Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 2. Installing Red Hat Lightspeed
This document provides starting points and resources for registering systems to Red Hat Lightspeed.
Installation of Red Hat Lightspeed typically involves installing the Red Hat Lightspeed client, then registering systems for use with Red Hat Lightspeed. You can use different methods to register and install Red Hat Lightspeed. A registration assistant is also available to guide you through the process of registering and installing Red Hat Lightspeed. You can also use the Remote Host Configuration (RHC) tool. The installation method you use can depend on conditions such as,
- Whether you are connecting to Red Hat for the first time
- Whether you use a certain version of RHEL
- Whether you want to do an automated installation or manual install
- Other factors
2.1. Installing Red Hat Lightspeed on Red Hat Enterprise Linux Satellite-managed hosts
To install Red Hat Lightspeed on Red Hat Enterprise Linux hosts managed by Red Hat Satellite, see:
2.2. Registering and configuring Satellite Server integration with FedRAMP
Before you can use Red Hat Lightspeed with your server, you need to connect your servers to the Satellite Server. The Satellite Server enables your servers to communicate with Red Hat Lightspeed.
An IP address-based allow list restricts network access to the Red Hat Lightspeed service. This ensures that only the servers and ports that you specify can connect to the Satellite Server.
Red Hat Lightspeed subscription services are currently not available in the FedRAMP environment. Red Hat continuously evaluates service offerings, and will announce any updates or expansions to the FedRAMP environment as they become available.
The following requirements are in addition to existing Satellite Server connectivity requirements to the Red Hat Content Delivery Network and Red Hat Subscription Management (RHSM) for software updates. For more information about connectivity requirements, refer to How to access Red Hat Subscription Manager (RHSM) through a firewall or proxy.
Prerequisites
-
The Satellite Server must be able to connect to the domain
mtls.console.stage.openshiftusgov.com, using the HTTPS protocol on port 443. You must provide a static public egress IP address (or address range) from which Satellite traffic will originate.
NoteContact Red Hat Support to set up the public egress IP address.
The public egress IP address is an additional IP address on the primary network interface of your server.
- You are logged in to the Hybrid Cloud Console (https://console.openshiftusgov.com) as an Organization Administrator.
-
You have administrator
sshaccess to the Satellite server. -
You are logged in to the Satellite Server using
ssh.
Procedure
- From the main menu, navigate to Inventory > Configure Satellites. The Configure Satellites page displays.
- Click Generate Token to create the registration token for your organization.
- Copy the token.
Open a terminal window on your Satellite Server and enter the following command:
hammer organization list
# hammer organization listCopy to Clipboard Copied! Toggle word wrap Toggle overflow The system returns your organization ID. Make note of it for the next step.
Copy the command shown in Step 3 on the Configure Satellites page. Paste it into the terminal. Substitute the organization ID for
<organization_id>.SATELLITE_RH_CLOUD_URL=https://mtls.console.openshiftusgov.com org_id=<organization_id> foreman-rake rh_cloud:hybridcloud_register
# SATELLITE_RH_CLOUD_URL=https://mtls.console.openshiftusgov.com org_id=<organization_id> foreman-rake rh_cloud:hybridcloud_registerCopy to Clipboard Copied! Toggle word wrap Toggle overflow The system returns a prompt for the token that you generated.
Paste the generated token that you copied at the prompt and press Enter.
The system returns a success message. You can now register the system with Satellite and run
insights-client.
2.3. Managing trusted IP addresses with an IP allowlist
Before you can connect Red Hat Lightspeed to your Satellite servers, you need to configure an allowlist that contains a trusted IP address (or range of IP addresses). You can configure the allowlist in two ways:
- Provide the trusted IP address (or addresses) to Red Hat stateside support during onboarding. Support uses the IP addresses to configure an allowlist for Red Hat Lightspeed. This allowlist allows network traffic from your Satellite-controlled environment into Red Hat Lightspeed. To configure the allowlist, contact stateside support through ServiceNow and mention that you want to connect your satellite servers to Red Hat Lightspeed.
- If you have not created the allowlist during onboarding, use the IP allowlist in the Manage Satellites page in the Red Hat Hybrid Cloud Console to manually add trusted IP addresses.
2.3.1. Adding trusted IP addresses to an allowlist
You can use Manage Satellites to create an allowlist, or add an IP address (or a range of IP addresses) to an existing allowlist. Adding IP addresses enables additional FedRAMP users in your organization to access the Red Hat Hybrid Cloud Console.
Manage Satellites allows only IPv4 addresses. It does not support IPv6 addresses.
To add a range of IP addresses, use CIDR notation (for example, 226.167.71.76/32).
Prerequisites
- You have Organization Administrator permissions.
- You are logged in to the Hybrid Cloud Console.
Procedure
- Click Manage Satellites. The Manage Satellites page displays.
Scroll down the page to the IP Address Allowlist section at the bottom.
Click Add IP Addresses. The Add IP Addresses to Allowlist dialog box displays.
Type an IP address (or range of IP addresses) and click Submit. The IP addresses appear on the allowlist.
2.3.2. Removing IP addresses from the allowlist
Prerequisites
- You have Organization Administrator permissions.
- You are logged in to the Hybrid Cloud Console.
- You have an IP allowlist configured.
- You have added at least one IP address (or range of IP addresses) to the allowlist.
Procedure
- Click Manage Satellites. The Manage Satellites page displays.
- Scroll down the page to the IP Address Allowlist section at the bottom.
Select the IP address you want to remove, and then click Remove. The Remove IP Addresses from Allowlist dialog box displays.
- Click Remove, and then click Submit.
Additional resources
- For more information about the Red Hat Lightspeed onboarding process, refer to Registering and managing Satellite server integration with FedRAMP.
- For more information about using Manage Satellites to connect to Satellite servers, see Registering and managing Satellite server integration with FedRAMP
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}