Questo contenuto non è disponibile nella lingua selezionata.
Chapter 2. Installing Satellite Server
When the intended host for Satellite Server is in a disconnected environment, you can install Satellite Server by using an external computer to download an ISO image of the packages, and copying the packages to the system you want to install Satellite Server on. This method is not recommended for any other situation as ISO images might not contain the latest updates, bug fixes, and functionality.
Use the following procedures to install Satellite Server, perform the initial configuration, and import subscription manifests.
Before you continue, consider which manifests are relevant for your environment. For more information on manifests, see Managing Red Hat Subscriptions in Managing content.
You cannot register Satellite Server to itself.
2.1. Downloading the binary DVD images
Use this procedure to download the ISO images for Red Hat Enterprise Linux and Red Hat Satellite.
Procedure
- Go to Red Hat Customer Portal and log in.
- Click DOWNLOADS.
- Select Red Hat Enterprise Linux.
Ensure that you have the correct product and version for your environment.
- Product Variant is set to Red Hat Enterprise Linux for x86_64.
- Version is set to the latest minor version of the product you plan to use as the base operating system.
- Architecture is set to the 64 bit version.
- On the Product Software tab, download the Binary DVD image for the latest Red Hat Enterprise Linux for x86_64 version.
- Click DOWNLOADS and select Red Hat Satellite.
Ensure that you have the correct product and version for your environment.
- Product Variant is set to Red Hat Satellite.
- Version is set to the latest minor version of the product you plan to use.
- On the Product Software tab, download the Binary DVD image for the latest Red Hat Satellite version.
Copy the ISO files to
/var/tmp
on the Satellite base operating system or other accessible storage device.# scp localfile username@hostname:remotefile
2.2. Configuring the base operating system with offline repositories in RHEL 8
Use this procedure to configure offline repositories for the Red Hat Enterprise Linux 8 and Red Hat Satellite ISO images.
Procedure
Create a directory to serve as the mount point for the ISO file corresponding to the version of the base operating system.
# mkdir /media/rhel8
Mount the ISO image for Red Hat Enterprise Linux to the mount point.
# mount -o loop rhel8-DVD.iso /media/rhel8
To copy the ISO file’s repository data file and change permissions, enter:
# cp /media/rhel8/media.repo /etc/yum.repos.d/rhel8.repo # chmod u+w /etc/yum.repos.d/rhel8.repo
Edit the repository data file and add the
baseurl
directive.[RHEL8-BaseOS] name=Red Hat Enterprise Linux BaseOS mediaid=None metadata_expire=-1 gpgcheck=0 cost=500 baseurl=file:///media/rhel8/BaseOS/ [RHEL8-AppStream] name=Red Hat Enterprise Linux Appstream mediaid=None metadata_expire=-1 gpgcheck=0 cost=500 baseurl=file:///media/rhel8/AppStream/
Verify that the repository has been configured.
# yum repolist
Create a directory to serve as the mount point for the ISO file of Satellite Server.
# mkdir /media/sat6
Mount the ISO image for Satellite Server to the mount point.
# mount -o loop sat6-DVD.iso /media/sat6
2.3. Optional: Using fapolicyd on Satellite Server
By enabling fapolicyd
on your Satellite Server, you can provide an additional layer of security by monitoring and controlling access to files and directories. The fapolicyd daemon uses the RPM database as a repository of trusted binaries and scripts.
You can turn on or off the fapolicyd on your Satellite Server or Capsule Server at any point.
2.3.1. Installing fapolicyd on Satellite Server
You can install fapolicyd
along with Satellite Server or can be installed on an existing Satellite Server. If you are installing fapolicyd
along with the new Satellite Server, the installation process will detect the fapolicyd in your Red Hat Enterprise Linux host and deploy the Satellite Server rules automatically.
Prerequisites
- Ensure your host has access to the BaseOS repositories of Red Hat Enterprise Linux.
Procedure
Install fapolicyd:
# dnf install fapolicyd
Start the
fapolicyd
service:# systemctl enable --now fapolicyd
Verification
Verify that the
fapolicyd
service is running correctly:# systemctl status fapolicyd
New Satellite Server or Capsule Server installations
In case of new Satellite Server or Capsule Server installation, follow the standard installation procedures after installing and enabling fapolicyd on your Red Hat Enterprise Linux host.
Additional resources
For more information on fapolicyd, see Blocking and allowing applications using fapolicyd in Red Hat Enterprise Linux 8 Security hardening.
2.4. Installing the Satellite packages from the offline repositories
Use this procedure to install the Satellite packages from the offline repositories.
Procedure
Ensure the ISO images for Red Hat Enterprise Linux Server and Red Hat Satellite are mounted:
# findmnt -t iso9660
Import the Red Hat GPG keys:
# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
Ensure the base operating system is up to date with the Binary DVD image:
# dnf update
Change to the directory where the Satellite ISO is mounted:
# cd /media/sat6/
Run the installation script in the mounted directory:
# ./install_packages
NoteThe script contains a command that enables the
satellite:el8
module. Enablement of the modulesatellite:el8
warns about a conflict withpostgresql:10
andruby:2.5
as these modules are set to the default module versions on Red Hat Enterprise Linux 8. The modulesatellite:el8
has a dependency for the modulespostgresql:12
andruby:2.7
that will be enabled with thesatellite:el8
module. These warnings do not cause installation process failure, hence can be ignored safely. For more information about modules and lifecycle streams on Red Hat Enterprise Linux 8, see Red Hat Enterprise Linux Application Streams Lifecycle.If you have successfully installed the Satellite packages, the following message is displayed:
Install is complete. Please run satellite-installer --scenario satellite
.
2.5. Resolving package dependency errors
If there are package dependency errors during installation of Satellite Server packages, you can resolve the errors by downloading and installing packages from Red Hat Customer Portal. For more information about resolving dependency errors, see the KCS solution How can I use the yum output to solve yum dependency errors?.
If you have successfully installed the Satellite packages, skip this procedure.
Procedure
- Go to the Red Hat Customer Portal and log in.
- Click DOWNLOADS.
- Click the Product that contains the package that you want to download.
- Ensure that you have the correct Product Variant, Version, and Architecture for your environment.
- Click the Packages tab.
- In the Search field, enter the name of the package.
- Click the package.
- From the Version list, select the version of the package.
- At the bottom of the page, click Download Now.
- Copy the package to the Satellite base operating system.
On Satellite Server, change to the directory where the package is located:
# cd /path-to-package/
Install the package locally:
# dnf install package_name
Change to the directory where the Satellite ISO is mounted:
# cd /media/sat6/
Verify that you have resolved the package dependency errors by installing Satellite Server packages. If there are further package dependency errors, repeat this procedure.
# ./install_packages
NoteThe script contains a command that enables the
satellite:el8
module. Enablement of the modulesatellite:el8
warns about a conflict withpostgresql:10
andruby:2.5
as these modules are set to the default module versions on Red Hat Enterprise Linux 8. The modulesatellite:el8
has a dependency for the modulespostgresql:12
andruby:2.7
that will be enabled with thesatellite:el8
module. These warnings do not cause installation process failure, hence can be ignored safely. For more information about modules and lifecycle streams on Red Hat Enterprise Linux 8, see Red Hat Enterprise Linux Application Streams Lifecycle.If you have successfully installed the Satellite packages, the following message is displayed:
Install is complete. Please run satellite-installer --scenario satellite
.
2.6. Synchronizing the system clock with chronyd
To minimize the effects of time drift, you must synchronize the system clock on the base operating system on which you want to install Satellite Server with Network Time Protocol (NTP) servers. If the base operating system clock is configured incorrectly, certificate verification might fail.
For more information about the chrony
suite, see Using the Chrony suite to configure NTP in Red Hat Enterprise Linux 8 Configuring basic system settings.
Procedure
Install the
chrony
package:# dnf install chrony
Start and enable the
chronyd
service:# systemctl enable --now chronyd
2.7. Installing the sos package on the base operating system
Install the sos
package on the base operating system so that you can collect configuration and diagnostic information from a Red Hat Enterprise Linux system. You can also use it to provide the initial system analysis, which is required when opening a service request with Red Hat Technical Support. For more information on using sos
, see the Knowledgebase solution What is a sosreport and how to create one in Red Hat Enterprise Linux 4.6 and later? on the Red Hat Customer Portal.
Procedure
Install the
sos
package:# satellite-maintain packages install sos
2.8. Configuring Satellite Server
Install Satellite Server using the satellite-installer
installation script. Choose from one of the following methods:
- Section 2.8.1, “Configuring Satellite installation”. This method is performed by running the installation script with one or more command options. The command options override the corresponding default initial configuration options and are recorded in the Satellite answer file. You can run the script as often as needed to configure any necessary options.
2.8.1. Configuring Satellite installation
This initial configuration procedure creates an organization, location, user name, and password. After the initial configuration, you can create additional organizations and locations if required. The initial configuration also installs PostgreSQL databases on the same server.
The installation process can take tens of minutes to complete. If you are connecting remotely to the system, use a utility such as tmux
that allows suspending and reattaching a communication session so that you can check the installation progress in case you become disconnected from the remote system. If you lose connection to the shell where the installation command is running, see the log at /var/log/foreman-installer/satellite.log
to determine if the process completed successfully.
Considerations
-
Use the
satellite-installer --scenario satellite --help
command to display the most commonly used options and any default values. -
Use the
satellite-installer --scenario satellite --full-help
command to display advanced options. -
Specify a meaningful value for the option:
--foreman-initial-organization
. This can be your company name. An internal label that matches the value is also created and cannot be changed afterwards. If you do not specify a value, an organization called Default Organization with the label Default_Organization is created. You can rename the organization name but not the label. -
By default, all configuration files configured by the installer are managed. When
satellite-installer
runs, it overwrites any manual changes to the managed files with the intended values. This means that running the installer on a broken system should restore it to working order, regardless of changes made. For more information on how to apply custom configuration on other services, see Applying Custom Configuration to Satellite.
Procedure
Enter the following command with any additional options that you want to use:
# satellite-installer --scenario satellite \ --foreman-initial-organization "My_Organization" \ --foreman-initial-location "My_Location" \ --foreman-initial-admin-username admin_user_name \ --foreman-initial-admin-password admin_password
The script displays its progress and writes logs to
/var/log/foreman-installer/satellite.log
.Unmount the ISO images:
# umount /media/sat6 # umount /media/rhel8
2.9. Disabling subscription connection
Disable subscription connection on disconnected Satellite Server to avoid connecting to the Red Hat Portal. This will also prevent you from refreshing the manifest and updating upstream entitlements.
Procedure
- In the Satellite web UI, navigate to Administer > Settings.
- Click the Content tab.
-
Set the
Subscription Connection Enabled
value toNo
.
CLI procedure
Enter the following command on Satellite Server:
# hammer settings set --name subscription_connection_enabled --value false
2.10. Importing a Red Hat subscription manifest into Satellite Server
Use the following procedure to import a Red Hat subscription manifest into Satellite Server.
Simple Content Access (SCA) is set on the organization, not the manifest. Importing a manifest does not change your organization’s Simple Content Access status.
Prerequisites
- Ensure you have a Red Hat subscription manifest exported from the Red Hat Customer Portal. For more information, see Using manifests for a disconnected Satellite Server in Subscription Central.
- Ensure that you disable subscription connection on your Satellite Server. For more information, see Section 2.9, “Disabling subscription connection”.
Procedure
- In the Satellite web UI, ensure the context is set to the organization you want to use.
- In the Satellite web UI, navigate to Content > Subscriptions and click Manage Manifest.
- In the Manage Manifest window, click Choose File.
- Navigate to the location that contains the Red Hat subscription manifest file, then click Open.
CLI procedure
Copy the Red Hat subscription manifest file from your local machine to Satellite Server:
$ scp ~/manifest_file.zip root@satellite.example.com:~/.
Log in to Satellite Server as the
root
user and import the Red Hat subscription manifest file:# hammer subscription upload \ --file ~/manifest_file.zip \ --organization "My_Organization"
You can now enable repositories and import Red Hat content. For more information, see Importing Content in Managing content.