Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 3. Adding content to Satellite
This chapter outlines how you can import different types of custom content to Satellite.
3.1. Products and repositories in Satellite
Content in Satellite is organized into products and repositories. A repository is a collection of content, such as packages, container images, or files. A collection of repositories forms a product.
Both Red Hat content and custom content in Satellite have similarities:
- The relationship between a product and its repositories is the same and the repositories still require synchronization.
- Custom products require a subscription for hosts to access, similar to subscriptions to Red Hat products. Satellite creates a subscription for each custom product you create.
Red Hat content is already organized into products. For example, Red Hat Enterprise Linux Server is a product in Satellite. The repositories for that product consist of different versions, architectures, and add-ons. For Red Hat repositories, products are created automatically after enabling the repository.
Other content can be organized into custom products however you want. For example, you might create an EPEL (Extra Packages for Enterprise Linux) Product and add an "EPEL 7 x86_64" repository to it.
For more information about creating and packaging RPMs, see the Red Hat Enterprise Linux 7 RPM Packaging Guide.
Additional resources
3.2. Best practices for products and repositories
Red Hat recommends following best practices for products and repositories in Satellite.
- Use one content type per product and content view, for example, yum content only.
- Make file repositories available over HTTP. If you set Protected to true, you can only download content using a global debugging certificate.
- Automate the creation of multiple products and repositories by using a Hammer script or an Ansible Playbook.
- For Red Hat content, import your Red Hat manifest into Satellite. For more information, see Chapter 2, Managing Red Hat subscriptions.
Avoid uploading content to repositories with an Upstream URL. Instead, create a repository to synchronize content and upload content to without setting an Upstream URL.
If you upload content to a repository that already synchronizes another repository, the content might be overwritten, depending on the mirroring policy and content type.
3.3. Enabling Red Hat repositories by using Satellite web UI
If outside network access requires usage of an HTTP proxy, configure a default HTTP proxy for your Satellite Server. For more information, see Adding a default HTTP proxy to Satellite.
To select the repositories to synchronize, you must first identify the product that contains the repository, and then enable that repository based on the relevant release version and base architecture.
For an overview of required repositories, see Appendix A, Required Red Hat repositories.
Procedure
- In the Satellite web UI, navigate to Content > Red Hat Repositories.
- To find repositories, either enter the repository name, or toggle the Recommended Repositories button to the on position to view a list of repositories that you require.
- In the Available Repositories pane, click a repository to expand the repository set.
- Click the Enable icon next to the base architecture and release version that you want.
3.4. Enabling Red Hat repositories by using Hammer CLI
If outside network access requires usage of an HTTP proxy, configure a default HTTP proxy for your Satellite Server. For more information, see Adding a default HTTP proxy to Satellite.
To select the repositories to synchronize, you must first identify the product that contains the repository, and then enable that repository based on the relevant release version and base architecture.
For an overview of required repositories, see Appendix A, Required Red Hat repositories.
Procedure
Search for your product:
$ hammer product list --organization "My_Organization"List the repository set for the product:
$ hammer repository-set list \ --product "Red Hat Enterprise Linux Server" \ --organization "My_Organization"Enable the repository using either the name or ID number. Include the release version, such as
7Server, and base architecture, such asx86_64.$ hammer repository-set enable \ --name "Red Hat Enterprise Linux 7 Server (RPMs)" \ --releasever "7Server" \ --basearch "x86_64" \ --product "Red Hat Enterprise Linux Server" \ --organization "My_Organization"
3.5. Authenticating and securing content with content credentials
Upstream content often uses HTTPS and signed metadata or packages. Import SSL certificates when upstream servers use custom or private certificate authorities so Satellite can connect securely. Import GPG keys so registered hosts can verify signatures on Yum content when they consume content from Satellite.
3.5.1. Importing custom SSL certificates by using Satellite web UI
Before you synchronize custom content from an external source, you might need to import SSL certificates into your Satellite. This might include client certs and keys or CA certificates for the upstream repositories you want to synchronize.
If you require SSL certificates and keys to download packages, you can add them to Satellite.
Procedure
- In the Satellite web UI, navigate to Content > Content Credentials. In the Content Credentials window, click Create Content Credential.
- In the Name field, enter a name for your SSL certificate.
- From the Type list, select SSL Certificate.
- In the Content Credentials Content field, paste your SSL certificate, or click Browse to upload your SSL certificate.
- Click Save.
3.5.2. Importing custom SSL certificates by using Hammer CLI
Before you synchronize custom content from an external source, you might need to import SSL certificates into your Satellite. This might include client certs and keys or CA certificates for the upstream repositories you want to synchronize.
If you require SSL certificates and keys to download packages, you can add them to Satellite.
Procedure
Copy the SSL certificate to your Satellite Server:
$ scp My_SSL_Certificate root@satellite.example.com:~/.Or download the SSL certificate to your Satellite Server from an online source:
$ wget -P ~ http://upstream-satellite.example.com/pub/katello-server-ca.crtUpload the SSL Certificate to Satellite:
$ hammer content-credential create \ --content-type cert \ --name "My_SSL_Certificate" \ --organization "My_Organization" \ --path ~/My_SSL_Certificate
3.5.3. Extracting GPG keys from RPM packages
Some vendors ship their RPM repository GPG public keys inside a package, for example, in a release.rpm package. You can extract the key files without installing the package on your system.
Prerequisites
- You know the download URL for the RPM that ships the vendor GPG keys.
Procedure
Download the RPM to your local machine:
$ wget http://www.example.com/9.5/example-9.5-2.noarch.rpmExtract the RPM file without installing it:
$ rpm2cpio example-9.5-2.noarch.rpm | cpio -idmv-
Locate the GPG public key files under the extracted
etc/pki/rpm-gpg/directory, for exampleetc/pki/rpm-gpg/RPM-GPG-KEY-EXAMPLE-95.
Next steps
- Use the extracted key file when you import a custom GPG key into Satellite. For more information, see Section 3.5.4, “Importing a custom GPG key by using Satellite web UI”.
3.5.4. Importing a custom GPG key by using Satellite web UI
When hosts consume signed custom content, ensure that the hosts are configured to validate the installation of packages with the appropriate GPG Key. This helps to ensure that only packages from authorized sources can be installed.
Red Hat content is already configured with the appropriate GPG key and thus GPG Key management of Red Hat repositories is not supported.
Prerequisites
- Ensure that you have a copy of the GPG key used to sign the RPM content that you want to use and manage in Satellite. Most RPM distribution vendors provide their GPG Key on their website. You can also extract GPG key files from an RPM package. For more information, see Section 3.5.3, “Extracting GPG keys from RPM packages”.
Procedure
- In the Satellite web UI, navigate to Content > Content Credentials.
- Click Create Content Credential.
- Enter the name of your repository and select GPG Key from the Type list.
Either paste the GPG key into the Content Credential Contents field, or click Browse and select the GPG key file that you want to import.
If your custom repository contains content signed by multiple GPG keys, you must enter all required GPG keys in the Content Credential Contents field with new lines between each key, for example:
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFy/HE4BEADttv2TCPzVrre+aJ9f5QsR6oWZMm7N5Lwxjm5x5zA9BLiPPGFN 4aTUR/g+K1S0aqCU+ZS3Rnxb+6fnBxD+COH9kMqXHi3M5UNzbp5WhCdUpISXjjpU XIFFWBPuBfyr/FKRknFH15P+9kLZLxCpVZZLsweLWCuw+JKCMmnA =F6VG -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFw467UBEACmREzDeK/kuScCmfJfHJa0Wgh/2fbJLLt3KSvsgDhORIptf+PP OTFDlKuLkJx99ZYG5xMnBG47C7ByoMec1j94YeXczuBbynOyyPlvduma/zf8oB9e Wl5GnzcLGAnUSRamfqGUWcyMMinHHIKIc1X1P4I= =WPpI -----END PGP PUBLIC KEY BLOCK------ Click Save.
3.5.5. Importing a custom GPG key by using Hammer CLI
When hosts consume signed custom content, ensure that the hosts are configured to validate the installation of packages with the appropriate GPG Key. This helps to ensure that only packages from authorized sources can be installed.
Red Hat content is already configured with the appropriate GPG key and thus GPG Key management of Red Hat repositories is not supported.
Prerequisites
- Ensure that you have a copy of the GPG key used to sign the RPM content that you want to use and manage in Satellite. Most RPM distribution vendors provide their GPG Key on their website. You can also extract GPG key files from an RPM package. For more information, see Section 3.5.3, “Extracting GPG keys from RPM packages”.
Procedure
Copy the GPG key to your Satellite Server:
$ scp ~/etc/pki/rpm-gpg/RPM-GPG-KEY-EXAMPLE-95 root@satellite.example.com:~/.Upload the GPG key to Satellite:
$ hammer content-credentials create \ --content-type gpg_key \ --name "My_GPG_Key" \ --organization "My_Organization" \ --path ~/RPM-GPG-KEY-EXAMPLE-95
3.6. Creating custom products
A product in Satellite groups related repositories. Create a custom product before you add custom repositories.
3.6.1. Creating a custom product by using Satellite web UI
Create a custom product so that you can add repositories to the custom product.
Procedure
- In the Satellite web UI, navigate to Content > Products, click Create Product.
- In the Name field, enter a name for the product. Satellite automatically completes the Label field based on what you have entered for Name.
- Optional: From the GPG Key list, select the GPG key for the product.
- Optional: From the SSL CA Cert list, select the SSL CA certificate for the product.
- Optional: From the SSL Client Cert list, select the SSL client certificate for the product.
- Optional: From the SSL Client Key list, select the SSL client key for the product.
- Optional: From the Sync Plan list, select an existing sync plan or click Create Sync Plan and create a sync plan for your product requirements.
- In the Description field, enter a description of the product.
- Click Save.
3.6.2. Creating a custom product by using Hammer CLI
Create a custom product so that you can add repositories to the custom product.
Procedure
Create a product:
$ hammer product create \ --name "My_Name" \ --organization-id My_Organization_ID
3.7. Creating custom repositories
Repositories hold synchronized or uploaded content for a product. Add repository definitions for custom Yum content, then synchronize or upload packages as required.
3.7.1. Adding custom RPM repositories by using Satellite web UI
You can add custom RPM repositories to Satellite by using the Satellite web UI.
The Products window in the Satellite web UI also provides a Repo Discovery function that finds all repositories from a URL and you can select which ones to add to your custom product. For example, you can use the Repo Discovery to search https://download.postgresql.org/pub/repos/yum/16/redhat/ and list all repositories for different Red Hat Enterprise Linux versions and architectures. This helps users save time importing multiple repositories from a single source.
Red Hat does not support the upstream RPMs directly from third-party sites. These RPMs are used to demonstrate the synchronization process. For any issues with these RPMs, contact the third-party developers.
Prerequisites
- You have imported the GPG key that you want to use to verify signatures of the RPM packages. For more information, see Section 3.5.4, “Importing a custom GPG key by using Satellite web UI”.
Procedure
- In the Satellite web UI, navigate to Content > Products and select the product that you want to use, and then click New Repository.
- In the Name field, enter a name for the repository. Satellite automatically completes the Label field based on what you have entered for Name.
- Optional: In the Description field, enter a description for the repository.
-
From the Type list, select
yumas type of repository. - Optional: From the Restrict to Architecture list, select an architecture. If you want to make the repository available to all hosts regardless of the architecture, ensure to select No restriction.
- Optional: From the Restrict to OS Version list, select the operating system version. If you want to make the repository available to all hosts regardless of the operating system version, ensure to select No restriction.
Optional: In the Upstream URL field, enter the URL of the external repository to use as a source. Satellite supports three protocols:
http://,https://, andfile://. If you are using afile://repository, you have to place it under/var/lib/pulp/sync_imports/directory.If you do not enter an upstream URL, you can manually upload packages.
- Optional: Check the Ignore SRPMs checkbox to exclude source RPM packages from being synchronized to Satellite.
-
Optional: Check the Ignore treeinfo checkbox if you receive the error
Treeinfo file should have INI format. All files related to Kickstart will be missing from the repository iftreeinfofiles are skipped. - Select the Verify SSL checkbox if you want to verify that the upstream repository’s SSL certificates are signed by a trusted CA.
- Optional: In the Upstream Username field, enter the user name for the upstream repository if required for authentication. Clear this field if the repository does not require authentication.
- Optional: In the Upstream Password field, enter the corresponding password for the upstream repository. Clear this field if the repository does not require authentication.
- Optional: In the Upstream Authentication Token field, provide the token of the upstream repository user for authentication. Leave this field empty if the repository does not require authentication.
- From the Download Policy list, select the type of synchronization Satellite Server performs. For more information, see Section 6.1, “Download policies overview”.
- From the Mirroring Policy list, select the type of content synchronization Satellite Server performs. For more information, see Section 6.6, “Mirroring policies overview”.
- Optional: In the Retain package versions field, enter the number of versions you want to retain per package. This field is available only if you are using the additive download policy.
- Optional: In the HTTP Proxy Policy field, select an HTTP proxy.
- From the Checksum list, select the checksum type for the repository.
- Optional: You can clear the Unprotected checkbox to require a subscription entitlement certificate for accessing this repository. By default, the repository is published through HTTP.
- Optional: From the GPG Key list, select the GPG key for the product.
- Optional: In the SSL CA Cert field, select the SSL CA Certificate for the repository.
- Optional: In the SSL Client cert field, select the SSL Client Certificate for the repository.
- Optional: In the SSL Client Key field, select the SSL Client Key for the repository.
- Click Save to create the repository.
3.7.2. Adding custom RPM repositories by using Hammer CLI
You can add custom RPM repositories to Satellite by using Hammer CLI.
The Products window in the Satellite web UI also provides a Repo Discovery function that finds all repositories from a URL and you can select which ones to add to your custom product. For example, you can use the Repo Discovery to search https://download.postgresql.org/pub/repos/yum/16/redhat/ and list all repositories for different Red Hat Enterprise Linux versions and architectures. This helps users save time importing multiple repositories from a single source.
Red Hat does not support the upstream RPMs directly from third-party sites. These RPMs are used to demonstrate the synchronization process. For any issues with these RPMs, contact the third-party developers.
Prerequisites
- You have imported the GPG key that you want to use to verify signatures of the RPM packages. For more information, see Section 3.5.5, “Importing a custom GPG key by using Hammer CLI”.
Procedure
Create a Yum repository:
$ hammer repository create \ --arch "My_Architecture" \ --content-type "yum" \ --gpg-key-id My_GPG_Key_ID \ --name "My_Repository" \ --organization "My_Organization" \ --os-version "My_Operating_System_Version" \ --product "My_Product" \ --publish-via-http true \ --url My_Upstream_URL
3.8. Uploading content to custom repositories
You can upload content to custom repositories to distribute content that you cannot synchronize from an upstream URL.
3.8.1. Uploading content to custom RPM repositories by using Satellite web UI
You can upload individual RPMs to custom RPM repositories by using Satellite web UI.
You must use the Hammer CLI to upload source RPMs. For more information, see Section 3.8.2, “Uploading content to custom RPM repositories by using Hammer CLI”.
Procedure
- In the Satellite web UI, navigate to Content > Products.
- Click the name of the custom product.
- In the Repositories tab, click the name of the custom RPM repository.
- Under Upload Package, click Browse… and select the RPM you want to upload.
- Click Upload.
Verification
- To view all RPMs in this repository, click the number next to Packages under Content Counts.
Troubleshooting
- If the upload times out when uploading very large files on a slow network, raise the Sync task timeout setting value. In the Satellite web UI, navigate to Administer > Settings. The Sync task timeout setting is located on the Tasks tab.
Next steps
- Add your custom RPM repository to a content view. For more information, see Section 9.5, “Creating a content view by using Satellite web UI”.
If your custom RPM is unprotected, hosts can consume its content by using the Published At URL.
In the Default Organization View content view, the URL consists of your Capsule FQDN,
/pulp/content/, your organization label,/Library/custom/, your product label,/, your repository label, and a trailing/, for example,https://foreman.example.com/pulp/content/Example/Library/custom/my-software/my-app/.
Additional resources
3.8.2. Uploading content to custom RPM repositories by using Hammer CLI
You can upload individual RPMs and source RPMs to custom RPM repositories by using Hammer CLI.
Procedure
Upload an RPM package:
$ hammer repository upload-content \ --id My_Repository_ID \ --path /path/to/example-package.rpmUpload a source RPM package:
$ hammer repository upload-content \ --content-type srpm \ --id My_Repository_ID \ --path /path/to/example-package.src.rpm
Verification
-
After the upload is complete, you can view information about a source RPM by using the commands
hammer srpm listandhammer srpm info --id srpm_ID.
Troubleshooting
If the upload times out when uploading very large files on a slow network, raise the Sync task timeout setting value:
$ hammer settings set --name foreman_tasks_sync_task_timeout --value seconds
Next steps
- Add your custom RPM repository to a content view. For more information, see Section 9.6, “Creating a content view by using Hammer CLI”.
If your custom RPM is unprotected, hosts can consume its content by using the Published At URL.
In the Default Organization View content view, the URL consists of your Capsule FQDN,
/pulp/content/, your organization label,/Library/custom/, your product label,/, your repository label, and a trailing/, for example,https://foreman.example.com/pulp/content/Example/Library/custom/my-software/my-app/.
Additional resources
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}