Enterprise Linux Server product for file repositories:

# hammer repository-set list \
--product "Red Hat Enterprise Linux Server" \
--organization "My_Organization" | grep "file"

Enable the file repository for Red Hat Enterprise Linux 7.2 Server ISO:

# hammer repository-set enable \
--product "Red Hat Enterprise Linux Server" \
--name "Red Hat Enterprise Linux 7 Server (ISOs)" \
--releasever 7.2 \
--basearch x86_64 \
--organization "My_Organization"

Locate and synchronize the repository in the product:

# hammer repository list \
--product "Red Hat Enterprise Linux Server" \
--organization "My_Organization"
# hammer repository synchronize \
--name "Red Hat Enterprise Linux 7 Server ISOs x86_64 7.2" \
--product "Red Hat Enterprise Linux Server" \
--organization "My_Organization"

14.2. Importing Individual ISO Images and Files

Use this procedure to manually import ISO content and other files to Satellite Server. To import custom files, you can complete the following steps in the web UI or using the Hammer CLI. However, if the size of the file that you want to upload is larger than 15 MB, you must use the Hammer CLI to upload it to a repository.

Create a custom product.
Add a repository for files to the product.
Upload a file to the repository.

Procedure

To import custom ISO images, complete the following steps:

In the Satellite web UI, navigate to Content > Products, and in the Products window, click Create Product.
In the Name field, enter a name to identify the product. This name populates the Label field.
In the GPG Key field, enter a GPG Key for the product.
From the Sync Plan list, select a synchronization plan for the product.
In the Description field, enter a description of the product.
Click Save.
In the Products window, click the new product and then click Create Repository.
In the Name field, enter a name for the repository. This automatically populates the Label field.
From the Type list, select file.
In the Upstream URL field, enter the URL of the registry to use as a source. Add a corresponding user name and password in the Upstream Username and Upstream Password fields.
Click Save.
Click the new repository.
Navigate to the Upload File and click Browse.
Select the .iso file and click Upload.

For CLI Users

Create the custom product:

# hammer product create \
--name "My_ISOs" \
--sync-plan "Example Plan" \
--description "My_Product" \
--organization "My_Organization"

Create the repository:

# hammer repository create \
--name "My_ISOs" \
--content-type "file" \
--product "My_Product" \
--organization "My_Organization"

Upload the ISO file to the repository:

# hammer repository upload-content \
--path ~/bootdisk.iso \
--name "My_ISOs" \
--organization "My_Organization"

Chapter 15. Managing Custom File Type Content

In Satellite, you might require methods of managing and distributing SSH keys and source code files or larger files such as virtual machine images and ISO files. To achieve this, custom products in Red Hat Satellite include repositories for custom file types. This provides a generic method to incorporate arbitrary files in a product.

You can upload files to the repository and synchronize files from an upstream Satellite Server. When you add files to a custom file type repository, you can use the normal Satellite management functions such as adding a specific version to a Content View to provide version control and making the repository of files available on various Capsule Servers. Clients must download the files over HTTP or HTTPS using curl -O.

You can create a file type repository in Satellite Server only in a custom product, but there is flexibility in how you create the file type repository. You can create an independent file type repository in a directory on the system where Satellite is installed, or on a remote HTTP server, and then synchronize the contents of that directory into Satellite. This method is useful when you have multiple files to add to a Satellite repository.

15.1. Creating a Custom File Type Repository in Red Hat Satellite

The procedure for creating a custom file type repository is the same as the procedure for creating any custom content, except that when you create the repository, you select the file type. You must create a product and then add a custom repository.

Procedure

To create a custom product, complete the following procedure:

In the Satellite web UI, navigate to Content > Products, click Create Product and enter the following details:
In the Name field, enter a name for the product. Red Hat Satellite 6 automatically completes the Label field based on what you have entered for Name.
Optional: From the GPG Key list, select the GPG key for the product.
Optional: From the Sync Plan list, select a synchronization plan for the product.
In the Description field, enter a description of the product, and then click Save.

To create a repository for your custom product, complete the following procedure:

In the Products window, select the name of a product that you want to create a repository for.
Click the Repositories tab, and then click New Repository.
In the Name field, enter a name for the repository. Red Hat Satellite 6 automatically completes the Label field based on the name.
From the Type list, select file.
In the Upstream URL field, enter the URL of the upstream repository to use as a source.
Select the Verify SSL check box if you want to verify that the upstream repository’s SSL certificates are signed by a trusted CA.
In the Upstream Username field, enter the user name for the upstream repository if required for authentication. Clear this field if the repository does not require authentication.
In the Upstream Password field, enter the corresponding password for the upstream repository. Clear this field if the repository does not require authentication.
Click Save.

For CLI Users

Create a Custom Product

# hammer product create \
--name "My File Product" \
--sync-plan "Example Plan" \
--description "My files" \
--organization "My_Organization"

Table 15.1. Optional Parameters for the hammer product create Command
Option	Description
`--gpg-key` gpg_key_name	Key name to search by
`--gpg-key-id` gpg_key_id	GPG key numeric identifier
`--sync-plan` sync_plan_name	Sync plan name to search by
`--sync-plan-id` sync_plan_id	Sync plan numeric identifier

Create a File Type Repository

# hammer repository create \
--name "My Files" \
--content-type "file" \
--product "My File Product" \
--organization "My_Organization"

Table 15.2. Optional Parameters for the hammer repository create Command
Option	Description
`--checksum-type` sha_version	Repository checksum, currently 'sha1' & 'sha256' are supported
`--download-policy` policy_name	Download policy for yum repos (either 'immediate', 'on_demand', or 'background').
`--gpg-key` gpg_key_name	Key name to search by
`--gpg-key-id` gpg_key_id	GPG key numeric identifier
`--mirror-on-sync` boolean	Must this repo be mirrored from the source, and stale RPMs removed, when synced? Set to `true` or `false`, `yes` or `no`, `1` or `0`.
`--publish-via-http` boolean	Must this also be published using HTTP? Set to `true` or `false`, `yes` or `no`, `1` or `0`.
`--upstream-username` repository_username	Upstream repository user, if required for authentication
`--upstream-password` repository_password	Password for the upstream repository user
`--url` source_repo_url	URL of the Source repository
`--verify-ssl-on-sync` boolean	Must Katello verify that the upstream URL’s SSL certificates are signed by a trusted CA? Set to `true` or `false`, `yes` or `no`, `1` or `0`.

15.2. Creating a Custom File Type Repository in a Local Directory

You can create a custom file type repository, from a directory of files, on the base system where Satellite is installed using the pulp-manifest command. You can then synchronize the files into Satellite Server. When you add files to a file type repository, you can work with the files as with any other repository.

Use this procedure to configure a repository in a directory on the base system where Satellite is installed. To create a file type repository in a directory on a remote server, see Section 15.3, “Creating a Remote File Type Repository”.

Procedure

To create a file type repository in a local directory, complete the following procedure:

Ensure the Server and Satellite Tools repositories are enabled:

# subscription-manager repos --enable=rhel-7-server-rpms \
--enable=rhel-7-server-satellite-tools-6.6-rpms

Install the Pulp Manifest package:

# satellite-maintain packages install python-pulp-manifest

Create a directory that you want to use as the file type repository in the HTTP server’s public folder:
```
# mkdir my_file_repo
```
Add files to the directory or create a test file:
```
# touch my_file_repo/test.txt
```
Enter the Pulp Manifest command to create the manifest:
```
# pulp-manifest my_file_repo
```

Verify the manifest was created:

# ls my_file_repo
PULP_MANIFEST test.txt

Importing Files from a File Type Repository

To import files from a file type repository in a local directory, complete the following procedure:

Ensure a custom product exists in Satellite Server.
In the Satellite web UI, navigate to Content > Products.
Select the name of a product.
Click the Repositories tab and select New Repository.
In the Name field, enter a name for the repository. Red Hat Satellite 6 automatically completes this field based on what you enter for Name.
From the Type list, select the content type of the repository.
In the Upstream URL field, enter the local directory with the repository to use as the source, in the form file:///my_file_repo.
Select the Verify SSL check box to check the SSL certificate for the repository or clear the Verify SSL check box.
Optional: In the Upstream Username field, enter the upstream user name that you require.
Optional: In the Upstream Password field, enter the corresponding password for your upstream user name.
Select Save to save this repository entry.

Updating a File Type Repository

To update the file type repository, complete the following steps:

In the Satellite web UI, navigate to Content > Products.
Select the name of a product.
Select the name of the repository you want to update.
From the Select Action menu, select Sync Now.
Visit the URL where the repository is published to see the files.

15.3. Creating a Remote File Type Repository

You can create a custom file type repository from a directory of files that is external to Satellite Server using the pulp-manifest command. You can then synchronize the files into Satellite Server over HTTP or HTTPS. When you add files to a file type repository, you can work with the files as with any other repository.

Use this procedure to configure a repository in a directory on a remote server. To create a file type repository in a directory on the base system where Satellite Server is installed, see Section 15.2, “Creating a Custom File Type Repository in a Local Directory”.

Prerequisites

Before you create a remote file type repository, ensure the following conditions exist:

You have a Red Hat Enterprise Linux 7 server registered to your Satellite or the Red Hat CDN.
Your server has an entitlement to the Red Hat Enterprise Linux Server and Satellite Tools repositories.
You have installed an HTTP server. For more information about configuring a web server, see The Apache HTTP Server in the Red Hat Enterprise Linux 7 System Administrator’s Guide.

Procedure

To create a file type repository in a remote directory, complete the following procedure:

On your remote server, ensure that the Server and Satellite Tools repositories are enabled:

# subscription-manager repos --enable=rhel-7-server-rpms \
--enable=rhel-7-server-satellite-tools-6.6-rpms

Install the Pulp Manifest package:
```
# yum install python-pulp-manifest
```
Create a directory that you want to use as the file type repository in the HTTP server’s public folder:
```
# mkdir /var/www/html/pub/my_file_repo
```
Add files to the directory or create a test file:
```
# touch /var/www/html/pub/my_file_repo/test.txt
```
Enter the Pulp Manifest command to create the manifest:
```
# pulp-manifest /var/www/html/pub/my_file_repo
```

Verify the manifest was created:

# ls /var/www/html/pub/my_file_repo
PULP_MANIFEST test.txt

Importing Files from a Remote a File Type Repository

To import files from a remote file type repository, complete the following procedure:

Ensure a custom product exists in Satellite Server, or create a custom product. For more information see Section 15.1, “Creating a Custom File Type Repository in Red Hat Satellite”
In the Satellite web UI, navigate to Content > Products.
Select the name of a product.
Click the Repositories tab and select New Repository.
In the Name field, enter a name for the repository. Red Hat Satellite 6 automatically completes this field based on what you enter for Name.
From the Type list, select file.
In the Upstream URL field, enter the URL of the upstream repository to use as a source.
Select the Verify SSL check box if you want to verify that the upstream repository’s SSL certificates are signed by a trusted CA.
In the Upstream Username field, enter the user name for the upstream repository if required for authentication. Clear this field if the repository does not require authentication.
In the Upstream Password field, enter the corresponding password for the upstream repository. Clear this field if the repository does not require authentication.
Click Save.
To update the file type repository, navigate to Content > Products. Select the name of a product that contains the repository that you want to update.
In the product’s window, select the name of the repository you want to update.
From the Select Action menu, select Sync Now.

Visit the URL where the repository is published to view the files.

15.4. Uploading Files To a Custom File Type Repository in Red Hat Satellite

Procedure

To upload files to a custom file type repository, complete the following steps:

In the Satellite web UI, navigate to Content > Products.
Select a custom product by name.
Select a file type repository by name.
Click Browse to search and select the file you want to upload.
Click Upload to upload the selected file to Satellite Server.
Visit the URL where the repository is published to see the file.

For CLI Users

# hammer repository upload-content \
--name "My Files" \
--organization "My_Organization" \
--path example_file

The --path option can indicate a file, a directory of files, or a glob expression of files. Globs must be escaped by single or double quotes.

15.5. Downloading Files to a Host From a Custom File Type Repository in Red Hat Satellite

You can download files to a client over HTTPS using curl -O, and optionally over HTTP if the Publish via HTTP repository option is selected.

Prerequisites

You have a custom file type repository. See Section 15.1, “Creating a Custom File Type Repository in Red Hat Satellite” for more information.
You know the name of the file you want to download to clients from the file type repository.
To use HTTPS you require the following certificates on the client:
1. The katello-server-ca.crt. For more information, see Installing the Katello Root CA Certificate in the Administering Red Hat Satellite guide.
2. An Organization Debug Certificate. See Section 2.3, “Creating an Organization Debug Certificate” for more information.

Procedure

To download files to a host from a custom file type repository, complete the following procedure:

In the Satellite web UI, navigate to Content > Products.
Select a custom product by name.
Select a file type repository by name.
Check to see if Publish via HTTP is enabled. If it is not, you require the certificates to use HTTPS.
Copy the URL where the repository is published.

For CLI Users

List the file type repositories.

# hammer repository list --content-type file
---|----------|-----------------|--------------|----
ID | NAME     | PRODUCT         | CONTENT TYPE | URL
---|----------|-----------------|--------------|----
7  | My Files | My File Product | file         |
---|----------|-----------------|--------------|----

Display the repository information.

# hammer repository info --name "My Files" --product "My File Product" --organization-id 1

If HTTP is enabled, the output is similar to this:

Publish Via HTTP:   yes
Published At:       http://satellite.example.com/pulp/isos/uuid/

If HTTP is not enabled, the output is similar to this:

Publish Via HTTP:   no
Published At:       https://satellite.example.com/pulp/isos/uuid/

On the client, enter a command in the appropriate format for HTTP or HTTPS:

For HTTP:

# curl -O satellite.example.com/pulp/isos/uuid/my_file

For HTTPS:

# curl -O --cert ./Default\ Organization-key-cert.pem --cacert katello-server-ca.crt satellite.example.com/pulp/isos/uuid/my_file

Chapter 16. Managing Custom Puppet Content

In Satellite, if you want to incorporate state configuration of hosts using Puppet modules, you can create a custom product with repositories for Puppet modules to achieve this.

16.1. Creating a Custom Puppet Repository

The procedure for creating a custom Puppet module repository is the same as the procedure for creating any custom content, except that when you create the repository, you select the puppet type. You must create a product and then add a custom repository.

Procedure

In the Satellite web UI, navigate to Content > Products, and click the product that you want to use.
Click Create Repository.
In the Name field, enter a name for the repository. Red Hat Satellite 6 automatically completes the Label field based on what you have entered for Name.
From the Type list, select puppet.
In the URL field, enter the URL of the external repository to use as a source. You can use a repository source to synchronize your own Puppet modules.
Click Save.

For CLI Users

Enter the following command to create a Puppet module repository:

# hammer repository create \
--name "PostgreSQL Puppet Modules" \
--content-type "puppet" \
--product "PostgreSQL" \
--organization "My_Organization"

16.2. Managing Individual Puppet Modules

If you want to create a custom product that contains both RPM content and a Puppet module to install and configure a server using the custom RPM content, use the procedure in Section 16.1, “Creating a Custom Puppet Repository” and then use the following procedure to upload Puppet modules.

Support for Custom RPMs

Red Hat does not support the modules from Puppet Forge. For any issues with these modules, contact the module developer.

Prerequisites

From the Puppet Forge website, download the module that you want to use, for example, https://forge.puppetlabs.com/puppetlabs/postgresql.
In your web browser, click download latest tar.gz to save to your local file system.

Procedure

In the Satellite web UI, navigate to Content > Products and select the product that contains the Puppet repository that you want to manage.
In the repository window, click the new Puppet repository, which displays the details page for that repository.
Navigate to the Upload Puppet Module area, click Browse, select the newly downloaded and extracted Puppet module, and click Upload.

To manage and remove Puppet modules from a product, complete the following steps:

In the window for your Puppet Modules repository, navigate to the upper right of the window to the Content Counts area. In the Puppet Modules row, click the numerical value that is displayed for the Puppet Modules.
In the Manage Puppet Modules for your Puppet Module repository window, select the modules that you want to manage and then click Select Action and perform an action, or select Remove Puppet Modules.

For CLI Users

Copy the Puppet module to your Satellite Server’s file system:
```
$ scp ~/puppet_module.tar.gz root@satellite.example.com:~/.
```

Import the Puppet module to the Puppet Modules repository:

# hammer repository upload-content \
--path ~/puppet_module.tar.gz \
--name "My Puppet Modules" \
--organization "My_Organization"

16.3. Synchronizing Puppet Repositories

In addition to creating a repository of uploaded Puppet modules, Satellite Server can synchronize a complete Puppet module repository. In this example, Satellite Server synchronizes the entire Puppet Forge repository.

Support for Custom RPMs

Red Hat does not support the modules from Puppet Forge. The modules are used to demonstrate the synchronization process. For any issues with these modules, contact the module developer.

Procedure

In the Satellite web UI, navigate to Content > Products and click Create Product.
In the Name field, enter a name for the product. Red Hat Satellite 6 automatically completes the Label field based on what you have entered for Name.
Optional: From the GPG Key list, select the GPG key for the product.
Optional: From the Sync Plan list, select a synchronization plan for the product.
In the Description field, enter a description of the product.
Click Save.
Click Create Repository, which displays a form for a new repository.
In the Name field, enter a name for the repository. Red Hat Satellite 6 automatically completes this field based on what you have entered for Name.
From the Type list, select puppet.
In the URL field, enter http://forge.puppetlabs.com/.
Click Save
Select the new Puppet repository and click Sync Now to import all modules from Puppet Forge into Satellite Server. This can take a long time.

For CLI Users

Create the product:

# hammer product create \
--name "Puppet Forge" \
--sync-plan "Example Plan" \
--description "All modules from Puppet Forge" \
--organization "My_Organization"

Create the Puppet Forge repository:

# hammer repository create \
--name "Puppet Forge Modules" \
--content-type "puppet" \
--product "Puppet Forge" \
--organization "My_Organization" \
--url http://forge.puppetlabs.com/

Synchronize the repository:

# hammer repository synchronize \
--name "Puppet Forge Modules" \
--product "Puppet Forge" \
--organization "My_Organization"

The Puppet Forge repository contains several thousand modules and can take a long time to synchronize.

16.4. Synchronizing Puppet Modules from a Git Repository

Red Hat Satellite 6 includes a utility called pulp-puppet-module-builder, which you can install on other systems from the pulp-puppet-tools RPM. This tool checks out a Git repository, builds all the modules, and publishes them in a structure that Satellite 6 can synchronize. One common method is to run the utility on Satellite Server itself, publish to a local directory, and synchronize against that directory. For example:

# mkdir /modules
# chmod 755 /modules
# pulp-puppet-module-builder \
--output-dir=/modules \
--url=git@mygitserver.com:mymodules.git \
--branch=develop

This example checks out the develop branch of the Git repository from git@mygitserver.com:mymodules.git and publishes it to /modules. Add this directory as the URL (file:///modules) for a new repository on Satellite Server.

Publishing Puppet Modules on a Remote HTTP Server

The same process also applies to publishing modules on a remote HTTP server. For example, if you use webserver.example.com as a standard web host to publish the Puppet modules.

# mkdir /var/www/html/modules/
# chmod 755 /var/www/html/modules/
# pulp-puppet-module-builder \
--output-dir=/var/www/html/modules/ \
--url=git@mygitserver.com:mymodules.git \
--branch=develop

On Satellite Server, set the repository’s URL to http://webserver.example.com/modules/.

Synchronizing Puppet Modules from a Git repository using the web UI

Use the following procedure to synchronize Puppet modules from a Git repository.

Procedure

Create a custom product and click Create Repository.
From the Type list, select puppet.
In the URL field, enter the URL of the external Git repository to use as a source in the following format: file:///modules.

For CLI Users

Create the Puppet Forge repository:

# hammer repository create \
--name "Modules from Git" \
--content-type "puppet" \
--product "MyProduct" \
--organization "My_Organization" \
--url file:///modules

Appendix A. Using an NFS Share for Content Storage

Your environment requires adequate hard disk space to fulfill content storage. In some situations, it is useful to use an NFS share to store this content. This appendix shows how to mount the NFS share on your Satellite Server’s content management component.

Important

Do not mount the full /var/lib/pulp on an NFS share. Use high-bandwidth, low-latency storage for the /var/lib/pulp file system. Red Hat Satellite has many I/O-intensive operations; therefore, high-latency, low-bandwidth storage might have issues with performance degradation. Only use the NFS share for the /var/lib/pulp/content directory.

Create the NFS share. This example uses a share at nfs.example.com:/satellite/content. Ensure this share provides the appropriate permissions to Satellite Server and its apache user.
Stop the satellite-maintain services on the Satellite host:
```
# satellite-maintain service stop
```
Ensure Satellite Server has the nfs-utils package installed:
```
# satellite-maintain packages install nfs-utils
```
You need to copy the existing contents of /var/lib/pulp/content to the NFS share. First, mount the NFS share to a temporary location:
```
# mkdir /mnt/temp
# mount -o rw nfs.example.com:/satellite/content /mnt/temp
```
Copy the existing contents of /var/lib/pulp/content to the temporary location:
```
# cp -r /var/lib/pulp/content/* /mnt/temp/.
```
Set the permissions for all files on the share to use the apache user. This ID of this user is usually 48.
Unmount the temporary storage location:
```
# umount /mnt/temp
```
Remove the existing contents of /var/lib/pulp/content:
```
# rm -rf /var/lib/pulp/content/*
```
Edit the /etc/fstab file and add the following line:
```
nfs.example.com:/satellite/content    /var/lib/pulp/content   nfs    rw,hard,intr,context="system_u:object_r:httpd_sys_rw_content_t:s0"
```
This makes the mount persistent across system reboots. Ensure to include the SELinux context.
Enable the mount:
```
# mount -a
```

Confirm the NFS share mounts to var/lib/pulp/content:

# df
Filesystem                         1K-blocks     Used Available Use% Mounted on
...
nfs.example.com:/satellite/content 309506048 58632800 235128224  20% /var/lib/pulp/content
...

Also confirm that the existing content exists at the mount on var/lib/pulp/content:

# ls /var/lib/pulp/content

Start the satellite-maintain services on the Satellite host:
```
# satellite-maintain service start
```

Satellite Server now uses the NFS share to store content. Run a content synchronization (see Section 5.2, “Content Synchronization Overview”) to ensure the NFS share works as expected.

Appendix B. Configuring Satellite to Synchronize Content with a Local CDN Server

In a disconnected environment, you must ensure that Satellite Server contains the required content to provision systems with the latest security updates, errata, and packages. To do this, follow this procedure to download content ISO images from the Red Hat Customer Portal and import them into a local CDN server. You can host the local CDN server on the base operating system of Satellite Server or on a system that is accessible to Satellite over HTTP. Next, you must configure Satellite Server to synchronize content with the local CDN server.

Procedure

Log on to the Red Hat Customer Portal at https://access.redhat.com.
In the upper left of the window, click Downloads and select Red Hat Satellite.
Click the Content ISOs tab. This page lists all the products that are available in your subscription.
Click the link for the product name, such as Red Hat Enterprise Linux 7 Server (x86_64) to download the ISO image.
Copy all of Satellite Content ISO images to a system that you want to use as a local CDN server. For example, the /root/isos directory on Satellite Server.
Note that storing the content on the same system where Satellite is installed is not a requirement. The CDN can be hosted on a different system inside the same disconnected network as long as it is accessible to Satellite Server over HTTP.
On the system that you want to use as your local CDN server, create a local directory that is accessible over httpd. For example, /var/www/html/pub/sat-import/:
```
# mkdir -p /var/www/html/pub/sat-import/
```
Create a mount point and temporarily mount the ISO image at that location:
```
# mkdir /mnt/iso
# mount -o loop /root/isos/first_iso /mnt/iso
```
Recursively copy content of the first ISO image to the local directory:
```
# cp -ruv /mnt/iso/* /var/www/html/pub/sat-import/
```
If you do not plan to use the mounted binary DVD ISO image, unmount and remove the mount point:
```
# umount /mnt/iso
# rmdir /mnt/iso
```
Repeat the above step for each ISO image until you have copied all the data from the Content ISO images into /var/www/html/pub/sat-import/.
Ensure that the SELinux context for the directory is correct:
```
# restorecon -rv /var/www/html/pub/sat-import/
```
In the Satellite web UI, navigate to Content > Subscriptions.
Click Manage Manifest.
Edit the Red Hat CDN URL field to point to the host name of the system that you use as a local CDN server with the newly created directory, for example:
http://server.example.com/pub/sat-import/
Click Update and then upload your manifest into Satellite.

Appendix C. Importing Kickstart Repositories

Kickstart repositories are not provided by the Content ISO image. To use Kickstart repositories in your disconnected Satellite, you must download a binary DVD ISO file for the version of Red Hat Enterprise Linux that you want to use and copy the Kickstart files to Satellite.

Procedure

Navigate to the Red Hat Customer Portal at https://access.redhat.com/ and log in.
In the upper left of the window, click Downloads.
Locate and click the version of Red Hat Enterprise Linux that you want to use, for example Red Hat Enterprise Linux 8.
In the Download Red Hat Enterprise Linux window, locate the binary DVD version of the ISO image, for example, Red Hat Enterprise Linux 8.1 Binary DVD, and click Download Now.
When the download completes, copy the ISO image to Satellite Server.
On Satellite Server, create a mount point and temporarily mount the ISO image at that location:
```
# mkdir /mnt/iso
# mount -o loop rhel-8.1-x86_64-dvd.iso /mnt/iso
```
Create Kickstart directories for AppStream and BaseOS:
```
# mkdir /var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/appstream/kickstart

# mkdir /var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/baseos/kickstart
```
Note that if you use Red Hat Enterprise Linux 7, you must create and complete all the following steps in only one directory /var/www/html/pub/sat-import/content/dist/rhel/server/7/7.7/x86_64/kickstart/.
To the listing files /var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/appstream/listing and /var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/baseos/listing, append kickstart with a new line:
```
kickstart
```
To the listing file /var/www/html/pub/sat-import/content/dist/rhel8/listing, append the version number of the operating system ISO that you use with a new line. For example, for the RHEL 8.1 binary ISO, add 8.1 with a new line:
```
8.1
```

Copy the kickstart files from the ISO image:

# cp -a /mnt/iso/AppStream/* \
/var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/appstream/kickstart

# cp -a /mnt/iso/BaseOS/* /mnt/iso/images/ \
/var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/baseos/kickstart

Note that for BaseOS, you must also copy the contents of the /mnt/iso/images/ directory.

Copy the .treeinfo files from the ISO image:

# cp /mnt/iso/.treeinfo \
/var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/appstream/kickstart/treeinfo

# cp /mnt/iso/.treeinfo \
/var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/baseos/kickstart/treeinfo

Open the /var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/baseos/kickstart/treeinfo file for editing.
In the [general] section, make the following changes:
- Change packagedir = AppStream/Packages to packagedir = Packages
- Change repository = AppStream to repository = .
- Change variant = AppStream to variant = BaseOS
- Change variants = AppStream,BaseOS to variants = BaseOS
In the [tree] section, change variants = AppStream,BaseOS to variants = BaseOS.
In the [variant-BaseOS] section, make the following changes:
- Change packages = BaseOS/Packages to packages = Packages
- Change repository = BaseOS to repository = .
Delete the [media] and [variant-AppStream] sections.
Save and close the file.

Verify that the /var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/baseos/kickstart/treeinfo file has the following format:

[checksums]
images/efiboot.img = sha256:9ad9beee4c906cd05d227a1be7a499c8d2f20b3891c79831325844c845262bb6
images/install.img = sha256:e246bf4aedfff3bb54ae9012f959597cdab7387aadb3a504f841bdc2c35fe75e
images/pxeboot/initrd.img = sha256:a66e3c158f02840b19c372136a522177a2ab4bd91cb7269fb5bfdaaf7452efef
images/pxeboot/vmlinuz = sha256:789028335b64ddad343f61f2abfdc9819ed8e9dfad4df43a2694c0a0ba780d16

[general]
; WARNING.0 = This section provides compatibility with pre-productmd treeinfos.
; WARNING.1 = Read productmd documentation for details about new format.
arch = x86_64
family = Red Hat Enterprise Linux
name = Red Hat Enterprise Linux 8.1.0
packagedir = Packages
platforms = x86_64,xen
repository = .
timestamp = 1571146127
variant = BaseOS
variants = BaseOS
version = 8.1.0

[header]
type = productmd.treeinfo
version = 1.2

[images-x86_64]
efiboot.img = images/efiboot.img
initrd = images/pxeboot/initrd.img
kernel = images/pxeboot/vmlinuz

[images-xen]
initrd = images/pxeboot/initrd.img
kernel = images/pxeboot/vmlinuz

[release]
name = Red Hat Enterprise Linux
short = RHEL
version = 8.1.0

[stage2]
mainimage = images/install.img

[tree]
arch = x86_64
build_timestamp = 1571146127
platforms = x86_64,xen
variants = BaseOS

[variant-BaseOS]
id = BaseOS
name = BaseOS
packages = Packages
repository = .
type = variant
uid = BaseOS

Open the /var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/appstream/kickstart/treeinfo file for editing.
In the [general] section, make the following changes:
- Change packagedir = AppStream/Packages to packagedir = Packages
- Change repository = AppStream to repository = .
- Change variants = AppStream,BaseOS to variants = AppStream
In the [tree] section, change variants = AppStream,BaseOS to variants = AppStream.
In the [variant-AppStream] section, make the following changes:
- Change packages = AppStream/Packages to packages = Packages
- Change repository = AppStream to repository = .
Delete the following sections from the file: [checksums], [images-x86_64], [images-xen], [media], [stage2], [variant-BaseOS].
Save and close the file.

Verify that the /var/www/html/pub/sat-import/content/dist/rhel8/8.1/x86_64/appstream/kickstart/treeinfo file has the following format:

[general]
; WARNING.0 = This section provides compatibility with pre-productmd treeinfos.
; WARNING.1 = Read productmd documentation for details about new format.
arch = x86_64
family = Red Hat Enterprise Linux
name = Red Hat Enterprise Linux 8.1.0
packagedir = Packages
platforms = x86_64,xen
repository = .
timestamp = 1571146127
variant = AppStream
variants = AppStream
version = 8.1.0

[header]
type = productmd.treeinfo
version = 1.2

[release]
name = Red Hat Enterprise Linux
short = RHEL
version = 8.1.0

[tree]
arch = x86_64
build_timestamp = 1571146127
platforms = x86_64,xen
variants = AppStream

[variant-AppStream]
id = AppStream
name = AppStream
packages = Packages
repository = .
type = variant
uid = AppStream

If you do not plan to use the mounted binary DVD ISO image, unmount and remove the directory:
```
# umount /mnt/iso
# rmdir /mnt/iso
```
In the Satellite web UI, enable the Kickstart repositories.

Appendix D. Reverting Satellite to Download Content from Red Hat CDN

If your environment changes from disconnected to connected, you can reconfigure a disconnected Satellite to download content directly from the Red Hat CDN.

Procedure

In the Satellite web UI, navigate to Content > Subscriptions.
Click Manage Manifest.
Edit the Red Hat CDN URL field to point to the Red Hat CDN URL:
https://cdn.redhat.com
Click Save.

Satellite Server is now configured to download content from the CDN the next time that it synchronizes repositories.

Appendix E. Importing Content ISOs into a Connected Satellite

Even if Satellite Server can connect directly to the Red Hat Customer Portal, you can perform the initial synchronization from locally mounted content ISOs. When the initial synchronization is completed from the content ISOs, you can switch back to downloading content through the network connection. To accomplish this, download the Content ISOs for Red Hat Satellite from the Red Hat Customer Portal and import them into Satellite Server. For locations with bandwidth limitations, using an On Demand or Background download policy might be more efficient than downloading and importing Content ISOs.

Important

You can only import content ISO images for Red Hat Enterprise Linux 8 because repodata checksum from CDN does not match the repodata checksum from the content ISO images for Red Hat Enterprise Linux 7 and lower.

Note that if you synchronize a Red Hat Enterprise Linux ISO, all minor versions of Red Hat Enterprise Linux also synchronize. You require adequate storage on your Satellite to account for this.

Important

This section is not required if your Satellite Server is connected to the Internet.

This example procedure performs the first synchronization of the Red Hat Enterprise Linux 8 repository from content ISO images.

Procedure

Log in to the Red Hat Customer Portal at https://access.redhat.com/.
In the upper left of the window, click Downloads and select Red Hat Satellite.
Click the Content ISOs tab. This page lists all the products that are available in your subscription.
Click the link for the product name, such as RHEL 8 (x86_64), to reveal links to download ISO images.
Download the ISO images.
On Satellite Server, create a directory to act as a temporary store for all of the required Satellite content ISO images. This example uses /tmp/isos/rhel8:
```
# mkdir -p /tmp/isos/rhel8
```

On your workstation, copy the ISO files to Satellite Server:

$ scp ~/Downloads/iso_file root@satellite.example.com:/tmp/isos/rhel8

On Satellite Server, create a directory to serve as a mount point for the ISOs:
```
# mkdir /mnt/iso
```
Create a working directory to store ISO images:
```
# mkdir /mnt/rhel8
```

Temporarily mount the first ISO image:

# mount -o loop /tmp/isos/iso_file /mnt/iso

Recursively copy the contents of the first ISO to the working directory:
```
# cp -ruv /mnt/iso/* /mnt/rhel8/
```
Unmount the ISO image:
```
# umount /mnt/iso
```
Repeat the above step for each ISO until you have copied all the data from the Content ISO images into /mnt/rhel8.
If required, remove the empty directory used as the mount point:
```
# rmdir /mnt/iso
```
If required, remove the temporary working directory and its contents to regain space:
```
# rm -rf /tmp/isos/
```
Set the owner and the SELinux context for the directory and its contents to be the same as /var/lib/pulp:
```
# chcon -R --reference /var/lib/pulp  /mnt/rhel8/
# chown -R apache:apache /mnt/rhel8/
```
Create or edit the /etc/pulp/content/sources/conf.d/local.conf file. Append the following text into the file:
```
[rhel-8-server]
enabled: 1
priority: 0
expires: 3d
name: Red Hat Enterprise Linux 8
type: yum
base_url: file:///mnt/rhel8/content/dist/rhel/server/8/x86_64/os/
```
The base_url path might differ in your content ISO. The directory specified in base_url must contain the repodata directory, otherwise the synchronization fails. To synchronize multiple repositories, create a separate entry for each of them in the configuration file /etc/pulp/content/sources/conf.d/local.conf.
In the Satellite web UI, navigate to Content > Red Hat Repositories and enable the following repositories:
- Red Hat Enterprise Linux 8 for x86_64 - BaseOS RPMs 8
- Red Hat Enterprise Linux 8 for x86_64 - AppStream RPMs 8
Under Content > Sync Status select the repositories to be synchronized and click Synchronize Now.

Note that the Satellite web UI does not indicate which source is being used. In case of problems with a local source, Satellite pulls content through the network. To monitor the process, enter the following command on Satellite:

# journalctl -f -l SYSLOG_IDENTIFIER=pulp | grep -v worker[\-,\.]heartbeat

The above command displays interactive logs. First, Satellite Server connects to the Red Hat Customer Portal to download and process repository metadata. Then, the local repository is loaded. In case of any errors, cancel the synchronization in the Satellite web UI and verify your configuration.

After successful synchronization you can detach the local source by removing its entry from /etc/pulp/content/sources/conf.d/local.conf.

Legal Notice

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.

Linux® is the registered trademark of Linus Torvalds in the United States and other countries.

Java® is a registered trademark of Oracle and/or its affiliates.

XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.

MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.

Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.

The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.