검색

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 4. Configuring Capsule Servers for load balancing

download PDF

This chapter outlines how to configure Capsule Servers for load balancing. Proceed to one of the following sections depending on your Satellite Server configuration:

Use different file names for the Katello certificates you create for each Capsule Server. For example, name the certificate archive file with Capsule Server FQDN.

4.1. Configuring Capsule Server with default SSL certificates for load balancing without Puppet

The following section describes how to configure Capsule Servers that use default SSL certificates for load balancing without Puppet. Complete this procedure on each Capsule Server that you want to configure for load balancing.

Procedure

  1. On Satellite Server, generate Katello certificates for Capsule Server:

    # capsule-certs-generate \
    --certs-tar "/root/capsule.example.com-certs.tar" \
    --foreman-proxy-cname loadbalancer.example.com \
    --foreman-proxy-fqdn capsule.example.com

    Retain a copy of the example satellite-installer command that is output by the capsule-certs-generate command for installing Capsule Server certificate.

  2. Copy the certificate archive file from Satellite Server to Capsule Server.

    # scp /root/capsule.example.com-certs.tar root@capsule.example.com:/root/capsule.example.com-certs.tar
  3. Append the following options to the satellite-installer command that you obtain from the output of the capsule-certs-generate command:

    --certs-cname "loadbalancer.example.com" \
    --enable-foreman-proxy-plugin-remote-execution-script
  4. On Capsule Server, enter the satellite-installer command:

    # satellite-installer --scenario capsule \
    --certs-cname "loadbalancer.example.com" \
    --certs-tar-file "capsule.example.com-certs.tar" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-foreman-base-url "https://satellite.example.com" \
    --foreman-proxy-oauth-consumer-key "oauth key" \
    --foreman-proxy-oauth-consumer-secret "oauth secret" \
    --foreman-proxy-register-in-foreman "true" \
    --foreman-proxy-trusted-hosts "satellite.example.com" \
    --foreman-proxy-trusted-hosts "capsule.example.com"

4.2. Configuring Capsule Server with default SSL certificates for load balancing with Puppet

The following section describes how to configure Capsule Servers that use default SSL certificates for load balancing with Puppet.

If you use Puppet in your Satellite configuration, you must complete the following procedures:

4.2.1. Configuring Capsule Server with default SSL certificates to generate and sign Puppet certificates

Complete this procedure only for the system where you want to configure Capsule Server to generate and sign Puppet certificates for all other Capsule Servers that you configure for load balancing.

Procedure

  1. On Satellite Server, generate Katello certificates for the system where you configure Capsule Server to generate and sign Puppet certificates:

    # capsule-certs-generate \
    --certs-tar "/root/capsule-ca.example.com-certs.tar" \
    --foreman-proxy-cname loadbalancer.example.com \
    --foreman-proxy-fqdn capsule-ca.example.com

    Retain a copy of the example satellite-installer command that is output by the capsule-certs-generate command for installing Capsule Server certificate.

  2. Copy the certificate archive file from Satellite Server to Capsule Server:

    # scp /root/capsule-ca.example.com-certs.tar root@capsule-ca.example.com:capsule-ca.example.com-certs.tar
  3. Append the following options to the satellite-installer command that you obtain from the output of the capsule-certs-generate command:

    --certs-cname "loadbalancer.example.com" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-puppetca "true" \
    --puppet-ca-server "capsule-ca.example.com" \
    --puppet-dns-alt-names "loadbalancer.example.com" \
    --puppet-server-ca "true"
  4. On Capsule Server, enter the satellite-installer command:

    # satellite-installer --scenario capsule \
    --certs-cname "loadbalancer.example.com" \
    --certs-tar-file "capsule-ca.example.com-certs.tar" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --enable-puppet \
    --foreman-proxy-foreman-base-url "https://satellite.example.com" \
    --foreman-proxy-oauth-consumer-key "oauth key" \
    --foreman-proxy-oauth-consumer-secret "oauth secret" \
    --foreman-proxy-puppetca "true" \
    --foreman-proxy-register-in-foreman "true" \
    --foreman-proxy-trusted-hosts "satellite.example.com" \
    --foreman-proxy-trusted-hosts "capsule-ca.example.com" \
    --puppet-ca-server "capsule-ca.example.com" \
    --puppet-dns-alt-names "loadbalancer.example.com" \
    --puppet-server true \
    --puppet-server-ca "true"
  5. On Capsule Server, stop the Puppet server:

    # puppet resource service puppetserver ensure=stopped
  6. Generate Puppet certificates for all other Capsule Servers that you configure for load balancing, except the first system where you configure Puppet certificates signing:

    # puppetserver ca generate \
    --ca-client \
    --certname capsule.example.com \
    --subject-alt-names loadbalancer.example.com

    This command creates the following files on the system where you configure Capsule Server to sign Puppet certificates:

    • /etc/puppetlabs/puppet/ssl/certs/capsule.example.com.pem
    • /etc/puppetlabs/puppet/ssl/certs/ca.pem
    • /etc/puppetlabs/puppet/ssl/private_keys/capsule.example.com.pem
    • /etc/puppetlabs/puppet/ssl/public_keys/capsule.example.com.pem
  7. Resume the Puppet server:

    # puppet resource service puppetserver ensure=running

4.2.2. Configuring remaining Capsule Servers with default SSL certificates for load balancing

Complete this procedure on each Capsule Server excluding the system where you configure Capsule Server to sign Puppet certificates.

Procedure

  1. On Satellite Server, generate Katello certificates for Capsule Server:

    # capsule-certs-generate \
    --certs-tar "/root/capsule.example.com-certs.tar" \
    --foreman-proxy-cname loadbalancer.example.com \
    --foreman-proxy-fqdn capsule.example.com

    Retain a copy of the example satellite-installer command that is output by the capsule-certs-generate command for installing Capsule Server certificate.

  2. Copy the certificate archive file from Satellite Server to Capsule Server:

    # scp /root/capsule.example.com-certs.tar root@capsule.example.com:/root/capsule.example.com-certs.tar
  3. On Capsule Server, install the puppetserver package:

    # satellite-maintain packages install puppetserver
  4. On Capsule Server, create directories for puppet certificates:

    # mkdir -p /etc/puppetlabs/puppet/ssl/certs/ \
    /etc/puppetlabs/puppet/ssl/private_keys/ \
    /etc/puppetlabs/puppet/ssl/public_keys/
  5. On Capsule Server, copy the Puppet certificates for this Capsule Server from the system where you configure Capsule Server to sign Puppet certificates:

    # scp root@capsule-ca.example.com:/etc/puppetlabs/puppet/ssl/certs/capsule.example.com.pem /etc/puppetlabs/puppet/ssl/certs/capsule.example.com.pem
    # scp root@capsule-ca.example.com:/etc/puppetlabs/puppet/ssl/certs/ca.pem /etc/puppetlabs/puppet/ssl/certs/ca.pem
    # scp root@capsule-ca.example.com:/etc/puppetlabs/puppet/ssl/private_keys/capsule.example.com.pem /etc/puppetlabs/puppet/ssl/private_keys/capsule.example.com.pem
    # scp root@capsule-ca.example.com:/etc/puppetlabs/puppet/ssl/public_keys/capsule.example.com.pem /etc/puppetlabs/puppet/ssl/public_keys/capsule.example.com.pem
  6. On Capsule Server, change the /etc/puppetlabs/puppet/ssl/ directory ownership to user puppet and group puppet:

    # chown -R puppet:puppet /etc/puppetlabs/puppet/ssl/
  7. On Capsule Server, set the SELinux context for the /etc/puppetlabs/puppet/ssl/ directory:

    # restorecon -Rv /etc/puppetlabs/puppet/ssl/
  8. Append the following options to the satellite-installer command that you obtain from the output of the capsule-certs-generate command:

    --certs-cname "loadbalancer.example.com" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-puppetca "false" \
    --puppet-ca-server "capsule-ca.example.com" \
    --puppet-dns-alt-names "loadbalancer.example.com" \
    --puppet-server-ca "false"
  9. On Capsule Server, enter the satellite-installer command:

    # satellite-installer --scenario capsule \
    --certs-cname "loadbalancer.example.com" \
    --certs-tar-file "capsule.example.com-certs.tar" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-foreman-base-url "https://satellite.example.com" \
    --foreman-proxy-oauth-consumer-key "oauth key" \
    --foreman-proxy-oauth-consumer-secret "oauth secret" \
    --foreman-proxy-puppetca "false" \
    --foreman-proxy-register-in-foreman "true" \
    --foreman-proxy-trusted-hosts "satellite.example.com" \
    --foreman-proxy-trusted-hosts "capsule.example.com" \
    --puppet-ca-server "capsule-ca.example.com" \
    --puppet-dns-alt-names "loadbalancer.example.com" \
    --puppet-server-ca "false"

4.3. Configuring Capsule Server with custom SSL certificates for load balancing without Puppet

The following section describes how to configure Capsule Servers that use custom SSL certificates for load balancing without Puppet.

4.3.1. Creating a custom SSL certificate for Capsule Server

This procedure outlines how to create a configuration file for the Certificate Signing Request and include the load balancer and Capsule Server as Subject Alternative Names (SAN). Complete this procedure on each Capsule Server that you want to configure for load balancing.

Procedure

  1. To store all the source certificate files, create a directory that is accessible only to the root user:

    # mkdir /root/capsule_cert
  2. Create a private key with which to sign the certificate signing request (CSR).

    Note that the private key must be unencrypted. If you use a password-protected private key, remove the private key password.

    If you already have a private key for this Capsule Server, skip this step.

    # openssl genrsa -out /root/capsule_cert/capsule_cert_key.pem 4096
  3. Create the /root/capsule_cert/openssl.cnf configuration file for the CSR and include the following content:

    [ req ]
    req_extensions = v3_req
    distinguished_name = req_distinguished_name
    x509_extensions = usr_cert
    prompt = no
    
    [ req_distinguished_name ]
    commonName = capsule.example.com 1
    
    [ v3_req ]
    basicConstraints = CA:FALSE
    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
    subjectAltName = @alt_names
    
    [alt_names] 2
    DNS.1 = loadbalancer.example.com
    DNS.2 = capsule.example.com
    1
    The certificate’s common name must match the FQDN of Capsule Server. Ensure to change this when running the command on each Capsule Server that you configure for load balancing. You can also set a wildcard value *. If you set a wildcard value, you must add the -t capsule option when you use the katello-certs-check command.
    2
    Under [alt_names], include the FQDN of the load balancer as DNS.1 and the FQDN of Capsule Server as DNS.2.
  4. Optional: If you want to add Distinguished Name (DN) details to the CSR, add the following information to the [ req_distinguished_name ] section:

    [req_distinguished_name]
    CN = capsule.example.com
    countryName =My_Country_Name 1
    stateOrProvinceName = My_State_Or_Province_Name 2
    localityName = My_Locality_Name 3
    organizationName = My_Organization_Or_Company_Name
    organizationalUnitName = My_Organizational_Unit_Name 4
    1
    Two letter code
    2
    Full name
    3
    Full name (example: New York)
    4
    Division responsible for the certificate (example: IT department)
  5. Generate CSR:

    # openssl req -new \
    -key /root/capsule_cert/capsule_cert_key.pem \ 1
    -config /root/capsule_cert/openssl.cnf \ 2
    -out /root/capsule_cert/capsule_cert_csr.pem 3
    1
    Path to the private key
    2
    Path to the configuration file
    3
    Path to the CSR to generate
  6. Send the certificate signing request to the certificate authority (CA). The same CA must sign certificates for Satellite Server and Capsule Server.

    When you submit the request, specify the lifespan of the certificate. The method for sending the certificate request varies, so consult the CA for the preferred method. In response to the request, you can expect to receive a CA bundle and a signed certificate, in separate files.

  7. Copy the Certificate Authority bundle and Capsule Server certificate file that you receive from the Certificate Authority, and Capsule Server private key to your Satellite Server.
  8. On Satellite Server, validate Capsule Server certificate input files:

    # katello-certs-check \
    -c /root/capsule_cert/capsule_cert.pem \ 1
    -k /root/capsule_cert/capsule_cert_key.pem \ 2
    -b /root/capsule_cert/ca_cert_bundle.pem 3
    1
    Capsule Server certificate file, provided by your Certificate Authority
    2
    Capsule Server’s private key that you used to sign the certificate
    3
    Certificate Authority bundle, provided by your Certificate Authority

    If you set the commonName= to a wildcard value *, you must add the -t capsule option to the katello-certs-check command.

    Retain a copy of the example capsule-certs-generate command that is output by the katello-certs-check command for creating the Certificate Archive File for this Capsule Server.

4.3.2. Configuring Capsule Server with custom SSL certificates for load balancing without Puppet

The following section describes how to configure Capsule Servers that use custom SSL certificates for load balancing without Puppet. Complete this procedure on each Capsule Server that you want to configure for load balancing.

Procedure

  1. Append the following option to the capsule-certs-generate command that you obtain from the output of the katello-certs-check command:

    --foreman-proxy-cname loadbalancer.example.com
  2. On Satellite Server, enter the capsule-certs-generate command to generate Capsule certificates:

    # capsule-certs-generate \
    --certs-tar /root/capsule_cert/capsule.tar \
    --foreman-proxy-cname loadbalancer.example.com \
    --foreman-proxy-fqdn capsule.example.com \
    --server-ca-cert /root/capsule_cert/ca_cert_bundle.pem \
    --server-cert /root/capsule_cert/capsule.pem \
    --server-key /root/capsule_cert/capsule.pem

    Retain a copy of the example satellite-installer command from the output for installing Capsule Server certificates.

  3. Copy the certificate archive file from Satellite Server to Capsule Server:

    # scp /root/capsule.example.com-certs.tar root@capsule.example.com:capsule.example.com-certs.tar
  4. Append the following options to the satellite-installer command that you obtain from the output of the capsule-certs-generate command:

    --certs-cname "loadbalancer.example.com" \
    --enable-foreman-proxy-plugin-remote-execution-script
  5. On Capsule Server, enter the satellite-installer command:

    # satellite-installer --scenario capsule \
    --certs-cname "loadbalancer.example.com" \
    --certs-tar-file "capsule.example.com-certs.tar" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-foreman-base-url "https://satellite.example.com" \
    --foreman-proxy-oauth-consumer-key "oauth key" \
    --foreman-proxy-oauth-consumer-secret "oauth secret" \
    --foreman-proxy-register-in-foreman "true" \
    --foreman-proxy-trusted-hosts "satellite.example.com" \
    --foreman-proxy-trusted-hosts "capsule.example.com"

4.4. Configuring Capsule Server with custom SSL certificates for load balancing with Puppet

If you use Puppet in your Satellite configuration, then you must complete the following procedures:

4.4.1. Creating a custom SSL certificate for Capsule Server

This procedure outlines how to create a configuration file for the Certificate Signing Request and include the load balancer and Capsule Server as Subject Alternative Names (SAN). Complete this procedure on each Capsule Server that you want to configure for load balancing.

Procedure

  1. To store all the source certificate files, create a directory that is accessible only to the root user:

    # mkdir /root/capsule_cert
  2. Create a private key with which to sign the certificate signing request (CSR).

    Note that the private key must be unencrypted. If you use a password-protected private key, remove the private key password.

    If you already have a private key for this Capsule Server, skip this step.

    # openssl genrsa -out /root/capsule_cert/capsule_cert_key.pem 4096
  3. Create the /root/capsule_cert/openssl.cnf configuration file for the CSR and include the following content:

    [ req ]
    req_extensions = v3_req
    distinguished_name = req_distinguished_name
    x509_extensions = usr_cert
    prompt = no
    
    [ req_distinguished_name ]
    commonName = capsule.example.com 1
    
    [ v3_req ]
    basicConstraints = CA:FALSE
    keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
    extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
    subjectAltName = @alt_names
    
    [alt_names] 2
    DNS.1 = loadbalancer.example.com
    DNS.2 = capsule.example.com
    1
    The certificate’s common name must match the FQDN of Capsule Server. Ensure to change this when running the command on each Capsule Server that you configure for load balancing. You can also set a wildcard value *. If you set a wildcard value, you must add the -t capsule option when you use the katello-certs-check command.
    2
    Under [alt_names], include the FQDN of the load balancer as DNS.1 and the FQDN of Capsule Server as DNS.2.
  4. Optional: If you want to add Distinguished Name (DN) details to the CSR, add the following information to the [ req_distinguished_name ] section:

    [req_distinguished_name]
    CN = capsule.example.com
    countryName =My_Country_Name 1
    stateOrProvinceName = My_State_Or_Province_Name 2
    localityName = My_Locality_Name 3
    organizationName = My_Organization_Or_Company_Name
    organizationalUnitName = My_Organizational_Unit_Name 4
    1
    Two letter code
    2
    Full name
    3
    Full name (example: New York)
    4
    Division responsible for the certificate (example: IT department)
  5. Generate CSR:

    # openssl req -new \
    -key /root/capsule_cert/capsule_cert_key.pem \ 1
    -config /root/capsule_cert/openssl.cnf \ 2
    -out /root/capsule_cert/capsule_cert_csr.pem 3
    1
    Path to the private key
    2
    Path to the configuration file
    3
    Path to the CSR to generate
  6. Send the certificate signing request to the certificate authority (CA). The same CA must sign certificates for Satellite Server and Capsule Server.

    When you submit the request, specify the lifespan of the certificate. The method for sending the certificate request varies, so consult the CA for the preferred method. In response to the request, you can expect to receive a CA bundle and a signed certificate, in separate files.

  7. Copy the Certificate Authority bundle and Capsule Server certificate file that you receive from the Certificate Authority, and Capsule Server private key to your Satellite Server.
  8. On Satellite Server, validate Capsule Server certificate input files:

    # katello-certs-check \
    -c /root/capsule_cert/capsule_cert.pem \ 1
    -k /root/capsule_cert/capsule_cert_key.pem \ 2
    -b /root/capsule_cert/ca_cert_bundle.pem 3
    1
    Capsule Server certificate file, provided by your Certificate Authority
    2
    Capsule Server’s private key that you used to sign the certificate
    3
    Certificate Authority bundle, provided by your Certificate Authority

    If you set the commonName= to a wildcard value *, you must add the -t capsule option to the katello-certs-check command.

    Retain a copy of the example capsule-certs-generate command that is output by the katello-certs-check command for creating the Certificate Archive File for this Capsule Server.

4.4.2. Configuring Capsule Server with custom SSL certificates to generate and sign Puppet certificates

Complete this procedure only for the system where you want to configure Capsule Server to generate Puppet certificates for all other Capsule Servers that you configure for load balancing.

Procedure

  1. Append the following option to the capsule-certs-generate command that you obtain from the output of the katello-certs-check command:

    --foreman-proxy-cname loadbalancer.example.com
  2. On Satellite Server, enter the capsule-certs-generate command to generate Capsule certificates:

    # capsule-certs-generate \
    --certs-tar /root/capsule_cert/capsule-ca.tar \
    --foreman-proxy-cname loadbalancer.example.com \
    --foreman-proxy-fqdn capsule-ca.example.com \
    --server-ca-cert /root/capsule_cert/ca_cert_bundle.pem \
    --server-cert /root/capsule_cert/capsule-ca.pem \
    --server-key /root/capsule_cert/capsule-ca.pem

    Retain a copy of the example satellite-installer command from the output for installing Capsule Server certificates.

  3. Copy the certificate archive file from Satellite Server to Capsule Server.
  4. Append the following options to the satellite-installer command that you obtain from the output of the capsule-certs-generate command:

    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-puppetca "true" \
    --puppet-ca-server "capsule-ca.example.com" \
    --puppet-dns-alt-names "loadbalancer.example.com" \
    --puppet-server-ca "true"
  5. On Capsule Server, enter the satellite-installer command:

    # satellite-installer --scenario capsule \
    --certs-cname "loadbalancer.example.com" \
    --certs-tar-file "certs.tgz" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --enable-puppet \
    --foreman-proxy-foreman-base-url "https://satellite.example.com" \
    --foreman-proxy-oauth-consumer-key "oauth key" \
    --foreman-proxy-oauth-consumer-secret "oauth secret" \
    --foreman-proxy-puppetca "true" \
    --foreman-proxy-register-in-foreman "true" \
    --foreman-proxy-trusted-hosts "satellite.example.com" \
    --foreman-proxy-trusted-hosts "capsule-ca.example.com" \
    --puppet-ca-server "capsule-ca.example.com" \
    --puppet-dns-alt-names "loadbalancer.example.com" \
    --puppet-server true \
    --puppet-server-ca "true"
  6. On Capsule Server, generate Puppet certificates for all other Capsules that you configure for load balancing, except this first system where you configure Puppet certificates signing:

    # puppet cert generate capsule.example.com \
    --dns_alt_names=loadbalancer.example.com

    This command creates the following files on the Puppet certificate signing Capsule Server instance:

    • /etc/puppetlabs/puppet/ssl/certs/ca.pem
    • /etc/puppetlabs/puppet/ssl/certs/capsule.example.com.pem
    • /etc/puppetlabs/puppet/ssl/private_keys/capsule.example.com.pem
    • /etc/puppetlabs/puppet/ssl/public_keys/capsule.example.com.pem

4.4.3. Configuring remaining Capsule Servers with custom SSL certificates for load balancing

Complete this procedure for each Capsule Server excluding the system where you configure Capsule Server to sign Puppet certificates.

Procedure

  1. Append the following option to the capsule-certs-generate command that you obtain from the output of the katello-certs-check command:

    --foreman-proxy-cname loadbalancer.example.com
  2. On Satellite Server, enter the capsule-certs-generate command to generate Capsule certificates:

    # capsule-certs-generate \
    --certs-tar /root/capsule_cert/capsule.tar \
    --foreman-proxy-cname loadbalancer.example.com \
    --foreman-proxy-fqdn capsule.example.com \
    --server-ca-cert /root/capsule_cert/ca_cert_bundle.pem \
    --server-cert /root/capsule_cert/capsule.pem \
    --server-key /root/capsule_cert/capsule.pem

    Retain a copy of the example satellite-installer command from the output for installing Capsule Server certificates.

  3. Copy the certificate archive file from Satellite Server to Capsule Server.

    # scp /root/capsule.example.com-certs.tar root@capsule.example.com:capsule.example.com-certs.tar
  4. On Capsule Server, install the puppetserver package:

    # satellite-maintain packages install puppetserver
  5. On Capsule Server, create directories for puppet certificates:

    # mkdir -p /etc/puppetlabs/puppet/ssl/certs/ \
    /etc/puppetlabs/puppet/ssl/private_keys/ \
    /etc/puppetlabs/puppet/ssl/public_keys/
  6. On Capsule Server, copy the Puppet certificates for this Capsule Server from the system where you configure Capsule Server to sign Puppet certificates:

    # scp root@capsule-ca.example.com:/etc/puppetlabs/puppet/ssl/certs/capsule.example.com.pem /etc/puppetlabs/puppet/ssl/certs/capsule.example.com.pem
    # scp root@capsule-ca.example.com:/etc/puppetlabs/puppet/ssl/certs/ca.pem /etc/puppetlabs/puppet/ssl/certs/ca.pem
    # scp root@capsule-ca.example.com:/etc/puppetlabs/puppet/ssl/private_keys/capsule.example.com.pem /etc/puppetlabs/puppet/ssl/private_keys/capsule.example.com.pem
    # scp root@capsule-ca.example.com:/etc/puppetlabs/puppet/ssl/public_keys/capsule.example.com.pem /etc/puppetlabs/puppet/ssl/public_keys/capsule.example.com.pem
  7. On Capsule Server, change the /etc/puppetlabs/puppet/ssl/ directory ownership to user puppet and group puppet:

    # chown -R puppet:puppet /etc/puppetlabs/puppet/ssl/
  8. On Capsule Server, set the SELinux context for the /etc/puppetlabs/puppet/ssl/ directory:

    # restorecon -Rv /etc/puppetlabs/puppet/ssl/
  9. Append the following options to the satellite-installer command that you obtain from the output of the capsule-certs-generate command:

    --certs-cname "loadbalancer.example.com" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-puppetca "false" \
    --puppet-ca-server "capsule-ca.example.com" \
    --puppet-dns-alt-names "loadbalancer.example.com" \
    --puppet-server-ca "false"
  10. On Capsule Server, enter the satellite-installer command:

    # satellite-installer --scenario capsule \
    --certs-cname "loadbalancer.example.com" \
    --certs-tar-file "capsule.example.com-certs.tar" \
    --enable-foreman-proxy-plugin-remote-execution-script \
    --foreman-proxy-foreman-base-url "https://satellite.example.com" \
    --foreman-proxy-oauth-consumer-key "oauth key" \
    --foreman-proxy-oauth-consumer-secret "oauth secret" \
    --foreman-proxy-puppetca "false" \
    --foreman-proxy-register-in-foreman "true" \
    --foreman-proxy-trusted-hosts "satellite.example.com" \
    --foreman-proxy-trusted-hosts "capsule.example.com" \
    --puppet-ca-server "capsule-ca.example.com" \
    --puppet-dns-alt-names "loadbalancer.example.com" \
    --puppet-server-ca "false"
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.