이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 3. Installing Satellite Server
When you install Satellite Server from a connected network, you can obtain packages and receive updates directly from the Red Hat Content Delivery Network.
You cannot register Satellite Server to itself.
Use the following procedures to install Satellite Server, perform the initial configuration, and import subscription manifests. For more information on subscription manifests, see Managing Red Hat Subscriptions in Managing content.
Note that the Satellite installation script is based on Puppet, which means that if you run the installation script more than once, it might overwrite any manual configuration changes. To avoid this and determine which future changes apply, use the --noop
argument when you run the installation script. This argument ensures that no actual changes are made. Potential changes are written to /var/log/foreman-installer/satellite.log
.
Files are always backed up and so you can revert any unwanted changes. For example, in the foreman-installer logs, you can see an entry similar to the following about Filebucket:
/Stage[main]/Dhcp/File[/etc/dhcp/dhcpd.conf]: Filebucketed /etc/dhcp/dhcpd.conf to puppet with sum 622d9820b8e764ab124367c68f5fa3a1
/Stage[main]/Dhcp/File[/etc/dhcp/dhcpd.conf]: Filebucketed /etc/dhcp/dhcpd.conf to puppet with sum 622d9820b8e764ab124367c68f5fa3a1
You can restore the previous file as follows:
puppet filebucket -l \ restore /etc/dhcp/dhcpd.conf 622d9820b8e764ab124367c68f5fa3a1
# puppet filebucket -l \
restore /etc/dhcp/dhcpd.conf 622d9820b8e764ab124367c68f5fa3a1
3.1. Configuring the HTTP proxy to connect to Red Hat CDN
Prerequisites
Your network gateway and the HTTP proxy must allow access to the following hosts:
Host name | Port | Protocol |
---|---|---|
subscription.rhsm.redhat.com | 443 | HTTPS |
cdn.redhat.com | 443 | HTTPS |
cert.console.redhat.com (if using Red Hat Insights) | 443 | HTTPS |
api.access.redhat.com (if using Red Hat Insights) | 443 | HTTPS |
cert-api.access.redhat.com (if using Red Hat Insights) | 443 | HTTPS |
console.redhat.com (if using Red Hat Insights) | 443 | HTTPS |
connect.cloud.redhat.com (if using Red Hat Insights) | 443 | HTTPS |
Satellite Server uses SSL to communicate with the Red Hat CDN securely. An SSL interception proxy interferes with this communication. These hosts must be allowlisted on your HTTP proxy.
For a list of IP addresses used by the Red Hat CDN (cdn.redhat.com), see the Knowledgebase article Public CIDR Lists for Red Hat on the Red Hat Customer Portal.
To configure the Subscription Manager with the HTTP proxy, follow the procedure below.
Procedure
On Satellite Server, complete the following details in the
/etc/rhsm/rhsm.conf
file:an http proxy server to use (enter server FQDN) port for http proxy server user name for authenticating to an http proxy, if needed password for basic http proxy auth, if needed
# an http proxy server to use (enter server FQDN) proxy_hostname = http-proxy.example.com # port for http proxy server proxy_port = 8080 # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password =
Copy to Clipboard Copied!
3.2. Registering to Red Hat Subscription Management
Registering the host to Red Hat Subscription Management enables the host to subscribe to and consume content for any subscriptions available to the user. This includes content such as Red Hat Enterprise Linux and Red Hat Satellite.
Procedure
Register your system with the Red Hat Content Delivery Network, entering your Customer Portal user name and password when prompted:
subscription-manager register
# subscription-manager register
Copy to Clipboard Copied! The command displays output similar to the following:
subscription-manager register
# subscription-manager register Username: user_name Password: The system has been registered with ID: 541084ff2-44cab-4eb1-9fa1-7683431bcf9a
Copy to Clipboard Copied!
3.3. Configuring repositories
Procedure
Select the operating system and version you are installing on:
3.3.1. Red Hat Enterprise Linux 9
Disable all repositories:
subscription-manager repos --disable "*"
# subscription-manager repos --disable "*"
Copy to Clipboard Copied! Enable the following repositories:
subscription-manager repos \ --enable=rhel-9-for-x86_64-baseos-rpms \ --enable=rhel-9-for-x86_64-appstream-rpms \ --enable=satellite-6.16-for-rhel-9-x86_64-rpms \ --enable=satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
# subscription-manager repos \ --enable=rhel-9-for-x86_64-baseos-rpms \ --enable=rhel-9-for-x86_64-appstream-rpms \ --enable=satellite-6.16-for-rhel-9-x86_64-rpms \ --enable=satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
Copy to Clipboard Copied!
Verification
Verify that the required repositories are enabled:
dnf repolist enabled
# dnf repolist enabled
Copy to Clipboard Copied!
3.3.2. Red Hat Enterprise Linux 8
Disable all repositories:
subscription-manager repos --disable "*"
# subscription-manager repos --disable "*"
Copy to Clipboard Copied! Enable the following repositories:
subscription-manager repos \ --enable=rhel-8-for-x86_64-baseos-rpms \ --enable=rhel-8-for-x86_64-appstream-rpms \ --enable=satellite-6.16-for-rhel-8-x86_64-rpms \ --enable=satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
# subscription-manager repos \ --enable=rhel-8-for-x86_64-baseos-rpms \ --enable=rhel-8-for-x86_64-appstream-rpms \ --enable=satellite-6.16-for-rhel-8-x86_64-rpms \ --enable=satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
Copy to Clipboard Copied! Enable the DNF modules:
dnf module enable satellite:el8
# dnf module enable satellite:el8
Copy to Clipboard Copied! NoteIf there is any warning about conflicts with Ruby or PostgreSQL while enabling
satellite:el8
module, see Appendix A, Troubleshooting DNF modules. For more information about modules and lifecycle streams on Red Hat Enterprise Linux 8, see Red Hat Enterprise Linux Application Streams Lifecycle.
Verification
Verify that the required repositories are enabled:
dnf repolist enabled
# dnf repolist enabled
Copy to Clipboard Copied!
3.4. Optional: Using fapolicyd on Satellite Server
By enabling fapolicyd
on your Satellite Server, you can provide an additional layer of security by monitoring and controlling access to files and directories. The fapolicyd daemon uses the RPM database as a repository of trusted binaries and scripts.
You can turn on or off the fapolicyd on your Satellite Server or Capsule Server at any point.
3.4.1. Installing fapolicyd on Satellite Server
You can install fapolicyd
along with Satellite Server or can be installed on an existing Satellite Server. If you are installing fapolicyd
along with the new Satellite Server, the installation process will detect the fapolicyd in your Red Hat Enterprise Linux host and deploy the Satellite Server rules automatically.
Prerequisites
- Ensure your host has access to the BaseOS repositories of Red Hat Enterprise Linux.
Procedure
For a new installation, install fapolicyd:
dnf install fapolicyd
# dnf install fapolicyd
Copy to Clipboard Copied! For an existing installation, install fapolicyd using satellite-maintain packages install:
satellite-maintain packages install fapolicyd
# satellite-maintain packages install fapolicyd
Copy to Clipboard Copied! Start the
fapolicyd
service:systemctl enable --now fapolicyd
# systemctl enable --now fapolicyd
Copy to Clipboard Copied!
Verification
Verify that the
fapolicyd
service is running correctly:systemctl status fapolicyd
# systemctl status fapolicyd
Copy to Clipboard Copied!
New Satellite Server or Capsule Server installations
In case of new Satellite Server or Capsule Server installation, follow the standard installation procedures after installing and enabling fapolicyd on your Red Hat Enterprise Linux host.
Additional resources
For more information on fapolicyd, see Blocking and allowing applications using fapolicyd in Red Hat Enterprise Linux 9 Security hardening or Blocking and allowing applications using fapolicyd in Red Hat Enterprise Linux 8 Security hardening.
3.5. Installing Satellite Server packages
Procedure
Update all packages:
dnf upgrade
# dnf upgrade
Copy to Clipboard Copied! Install Satellite Server packages:
dnf install satellite
# dnf install satellite
Copy to Clipboard Copied!
3.6. Configuring Satellite Server
Install Satellite Server by using the satellite-installer
installation script.
This method is performed by running the installation script with one or more command options. The command options override the corresponding default initial configuration options and are recorded in the Satellite answer file. You can run the script as often as needed to configure any necessary options.
3.6.1. Configuring Satellite installation
This initial configuration procedure creates an organization, location, user name, and password. After the initial configuration, you can create additional organizations and locations if required. The initial configuration also installs PostgreSQL databases on the same server.
The installation process can take tens of minutes to complete. If you are connecting remotely to the system, use a utility such as tmux
that allows suspending and reattaching a communication session so that you can check the installation progress in case you become disconnected from the remote system. If you lose connection to the shell where the installation command is running, see the log at /var/log/foreman-installer/satellite.log
to determine if the process completed successfully.
Considerations
-
Use the
satellite-installer --scenario satellite --help
command to display the most commonly used options and any default values. -
Use the
satellite-installer --scenario satellite --full-help
command to display advanced options. -
Specify a meaningful value for the option:
--foreman-initial-organization
. This can be your company name. An internal label that matches the value is also created and cannot be changed afterwards. If you do not specify a value, an organization called Default Organization with the label Default_Organization is created. You can rename the organization name but not the label. -
By default, all configuration files configured by the installer are managed. When
satellite-installer
runs, it overwrites any manual changes to the managed files with the intended values. This means that running the installer on a broken system should restore it to working order, regardless of changes made. For more information on how to apply custom configuration on other services, see Applying Custom Configuration to Satellite.
Procedure
Enter the following command with any additional options that you want to use:
satellite-installer --scenario satellite \ --foreman-initial-organization "My_Organization" \ --foreman-initial-location "My_Location" \ --foreman-initial-admin-username admin_user_name \ --foreman-initial-admin-password admin_password
# satellite-installer --scenario satellite \ --foreman-initial-organization "My_Organization" \ --foreman-initial-location "My_Location" \ --foreman-initial-admin-username admin_user_name \ --foreman-initial-admin-password admin_password
Copy to Clipboard Copied! The script displays its progress and writes logs to
/var/log/foreman-installer/satellite.log
.
3.7. Importing a Red Hat subscription manifest into Satellite Server
Use the following procedure to import a Red Hat subscription manifest into Satellite Server.
Simple Content Access (SCA) is set on the organization, not the manifest. Importing a manifest does not change your organization’s Simple Content Access status.
Simple Content Access simplifies the subscription experience for administrators. For more information, see the Subscription Management Administration Guide for Red Hat Enterprise Linux on the Red Hat Customer Portal.
Prerequisites
- Ensure you have a Red Hat subscription manifest exported from the Red Hat Hybrid Cloud Console. For more information, see Creating and managing manifests for a connected Satellite Server in Subscription Central.
Procedure
- In the Satellite web UI, ensure the context is set to the organization you want to use.
- In the Satellite web UI, navigate to Content > Subscriptions and click Manage Manifest.
- In the Manage Manifest window, click Choose File.
- Navigate to the location that contains the Red Hat subscription manifest file, then click Open.
CLI procedure
Copy the Red Hat subscription manifest file from your local machine to Satellite Server:
scp ~/manifest_file.zip root@satellite.example.com:~/.
$ scp ~/manifest_file.zip root@satellite.example.com:~/.
Copy to Clipboard Copied! Log in to Satellite Server as the
root
user and import the Red Hat subscription manifest file:hammer subscription upload \ --file ~/manifest_file.zip \ --organization "My_Organization"
# hammer subscription upload \ --file ~/manifest_file.zip \ --organization "My_Organization"
Copy to Clipboard Copied!
You can now enable repositories and import Red Hat content. For more information, see Importing Content in Managing content.