Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

此内容没有您所选择的语言版本。

Chapter 2. Installing Capsule Server

Before you install Capsule Server, you should ensure that your environment meets the requirements for installation. Capsule Server has the same requirements for installation as Satellite Server, with the additional requirement that you have not configured it to use a proxy to connect to the Red Hat CDN. For more information, see Section 1.1, “System Requirements”.

2.1. Registering to Satellite Server
复制链接

Use this procedure to register the base system on which you want to install Capsule to Satellite Server.

Subscription Manifest Considerations

  • The Satellite Server must have a manifest installed with the appropriate repositories for the organization you want the future Capsule to belong to.
  • The manifest must contain repositories for the base system on which you want to install Capsule, as well as any clients that you want to connect to the Capsule.
  • The repositories must be synchronized.

For more information on manifests and repositories, see Managing Subscriptions in the Red Hat Satellite Content Management Guide.

Proxy and Network Considerations

  • The Satellite Server’s base system must be able to resolve the host name of the base system on which you want to install Capsule and vice versa.
  • You must revert any changes related to the use of proxies which prevent access to Red Hat Satellite.
  • You must have configured host and network-based firewalls. For more information, see Section 1.4, “Ports and Firewalls Requirements”.
  • You must have a Satellite Server user name and password. For more information, see Configuring External Authentication in Administering Red Hat Satellite.

Register to Satellite Server

  1. Install the Satellite Server’s CA certificate on the base system on which you want to install Capsule. 

    # rpm -Uvh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
    Copy to Clipboard Toggle word wrap

  2. Register the base system on which you want to install Capsule with the environments that you want the future Capsule to belong to. Use an activation key to simplify specifying the environments. 

    # subscription-manager register --org=organization_name --activationkey=example_activation_key
    Copy to Clipboard Toggle word wrap

After you have registered the Capsule Server, you must identify your Capsule Server subscription Pool ID. The Pool ID enables you to attach the required subscription to your Capsule Server. The Capsule Server subscription provides access to the Capsule Server content, as well as Red Hat Enterprise Linux, Red Hat Software Collections (RHSCL), and Red Hat Satellite. This is the only subscription required.

  1. Identify your Capsule Server subscription. 

    # subscription-manager list --all --available --matches='Red Hat Satellite Infrastructure Subscription'
    Copy to Clipboard Toggle word wrap

    The command displays output similar to the following: 

    +-------------------------------------------+
    Available Subscriptions
+-------------------------------------------+

Subscription Name: Red Hat Satellite Capsule Server
Provides:          Red Hat Satellite Proxy
                   Red Hat Satellite Capsule
                   Red Hat Software Collections (for RHEL Server)
                   Red Hat Satellite Capsule
                   Red Hat Enterprise Linux Server
                   Red Hat Enterprise Linux High Availability (for RHEL Server)
                   Red Hat Software Collections (for RHEL Server)
                   Red Hat Enterprise Linux Load Balancer (for RHEL Server)
SKU:               MCT0369
Pool ID:           9e4cc4e9b9fb407583035861bb6be501
Available:         3
Suggested:         1
Service Level:     Premium
Service Type:      L1-L3
Multi-Entitlement: No
Ends:              10/07/2022
System Type:       Physical
    Copy to Clipboard Toggle word wrap
  2. Make a note of the Pool ID so that you can attach it to your Satellite host. Your Pool ID is different than the example provided.

  3. Attach your subscription to your Capsule Server, using your Pool ID: 

    # subscription-manager attach --pool=pool_id
    Copy to Clipboard Toggle word wrap

    The outputs displays something similar to the following: 

    Successfully attached a subscription for: Red Hat Capsule Server
    Copy to Clipboard Toggle word wrap

  4. To verify that the subscriptions are successfully attached, enter the following command: 

    # subscription-manager list --consumed
    Copy to Clipboard Toggle word wrap

2.3. Configuring Repositories
复制链接

  1. Disable all existing repositories. 

    # subscription-manager repos --disable "*"
    Copy to Clipboard Toggle word wrap

  2. Enable the Red Hat Satellite Capsule, Red Hat Enterprise Linux, and Red Hat Software Collections repositories.

    The Red Hat Software Collections repository provides a later version of Ruby required by some Red Hat Satellite Capsule features, including the Remote Execution feature. 

    # subscription-manager repos --enable rhel-7-server-rpms \
--enable rhel-7-server-satellite-capsule-6.4-rpms \
--enable rhel-server-rhscl-7-rpms \
--enable rhel-7-server-satellite-maintenance-6-rpms \
--enable rhel-7-server-ansible-2.6-rpms
    Copy to Clipboard Toggle word wrap

  3. Clear out any metadata left from any non-Red Hat yum repositories. 

    # yum clean all
    Copy to Clipboard Toggle word wrap

  4. Verify that the repositories have been enabled. 

    # yum repolist enabled
    Copy to Clipboard Toggle word wrap

2.4. Synchronizing Time
复制链接

You must start and enable a time synchronizer on the host operating system to minimize the effects of time drift. If a system’s time is incorrect, certificate verification can fail.

Two NTP based time synchronizers are available: chronyd and ntpd. The chronyd implementation is specifically recommended for systems that are frequently suspended and for systems that have intermittent network access. The ntpd implementation should only be used when you specifically need support for a protocol or driver not yet supported by chronyd.

For more information about the differences between ntpd and chronyd, see Differences Between ntpd and chronyd in the Red Hat Enterprise Linux 7 System Administrator’s Guide.

Synchronizing Time using chronyd

  1. Install chronyd. 

    # yum install chrony
    Copy to Clipboard Toggle word wrap

  2. Start and enable the chronyd service. 

    # systemctl start chronyd
# systemctl enable chronyd
    Copy to Clipboard Toggle word wrap

2.5. Installing Capsule Server
复制链接

  1. Update all packages. 

    # yum update
    Copy to Clipboard Toggle word wrap

  2. Install the installation package. 

    # yum install satellite-capsule
    Copy to Clipboard Toggle word wrap

2.6. Performing Initial Configuration of Capsule Server
复制链接

This section demonstrates a default installation of Capsule Server, including use of default certificates, DNS, and DHCP configuration. For details of more advanced configuration options, see Performing Additional Configuration on Capsule Server.

You can use the default certificate authority (CA) that comes with Capsule Server, which is used by both the server and the client SSL certificates for the authentication of subservices.

If you configured Satellite Server to use a custom SSL certificate, proceed to Section 3.7, “Configuring Capsule Server with a Custom Server Certificate”.

Before You Begin

  • Ensure that Capsule is installed and satellite-installer package is available on Capsule Server.
  • You must have configured host and network-based firewalls. For more information, see Section 1.4, “Ports and Firewalls Requirements”.
  • You must have installed the katello-ca-consumer-latest package. For more information, see Section 2.1, “Registering to Satellite Server”.
  • You must have registered your Capsule Server to the Satellite Server.
  • You must have attached the required subscription to the Capsule Server.

Configure Capsule Server with a Default Server Certificate

  1. On Satellite Server, create the certificates archive: 

    # capsule-certs-generate \
--foreman-proxy-fqdn mycapsule.example.com \
--certs-tar mycapsule.example.com-certs.tar
    Copy to Clipboard Toggle word wrap

    Retain a copy of the satellite-installer command that is output by the capsule-certs-generate command for installing the Capsule Server certificates.

  2. Copy the generated archive .tar file from Satellite Server to Capsule Server.

  3. On Capsule Server, run the satellite-installer command that the capsule-certs-generate command outputs to install Capsule Server certificates: 

    # satellite-installer --scenario capsule \
--foreman-proxy-content-parent-fqdn satellite.example.com \
--foreman-proxy-register-in-foreman true \
--foreman-proxy-foreman-base-url https://satellite.example.com \
--foreman-proxy-trusted-hosts satellite.example.com \
--foreman-proxy-trusted-hosts mycapsule.example.com \
--foreman-proxy-oauth-consumer-key UVrAZfMaCfBiiWejoUVLYCZHT2xhzuFV \
--foreman-proxy-oauth-consumer-secret ZhH8p7M577ttNU3WmUGWASag3JeXKgUX \
--foreman-proxy-content-certs-tar mycapsule.example.com-certs.tar \
--puppet-server-foreman-url "https://satellite.example.com"
    Copy to Clipboard Toggle word wrap
    Note

    When network connections or ports to the Satellite are not yet open, you can set the --foreman-proxy-register-in-foreman option to false to prevent Capsule from attempting to connect to Satellite and reporting errors. Run the installer again with this option set to true when the network and firewalls are correctly configured.

返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat