이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 3. Installing Satellite Server


When you install Satellite Server from a connected network, you can obtain packages and receive updates directly from the Red Hat Content Delivery Network.

Note

You cannot register Satellite Server to itself.

Use the following procedures to install Satellite Server, perform the initial configuration, and import subscription manifests. For more information on subscription manifests, see Managing Red Hat Subscriptions in Managing content.

Note that the Satellite installation script is based on Puppet, which means that if you run the installation script more than once, it might overwrite any manual configuration changes. ⁠ To avoid this and determine which future changes apply, use the --noop argument when you run the installation script. This argument ensures that no actual changes are made. Potential changes are written to /var/log/foreman-installer/satellite.log.

Files are always backed up and so you can revert any unwanted changes. For example, in the foreman-installer logs, you can see an entry similar to the following about Filebucket:

/Stage[main]/Dhcp/File[/etc/dhcp/dhcpd.conf]: Filebucketed /etc/dhcp/dhcpd.conf to puppet with sum 622d9820b8e764ab124367c68f5fa3a1
Copy to Clipboard

You can restore the previous file as follows:

# puppet filebucket -l \
restore /etc/dhcp/dhcpd.conf 622d9820b8e764ab124367c68f5fa3a1
Copy to Clipboard

3.1. Configuring the HTTP proxy to connect to Red Hat CDN

Prerequisites

Your network gateway and the HTTP proxy must allow access to the following hosts:

Host namePortProtocol

subscription.rhsm.redhat.com

443

HTTPS

cdn.redhat.com

443

HTTPS

cert.console.redhat.com (if using Red Hat Insights)

443

HTTPS

api.access.redhat.com (if using Red Hat Insights)

443

HTTPS

cert-api.access.redhat.com (if using Red Hat Insights)

443

HTTPS

console.redhat.com (if using Red Hat Insights)

443

HTTPS

connect.cloud.redhat.com (if using Red Hat Insights)

443

HTTPS

Satellite Server uses SSL to communicate with the Red Hat CDN securely. An SSL interception proxy interferes with this communication. These hosts must be allowlisted on your HTTP proxy.

For a list of IP addresses used by the Red Hat CDN (cdn.redhat.com), see the Knowledgebase article Public CIDR Lists for Red Hat on the Red Hat Customer Portal.

To configure the Subscription Manager with the HTTP proxy, follow the procedure below.

Procedure

  1. On Satellite Server, complete the following details in the /etc/rhsm/rhsm.conf file:

    # an http proxy server to use (enter server FQDN)
    proxy_hostname = http-proxy.example.com
    
    # port for http proxy server
    proxy_port = 8080
    
    # user name for authenticating to an http proxy, if needed
    proxy_user =
    
    # password for basic http proxy auth, if needed
    proxy_password =
    Copy to Clipboard

3.2. Registering to Red Hat Subscription Management

Registering the host to Red Hat Subscription Management enables the host to subscribe to and consume content for any subscriptions available to the user. This includes content such as Red Hat Enterprise Linux and Red Hat Satellite.

Procedure

  • Register your system with the Red Hat Content Delivery Network, entering your Customer Portal user name and password when prompted:

    # subscription-manager register
    Copy to Clipboard

    The command displays output similar to the following:

    # subscription-manager register
    Username: user_name
    Password:
    The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
    Copy to Clipboard

3.3. Configuring repositories

Procedure

Select the operating system and version you are installing on:

3.3.1. Red Hat Enterprise Linux 9

  1. Disable all repositories:

    # subscription-manager repos --disable "*"
    Copy to Clipboard
  2. Enable the following repositories:

    # subscription-manager repos \
    --enable=rhel-9-for-x86_64-baseos-rpms \
    --enable=rhel-9-for-x86_64-appstream-rpms \
    --enable=satellite-6.16-for-rhel-9-x86_64-rpms \
    --enable=satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
    Copy to Clipboard

Verification

  • Verify that the required repositories are enabled:

    # dnf repolist enabled
    Copy to Clipboard

3.3.2. Red Hat Enterprise Linux 8

  1. Disable all repositories:

    # subscription-manager repos --disable "*"
    Copy to Clipboard
  2. Enable the following repositories:

    # subscription-manager repos \
    --enable=rhel-8-for-x86_64-baseos-rpms \
    --enable=rhel-8-for-x86_64-appstream-rpms \
    --enable=satellite-6.16-for-rhel-8-x86_64-rpms \
    --enable=satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
    Copy to Clipboard
  3. Enable the DNF modules:

    # dnf module enable satellite:el8
    Copy to Clipboard
    Note

    If there is any warning about conflicts with Ruby or PostgreSQL while enabling satellite:el8 module, see Appendix A, Troubleshooting DNF modules. For more information about modules and lifecycle streams on Red Hat Enterprise Linux 8, see Red Hat Enterprise Linux Application Streams Lifecycle.

Verification

  • Verify that the required repositories are enabled:

    # dnf repolist enabled
    Copy to Clipboard

3.4. Optional: Using fapolicyd on Satellite Server

By enabling fapolicyd on your Satellite Server, you can provide an additional layer of security by monitoring and controlling access to files and directories. The fapolicyd daemon uses the RPM database as a repository of trusted binaries and scripts.

You can turn on or off the fapolicyd on your Satellite Server or Capsule Server at any point.

3.4.1. Installing fapolicyd on Satellite Server

You can install fapolicyd along with Satellite Server or can be installed on an existing Satellite Server. If you are installing fapolicyd along with the new Satellite Server, the installation process will detect the fapolicyd in your Red Hat Enterprise Linux host and deploy the Satellite Server rules automatically.

Prerequisites

  • Ensure your host has access to the BaseOS repositories of Red Hat Enterprise Linux.

Procedure

  1. For a new installation, install fapolicyd:

    # dnf install fapolicyd
    Copy to Clipboard
  2. For an existing installation, install fapolicyd using satellite-maintain packages install:

    # satellite-maintain packages install fapolicyd
    Copy to Clipboard
  3. Start the fapolicyd service:

    # systemctl enable --now fapolicyd
    Copy to Clipboard

Verification

  • Verify that the fapolicyd service is running correctly:

    # systemctl status fapolicyd
    Copy to Clipboard

New Satellite Server or Capsule Server installations

In case of new Satellite Server or Capsule Server installation, follow the standard installation procedures after installing and enabling fapolicyd on your Red Hat Enterprise Linux host.

Additional resources

For more information on fapolicyd, see Blocking and allowing applications using fapolicyd in Red Hat Enterprise Linux 9 Security hardening or Blocking and allowing applications using fapolicyd in Red Hat Enterprise Linux 8 Security hardening.

3.5. Installing Satellite Server packages

Procedure

  1. Update all packages:

    # dnf upgrade
    Copy to Clipboard
  2. Install Satellite Server packages:

    # dnf install satellite
    Copy to Clipboard

3.6. Configuring Satellite Server

Install Satellite Server by using the satellite-installer installation script.

This method is performed by running the installation script with one or more command options. The command options override the corresponding default initial configuration options and are recorded in the Satellite answer file. You can run the script as often as needed to configure any necessary options.

3.6.1. Configuring Satellite installation

This initial configuration procedure creates an organization, location, user name, and password. After the initial configuration, you can create additional organizations and locations if required. The initial configuration also installs PostgreSQL databases on the same server.

The installation process can take tens of minutes to complete. If you are connecting remotely to the system, use a utility such as tmux that allows suspending and reattaching a communication session so that you can check the installation progress in case you become disconnected from the remote system. If you lose connection to the shell where the installation command is running, see the log at /var/log/foreman-installer/satellite.log to determine if the process completed successfully.

Considerations

  • Use the satellite-installer --scenario satellite --help command to display the most commonly used options and any default values.
  • Use the satellite-installer --scenario satellite --full-help command to display advanced options.
  • Specify a meaningful value for the option: --foreman-initial-organization. This can be your company name. An internal label that matches the value is also created and cannot be changed afterwards. If you do not specify a value, an organization called Default Organization with the label Default_Organization is created. You can rename the organization name but not the label.
  • By default, all configuration files configured by the installer are managed. When satellite-installer runs, it overwrites any manual changes to the managed files with the intended values. This means that running the installer on a broken system should restore it to working order, regardless of changes made. For more information on how to apply custom configuration on other services, see Applying Custom Configuration to Satellite.

Procedure

  1. Enter the following command with any additional options that you want to use:

    # satellite-installer --scenario satellite \
    --foreman-initial-organization "My_Organization" \
    --foreman-initial-location "My_Location" \
    --foreman-initial-admin-username admin_user_name \
    --foreman-initial-admin-password admin_password
    Copy to Clipboard

    The script displays its progress and writes logs to /var/log/foreman-installer/satellite.log.

3.7. Importing a Red Hat subscription manifest into Satellite Server

Use the following procedure to import a Red Hat subscription manifest into Satellite Server.

Note

Simple Content Access (SCA) is set on the organization, not the manifest. Importing a manifest does not change your organization’s Simple Content Access status.

Simple Content Access simplifies the subscription experience for administrators. For more information, see the Subscription Management Administration Guide for Red Hat Enterprise Linux on the Red Hat Customer Portal.

Prerequisites

Procedure

  1. In the Satellite web UI, ensure the context is set to the organization you want to use.
  2. In the Satellite web UI, navigate to Content > Subscriptions and click Manage Manifest.
  3. In the Manage Manifest window, click Choose File.
  4. Navigate to the location that contains the Red Hat subscription manifest file, then click Open.

CLI procedure

  1. Copy the Red Hat subscription manifest file from your local machine to Satellite Server:

    $ scp ~/manifest_file.zip root@satellite.example.com:~/.
    Copy to Clipboard
  2. Log in to Satellite Server as the root user and import the Red Hat subscription manifest file:

    # hammer subscription upload \
    --file ~/manifest_file.zip \
    --organization "My_Organization"
    Copy to Clipboard

You can now enable repositories and import Red Hat content. For more information, see Importing Content in Managing content.

맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat