红帽全球峰会此内容没有您所选择的语言版本。
2.3. Configuring Red Hat Satellite Manually
Satellite Server has an automatic initial configuration that prepares the Satellite Server for use. The
katello-installer script supports the ability to override various default settings within the different components of Satellite Server. For example, for organizations that have an existing HTTP proxy, additional configuration options need to be passed to the Satellite Server installer. See Section 2.3.1, “Configuring Red Hat Satellite Manually with an HTTP Proxy” for HTTP proxy options and Section 2.3.2, “Configuring Red Hat Satellite with a Custom Server Certificate” for custom Certificate Authority (CA) certificates.
Procedure 2.2. Running the Installer Script
- As the root user, configure Red Hat Satellite Server manually by running the
katello-installerscript:katello-installer --foreman-admin-username desired_username --foreman-admin-password desired_passwordWhere:- desired_username is the username that will replace the default "admin" user.
- desired_password is the password that will replace the default password generated.
Additional configuration options can be passed to thekatello-installercommand to adjust various aspects of the configuration. View a complete list of options using the command:# katello-installer --helpThis script can be run multiple times without any issues.Important
The default username isadmin. The default organization name isDefault Organization. It is strongly recommended that you override these default settings once you log in to the Satellite Server interface and navigate toand . When the configuration script has completed successfully, it displays:# katello-installer Installing Done [100%] [........................................] Success! * Katello is running at https://sat6.example.com Default credentials are 'admin:changeme' * Capsule is running at https://sat6.example.com:9090 * To install additional capsule on separate machine continue by running:" capsule-certs-generate --capsule-fqdn "$CAPSULE" --certs-tar "~/$CAPSULE-certs.tar" The full log is at /var/log/katello/installer/katello-installer.log - After configuration, run the following commands to configure the firewall to limit elasticsearch to the
foreman,katelloand root users and make these rules persistent during reboots:- For Red Hat Enterprise Linux 6:
iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \ && iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner katello -j ACCEPT \ && iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \ && iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -j DROP iptables-save > /etc/sysconfig/iptables - For Red Hat Enterprise Linux 7:
firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \ && firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \ && firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner katello -j ACCEPT \ && firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner katello -j ACCEPT \ && firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \ && firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 0 -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \ && firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -o lo -p tcp -m tcp --dport 9200 -j DROP \ && firewall-cmd --permanent --direct --add-rule ipv6 filter OUTPUT 1 -o lo -p tcp -m tcp --dport 9200 -j DROP
The Red Hat Satellite Server is initially populated with an initial organization and location named "Default Organization" and "Default Location", respectively. These organizations can be used within the Satellite Server as they are. However, additional organizations and locations can be created in the Satellite Server after initial configuration. The default location and organization can be deleted after new organizations and locations have been created.
For networks that go through an HTTP Proxy, the following katello-installer options should be used in order for the Satellite Server to successfully complete the configuration:
katello-installer --katello-proxy-url=http://myproxy.example.com --katello-proxy-port=8080 --katello-proxy-username=proxy_username --katello-proxy-password=proxy_password
Where:
--katello-proxy-url- the URL of the HTTP proxy server.--katello-proxy-port- the port the HTTP proxy server is listening on.--katello-proxy-username- (optional) the HTTP proxy username for authentication. If your HTTP proxy server does not require a username, you are not required to specify the username.--katello-proxy-password- (optional) the HTTP proxy password for authentication. If your HTTP proxy server does not require a password, you are not required to specify the password.
After configuring the Satellite Server to go through the HTTP Proxy, make sure that yum or subscription-manager can connect to the Red Hat Content Delivery Network (CDN) and that the Satellite Server can synchronize its repositories to the CDN by following these steps:
Procedure 2.3. Configuring the Satellite Server to Allow Red Hat Subscription Manager Access to the CDN
- On the network gateway and the HTTP Proxy, open the following hostnames, ports and protocols:
Expand Table 2.1. Required Hostnames, Ports and Protocols Hostname Port Protocol subscription.rhn.redhat.com 443 https cdn.redhat.com 443 https *.akamaiedge.net 443 https - On the Satellite Server, fill in the following details in the
/etc/rhsm/rhsm.conffile:# an http proxy server to use (enter server FQDN) proxy_hostname = http_proxy.example.com # port for http proxy server proxy_port = 3128 # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password =
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}