이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 3. Installing Satellite Server
When you install Satellite Server from a connected network, you can obtain packages and receive updates directly from the Red Hat Content Delivery Network.
You cannot register Satellite Server to itself.
Use the following procedures to install Satellite Server, perform the initial configuration, and import subscription manifests. For more information on subscription manifests, see Managing Red Hat Subscriptions in Managing content.
Note that the Satellite installation script is based on Puppet, which means that if you run the installation script more than once, it might overwrite any manual configuration changes. To avoid this and determine which future changes apply, use the --noop
argument when you run the installation script. This argument ensures that no actual changes are made. Potential changes are written to /var/log/foreman-installer/satellite.log
.
Files are always backed up and so you can revert any unwanted changes. For example, in the foreman-installer logs, you can see an entry similar to the following about Filebucket:
/Stage[main]/Dhcp/File[/etc/dhcp/dhcpd.conf]: Filebucketed /etc/dhcp/dhcpd.conf to puppet with sum 622d9820b8e764ab124367c68f5fa3a1
You can restore the previous file as follows:
# puppet filebucket -l \ restore /etc/dhcp/dhcpd.conf 622d9820b8e764ab124367c68f5fa3a1
3.1. Configuring the HTTP proxy to connect to Red Hat CDN
Prerequisites
Your network gateway and the HTTP proxy must allow access to the following hosts:
Host name | Port | Protocol |
---|---|---|
subscription.rhsm.redhat.com | 443 | HTTPS |
cdn.redhat.com | 443 | HTTPS |
*.akamaiedge.net | 443 | HTTPS |
cert.console.redhat.com (if using Red Hat Insights) | 443 | HTTPS |
api.access.redhat.com (if using Red Hat Insights) | 443 | HTTPS |
cert-api.access.redhat.com (if using Red Hat Insights) | 443 | HTTPS |
Satellite Server uses SSL to communicate with the Red Hat CDN securely. An SSL interception proxy interferes with this communication. These hosts must be allowlisted on your HTTP proxy.
For a list of IP addresses used by the Red Hat CDN (cdn.redhat.com), see the Knowledgebase article Public CIDR Lists for Red Hat on the Red Hat Customer Portal.
To configure the Subscription Manager with the HTTP proxy, follow the procedure below.
Procedure
On Satellite Server, complete the following details in the
/etc/rhsm/rhsm.conf
file:# an http proxy server to use (enter server FQDN) proxy_hostname = myproxy.example.com # port for http proxy server proxy_port = 8080 # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password =
3.2. Registering to Red Hat Subscription Management
Registering the host to Red Hat Subscription Management enables the host to subscribe to and consume content for any subscriptions available to the user. This includes content such as Red Hat Enterprise Linux and Red Hat Satellite.
Procedure
Register your system with the Red Hat Content Delivery Network, entering your Customer Portal user name and password when prompted:
# subscription-manager register
The command displays output similar to the following:
# subscription-manager register Username: user_name Password: The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
3.3. Attaching the Satellite Infrastructure subscription
Skip this step if you have SCA enabled on Red Hat Customer Portal. There is no requirement of attaching the Red Hat Satellite Infrastructure Subscription to the Satellite Server using subscription-manager. For more information about SCA, see Simple Content Access.
After you have registered Satellite Server, you must identify your subscription Pool ID and attach an available subscription. The Red Hat Satellite Infrastructure subscription provides access to the Red Hat Satellite and Red Hat Enterprise Linux content.
Red Hat Satellite Infrastructure is included with all subscriptions that include Satellite, formerly known as Smart Management. For more information, see Satellite Infrastructure Subscriptions MCT3718 MCT3719 in the Red Hat Knowledgebase.
Subscriptions are classified as available if they are not already attached to a system. If you are unable to find an available Satellite subscription, see the Red Hat Knowledgebase solution How do I figure out which subscriptions have been consumed by clients registered under Red Hat Subscription Manager? to run a script to see if another system is consuming your subscription.
Procedure
Identify the Pool ID of the Satellite Infrastructure subscription:
# subscription-manager list --all --available --matches 'Red Hat Satellite Infrastructure Subscription'
The command displays output similar to the following:
Subscription Name: Red Hat Satellite Infrastructure Subscription Provides: Red Hat Satellite Red Hat Software Collections (for RHEL Server) Red Hat CodeReady Linux Builder for x86_64 Red Hat Satellite Capsule Red Hat Ansible Engine Red Hat Satellite with Embedded Oracle Red Hat Satellite 5 Managed DB Red Hat Enterprise Linux Load Balancer (for RHEL Server) Red Hat Beta Red Hat Software Collections Beta (for RHEL Server) Red Hat Enterprise Linux Server Red Hat Enterprise Linux for x86_64 Red Hat Satellite Proxy Red Hat Enterprise Linux High Availability for x86_64 Red Hat Discovery SKU: MCT3718 Contract: Pool ID: 8aca43dd771bf31101771c0231f906a5 Provides Management: Yes Available: 10 Suggested: 1 Service Type: L1-L3 Roles: Service Level: Premium Usage: Add-ons: Subscription Type: Standard Starts: 11/11/2020 Ends: 11/11/2023 Entitlement Type: Physical
- Make a note of the subscription Pool ID. Your subscription Pool ID is different from the example provided.
Attach the Satellite Infrastructure subscription to the base operating system that your Satellite Server is running on. If SCA is enabled on Satellite Server, you can skip this step:
# subscription-manager attach --pool=pool_id
The command displays output similar to the following:
Successfully attached a subscription for: Red Hat Satellite Infrastructure Subscription
Optional: Verify that the Satellite Infrastructure subscription is attached:
# subscription-manager list --consumed
3.4. Configuring repositories
Use these procedures to enable the repositories required to install Satellite Server.
Disable all repositories:
# subscription-manager repos --disable "*"
Enable the following repositories:
# subscription-manager repos --enable=rhel-8-for-x86_64-baseos-rpms \ --enable=rhel-8-for-x86_64-appstream-rpms \ --enable=satellite-6.15-for-rhel-8-x86_64-rpms \ --enable=satellite-maintenance-6.15-for-rhel-8-x86_64-rpms
Enable the DNF modules:
# dnf module enable satellite:el8
NoteIf there is any warning about conflicts with Ruby or PostgreSQL while enabling
satellite:el8
module, see Appendix A, Troubleshooting DNF modules. For more information about modules and lifecycle streams on Red Hat Enterprise Linux 8, see Red Hat Enterprise Linux Application Streams Lifecycle.
3.5. Optional: Using fapolicyd on Satellite Server
By enabling fapolicyd
on your Satellite Server, you can provide an additional layer of security by monitoring and controlling access to files and directories. The fapolicyd daemon uses the RPM database as a repository of trusted binaries and scripts.
You can turn on or off the fapolicyd on your Satellite Server or Capsule Server at any point.
3.5.1. Installing fapolicyd on Satellite Server
You can install fapolicyd
along with Satellite Server or can be installed on an existing Satellite Server. If you are installing fapolicyd
along with the new Satellite Server, the installation process will detect the fapolicyd in your Red Hat Enterprise Linux host and deploy the Satellite Server rules automatically.
Prerequisites
- Ensure your host has access to the BaseOS repositories of Red Hat Enterprise Linux.
Procedure
For a new installation, install fapolicyd:
# dnf install fapolicyd
For an existing installation, install fapolicyd using satellite-maintain packages install:
# satellite-maintain packages install fapolicyd
Start the
fapolicyd
service:# systemctl enable --now fapolicyd
Verification
Verify that the
fapolicyd
service is running correctly:# systemctl status fapolicyd
New Satellite Server or Capsule Server installations
In case of new Satellite Server or Capsule Server installation, follow the standard installation procedures after installing and enabling fapolicyd on your Red Hat Enterprise Linux host.
Additional resources
For more information on fapolicyd, see Blocking and allowing applications using fapolicyd in Red Hat Enterprise Linux 8 Security hardening.
3.6. Installing Satellite Server packages
Procedure
Update all packages:
# dnf upgrade
Install Satellite Server packages:
# dnf install satellite
3.7. Synchronizing the system clock with chronyd
To minimize the effects of time drift, you must synchronize the system clock on the base operating system on which you want to install Satellite Server with Network Time Protocol (NTP) servers. If the base operating system clock is configured incorrectly, certificate verification might fail.
For more information about the chrony
suite, see Using the Chrony suite to configure NTP in Red Hat Enterprise Linux 8 Configuring basic system settings.
Procedure
Install the
chrony
package:# dnf install chrony
Start and enable the
chronyd
service:# systemctl enable --now chronyd
3.8. Installing the sos package on the base operating system
Install the sos
package on the base operating system so that you can collect configuration and diagnostic information from a Red Hat Enterprise Linux system. You can also use it to provide the initial system analysis, which is required when opening a service request with Red Hat Technical Support. For more information on using sos
, see the Knowledgebase solution What is a sosreport and how to create one in Red Hat Enterprise Linux 4.6 and later? on the Red Hat Customer Portal.
Procedure
Install the
sos
package:# satellite-maintain packages install sos
3.9. Configuring Satellite Server
Install Satellite Server using the satellite-installer
installation script.
This method is performed by running the installation script with one or more command options. The command options override the corresponding default initial configuration options and are recorded in the Satellite answer file. You can run the script as often as needed to configure any necessary options.
3.9.1. Configuring Satellite installation
This initial configuration procedure creates an organization, location, user name, and password. After the initial configuration, you can create additional organizations and locations if required. The initial configuration also installs PostgreSQL databases on the same server.
The installation process can take tens of minutes to complete. If you are connecting remotely to the system, use a utility such as tmux
that allows suspending and reattaching a communication session so that you can check the installation progress in case you become disconnected from the remote system. If you lose connection to the shell where the installation command is running, see the log at /var/log/foreman-installer/satellite.log
to determine if the process completed successfully.
Considerations
-
Use the
satellite-installer --scenario satellite --help
command to display the most commonly used options and any default values. -
Use the
satellite-installer --scenario satellite --full-help
command to display advanced options. -
Specify a meaningful value for the option:
--foreman-initial-organization
. This can be your company name. An internal label that matches the value is also created and cannot be changed afterwards. If you do not specify a value, an organization called Default Organization with the label Default_Organization is created. You can rename the organization name but not the label. -
By default, all configuration files configured by the installer are managed. When
satellite-installer
runs, it overwrites any manual changes to the managed files with the intended values. This means that running the installer on a broken system should restore it to working order, regardless of changes made. For more information on how to apply custom configuration on other services, see Applying Custom Configuration to Satellite.
Procedure
Enter the following command with any additional options that you want to use:
# satellite-installer --scenario satellite \ --foreman-initial-organization "My_Organization" \ --foreman-initial-location "My_Location" \ --foreman-initial-admin-username admin_user_name \ --foreman-initial-admin-password admin_password
The script displays its progress and writes logs to
/var/log/foreman-installer/satellite.log
.
3.10. Importing a Red Hat subscription manifest into Satellite Server
Use the following procedure to import a Red Hat subscription manifest into Satellite Server.
Simple Content Access (SCA) is set on the organization, not the manifest. Importing a manifest does not change your organization’s Simple Content Access status.
Prerequisites
- Ensure you have a Red Hat subscription manifest exported from the Red Hat Hybrid Cloud Console. For more information, see Creating and managing manifests for a connected Satellite Server in Subscription Central.
Procedure
- In the Satellite web UI, ensure the context is set to the organization you want to use.
- In the Satellite web UI, navigate to Content > Subscriptions and click Manage Manifest.
- In the Manage Manifest window, click Choose File.
- Navigate to the location that contains the Red Hat subscription manifest file, then click Open.
CLI procedure
Copy the Red Hat subscription manifest file from your local machine to Satellite Server:
$ scp ~/manifest_file.zip root@satellite.example.com:~/.
Log in to Satellite Server as the
root
user and import the Red Hat subscription manifest file:# hammer subscription upload \ --file ~/manifest_file.zip \ --organization "My_Organization"
You can now enable repositories and import Red Hat content. For more information, see Importing Content in Managing content.